@rubytech/taskmaster 1.1.1 → 1.2.1

package/dist/control-ui/index.html

@@ -6,8 +6,8 @@
     <title>Taskmaster Control</title>
     <meta name="color-scheme" content="dark light" />
     <link rel="icon" type="image/png" href="./favicon.png" />
-    <script type="module" crossorigin src="./assets/index-DzlEdl36.js"></script>
-    <link rel="stylesheet" crossorigin href="./assets/index-DTaSylHl.css">
+    <script type="module" crossorigin src="./assets/index-N8du4fwV.js"></script>
+    <link rel="stylesheet" crossorigin href="./assets/index-DtQHRIVD.css">
   </head>
   <body>
     <taskmaster-app></taskmaster-app>

package/dist/gateway/chat-sanitize.js

@@ -130,6 +130,7 @@ export function stripEnvelopeFromMessages(messages) {
 // 2. Remove base64 image blocks from content
 // 3. Add { type: "image", url: "/api/media?path=..." } blocks
 // ---------------------------------------------------------------------------
+import nodeFs from "node:fs";
 import nodePath from "node:path";
 function isBase64ImageBlock(block) {
     if (!block || typeof block !== "object")
@@ -175,10 +176,46 @@ function extractMediaRefs(text) {
 }
 // Pattern: MEDIA:/absolute/path (used by tool results like image_generate)
 const MEDIA_PREFIX_PATTERN = /\bMEDIA:(\S+)/g;
+/** Map file extension to MIME type for MEDIA: refs. */
+export function mimeFromExt(ext) {
+    switch (ext) {
+        case "jpg":
+        case "jpeg":
+            return "image/jpeg";
+        case "png":
+            return "image/png";
+        case "gif":
+            return "image/gif";
+        case "webp":
+            return "image/webp";
+        case "heic":
+            return "image/heic";
+        case "heif":
+            return "image/heif";
+        case "bmp":
+            return "image/bmp";
+        case "tiff":
+        case "tif":
+            return "image/tiff";
+        case "pdf":
+            return "application/pdf";
+        case "mp3":
+            return "audio/mpeg";
+        case "ogg":
+        case "oga":
+            return "audio/ogg";
+        case "wav":
+            return "audio/wav";
+        case "m4a":
+            return "audio/mp4";
+        default:
+            return "application/octet-stream";
+    }
+}
 /**
  * Parse MEDIA:/path references from text to extract file paths.
- * Tool results (e.g. image_generate) use this format instead of
- * [media attached: ...] annotations.
+ * Tool results (e.g. image_generate, document_to_pdf) use this format
+ * instead of [media attached: ...] annotations.
  */
 function extractMediaPrefixRefs(text) {
     if (!text.includes("MEDIA:"))
@@ -190,8 +227,7 @@ function extractMediaPrefixRefs(text) {
         const absPath = match[1]?.trim();
         if (absPath) {
             const ext = absPath.split(".").pop()?.toLowerCase() ?? "";
-            const mimeType = ext === "jpg" || ext === "jpeg" ? "image/jpeg" : "image/png";
-            refs.push({ absPath, mimeType });
+            refs.push({ absPath, mimeType: mimeFromExt(ext) });
         }
     }
     return refs;
@@ -201,7 +237,14 @@ function mediaRefToUrl(ref, workspaceRoot) {
     // Must stay within workspace (no ../ escapes)
     if (relPath.startsWith("..") || nodePath.isAbsolute(relPath))
         return null;
-    return `/api/media?path=${encodeURIComponent(relPath)}`;
+    // Append file mtime as cache buster so updated files are never served stale.
+    let mtime = "";
+    try {
+        const stat = nodeFs.statSync(ref.absPath);
+        mtime = `&t=${stat.mtimeMs | 0}`;
+    }
+    catch { /* file may not exist yet */ }
+    return `/api/media?path=${encodeURIComponent(relPath)}${mtime}`;
 }
 function stripBase64FromContentBlocks(content) {
     let changed = false;
@@ -254,8 +297,11 @@ export function stripBase64ImagesFromMessages(messages) {
 /**
  * Sanitize media in chat messages for UI display.
  * - Extracts file paths from [media attached: ...] text annotations
+ * - Extracts file paths from MEDIA:/path annotations (all messages)
  * - Removes base64 image blocks
- * - Creates URL-based image references for the /api/media endpoint
+ * - Creates URL-based image/file references for the /api/media endpoint
+ * - Deduplicates by path so assistant echoes of tool results don't produce
+ *   duplicate blocks
  *
  * Must be called BEFORE stripEnvelopeFromMessages (which strips annotations).
  */
@@ -264,42 +310,62 @@ export function sanitizeMediaForChat(messages, workspaceRoot) {
         // No workspace context — fall back to plain base64 stripping
         return stripBase64ImagesFromMessages(messages);
     }
+    // Track paths within each assistant turn to prevent duplicate blocks when an
+    // assistant message echoes a MEDIA: ref that already appeared in a tool result.
+    // Reset at each user message so the same file can be re-shared in later turns.
+    const seenPaths = new Set();
     let changed = false;
     const next = messages.map((message) => {
-        const result = sanitizeMessageMedia(message, workspaceRoot);
+        // Reset dedup at user turn boundaries so files can appear again in later turns.
+        const entry = message;
+        const role = typeof entry?.role === "string" ? entry.role.toLowerCase() : "";
+        if (role === "user")
+            seenPaths.clear();
+        const result = sanitizeMessageMedia(message, workspaceRoot, seenPaths);
         if (result !== message)
             changed = true;
         return result;
     });
     return changed ? next : messages;
 }
-function sanitizeMessageMedia(message, workspaceRoot) {
+function sanitizeMessageMedia(message, workspaceRoot, seenPaths) {
     if (!message || typeof message !== "object")
         return message;
     const entry = message;
     // Collect media refs from text content (works for both string and array content).
-    // MEDIA: prefix refs are only extracted from tool result messages — assistant text
-    // may echo "MEDIA:" but that should not produce a duplicate image block.
-    const role = typeof entry.role === "string" ? entry.role.toLowerCase() : "";
-    const isToolResult = role === "toolresult" || role === "tool_result" ||
-        typeof entry.toolCallId === "string" || typeof entry.tool_call_id === "string";
-    const mediaRefs = extractMediaRefsFromMessage(entry, isToolResult);
-    // Build URL-based image blocks from annotations
+    // MEDIA: prefix refs are extracted from ALL messages — the agent may reference
+    // existing workspace files directly via MEDIA: in its response text. The
+    // seenPaths set prevents duplicates when an assistant echoes a MEDIA: ref that
+    // already appeared in a tool result.
+    const mediaRefs = extractMediaRefsFromMessage(entry, true);
+    // Build URL-based media blocks from annotations.
+    // Images become { type: "image" }, everything else becomes { type: "file" }.
+    // Skip paths already converted in an earlier message (dedup across conversation).
     const imageBlocks = [];
+    const fileBlocks = [];
     for (const ref of mediaRefs) {
+        if (seenPaths.has(ref.absPath))
+            continue;
         const url = mediaRefToUrl(ref, workspaceRoot);
-        if (url) {
+        if (!url)
+            continue;
+        seenPaths.add(ref.absPath);
+        if (ref.mimeType.startsWith("image/")) {
             imageBlocks.push({ type: "image", url });
         }
+        else {
+            const name = nodePath.basename(ref.absPath);
+            fileBlocks.push({ type: "file", url, name, mimeType: ref.mimeType });
+        }
     }
     if (!Array.isArray(entry.content)) {
-        // String content — no base64 blocks to strip, just add image blocks if found
-        if (imageBlocks.length === 0)
+        // String content — no base64 blocks to strip, just add media blocks if found
+        if (imageBlocks.length === 0 && fileBlocks.length === 0)
             return message;
         const textContent = typeof entry.content === "string" ? entry.content : "";
         return {
             ...entry,
-            content: [{ type: "text", text: textContent }, ...imageBlocks],
+            content: [{ type: "text", text: textContent }, ...imageBlocks, ...fileBlocks],
         };
     }
     // Array content — remove base64 image blocks, add URL-based ones
@@ -332,15 +398,47 @@ function sanitizeMessageMedia(message, workspaceRoot) {
             }
         }
     }
-    // Add URL-based image blocks from tool result annotations
-    if (imageBlocks.length > 0) {
+    // Add URL-based media blocks from tool result annotations
+    if (imageBlocks.length > 0 || fileBlocks.length > 0) {
         didChange = true;
-        filtered.push(...imageBlocks);
+        filtered.push(...imageBlocks, ...fileBlocks);
     }
     if (!didChange)
         return message;
     return { ...entry, content: filtered };
 }
+/**
+ * Extract file attachment metadata from messages (for API responses).
+ * Scans all messages for MEDIA: refs that point to non-image files
+ * and returns structured attachment objects with download URLs.
+ * Deduplicates by path.
+ */
+export function extractFileAttachments(messages, workspaceRoot) {
+    const attachments = [];
+    const seen = new Set();
+    for (const message of messages) {
+        if (!message || typeof message !== "object")
+            continue;
+        const entry = message;
+        const refs = extractMediaRefsFromMessage(entry, true);
+        for (const ref of refs) {
+            if (ref.mimeType.startsWith("image/"))
+                continue;
+            if (seen.has(ref.absPath))
+                continue;
+            const url = mediaRefToUrl(ref, workspaceRoot);
+            if (!url)
+                continue;
+            seen.add(ref.absPath);
+            attachments.push({
+                url,
+                name: nodePath.basename(ref.absPath),
+                mimeType: ref.mimeType,
+            });
+        }
+    }
+    return attachments;
+}
 function extractMediaRefsFromMessage(entry, includeMediaPrefix) {
     if (typeof entry.content === "string") {
         const refs = extractMediaRefs(entry.content);

package/dist/gateway/media-http.js

@@ -4,12 +4,13 @@ import { resolveAgentWorkspaceRoot } from "../agents/agent-scope.js";
 // ---------------------------------------------------------------------------
 // Workspace media file endpoint
 // ---------------------------------------------------------------------------
-// Serves image files from the workspace root so that chat history can display
-// inline images by URL instead of embedding base64 data in WebSocket messages.
+// Serves media files (images, PDFs, audio) from the workspace root so that
+// chat history can display inline images and file download cards by URL
+// instead of embedding base64 data in WebSocket messages.
 //
 // Route:  GET /api/media?path=<workspace-relative-path>
 // ---------------------------------------------------------------------------
-const ALLOWED_IMAGE_EXTENSIONS = new Set([
+const ALLOWED_MEDIA_EXTENSIONS = new Set([
     ".png",
     ".jpg",
     ".jpeg",
@@ -78,7 +79,7 @@ export function handleMediaRequest(req, res, opts) {
         return true;
     }
     const ext = path.extname(relPath).toLowerCase();
-    if (!ALLOWED_IMAGE_EXTENSIONS.has(ext)) {
+    if (!ALLOWED_MEDIA_EXTENSIONS.has(ext)) {
         res.statusCode = 403;
         res.end("Forbidden");
         return true;
@@ -108,7 +109,10 @@ export function handleMediaRequest(req, res, opts) {
     res.statusCode = 200;
     res.setHeader("Content-Type", contentType(ext));
     res.setHeader("Content-Length", stat.size);
-    res.setHeader("Cache-Control", "private, max-age=86400");
+    // Revalidate on every request so updated files (e.g. regenerated invoices)
+    // are never served stale. Last-Modified lets the browser use 304 for unchanged files.
+    res.setHeader("Cache-Control", "no-cache");
+    res.setHeader("Last-Modified", stat.mtime.toUTCString());
     if (req.method === "HEAD") {
         res.end();
     }

package/dist/gateway/public-chat-api.js

@@ -37,7 +37,7 @@ import { requestOtp, verifyOtp } from "./public-chat/otp.js";
 import { deliverOtp } from "./public-chat/deliver-otp.js";
 import { buildPublicSessionKey, resolvePublicAgentId } from "./public-chat/session.js";
 import { loadSessionEntry, readSessionMessages } from "./session-utils.js";
-import { sanitizeMediaForChat, stripEnvelopeFromMessages } from "./chat-sanitize.js";
+import { extractFileAttachments, sanitizeMediaForChat, stripEnvelopeFromMessages } from "./chat-sanitize.js";
 import { resolveWorkspaceRoot } from "./media-http.js";
 import { readJsonBodyOrError, sendInvalidRequest, sendJson, sendMethodNotAllowed, setSseHeaders, writeDone, } from "./http-common.js";
 // ---------------------------------------------------------------------------
@@ -442,11 +442,20 @@ async function handleChat(req, res, _accountId, cfg, maxBodyBytes) {
                     cfg,
                 }));
             }
+            // Extract file attachments from tool results in this session
+            const workspaceRoot = resolveWorkspaceRoot(cfg);
+            const { entry: sessionEntry, storePath } = loadSessionEntry(sessionKey);
+            let attachments = [];
+            if (sessionEntry?.sessionId && storePath) {
+                const sessionMsgs = readSessionMessages(sessionEntry.sessionId, storePath, sessionEntry.sessionFile);
+                attachments = extractFileAttachments(sessionMsgs, workspaceRoot);
+            }
             sendJson(res, 200, {
                 id: runId,
                 session_key: sessionKey,
                 message: combinedReply || null,
                 created: Math.floor(Date.now() / 1000),
+                ...(attachments.length > 0 ? { attachments } : {}),
             });
         }
         catch (err) {
@@ -484,7 +493,12 @@ async function handleChat(req, res, _accountId, cfg, maxBodyBytes) {
         }
         if (evt.stream === "lifecycle") {
             const phase = evt.data?.phase;
-            if (phase === "end" || phase === "error") {
+            if (phase === "end") {
+                // Don't close here — let the finally block emit file attachments
+                // before writing [DONE]. Just stop listening for further events.
+                unsubscribe();
+            }
+            else if (phase === "error") {
                 if (!closed) {
                     closed = true;
                     unsubscribe();
@@ -582,6 +596,21 @@ async function handleChat(req, res, _accountId, cfg, maxBodyBytes) {
         }
         finally {
             if (!closed) {
+                // Emit file attachments (e.g. PDFs from document_to_pdf) before closing
+                try {
+                    const workspaceRoot = resolveWorkspaceRoot(cfg);
+                    const { entry: sessionEntry, storePath } = loadSessionEntry(sessionKey);
+                    if (sessionEntry?.sessionId && storePath) {
+                        const sessionMsgs = readSessionMessages(sessionEntry.sessionId, storePath, sessionEntry.sessionFile);
+                        const attachments = extractFileAttachments(sessionMsgs, workspaceRoot);
+                        for (const att of attachments) {
+                            writeSse(res, { id: runId, type: "attachment", ...att });
+                        }
+                    }
+                }
+                catch {
+                    // Attachment extraction failure should not break the stream
+                }
                 closed = true;
                 unsubscribe();
                 writeDone(res);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/taskmaster",
-  "version": "1.1.1",
+  "version": "1.2.1",
   "description": "AI-powered business assistant for small businesses",
   "publishConfig": {
     "access": "public"