@rubytech/create-realagent 1.0.825 → 1.0.828

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/create-realagent",
-  "version": "1.0.825",
+  "version": "1.0.828",
   "description": "Install Real Agent — Built for agents. By agents.",
   "bin": {
     "create-realagent": "./dist/index.js"

package/payload/platform/lib/task-secrets/dist/index.d.ts

@@ -0,0 +1,40 @@
+export type JsonValue = string | number | boolean | null | JsonValue[] | {
+    [key: string]: JsonValue;
+};
+export interface FormSchema {
+    /**
+     * Field names whose values are secret and must never land on a Task node.
+     * Declared at the form definition (e.g. `cloudflare-setup-form`'s schema in
+     * `cloudflare-setup-types.ts`), not at the writer. Writers pass the form
+     * schema through unmodified — the contract is "secrets are declared once
+     * where the form is defined, redaction is enforced once at write time."
+     */
+    secretFields?: string[];
+}
+export interface RedactResult {
+    /**
+     * Payload with every `secretFields` entry removed. Non-secret keys keep
+     * their values intact (including null, false, 0, empty string). Keys not
+     * mentioned in `secretFields` always pass through — secrets are an
+     * allow-list of names to drop, not the entire universe.
+     */
+    redacted: Record<string, JsonValue>;
+    /** Number of fields that were stripped. Callers log this when > 0. */
+    droppedFields: number;
+    /** Names of fields that were stripped, sorted for stable log lines. */
+    droppedFieldNames: string[];
+}
+/**
+ * Strip every secret-tagged field from `payload` per `schema`. Pure: no IO,
+ * no logging, no thrown errors. Caller is responsible for the
+ * `[task] redacted ...` log line when `droppedFields > 0`.
+ *
+ * Edge-case behaviour:
+ * - `payload` undefined / null → empty result, droppedFields=0.
+ * - `schema` undefined / no `secretFields` → every key passes through.
+ * - A secret field whose key is absent from `payload` → no-op (not counted).
+ * - Non-string values on a secret field → key still dropped, value never
+ *   inspected. Redaction is by KEY, not by value-shape heuristic.
+ */
+export declare function redactSecrets(payload: Record<string, JsonValue> | null | undefined, schema: FormSchema | null | undefined): RedactResult;
+//# sourceMappingURL=index.d.ts.map

package/payload/platform/lib/task-secrets/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAYA,MAAM,MAAM,SAAS,GACjB,MAAM,GACN,MAAM,GACN,OAAO,GACP,IAAI,GACJ,SAAS,EAAE,GACX;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,CAAA;CAAE,CAAC;AAEjC,MAAM,WAAW,UAAU;IACzB;;;;;;OAMG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,YAAY;IAC3B;;;;;OAKG;IACH,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACpC,sEAAsE;IACtE,aAAa,EAAE,MAAM,CAAC;IACtB,uEAAuE;IACvE,iBAAiB,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,IAAI,GAAG,SAAS,EACrD,MAAM,EAAE,UAAU,GAAG,IAAI,GAAG,SAAS,GACpC,YAAY,CAgBd"}

package/payload/platform/lib/task-secrets/dist/index.js

@@ -0,0 +1,44 @@
+"use strict";
+// Task 890 — outcome contract for audit Task input persistence.
+//
+// Doctrine: every audit Task records enough operator-meaningful information to
+// explain what happened, AND no audit Task contains secret material. Mechanism
+// is centralised here, not at the per-kind writer: form/action input
+// definitions tag secret fields at the source of truth, and writers strip
+// those fields via `redactSecrets` before persisting `inputs.<field>` props
+// onto the Task node.
+//
+// Single file by design — no per-kind branching, no factory. A future
+// schema shape change extends `FormSchema` here; the contract stays one place.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.redactSecrets = redactSecrets;
+/**
+ * Strip every secret-tagged field from `payload` per `schema`. Pure: no IO,
+ * no logging, no thrown errors. Caller is responsible for the
+ * `[task] redacted ...` log line when `droppedFields > 0`.
+ *
+ * Edge-case behaviour:
+ * - `payload` undefined / null → empty result, droppedFields=0.
+ * - `schema` undefined / no `secretFields` → every key passes through.
+ * - A secret field whose key is absent from `payload` → no-op (not counted).
+ * - Non-string values on a secret field → key still dropped, value never
+ *   inspected. Redaction is by KEY, not by value-shape heuristic.
+ */
+function redactSecrets(payload, schema) {
+    if (!payload) {
+        return { redacted: {}, droppedFields: 0, droppedFieldNames: [] };
+    }
+    const secrets = new Set(schema?.secretFields ?? []);
+    const redacted = {};
+    const dropped = [];
+    for (const [key, value] of Object.entries(payload)) {
+        if (secrets.has(key)) {
+            dropped.push(key);
+            continue;
+        }
+        redacted[key] = value;
+    }
+    dropped.sort();
+    return { redacted, droppedFields: dropped.length, droppedFieldNames: dropped };
+}
+//# sourceMappingURL=index.js.map

package/payload/platform/lib/task-secrets/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA,gEAAgE;AAChE,EAAE;AACF,+EAA+E;AAC/E,+EAA+E;AAC/E,qEAAqE;AACrE,0EAA0E;AAC1E,4EAA4E;AAC5E,sBAAsB;AACtB,EAAE;AACF,sEAAsE;AACtE,+EAA+E;;AA+C/E,sCAmBC;AA/BD;;;;;;;;;;;GAWG;AACH,SAAgB,aAAa,CAC3B,OAAqD,EACrD,MAAqC;IAErC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,aAAa,EAAE,CAAC,EAAE,iBAAiB,EAAE,EAAE,EAAE,CAAC;IACnE,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,EAAE,YAAY,IAAI,EAAE,CAAC,CAAC;IACpD,MAAM,QAAQ,GAA8B,EAAE,CAAC;IAC/C,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAClB,SAAS;QACX,CAAC;QACD,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACxB,CAAC;IACD,OAAO,CAAC,IAAI,EAAE,CAAC;IACf,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,OAAO,CAAC,MAAM,EAAE,iBAAiB,EAAE,OAAO,EAAE,CAAC;AACjF,CAAC"}

package/payload/platform/lib/task-secrets/src/__tests__/redact-secrets.test.ts

@@ -0,0 +1,127 @@
+// Task 890 — no-secret-leak contract test.
+//
+// Verifies that `redactSecrets` strips every key declared as a secret in the
+// form schema, and is meaningful (not a no-op) — removing the `secret` tag
+// from a field MUST cause a deliberately-secret value to leak into the result,
+// proving the test would catch a regression.
+
+import { describe, expect, it } from 'vitest';
+import { redactSecrets, type FormSchema } from '../index.js';
+
+const SECRET_VALUE = 'hunter2';
+const SECRET_REGEX = /password|token|api[_-]?key|secret|credential|bearer/i;
+
+describe('redactSecrets', () => {
+  it('drops every key listed in secretFields', () => {
+    const schema: FormSchema = { secretFields: ['password', 'apiKey'] };
+    const payload = {
+      adminLabel: 'maxy-test',
+      adminDomain: 'maxy.bot',
+      password: SECRET_VALUE,
+      apiKey: 'sk-abc',
+    };
+    const { redacted, droppedFields, droppedFieldNames } = redactSecrets(payload, schema);
+
+    expect(redacted).toEqual({ adminLabel: 'maxy-test', adminDomain: 'maxy.bot' });
+    expect(droppedFields).toBe(2);
+    expect(droppedFieldNames).toEqual(['apiKey', 'password']);
+  });
+
+  it('passes every key through when schema has no secretFields', () => {
+    const payload = { mode: 'personal', emailProvided: true };
+    const { redacted, droppedFields } = redactSecrets(payload, {});
+    expect(redacted).toEqual(payload);
+    expect(droppedFields).toBe(0);
+  });
+
+  it('passes every key through when schema is undefined', () => {
+    const payload = { mode: 'personal' };
+    const { redacted, droppedFields } = redactSecrets(payload, undefined);
+    expect(redacted).toEqual(payload);
+    expect(droppedFields).toBe(0);
+  });
+
+  it('returns empty result for null/undefined payload', () => {
+    expect(redactSecrets(null, { secretFields: ['x'] })).toEqual({
+      redacted: {},
+      droppedFields: 0,
+      droppedFieldNames: [],
+    });
+    expect(redactSecrets(undefined, undefined)).toEqual({
+      redacted: {},
+      droppedFields: 0,
+      droppedFieldNames: [],
+    });
+  });
+
+  it('preserves falsy non-secret values (false, 0, empty string, null)', () => {
+    const payload = { a: false, b: 0, c: '', d: null, secret: 's' };
+    const { redacted } = redactSecrets(payload, { secretFields: ['secret'] });
+    expect(redacted).toEqual({ a: false, b: 0, c: '', d: null });
+  });
+
+  it('does not count secret keys absent from payload', () => {
+    const schema: FormSchema = { secretFields: ['password', 'missingField'] };
+    const { droppedFields, droppedFieldNames } = redactSecrets({ password: SECRET_VALUE }, schema);
+    expect(droppedFields).toBe(1);
+    expect(droppedFieldNames).toEqual(['password']);
+  });
+
+  it('drops a secret key regardless of its value shape', () => {
+    const schema: FormSchema = { secretFields: ['password'] };
+    const cases: Array<{ password: unknown }> = [
+      { password: 'string-value' },
+      { password: 42 },
+      { password: null },
+      { password: { nested: 'object' } },
+      { password: ['array', 'of', 'strings'] },
+    ];
+    for (const c of cases) {
+      const { redacted } = redactSecrets(c as Record<string, never>, schema);
+      expect(redacted).not.toHaveProperty('password');
+    }
+  });
+
+  it('CONTRACT: no recorded property value contains a secret regex match (cloudflare-setup-form)', () => {
+    // Synthetic cloudflare submission shape — mirrors CloudflareSetupRequest
+    // including both the operator-supplied secret (password) and the
+    // wire-protocol envelope (session_key, messageId) the schema also drops.
+    const cloudflareSchema: FormSchema = { secretFields: ['password', 'session_key', 'messageId'] };
+    const payload = {
+      adminLabel: 'maxy-test',
+      adminDomain: 'maxy.bot',
+      publicLabel: 'public',
+      publicDomain: 'maxy.bot',
+      apex: 'maxy.bot',
+      password: SECRET_VALUE,
+      tunnelName: 'maxy-test',
+      session_key: 'sk-conversation-correlation-12345678',
+      messageId: '11111111-2222-3333-4444-555555555555',
+    };
+    const { redacted } = redactSecrets(payload, cloudflareSchema);
+
+    // Scan every recorded value for any known-secret regex match.
+    for (const [key, value] of Object.entries(redacted)) {
+      const stringified = JSON.stringify(value);
+      expect(stringified, `field ${key} carried a secret-shaped value`).not.toMatch(SECRET_REGEX);
+      expect(stringified, `field ${key} carried the secret literal`).not.toContain(SECRET_VALUE);
+    }
+    // Wire-envelope fields must also be absent from recorded props.
+    expect(redacted).not.toHaveProperty('session_key');
+    expect(redacted).not.toHaveProperty('messageId');
+  });
+
+  it('CONTRACT (falsifiability): removing the secret tag causes the password to leak — proves the test is meaningful', () => {
+    // This test is the canary that proves the no-secret-leak guarantee comes
+    // from the schema, not from coincidence. With `secretFields` empty (the
+    // schema-author forgot to tag `password`), the value MUST leak into the
+    // recorded payload — otherwise the contract test above would still pass
+    // even with a broken schema, and would catch nothing.
+    const brokenSchema: FormSchema = { secretFields: [] };
+    const payload = { adminLabel: 'maxy-test', password: SECRET_VALUE };
+    const { redacted } = redactSecrets(payload, brokenSchema);
+
+    expect(redacted.password).toBe(SECRET_VALUE);
+    expect(JSON.stringify(redacted)).toContain(SECRET_VALUE);
+  });
+});

package/payload/platform/lib/task-secrets/src/index.ts

@@ -0,0 +1,77 @@
+// Task 890 — outcome contract for audit Task input persistence.
+//
+// Doctrine: every audit Task records enough operator-meaningful information to
+// explain what happened, AND no audit Task contains secret material. Mechanism
+// is centralised here, not at the per-kind writer: form/action input
+// definitions tag secret fields at the source of truth, and writers strip
+// those fields via `redactSecrets` before persisting `inputs.<field>` props
+// onto the Task node.
+//
+// Single file by design — no per-kind branching, no factory. A future
+// schema shape change extends `FormSchema` here; the contract stays one place.
+
+export type JsonValue =
+  | string
+  | number
+  | boolean
+  | null
+  | JsonValue[]
+  | { [key: string]: JsonValue };
+
+export interface FormSchema {
+  /**
+   * Field names whose values are secret and must never land on a Task node.
+   * Declared at the form definition (e.g. `cloudflare-setup-form`'s schema in
+   * `cloudflare-setup-types.ts`), not at the writer. Writers pass the form
+   * schema through unmodified — the contract is "secrets are declared once
+   * where the form is defined, redaction is enforced once at write time."
+   */
+  secretFields?: string[];
+}
+
+export interface RedactResult {
+  /**
+   * Payload with every `secretFields` entry removed. Non-secret keys keep
+   * their values intact (including null, false, 0, empty string). Keys not
+   * mentioned in `secretFields` always pass through — secrets are an
+   * allow-list of names to drop, not the entire universe.
+   */
+  redacted: Record<string, JsonValue>;
+  /** Number of fields that were stripped. Callers log this when > 0. */
+  droppedFields: number;
+  /** Names of fields that were stripped, sorted for stable log lines. */
+  droppedFieldNames: string[];
+}
+
+/**
+ * Strip every secret-tagged field from `payload` per `schema`. Pure: no IO,
+ * no logging, no thrown errors. Caller is responsible for the
+ * `[task] redacted ...` log line when `droppedFields > 0`.
+ *
+ * Edge-case behaviour:
+ * - `payload` undefined / null → empty result, droppedFields=0.
+ * - `schema` undefined / no `secretFields` → every key passes through.
+ * - A secret field whose key is absent from `payload` → no-op (not counted).
+ * - Non-string values on a secret field → key still dropped, value never
+ *   inspected. Redaction is by KEY, not by value-shape heuristic.
+ */
+export function redactSecrets(
+  payload: Record<string, JsonValue> | null | undefined,
+  schema: FormSchema | null | undefined,
+): RedactResult {
+  if (!payload) {
+    return { redacted: {}, droppedFields: 0, droppedFieldNames: [] };
+  }
+  const secrets = new Set(schema?.secretFields ?? []);
+  const redacted: Record<string, JsonValue> = {};
+  const dropped: string[] = [];
+  for (const [key, value] of Object.entries(payload)) {
+    if (secrets.has(key)) {
+      dropped.push(key);
+      continue;
+    }
+    redacted[key] = value;
+  }
+  dropped.sort();
+  return { redacted, droppedFields: dropped.length, droppedFieldNames: dropped };
+}

package/payload/platform/lib/task-secrets/tsconfig.json

@@ -0,0 +1,9 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "dist",
+    "rootDir": "src"
+  },
+  "include": ["src"],
+  "exclude": ["src/__tests__"]
+}

package/payload/platform/lib/task-secrets/vitest.config.ts

@@ -0,0 +1,9 @@
+import { defineConfig } from 'vitest/config';
+
+export default defineConfig({
+  test: {
+    environment: 'node',
+    globals: false,
+    include: ['src/__tests__/**/*.test.ts'],
+  },
+});

package/payload/platform/neo4j/schema.cypher

@@ -258,6 +258,38 @@ OPTIONS {
   }
 };
 
+// ----------------------------------------------------------
+// ConversationArchive — chunked WhatsApp/messaging archive (Task 891).
+//
+// :ConversationArchive parent + :Section:Conversation chunks (HAS_SECTION + NEXT chain).
+// MERGE-keyed on conversationIdentity = sha256(accountId + ":" + sortedParticipantElementIds).
+// :Section base label is shared with KnowledgeDocument's children — chunks
+// reuse the section_embedding vector index above and the universal fulltext
+// index below.
+//
+// :PARTICIPANT_IN edges from :Person/:AdminUser to :ConversationArchive are
+// MERGEd on every ingest (idempotent); the operator confirms each participant
+// up front via the whatsapp-import skill flow.
+// ----------------------------------------------------------
+
+CREATE CONSTRAINT conversation_archive_identity_unique IF NOT EXISTS
+FOR (a:ConversationArchive) REQUIRE a.conversationIdentity IS UNIQUE;
+
+CREATE INDEX conversation_archive_account IF NOT EXISTS
+FOR (a:ConversationArchive) ON (a.accountId);
+
+CREATE INDEX conversation_archive_session IF NOT EXISTS
+FOR (a:ConversationArchive) ON (a.createdBySession);
+
+CREATE VECTOR INDEX conversation_archive_embedding IF NOT EXISTS
+FOR (a:ConversationArchive) ON (a.embedding)
+OPTIONS {
+  indexConfig: {
+    `vector.dimensions`: 768,
+    `vector.similarity_function`: 'cosine'
+  }
+};
+
 // Universal full-text BM25 index for hybrid keyword search (Task 748).
 //
 // Every operator-meaningful label written by the platform is in the index union;
@@ -276,7 +308,7 @@ OPTIONS {
 // Label union — every operator-meaningful label:
 //   - Business identity: LocalBusiness, Service, PriceSpecification, OpeningHoursSpecification, Organization
 //   - People: Person, UserProfile, Preference, AdminUser, AccessGrant
-//   - Knowledge: KnowledgeDocument, Section, Chunk (legacy), DigitalDocument, CreativeWork,
+//   - Knowledge: KnowledgeDocument, ConversationArchive (Task 891), Section, Chunk (legacy), DigitalDocument, CreativeWork,
 //     Question, FAQPage, DefinedTerm, Review, ImageObject
 //   - Conversational: Conversation, AdminConversation, PublicConversation, Message,
 //     UserMessage, AssistantMessage, ToolCall
@@ -309,7 +341,7 @@ OPTIONS {
 CREATE FULLTEXT INDEX entity_search IF NOT EXISTS
 FOR (n:LocalBusiness|Service|PriceSpecification|OpeningHoursSpecification|Organization
     |Person|UserProfile|Preference|AdminUser|AccessGrant
-    |KnowledgeDocument|Section|Chunk|DigitalDocument|CreativeWork|Question|FAQPage|DefinedTerm|Review|ImageObject
+    |KnowledgeDocument|ConversationArchive|Section|Chunk|DigitalDocument|CreativeWork|Question|FAQPage|DefinedTerm|Review|ImageObject
     |Conversation|AdminConversation|PublicConversation|Message|UserMessage|AssistantMessage|ToolCall
     |Task|Project|Event
     |Workflow|WorkflowStep|WorkflowRun|StepResult

package/payload/platform/package.json

@@ -6,8 +6,8 @@
     "plugins/*/mcp"
   ],
   "scripts": {
-    "build": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && tsc -p lib/brand-templating/tsconfig.json && tsc -p lib/entitlement/tsconfig.json && tsc -p plugins/whatsapp-import/lib/tsconfig.json && NODE_OPTIONS='--max-old-space-size=8192' tsc -b plugins/*/mcp/tsconfig.json",
-    "build:lib": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && tsc -p lib/brand-templating/tsconfig.json && tsc -p lib/entitlement/tsconfig.json && tsc -p plugins/whatsapp-import/lib/tsconfig.json",
+    "build": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && tsc -p lib/brand-templating/tsconfig.json && tsc -p lib/entitlement/tsconfig.json && tsc -p lib/task-secrets/tsconfig.json && tsc -p plugins/whatsapp-import/lib/tsconfig.json && NODE_OPTIONS='--max-old-space-size=8192' tsc -b plugins/*/mcp/tsconfig.json",
+    "build:lib": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && tsc -p lib/brand-templating/tsconfig.json && tsc -p lib/entitlement/tsconfig.json && tsc -p lib/task-secrets/tsconfig.json && tsc -p plugins/whatsapp-import/lib/tsconfig.json",
     "build:memory": "tsc -p plugins/memory/mcp/tsconfig.json",
     "build:contacts": "tsc -p plugins/contacts/mcp/tsconfig.json",
     "build:telegram": "tsc -p plugins/telegram/mcp/tsconfig.json",

package/payload/platform/plugins/admin/hooks/archive-ingest-surface-gate.sh

@@ -1,22 +1,28 @@
 #!/usr/bin/env bash
-# Archive-ingest surface gate (Task 855; supersedes Task 846).
+# Archive-ingest surface gate (Task 855, updated by Task 891).
 #
 # Five enforcements, one script — phase decided by `hook_event_name` on stdin.
 # Task 855 narrows the database-operator subagent's effective surface during
 # WhatsApp archive ingestion to exactly one Bash entry
 # (`whatsapp-import/bin/whatsapp-ingest.sh`) plus read-only neighbours, by
-# blocking the legacy MCP deviation tools mechanically.
+# blocking the legacy MCP deviation tools mechanically. Task 891 retired the
+# `whatsapp-export-insight-pass` tool entirely (Phase 2 enrichment moved to a
+# separate follow-up task that will operate on :Section:Conversation chunks);
+# the tool name is added to the BLOCK list so any agent that still references
+# it from a stale skill or runbook gets a loud denial instead of MCP-not-found.
 #
-# 1. PreToolUse on the three legacy WhatsApp MCP tools — BLOCK unconditionally.
-#    The single deterministic Bash entry (Task 855) is the only supported path
-#    for `archiveType=whatsapp-export`. The legacy MCP tools' source remains
-#    until cleanup; the gate stops them being invoked.
+# 1. PreToolUse on the four legacy WhatsApp MCP tools — BLOCK unconditionally.
+#    The single deterministic Bash entry is the only supported path for
+#    `archiveType=whatsapp-export`. Tool source for #1-#3 remains until cleanup;
+#    `whatsapp-export-insight-pass` source was deleted by Task 891 and the
+#    block here catches stale references.
 #       mcp__memory__whatsapp-export-parse
 #       mcp__memory__whatsapp-export-insight-write
-#       mcp__memory__memory-archive-write           (only when `archiveType` is
-#                                                    `whatsapp-export`; LinkedIn
-#                                                    and other archiveTypes pass
-#                                                    through unchanged.)
+#       mcp__memory__whatsapp-export-insight-pass     (Task 891 — deleted, retired)
+#       mcp__memory__memory-archive-write             (only when `archiveType` is
+#                                                      `whatsapp-export`; LinkedIn
+#                                                      and other archiveTypes pass
+#                                                      through unchanged.)
 #
 # 2. PreToolUse Edit/Write/NotebookEdit: deny writes under
 #    `*platform/plugins/*/lib/*` (parser/CSV-shape source for any *-import or
@@ -136,9 +142,9 @@ fi
 
 # --- Block 2: legacy WhatsApp MCP tools — denied unconditionally ----------
 case "$TOOL_NAME" in
-  mcp__memory__whatsapp-export-parse|mcp__memory__whatsapp-export-insight-write)
+  mcp__memory__whatsapp-export-parse|mcp__memory__whatsapp-export-insight-write|mcp__memory__whatsapp-export-insight-pass)
     emit_decision "block" "denied-mcp-legacy" \
-      "Blocked: ${TOOL_NAME} is the Task 804 legacy path. Task 855 ships the deterministic Bash entry — invoke 'bash platform/plugins/whatsapp-import/bin/whatsapp-ingest.sh <archive> --owner-element-id <id> --subject-person-id <id> --scope <admin|public> --filter <all|senders=<csv>|date-range=<from>..<to>>' once. Parse, archive-write, and insight all run in-process; do not call legacy MCP tools."
+      "Blocked: ${TOOL_NAME} is a retired path. Task 891 ships the chunked-archive contract — invoke 'bash platform/plugins/whatsapp-import/bin/whatsapp-ingest.sh <archive> --owner-element-id <id> --participant-person-ids <csv> --scope <admin|public>' once. Parse, sessionize, classify (mode=chat), and memory-ingest (parentLabel=ConversationArchive) all run in-process; do not call legacy MCP tools. Phase 2 insight derivation is deferred to its own follow-up task."
     ;;
 esac
 
@@ -168,7 +174,7 @@ if [ "$TOOL_NAME" = "mcp__memory__memory-archive-write" ]; then
   ARCHIVE_TYPE=$(extract_tool_input_field archiveType)
   if [ "$ARCHIVE_TYPE" = "whatsapp-export" ]; then
     emit_decision "block" "denied-mcp-legacy archiveType=whatsapp-export" \
-      "Blocked: memory-archive-write with archiveType='whatsapp-export' is the Task 804 legacy path. Task 855 ships the deterministic Bash entry — invoke 'bash platform/plugins/whatsapp-import/bin/whatsapp-ingest.sh <archive> --owner-element-id <id> --subject-person-id <id> --scope <admin|public> --filter <all|senders=<csv>|date-range=<from>..<to>>' once. Other archiveTypes (linkedin-connections, …) flow through memory-archive-write unchanged."
+      "Blocked: memory-archive-write with archiveType='whatsapp-export' is a retired path. Task 891 ships the chunked-archive contract — invoke 'bash platform/plugins/whatsapp-import/bin/whatsapp-ingest.sh <archive> --owner-element-id <id> --participant-person-ids <csv> --scope <admin|public>' once. Other archiveTypes (linkedin-connections, …) flow through memory-archive-write unchanged."
   fi
 fi
 

package/payload/platform/plugins/admin/skills/business-profile/SKILL.md

@@ -10,14 +10,14 @@ Applies when the business owner wants to set up, complete, or update their busin
 ## When to Activate
 
 - Admin asks to set up, edit, or complete their business profile
-- Onboarding step 9 delegates here on first run **only when the operator picked `business-owner` mode** (Task 704). Personal mode bootstraps a `Person` with `role: "admin-personal"` directly inside step 9 and does NOT invoke this skill.
+- Onboarding step 9 delegates here on first run **only when the operator picked `business-owner` mode**. Personal mode bootstraps a `Person` with `role: "admin-personal"` directly inside step 9 and does NOT invoke this skill.
 - Session-start graph check shows a `LocalBusiness` node with missing data (no hours, no services, empty description)
 - The graph-write gate rejects a `memory-write` or `memory-update` with `no-admin-user` or `no-local-business` — the error message directs the agent here. (For personal-mode accounts, the gate is satisfied by the personal-profile `Person` node, so this rejection should not fire — if it does, the personal-profile node is missing or its `role` is wrong.)
 - Admin asks questions like "update my address", "add our opening hours", "change the phone number"
 
 ## First-run path (no LocalBusiness yet)
 
-The `AdminUser` and the operator's personal-profile `Person` were written deterministically at PIN setup time (Task 830 — `writeAdminUserAndPerson`), so this skill no longer creates the AdminUser. When onboarding step 9 invokes this skill in `business-owner` mode, or when the graph-write gate reports `no-local-business`, create the LocalBusiness:
+The `AdminUser` and the operator's personal-profile `Person` are written deterministically at PIN setup time, so this skill no longer creates the AdminUser. When onboarding step 9 invokes this skill in `business-owner` mode, or when the graph-write gate reports `no-local-business`, create the LocalBusiness:
 
 1. **LocalBusiness.** Ask the user for the business name first — this is the only mandatory property. Call `memory-write` with `labels: ["LocalBusiness"]`, minimal `properties: { name }`, `scope: "shared"`, `relationships: [{ type: "OWNS", direction: "incoming", targetNodeId: "<AdminUser-elementId>" }]`. The `LocalBusiness` label is on the exempt set, so the gate passes for this write. Find the AdminUser elementId via `memory-search` for the operator's name; the AdminUser already exists from PIN setup.
 2. **Capture the remaining domains** (address, hours, services, FAQs, brand assets) via `memory-update` on the `LocalBusiness` node and `memory-write` for related nodes (`OpeningHoursSpecification`, `Service`, `FAQPage`, `ImageObject`). With LocalBusiness present, the gate passes for all subsequent writes.

package/payload/platform/plugins/admin/skills/onboarding/SKILL.md

@@ -203,24 +203,25 @@ Pin the operator's persona and bootstrap the graph nodes that satisfy the graph-
 
 **Call `onboarding-step9-mode` with the chosen mode before any graph write or skill invocation.** The tool emits the diagnostic log line and returns the deterministic next-action prose.
 
-**Open the action record with `task-create` (Task 885 process-provenance doctrine).** Before any graph write or skill invocation, call:
+**Open the action record with `task-create` (process-provenance + audit input contract).** Before any graph write or skill invocation, call `task-create` with:
 
-```
-task-create
-  name: "Establish operator owner — onboarding step 9"
-  description: "<one-line summary of the chosen mode and what entities will be produced>"
-  status: "running"
-  kind: "onboarding-establish-owner"
-  inputsProvided: ["mode"]
-```
+- `name`: "Establish operator owner — onboarding step 9"
+- `description`: a one-line summary describing the chosen mode and what entities will be produced
+- `status`: `"running"`
+- `kind`: `"onboarding-establish-owner"`
+- `inputsProvided`: the keys you actually pass on `inputs` (e.g. `["mode"]`); records the call shape
+- `inputs`: the form payload known at creation time — `{ mode: "personal" | "business-owner" }`
+- `inputSchema`: `{ secretFields: [] }` — the step-9 mode select carries no secrets; declare the empty list explicitly so the contract is visible at the call site
 
 The returned `taskId` is the action-provenance handle for this step — every subsequent `memory-write` for an action-provenance-gated label (`Person`, `UserProfile`, `AdminUser`, `Organization`, `LocalBusiness`) MUST pass it as `producedByTaskId` so the inbound `:PRODUCED` edge from the Task is composed into the write. The Task is auto-linked to the current `AdminConversation` via `RAISED_DURING` (this is what makes `MATCH (c:AdminConversation)<-[:RAISED_DURING]-(t:Task)-[:PRODUCED]->(entity)` traversable from the conversation that initiated onboarding).
 
+**Recording what you collect.** The `onboarding-establish-owner` Task is the audit record for step 9. Record every operator-meaningful fact you collect using the existing surfaces — `description` for the running summary, `note` (via `task-update`) for facts as they land (email collected, phone declined, resolved Person/UserProfile elementIds), `appendStep` for phase markers. Agent's judgement decides which slot. Contract: by `task-complete`, a reader of the Task properties can reconstruct what was collected, what was declined, and which entities were touched without consulting any other source. No secrets in any property regardless of slot — `task-create`'s `inputs` is centrally redacted via `inputSchema.secretFields`; the post-creation slots carry no schema, so the agent's responsibility is to never write secret material into them.
+
 Then branch on the mode.
 
 ### `business-owner`
 
-Invoke the `business-profile` skill, passing the `taskId` so the skill can thread it as `producedByTaskId` into every `memory-write` it issues. The skill follows its first-run path: create the `AdminUser` node, create the `LocalBusiness` node, create the `Organization` node, collect identity + address + whichever additional domains (hours, services, FAQs, brand assets) the user provides. When `business-profile` reports that the required nodes exist in the graph, call `task-update(appendStep:"business-profile-complete")` then write the `HAS_PROFILE` edge from the personal-profile `Person` to the operator's `UserProfile` via `memory-update` (one `memory-search` to resolve both elementIds; the `UserProfile` already exists from step 6 onwards via the lazy-create in `loadUserProfile`). Then call `task-complete(taskId)` and `onboarding-complete-step` with step 9. Do not mark step 9 complete before the required nodes + the HAS_PROFILE edge exist — the gate's precondition must be real, not just recorded.
+Invoke the `business-profile` skill, passing the `taskId` so the skill can thread it as `producedByTaskId` into every `memory-write` it issues. The skill follows its first-run path: create the `AdminUser` node, create the `LocalBusiness` node, create the `Organization` node, collect identity + address + whichever additional domains (hours, services, FAQs, brand assets) the user provides. When `business-profile` reports that the required nodes exist in the graph, call `task-update` with both `appendStep:"business-profile-complete"` AND `note:"Business profile complete — AdminUser=<elementId>, LocalBusiness=<elementId>, Organization=<elementId>"` (the resolved elementIds from the skill's writes; one call carries both the phase marker and the audit content). Then write the `HAS_PROFILE` edge from the personal-profile `Person` to the operator's `UserProfile` via `memory-update` (one `memory-search` to resolve both elementIds; the `UserProfile` already exists from step 6 onwards via the lazy-create in `loadUserProfile`). Then call `task-complete(taskId)` and `onboarding-complete-step` with step 9. Do not mark step 9 complete before the required nodes + the HAS_PROFILE edge exist — the gate's precondition must be real, not just recorded.
 
 ### `personal`
 
@@ -228,9 +229,9 @@ Personal mode does not register a `LocalBusiness`. The `AdminUser` and personal-
 
 1. **Ask the user for their email AND phone number** in one short conversational message — {{productName}} stores both on the personal-profile Person for downstream features (notifications, contact-method matching, identity-coverage signal that the agent uses to detect missing identity in future turns). The user may decline either; record what they provide. (Operator-identity fix: the system-prompt's "Identity coverage" block surfaces missing identity fields on every turn, so a partial answer becomes a follow-up prompt rather than a silent gap.)
 2. **Attach the identity to Person.** Call `profile-update` with `personFields: { email: "<value>", telephone: "<value>" }` (omit either key the user declined). The tool resolves the personal-profile Person via `(au:AdminUser {userId:$you})-[:OWNS]->(p:Person)` server-side and writes the canonical `email`/`telephone` fields. Use canonical `telephone` — `phone` is the schema synonym, not the canonical name; `profile-update` rejects `phone` rather than silently rewriting it. The tool throws if the OWNS edge is missing rather than silently no-oping (the PIN-setup path is the only place that edge is created — a missing edge means PIN setup never ran or was rolled back).
-3. **Append the step.** Call `task-update(appendStep:"identity-attached")`.
+3. **Append the step + record the facts.** Call `task-update` with both `appendStep:"identity-attached"` AND `note:"Identity attached — email=<value-or-declined>, telephone=<value-or-declined>"` (use the actual values the operator supplied; for declines write the literal `declined`). One call, both fields. The note carries the operator-meaningful audit content; the step is the phase marker.
 4. **Link the personal-profile `Person` to the `UserProfile`.** Call `memory-search` to resolve the `UserProfile` elementId for the operator (the lazy `loadUserProfile` write created it on the first admin session). Then call `memory-update` on the Person to add the `HAS_PROFILE` edge to the UserProfile. (`HAS_PROFILE` from `:Person` is a sibling pattern to the existing `AdminUser→HAS_PROFILE→UserProfile`; both are valid sources for the same edge type. See [schema-base.md Relationship Patterns](../../../memory/references/schema-base.md).)
-5. **Close the action record.** Call `task-update(appendStep:"profile-linked")` then `task-complete(taskId)`.
+5. **Close the action record.** Call `task-update` with both `appendStep:"profile-linked"` AND `note:"Profile linked — Person=<elementId>, UserProfile=<elementId>"` (the resolved elementIds from steps 2 and 4). Then call `task-complete(taskId)`.
 6. **Mark step 9 complete.** Call `onboarding-complete-step` with step 9.
 
 After step 9 completes in personal mode, tell the user that {{productName}} is configured for personal use — their employer (if any) is not registered here. If they later become the operator for a business of their own, they can ask {{productName}} to set up a business profile, which invokes the `business-profile` skill directly.

package/payload/platform/plugins/admin/skills/plugin-management/SKILL.md

@@ -22,7 +22,7 @@ Built-in plugins under `$PLATFORM_ROOT/plugins/`:
 
 - Enable: call `plugin-toggle-enabled` with `pluginName` and `action: "enable"`. Activates the plugin's behaviour embed and MCP server from the next session. Plugins with scheduled behaviour (declared via `lifecycle` in PLUGIN.md frontmatter) are activated automatically by the platform heartbeat within one minute — no separate setup command needed.
 - Disable: call `plugin-toggle-enabled` with `pluginName` and `action: "disable"`. Deactivates from the next session. Any scheduled Events owned by the plugin (`sourcePlugin` field) are cancelled automatically by the platform heartbeat.
-- The tool refuses core plugins (admin, memory, docs, cloudflare, anthropic) and refuses plugins not installed under `$PLATFORM_ROOT/plugins/`. Direct `Edit` of `account.json` is denied by the pre-tool-use hook (Task 831) — `plugin-toggle-enabled` is the only legitimate path.
+- The tool refuses core plugins (admin, memory, docs, cloudflare, anthropic) and refuses plugins not installed under `$PLATFORM_ROOT/plugins/`. Direct `Edit` of `account.json` is denied by the pre-tool-use hook — `plugin-toggle-enabled` is the only legitimate path.
 
 ## Premium Plugins
 
@@ -38,11 +38,11 @@ When the user asks about a specific premium plugin (e.g., "tell me about the tea
 
 ### Recording a purchase
 
-`purchasedPlugins` is an entitlement-bearing field (Task 831): the effective list derives from the Rubytech-signed entitlement payload, not from raw `account.json`. The pre-tool-use hook denies any agent write to `account.json`. Direct purchase recording is therefore unavailable to the agent.
+`purchasedPlugins` is an entitlement-bearing field: the effective list derives from the Rubytech-signed entitlement payload, not from raw `account.json`. The pre-tool-use hook denies any agent write to `account.json`. Direct purchase recording is therefore unavailable to the agent.
 
-- **Production path:** Task 832 — Rubytech-side issuance endpoint signs an updated entitlement payload after a Stripe purchase event and delivers it to `~/<configDir>/entitlement.json`. The verifier picks up the new payload at the next session start.
+- **Production path:** the Rubytech-side issuance endpoint signs an updated entitlement payload after a Stripe purchase event and delivers it to `~/<configDir>/entitlement.json`. The verifier picks up the new payload at the next session start.
 - **Pre-launch / dev path:** the founder runs `node platform/scripts/generate-entitlement-fixture.mjs sign --account-id <id> --email <e> --tier <t> --plugins a,b,c --out ~/<configDir>/entitlement.json` to produce a signed test payload. The agent does not invoke this script.
-- **Personal-mode installs (`brand.json.commercialMode: false`, the default today):** purchasedPlugins is read from raw `account.json` via implicit-trust mode. Pre-launch the agent has no way to add purchases without operator intervention; this is intentional during the gap before Task 832 ships.
+- **Personal-mode installs (`brand.json.commercialMode: false`, the default today):** purchasedPlugins is read from raw `account.json` via implicit-trust mode. Pre-launch the agent has no way to add purchases without operator intervention; this is intentional during the gap before signed-issuance ships.
 
 If the user asks the agent to record a purchase, explain that their purchase is processed by Rubytech billing and the entitlement payload arrives on their device automatically — no agent action is required.
 

package/payload/platform/plugins/admin/skills/public-agent-manager/SKILL.md

@@ -195,7 +195,7 @@ After creation, no template metadata persists in the agent's files. The resultin
 9. **KNOWLEDGE.md generation** — populate from the now-tagged set plus keyword matches using the `update-knowledge` skill workflow
 10. Write `config.json` with selected model, plugins, status "active", `liveMemory`, and `knowledgeKeywords`. This is the last gated write — placed after IDENTITY.md, SOUL.md, and KNOWLEDGE.md to prevent cascade failure if one gate stalls.
 11. Check context budget — auto-summarise if over threshold
-12. **Project the agent into the graph** — delegate to the `database-operator` specialist with the instruction: "Project public agent `{slug}` into the graph by POSTing to `/api/admin/agents/{slug}/project` (Task 837 surface)." The route reads the on-disk files and idempotently MERGEs the `:Agent` node, the four owned `:KnowledgeDocument` projections (IDENTITY/SOUL/KNOWLEDGE/KNOWLEDGE-SUMMARY when present, namespaced `attachmentId="agent:<slug>:<role>"`), the `HAS_*` edges, and the `USES_KNOWLEDGE` edges to every operator-tagged doc. Loud-fail: if the route returns non-2xx, surface the error to the user verbatim — the agent's files exist on disk but its graph projection is incomplete, which means the operator's /graph view will not show this agent. Re-running the projection is safe; it is the same idempotent MERGE.
+12. **Project the agent into the graph** — delegate to the `database-operator` specialist with the instruction: "Project public agent `{slug}` into the graph by POSTing to `/api/admin/agents/{slug}/project`." The route reads the on-disk files and idempotently MERGEs the `:Agent` node, the four owned `:KnowledgeDocument` projections (IDENTITY/SOUL/KNOWLEDGE/KNOWLEDGE-SUMMARY when present, namespaced `attachmentId="agent:<slug>:<role>"`), the `HAS_*` edges, and the `USES_KNOWLEDGE` edges to every operator-tagged doc. Loud-fail: if the route returns non-2xx, surface the error to the user verbatim — the agent's files exist on disk but its graph projection is incomplete, which means the operator's /graph view will not show this agent. Re-running the projection is safe; it is the same idempotent MERGE.
 13. Confirm creation: "Agent created. Visitors can reach it at `/{slug}`"
 
 ### List
@@ -245,7 +245,7 @@ Deletion removes the entire agent directory (`agents/{slug}/`) — not individua
 - If no other agents remain (or the user declines to set a new default), clear the `defaultAgent` field by calling `account-update` with `field: "defaultAgent"`, `value: ""`. Tell the user that visitors to the root URL will see a "no agents" message until a new agent is created.
 
 **Cleanup sequence:**
-- Issue `DELETE /api/admin/agents/{slug}` — the route runs `deleteAgentProjection` (Task 837) FIRST to remove the `:Agent` node and its four owned `:KnowledgeDocument` projections, then `rmSync` the directory. Loud-fail: if graph cleanup throws, files are preserved and a 500 is returned with the error text. Re-issuing the DELETE is safe (idempotent on both layers). Operator-tagged docs survive the projection delete — only the `USES_KNOWLEDGE` edges from this Agent are removed.
+- Issue `DELETE /api/admin/agents/{slug}` — the route removes the `:Agent` node and its four owned `:KnowledgeDocument` projections FIRST, then deletes the directory. Loud-fail: if graph cleanup throws, files are preserved and a 500 is returned with the error text. Re-issuing the DELETE is safe (idempotent on both layers). Operator-tagged docs survive the projection delete — only the `USES_KNOWLEDGE` edges from this Agent are removed.
 - Verify the directory no longer exists
 - Report what was removed (list the files that were in the directory)