@rubytech/taskmaster 1.12.1 → 1.12.3

package/dist/agents/taskmaster-tools.js

@@ -21,6 +21,7 @@ import { createWebFetchTool, createWebSearchTool } from "./tools/web-tools.js";
 import { createTtsTool } from "./tools/tts-tool.js";
 import { createCurrentTimeTool } from "./tools/current-time.js";
 import { createAuthorizeAdminTool, createListAdminsTool, createRevokeAdminTool, } from "./tools/authorize-admin-tool.js";
+import { createBootstrapCompleteTool } from "./tools/bootstrap-tool.js";
 import { createLicenseGenerateTool } from "./tools/license-tool.js";
 import { createContactCreateTool } from "./tools/contact-create-tool.js";
 import { createContactDeleteTool } from "./tools/contact-delete-tool.js";
@@ -147,9 +148,10 @@ export function createTaskmasterTools(options) {
             sandboxRoot: options?.sandboxRoot,
         }),
         createCurrentTimeTool({ config: options?.config }),
-        createAuthorizeAdminTool(),
-        createRevokeAdminTool(),
-        createListAdminsTool(),
+        createAuthorizeAdminTool({ agentAccountId: options?.agentAccountId }),
+        createRevokeAdminTool({ agentAccountId: options?.agentAccountId }),
+        createListAdminsTool({ agentAccountId: options?.agentAccountId }),
+        createBootstrapCompleteTool({ agentSessionKey: options?.agentSessionKey }),
         createLicenseGenerateTool(),
         createContactCreateTool(),
         createContactDeleteTool(),

package/dist/agents/tool-policy.js

@@ -45,7 +45,7 @@ export const TOOL_GROUPS = {
         "verify_contact_code",
     ],
     // Admin management tools
-    "group:admin": ["authorize_admin", "revoke_admin", "list_admins"],
+    "group:admin": ["authorize_admin", "revoke_admin", "list_admins", "bootstrap_complete"],
     // Control panel tools — expose setup/dashboard functionality to agents
     "group:control-panel": [
         "system_status",

package/dist/agents/tools/authorize-admin-tool.js

@@ -13,9 +13,30 @@ function normalizePhoneNumber(input) {
     return `+${digits}`;
 }
 /**
- * Check if a binding already exists for this peer.
+ * Resolve the admin agent ID for a given account.
+ * Looks up the existing paired-admin binding for the account, which is the
+ * authoritative record of which agent handles admin DMs. Falls back to the
+ * naming convention "{accountId}-admin", then to "admin" when no account scope.
  */
-function findExistingBinding(bindings, channel, peerId) {
+function resolveAdminAgentId(bindings, accountId) {
+    if (accountId) {
+        const paired = bindings.find((b) => b.match.channel === "whatsapp" &&
+            b.match.accountId === accountId &&
+            b.match.peer?.kind === "dm" &&
+            b.meta?.paired === true);
+        if (paired)
+            return paired.agentId;
+        return `${accountId}-admin`;
+    }
+    return "admin";
+}
+/**
+ * Check if a binding already exists for this peer, optionally scoped to an account.
+ * When accountId is provided, bindings for a different specific account are not
+ * considered conflicts — only bindings for the same account or cross-account
+ * wildcards (no accountId) are.
+ */
+function findExistingBinding(bindings, channel, peerId, accountId) {
     const normalizedPeerId = peerId.toLowerCase();
     return bindings.find((b) => {
         if (b.match.channel !== channel)
@@ -23,7 +44,16 @@ function findExistingBinding(bindings, channel, peerId) {
         if (b.match.peer?.kind !== "dm")
             return false;
         const existingId = b.match.peer.id?.toLowerCase();
-        return existingId === normalizedPeerId;
+        if (existingId !== normalizedPeerId)
+            return false;
+        // When an account scope is given, exclude bindings scoped to a different account.
+        // A binding with no accountId is a cross-account wildcard and always conflicts.
+        if (accountId !== undefined &&
+            b.match.accountId !== undefined &&
+            b.match.accountId !== accountId) {
+            return false;
+        }
+        return true;
     });
 }
 const AuthorizeAdminSchema = Type.Object({
@@ -37,7 +67,7 @@ const RevokeAdminSchema = Type.Object({
     }),
 });
 const ListAdminsSchema = Type.Object({});
-export function createAuthorizeAdminTool() {
+export function createAuthorizeAdminTool(options) {
     return {
         label: "Admin",
         name: "authorize_admin",
@@ -45,7 +75,7 @@ export function createAuthorizeAdminTool() {
         parameters: AuthorizeAdminSchema,
         execute: async (_toolCallId, params) => {
             const phoneNumber = normalizePhoneNumber(params.phoneNumber);
-            const agentId = "admin";
+            const accountId = options?.agentAccountId;
             // Validate phone number format
             if (!/^\+\d{7,15}$/.test(phoneNumber)) {
                 return jsonResult({
@@ -63,8 +93,10 @@ export function createAuthorizeAdminTool() {
             }
             const parsedConfig = structuredClone(snapshot.parsed);
             const existingBindings = (parsedConfig.bindings ?? []);
-            // Check if binding already exists
-            const existing = findExistingBinding(existingBindings, "whatsapp", phoneNumber);
+            // Resolve the admin agent for this account from the existing paired binding
+            const agentId = resolveAdminAgentId(existingBindings, accountId);
+            // Check if binding already exists within this account scope
+            const existing = findExistingBinding(existingBindings, "whatsapp", phoneNumber, accountId);
             if (existing) {
                 if (existing.agentId === agentId) {
                     return jsonResult({
@@ -79,16 +111,19 @@ export function createAuthorizeAdminTool() {
                     error: `${phoneNumber} is already bound to the ${existing.agentId} agent. Remove that binding first.`,
                 });
             }
-            // Create new binding
+            // Create new binding scoped to this agent and account
             const newBinding = {
                 agentId,
                 match: {
                     channel: "whatsapp",
+                    ...(accountId ? { accountId } : {}),
                     peer: { kind: "dm", id: phoneNumber },
                 },
             };
-            // Insert before the catch-all binding (accountId: "*")
-            const catchAllIndex = existingBindings.findIndex((b) => b.match.channel === "whatsapp" && b.match.accountId === "*");
+            // Insert before the catch-all binding for this account (channel binding with no peer)
+            const catchAllIndex = existingBindings.findIndex((b) => b.match.channel === "whatsapp" &&
+                !b.match.peer &&
+                (accountId ? b.match.accountId === accountId : b.match.accountId === "*"));
             let updatedBindings;
             if (catchAllIndex >= 0) {
                 updatedBindings = [
@@ -111,7 +146,7 @@ export function createAuthorizeAdminTool() {
                 });
             }
             await writeConfigFile(validated.config);
-            logVerbose(`Authorized admin: ${phoneNumber} -> ${agentId}`);
+            logVerbose(`Authorized admin: ${phoneNumber} -> ${agentId}${accountId ? ` (account: ${accountId})` : ""}`);
             return jsonResult({
                 success: true,
                 message: `Authorized ${phoneNumber} as an admin. They now have full management access.`,
@@ -120,7 +155,7 @@ export function createAuthorizeAdminTool() {
         },
     };
 }
-export function createRevokeAdminTool() {
+export function createRevokeAdminTool(options) {
     return {
         label: "Admin",
         name: "revoke_admin",
@@ -128,6 +163,7 @@ export function createRevokeAdminTool() {
         parameters: RevokeAdminSchema,
         execute: async (_toolCallId, params) => {
             const phoneNumber = normalizePhoneNumber(params.phoneNumber);
+            const accountId = options?.agentAccountId;
             const snapshot = await readConfigFileSnapshot();
             if (!snapshot.valid || !snapshot.parsed || typeof snapshot.parsed !== "object") {
                 return jsonResult({
@@ -137,7 +173,7 @@ export function createRevokeAdminTool() {
             }
             const parsedConfig = structuredClone(snapshot.parsed);
             const existingBindings = (parsedConfig.bindings ?? []);
-            const existing = findExistingBinding(existingBindings, "whatsapp", phoneNumber);
+            const existing = findExistingBinding(existingBindings, "whatsapp", phoneNumber, accountId);
             if (!existing) {
                 return jsonResult({
                     success: false,
@@ -155,7 +191,7 @@ export function createRevokeAdminTool() {
                 });
             }
             await writeConfigFile(validated.config);
-            logVerbose(`Revoked admin: ${phoneNumber}`);
+            logVerbose(`Revoked admin: ${phoneNumber}${accountId ? ` (account: ${accountId})` : ""}`);
             return jsonResult({
                 success: true,
                 message: `Revoked admin access for ${phoneNumber}.`,
@@ -164,7 +200,7 @@ export function createRevokeAdminTool() {
         },
     };
 }
-export function createListAdminsTool() {
+export function createListAdminsTool(options) {
     return {
         label: "Admin",
         name: "list_admins",
@@ -173,15 +209,20 @@ export function createListAdminsTool() {
         execute: async (_toolCallId) => {
             const cfg = loadConfig();
             const bindings = cfg.bindings ?? [];
+            const accountId = options?.agentAccountId;
+            // Resolve the admin agent for this account so we only list admins scoped here
+            const agentId = resolveAdminAgentId(bindings, accountId);
             const admins = bindings
                 .filter((b) => {
-                // Accept both "admin" and legacy "management" agent IDs
-                if (b.agentId !== "admin" && b.agentId !== "management")
+                if (b.agentId !== agentId)
                     return false;
                 if (b.match.channel !== "whatsapp")
                     return false;
                 if (b.match.peer?.kind !== "dm")
                     return false;
+                // Exclude bindings scoped to a different account
+                if (accountId && b.match.accountId && b.match.accountId !== accountId)
+                    return false;
                 return Boolean(b.match.peer.id);
             })
                 .map((b) => b.match.peer?.id)

package/dist/agents/tools/bootstrap-tool.js

@@ -0,0 +1,51 @@
+import { promises as fs } from "fs";
+import path from "path";
+import { Type } from "@sinclair/typebox";
+import { resolveAgentWorkspaceDir } from "../agent-scope.js";
+import { loadConfig } from "../../config/config.js";
+import { logVerbose } from "../../globals.js";
+import { DEFAULT_BOOTSTRAP_FILENAME, BOOTSTRAP_DONE_SENTINEL } from "../workspace.js";
+import { resolveSessionAgentId } from "../agent-scope.js";
+import { jsonResult } from "./common.js";
+const BootstrapCompleteSchema = Type.Object({});
+/**
+ * Tool that marks agent bootstrap as complete.
+ * Writes the .bootstrap-done sentinel (suppresses future BOOTSTRAP.md injection)
+ * and removes BOOTSTRAP.md if it exists.
+ *
+ * This is a privileged action — agents cannot write to the agents/ directory via
+ * general file tools, so this dedicated tool provides the safe, auditable path.
+ */
+export function createBootstrapCompleteTool(opts) {
+    return {
+        label: "Setup",
+        name: "bootstrap_complete",
+        description: "Mark the initial setup as complete. Writes the .bootstrap-done sentinel so the setup guide is never shown again, then removes BOOTSTRAP.md. Call this after completing all steps in BOOTSTRAP.md.",
+        parameters: BootstrapCompleteSchema,
+        execute: async (_toolCallId) => {
+            const cfg = loadConfig();
+            const agentId = opts?.agentSessionKey
+                ? resolveSessionAgentId({ sessionKey: opts.agentSessionKey, config: cfg })
+                : undefined;
+            if (!agentId) {
+                return jsonResult({ success: false, error: "Cannot resolve agent identity." });
+            }
+            const workspaceDir = resolveAgentWorkspaceDir(cfg, agentId);
+            const sentinelPath = path.join(workspaceDir, BOOTSTRAP_DONE_SENTINEL);
+            const bootstrapPath = path.join(workspaceDir, DEFAULT_BOOTSTRAP_FILENAME);
+            // Write the sentinel — this suppresses BOOTSTRAP.md injection on all future runs.
+            await fs.writeFile(sentinelPath, "", "utf-8");
+            logVerbose(`bootstrap_complete: wrote sentinel ${sentinelPath}`);
+            // Remove BOOTSTRAP.md if present — no longer needed once the sentinel exists.
+            const removed = await fs
+                .unlink(bootstrapPath)
+                .then(() => true)
+                .catch(() => false);
+            logVerbose(`bootstrap_complete: BOOTSTRAP.md ${removed ? "removed" : "already absent"}`);
+            return jsonResult({
+                success: true,
+                message: "Setup complete. This onboarding guide will no longer appear.",
+            });
+        },
+    };
+}

package/dist/agents/tools/cron-tool.js

@@ -231,31 +231,44 @@ Use jobId as the canonical identifier; id is accepted for compatibility. Use con
                         throw new Error("patch required");
                     }
                     const patch = normalizeCronJobPatch(params.patch) ?? params.patch;
-                    return jsonResult(await callGatewayTool("cron.update", gatewayOpts, {
-                        id,
-                        patch,
-                    }));
+                    const updatePayload = { id, patch };
+                    const updateAccountId = opts?.agentAccountId;
+                    if (updateAccountId)
+                        updatePayload.accountId = updateAccountId;
+                    return jsonResult(await callGatewayTool("cron.update", gatewayOpts, updatePayload));
                 }
                 case "remove": {
                     const id = readStringParam(params, "jobId") ?? readStringParam(params, "id");
                     if (!id) {
                         throw new Error("jobId required (id accepted for backward compatibility)");
                     }
-                    return jsonResult(await callGatewayTool("cron.remove", gatewayOpts, { id }));
+                    const removePayload = { id };
+                    const removeAccountId = opts?.agentAccountId;
+                    if (removeAccountId)
+                        removePayload.accountId = removeAccountId;
+                    return jsonResult(await callGatewayTool("cron.remove", gatewayOpts, removePayload));
                 }
                 case "run": {
                     const id = readStringParam(params, "jobId") ?? readStringParam(params, "id");
                     if (!id) {
                         throw new Error("jobId required (id accepted for backward compatibility)");
                     }
-                    return jsonResult(await callGatewayTool("cron.run", gatewayOpts, { id }));
+                    const runPayload = { id };
+                    const runAccountId = opts?.agentAccountId;
+                    if (runAccountId)
+                        runPayload.accountId = runAccountId;
+                    return jsonResult(await callGatewayTool("cron.run", gatewayOpts, runPayload));
                 }
                 case "runs": {
                     const id = readStringParam(params, "jobId") ?? readStringParam(params, "id");
                     if (!id) {
                         throw new Error("jobId required (id accepted for backward compatibility)");
                     }
-                    return jsonResult(await callGatewayTool("cron.runs", gatewayOpts, { id }));
+                    const runsPayload = { id };
+                    const runsAccountId = opts?.agentAccountId;
+                    if (runsAccountId)
+                        runsPayload.accountId = runsAccountId;
+                    return jsonResult(await callGatewayTool("cron.runs", gatewayOpts, runsPayload));
                 }
                 case "wake": {
                     const text = readStringParam(params, "text", { required: true });

package/dist/build-info.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.12.1",
-  "commit": "9b25ea5bacf5efb9a4ad6dadef692ee7a44e7915",
-  "builtAt": "2026-03-02T10:53:03.436Z"
+  "version": "1.12.3",
+  "commit": "3cb091fd087b2e5768cafce7e369b258e4130f0c",
+  "builtAt": "2026-03-02T19:12:56.794Z"
 }

package/dist/commands/agents.config.js

@@ -90,6 +90,7 @@ export function applyAgentConfig(cfg, params) {
         ...(params.workspace ? { workspace: params.workspace } : {}),
         ...(params.agentDir ? { agentDir: params.agentDir } : {}),
         ...(params.model ? { model: params.model } : {}),
+        ...(params.tools ? { tools: params.tools } : {}),
     };
     const nextList = [...list];
     if (index >= 0) {