@rubytech/taskmaster 1.0.81 → 1.0.82

package/dist/agents/workspace.js

@@ -132,7 +132,12 @@ export async function ensureAgentWorkspace(params) {
         .access(bootstrapDonePath)
         .then(() => true)
         .catch(() => false);
-    if (!bootstrapDone) {
+    // Only write BOOTSTRAP.md for brand-new workspaces.  If other workspace
+    // files already exist (IDENTITY.md, SOUL.md, etc.) the workspace has been
+    // bootstrapped — don't re-create BOOTSTRAP.md even if .bootstrap-done is
+    // missing.  This prevents the onboarding flow from re-activating after a
+    // restart, session reset, or AI failure to write the sentinel.
+    if (!bootstrapDone && isBrandNewWorkspace) {
         await writeFileIfMissing(bootstrapPath, bootstrapTemplate);
     }
     await ensureGitRepo(dir, isBrandNewWorkspace);
@@ -179,8 +184,19 @@ export async function loadWorkspaceBootstrapFiles(dir) {
             filePath: path.join(resolvedDir, DEFAULT_BOOTSTRAP_FILENAME),
         },
     ];
+    // If .bootstrap-done exists, treat BOOTSTRAP.md as absent so the onboarding
+    // flow is never injected into agent context on a bootstrapped workspace.
+    const bootstrapDonePath = path.join(resolvedDir, BOOTSTRAP_DONE_SENTINEL);
+    const bootstrapDone = await fs
+        .access(bootstrapDonePath)
+        .then(() => true)
+        .catch(() => false);
     const result = [];
     for (const entry of entries) {
+        if (bootstrapDone && entry.name === DEFAULT_BOOTSTRAP_FILENAME) {
+            result.push({ name: entry.name, path: entry.filePath, missing: true });
+            continue;
+        }
         try {
             const content = await fs.readFile(entry.filePath, "utf-8");
             result.push({

package/dist/build-info.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.0.81",
-  "commit": "a402844e35cc24943b6f70f99f815b821447d02e",
-  "builtAt": "2026-02-20T21:39:25.223Z"
+  "version": "1.0.82",
+  "commit": "4707adc4b128245c2e265a9e6fec6b2d0315ad08",
+  "builtAt": "2026-02-20T22:56:04.720Z"
 }

package/dist/gateway/server-methods/files.js

@@ -6,9 +6,19 @@ import { ErrorCodes, errorShape } from "../protocol/index.js";
 const MAX_PREVIEW_BYTES = 256 * 1024; // 256 KB for preview
 const MAX_DOWNLOAD_BYTES = 5 * 1024 * 1024; // 5 MB for download
 const MAX_UPLOAD_BYTES = 5 * 1024 * 1024; // 5 MB for upload
+/**
+ * Multi-agent workspaces set each agent's workspace to a subdirectory
+ * (e.g. ~/taskmaster/agents/admin).  The files page should show the
+ * workspace root (~/taskmaster), not the agent subdir.
+ */
+function stripAgentSubdir(agentWorkspaceDir) {
+    const normalised = agentWorkspaceDir.replace(/\/+$/, "");
+    const match = normalised.match(/^(.+)\/agents\/[^/]+$/);
+    return match ? match[1] : normalised;
+}
 function resolveWorkspaceRoot() {
     const cfg = loadConfig();
-    return resolveAgentWorkspaceDir(cfg, resolveDefaultAgentId(cfg));
+    return stripAgentSubdir(resolveAgentWorkspaceDir(cfg, resolveDefaultAgentId(cfg)));
 }
 /**
  * Resolve workspace root from request params.
@@ -20,7 +30,7 @@ function resolveWorkspaceForRequest(params) {
     if (!agentId)
         return resolveWorkspaceRoot();
     const cfg = loadConfig();
-    return resolveAgentWorkspaceDir(cfg, agentId);
+    return stripAgentSubdir(resolveAgentWorkspaceDir(cfg, agentId));
 }
 /**
  * Validate and resolve a relative path within the workspace.

package/dist/gateway/server-methods/web.js

@@ -4,6 +4,15 @@ import { ErrorCodes, errorShape, formatValidationErrors, validateWebLoginStartPa
 import { formatForLog } from "../ws-log.js";
 const WEB_LOGIN_METHODS = new Set(["web.login.start", "web.login.wait"]);
 const resolveWebLoginProvider = () => listChannelPlugins().find((plugin) => (plugin.gatewayMethods ?? []).some((method) => WEB_LOGIN_METHODS.has(method))) ?? null;
+/**
+ * Given an admin agent ID, find the matching public agent.
+ * "admin" → "public", "foo-admin" → "foo-public".
+ */
+function resolvePublicCounterpart(adminAgentId, agents) {
+    const lower = adminAgentId.toLowerCase();
+    const target = lower === "admin" ? "public" : adminAgentId.replace(/-admin$/i, "-public");
+    return agents.find((a) => (a.id ?? "").toLowerCase() === target.toLowerCase())?.id ?? undefined;
+}
 /**
  * After a successful WhatsApp QR pairing, auto-create a paired admin binding
  * for the self phone number.  This is the single code path for all businesses:
@@ -101,9 +110,31 @@ async function ensurePairedAdminBinding(selfPhone, accountId) {
             },
             meta: { paired: true },
         };
+        const newBindings = [newBinding];
+        // Ensure a channel-level catch-all for the public agent so unbound DMs
+        // route to public, not admin.  Without this, the routing default fallback
+        // sends every unknown phone number to admin.
+        const publicAgentId = resolvePublicCounterpart(adminAgentId, agents);
+        if (publicAgentId) {
+            const hasPublicCatchAll = bindings.some((b) => b.agentId === publicAgentId &&
+                b.match.channel === "whatsapp" &&
+                !b.match.peer &&
+                !b.match.guildId &&
+                !b.match.teamId);
+            if (!hasPublicCatchAll) {
+                newBindings.push({
+                    agentId: publicAgentId,
+                    match: {
+                        channel: "whatsapp",
+                        ...(accountId ? { accountId } : {}),
+                    },
+                });
+                console.log(`[web] ensurePairedAdminBinding: created catch-all binding for ${publicAgentId} (account=${effectiveAccount})`);
+            }
+        }
         const updatedCfg = {
             ...cfg,
-            bindings: [...bindings, newBinding],
+            bindings: [...bindings, ...newBindings],
         };
         await writeConfigFile(updatedCfg);
         console.log(`[web] ensurePairedAdminBinding: created paired binding for ${adminAgentId} → ${selfPhone} (account=${effectiveAccount})`);

package/dist/routing/resolve-route.js

@@ -1,4 +1,4 @@
-import { resolveDefaultAgentId } from "../agents/agent-scope.js";
+import { resolveDefaultAgentId, listAgentIds } from "../agents/agent-scope.js";
 import { listBindings } from "./bindings.js";
 import { buildAgentMainSessionKey, buildAgentPeerSessionKey, DEFAULT_ACCOUNT_ID, DEFAULT_MAIN_KEY, normalizeAgentId, sanitizeAgentId, } from "./session-key.js";
 export { DEFAULT_ACCOUNT_ID, DEFAULT_AGENT_ID } from "./session-key.js";
@@ -136,5 +136,28 @@ export function resolveAgentRoute(input) {
     const anyAccountMatch = bindings.find((b) => b.match?.accountId?.trim() === "*" && !b.match?.peer && !b.match?.guildId && !b.match?.teamId);
     if (anyAccountMatch)
         return choose(anyAccountMatch.agentId, "binding.channel");
-    return choose(resolveDefaultAgentId(input.cfg), "default");
+    // Admin agents should only be reached via explicit peer binding.
+    // When falling to default for a DM, prefer a public counterpart so that
+    // unbound phone numbers never route to admin.
+    const defaultId = resolveDefaultAgentId(input.cfg);
+    if (peer) {
+        const publicFallback = resolvePublicFallback(input.cfg, defaultId);
+        if (publicFallback)
+            return choose(publicFallback, "default");
+    }
+    return choose(defaultId, "default");
+}
+/**
+ * When the default agent is an admin agent and a public counterpart exists,
+ * return the public agent ID.  This prevents unbound DMs from reaching admin.
+ */
+function resolvePublicFallback(cfg, defaultId) {
+    const lower = defaultId.toLowerCase();
+    const isAdmin = lower === "admin" || lower.endsWith("-admin");
+    if (!isAdmin)
+        return undefined;
+    const allIds = listAgentIds(cfg);
+    // "foo-admin" → "foo-public"; "admin" → "public"
+    const publicId = lower === "admin" ? "public" : defaultId.replace(/-admin$/i, "-public");
+    return allIds.find((id) => id.toLowerCase() === publicId.toLowerCase());
 }

package/dist/web/auth-store.js

@@ -107,8 +107,17 @@ async function clearLegacyBaileysAuthState(authDir) {
 export async function logoutWeb(params) {
     const runtime = params.runtime ?? defaultRuntime;
     const resolvedAuthDir = resolveUserPath(params.authDir ?? resolveDefaultWebAuthDir());
-    const exists = await webAuthExists(resolvedAuthDir);
-    if (!exists) {
+    // Check whether the auth directory exists on disk — not whether creds are
+    // valid JSON.  Corrupt or partial state must still be cleaned up.
+    let dirExists = false;
+    try {
+        await fs.access(resolvedAuthDir);
+        dirExists = true;
+    }
+    catch {
+        // directory doesn't exist
+    }
+    if (!dirExists) {
         runtime.log(info("No WhatsApp Web session found; nothing to delete."));
         return false;
     }

package/dist/web/login-qr.js

@@ -79,14 +79,14 @@ export async function startWebLoginWithQr(opts = {}) {
             message: `WhatsApp is already linked (${who}). Say "relink" if you want a fresh QR.`,
         };
     }
-    // Force mode: clear stale credentials before generating new QR
-    if (hasWeb && opts.force) {
-        await logoutWeb({
-            authDir: account.authDir,
-            isLegacyAuthDir: account.isLegacyAuthDir,
-            runtime,
-        });
-    }
+    // Always clear credentials before generating a new QR.  Even when
+    // webAuthExists() returns false, corrupt or partial files may remain on disk
+    // and cause Baileys to generate QR codes that WhatsApp rejects.
+    await logoutWeb({
+        authDir: account.authDir,
+        isLegacyAuthDir: account.isLegacyAuthDir,
+        runtime,
+    });
     const existing = activeLogins.get(account.accountId);
     if (existing && isLoginFresh(existing) && existing.qrDataUrl) {
         return {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/taskmaster",
-  "version": "1.0.81",
+  "version": "1.0.82",
   "description": "AI-powered business assistant for small businesses",
   "publishConfig": {
     "access": "public"