@openpalm/lib 0.11.0-beta.9 → 0.11.0-rc.2

package/src/control-plane/setup.test.ts

@@ -11,6 +11,7 @@ import {
 } from "./setup.js";
 import type { SetupSpec, SetupConnection } from "./setup.js";
 import { STACK_SPEC_FILENAME, readStackSpec } from "./stack-spec.js";
+import { readSecret } from './secrets-files.js';
 
 // ── Helpers ──────────────────────────────────────────────────────────────
 
@@ -38,15 +39,15 @@ function makeValidSpec(overrides?: Partial<SetupSpec>): SetupSpec {
 function seedRequiredAssets(homeDir: string): void {
   mkdirSync(join(homeDir, "config", "stack"), { recursive: true });
   writeFileSync(join(homeDir, "config", "stack", "core.compose.yml"), "services:\n  assistant:\n    image: assistant:latest\n");
-  mkdirSync(join(homeDir, "state", "assistant"), { recursive: true });
-  writeFileSync(join(homeDir, "state", "assistant", "opencode.jsonc"), '{"$schema":"https://opencode.ai/config.json"}\n');
-  writeFileSync(join(homeDir, "state", "assistant", "AGENTS.md"), "# Agents\n");
-  mkdirSync(join(homeDir, "state"), { recursive: true });
-  // Automations live in state/registry/automations (shipped catalog) and stash/tasks (user tasks)
-  mkdirSync(join(homeDir, "state", "registry", "automations"), { recursive: true });
-  writeFileSync(join(homeDir, "state", "registry", "automations", "cleanup-logs.md"), "---\nschedule: \"0 4 * * 0\"\ndescription: cleanup logs\n---\n");
-  writeFileSync(join(homeDir, "state", "registry", "automations", "cleanup-data.md"), "---\nschedule: \"0 5 * * 0\"\ndescription: cleanup data\n---\n");
-  writeFileSync(join(homeDir, "state", "registry", "automations", "validate-config.md"), "---\nschedule: \"0 3 * * *\"\ndescription: validate config\n---\n");
+  mkdirSync(join(homeDir, "data", "assistant"), { recursive: true });
+  writeFileSync(join(homeDir, "data", "assistant", "opencode.jsonc"), '{"$schema":"https://opencode.ai/config.json"}\n');
+  writeFileSync(join(homeDir, "data", "assistant", "AGENTS.md"), "# Agents\n");
+  mkdirSync(join(homeDir, "data"), { recursive: true });
+  // Automations live in knowledge/tasks as AKM-owned task files.
+  mkdirSync(join(homeDir, "data", "registry", "automations"), { recursive: true });
+  writeFileSync(join(homeDir, "data", "registry", "automations", "cleanup-logs.yml"), "schedule: \"0 4 * * 0\"\ndescription: cleanup logs\ncommand: [\"echo\",\"clean\"]\n");
+  writeFileSync(join(homeDir, "data", "registry", "automations", "cleanup-data.yml"), "schedule: \"0 5 * * 0\"\ndescription: cleanup data\ncommand: [\"echo\",\"clean\"]\n");
+  writeFileSync(join(homeDir, "data", "registry", "automations", "validate-config.yml"), "schedule: \"0 3 * * *\"\ndescription: validate config\ncommand: [\"echo\",\"clean\"]\n");
 }
 
 // ── Tests: validateSetupSpec ────────────────────────────────────────────
@@ -204,7 +205,6 @@ describe("buildSecretsFromSetup", () => {
     const secrets = buildSecretsFromSetup(spec.connections, spec.owner);
     expect(secrets.OP_UI_LOGIN_PASSWORD).toBeUndefined();
     expect(secrets.OP_UI_TOKEN).toBeUndefined();
-    expect(secrets.ADMIN_TOKEN).toBeUndefined();
   });
 
   it("does not include SYSTEM_LLM_* in user secrets", () => {
@@ -305,10 +305,7 @@ describe("buildAuthJsonFromSetup", () => {
 });
 
 describe("buildSystemSecretsFromSetup", () => {
-  // Phase 4: assistant token was removed; the only stack.env secret this
-  // helper writes now is OP_UI_LOGIN_PASSWORD. OP_OPENCODE_PASSWORD is
-  // generated by ensureSystemSecrets() and persists across reruns.
-  it("returns OP_UI_LOGIN_PASSWORD equal to the supplied operator password", () => {
+  it("returns the file-based UI login password update", () => {
     const secrets = buildSystemSecretsFromSetup("test-admin-token-12345");
     expect(secrets.OP_UI_LOGIN_PASSWORD).toBe("test-admin-token-12345");
     expect(secrets.OP_UI_TOKEN).toBeUndefined();
@@ -321,7 +318,7 @@ describe("buildSystemSecretsFromSetup", () => {
 describe("performSetup", () => {
   let homeDir: string;
   let configDir: string;
-  let stateDir: string;
+  let dataDir: string;
   let stackDir: string;
 
   const savedEnv: Record<string, string | undefined> = {};
@@ -329,44 +326,41 @@ describe("performSetup", () => {
   beforeEach(() => {
     homeDir = mkdtempSync(join(tmpdir(), "openpalm-setup-"));
     configDir = join(homeDir, "config");
-    stateDir = join(homeDir, "state");
+    dataDir = join(homeDir, "data");
     stackDir = join(configDir, "stack");
 
     // Create required directory structure
     for (const dir of [
       homeDir,
       configDir,
-      join(homeDir, "state", "registry", "automations"),
+      join(homeDir, "data", "registry", "automations"),
       join(configDir, "assistant"),
       join(configDir, "akm"),
       stackDir,
       join(stackDir, "addons"),
-      join(homeDir, "stash"),
+      join(homeDir, "knowledge"),
+      join(homeDir, "knowledge", "env"),
+      join(homeDir, "knowledge", "secrets"),
       join(homeDir, "workspace"),
-      join(homeDir, "cache"),
-      join(homeDir, "cache", "akm"),
-      stateDir,
-      join(stateDir, "assistant"),
-      join(stateDir, "admin"),
-      join(stateDir, "guardian"),
-      join(stateDir, "logs"),
-      join(stateDir, "logs", "opencode"),
+      dataDir,
+      join(dataDir, "assistant"),
+      join(dataDir, "admin"),
+      join(dataDir, "guardian"),
+      join(dataDir, "akm", "cache"),
+      join(dataDir, "akm", "data"),
+      join(dataDir, "logs"),
+      join(dataDir, "backups"),
+      join(dataDir, "rollback"),
     ]) {
       mkdirSync(dir, { recursive: true });
     }
 
     // Create stub stack.env so isSetupComplete doesn't crash
     writeFileSync(
-      join(stackDir, "stack.env"),
+      join(homeDir, "knowledge", "env", "stack.env"),
       [
         "OP_SETUP_COMPLETE=false",
-        "OP_UI_LOGIN_PASSWORD=",
-        "OPENAI_API_KEY=",
         "OPENAI_BASE_URL=",
-        "ANTHROPIC_API_KEY=",
-        "GROQ_API_KEY=",
-        "MISTRAL_API_KEY=",
-        "GOOGLE_API_KEY=",
         "OP_OWNER_NAME=",
         "OP_OWNER_EMAIL=",
         "",
@@ -394,12 +388,11 @@ describe("performSetup", () => {
     expect(result.error).toBeDefined();
   });
 
-  it("writes stack.env with the UI login password", async () => {
+  it("writes the UI login password to knowledge/secrets", async () => {
     const result = await performSetup(makeValidSpec());
     expect(result.ok).toBe(true);
 
-    const secretsContent = readFileSync(join(stackDir, "stack.env"), "utf-8");
-    expect(secretsContent).toContain("test-admin-token-12345");
+    expect(readSecret(stackDir, 'op_ui_login_password')).toBe("test-admin-token-12345\n");
   });
 
   it("writes akm config.json with llm and embedding", async () => {
@@ -409,11 +402,33 @@ describe("performSetup", () => {
     const akmConfigPath = join(homeDir, "config", "akm", "config.json");
     expect(existsSync(akmConfigPath)).toBe(true);
     const config = JSON.parse(readFileSync(akmConfigPath, "utf-8"));
-    expect(config.llm.model).toBe("gpt-4o");
-    expect(config.llm.provider).toBe("openai");
+    // Canonical akm 0.8.0 shape: profiles.llm.default + defaults.llm — NOT top-level `llm`.
+    expect(config.llm).toBeUndefined();
+    expect(config.profiles.llm.default.model).toBe("gpt-4o");
+    expect(config.profiles.llm.default.provider).toBe("openai");
+    expect(config.defaults.llm).toBe("default");
     expect(config.embedding.model).toBe("text-embedding-3-small");
     expect(config.embedding.provider).toBe("openai");
     expect(config.embedding.dimension).toBe(1536);
+    // The assistant primary stash is pinned to the bind mount, not operator-set.
+    expect(config.stashDir).toBe("/stash");
+  });
+
+  it("does not write the legacy migration-triggering akm config shape (I-3)", async () => {
+    // akm's config-migration.ts triggers the legacy 0.7->0.8 shim (which rewrites
+    // the file on load) when `isObj(raw.llm) && hasOwn(raw.llm, "endpoint")`. We must
+    // write the canonical shape so that condition can NEVER be satisfied — otherwise
+    // the assistant's akm config silently rewrites on first load today and becomes a
+    // fatal load error when akm removes the shim.
+    const result = await performSetup(makeValidSpec());
+    expect(result.ok).toBe(true);
+    const config = JSON.parse(
+      readFileSync(join(homeDir, "config", "akm", "config.json"), "utf-8"),
+    ) as Record<string, unknown>;
+    // The exact migration trigger: a top-level `llm` object carrying `endpoint`.
+    const legacyLlm = config.llm as Record<string, unknown> | undefined;
+    expect(legacyLlm === undefined || !Object.hasOwn(legacyLlm, "endpoint")).toBe(true);
+    expect(config.llm).toBeUndefined();
   });
 
   it("writes stack.yml v2 version marker", async () => {
@@ -448,11 +463,65 @@ describe("performSetup", () => {
 
     const akmConfigPath = join(homeDir, "config", "akm", "config.json");
     const config = JSON.parse(readFileSync(akmConfigPath, "utf-8"));
-    expect(config.llm.provider).toBe("ollama");
-    expect(config.llm.model).toBe("llama3.2");
+    expect(config.llm).toBeUndefined();
+    expect(config.profiles.llm.default.provider).toBe("ollama");
+    expect(config.profiles.llm.default.model).toBe("llama3.2");
+    expect(config.profiles.llm.default.endpoint).toBe("http://localhost:11434/v1/chat/completions");
+    expect(config.defaults.llm).toBe("default");
     expect(config.embedding.dimension).toBe(768);
   });
 
+  it("auto-enables host akm sharing when host AKM is available (no overlay, no personal-side write)", async () => {
+    // HOME must point at a temp dir so we NEVER touch the real ~/.config/akm.
+    const fakeHome = mkdtempSync(join(tmpdir(), "openpalm-fakehome-"));
+    const savedHome = process.env.HOME;
+    process.env.HOME = fakeHome;
+    try {
+      mkdirSync(join(fakeHome, "akm"), { recursive: true });
+      mkdirSync(join(fakeHome, ".config", "akm"), { recursive: true });
+      const hostCfgRaw = JSON.stringify({ stashDir: join(fakeHome, "akm") });
+      writeFileSync(join(fakeHome, ".config", "akm", "config.json"), hostCfgRaw);
+
+      const result = await performSetup(makeValidSpec({ hostAkm: true }));
+      expect(result.ok).toBe(true);
+
+      // NO conditional overlay file is produced any more.
+      expect(existsSync(join(stackDir, "host-akm.compose.yml"))).toBe(false);
+      // OP_HOST_AKM_STASH points at the host stash (mount is always in core.compose.yml).
+      expect(readFileSync(join(homeDir, "knowledge", "env", "stack.env"), "utf-8")).toContain(
+        `OP_HOST_AKM_STASH=${join(fakeHome, "akm")}`,
+      );
+      // Assistant-side source entry present.
+      const opCfg = JSON.parse(readFileSync(join(homeDir, "config", "akm", "config.json"), "utf-8"));
+      expect((opCfg.sources as Array<Record<string, unknown>>).some((s) => s.name === "host-akm")).toBe(true);
+      // D1: the personal config is NEVER written (byte-for-byte unchanged, no `openpalm` source).
+      expect(readFileSync(join(fakeHome, ".config", "akm", "config.json"), "utf-8")).toBe(hostCfgRaw);
+    } finally {
+      if (savedHome !== undefined) process.env.HOME = savedHome;
+      else delete process.env.HOME;
+      rmSync(fakeHome, { recursive: true, force: true });
+    }
+  });
+
+  it("does not enable (and does not fail) when host AKM is not available; mount falls back to empty dir", async () => {
+    const fakeHome = mkdtempSync(join(tmpdir(), "openpalm-fakehome-"));
+    const savedHome = process.env.HOME;
+    process.env.HOME = fakeHome;
+    try {
+      // No ~/.config/akm/config.json → not available.
+      const result = await performSetup(makeValidSpec({ hostAkm: true }));
+      expect(result.ok).toBe(true);
+      // No source entry added, and OP_HOST_AKM_STASH left unset (→ compose empty-dir fallback).
+      const opCfg = JSON.parse(readFileSync(join(homeDir, "config", "akm", "config.json"), "utf-8"));
+      expect((opCfg.sources ?? []).some((s: { name?: string }) => s.name === "host-akm")).toBe(false);
+      expect(readFileSync(join(homeDir, "knowledge", "env", "stack.env"), "utf-8")).not.toContain("OP_HOST_AKM_STASH=");
+    } finally {
+      if (savedHome !== undefined) process.env.HOME = savedHome;
+      else delete process.env.HOME;
+      rmSync(fakeHome, { recursive: true, force: true });
+    }
+  });
+
   it("writes stack.yml as version marker only", async () => {
     const result = await performSetup(makeValidSpec());
     expect(result.ok).toBe(true);
@@ -479,9 +548,16 @@ describe("performSetup", () => {
     const spec = readStackSpec(stackDir);
     expect(spec).not.toBeNull();
     expect(spec!.version).toBe(2);
+
+    const stackEnv = readFileSync(join(homeDir, "knowledge", "env", "stack.env"), 'utf-8');
+    expect(stackEnv).not.toContain('OPENAI_API_KEY=');
+    expect(readSecret(stackDir, 'openai_api_key')).toBeNull();
+
+    const authJson = JSON.parse(readFileSync(join(homeDir, "knowledge", "secrets", "auth.json"), 'utf-8')) as Record<string, { key: string }>;
+    expect(authJson.openai.key).toBe('sk-secondary');
   });
 
-  it("writes channel credentials to stack.env when channelCredentials provided", async () => {
+  it("splits channel credentials between secret files and stack.env", async () => {
     const input = makeValidSpec({
       channelCredentials: {
         discord: {
@@ -494,8 +570,28 @@ describe("performSetup", () => {
     const result = await performSetup(input);
     expect(result.ok).toBe(true);
 
-    const stackEnvContent = readFileSync(join(stackDir, "stack.env"), "utf-8");
-    expect(stackEnvContent).toContain("discord-bot-token-xyz");
-    expect(stackEnvContent).toContain("discord-app-id-123");
+    expect(readSecret(stackDir, 'discord_bot_token')).toBe("discord-bot-token-xyz\n");
+    expect(readSecret(stackDir, 'discord_application_id')).toBeNull();
+    const stackEnv = readFileSync(join(homeDir, "knowledge", "env", "stack.env"), 'utf-8');
+    expect(stackEnv).toContain('DISCORD_APPLICATION_ID=discord-app-id-123');
+    expect(stackEnv).not.toContain('DISCORD_BOT_TOKEN=');
+  });
+
+  it("ensureOpenCodeConfig never writes forbidden keys (providers, smallModel, model) to the user config", async () => {
+    // OpenCode v1.2.24+ rejects these keys with ConfigInvalidError at startup.
+    // This test locks the starter config shape so future changes can't
+    // accidentally introduce keys that would crash the assistant on boot.
+    const { ensureOpenCodeConfig } = await import("./secrets.js");
+    ensureOpenCodeConfig();
+
+    const configPath = join(homeDir, "config", "assistant", "opencode.json");
+    expect(existsSync(configPath)).toBe(true);
+
+    const config = JSON.parse(readFileSync(configPath, "utf-8"));
+    expect(config).not.toHaveProperty("providers");
+    expect(config).not.toHaveProperty("smallModel");
+    expect(config).not.toHaveProperty("model");
+    // $schema is the only required key
+    expect(config.$schema).toBeTruthy();
   });
 });

package/src/control-plane/setup.ts

@@ -5,9 +5,11 @@
  * This module does NOT include Docker operations (compose up, image pull, etc.)
  * — those happen separately in the caller after setup completes.
  */
-import { readFileSync, writeFileSync, existsSync, mkdirSync, renameSync } from "node:fs";
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "node:fs";
 import { join } from "node:path";
 import { createLogger } from "../logger.js";
+import { writeFileAtomic } from "./fs-atomic.js";
+import { enableHostAkmSharing, ensureHostStashEnv, isHostAkmAvailable } from "./host-akm-sharing.js";
 import {
   PROVIDER_KEY_MAP,
 } from "../provider-constants.js";
@@ -19,33 +21,18 @@ import {
   updateSecretsEnv,
   patchSecretsEnvFile,
   ensureOpenCodeConfig,
-  readStackEnv,
   writeAuthJsonProviderKeys,
 } from "./secrets.js";
 import { createState } from "./lifecycle.js";
-import { writeStackSpec } from "./stack-spec.js";
+import { readStackSpec, writeStackSpec } from "./stack-spec.js";
 import { writeVoiceVars } from "./spec-to-env.js";
 import type { ControlPlaneState } from "./types.js";
 import { validateSetupSpec } from "./setup-validation.js";
-import { getRegistryAutomation, setAddonEnabled } from "./registry.js";
+import { getRegistryAutomation, setAddonEnabled, setAddonProfileSelection } from "./registry.js";
 export { validateSetupSpec } from "./setup-validation.js";
 
 const logger = createLogger("setup");
 
-// ── Atomic write helper ──────────────────────────────────────────────────
-
-/**
- * Write `content` to `path` atomically: write to `path.tmp` first, then
- * rename over the target. On POSIX this rename is atomic — a reader always
- * sees either the old file or the new file, never a partially-written one.
- * If the tmp write fails the original file is untouched.
- */
-function writeFileAtomic(path: string, content: string | Uint8Array, mode?: number): void {
-  const tmp = `${path}.tmp`;
-  writeFileSync(tmp, content, mode !== undefined ? { mode } : {});
-  renameSync(tmp, path);
-}
-
 // ── Types ────────────────────────────────────────────────────────────────
 
 export type SetupConnection = {
@@ -69,15 +56,15 @@ export type SetupSpec = {
   tts?: { enabled?: boolean; engine?: string; provider?: string; baseURL?: string; model?: string; voice?: string };
   stt?: { enabled?: boolean; engine?: string; provider?: string; baseURL?: string; model?: string; language?: string };
   /**
-   * Operator-supplied UI login password. Persisted to stack.env as
-   * `OP_UI_LOGIN_PASSWORD`. Replaces the legacy `adminToken` field
-   * (Phase 4 of docs/technical/auth-and-proxy-refactor-plan.md).
+   * Operator-supplied UI login password. Persisted as a file-based secret.
    */
   security: { uiLoginPassword: string };
   owner?: { name?: string; email?: string };
   connections: SetupConnection[];
   channelCredentials?: Record<string, Record<string, string>>;
   addons?: Record<string, boolean>;
+  voiceProfile?: string;
+  ollamaProfile?: string;
   imageTag?: string;
   hostAkm?: boolean;
 };
@@ -85,10 +72,8 @@ export type SetupSpec = {
 // ── Secrets Builder ──────────────────────────────────────────────────────
 
 /**
- * Build the stack.env update payload from a setup spec. Provider API
- * keys are NOT included here — credentials live in OpenCode's auth.json
- * (see buildAuthJsonFromSetup), not stack.env. This function returns
- * only non-credential vars: owner identity and similar.
+ * Build the non-secret stack.env update payload from a setup spec.
+ * Provider API keys and channel credentials are written as file-based secrets.
  */
 export function buildSecretsFromSetup(
   connections: SetupConnection[],
@@ -124,7 +109,7 @@ export function buildAuthJsonFromSetup(
 }
 
 /**
- * Build the system-secret env update for the wizard / CLI install path.
+ * Build the system-secret update for the wizard / CLI install path.
  *
  * Phase 4 of the auth/proxy refactor collapsed the legacy
  * `OP_UI_TOKEN` / `OP_ASSISTANT_TOKEN` pair into a single operator login
@@ -132,15 +117,11 @@ export function buildAuthJsonFromSetup(
  * password; `requireAdmin()` compares the cookie against
  * `process.env.OP_UI_LOGIN_PASSWORD` via the existing `safeTokenCompare`.
  *
- * `OP_OPENCODE_PASSWORD` is generated by `ensureSystemSecrets()` on first
- * run and persists across reruns — it is not regenerated here.
- *
- * `existingSystemEnv` is unused now but the parameter is kept so callers
- * compile unchanged. It can be removed in a follow-up cleanup.
+  * `OP_OPENCODE_PASSWORD` may be supplied explicitly as a file-based secret in
+  * `knowledge/secrets/op_opencode_password` when OpenCode auth is enabled.
  */
 export function buildSystemSecretsFromSetup(
   uiLoginPassword: string,
-  _existingSystemEnv: Record<string, string> = {}
 ): Record<string, string> {
   return {
     OP_UI_LOGIN_PASSWORD: uiLoginPassword,
@@ -192,13 +173,13 @@ export async function performSetup(
   const validation = validateSetupSpec(input);
   if (!validation.valid) return { ok: false, error: validation.errors.join("; ") };
 
-  const { llm, embedding, tts, stt, security, owner, connections, channelCredentials, addons, imageTag, hostAkm } = input;
+  const { llm, embedding, tts, stt, security, owner, connections, channelCredentials, addons, voiceProfile, ollamaProfile, imageTag, hostAkm } = input;
   const state = opts?.state ?? createState();
 
   // Acquire install lock to prevent two concurrent setup runs from racing on
-  // the same config directory. The lock lives in stateDir so it is co-located
+  // the same config directory. The lock lives in dataDir so it is co-located
   // with runtime state and the same path startDeploy uses.
-  const lockHandle: InstallLockHandle | null = acquireInstallLock(state.stateDir);
+  const lockHandle: InstallLockHandle | null = acquireInstallLock(state.dataDir);
   if (lockHandle === null) {
     return {
       ok: false,
@@ -217,16 +198,16 @@ export async function performSetup(
     try {
       ensureHomeDirs();
       ensureSecrets(state);
-      const existingSystemEnv = readStackEnv(state.stackDir);
-      if (channelCredentials) Object.assign(updates, buildChannelCredentialEnvVars(channelCredentials));
+      const channelSecretUpdates = channelCredentials ? buildChannelCredentialEnvVars(channelCredentials) : {};
       // Pick up channel credential env vars not already provided in the spec
       for (const mapping of Object.values(CHANNEL_CREDENTIAL_ENV_MAP)) {
         for (const envKey of Object.values(mapping)) {
-          if (!updates[envKey] && process.env[envKey]) updates[envKey] = process.env[envKey];
+          if (!channelSecretUpdates[envKey] && process.env[envKey]) channelSecretUpdates[envKey] = process.env[envKey];
         }
       }
       updateSecretsEnv(state, updates);
-      patchSecretsEnvFile(state.stackDir, buildSystemSecretsFromSetup(security.uiLoginPassword, existingSystemEnv));
+      updateSecretsEnv(state, channelSecretUpdates);
+      patchSecretsEnvFile(state.stackDir, buildSystemSecretsFromSetup(security.uiLoginPassword));
       // Provider API keys land in OpenCode's auth.json (bind-mounted into
       // the assistant container) — never in stack.env.
       writeAuthJsonProviderKeys(state, providerKeys);
@@ -240,28 +221,22 @@ export async function performSetup(
     // single try/catch so that a disk-full or permission-denied mid-way returns a
     // clean error rather than leaving a broken half-installed ~/.openpalm/.
     try {
-      // Write stack.yml (version marker only)
-      writeStackSpec(state.stackDir, { version: 2 });
+      // Preserve addon enablement while refreshing the stack schema marker.
+      writeStackSpec(state.stackDir, readStackSpec(state.stackDir) ?? { version: 2 });
 
       // Write image tag and AKM mount paths to stack.env — atomic to avoid
       // partial writes if the process is interrupted mid-write.
-      const systemEnvForAkm = existsSync(`${state.stackDir}/stack.env`)
-        ? readFileSync(`${state.stackDir}/stack.env`, "utf-8")
+      const systemEnvForAkm = existsSync(`${state.stashDir}/env/stack.env`)
+        ? readFileSync(`${state.stashDir}/env/stack.env`, "utf-8")
         : "";
       const akmUpdates: Record<string, string> = {};
       if (imageTag) akmUpdates.OP_IMAGE_TAG = imageTag;
-      if (hostAkm) {
-        const home = process.env.HOME ?? process.env.USERPROFILE ?? "";
-        if (home) {
-          akmUpdates.OP_AKM_STASH = `${home}/akm`;
-          akmUpdates.OP_AKM_DATA = `${home}/.local/share/akm`;
-          akmUpdates.OP_AKM_STATE = `${home}/.local/state/akm`;
-          akmUpdates.OP_AKM_CACHE = `${home}/.cache/akm`;
-          akmUpdates.OP_AKM_CONFIG = `${home}/.config/akm`;
-        }
-      }
+      // NOTE: host-akm sharing no longer repoints the container's primary stash
+      // (the old OP_AKM_STASH/OP_AKM_CONFIG split-brain). The personal ~/akm is
+      // wired as a read-write SECONDARY source — see configureHostAkmSharing()
+      // below (Phase 4) and the host-akm.compose.yml overlay.
       if (Object.keys(akmUpdates).length > 0) {
-        writeFileAtomic(`${state.stackDir}/stack.env`, mergeEnvContent(systemEnvForAkm, akmUpdates), 0o600);
+        writeFileAtomic(`${state.stashDir}/env/stack.env`, mergeEnvContent(systemEnvForAkm, akmUpdates), 0o600);
       }
 
       // Write akm config with LLM and embedding settings from setup — atomic.
@@ -276,12 +251,27 @@ export async function performSetup(
         const updated = { ...existing };
         if (llm) {
           const base = llm.baseUrl ? llm.baseUrl.replace(/\/+$/, "") : "";
-          updated.llm = {
-            ...((existing.llm as Record<string, unknown>) ?? {}),
+          // Write the CANONICAL akm 0.8.0 shape: profiles.llm.default + defaults.llm.
+          // The runtime resolver reads profiles.llm[defaults.llm] (akm config.ts).
+          // Do NOT write a top-level `llm` — akm's top-level schema is .strict()
+          // with no `llm` key (config-schema.ts AkmConfigShape). A top-level `llm`
+          // only loads today via akm's legacy 0.7→0.8 migration shim
+          // (config-migration.ts), which rewrites the file on load and is marked
+          // for removal — writing the native shape removes that dependency.
+          const profiles = (updated.profiles as Record<string, unknown>) ?? {};
+          const llmProfiles = (profiles.llm as Record<string, unknown>) ?? {};
+          llmProfiles.default = {
+            ...((llmProfiles.default as Record<string, unknown>) ?? {}),
             endpoint: base ? `${base}/chat/completions` : "",
             model: llm.model,
             provider: llm.provider,
           };
+          profiles.llm = llmProfiles;
+          updated.profiles = profiles;
+          const defaults = (updated.defaults as Record<string, unknown>) ?? {};
+          if (typeof defaults.llm !== "string") defaults.llm = "default";
+          updated.defaults = defaults;
+          delete (updated as Record<string, unknown>).llm; // never persist the legacy key
         }
         if (embedding) {
           const base = embedding.baseUrl ? embedding.baseUrl.replace(/\/+$/, "") : "";
@@ -293,33 +283,66 @@ export async function performSetup(
             dimension: embedding.dims,
           };
         }
+        // The assistant's primary stash is ALWAYS /stash (the bind mount). Pin it
+        // in config so it is explicit and operator-edits can't repoint it; the UI
+        // does not expose stashDir. (The host task-runner still uses its own
+        // AKM_STASH_DIR env, which takes precedence over config.stashDir.)
+        updated.stashDir = "/stash";
         writeFileAtomic(akmConfigPath, JSON.stringify(updated, null, 2), 0o600);
       }
 
+      // Host AKM sharing. /host-stash is ALWAYS mounted (core.compose.yml, with
+      // an empty-dir fallback). ensureHostStashEnv points OP_HOST_AKM_STASH at
+      // the user's ~/akm when host AKM is available, else unsets it (→ empty dir).
+      // "Sharing" is just a writable secondary source entry; auto-enabled when the
+      // host has AKM and the wizard didn't opt out.
+      ensureHostStashEnv(state);
+      if (hostAkm !== false && isHostAkmAvailable()) {
+        try {
+          const { profilesImported } = enableHostAkmSharing(state, {
+            writable: true,
+            importProfiles: !llm, // import host profiles only if the wizard set none
+          });
+          logger.info("host akm sharing auto-enabled during setup", { profilesImported });
+        } catch (err) {
+          // Non-fatal — the mount is present regardless; user can enable from the admin tab.
+          logger.warn("host akm sharing could not be enabled", { error: (err as Error).message });
+        }
+      }
+
       // Write TTS/STT vars to stack.env for the voice channel
       if (tts || stt) {
         writeVoiceVars({ tts, stt }, state.stackDir);
       }
 
       // Enable requested addons (channels like discord, slack, etc.)
-      // setAddonEnabled copies the compose overlay AND generates CHANNEL_<NAME>_SECRET in guardian.env
+      // setAddonEnabled records explicit activation state and ensures channel secret files.
       if (addons) {
         for (const [name, enabled] of Object.entries(addons)) {
-          if (enabled) setAddonEnabled(state.homeDir, state.stackDir, name, true);
+          if (enabled) setAddonEnabled(state.homeDir, state.stackDir, name, true, state);
         }
       }
 
+
+      if (voiceProfile?.trim()) {
+        setAddonProfileSelection(state.stackDir, 'voice', voiceProfile.trim(), state);
+      }
+
+      if (ollamaProfile?.trim()) {
+        setAddonProfileSelection(state.stackDir, 'ollama', ollamaProfile.trim(), state);
+      }
+
       ensureOpenCodeConfig();
 
       // Seed default automation into the AKM stash. Idempotent — existing files
       // are left alone so user edits survive re-install and upgrade.
       const tasksDir = join(state.stashDir, "tasks");
       mkdirSync(tasksDir, { recursive: true });
-      const akmImproveDest = join(tasksDir, "akm-improve.md");
+      const akmImproveDest = join(tasksDir, "akm-improve.yml");
       if (!existsSync(akmImproveDest)) {
-        const akmImproveMd = getRegistryAutomation("akm-improve");
-        if (akmImproveMd) {
-          writeFileSync(akmImproveDest, akmImproveMd);
+        const akmImproveTask = getRegistryAutomation("akm-improve");
+        if (akmImproveTask) {
+          writeFileSync(akmImproveDest, akmImproveTask);
           logger.info("seeded default automation", { name: "akm-improve" });
         } else {
           logger.warn("default automation missing from registry; skipping seed", {