@rubytech/taskmaster 1.0.5 → 1.0.7

package/dist/agents/skills/refresh.js

@@ -7,7 +7,9 @@ const log = createSubsystemLogger("gateway/skills");
 const listeners = new Set();
 const workspaceVersions = new Map();
 const watchers = new Map();
-let globalVersion = 0;
+// Start at 1 so that any cached session snapshot with version 0 is treated as
+// stale on the first message after a gateway restart.
+let globalVersion = 1;
 export const DEFAULT_SKILLS_WATCH_IGNORED = [
     /(^|[\\/])\.git([\\/]|$)/,
     /(^|[\\/])node_modules([\\/]|$)/,

package/dist/build-info.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.0.5",
-  "commit": "0d0cd3f87e0115e7ae887f96fefa33d8fdedbddb",
-  "builtAt": "2026-02-15T07:57:32.812Z"
+  "version": "1.0.7",
+  "commit": "bf449131fd6c863dbc502e6e32f116a0bf54f235",
+  "builtAt": "2026-02-15T08:31:28.073Z"
 }

package/dist/cli/provision-cli.js

@@ -22,6 +22,7 @@ export function registerProvisionCli(program) {
         .option("--port <port>", `Gateway port (default: ${DEFAULT_GATEWAY_PORT})`)
         .option("--workspace <path>", `Workspace path (default: ${DEFAULT_WORKSPACE})`)
         .option("--force", "Overwrite existing config and workspace")
+        .option("--skip-platform", "Skip platform setup (avahi, hostname, mDNS) — used by install.sh")
         .action(async (opts) => {
         await runProvision(opts);
     });
@@ -34,6 +35,7 @@ async function runProvision(opts) {
     }
     const workspace = opts.workspace ? path.resolve(opts.workspace) : DEFAULT_WORKSPACE;
     const force = Boolean(opts.force);
+    const skipPlatform = Boolean(opts.skipPlatform);
     const isLinux = process.platform === "linux";
     console.log("");
     console.log("Taskmaster Provision");
@@ -46,7 +48,12 @@ async function runProvision(opts) {
     // Step 3: Write agent list to config
     await writeAgentList(workspace);
     // Step 4-6: Linux-only mDNS setup
-    if (isLinux) {
+    if (skipPlatform) {
+        console.log("[4/7] Avahi: handled by install script");
+        console.log("[5/7] Hostname: handled by install script");
+        console.log("[6/7] mDNS: handled by install script");
+    }
+    else if (isLinux) {
         await installAvahi();
         await setHostname();
         await registerMdnsService(port);

package/dist/filler/config.js

@@ -0,0 +1,69 @@
+/**
+ * Filler configuration resolution.
+ */
+/** Default filler configuration values. */
+export const FILLER_DEFAULTS = {
+    enabled: false,
+    channels: [
+        "whatsapp",
+        "telegram",
+        "discord",
+        "slack",
+        "signal",
+        "googlechat",
+        "imessage",
+        "webchat",
+    ],
+    maxWaitMs: 3000,
+    model: "claude-3-haiku-20240307",
+    maxWords: 15,
+};
+/** Resolve filler config with defaults applied. */
+export function resolveFillerConfig(cfg) {
+    return {
+        ...FILLER_DEFAULTS,
+        ...cfg?.filler,
+        // Ensure channels array is always present
+        channels: cfg?.filler?.channels ?? FILLER_DEFAULTS.channels,
+    };
+}
+/**
+ * Resolve whether filler is enabled, checking session and agent-level config.
+ *
+ * Priority:
+ * 1. Session override (from /filler command)
+ * 2. Per-agent config (agents.list[].fillerEnabled)
+ * 3. Agent defaults (agents.defaults.fillerEnabled)
+ * 4. Global filler config (filler.enabled)
+ * 5. Default (false)
+ */
+export function resolveFillerEnabled(params) {
+    const { cfg, agentId, sessionFillerEnabled } = params;
+    // Session-level override takes precedence (from /filler command)
+    if (sessionFillerEnabled !== undefined) {
+        return sessionFillerEnabled;
+    }
+    // Check per-agent config
+    if (agentId && cfg?.agents?.list) {
+        const agentConfig = cfg.agents.list.find((a) => a.id === agentId);
+        if (agentConfig?.fillerEnabled !== undefined) {
+            return agentConfig.fillerEnabled;
+        }
+    }
+    // Check agent defaults
+    if (cfg?.agents?.defaults?.fillerEnabled !== undefined) {
+        return cfg.agents.defaults.fillerEnabled;
+    }
+    // Fall back to global filler config
+    return cfg?.filler?.enabled ?? FILLER_DEFAULTS.enabled;
+}
+/** Check if filler is enabled for a specific channel. */
+export function isFillerEnabledForChannel(params) {
+    const { cfg, channel } = params;
+    if (!resolveFillerEnabled(params))
+        return false;
+    if (!channel)
+        return false;
+    const fillerConfig = resolveFillerConfig(cfg);
+    return fillerConfig.channels.includes(channel);
+}

package/dist/filler/generator.js

@@ -0,0 +1,237 @@
+/**
+ * Filler message generation using a lightweight model (Haiku).
+ *
+ * Uses pi-ai complete() for OAuth-compatible inference.
+ */
+import path from "node:path";
+import { complete } from "@mariozechner/pi-ai";
+import { AuthStorage, ModelRegistry } from "@mariozechner/pi-coding-agent";
+import { getApiKeyForModel, requireApiKey } from "../agents/model-auth.js";
+import { ensureTaskmasterModelsJson } from "../agents/models-config.js";
+const FILLER_SYSTEM_PROMPT = `You generate a brief, first-person filler while processing a request. Output ONLY the filler text.
+
+Rules:
+1. For trivial messages (greetings, "yes", "ok", "thanks", single-word replies), output: SKIP
+2. Always use first person ("I'll...", "I need to...", "I'm...")
+3. Match the filler to what you're doing (shown in thinking)
+4. Keep it short (2-6 words) and casual
+5. Vary your responses every time
+
+Quick acknowledgments (no lookup needed):
+- "one moment please", "just a moment", "one sec", "OK", "sure thing", "got it"
+
+When looking something up / searching:
+- "I need to look that up", "I'll check on that", "I need to search for that", "I'm looking into it"
+
+When checking / verifying:
+- "I'll check", "I'm checking now", "I need to verify that"
+
+When thinking / working out:
+- "hmm", "I'm thinking", "I need to work this out"
+
+IMPORTANT: Vary every response. Never repeat the same phrase twice in a row.`;
+const TOOL_PROGRESS_SYSTEM_PROMPT = `You generate a brief, first-person progress update while a tool is running. Output ONLY the progress text.
+
+Rules:
+1. Always use first person ("I'm...", "Just...", "Let me...")
+2. Be specific about what you're doing based on the tool and its arguments
+3. Keep it short (3-8 words) and natural
+4. Sound like a human assistant giving a quick status update
+
+Examples:
+- exec with "git status" → "Just checking the git status"
+- exec with "npm install" → "Installing the dependencies"
+- memory_search with query "invoice" → "Searching my notes for invoices"
+- read with path "/config.json" → "Reading the config file"
+- web_search with query "weather" → "Looking up the weather"
+
+Output ONLY the progress message, nothing else.`;
+/** Token returned when filler should not be sent. */
+export const FILLER_SKIP_TOKEN = "SKIP";
+/**
+ * Generate a filler message using pi-ai complete().
+ *
+ * Works with both API keys and OAuth tokens.
+ */
+export async function generateFiller(params) {
+    const { userMessage, thinking, model: modelId, maxWords, timeoutMs = 3000, abortSignal, cfg, agentDir, } = params;
+    // Check if already aborted before starting
+    if (abortSignal?.aborted) {
+        return { ok: false, error: new Error("Filler generation aborted") };
+    }
+    try {
+        // Set up model discovery with auth
+        await ensureTaskmasterModelsJson(cfg, agentDir);
+        const authStorage = agentDir
+            ? new AuthStorage(path.join(agentDir, "auth.json"))
+            : new AuthStorage();
+        const modelRegistry = agentDir
+            ? new ModelRegistry(authStorage, path.join(agentDir, "models.json"))
+            : new ModelRegistry(authStorage);
+        // Find Haiku model
+        const model = modelRegistry.find("anthropic", modelId);
+        if (!model) {
+            return { ok: false, error: new Error(`Filler model not found: anthropic/${modelId}`) };
+        }
+        // Resolve and set API key
+        const apiKeyInfo = await getApiKeyForModel({
+            model,
+            cfg,
+            agentDir,
+        });
+        const apiKey = requireApiKey(apiKeyInfo, model.provider);
+        authStorage.setRuntimeApiKey(model.provider, apiKey);
+        // Truncate thinking if too long (keep last 400 chars for context)
+        const truncatedThinking = thinking
+            ? thinking.length > 400
+                ? `...${thinking.slice(-400)}`
+                : thinking
+            : "";
+        // Build the prompt with both user message and thinking
+        let prompt = `User's message: "${userMessage}"`;
+        if (truncatedThinking) {
+            prompt += `\n\nAssistant's thinking so far:\n---\n${truncatedThinking}\n---`;
+        }
+        prompt += `\n\nGenerate a brief filler (max ${maxWords} words) that fits what the assistant is doing:`;
+        // console.log(`[filler] === FILLER GENERATION ===`);
+        // console.log(`[filler] User message: "${userMessage}"`);
+        // console.log(
+        //   `[filler] Thinking (${truncatedThinking.length} chars): "${truncatedThinking.slice(0, 100)}..."`,
+        // );
+        // Build context with system prompt and user message
+        const context = {
+            systemPrompt: FILLER_SYSTEM_PROMPT,
+            messages: [
+                {
+                    role: "user",
+                    content: prompt,
+                    timestamp: Date.now(),
+                },
+            ],
+        };
+        // Create timeout promise
+        const timeoutPromise = new Promise((_, reject) => {
+            const timer = setTimeout(() => reject(new Error("Filler generation timeout")), timeoutMs);
+            abortSignal?.addEventListener("abort", () => {
+                clearTimeout(timer);
+                reject(new Error("Filler generation aborted"));
+            });
+        });
+        // Race completion against timeout
+        const message = (await Promise.race([
+            complete(model, context, {
+                apiKey,
+                maxTokens: 50,
+                temperature: 0.9, // Higher temperature for variety
+            }),
+            timeoutPromise,
+        ]));
+        // Extract text from response
+        const content = message.content?.[0];
+        if (!content || content.type !== "text" || !content.text) {
+            return { ok: false, skip: true };
+        }
+        const text = content.text.trim();
+        // console.log(`[filler] Generated output: "${text}"`);
+        // Check for SKIP token
+        if (text.toUpperCase() === FILLER_SKIP_TOKEN) {
+            // logVerbose(`[filler] Skipping (model returned SKIP)`);
+            return { ok: false, skip: true };
+        }
+        // Don't truncate - mid-sentence cuts look bad. The prompt already
+        // instructs Haiku to keep it brief (2-6 words).
+        return { ok: true, text };
+    }
+    catch (err) {
+        const error = err instanceof Error ? err : new Error(String(err));
+        // logVerbose(`Filler generation failed: ${error.message}`);
+        return { ok: false, error };
+    }
+}
+/**
+ * Generate a tool progress message using Haiku.
+ */
+export async function generateToolProgress(params) {
+    const { toolName, args, model: modelId, timeoutMs = 2000, cfg, agentDir } = params;
+    try {
+        // Set up model discovery with auth
+        await ensureTaskmasterModelsJson(cfg, agentDir);
+        const authStorage = agentDir
+            ? new AuthStorage(path.join(agentDir, "auth.json"))
+            : new AuthStorage();
+        const modelRegistry = agentDir
+            ? new ModelRegistry(authStorage, path.join(agentDir, "models.json"))
+            : new ModelRegistry(authStorage);
+        // Find Haiku model
+        const model = modelRegistry.find("anthropic", modelId);
+        if (!model) {
+            return { ok: false, error: new Error(`Filler model not found: anthropic/${modelId}`) };
+        }
+        // Resolve and set API key
+        const apiKeyInfo = await getApiKeyForModel({
+            model,
+            cfg,
+            agentDir,
+        });
+        const apiKey = requireApiKey(apiKeyInfo, model.provider);
+        authStorage.setRuntimeApiKey(model.provider, apiKey);
+        // Build prompt with tool info
+        let prompt = `Tool: ${toolName}`;
+        if (args && Object.keys(args).length > 0) {
+            // Include relevant args, truncating long values
+            const relevantArgs = {};
+            for (const [key, value] of Object.entries(args)) {
+                if (typeof value === "string" && value.length > 100) {
+                    relevantArgs[key] = value.slice(0, 100) + "...";
+                }
+                else if (typeof value === "string" ||
+                    typeof value === "number" ||
+                    typeof value === "boolean") {
+                    relevantArgs[key] = value;
+                }
+            }
+            if (Object.keys(relevantArgs).length > 0) {
+                prompt += `\nArguments: ${JSON.stringify(relevantArgs)}`;
+            }
+        }
+        prompt += "\n\nGenerate a brief progress update:";
+        // console.log(`[filler] === TOOL PROGRESS GENERATION ===`);
+        // console.log(`[filler] Tool: ${toolName}, args: ${JSON.stringify(args ?? {}).slice(0, 100)}`);
+        const context = {
+            systemPrompt: TOOL_PROGRESS_SYSTEM_PROMPT,
+            messages: [
+                {
+                    role: "user",
+                    content: prompt,
+                    timestamp: Date.now(),
+                },
+            ],
+        };
+        // Create timeout promise
+        const timeoutPromise = new Promise((_, reject) => {
+            setTimeout(() => reject(new Error("Tool progress generation timeout")), timeoutMs);
+        });
+        // Race completion against timeout
+        const message = (await Promise.race([
+            complete(model, context, {
+                apiKey,
+                maxTokens: 30,
+                temperature: 0.7,
+            }),
+            timeoutPromise,
+        ]));
+        // Extract text from response
+        const content = message.content?.[0];
+        if (!content || content.type !== "text" || !content.text) {
+            return { ok: false, skip: true };
+        }
+        const text = content.text.trim();
+        // console.log(`[filler] Tool progress: "${text}"`);
+        return { ok: true, text };
+    }
+    catch (err) {
+        const error = err instanceof Error ? err : new Error(String(err));
+        console.warn(`[filler] Tool progress generation failed: ${error.message}`);
+        return { ok: false, error };
+    }
+}

package/dist/filler/index.js

@@ -0,0 +1,8 @@
+/**
+ * Filler message system - reduces perceived latency by emitting brief
+ * acknowledgments while the main AI response generates.
+ */
+export * from "./types.js";
+export { FILLER_DEFAULTS, resolveFillerConfig, resolveFillerEnabled, isFillerEnabledForChannel, } from "./config.js";
+export { createFillerTrigger } from "./trigger.js";
+export { generateFiller, FILLER_SKIP_TOKEN } from "./generator.js";

package/dist/filler/trigger.js

@@ -0,0 +1,163 @@
+/**
+ * Filler trigger: generates and delivers a brief acknowledgment message
+ * while the main AI response is being generated.
+ *
+ * Waits briefly for initial thinking to accumulate, then generates a
+ * context-aware filler using both the user message and model's thinking.
+ *
+ * Also sends progress updates during tool calls (throttled).
+ */
+import { isFillerEnabledForChannel, resolveFillerConfig } from "./config.js";
+import { generateFiller, generateToolProgress } from "./generator.js";
+/** How long to wait for thinking before generating filler (ms) */
+const THINKING_WAIT_MS = 350;
+/** Minimum time between tool progress updates (ms) */
+const TOOL_PROGRESS_THROTTLE_MS = 8000;
+/**
+ * Check if a tool should trigger a progress update.
+ * Messaging tools are skipped since they're the final output.
+ */
+function shouldSkipToolProgress(toolName) {
+    const normalized = toolName.toLowerCase().trim();
+    return (normalized === "message" ||
+        normalized === "send" ||
+        normalized === "send_message" ||
+        normalized === "sessions_send");
+}
+/**
+ * Create a filler trigger for an agent run.
+ *
+ * Returns null if filler is disabled or not enabled for this channel.
+ * Waits briefly for thinking to accumulate before generating filler.
+ */
+export function createFillerTrigger(params) {
+    const config = resolveFillerConfig(params.cfg);
+    // Check if filler is enabled for this channel (respects session and per-agent config)
+    if (!isFillerEnabledForChannel({
+        cfg: params.cfg,
+        agentId: params.agentId,
+        channel: params.channel,
+        sessionFillerEnabled: params.sessionFillerEnabled,
+    })) {
+        return null;
+    }
+    // console.log(`[filler] waiting for thinking (${THINKING_WAIT_MS}ms) for run ${params.runId}`);
+    let cancelled = false;
+    let fillerSent = false;
+    const abortController = new AbortController();
+    const thinkingChunks = [];
+    let generatePromise = null;
+    let lastProgressAt = 0;
+    // Collect thinking chunks
+    const feedThinking = (text) => {
+        if (cancelled || fillerSent || !text)
+            return;
+        thinkingChunks.push(text);
+    };
+    // Send progress update for tool calls (throttled, uses Haiku to generate)
+    const feedToolCall = (toolName, args) => {
+        if (cancelled)
+            return;
+        // Skip messaging tools (they're the final output)
+        if (shouldSkipToolProgress(toolName)) {
+            // console.log(`[filler] skipping progress for tool ${toolName}`);
+            return;
+        }
+        // Throttle progress updates
+        const now = Date.now();
+        if (now - lastProgressAt < TOOL_PROGRESS_THROTTLE_MS) {
+            // console.log(`[filler] throttled tool progress for ${toolName}`);
+            return;
+        }
+        lastProgressAt = now;
+        // console.log(`[filler] generating tool progress for ${toolName}`);
+        // Generate and send progress update via Haiku
+        void generateToolProgress({
+            toolName,
+            args,
+            model: config.model,
+            timeoutMs: 2000,
+            cfg: params.cfg,
+            agentDir: params.agentDir,
+        })
+            .then((result) => {
+            if (cancelled) {
+                // console.log(`[filler] cancelled, discarding tool progress`);
+                return;
+            }
+            if (result.ok) {
+                // console.log(`[filler] sending tool progress: "${result.text}" (${toolName})`);
+                return params.onFiller(result.text);
+            }
+        })
+            .catch((err) => {
+            console.warn(`[filler] tool progress failed: ${err instanceof Error ? err.message : String(err)}`);
+        });
+    };
+    // Start generation after brief delay to collect thinking
+    const thinkingTimer = setTimeout(() => {
+        if (cancelled)
+            return;
+        generatePromise = startGeneration();
+    }, THINKING_WAIT_MS);
+    async function startGeneration() {
+        if (cancelled)
+            return;
+        const thinking = thinkingChunks.join("").trim();
+        // console.log(`[filler] generating with ${thinking.length} chars of thinking`);
+        try {
+            const result = await generateFiller({
+                userMessage: params.userMessage || "",
+                thinking: thinking || undefined,
+                model: config.model,
+                maxWords: config.maxWords,
+                timeoutMs: config.maxWaitMs,
+                abortSignal: abortController.signal,
+                cfg: params.cfg,
+                agentDir: params.agentDir,
+            });
+            if (cancelled) {
+                // console.log(`[filler] cancelled during generation, discarding`);
+                return;
+            }
+            if (result.ok) {
+                fillerSent = true;
+                // console.log(`[filler] delivering: "${result.text}"`);
+                await params.onFiller(result.text);
+            }
+            else if ("skip" in result && result.skip) {
+                // console.log(`[filler] model returned SKIP`);
+            }
+            else if ("error" in result) {
+                console.warn(`[filler] generation error: ${result.error.message}`);
+            }
+        }
+        catch (err) {
+            // Fail silently - filler is non-critical
+            console.warn(`[filler] error: ${err instanceof Error ? err.message : String(err)}`);
+        }
+    }
+    const cancel = () => {
+        if (cancelled)
+            return;
+        cancelled = true;
+        clearTimeout(thinkingTimer);
+        abortController.abort();
+        console.warn(`[filler] cancelled for run ${params.runId}`);
+    };
+    const flush = async () => {
+        clearTimeout(thinkingTimer);
+        if (!generatePromise && !cancelled && !fillerSent) {
+            generatePromise = startGeneration();
+        }
+        if (generatePromise) {
+            await generatePromise;
+        }
+    };
+    return {
+        feedThinking,
+        feedToolCall,
+        cancel,
+        flush,
+    };
+}

package/dist/filler/types.js

@@ -0,0 +1,7 @@
+/**
+ * Filler message generation types.
+ *
+ * The filler system emits brief acknowledgments while the main AI response
+ * is generating, reducing perceived latency for channels like WhatsApp.
+ */
+export {};

package/dist/infra/taskmaster-root.js

@@ -15,7 +15,7 @@ async function findPackageRoot(startDir, maxDepth = 12) {
     let current = path.resolve(startDir);
     for (let i = 0; i < maxDepth; i += 1) {
         const name = await readPackageName(current);
-        if (name === "taskmaster")
+        if (name === "taskmaster" || name === "@rubytech/taskmaster")
             return current;
         const parent = path.dirname(current);
         if (parent === current)

package/dist/license/device-id.js

@@ -0,0 +1,61 @@
+import crypto from "node:crypto";
+import { execFileSync } from "node:child_process";
+import fs from "node:fs";
+import os from "node:os";
+const SALT = "taskmaster-device-v1";
+const PREFIX = "tm_dev_";
+let cachedDeviceId = null;
+function hashWithSalt(input) {
+    return crypto.createHash("sha256").update(`${SALT}:${input}`).digest("hex");
+}
+function getMacSerial() {
+    try {
+        const output = execFileSync("ioreg", ["-rd1", "-c", "IOPlatformExpertDevice"], {
+            encoding: "utf8",
+            timeout: 5000,
+        });
+        const match = output.match(/"IOPlatformSerialNumber"\s*=\s*"([^"]+)"/);
+        return match?.[1] ?? null;
+    }
+    catch {
+        return null;
+    }
+}
+function getLinuxSerial() {
+    try {
+        const cpuinfo = fs.readFileSync("/proc/cpuinfo", "utf8");
+        const match = cpuinfo.match(/^Serial\s*:\s*(\S+)/m);
+        return match?.[1] ?? null;
+    }
+    catch {
+        return null;
+    }
+}
+function getFallbackId() {
+    const cpuModel = os.cpus()[0]?.model ?? "unknown";
+    return `${os.hostname()}:${os.platform()}:${os.arch()}:${cpuModel}`;
+}
+/**
+ * Generate a stable hardware fingerprint for this device.
+ * - macOS: SHA-256 of IOPlatformSerialNumber
+ * - Linux (Pi): SHA-256 of /proc/cpuinfo Serial
+ * - Fallback: SHA-256 of hostname + platform + arch + cpu model
+ *
+ * Result is cached in memory (won't change during runtime).
+ */
+export function getDeviceId() {
+    if (cachedDeviceId)
+        return cachedDeviceId;
+    let raw = null;
+    if (os.platform() === "darwin") {
+        raw = getMacSerial();
+    }
+    else if (os.platform() === "linux") {
+        raw = getLinuxSerial();
+    }
+    if (!raw) {
+        raw = getFallbackId();
+    }
+    cachedDeviceId = `${PREFIX}${hashWithSalt(raw)}`;
+    return cachedDeviceId;
+}

package/dist/license/keys.js

@@ -0,0 +1,61 @@
+import crypto from "node:crypto";
+/**
+ * Ed25519 public key for verifying license tokens.
+ *
+ * The corresponding private key is kept secret and used to sign
+ * tokens when a license is issued (via our Taskmaster WhatsApp agent
+ * or manually).
+ *
+ * Token format: TM1-<base64url(payload)>.<base64url(signature)>
+ * Payload JSON: { did, tier, exp, cid, iat }
+ * Note: `tier` is always "standard" — no tier differentiation exists.
+ */
+const PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEA/t/C4A4I0rDlj5rEqv6Hy6VdHJr7WiJHWUxgwGz9HcM=
+-----END PUBLIC KEY-----`;
+const publicKey = crypto.createPublicKey(PUBLIC_KEY_PEM);
+/** Token version prefix. */
+const TOKEN_PREFIX = "TM1-";
+/**
+ * Verify a license token's cryptographic signature and decode its payload.
+ * Does NOT check device binding or expiry — caller handles that.
+ */
+export function verifyLicenseToken(token) {
+    if (!token.startsWith(TOKEN_PREFIX)) {
+        return { valid: false, message: "Invalid token format" };
+    }
+    const body = token.slice(TOKEN_PREFIX.length);
+    const dotIndex = body.indexOf(".");
+    if (dotIndex === -1) {
+        return { valid: false, message: "Invalid token format" };
+    }
+    const payloadB64 = body.slice(0, dotIndex);
+    const signatureB64 = body.slice(dotIndex + 1);
+    if (!payloadB64 || !signatureB64) {
+        return { valid: false, message: "Invalid token format" };
+    }
+    // Verify signature
+    let signatureValid;
+    try {
+        const signature = Buffer.from(signatureB64, "base64url");
+        signatureValid = crypto.verify(null, Buffer.from(payloadB64), publicKey, signature);
+    }
+    catch {
+        return { valid: false, message: "Signature verification failed" };
+    }
+    if (!signatureValid) {
+        return { valid: false, message: "Invalid license key" };
+    }
+    // Decode payload
+    try {
+        const payloadJson = Buffer.from(payloadB64, "base64url").toString("utf8");
+        const payload = JSON.parse(payloadJson);
+        if (!payload.did || !payload.tier || !payload.exp || !payload.cid || !payload.iat) {
+            return { valid: false, message: "Incomplete license data" };
+        }
+        return { valid: true, payload };
+    }
+    catch {
+        return { valid: false, message: "Invalid license data" };
+    }
+}

package/dist/license/revalidation.js

@@ -0,0 +1,52 @@
+import { loadConfig, writeConfigFile } from "../config/config.js";
+import { getDeviceId } from "./device-id.js";
+import { validateLicenseKey } from "./validate.js";
+/** Check every 24 hours during gateway uptime. */
+const CHECK_INTERVAL_MS = 24 * 60 * 60 * 1000;
+let revalidationTimer = null;
+function revalidate(log, onChange) {
+    const config = loadConfig();
+    const lic = config.license;
+    // Nothing to revalidate if there's no stored key
+    if (!lic?.key || !lic.validatedAt)
+        return;
+    // Re-verify the stored token locally (signature + device + expiry)
+    const deviceId = getDeviceId();
+    const result = validateLicenseKey(lic.key, deviceId);
+    if (result.valid) {
+        log.info("license still valid");
+        return;
+    }
+    // Token is no longer valid (expired, wrong device, bad signature)
+    log.warn(`license revoked: ${result.message}`);
+    try {
+        void writeConfigFile({
+            ...config,
+            license: {
+                key: lic.key,
+                deviceId: lic.deviceId,
+                // Clear validation fields to force re-activation
+            },
+        });
+    }
+    catch (err) {
+        log.warn(`failed to clear revoked license: ${String(err)}`);
+    }
+    onChange(false);
+}
+export function startLicenseRevalidation(log, onChange) {
+    stopLicenseRevalidation();
+    revalidationTimer = setInterval(() => {
+        revalidate(log, onChange);
+    }, CHECK_INTERVAL_MS);
+    // Don't prevent process exit
+    if (revalidationTimer && typeof revalidationTimer === "object" && "unref" in revalidationTimer) {
+        revalidationTimer.unref();
+    }
+}
+export function stopLicenseRevalidation() {
+    if (revalidationTimer) {
+        clearInterval(revalidationTimer);
+        revalidationTimer = null;
+    }
+}

package/dist/license/state.js

@@ -0,0 +1,12 @@
+/**
+ * In-memory license state flag.
+ * Updated at startup and when the license is activated or revoked.
+ * Defaults to true in test environments so tests don't need to mock licensing.
+ */
+let licensed = process.env.VITEST === "true";
+export function isLicensed() {
+    return licensed;
+}
+export function setLicensed(value) {
+    licensed = value;
+}

package/dist/license/validate.js

@@ -0,0 +1,59 @@
+import { verifyLicenseToken } from "./keys.js";
+/** Max age for a stored validation before we require re-checking (30 days). */
+const MAX_VALIDATION_AGE_MS = 30 * 24 * 60 * 60 * 1000;
+/**
+ * Validate a license token locally using Ed25519 signature verification.
+ * Checks: signature valid, device ID matches, not expired.
+ */
+export function validateLicenseKey(key, deviceId) {
+    const result = verifyLicenseToken(key);
+    if (!result.valid) {
+        return { valid: false, message: result.message };
+    }
+    const { payload } = result;
+    // Check device binding ("*" = any device, used for dev/master keys)
+    if (payload.did !== "*" && payload.did !== deviceId) {
+        return {
+            valid: false,
+            message: "This license key is bound to a different device",
+        };
+    }
+    // Check expiry
+    const expiresAt = new Date(payload.exp).getTime();
+    if (Number.isNaN(expiresAt) || Date.now() > expiresAt) {
+        return { valid: false, message: "License has expired" };
+    }
+    return {
+        valid: true,
+        message: "License activated",
+        expiresAt: payload.exp,
+        tier: payload.tier,
+        customerId: payload.cid,
+    };
+}
+/**
+ * Check whether the stored license in config is currently valid.
+ * Does NOT re-verify the signature — only checks local state.
+ */
+export function isLicenseValid(config) {
+    const lic = config.license;
+    if (!lic?.key)
+        return false;
+    if (!lic.validatedAt)
+        return false;
+    // Check validation age
+    const validatedAt = new Date(lic.validatedAt).getTime();
+    if (Number.isNaN(validatedAt))
+        return false;
+    if (Date.now() - validatedAt > MAX_VALIDATION_AGE_MS)
+        return false;
+    // Check expiry (absent expiresAt = perpetual)
+    if (lic.expiresAt) {
+        const expiresAt = new Date(lic.expiresAt).getTime();
+        if (Number.isNaN(expiresAt))
+            return false;
+        if (Date.now() > expiresAt)
+            return false;
+    }
+    return true;
+}

package/dist/records/records-manager.js

@@ -0,0 +1,92 @@
+import fs from "node:fs";
+import path from "node:path";
+import os from "node:os";
+const RECORDS_DIR = path.join(os.homedir(), ".taskmaster");
+const RECORDS_PATH = path.join(RECORDS_DIR, "records.json");
+function readFile() {
+    try {
+        const raw = fs.readFileSync(RECORDS_PATH, "utf-8");
+        const parsed = JSON.parse(raw);
+        if (parsed.version === 1 && typeof parsed.records === "object" && parsed.records !== null) {
+            return parsed;
+        }
+    }
+    catch {
+        // File doesn't exist or is invalid — return empty
+    }
+    return { version: 1, records: {} };
+}
+function writeFile(data) {
+    fs.mkdirSync(RECORDS_DIR, { recursive: true });
+    const tmp = RECORDS_PATH + ".tmp";
+    fs.writeFileSync(tmp, JSON.stringify(data, null, 2), "utf-8");
+    fs.renameSync(tmp, RECORDS_PATH);
+}
+export function listRecords(workspace) {
+    const data = readFile();
+    let records = Object.values(data.records);
+    if (workspace) {
+        // Strict workspace filter — only show records tagged for this workspace.
+        // Untagged records belong to the default workspace.
+        records = records.filter((r) => (r.workspace ?? "taskmaster") === workspace);
+    }
+    return records.sort((a, b) => a.name.localeCompare(b.name));
+}
+export function getRecord(id) {
+    const data = readFile();
+    return data.records[id] ?? null;
+}
+export function searchRecords(query, workspace) {
+    const q = query.toLowerCase();
+    const data = readFile();
+    let records = Object.values(data.records);
+    if (workspace) {
+        // Strict workspace filter — same as listRecords
+        records = records.filter((r) => (r.workspace ?? "taskmaster") === workspace);
+    }
+    return records.filter((r) => r.id.includes(q) || r.name.toLowerCase().includes(q));
+}
+export function setRecord(id, input) {
+    const data = readFile();
+    const now = new Date().toISOString();
+    const existing = data.records[id];
+    const record = {
+        id,
+        name: input.name,
+        workspace: input.workspace ?? existing?.workspace,
+        createdAt: existing?.createdAt ?? now,
+        updatedAt: now,
+        fields: input.fields,
+    };
+    data.records[id] = record;
+    writeFile(data);
+    return record;
+}
+export function deleteRecord(id) {
+    const data = readFile();
+    if (!data.records[id])
+        return false;
+    delete data.records[id];
+    writeFile(data);
+    return true;
+}
+export function setRecordField(id, key, value) {
+    const data = readFile();
+    const record = data.records[id];
+    if (!record)
+        return null;
+    record.fields[key] = value;
+    record.updatedAt = new Date().toISOString();
+    writeFile(data);
+    return record;
+}
+export function deleteRecordField(id, key) {
+    const data = readFile();
+    const record = data.records[id];
+    if (!record)
+        return null;
+    delete record.fields[key];
+    record.updatedAt = new Date().toISOString();
+    writeFile(data);
+    return record;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/taskmaster",
-  "version": "1.0.5",
+  "version": "1.0.7",
   "description": "AI-powered business assistant for small businesses",
   "publishConfig": {
     "access": "public"
@@ -72,7 +72,10 @@
     "dist/markdown/**",
     "dist/node-host/**",
     "dist/pairing/**",
-    "dist/whatsapp/**"
+    "dist/whatsapp/**",
+    "dist/records/**",
+    "dist/filler/**",
+    "dist/license/**"
   ],
   "scripts": {
     "dev": "node scripts/run-node.mjs",

package/scripts/install.sh

@@ -118,8 +118,74 @@ if [ -n "$PORT" ]; then
   PROVISION_ARGS="--port $PORT"
 fi
 
-# shellcheck disable=SC2086
-taskmaster provision $PROVISION_ARGS
+REAL_USER="${SUDO_USER:-$(whoami)}"
+MDNS_PORT="${PORT:-18789}"
+
+if [ "$(id -u)" = "0" ] && [ "$REAL_USER" != "root" ]; then
+  # ── Running as root via sudo ──
+  # Platform setup needs root. Provision (config, workspace, daemon) needs
+  # to run as the real user so paths resolve to their home and systemctl
+  # --user has a D-Bus session.
+
+  if [ "$PLATFORM" = "linux" ]; then
+    echo "Platform setup..."
+
+    # Avahi / mDNS
+    apt-get install -y avahi-daemon avahi-utils >/dev/null 2>&1 \
+      && echo "  avahi-daemon installed" \
+      || echo "  avahi-daemon install failed (continuing)"
+
+    # Hostname
+    hostnamectl set-hostname taskmaster 2>/dev/null \
+      && echo "  hostname set to 'taskmaster'" \
+      || echo "  hostname set failed (continuing)"
+
+    # mDNS service file
+    mkdir -p /etc/avahi/services
+    cat > /etc/avahi/services/taskmaster.service << XMLEOF
+<?xml version="1.0" standalone='no'?>
+<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+<service-group>
+  <name replace-wildcards="yes">Taskmaster on %h</name>
+  <service>
+    <type>_http._tcp</type>
+    <port>${MDNS_PORT}</port>
+    <txt-record>path=/</txt-record>
+  </service>
+</service-group>
+XMLEOF
+    systemctl restart avahi-daemon 2>/dev/null || true
+    echo "  mDNS service registered on port $MDNS_PORT"
+
+    # Enable user services so systemctl --user works after logout
+    REAL_UID=$(id -u "$REAL_USER")
+    loginctl enable-linger "$REAL_USER" 2>/dev/null || true
+    systemctl start "user@${REAL_UID}.service" 2>/dev/null || true
+
+    # Wait for user D-Bus session bus
+    for _i in $(seq 1 10); do
+      [ -S "/run/user/$REAL_UID/bus" ] && break
+      sleep 0.5
+    done
+  fi
+
+  # Resolve real user's home
+  REAL_HOME=$(getent passwd "$REAL_USER" 2>/dev/null | cut -d: -f6)
+  [ -z "$REAL_HOME" ] && REAL_HOME="/home/$REAL_USER"
+  REAL_UID=$(id -u "$REAL_USER")
+
+  # Run provision as the real user
+  # shellcheck disable=SC2086
+  sudo -u "$REAL_USER" \
+    HOME="$REAL_HOME" \
+    XDG_RUNTIME_DIR="/run/user/$REAL_UID" \
+    DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$REAL_UID/bus" \
+    taskmaster provision --skip-platform $PROVISION_ARGS
+else
+  # Not root, or running as actual root — run provision normally
+  # shellcheck disable=SC2086
+  taskmaster provision $PROVISION_ARGS
+fi
 
 echo ""
 echo "Installation complete."

package/skills/event-management/SKILL.md

@@ -1,3 +1,8 @@
+---
+name: event-management
+description: "Manage anything time-bound: appointments, meetings, reminders, follow-ups, callbacks, deadlines — any scheduled action between one or more parties."
+---
+
 # Event Management
 
 Applies when handling anything time-bound: appointments, meetings, reminders, follow-ups, callbacks, deadlines — any commitment or scheduled action between one or more parties.

package/skills/taskmaster/SKILL.md

@@ -1,15 +1,9 @@
-# Taskmaster Product Skill
-
-<description>
-Handle enquiries about Taskmaster — the AI business assistant for UK tradespeople.
-</description>
+---
+name: taskmaster
+description: "Handle enquiries about Taskmaster — the AI business assistant for small businesses. Product info, pricing, signup, licensing, and support."
+---
 
-<triggers>
-- Questions about Taskmaster, the product, pricing, or signup
-- "What is Taskmaster?", "How does it work?", "How much does it cost?"
-- Interest in AI assistant for trades business
-- Requests for demo, trial, or signup
-</triggers>
+# Taskmaster Product Skill
 
 ---