@rubytech/taskmaster 1.0.35 → 1.0.38

package/dist/gateway/server-methods/system.js

@@ -1,7 +1,5 @@
+import { spawn } from "node:child_process";
 import { resolveMainSessionKeyFromConfig } from "../../config/sessions.js";
-import { uninstallCommand } from "../../commands/uninstall.js";
-import { resolveGatewayService } from "../../daemon/service.js";
-import { defaultRuntime } from "../../runtime.js";
 import { getLastHeartbeatEvent } from "../../infra/heartbeat-events.js";
 import { setHeartbeatsEnabled } from "../../infra/heartbeat-runner.js";
 import { enqueueSystemEvent, isSystemEventContextChanged } from "../../infra/system-events.js";
@@ -124,46 +122,23 @@ export const systemHandlers = {
     },
     "system.uninstall": async ({ params, respond, context }) => {
         const purge = params.purge === true;
-        const validScopes = new Set(["service", "state", "workspace", "app"]);
-        const scopes = Array.isArray(params.scopes)
-            ? params.scopes.filter((s) => validScopes.has(s))
-            : ["service", "state", "workspace"];
         const log = context.logGateway;
-        log.info(`system.uninstall: scopes=${scopes.join(",")} purge=${purge}`);
-        // Respond before running uninstall — the gateway will exit afterward
-        respond(true, { ok: true, scopes, purge }, undefined);
-        // Small delay to let the response reach the client
-        await new Promise((r) => setTimeout(r, 500));
-        // skipService: we cannot stop our own service — systemd would SIGTERM
-        // this process before workspace/state removal runs. The service files
-        // are uninstalled separately below (without stopping).
-        try {
-            await uninstallCommand(defaultRuntime, {
-                state: scopes.includes("state"),
-                workspace: scopes.includes("workspace"),
-                app: scopes.includes("app"),
-                purge,
-                skipService: true,
-                yes: true,
-                nonInteractive: true,
-            });
-        }
-        catch (err) {
-            log.error(`system.uninstall failed: ${String(err)}`);
-        }
-        // Uninstall the service files without stopping — we ARE the service.
-        // process.exit below handles the actual stop.
-        if (scopes.includes("service")) {
-            try {
-                const service = resolveGatewayService();
-                await service.uninstall({ env: process.env, stdout: process.stdout });
-                log.info("Gateway service uninstalled");
-            }
-            catch (err) {
-                log.error(`Service uninstall failed: ${String(err)}`);
-            }
-        }
-        log.info("system.uninstall complete, exiting gateway");
-        process.exit(0);
+        // Resolve the taskmaster binary path — same binary that's running the gateway
+        const bin = process.argv[1] ?? "taskmaster";
+        const args = ["uninstall", "--all", "--yes"];
+        if (purge)
+            args.push("--purge");
+        log.info(`system.uninstall: spawning detached: ${bin} ${args.join(" ")}`);
+        // Spawn the uninstall as a detached process that outlives the gateway.
+        // The CLI command will stop the gateway service, remove all data, and
+        // optionally remove the npm package — all from a separate process so
+        // there's no self-SIGTERM problem.
+        const child = spawn(process.execPath, [bin, ...args], {
+            detached: true,
+            stdio: "ignore",
+            env: { ...process.env },
+        });
+        child.unref();
+        respond(true, { ok: true, pid: child.pid }, undefined);
     },
 };

package/dist/gateway/server-methods.js

@@ -90,6 +90,7 @@ const READ_METHODS = new Set([
     "workspaces.list",
     "workspaces.scan",
     "memory.status",
+    "memory.audit",
 ]);
 const WRITE_METHODS = new Set([
     "send",
@@ -176,6 +177,7 @@ function authorizeGatewayMethod(method, client) {
         method === "workspaces.create" ||
         method === "workspaces.remove" ||
         method === "memory.reindex" ||
+        method === "memory.auditClear" ||
         method === "system.uninstall") {
         return errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.admin");
     }

package/dist/memory/audit.js

@@ -0,0 +1,86 @@
+/**
+ * Memory write audit trail.
+ *
+ * Tracks writes to shared/ and public/ memory folders so the business owner
+ * can review what the agent stored in externally-visible locations.
+ *
+ * Storage: JSON file at {workspaceDir}/.memory-audit.json
+ * Not placed inside memory/ to avoid being indexed by the memory search system.
+ *
+ * Integration: Called from syncMemoryFiles() in the memory manager, right after
+ * the "file updated/added" log line. Runs after the watcher detects changes and
+ * during the sync pass — no interference with upstream processing.
+ */
+import fs from "node:fs";
+import path from "node:path";
+const AUDIT_FILENAME = ".memory-audit.json";
+/** Paths that are excluded from audit — expected operational writes. */
+const EXCLUDED_PREFIXES = ["memory/shared/events/"];
+/**
+ * Returns true if a memory write path should be audited.
+ * Auditable paths: memory/shared/** and memory/public/** (excluding exemptions).
+ */
+export function isAuditablePath(relPath) {
+    const normalized = relPath.replace(/\\/g, "/").toLowerCase();
+    if (!normalized.startsWith("memory/shared/") && !normalized.startsWith("memory/public/")) {
+        return false;
+    }
+    for (const prefix of EXCLUDED_PREFIXES) {
+        if (normalized.startsWith(prefix))
+            return false;
+    }
+    return true;
+}
+function auditFilePath(workspaceDir) {
+    return path.join(workspaceDir, AUDIT_FILENAME);
+}
+function readAuditFile(workspaceDir) {
+    try {
+        const raw = fs.readFileSync(auditFilePath(workspaceDir), "utf-8");
+        const data = JSON.parse(raw);
+        return {
+            entries: Array.isArray(data.entries) ? data.entries : [],
+            lastReviewedAt: typeof data.lastReviewedAt === "number" ? data.lastReviewedAt : 0,
+        };
+    }
+    catch {
+        return { entries: [], lastReviewedAt: 0 };
+    }
+}
+function writeAuditFile(workspaceDir, data) {
+    try {
+        fs.writeFileSync(auditFilePath(workspaceDir), JSON.stringify(data, null, 2), "utf-8");
+    }
+    catch {
+        // Audit is best-effort — don't fail writes over audit persistence
+    }
+}
+/**
+ * Record an audit entry for a memory write.
+ */
+export function recordAuditEntry(workspaceDir, entry) {
+    const audit = readAuditFile(workspaceDir);
+    audit.entries.push(entry);
+    // Cap at 500 entries to prevent unbounded growth.
+    if (audit.entries.length > 500) {
+        audit.entries = audit.entries.slice(-500);
+    }
+    writeAuditFile(workspaceDir, audit);
+}
+/**
+ * Get unreviewed audit entries (entries added after the last review).
+ */
+export function getUnreviewedEntries(workspaceDir) {
+    const audit = readAuditFile(workspaceDir);
+    return audit.entries.filter((e) => e.timestamp > audit.lastReviewedAt);
+}
+/**
+ * Mark all current entries as reviewed.
+ */
+export function clearAuditEntries(workspaceDir) {
+    const audit = readAuditFile(workspaceDir);
+    const unreviewed = audit.entries.filter((e) => e.timestamp > audit.lastReviewedAt);
+    audit.lastReviewedAt = Date.now();
+    writeAuditFile(workspaceDir, audit);
+    return { cleared: unreviewed.length };
+}

package/dist/memory/manager.js

@@ -9,6 +9,7 @@ import { resolveSessionTranscriptsDirForAgent } from "../config/sessions/paths.j
 import { createSubsystemLogger } from "../logging/subsystem.js";
 import { onSessionTranscriptUpdate } from "../sessions/transcript-events.js";
 import { resolveUserPath } from "../utils.js";
+import { isAuditablePath, recordAuditEntry } from "./audit.js";
 import { createEmbeddingProvider, } from "./embeddings.js";
 import { DEFAULT_GEMINI_EMBEDDING_MODEL } from "./embeddings-gemini.js";
 import { DEFAULT_OPENAI_EMBEDDING_MODEL } from "./embeddings-openai.js";
@@ -534,6 +535,7 @@ export class MemoryIndexManager {
         }
         // Mark memory as dirty so it gets re-indexed
         this.dirty = true;
+        // Audit trail is recorded in syncMemoryFiles after the watcher detects changes
         return { path: relPath, bytesWritten: Buffer.byteLength(params.content, "utf-8") };
     }
     /**
@@ -1137,6 +1139,13 @@ export class MemoryIndexManager {
             }
             const action = record ? "updated" : "added";
             log.info(`file ${action} (${this.agentId}): ${entry.path}`);
+            if (isAuditablePath(entry.path)) {
+                recordAuditEntry(this.workspaceDir, {
+                    path: entry.path,
+                    timestamp: Date.now(),
+                    agentId: this.agentId,
+                });
+            }
             await this.indexFile(entry, { source: "memory" });
             if (params.progress) {
                 params.progress.completed += 1;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/taskmaster",
-  "version": "1.0.35",
+  "version": "1.0.38",
   "description": "AI-powered business assistant for small businesses",
   "publishConfig": {
     "access": "public"

package/taskmaster-docs/USER-GUIDE.md

@@ -144,6 +144,14 @@ After setup, you'll see a navigation bar at the top of the screen linking to all
 
 You'll land on the Setup page by default. From there, the nav bar takes you anywhere.
 
+### Data Safety Alert
+
+A **shield icon** appears in the navigation bar whenever your assistant writes a file to the **public/** or **shared/** folders. These are the folders visible to other assistants or customers, so you'll want to check that the right information ended up in the right place.
+
+Tap the shield to see a list of recent writes — each entry shows the file name, which folder it went to, and when it happened. Once you've reviewed them, tap **Mark All Reviewed** to clear the list. The shield disappears until the next write.
+
+This check runs automatically — the badge updates on its own without needing to refresh the page.
+
 ---
 
 ## Security & PINs
@@ -485,6 +493,8 @@ All files are markdown (`.md`) — plain text with simple formatting. You can up
 
 When you add or change a file, your assistant picks it up automatically — no restart needed. The status light on the Files page turns red when files have changed since the last index, so you can see at a glance whether a re-index is needed.
 
+When your assistant writes to **public/** or **shared/**, a shield icon appears in the navigation bar so you can review what was written (see [Data Safety Alert](#data-safety-alert) above).
+
 ---
 
 ## Status Dashboard

package/templates/beagle/agents/admin/AGENTS.md

@@ -39,6 +39,19 @@ memory/
 └── groups/      # Virtual booking groups (you can see all)
 ```
 
+### Data Classification
+
+When saving information, choose the most restrictive folder that fits:
+
+- **Sensitive or personal** (phone numbers, financial details, private strategy, passwords) — always `memory/admin/`
+- **Operational business** (appointments, shared calendar, lessons learned, escalation rules) — `memory/shared/`
+- **Customer-visible** (product info, FAQs, public business details) — `memory/public/`
+- **Customer-specific** (their conversation history, preferences) — `memory/users/{phone}/`
+
+When in doubt, prefer `admin/` over `shared/`, and `shared/` over `public/`. Writes to `shared/` and `public/` are audited — the business owner reviews them via a control panel alert. Ask before saving anything remotely sensitive to shared or public folders.
+
+*"Default to admin if classifying during conversation — you can always move it to shared later after confirming with [OWNER_NAME]."* 
+
 ---
 
 ## Stripe CLI Operations

package/templates/customer/agents/admin/AGENTS.md

@@ -100,6 +100,19 @@ memory/
 └── users/       # Per-customer profiles (you can see all)
 ```
 
+### Data Classification
+
+When saving information, choose the most restrictive folder that fits:
+
+- **Sensitive or personal** (phone numbers, financial details, private strategy, passwords) — always `memory/admin/`
+- **Operational business** (appointments, shared calendar, lessons learned, escalation rules) — `memory/shared/`
+- **Customer-visible** (product info, FAQs, public business details) — `memory/public/`
+- **Customer-specific** (their conversation history, preferences) — `memory/users/{phone}/`
+
+When in doubt, prefer `admin/` over `shared/`, and `shared/` over `public/`. Writes to `shared/` and `public/` are audited — the business owner reviews them via a control panel alert. Ask before saving anything remotely sensitive to shared or public folders.
+
+*"Default to admin if classifying during conversation — you can always move it to shared later after confirming with [OWNER_NAME]."* 
+
 ### Store Business Info
 Proactively capture:
 - Decisions made

package/templates/taskmaster/agents/admin/AGENTS.md

@@ -67,6 +67,29 @@ memory/
 └── users/       # Per-user profiles (you can see all)
 ```
 
+### Data Classification — Folder Selection
+
+Different memory folders have different visibility. The admin folder is private to you and [OWNER_NAME]. Shared and public folders are readable by the public agent and, through it, by customers and team members. Placing sensitive information in the wrong folder is a data breach.
+
+**Classify by sensitivity, not by topic:**
+
+| Data type | Folder | Why |
+|-----------|--------|-----|
+| Personal info (phone numbers, addresses, financial details) | `memory/admin/` | Only [OWNER_NAME] should see this |
+| Private business strategy, deals, pricing negotiations | `memory/admin/` | Competitive/sensitive |
+| Operational guidance (lessons learned, internal instructions) | `memory/shared/` | Helps the public agent serve customers better |
+| Calendar events, appointments | `memory/shared/events/` | Shared scheduling |
+| Product info, FAQs, public-facing content | `memory/public/` | Customers may see this via the public agent |
+| Customer-specific data (profiles, preferences, history) | `memory/users/{phone}/` | Isolated per customer |
+
+**When in doubt, choose the more restrictive folder.** `admin/` is safer than `shared/`, `shared/` is safer than `public/`. You can always move data to a less restrictive folder later — the reverse is a breach.
+
+**Ask before writing to shared/ or public/** if the content contains anything that could be personal, financial, or strategically sensitive. [OWNER_NAME] can confirm whether it's appropriate to share.
+
+Writes to `memory/shared/` and `memory/public/` are audited and flagged for [OWNER_NAME] to review in the control panel. This is a safety net, not a substitute for correct classification.
+
+*"Default to admin if classifying during conversation — you can always move it to shared later after confirming with [OWNER_NAME]."* 
+
 ### Store Business Info
 Proactively capture:
 - Decisions made

package/templates/tradesupport/agents/admin/AGENTS.md

@@ -100,6 +100,19 @@ memory/
 └── users/       # Per-customer profiles (you can see all)
 ```
 
+### Data Classification
+
+When saving information, choose the most restrictive folder that fits:
+
+- **Sensitive or personal** (phone numbers, financial details, private strategy, passwords) — always `memory/admin/`
+- **Operational business** (appointments, shared calendar, lessons learned, escalation rules) — `memory/shared/`
+- **Customer-visible** (product info, FAQs, public business details) — `memory/public/`
+- **Customer-specific** (their conversation history, preferences) — `memory/users/{phone}/`
+
+When in doubt, prefer `admin/` over `shared/`, and `shared/` over `public/`. Writes to `shared/` and `public/` are audited — the business owner reviews them via a control panel alert. Ask before saving anything remotely sensitive to shared or public folders.
+
+*"Default to admin if classifying during conversation — you can always move it to shared later after confirming with [OWNER_NAME]."* 
+
 ### Store Business Info
 Proactively capture:
 - Decisions made