@rubytech/taskmaster 1.0.107 → 1.0.108

package/dist/control-ui/index.html

@@ -6,8 +6,8 @@
     <title>Taskmaster Control</title>
     <meta name="color-scheme" content="dark light" />
     <link rel="icon" type="image/png" href="./favicon.png" />
-    <script type="module" crossorigin src="./assets/index-B_zHmTQU.js"></script>
-    <link rel="stylesheet" crossorigin href="./assets/index-2XyxmiR6.css">
+    <script type="module" crossorigin src="./assets/index-nLVF-pVT.js"></script>
+    <link rel="stylesheet" crossorigin href="./assets/index-B2FEGOCu.css">
   </head>
   <body>
     <taskmaster-app></taskmaster-app>

package/dist/cron/isolated-agent/recipients.js

@@ -0,0 +1,70 @@
+/**
+ * Extract admin phone numbers from config bindings.
+ * Admin phones are bindings where agentId is "admin" (or legacy "management"),
+ * channel is "whatsapp", and peer.kind is "dm".
+ */
+export function resolveAdminBindingPhones(cfg, accountId) {
+    const bindings = Array.isArray(cfg.bindings) ? cfg.bindings : [];
+    const phones = [];
+    for (const binding of bindings) {
+        if (!binding || typeof binding !== "object")
+            continue;
+        const agentId = binding.agentId;
+        if (agentId !== "admin" && agentId !== "management")
+            continue;
+        const match = binding.match;
+        if (!match || typeof match !== "object")
+            continue;
+        const channel = typeof match.channel === "string" ? match.channel.toLowerCase() : "";
+        if (channel !== "whatsapp")
+            continue;
+        // Filter by accountId if specified
+        if (accountId && typeof match.accountId === "string" && match.accountId !== accountId)
+            continue;
+        const peer = match.peer;
+        if (!peer || typeof peer !== "object")
+            continue;
+        if (peer.kind !== "dm")
+            continue;
+        const id = typeof peer.id === "string" ? peer.id.trim() : "";
+        if (id)
+            phones.push(id);
+    }
+    return phones;
+}
+/**
+ * Expand the `to` field from a cron payload into individual recipient addresses.
+ *
+ * Supports:
+ * - Single phone: "+15551234567"
+ * - Comma-separated phones: "+15551234567,+15559876543"
+ * - "admins" token: resolves to all admin binding phones for the account
+ * - Mixed: "admins,+15559999999"
+ *
+ * Returns deduplicated list of phone numbers/addresses.
+ * Returns empty array if `to` is empty/undefined.
+ */
+export function expandCronRecipients(cfg, to, accountId) {
+    if (!to?.trim())
+        return [];
+    const parts = to.split(",").map((s) => s.trim()).filter(Boolean);
+    const seen = new Set();
+    const result = [];
+    for (const part of parts) {
+        if (part.toLowerCase() === "admins") {
+            for (const phone of resolveAdminBindingPhones(cfg, accountId)) {
+                if (!seen.has(phone)) {
+                    seen.add(phone);
+                    result.push(phone);
+                }
+            }
+        }
+        else {
+            if (!seen.has(part)) {
+                seen.add(part);
+                result.push(part);
+            }
+        }
+    }
+    return result;
+}

package/dist/cron/isolated-agent/run.js

@@ -18,10 +18,12 @@ import { createOutboundSendDeps } from "../../cli/outbound-send-deps.js";
 import { resolveSessionTranscriptPath, updateSessionStore } from "../../config/sessions.js";
 import { registerAgentRunContext } from "../../infra/agent-events.js";
 import { deliverOutboundPayloads } from "../../infra/outbound/deliver.js";
+import { resolveOutboundTarget } from "../../infra/outbound/targets.js";
 import { getRemoteSkillEligibility } from "../../infra/skills-remote.js";
 import { buildAgentMainSessionKey, normalizeAgentId } from "../../routing/session-key.js";
 import { resolveAgentBoundAccountId } from "../../routing/bindings.js";
 import { resolveDeliveryTarget } from "./delivery-target.js";
+import { expandCronRecipients } from "./recipients.js";
 import { isHeartbeatOnlyResponse, pickLastNonEmptyTextFromPayloads, pickSummaryFromOutput, pickSummaryFromPayloads, resolveHeartbeatAckMaxChars, } from "./helpers.js";
 import { resolveCronSession } from "./session.js";
 function matchesMessagingToolDeliveryTarget(target, delivery) {
@@ -308,7 +310,15 @@ export async function runCronIsolatedAgentTurn(params) {
             accountId: resolvedDelivery.accountId,
         }));
     if (deliveryRequested && !skipHeartbeatDelivery && !skipMessagingToolDelivery) {
-        if (!resolvedDelivery.to) {
+        // Expand multi-recipient targets (comma-separated, "admins" token).
+        const expandedRecipients = expandCronRecipients(cfgWithAgentDefaults, agentPayload?.to, effectiveAccountId);
+        // Use expanded list if multi-target, otherwise fall back to the resolved single target.
+        const deliveryTargets = expandedRecipients.length > 1
+            ? expandedRecipients
+            : resolvedDelivery.to
+                ? [resolvedDelivery.to]
+                : [];
+        if (deliveryTargets.length === 0) {
             const reason = resolvedDelivery.error?.message ?? "Cron delivery requires a recipient (--to).";
             if (!bestEffortDeliver) {
                 return {
@@ -324,22 +334,42 @@ export async function runCronIsolatedAgentTurn(params) {
                 outputText,
             };
         }
-        try {
-            await deliverOutboundPayloads({
-                cfg: cfgWithAgentDefaults,
+        const errors = [];
+        for (const targetTo of deliveryTargets) {
+            // Validate each target against the channel.
+            const docked = resolveOutboundTarget({
                 channel: resolvedDelivery.channel,
-                to: resolvedDelivery.to,
+                to: targetTo,
+                cfg: cfgWithAgentDefaults,
                 accountId: resolvedDelivery.accountId,
-                payloads,
-                bestEffort: bestEffortDeliver,
-                deps: createOutboundSendDeps(params.deps),
+                mode: "explicit",
             });
-        }
-        catch (err) {
-            if (!bestEffortDeliver) {
-                return { status: "error", summary, outputText, error: String(err) };
+            if (!docked.ok) {
+                errors.push(`${targetTo}: ${docked.error.message}`);
+                continue;
+            }
+            try {
+                await deliverOutboundPayloads({
+                    cfg: cfgWithAgentDefaults,
+                    channel: resolvedDelivery.channel,
+                    to: docked.to,
+                    accountId: resolvedDelivery.accountId,
+                    payloads,
+                    bestEffort: bestEffortDeliver,
+                    deps: createOutboundSendDeps(params.deps),
+                });
             }
-            return { status: "ok", summary, outputText };
+            catch (err) {
+                errors.push(`${targetTo}: ${String(err)}`);
+            }
+        }
+        if (errors.length > 0 && !bestEffortDeliver) {
+            return {
+                status: "error",
+                summary,
+                outputText,
+                error: errors.join("; "),
+            };
         }
     }
     return { status: "ok", summary, outputText };

package/dist/gateway/server-methods/access.js

@@ -176,7 +176,7 @@ export const accessHandlers = {
             await writeConfigFile({
                 ...config,
                 access: {
-                    ...(config.access ?? {}),
+                    ...config.access,
                     masterPin: pin,
                 },
             });
@@ -210,9 +210,9 @@ export const accessHandlers = {
             await writeConfigFile({
                 ...config,
                 access: {
-                    ...(config.access ?? {}),
+                    ...config.access,
                     pins: {
-                        ...(config.access?.pins ?? {}),
+                        ...config.access?.pins,
                         [workspace]: pin,
                     },
                 },

package/dist/gateway/server-methods/browser-screencast.js

@@ -61,7 +61,7 @@ export const browserScreencastHandlers = {
             respond(true, result);
         }
         catch (err) {
-            log.error(`screencast.start failed: ${err}`);
+            log.error(`screencast.start failed: ${String(err)}`);
             respond(false, undefined, errorShape(ErrorCodes.UNAVAILABLE, String(err)));
         }
     },
@@ -84,7 +84,7 @@ export const browserScreencastHandlers = {
             respond(true, { ok: true });
         }
         catch (err) {
-            log.error(`screencast.stop failed: ${err}`);
+            log.error(`screencast.stop failed: ${String(err)}`);
             respond(false, undefined, errorShape(ErrorCodes.UNAVAILABLE, String(err)));
         }
     },
@@ -169,7 +169,7 @@ async function resolveBridgeUrl(context) {
         log.warn(`browser config resolved but not usable: enabled=${resolved.enabled} controlUrl=${resolved.controlUrl ?? "null"}`);
     }
     catch (err) {
-        log.error(`failed to resolve browser config: ${err}`);
+        log.error(`failed to resolve browser config: ${String(err)}`);
     }
     return null;
 }

package/dist/gateway/server-methods/workspaces.js

@@ -56,7 +56,7 @@ function sanitiseName(raw) {
  * or the agent subdirectory (e.g. ~/taskmaster/agents/public).
  * We normalise to the root by stripping a trailing /agents/{name} suffix.
  */
-function resolveWorkspaceRoot(agentWorkspaceDir, agentId) {
+function resolveWorkspaceRoot(agentWorkspaceDir, _agentId) {
     const normalised = agentWorkspaceDir.replace(/\/+$/, "");
     // Check if the path ends with /agents/{something} — that's the agent subdir, not the workspace root
     const agentsMatch = normalised.match(/^(.+)\/agents\/[^/]+$/);
@@ -424,9 +424,9 @@ export const workspacesHandlers = {
             cfg = {
                 ...cfg,
                 channels: {
-                    ...(cfg.channels ?? {}),
+                    ...cfg.channels,
                     whatsapp: {
-                        ...(cfg.channels?.whatsapp ?? {}),
+                        ...cfg.channels?.whatsapp,
                         accounts: {
                             ...existingAccounts,
                             [whatsappAccountId]: {
@@ -467,7 +467,7 @@ export const workspacesHandlers = {
         if (typeof rawName === "string" && rawName.trim() && rawName.trim() !== name) {
             cfg = {
                 ...cfg,
-                workspaces: { ...(cfg.workspaces ?? {}), [name]: { displayName: rawName.trim() } },
+                workspaces: { ...cfg.workspaces, [name]: { displayName: rawName.trim() } },
             };
         }
         // Write config and schedule restart
@@ -582,12 +582,12 @@ export const workspacesHandlers = {
             }
             // Clean up empty accounts object
             if (Object.keys(whatsappAccounts).length === 0) {
-                const whatsappConfig = { ...(cfg.channels?.whatsapp ?? {}) };
+                const whatsappConfig = { ...cfg.channels?.whatsapp };
                 delete whatsappConfig.accounts;
                 cfg = {
                     ...cfg,
                     channels: {
-                        ...(cfg.channels ?? {}),
+                        ...cfg.channels,
                         whatsapp: whatsappConfig,
                     },
                 };
@@ -640,7 +640,7 @@ export const workspacesHandlers = {
         if (!requireBaseHash(params, snapshot, respond))
             return;
         let cfg = snapshot.config;
-        cfg = { ...cfg, workspaces: { ...(cfg.workspaces ?? {}), [name]: { displayName } } };
+        cfg = { ...cfg, workspaces: { ...cfg.workspaces, [name]: { displayName } } };
         try {
             await writeConfigFile(cfg);
         }

package/dist/gateway/server.impl.js

@@ -428,7 +428,7 @@ export async function startGatewayServer(port = 18789, opts = {}) {
     const logMemory = log.child("memory");
     const agentIds = listAgentIds(cfgAtStart);
     for (const agentId of agentIds) {
-        getMemorySearchManager({ cfg: cfgAtStart, agentId }).then(async (result) => {
+        void getMemorySearchManager({ cfg: cfgAtStart, agentId }).then(async (result) => {
             if (result.manager) {
                 logMemory.info(`initialized for agent: ${agentId}`);
                 // Sync memory index on startup

package/dist/infra/heartbeat-runner.js

@@ -25,6 +25,7 @@ import { resolveHeartbeatVisibility } from "./heartbeat-visibility.js";
 import { requestHeartbeatNow, setHeartbeatWakeHandler, } from "./heartbeat-wake.js";
 import { deliverOutboundPayloads } from "./outbound/deliver.js";
 import { resolveHeartbeatDeliveryTarget, resolveHeartbeatSenderContext, } from "./outbound/targets.js";
+import { maybeNotifyUpdateAvailable } from "./heartbeat-update-notify.js";
 const log = createSubsystemLogger("gateway/heartbeat");
 let heartbeatsEnabled = true;
 export function setHeartbeatsEnabled(enabled) {
@@ -621,6 +622,14 @@ export async function runHeartbeatOnce(opts) {
         return { status: "failed", reason };
     }
 }
+async function checkAndNotifyUpdate(cfg, agent, deps) {
+    const agentId = agent.agentId;
+    const heartbeat = agent.heartbeat;
+    const { entry } = resolveHeartbeatSession(cfg, agentId, heartbeat);
+    const bindingAccountId = resolveAgentBoundAccountId(cfg, agentId, "whatsapp") ?? undefined;
+    const delivery = resolveHeartbeatDeliveryTarget({ cfg, entry, heartbeat, bindingAccountId });
+    await maybeNotifyUpdateAvailable({ cfg, delivery, deps });
+}
 export function startHeartbeatRunner(opts) {
     const runtime = opts.runtime ?? defaultRuntime;
     const runOnce = opts.runOnce ?? runHeartbeatOnce;
@@ -742,6 +751,14 @@ export function startHeartbeatRunner(opts) {
             if (res.status === "ran")
                 ran = true;
         }
+        // After heartbeat cycle: check for software updates and notify admin.
+        // Uses the first agent's delivery target. Non-blocking — never delays the next heartbeat.
+        if (ran) {
+            const firstAgent = state.agents.values().next().value;
+            if (firstAgent) {
+                void checkAndNotifyUpdate(state.cfg, firstAgent, { runtime: state.runtime }).catch(() => { });
+            }
+        }
         scheduleNext();
         if (ran)
             return { status: "ran", durationMs: Date.now() - startedAt };

package/dist/infra/heartbeat-update-notify.js

@@ -0,0 +1,120 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import { getChannelPlugin } from "../channels/plugins/index.js";
+import { resolveStateDir } from "../config/paths.js";
+import { createSubsystemLogger } from "../logging/subsystem.js";
+import { VERSION } from "../version.js";
+import { compareSemverStrings, resolveNpmChannelTag } from "./update-check.js";
+import { normalizeUpdateChannel, DEFAULT_PACKAGE_CHANNEL } from "./update-channels.js";
+import { deliverOutboundPayloads } from "./outbound/deliver.js";
+const log = createSubsystemLogger("gateway/heartbeat-update-notify");
+// Registry check interval during heartbeat cycles.
+// Shorter than the 24h startup check — the admin may publish frequently.
+const REGISTRY_CHECK_INTERVAL_MS = 4 * 60 * 60 * 1000; // 4 hours
+// In-memory: last time we checked the registry.
+let lastRegistryCheckMs = 0;
+// State file stores lastNotifiedVersion so we don't re-notify after restart
+// for a version we already told the admin about.
+const STATE_FILENAME = "update-check.json";
+async function readState() {
+    try {
+        const statePath = path.join(resolveStateDir(), STATE_FILENAME);
+        const raw = await fs.readFile(statePath, "utf-8");
+        const parsed = JSON.parse(raw);
+        return parsed && typeof parsed === "object" ? parsed : {};
+    }
+    catch {
+        return {};
+    }
+}
+async function writeState(state) {
+    const statePath = path.join(resolveStateDir(), STATE_FILENAME);
+    await fs.mkdir(path.dirname(statePath), { recursive: true });
+    await fs.writeFile(statePath, JSON.stringify(state, null, 2), "utf-8");
+}
+/**
+ * Check for available software updates and notify the admin via the heartbeat
+ * delivery channel. Designed to run after each heartbeat cycle.
+ *
+ * - Checks the NPM registry at most once per REGISTRY_CHECK_INTERVAL_MS.
+ * - Notifies the admin once per new version (persisted across restarts).
+ * - Never throws — errors are logged and swallowed.
+ */
+export async function maybeNotifyUpdateAvailable(params) {
+    try {
+        const { cfg, delivery, deps } = params;
+        const nowMs = params.nowMs ?? Date.now();
+        // Skip if no delivery target
+        if (delivery.channel === "none" || !delivery.to)
+            return false;
+        // Skip if disabled via config
+        if (cfg.update?.checkOnStart === false)
+            return false;
+        // Rate-limit registry checks
+        if (nowMs - lastRegistryCheckMs < REGISTRY_CHECK_INTERVAL_MS)
+            return false;
+        lastRegistryCheckMs = nowMs;
+        // Resolve update channel and fetch latest version
+        const channel = normalizeUpdateChannel(cfg.update?.channel) ?? DEFAULT_PACKAGE_CHANNEL;
+        const resolved = await resolveNpmChannelTag({ channel, timeoutMs: 3500 });
+        if (!resolved.version)
+            return false;
+        // Compare versions
+        const cmp = compareSemverStrings(VERSION, resolved.version);
+        if (cmp === null || cmp >= 0)
+            return false; // up to date or parse failure
+        // Check if we already notified for this version
+        const state = await readState();
+        if (state.lastNotifiedVersion === resolved.version)
+            return false;
+        // Check channel readiness
+        const plugin = getChannelPlugin(delivery.channel);
+        if (plugin?.heartbeat?.checkReady) {
+            const readiness = await plugin.heartbeat.checkReady({
+                cfg,
+                accountId: delivery.accountId,
+                deps,
+            });
+            if (!readiness.ok) {
+                log.debug("update notification skipped: channel not ready", {
+                    reason: readiness.reason,
+                });
+                return false;
+            }
+        }
+        // Send the notification
+        const message = `Taskmaster v${resolved.version} is available (you're on v${VERSION}). ` +
+            `Update from Setup → Software Update, or say "update software".`;
+        await deliverOutboundPayloads({
+            cfg,
+            channel: delivery.channel,
+            to: delivery.to,
+            accountId: delivery.accountId,
+            payloads: [{ text: message }],
+            deps,
+        });
+        // Persist so we don't re-notify after restart
+        await writeState({
+            ...state,
+            lastNotifiedVersion: resolved.version,
+            lastNotifiedTag: resolved.tag,
+            lastCheckedAt: new Date(nowMs).toISOString(),
+        });
+        log.info("update notification sent", {
+            current: VERSION,
+            latest: resolved.version,
+            to: delivery.to,
+        });
+        return true;
+    }
+    catch (err) {
+        log.error("update notification failed", {
+            error: err instanceof Error ? err.message : String(err),
+        });
+        return false;
+    }
+}
+/** Reset in-memory check timer. Exposed for testing. */
+export function resetUpdateCheckTimer() {
+    lastRegistryCheckMs = 0;
+}

package/dist/infra/tunnel.js

@@ -79,7 +79,7 @@ export class CloudflareTunnel {
             const urlTimeout = setTimeout(() => {
                 if (!urlFound) {
                     reject(new Error("Timeout waiting for tunnel URL"));
-                    this.stop();
+                    void this.stop();
                 }
             }, 30000);
             this.process.stdout?.on("data", (data) => {

package/dist/memory/embeddings.js

@@ -33,10 +33,6 @@ function canAutoSelectLocal(options) {
         return false;
     }
 }
-function isMissingApiKeyError(err) {
-    const message = formatError(err);
-    return message.includes("No API key found for provider");
-}
 /**
  * Deduplicates concurrent model downloads. When multiple agents resolve the
  * same model path, only one download runs; the rest await the same promise.

package/dist/memory/manager.js

@@ -94,7 +94,7 @@ function matchGlobPattern(pattern, filePath) {
     // Replace ** with a placeholder, then * with [^/]*, then placeholder with .*
     regexStr = regexStr.replace(/\*\*/g, "\0");
     regexStr = regexStr.replace(/\*/g, "[^/]*");
-    regexStr = regexStr.replace(/\0/g, ".*");
+    regexStr = regexStr.replaceAll("\0", ".*");
     const regex = new RegExp(`^${regexStr}$`, "i");
     return regex.test(filePath);
 }
@@ -582,7 +582,7 @@ export class MemoryIndexManager {
         }
         // Ensure parent directory exists
         const parentDir = path.dirname(absPath);
-        await ensureDir(parentDir);
+        ensureDir(parentDir);
         // Write or append content
         const mode = params.mode ?? "overwrite";
         if (mode === "append") {
@@ -638,7 +638,7 @@ export class MemoryIndexManager {
         }
         // Ensure parent directory exists
         const parentDir = path.dirname(absPath);
-        await ensureDir(parentDir);
+        ensureDir(parentDir);
         // Copy the file
         await fs.copyFile(params.sourcePath, absPath);
         return { path: relPath, bytesWritten: sourceStat.size };

package/dist/web/inbound/media.js

@@ -55,7 +55,7 @@ export async function downloadInboundMedia(msg, sock) {
         log.info(`audioMessage: ptt=${audio.ptt}, url=${audio.url ? "present" : "missing"}, ` +
             `directPath=${audio.directPath ? "present" : "missing"}, ` +
             `mediaKey=${audio.mediaKey ? "present" : "missing"}, ` +
-            `fileLength=${audio.fileLength}, seconds=${audio.seconds}`);
+            `fileLength=${String(audio.fileLength)}, seconds=${String(audio.seconds)}`);
     }
     try {
         // Try standard download first

package/dist/web/login-qr.js

@@ -44,29 +44,6 @@ function attachLoginWaiter(accountId, login) {
         current.errorStatus = getStatusCode(err);
     });
 }
-async function restartLoginSocket(login, runtime) {
-    if (login.restartAttempted)
-        return false;
-    login.restartAttempted = true;
-    runtime.log(info("WhatsApp asked for a restart after pairing (code 515); retrying connection once…"));
-    closeSocket(login.sock);
-    try {
-        const sock = await createWaSocket(false, login.verbose, {
-            authDir: login.authDir,
-        });
-        login.sock = sock;
-        login.connected = false;
-        login.error = undefined;
-        login.errorStatus = undefined;
-        attachLoginWaiter(login.accountId, login);
-        return true;
-    }
-    catch (err) {
-        login.error = formatError(err);
-        login.errorStatus = getStatusCode(err);
-        return false;
-    }
-}
 export async function startWebLoginWithQr(opts = {}) {
     const runtime = opts.runtime ?? defaultRuntime;
     const cfg = loadConfig();

package/dist/web/providers/cloud/receive.js

@@ -59,7 +59,7 @@ function extractMessageText(message) {
             // Reactions are handled separately
             return "";
         default:
-            return `<${message.type}>`;
+            return `<${String(message.type)}>`;
     }
 }
 /**

package/dist/web/providers/cloud/webhook.js

@@ -67,7 +67,7 @@ export function createWebhookHandlers(options) {
         try {
             const payload = req.body;
             if (payload.object !== "whatsapp_business_account") {
-                log.warn(`Unexpected webhook object type: ${payload.object}`);
+                log.warn(`Unexpected webhook object type: ${String(payload.object)}`);
                 return;
             }
             for (const entry of payload.entry) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/taskmaster",
-  "version": "1.0.107",
+  "version": "1.0.108",
   "description": "AI-powered business assistant for small businesses",
   "publishConfig": {
     "access": "public"