@rubytech/create-realagent 1.0.826 → 1.0.829

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/create-realagent",
-  "version": "1.0.826",
+  "version": "1.0.829",
   "description": "Install Real Agent — Built for agents. By agents.",
   "bin": {
     "create-realagent": "./dist/index.js"

package/payload/platform/neo4j/schema.cypher

@@ -258,6 +258,39 @@ OPTIONS {
   }
 };
 
+// ----------------------------------------------------------
+// ConversationArchive — chunked WhatsApp/messaging archive (Task 891).
+//
+// :ConversationArchive parent + :Section:Conversation chunks (HAS_SECTION + NEXT chain).
+// MERGE-keyed on conversationIdentity = sha256(accountId + ":" + sortedParticipantElementIds).
+// :Section base label is shared with KnowledgeDocument's children — chunks
+// reuse the section_embedding vector index above and the universal fulltext
+// index below.
+//
+// :PARTICIPANT_IN edges from :Person/:AdminUser to :ConversationArchive are
+// MERGEd on every ingest (idempotent); the operator confirms each participant
+// up front via the document-ingest skill's chat-mode participant flow
+// (Task 894 — supersedes the prior whatsapp-import skill).
+// ----------------------------------------------------------
+
+CREATE CONSTRAINT conversation_archive_identity_unique IF NOT EXISTS
+FOR (a:ConversationArchive) REQUIRE a.conversationIdentity IS UNIQUE;
+
+CREATE INDEX conversation_archive_account IF NOT EXISTS
+FOR (a:ConversationArchive) ON (a.accountId);
+
+CREATE INDEX conversation_archive_session IF NOT EXISTS
+FOR (a:ConversationArchive) ON (a.createdBySession);
+
+CREATE VECTOR INDEX conversation_archive_embedding IF NOT EXISTS
+FOR (a:ConversationArchive) ON (a.embedding)
+OPTIONS {
+  indexConfig: {
+    `vector.dimensions`: 768,
+    `vector.similarity_function`: 'cosine'
+  }
+};
+
 // Universal full-text BM25 index for hybrid keyword search (Task 748).
 //
 // Every operator-meaningful label written by the platform is in the index union;
@@ -276,7 +309,7 @@ OPTIONS {
 // Label union — every operator-meaningful label:
 //   - Business identity: LocalBusiness, Service, PriceSpecification, OpeningHoursSpecification, Organization
 //   - People: Person, UserProfile, Preference, AdminUser, AccessGrant
-//   - Knowledge: KnowledgeDocument, Section, Chunk (legacy), DigitalDocument, CreativeWork,
+//   - Knowledge: KnowledgeDocument, ConversationArchive (Task 891), Section, Chunk (legacy), DigitalDocument, CreativeWork,
 //     Question, FAQPage, DefinedTerm, Review, ImageObject
 //   - Conversational: Conversation, AdminConversation, PublicConversation, Message,
 //     UserMessage, AssistantMessage, ToolCall
@@ -309,7 +342,7 @@ OPTIONS {
 CREATE FULLTEXT INDEX entity_search IF NOT EXISTS
 FOR (n:LocalBusiness|Service|PriceSpecification|OpeningHoursSpecification|Organization
     |Person|UserProfile|Preference|AdminUser|AccessGrant
-    |KnowledgeDocument|Section|Chunk|DigitalDocument|CreativeWork|Question|FAQPage|DefinedTerm|Review|ImageObject
+    |KnowledgeDocument|ConversationArchive|Section|Chunk|DigitalDocument|CreativeWork|Question|FAQPage|DefinedTerm|Review|ImageObject
     |Conversation|AdminConversation|PublicConversation|Message|UserMessage|AssistantMessage|ToolCall
     |Task|Project|Event
     |Workflow|WorkflowStep|WorkflowRun|StepResult

package/payload/platform/package.json

@@ -6,8 +6,8 @@
     "plugins/*/mcp"
   ],
   "scripts": {
-    "build": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && tsc -p lib/brand-templating/tsconfig.json && tsc -p lib/entitlement/tsconfig.json && tsc -p lib/task-secrets/tsconfig.json && tsc -p plugins/whatsapp-import/lib/tsconfig.json && NODE_OPTIONS='--max-old-space-size=8192' tsc -b plugins/*/mcp/tsconfig.json",
-    "build:lib": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && tsc -p lib/brand-templating/tsconfig.json && tsc -p lib/entitlement/tsconfig.json && tsc -p lib/task-secrets/tsconfig.json && tsc -p plugins/whatsapp-import/lib/tsconfig.json",
+    "build": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && tsc -p lib/brand-templating/tsconfig.json && tsc -p lib/entitlement/tsconfig.json && tsc -p lib/task-secrets/tsconfig.json && NODE_OPTIONS='--max-old-space-size=8192' tsc -b plugins/*/mcp/tsconfig.json",
+    "build:lib": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && tsc -p lib/brand-templating/tsconfig.json && tsc -p lib/entitlement/tsconfig.json && tsc -p lib/task-secrets/tsconfig.json",
     "build:memory": "tsc -p plugins/memory/mcp/tsconfig.json",
     "build:contacts": "tsc -p plugins/contacts/mcp/tsconfig.json",
     "build:telegram": "tsc -p plugins/telegram/mcp/tsconfig.json",

package/payload/platform/plugins/admin/hooks/__tests__/archive-ingest-surface-gate.test.sh

@@ -1,23 +1,30 @@
 #!/usr/bin/env bash
-# Regression test for archive-ingest-surface-gate.sh (Task 855).
+# Regression test for archive-ingest-surface-gate.sh (Task 855, trimmed by Task 894).
 #
-# Covers:
-#   Preserved-from-Task-846:
-#     1. Edit on /platform/plugins/<x>/lib/* → BLOCKED
-#     2. Edit on benign path → ALLOWED
-#     3. Bash with `npx vitest`/`bun test`/`npm test` → BLOCKED
-#     4. PostToolUse on whatsapp-export-parse with isError:true sets flag
-#     5. Subsequent PreToolUse on ANY tool → BLOCKED
-#     6. UserPromptSubmit clears flag → normal allow resumes
-#     7. PostToolUse with isError:false → flag absent
-#     8. Stale flag (>600s) auto-clears
-#   New (Task 855):
-#     A. PreToolUse mcp__memory__whatsapp-export-parse → BLOCKED
-#     B. PreToolUse mcp__memory__whatsapp-export-insight-write → BLOCKED
-#     C. PreToolUse mcp__memory__memory-archive-write w/ archiveType=whatsapp-export → BLOCKED
-#     D. PreToolUse mcp__memory__memory-archive-write w/ archiveType=linkedin-connections → ALLOWED
-#     E. PreToolUse Bash invoking whatsapp-ingest.sh → ALLOWED
-#     F. Default-allow emits a [archive-ingest-gate] decision=allow log line
+# Covers (post-Task-894):
+#   1. Edit on /platform/plugins/<x>/lib/* → BLOCKED
+#   2. Edit on benign path → ALLOWED
+#   3. Bash with `npx vitest`/`bun test`/`npm test` → BLOCKED
+#   4. PreToolUse memory-archive-write w/ archiveType=linkedin-connections → ALLOWED
+#   5. Default-allow emits a [archive-ingest-gate] decision=allow log line
+#   6. Parse-error flag lifecycle: PostToolUse on any *-export-parse / *-import-parse
+#      with isError:true sets flag; subsequent PreToolUse blocks; UserPromptSubmit
+#      clears; stale flag (>600s) auto-clears; parse-success leaves flag absent.
+#   7. Bypass attempts: nested file_path in old_string + top-level file_path in
+#      lib/* → BLOCKED.
+#   8. Fail-closed terminal check.
+#
+# Removed by Task 894:
+#   - WhatsApp-specific MCP-tool blocks (the three legacy whatsapp-export tools
+#     no longer exist; chat archives flow through memory-classify mode='chat'
+#     and memory-ingest parentLabel='ConversationArchive' via document-ingest).
+#   - memory-archive-write archiveType='whatsapp-export' block (the enum value
+#     was dropped from memory-archive-write).
+#
+# A generic LinkedIn-shaped fixture stands in for the parse-error lifecycle —
+# the gate's PostToolUse pattern matches `mcp__*__*-export-parse` /
+# `mcp__*__*-import-parse`, so any plausible parser tool name exercises the
+# flag-set / flag-clear path.
 
 set -u
 
@@ -51,18 +58,20 @@ run_case() {
   fi
 }
 
-# Preserved cases ---------------------------------------------------------
+# Plugin-source-edit block ------------------------------------------------
 
-run_case "Edit on platform/plugins/whatsapp-import/lib/src/parse-export.ts → BLOCKED" \
-  '{"hook_event_name":"PreToolUse","tool_name":"Edit","tool_input":{"file_path":"/Users/x/repo/platform/plugins/whatsapp-import/lib/src/parse-export.ts","old_string":"a","new_string":"b"}}' \
+run_case "Edit on platform/plugins/linkedin-import/lib/src/parse.ts → BLOCKED" \
+  '{"hook_event_name":"PreToolUse","tool_name":"Edit","tool_input":{"file_path":"/Users/x/repo/platform/plugins/linkedin-import/lib/src/parse.ts","old_string":"a","new_string":"b"}}' \
   2
 
 run_case "Edit on README.md → ALLOWED" \
   '{"hook_event_name":"PreToolUse","tool_name":"Edit","tool_input":{"file_path":"/Users/x/repo/README.md","old_string":"a","new_string":"b"}}' \
   0
 
+# Test-runner block (Bash) ------------------------------------------------
+
 run_case "Bash 'npx vitest run' → BLOCKED" \
-  '{"hook_event_name":"PreToolUse","tool_name":"Bash","tool_input":{"command":"npx vitest run parse-export.test.ts"}}' \
+  '{"hook_event_name":"PreToolUse","tool_name":"Bash","tool_input":{"command":"npx vitest run x.test.ts"}}' \
   2
 
 run_case "Bash 'ls -la' → ALLOWED" \
@@ -77,45 +86,18 @@ run_case "Bash 'npm test' → BLOCKED" \
   '{"hook_event_name":"PreToolUse","tool_name":"Bash","tool_input":{"command":"npm test"}}' \
   2
 
-# New (Task 855) cases ----------------------------------------------------
-
-run_case "PreToolUse mcp__memory__whatsapp-export-parse → BLOCKED" \
-  '{"hook_event_name":"PreToolUse","tool_name":"mcp__memory__whatsapp-export-parse","tool_input":{"filePath":"/tmp/_chat.txt","accountId":"acct1","timezone":"Europe/London"}}' \
-  2
-
-run_case "PreToolUse mcp__memory__whatsapp-export-insight-write → BLOCKED" \
-  '{"hook_event_name":"PreToolUse","tool_name":"mcp__memory__whatsapp-export-insight-write","tool_input":{"kind":"MENTIONS","name":"Joel"}}' \
-  2
-
-run_case "PreToolUse memory-archive-write w/ archiveType=whatsapp-export → BLOCKED" \
-  '{"hook_event_name":"PreToolUse","tool_name":"mcp__memory__memory-archive-write","tool_input":{"archiveType":"whatsapp-export","ownerNodeId":"x","accountId":"a","rows":[]}}' \
-  2
+# memory-archive-write — LinkedIn passes through unchanged ----------------
 
 run_case "PreToolUse memory-archive-write w/ archiveType=linkedin-connections → ALLOWED" \
   '{"hook_event_name":"PreToolUse","tool_name":"mcp__memory__memory-archive-write","tool_input":{"archiveType":"linkedin-connections","ownerNodeId":"x","accountId":"a","rows":[]}}' \
   0
 
-# Bypass attempts (Task 855 code-review C1): nested archiveType in rows[0]
-# or conversation must NOT defeat the block. The gate must read the
-# top-level tool_input.archiveType, not the first textual occurrence.
-run_case "BYPASS: nested rows[0].archiveType=linkedin + top-level archiveType=whatsapp-export → BLOCKED" \
-  '{"hook_event_name":"PreToolUse","tool_name":"mcp__memory__memory-archive-write","tool_input":{"rows":[{"archiveType":"linkedin-connections"}],"archiveType":"whatsapp-export","ownerNodeId":"x","accountId":"a"}}' \
-  2
-
-run_case "BYPASS: conversation.archiveType=linkedin + top-level archiveType=whatsapp-export → BLOCKED" \
-  '{"hook_event_name":"PreToolUse","tool_name":"mcp__memory__memory-archive-write","tool_input":{"conversation":{"archiveType":"linkedin-connections","conversationId":"x"},"archiveType":"whatsapp-export","ownerNodeId":"x","accountId":"a","rows":[]}}' \
-  2
-
 # Plugin-source-edit path block must read tool_input.file_path top-level,
 # not a nested file_path in old_string/new_string.
 run_case "BYPASS: nested file_path in old_string + top-level file_path in lib/* → BLOCKED" \
-  '{"hook_event_name":"PreToolUse","tool_name":"Edit","tool_input":{"file_path":"/repo/platform/plugins/whatsapp-import/lib/src/parse-export.ts","old_string":"file_path:/safe/path","new_string":"x"}}' \
+  '{"hook_event_name":"PreToolUse","tool_name":"Edit","tool_input":{"file_path":"/repo/platform/plugins/linkedin-import/lib/src/parse.ts","old_string":"file_path:/safe/path","new_string":"x"}}' \
   2
 
-run_case "PreToolUse Bash invoking whatsapp-ingest.sh → ALLOWED" \
-  '{"hook_event_name":"PreToolUse","tool_name":"Bash","tool_input":{"command":"bash platform/plugins/whatsapp-import/bin/whatsapp-ingest.sh /tmp/chat.zip --owner-element-id 4:abc:1 --subject-person-id 4:abc:2 --scope admin --filter all"}}' \
-  0
-
 # Default-allow log-line check
 LOG=$(printf '%s' '{"hook_event_name":"PreToolUse","tool_name":"Read","tool_input":{"file_path":"/tmp/foo"}}' | bash "$HOOK" 2>&1 1>/dev/null)
 if printf '%s' "$LOG" | grep -q '\[archive-ingest-gate\] decision=allow tool=Read reason=default'; then
@@ -136,10 +118,13 @@ else
   FAIL=$((FAIL + 1))
 fi
 
-# Parse-error flag lifecycle (preserved)
+# Parse-error flag lifecycle (preserved). The gate's PostToolUse pattern is
+# `mcp__*__*-export-parse` / `mcp__*__*-import-parse` — exercise via the
+# linkedin-import-parse name (synthetic — the linkedin importer currently
+# uses memory-archive-write, but the gate matches by tool name shape).
 rm -f "$FLAG_FILE"
 run_case "PostToolUse parse-error sets flag (exit 0)" \
-  '{"hook_event_name":"PostToolUse","tool_name":"mcp__memory__whatsapp-export-parse","tool_input":{"filePath":"_chat.txt"},"tool_response":{"isError":true,"content":[{"type":"text","text":"parse-error file=_chat.txt line=1 reason=not-a-_chat.txt"}]}}' \
+  '{"hook_event_name":"PostToolUse","tool_name":"mcp__memory__linkedin-import-parse","tool_input":{"filePath":"connections.csv"},"tool_response":{"isError":true,"content":[{"type":"text","text":"parse-error file=connections.csv line=1 reason=missing-header"}]}}' \
   0
 [[ -f "$FLAG_FILE" ]] && { echo "PASS: parse-error flag created"; PASS=$((PASS+1)); } \
                       || { echo "FAIL: parse-error flag NOT created" >&2; FAIL=$((FAIL+1)); }
@@ -168,7 +153,7 @@ run_case "Stale flag auto-clears, PreToolUse Read → ALLOWED" \
 # PostToolUse parse-success leaves flag absent
 rm -f "$FLAG_FILE"
 run_case "PostToolUse parse-success (isError:false) does NOT set flag" \
-  '{"hook_event_name":"PostToolUse","tool_name":"mcp__memory__whatsapp-export-parse","tool_input":{"filePath":"_chat.txt"},"tool_response":{"isError":false,"content":[{"type":"text","text":"{\"parsedLines\":[]}"}]}}' \
+  '{"hook_event_name":"PostToolUse","tool_name":"mcp__memory__linkedin-import-parse","tool_input":{"filePath":"connections.csv"},"tool_response":{"isError":false,"content":[{"type":"text","text":"{\"parsedLines\":[]}"}]}}' \
   0
 [[ ! -f "$FLAG_FILE" ]] && { echo "PASS: parse-success leaves flag absent"; PASS=$((PASS+1)); } \
                         || { echo "FAIL: parse-success incorrectly created flag" >&2; FAIL=$((FAIL+1)); }

package/payload/platform/plugins/admin/hooks/archive-ingest-surface-gate.sh

@@ -1,22 +1,24 @@
 #!/usr/bin/env bash
-# Archive-ingest surface gate (Task 855; supersedes Task 846).
+# Archive-ingest surface gate (Task 855, updated by Task 891, trimmed by Task 894).
 #
-# Five enforcements, one script — phase decided by `hook_event_name` on stdin.
-# Task 855 narrows the database-operator subagent's effective surface during
-# WhatsApp archive ingestion to exactly one Bash entry
-# (`whatsapp-import/bin/whatsapp-ingest.sh`) plus read-only neighbours, by
-# blocking the legacy MCP deviation tools mechanically.
+# Three enforcements, one script — phase decided by `hook_event_name` on stdin.
+# Task 855 narrowed the database-operator subagent's effective surface during
+# archive ingestion. Task 894 retired the WhatsApp `_chat.txt` deterministic
+# parser and its three legacy MCP tools entirely — chat archives now flow
+# through the unified `document-ingest` pipeline (`memory-classify` mode='chat'
+# + `memory-ingest` parentLabel='ConversationArchive'). The WhatsApp-specific
+# block lists were removed because the tools they referenced no longer exist
+# and the `archiveType=whatsapp-export` enum value was dropped from
+# `memory-archive-write`. The remaining blocks still cover LinkedIn and any
+# future flat-dataset archive types that ship per-source parsers.
 #
-# 1. PreToolUse on the three legacy WhatsApp MCP tools — BLOCK unconditionally.
-#    The single deterministic Bash entry (Task 855) is the only supported path
-#    for `archiveType=whatsapp-export`. The legacy MCP tools' source remains
-#    until cleanup; the gate stops them being invoked.
-#       mcp__memory__whatsapp-export-parse
-#       mcp__memory__whatsapp-export-insight-write
-#       mcp__memory__memory-archive-write           (only when `archiveType` is
-#                                                    `whatsapp-export`; LinkedIn
-#                                                    and other archiveTypes pass
-#                                                    through unchanged.)
+# 1. Parse-error gate: PostToolUse on any `mcp__*__*-export-parse` /
+#    `mcp__*__*-import-parse` tool whose `tool_response.isError == true`
+#    writes a flag file. Subsequent PreToolUse on ANY tool blocks until
+#    UserPromptSubmit clears the flag. A 600s TTL is the cross-session safety
+#    net. Preserved from Task 846 because LinkedIn and future per-source archive
+#    parsers still use the legacy MCP path until they migrate to their own
+#    deterministic Bash entries.
 #
 # 2. PreToolUse Edit/Write/NotebookEdit: deny writes under
 #    `*platform/plugins/*/lib/*` (parser/CSV-shape source for any *-import or
@@ -26,18 +28,10 @@
 # 3. PreToolUse Bash: deny commands invoking JavaScript test runners
 #    (vitest|bun test|npm test|npx jest|node .*vitest). Preserved from Task 846.
 #
-# 4. Parse-error gate: PostToolUse on any `mcp__*__*-export-parse` /
-#    `mcp__*__*-import-parse` tool whose `tool_response.isError == true`
-#    writes a flag file. Subsequent PreToolUse on ANY tool blocks until
-#    UserPromptSubmit clears the flag. A 600s TTL is the cross-session safety
-#    net. Preserved from Task 846 because LinkedIn and future per-source archive
-#    parsers still use the legacy MCP path until they migrate to their own
-#    deterministic Bash entries.
-#
-# 5. Logging: every PreToolUse decision emits one line in the format
+# 4. Logging: every PreToolUse decision emits one line in the format
 #       [archive-ingest-gate] decision=<allow|block> tool=<name> reason=<r> ...
 #    so the operator can grep the full decision trail for one ingest from
-#    server.log alongside the [whatsapp-ingest] script lines.
+#    server.log.
 #
 # Exit codes follow Claude Code hook protocol: 0 = allow, 2 = block (stderr
 # message shown to the agent). Fail-closed on terminal stdin to match
@@ -134,21 +128,12 @@ if [ -f "$FLAG_FILE" ]; then
   fi
 fi
 
-# --- Block 2: legacy WhatsApp MCP tools — denied unconditionally ----------
-case "$TOOL_NAME" in
-  mcp__memory__whatsapp-export-parse|mcp__memory__whatsapp-export-insight-write)
-    emit_decision "block" "denied-mcp-legacy" \
-      "Blocked: ${TOOL_NAME} is the Task 804 legacy path. Task 855 ships the deterministic Bash entry — invoke 'bash platform/plugins/whatsapp-import/bin/whatsapp-ingest.sh <archive> --owner-element-id <id> --subject-person-id <id> --scope <admin|public> --filter <all|senders=<csv>|date-range=<from>..<to>>' once. Parse, archive-write, and insight all run in-process; do not call legacy MCP tools."
-    ;;
-esac
-
 # Helper: extract a top-level field from `tool_input` via python3 — never via
 # grep+sed against the raw JSON, which would pick the first textual occurrence
-# including nested-object matches (`rows[0].archiveType`,
-# `conversation.archiveType`, etc.) and let a malicious payload bypass the
-# block. python3 is the project standard for JSON-aware hook parsing
-# (mirrors lane-gate.sh:31-46). On parse failure return empty string —
-# downstream block conditions skip cleanly.
+# including nested-object matches (`rows[0].archiveType`, etc.) and let a
+# malicious payload bypass the block. python3 is the project standard for
+# JSON-aware hook parsing (mirrors lane-gate.sh:31-46). On parse failure
+# return empty string — downstream block conditions skip cleanly.
 extract_tool_input_field() {
   local field="$1"
   printf '%s' "$INPUT" | python3 -c "
@@ -161,18 +146,7 @@ except Exception:
 " 2>/dev/null || echo ""
 }
 
-# --- Block 3: memory-archive-write conditional on whatsapp-export -----------
-# LinkedIn and future archiveTypes flow unchanged through memory-archive-write.
-# Only `archiveType=whatsapp-export` is now restricted to the script path.
-if [ "$TOOL_NAME" = "mcp__memory__memory-archive-write" ]; then
-  ARCHIVE_TYPE=$(extract_tool_input_field archiveType)
-  if [ "$ARCHIVE_TYPE" = "whatsapp-export" ]; then
-    emit_decision "block" "denied-mcp-legacy archiveType=whatsapp-export" \
-      "Blocked: memory-archive-write with archiveType='whatsapp-export' is the Task 804 legacy path. Task 855 ships the deterministic Bash entry — invoke 'bash platform/plugins/whatsapp-import/bin/whatsapp-ingest.sh <archive> --owner-element-id <id> --subject-person-id <id> --scope <admin|public> --filter <all|senders=<csv>|date-range=<from>..<to>>' once. Other archiveTypes (linkedin-connections, …) flow through memory-archive-write unchanged."
-  fi
-fi
-
-# --- Block 4: plugin-source path block (Edit/Write/NotebookEdit) -----------
+# --- Block 2: plugin-source path block (Edit/Write/NotebookEdit) -----------
 case "$TOOL_NAME" in
   Edit|Write|NotebookEdit)
     FILE_PATH=$(extract_tool_input_field file_path)
@@ -185,7 +159,7 @@ case "$TOOL_NAME" in
     ;;
 esac
 
-# --- Block 5: shell test-runner block (Bash) -------------------------------
+# --- Block 3: shell test-runner block (Bash) -------------------------------
 COMMAND=""
 if [ "$TOOL_NAME" = "Bash" ]; then
   COMMAND=$(extract_tool_input_field command)

package/payload/platform/plugins/admin/skills/onboarding/SKILL.md

@@ -210,28 +210,28 @@ Pin the operator's persona and bootstrap the graph nodes that satisfy the graph-
 - `status`: `"running"`
 - `kind`: `"onboarding-establish-owner"`
 - `inputsProvided`: the keys you actually pass on `inputs` (e.g. `["mode"]`); records the call shape
-- `inputs`: the form payload — at minimum `{ mode: "personal" | "business-owner" }`. Add other operator-supplied non-secret fields you want the audit panel to render (e.g. when the user later provides email/phone in step 9 personal mode, you can append a follow-up `task-update` rather than reopening the Task)
+- `inputs`: the form payload known at creation time — `{ mode: "personal" | "business-owner" }`
 - `inputSchema`: `{ secretFields: [] }` — the step-9 mode select carries no secrets; declare the empty list explicitly so the contract is visible at the call site
 
 The returned `taskId` is the action-provenance handle for this step — every subsequent `memory-write` for an action-provenance-gated label (`Person`, `UserProfile`, `AdminUser`, `Organization`, `LocalBusiness`) MUST pass it as `producedByTaskId` so the inbound `:PRODUCED` edge from the Task is composed into the write. The Task is auto-linked to the current `AdminConversation` via `RAISED_DURING` (this is what makes `MATCH (c:AdminConversation)<-[:RAISED_DURING]-(t:Task)-[:PRODUCED]->(entity)` traversable from the conversation that initiated onboarding).
 
-The `inputs` you pass land on the Task as `inputs.<field>` props after `redactSecrets` strips any secret-tagged keys. The contract is enforced centrally — never re-classify what is or isn't a secret at the call site; declare the form's secret fields once in `inputSchema.secretFields`.
+**Recording what you collect.** The `onboarding-establish-owner` Task is the audit record for step 9. Record every operator-meaningful fact you collect using the existing surfaces — `description` for the running summary, `note` (via `task-update`) for facts as they land (email collected, phone declined, resolved Person/UserProfile elementIds), `appendStep` for phase markers. Agent's judgement decides which slot. Contract: by `task-complete`, a reader of the Task properties can reconstruct what was collected, what was declined, and which entities were touched without consulting any other source. No secrets in any property regardless of slot — `task-create`'s `inputs` is centrally redacted via `inputSchema.secretFields`; the post-creation slots carry no schema, so the agent's responsibility is to never write secret material into them.
 
 Then branch on the mode.
 
 ### `business-owner`
 
-Invoke the `business-profile` skill, passing the `taskId` so the skill can thread it as `producedByTaskId` into every `memory-write` it issues. The skill follows its first-run path: create the `AdminUser` node, create the `LocalBusiness` node, create the `Organization` node, collect identity + address + whichever additional domains (hours, services, FAQs, brand assets) the user provides. When `business-profile` reports that the required nodes exist in the graph, call `task-update(appendStep:"business-profile-complete")` then write the `HAS_PROFILE` edge from the personal-profile `Person` to the operator's `UserProfile` via `memory-update` (one `memory-search` to resolve both elementIds; the `UserProfile` already exists from step 6 onwards via the lazy-create in `loadUserProfile`). Then call `task-complete(taskId)` and `onboarding-complete-step` with step 9. Do not mark step 9 complete before the required nodes + the HAS_PROFILE edge exist — the gate's precondition must be real, not just recorded.
+Invoke the `business-profile` skill, passing the `taskId` so the skill can thread it as `producedByTaskId` into every `memory-write` it issues. The skill follows its first-run path: create the `AdminUser` node, create the `LocalBusiness` node, create the `Organization` node, collect identity + address + whichever additional domains (hours, services, FAQs, brand assets) the user provides. When `business-profile` reports that the required nodes exist in the graph, call `task-update` with both `appendStep:"business-profile-complete"` AND `note:"Business profile complete — AdminUser=<elementId>, LocalBusiness=<elementId>, Organization=<elementId>"` (the resolved elementIds from the skill's writes; one call carries both the phase marker and the audit content). Then write the `HAS_PROFILE` edge from the personal-profile `Person` to the operator's `UserProfile` via `memory-update` (one `memory-search` to resolve both elementIds; the `UserProfile` already exists from step 6 onwards via the lazy-create in `loadUserProfile`). Then call `task-complete(taskId)` and `onboarding-complete-step` with step 9. Do not mark step 9 complete before the required nodes + the HAS_PROFILE edge exist — the gate's precondition must be real, not just recorded.
 
 ### `personal`
 
 Personal mode does not register a `LocalBusiness`. The `AdminUser` and personal-profile `Person` nodes were written deterministically at PIN setup time (Task 830 — `writeAdminUserAndPerson`, run as `createdBy.agent === 'system'` and therefore exempt from the action-provenance gate), so this step only enriches the existing Person with operator-identity fields and links it to the `UserProfile`:
 
-1. **Ask the user for their email AND phone number** in one short conversational message — {{productName}} stores both on the personal-profile Person for downstream features (notifications, contact-method matching, identity-coverage signal that the agent uses to detect missing identity in future turns). The user may decline either; record what they provide. (Operator-identity fix: the system-prompt's "Identity coverage" block surfaces missing identity fields on every turn, so a partial answer becomes a follow-up prompt rather than a silent gap.)
-2. **Attach the identity to Person.** Call `profile-update` with `personFields: { email: "<value>", telephone: "<value>" }` (omit either key the user declined). The tool resolves the personal-profile Person via `(au:AdminUser {userId:$you})-[:OWNS]->(p:Person)` server-side and writes the canonical `email`/`telephone` fields. Use canonical `telephone` — `phone` is the schema synonym, not the canonical name; `profile-update` rejects `phone` rather than silently rewriting it. The tool throws if the OWNS edge is missing rather than silently no-oping (the PIN-setup path is the only place that edge is created — a missing edge means PIN setup never ran or was rolled back).
-3. **Append the step.** Call `task-update(appendStep:"identity-attached")`.
+1. **Elicit Person properties that help {{productName}} serve this operator.** Open by default — identity (email, phone, names), context (where they live, languages they speak, what they do, who they work for), or anything else the operator volunteers that makes future assistance more useful. The personal-profile Person is comprehensive, not enumerated: ask in one short conversational message for what feels natural to volunteer at first contact, accept whatever the operator offers, do not chase a fixed list. The user may decline any field; record what they provide.
+2. **Persist via `profile-update.personFields`.** Pass a single object whose keys are the Person properties the operator volunteered, in the operator's volunteered phrasing — the central schema validator handles synonyms (e.g. `phone` rejects with "use telephone") and Forbidden Properties (e.g. `name` rejects with "use givenName + familyName"); the agent does not pre-rewrite. The tool resolves the personal-profile Person via `(au:AdminUser {userId:$you})-[:OWNS]->(p:Person)` server-side and throws loudly if the OWNS edge is missing rather than silently no-oping (the PIN-setup path is the only place that edge is created — a missing edge means PIN setup never ran or was rolled back).
+3. **Append the step + record the facts.** Call `task-update` with both `appendStep:"identity-attached"` AND `note:"Identity attached — email=<value-or-declined>, telephone=<value-or-declined>"` (use the actual values the operator supplied; for declines write the literal `declined`). One call, both fields. The note carries the operator-meaningful audit content; the step is the phase marker.
 4. **Link the personal-profile `Person` to the `UserProfile`.** Call `memory-search` to resolve the `UserProfile` elementId for the operator (the lazy `loadUserProfile` write created it on the first admin session). Then call `memory-update` on the Person to add the `HAS_PROFILE` edge to the UserProfile. (`HAS_PROFILE` from `:Person` is a sibling pattern to the existing `AdminUser→HAS_PROFILE→UserProfile`; both are valid sources for the same edge type. See [schema-base.md Relationship Patterns](../../../memory/references/schema-base.md).)
-5. **Close the action record.** Call `task-update(appendStep:"profile-linked")` then `task-complete(taskId)`.
+5. **Close the action record.** Call `task-update` with both `appendStep:"profile-linked"` AND `note:"Profile linked — Person=<elementId>, UserProfile=<elementId>"` (the resolved elementIds from steps 2 and 4). Then call `task-complete(taskId)`.
 6. **Mark step 9 complete.** Call `onboarding-complete-step` with step 9.
 
 After step 9 completes in personal mode, tell the user that {{productName}} is configured for personal use — their employer (if any) is not registered here. If they later become the operator for a business of their own, they can ask {{productName}} to set up a business profile, which invokes the `business-profile` skill directly.

package/payload/platform/plugins/docs/references/cloudflare.md

@@ -22,7 +22,7 @@ Ask the agent to set up Cloudflare. The agent first confirms the domain is alrea
 - **Proxy apex** — optional bare-domain hostname (e.g. `yourdomain.com`) that should also serve the public agent.
 - **Admin password** — the password used to gate remote access to the admin surface.
 
-When you submit, the `/api/admin/cloudflare/setup` endpoint runs — in strict order — `setRemotePassword`, launches a `cloudflare-setup` action (earlier platform fixes: `systemd-run --user` transient unit wrapping `setup-tunnel.sh <brand> <port> <hostname...>`), and registers a post-exit handler to write alias-domains for every non-`public.*` public or apex hostname (so e.g. `chat.yourdomain.com` is classified as public by `isPublicHost`). The script runs end-to-end:
+When you submit, the `/api/admin/cloudflare/setup` endpoint runs — in strict order — `setRemotePassword`, launches a `cloudflare-setup` action (earlier platform fixes: `systemd-run --user` transient unit wrapping `setup-tunnel.sh <brand> <port> <hostname...>`), and registers a post-exit handler that writes alias-domains for every non-`public.*` public or apex hostname (so e.g. `chat.yourdomain.com` is classified as public by `isPublicHost`) and closes the audit Task. When the post-exit handler observes the systemd-run unit gone before its terminal status was sampled (a known systemd-run cgroup race), it consults `tunnel.state` on disk and verifies the tunnel identity matches the form you submitted; if so, the audit Task closes `completed` despite the missed observation. Otherwise it closes `failed` with `endpoint-died-pre-reconcile` and the boot reconciler may still recover the Task at next restart. The script runs end-to-end:
 
 - `cloudflared tunnel login` — OAuth browser sign-in. The VNC browser opens the Cloudflare authorize page; pick the account that owns your domain, click Authorize. `cert.pem` lands.
 - Tunnel resolution from operator-supplied identity (operator-selected-tunnel fix). The form populates a tunnel-select dropdown from `GET /api/admin/cloudflare/tunnels` (which calls `cloudflared tunnel list --output json` on your logged-in account). You either pick an existing tunnel from the list or type a name to create a new one. The form posts EXACTLY ONE of `{tunnelId, tunnelName}`; the script enforces the same constraint as defence in depth. Pre-fix the script derived `${BRAND}-$(hostname -s)` locally; that broke the operator-state-is-authoritative doctrine and silently created orphan tunnels whenever the device hostname changed. Stream log emits `step=tunnel-resolve source=operator-selected|operator-created tunnel_id=… tunnel_name=…` once the UUID is known.

package/payload/platform/plugins/docs/references/plugins-guide.md

@@ -40,7 +40,7 @@ These are enabled during onboarding and can be added or removed at any time. Som
 | `waitlist` | Waitlist lifecycle — extract sign-ups from conversations, review | — |
 | `replicate` | Image generation — three models for photorealistic, design, and fast draft images | Content producer, Research assistant |
 | `linkedin-import` | Import a LinkedIn Basic Data Export — Profile and Connections today, more CSVs as references land | Database operator |
-| `whatsapp-import` | Import a WhatsApp `_chat.txt` export. Two-phase contract: **Phase 1 (load)** is a single Bash entry — `bash platform/plugins/whatsapp-import/bin/whatsapp-ingest.sh <archive> --owner-element-id <id> --subject-person-id <id> --scope <admin\|public> --filter <chosen>` runs parse → operator-supplied filter → archive-write in one process (LLM-FREE), landing `:Conversation:WhatsAppConversation` + `:Message:WhatsAppMessage` with NEXT chain. The writer is bound to the operator-confirmed `{owner, subject}` `:Person` pair (bound-pair sender contract): any parsed senderName outside the closed canonical-name set LOUD-FAILs with `parser-miss`; the script does not auto-create participants. **Phase 2 (enrich)** is operator-driven: ask "enrich the X chat" / "wire observations from yesterday's import" and the database-operator runs the `whatsapp-import-enrich` skill — runs the chunked Haiku insight pass `mcp__memory__whatsapp-export-insight-pass` (parallel cap=8 chunks at a time, ≤90s wall for a 1700-message DM), then walks the auto-extracted observations row-by-row and writes operator-confirmed wiring (`:MENTIONS`/`:RELATED_TO` edges with evidence, `:Task` and `:Preference` nodes). Idempotent — re-running surfaces only items still in `observationStatus='auto-extracted'`. Distinct from the live `whatsapp` plugin which is a Baileys QR-pairing channel. | Database operator |
+| WhatsApp `_chat.txt` archive | (No dedicated plugin.) Chat archives are document-shaped narrative content and route through the unified `document-ingest` skill with `mode='chat'` and `parentLabel='ConversationArchive'`. The skill confirms participants up front (owner + others, no auto-creation), computes `archiveSha256` for cleanup-on-re-ingest discipline, and lets `memory-classify`'s chat prompt produce `:Section:Conversation` chunks bounded by topic transitions. Distinct from the live `whatsapp` plugin (Baileys QR-pairing channel). | Database operator |
 
 ### Claude Official (marketplace)
 

package/payload/platform/plugins/docs/references/troubleshooting.md

@@ -207,6 +207,7 @@ Failure modes:
 - `[client-event] kind=post-restart-resume phase=start` absent: form's CustomEvent never reached the chat hook (regression in form `onExit` or chat-listener mount).
 - `[client-event] phase=start` present, `[admin-resume] reason=post-restart` absent: `waitForRestartCycle` exhausted its bound (brand never restarted) or `/resume` rejected — check `phase=health-timeout` / `phase=resume-rejected`.
 - All four present except `[persist] role=user … Cloudflare setup completed`: marker chat POST failed — check the chat surface for an inline error or a `phase=resume-error` line.
+- Refresh after a successful Cloudflare setup shows a visible `Cloudflare setup completed (actionId: …)` user bubble: the resume mappers' synthetic-marker suppression broke or the marker shape drifted. Server-side `[admin-resume] syntheticHidden=<n>` field on the same line counts user rows the client should hide (`_componentDone` envelopes, `_lifecycle` envelopes, and the `Cloudflare setup completed (actionId: …)` literal) — a count of 0 against a refresh that should have hidden one means the helper at `platform/ui/app/lib/synthetic-marker.ts` no longer recognises the producing literal (check `CloudflareSetupForm.tsx` and `useAdminChat.ts` for shape drift).
 
 ---
 

package/payload/platform/plugins/memory/PLUGIN.md

@@ -1,6 +1,6 @@
 ---
 name: memory
-description: "Graph memory plugin. Provides memory-search, memory-rank, memory-write, and memory-update tools for reading from, writing to, and updating the Neo4j knowledge graph. Includes conversational memory — organic preference learning, evidence-backed recall, and transparent 'what do you know about me?' responses."
+description: "Graph memory plugin. Provides memory-search, memory-rank, memory-write, and memory-update tools for reading from, writing to, and updating the Neo4j knowledge graph. Includes conversational memory — organic preference learning, evidence-backed recall, and transparent 'what do you know about me?' responses. Document ingestion (memory-classify + memory-ingest) supports two modes: `document` (default) for unstructured PDF/web content → KnowledgeDocument + Section, and `chat` for chat archives → ConversationArchive + Section:Conversation chunks (the chunked-archive contract)."
 tools:
   - memory-search
   - memory-rank
@@ -20,8 +20,6 @@ tools:
   - memory-edit-attachment
   - memory-rename-attachment
   - memory-archive-write
-  - whatsapp-export-parse
-  - whatsapp-export-insight-write
   - conversation-list
   - conversation-search
   - profile-read
@@ -85,9 +83,9 @@ Graph hygiene is **agent-directed, case by case** — no autonomous rule engine,
 
 The owner's profile and preferences accumulate organically from conversation — never from questionnaires. Load the conversational memory skill via `plugin-read` for full guidance on when to observe preferences, how to handle remember/forget requests, and how to answer "what do you know about me?" transparently with confidence scores and evidence trail.
 
-## UserProfile Field Management
+## UserProfile + Person Field Management
 
-`profile-update` serves two purposes: managing Preference nodes (category/key/value) and setting top-level UserProfile node properties via the `profileFields` parameter.
+`profile-update` serves three purposes: managing Preference nodes (category/key/value), setting top-level UserProfile node properties via `profileFields`, and setting Person properties on the operator's personal-profile Person via `personFields`.
 
 Settable UserProfile fields: `timezone` (IANA format, e.g. `Europe/London`), `locale`, `givenName`, `role`, `expertise`. These are account metadata stored directly on the UserProfile node — distinct from Preference nodes, which represent learned behavioural patterns.
 
@@ -98,6 +96,8 @@ Example — setting a user's timezone:
 
 Restricted fields (`accountId`, `embedding`, `profileVersion`) cannot be set via `profileFields`.
 
+**Personal-profile Person via `personFields`.** The personal-profile Person is open by default — the agent decides which Person properties best help it serve this operator (identity, contact, context); the central schema validator enforces synonym + Forbidden Properties rejection (per `references/schema-base.md`). Writes route to the personal-profile Person via the OWNS edge from the AdminUser. Validation runs in `mode: "update"` so the required-property loop is skipped on partial SET (givenName/familyName were established at PIN setup). Pass any Person properties the operator volunteers; the validator surfaces synonym (e.g. `phone`) and forbidden (e.g. `name`) errors with descriptive messages. No allow-list, no enumeration — see the schema-base.md Person row notes for the doctrine.
+
 ## Schema References
 
 Before any structured write, load `references/schema-base.md` via `plugin-read`. This defines property naming rules, required-property groups for documented types, forbidden-property rules, and relationship patterns. If the `LocalBusiness` node has a `businessType` property, also load the matching vertical schema (`references/schema-{businessType}.md`) — it extends the base with vertical-specific types. Confirm which schemas were consulted before writing.