@rubytech/taskmaster 1.12.3 → 1.13.1

package/dist/control-ui/index.html

@@ -6,8 +6,8 @@
     <title>Taskmaster Control</title>
     <meta name="color-scheme" content="dark light" />
     <link rel="icon" type="image/png" href="./favicon.png" />
-    <script type="module" crossorigin src="./assets/index-CP9IoaZp.js"></script>
-    <link rel="stylesheet" crossorigin href="./assets/index-CpaEIgQy.css">
+    <script type="module" crossorigin src="./assets/index-BWqMMgRV.js"></script>
+    <link rel="stylesheet" crossorigin href="./assets/index-B8I8lMfz.css">
   </head>
   <body>
     <taskmaster-app></taskmaster-app>

package/dist/gateway/config-reload.js

@@ -47,6 +47,7 @@ const BASE_RELOAD_RULES_TAIL = [
     { prefix: "plugins", kind: "restart" },
     { prefix: "ui", kind: "none" },
     { prefix: "workspaces", kind: "none" },
+    { prefix: "business", kind: "none" },
     { prefix: "gateway.tailscale", kind: "none" },
     { prefix: "gateway", kind: "restart" },
     { prefix: "discovery", kind: "restart" },

package/dist/gateway/server-close.js

@@ -80,6 +80,14 @@ export function createGatewayCloseHandler(params) {
                 /* ignore */
             }
         }
+        if (params.infraFallbackAlertUnsub) {
+            try {
+                params.infraFallbackAlertUnsub();
+            }
+            catch {
+                /* ignore */
+            }
+        }
         params.chatRunState.clear();
         for (const c of params.clients) {
             try {

package/dist/gateway/server-methods/business.js

@@ -0,0 +1,31 @@
+import { loadConfig } from "../../config/config.js";
+import { isPublicAgentActive } from "../../business/opening-hours.js";
+export const businessHandlers = {
+    /**
+     * Return opening-hours config, publicAgentEnabled, and the combined open/closed status.
+     */
+    "business.openingHours.get": ({ respond }) => {
+        const cfg = loadConfig();
+        const openingHours = cfg.business?.openingHours ?? null;
+        const publicAgentEnabled = cfg.business?.publicAgentEnabled !== false;
+        const status = isPublicAgentActive(cfg.business);
+        respond(true, {
+            openingHours,
+            publicAgentEnabled,
+            currentlyOpen: status.open,
+            reason: status.reason,
+        });
+    },
+    /**
+     * Convenience endpoint for setting opening hours.
+     * Delegates to config.patch — the zod schema validates the shape, and
+     * config.patch handles base-hash validation, persistence, and restart.
+     * The UI should call config.patch directly with the business.openingHours path.
+     */
+    "business.openingHours.set": ({ respond }) => {
+        respond(true, {
+            ok: true,
+            note: "use config.patch with business.openingHours path",
+        });
+    },
+};

package/dist/gateway/server-methods/network.js

@@ -17,6 +17,19 @@ import { ErrorCodes, errorShape } from "../protocol/index.js";
 // ---------------------------------------------------------------------------
 // Hostname helpers
 // ---------------------------------------------------------------------------
+/**
+ * Extract a meaningful error message from an execFile failure.
+ * Node's execFile attaches `.stderr` to the thrown Error, which contains
+ * the actual diagnostic output (e.g. "Permission denied"). The `.message`
+ * property only has the generic "Command failed: ..." string.
+ */
+function execErrorDetail(err) {
+    if (err instanceof Error) {
+        const stderr = err.stderr?.trim();
+        return stderr || err.message;
+    }
+    return String(err);
+}
 /**
  * Validate a hostname per RFC 1123: letters, digits, hyphens, 1–63 chars,
  * cannot start or end with a hyphen.
@@ -67,12 +80,12 @@ async function setLocalHostname(hostname, log) {
     const platform = os.platform();
     if (platform === "darwin") {
         try {
-            await runExec("/usr/sbin/scutil", ["--set", "LocalHostName", hostname], {
+            await runExec("sudo", ["/usr/sbin/scutil", "--set", "LocalHostName", hostname], {
                 timeoutMs: 10_000,
             });
         }
         catch (err) {
-            const detail = err instanceof Error ? err.message : String(err);
+            const detail = execErrorDetail(err);
             log.warn(`network.setHostname: scutil failed: ${detail}`);
             return `Failed to set hostname: ${detail}`;
         }
@@ -80,20 +93,20 @@ async function setLocalHostname(hostname, log) {
     }
     if (platform === "linux") {
         try {
-            await runExec("hostnamectl", ["set-hostname", hostname], { timeoutMs: 10_000 });
+            await runExec("sudo", ["hostnamectl", "set-hostname", hostname], { timeoutMs: 10_000 });
         }
         catch (err) {
-            const detail = err instanceof Error ? err.message : String(err);
+            const detail = execErrorDetail(err);
             log.warn(`network.setHostname: hostnamectl failed: ${detail}`);
             return `Failed to set hostname: ${detail}`;
         }
         // Restart avahi-daemon so mDNS advertises the new hostname.
         try {
-            await runExec("systemctl", ["restart", "avahi-daemon"], { timeoutMs: 10_000 });
+            await runExec("sudo", ["systemctl", "restart", "avahi-daemon"], { timeoutMs: 10_000 });
         }
         catch (err) {
             // Non-fatal — hostname was set, but mDNS may take time to propagate.
-            const detail = err instanceof Error ? err.message : String(err);
+            const detail = execErrorDetail(err);
             log.warn(`network.setHostname: avahi-daemon restart failed: ${detail}`);
         }
         return null;

package/dist/gateway/server-methods/update.js

@@ -178,11 +178,27 @@ export const updateHandlers = {
                 durationMs: 0,
             };
         }
+        const versionSummary = `${result.before?.version ?? "?"} → ${result.after?.version ?? "?"}`;
         if (result.status === "ok") {
-            log.info(`software update completed (${result.mode}, ${result.durationMs}ms)`);
+            log.info(`software update completed: ${versionSummary} (${result.mode}, ${result.durationMs}ms)`);
         }
         else {
-            log.error(`software update ${result.status}: ${result.reason ?? "unknown"} (${result.mode}, ${result.durationMs}ms)`);
+            log.error(`software update ${result.status}: ${result.reason ?? "unknown"} [${versionSummary}] (${result.mode}, ${result.durationMs}ms)`);
+        }
+        // Log warnings from post-install verification
+        if (result.warnings?.length) {
+            for (const warning of result.warnings) {
+                log.error(`software update verification: ${warning}`);
+            }
+        }
+        // Log step output for diagnostics (even on success)
+        for (const step of result.steps) {
+            if (step.stderrTail) {
+                log.info(`update step ${step.name} stderr:\n${step.stderrTail}`);
+            }
+            if (step.stdoutTail) {
+                log.info(`update step ${step.name} stdout:\n${step.stdoutTail}`);
+            }
         }
         const payload = {
             kind: "update",
@@ -254,7 +270,8 @@ export const updateHandlers = {
                     // returns before our SIGTERM handler releases the port, causing the
                     // new process to fail with "port already in use" and crash-loop.
                     log.info("exiting for supervisor restart after global update");
-                    process.exit(0);
+                    // Allow a brief pause for async log buffers to flush before exit
+                    setTimeout(() => process.exit(0), 500);
                 })();
             }, delayMs);
             restart = { ok: true };

package/dist/gateway/server-methods.js

@@ -39,6 +39,7 @@ import { networkHandlers } from "./server-methods/network.js";
 import { wifiHandlers } from "./server-methods/wifi.js";
 import { workspacesHandlers } from "./server-methods/workspaces.js";
 import { brandHandlers } from "./server-methods/brand.js";
+import { businessHandlers } from "./server-methods/business.js";
 const ADMIN_SCOPE = "operator.admin";
 const READ_SCOPE = "operator.read";
 const WRITE_SCOPE = "operator.write";
@@ -107,6 +108,7 @@ const READ_METHODS = new Set([
     "memory.status",
     "memory.audit",
     "qr.generate",
+    "business.openingHours.get",
 ]);
 const WRITE_METHODS = new Set([
     "send",
@@ -200,7 +202,8 @@ function authorizeGatewayMethod(method, client) {
         method === "workspaces.remove" ||
         method === "memory.reindex" ||
         method === "memory.auditClear" ||
-        method === "system.uninstall") {
+        method === "system.uninstall" ||
+        method === "business.openingHours.set") {
         return errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.admin");
     }
     return errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.admin");
@@ -241,6 +244,7 @@ export const coreGatewayHandlers = {
     ...recordsHandlers,
     ...workspacesHandlers,
     ...brandHandlers,
+    ...businessHandlers,
     ...publicChatHandlers,
     ...qrHandlers,
     ...networkHandlers,

package/dist/gateway/server.impl.js

@@ -16,6 +16,9 @@ import { clearAgentRunContext, onAgentEvent } from "../infra/agent-events.js";
 import { onHeartbeatEvent } from "../infra/heartbeat-events.js";
 import { startHeartbeatRunner } from "../infra/heartbeat-runner.js";
 import { onInfraAlertEvent } from "../infra/infra-alert-events.js";
+import { sendCategorizedInfraAlert } from "../infra/heartbeat-infra-alert.js";
+import { resolveAgentBoundAccountId } from "../routing/bindings.js";
+import { resolveHeartbeatDeliveryTarget } from "../infra/outbound/targets.js";
 import { getMachineDisplayName } from "../infra/machine-name.js";
 import { ensureTaskmasterCliOnPath } from "../infra/path-env.js";
 import { primeRemoteSkillsCache, refreshRemoteBinsForConnectedNodes, setSkillsRemoteRegistry, } from "../infra/skills-remote.js";
@@ -178,6 +181,17 @@ export async function startGatewayServer(port = 18789, opts = {}) {
             log.warn(`gateway: failed to update config version stamp: ${String(err)}`);
         }
     }
+    // One-time consolidation of per-agent auth stores into the global store.
+    try {
+        const { consolidateAuthProfileStores } = await import("../agents/auth-profiles/consolidate.js");
+        const authChanges = consolidateAuthProfileStores();
+        if (authChanges.length > 0) {
+            log.info(`Auth store consolidation:\n${authChanges.map((c) => `  - ${c}`).join("\n")}`);
+        }
+    }
+    catch (err) {
+        log.warn(`Auth store consolidation failed: ${String(err)}`);
+    }
     const cfgAtStart = loadConfig();
     // License check — gateway always starts (so setup UI is reachable),
     // but pages other than /setup will redirect until a license is activated.
@@ -397,6 +411,33 @@ export async function startGatewayServer(port = 18789, opts = {}) {
     const infraAlertUnsub = onInfraAlertEvent((evt) => {
         broadcast("notification", evt);
     });
+    const infraFallbackAlertUnsub = onInfraAlertEvent(async (evt) => {
+        if (evt.category !== "model-fallback")
+            return;
+        try {
+            const cfg = loadConfig();
+            const defaultAgentId = resolveDefaultAgentId(cfg);
+            const agent = cfg.agents?.list?.find((a) => a.id === defaultAgentId);
+            const heartbeat = agent?.heartbeat ?? cfg.agents?.defaults?.heartbeat;
+            const bindingAccountId = resolveAgentBoundAccountId(cfg, defaultAgentId, "whatsapp") ?? undefined;
+            const delivery = resolveHeartbeatDeliveryTarget({
+                cfg,
+                entry: undefined,
+                heartbeat,
+                bindingAccountId,
+            });
+            if (delivery.channel === "none" || !delivery.to)
+                return;
+            await sendCategorizedInfraAlert({
+                cfg,
+                delivery,
+                category: "model-fallback",
+            });
+        }
+        catch {
+            // Best-effort — never crash the gateway
+        }
+    });
     let heartbeatRunner = startHeartbeatRunner({ cfg: cfgAtStart });
     // Start cron, then seed preloaded cron jobs from bundled skills (one-time per template).
     void cron
@@ -589,6 +630,7 @@ export async function startGatewayServer(port = 18789, opts = {}) {
         agentUnsub,
         heartbeatUnsub,
         infraAlertUnsub,
+        infraFallbackAlertUnsub,
         chatRunState,
         clients,
         configReloader,

package/dist/infra/heartbeat-infra-alert.js

@@ -10,6 +10,7 @@ const MESSAGES = {
     auth: "Your AI assistant is offline because the API key is invalid or has expired. Open the control panel and go to Settings > API Keys to update it.",
     billing: "Your AI assistant is offline because of a billing issue with the AI provider. Check your AI provider account.",
     repeated: (n) => `Your AI assistant has failed to respond ${n} times in a row.`,
+    "model-fallback": "Your AI assistant's primary model failed and is using a backup model. Check the control panel for details or re-authenticate your primary provider.",
 };
 // In-memory cooldown map: category → last-sent timestamp.
 // Resets on gateway restart — correct: admin may have restarted to fix the issue.
@@ -135,6 +136,59 @@ export async function maybeAlertAdmin(ctx) {
         return false;
     }
 }
+/**
+ * Send an infra alert for a specific category with cooldown.
+ * Extracts the common delivery logic from maybeAlertAdmin so it can be
+ * reused for event-driven alerts (e.g. model-fallback).
+ *
+ * Returns true if an alert was sent, false if suppressed or skipped.
+ * Never throws.
+ */
+export async function sendCategorizedInfraAlert(ctx) {
+    try {
+        const { cfg, delivery, category, deps } = ctx;
+        const nowMs = ctx.nowMs ?? Date.now();
+        if (delivery.channel === "none" || !delivery.to)
+            return false;
+        if (isCooledDown(category, nowMs)) {
+            log.debug("categorized infra alert suppressed (cooldown)", { category });
+            return false;
+        }
+        const plugin = getChannelPlugin(delivery.channel);
+        if (plugin?.heartbeat?.checkReady) {
+            const readiness = await plugin.heartbeat.checkReady({
+                cfg,
+                accountId: delivery.accountId,
+                deps,
+            });
+            if (!readiness.ok) {
+                log.info("categorized infra alert skipped: channel not ready", {
+                    category,
+                    reason: readiness.reason,
+                });
+                return false;
+            }
+        }
+        const message = ctx.message ?? resolveAlertMessage(category);
+        await deliverOutboundPayloads({
+            cfg,
+            channel: delivery.channel,
+            to: delivery.to,
+            accountId: delivery.accountId,
+            payloads: [{ text: message }],
+            deps,
+        });
+        cooldowns.set(category, nowMs);
+        log.info("categorized infra alert sent", { category, to: delivery.to });
+        return true;
+    }
+    catch (alertErr) {
+        log.error("categorized infra alert delivery failed", {
+            error: alertErr instanceof Error ? alertErr.message : String(alertErr),
+        });
+        return false;
+    }
+}
 /** Reset consecutive unknown failure counter. Call when heartbeat succeeds. */
 export function resetConsecutiveFailures() {
     consecutiveUnknownFailures = 0;

package/dist/infra/update-runner.js

@@ -464,15 +464,40 @@ export async function runGatewayUpdate(opts = {}) {
         });
         const steps = [updateStep];
         const afterVersion = await readPackageVersion(pkgRoot);
+        // Post-install verification: check for issues even when exit code is 0
+        const warnings = [];
+        let versionUnchanged = false;
+        if (updateStep.exitCode === 0) {
+            // Verify version actually changed
+            if (beforeVersion && afterVersion && beforeVersion === afterVersion) {
+                versionUnchanged = true;
+                warnings.push(`version unchanged after install: ${beforeVersion} → ${afterVersion}`);
+            }
+            // Verify extensions directory exists (critical for plugin loading)
+            const extensionsDir = path.join(pkgRoot, "extensions");
+            try {
+                await fs.access(extensionsDir);
+            }
+            catch {
+                warnings.push(`extensions directory missing after install: ${extensionsDir}`);
+            }
+        }
+        const status = updateStep.exitCode !== 0 ? "error" : versionUnchanged ? "error" : "ok";
+        const reason = updateStep.exitCode !== 0
+            ? updateStep.name
+            : versionUnchanged
+                ? `version unchanged after install: ${beforeVersion}`
+                : undefined;
         return {
-            status: updateStep.exitCode === 0 ? "ok" : "error",
+            status,
             mode: globalManager,
             root: pkgRoot,
-            reason: updateStep.exitCode === 0 ? undefined : updateStep.name,
+            reason,
             before: { version: beforeVersion },
             after: { version: afterVersion },
             steps,
             durationMs: Date.now() - startedAt,
+            ...(warnings.length > 0 ? { warnings } : {}),
         };
     }
     return {

package/dist/memory/manager.js

@@ -314,7 +314,7 @@ export class MemoryIndexManager {
         const effectiveProvider = providerResult.fallbackFrom
             ? `${providerResult.fallbackFrom} → ${providerResult.provider.id} (fallback)`
             : providerResult.provider.id;
-        log.info(`embeddings: using ${effectiveProvider} provider`, {
+        log.debug(`embeddings: using ${effectiveProvider} provider`, {
             model: providerResult.provider.model,
             agentId,
         });
@@ -924,7 +924,7 @@ export class MemoryIndexManager {
             }
         }
         if (orphans.length > 0) {
-            log.info(`cleaned up ${orphans.length} orphaned temp index file(s)`);
+            log.debug(`cleaned up ${orphans.length} orphaned temp index file(s)`);
         }
     }
     moveIndexFilesSync(sourceBase, targetBase) {
@@ -1279,7 +1279,7 @@ export class MemoryIndexManager {
                 return;
             }
             const action = record ? "updated" : "added";
-            log.info(`file ${action} (${this.agentId}): ${entry.path}`);
+            log.debug(`file ${action} (${this.agentId}): ${entry.path}`);
             if (isAuditablePath(entry.path) && record?.hash !== entry.hash) {
                 recordAuditEntry(this.workspaceDir, {
                     path: entry.path,
@@ -1304,7 +1304,7 @@ export class MemoryIndexManager {
         for (const stale of staleRows) {
             if (activePaths.has(stale.path))
                 continue;
-            log.info(`file deleted (${this.agentId}): ${stale.path}`);
+            log.debug(`file deleted (${this.agentId}): ${stale.path}`);
             this.db.prepare(`DELETE FROM files WHERE path = ? AND source = ?`).run(stale.path, "memory");
             try {
                 this.db
@@ -1463,7 +1463,7 @@ export class MemoryIndexManager {
         if (!needsFullReindex && this.sources.has("memory") && !this.dirty) {
             const memoryFileCount = this.db.prepare("SELECT COUNT(*) as c FROM files WHERE source = ?").get("memory").c;
             if (memoryFileCount === 0) {
-                log.info("memory source enabled but no memory files indexed — marking dirty");
+                log.debug("memory source enabled but no memory files indexed — marking dirty");
                 this.dirty = true;
             }
         }

package/dist/web/auto-reply/monitor/process-message.js

@@ -19,6 +19,7 @@ import { deliverWebReply } from "../deliver-reply.js";
 import { whatsappInboundLog, whatsappOutboundLog } from "../loggers.js";
 import { elide } from "../util.js";
 import { createInternalHookEvent, triggerInternalHook } from "../../../hooks/internal-hooks.js";
+import { appendUserMessageToSessionTranscript } from "../../../config/sessions/transcript.js";
 import { maybeSendAckReaction } from "./ack-reaction.js";
 import { formatGroupMembers } from "./group-members.js";
 import { trackBackgroundTask, updateLastRouteInBackground } from "./last-route.js";
@@ -156,6 +157,29 @@ export async function processMessage(params) {
     if (!hasMediaAttachment) {
         fireInboundArchiveHook(params.msg.body);
     }
+    // ── Opening hours gate ──────────────────────────────────────────────
+    // Check if the business is currently closed. Only gate the public agent.
+    const agentEntries = listAgentEntries(params.cfg);
+    const routedAgent = agentEntries.find((a) => a.id === params.route.agentId);
+    const isPublicAgent = routedAgent && !routedAgent.default && routedAgent.tools?.profile !== "full";
+    if (isPublicAgent && params.msg.businessClosed) {
+        params.replyLogger.info({
+            from: params.msg.from,
+            agentId: params.route.agentId,
+            reason: "business closed",
+        }, "opening hours gate: business closed, skipping agent dispatch");
+        // Store the user turn in the session so the agent has context when business reopens.
+        void appendUserMessageToSessionTranscript({
+            agentId: params.route.agentId,
+            sessionKey: params.route.sessionKey,
+            text: combinedBody,
+            storePath,
+        }).catch((err) => {
+            params.replyLogger.warn({ error: formatError(err) }, "opening hours gate: failed to store user turn");
+        });
+        return false;
+    }
+    // ── End opening hours gate ──────────────────────────────────────────
     // Send ack reaction immediately upon message receipt (post-gating).
     // Suppress when running silently on un-mentioned group messages.
     if (params.suppressDelivery) {

package/dist/web/inbound/access-control.js

@@ -77,12 +77,13 @@ export async function checkInboundAccessControl(params) {
     // DM access control (secure defaults): "pairing" (default) / "allowlist" / "open" / "disabled".
     if (!params.group) {
         if (params.isFromMe && !isSamePhone) {
-            logVerbose("Skipping outbound DM (fromMe); no pairing reply needed.");
+            logVerbose("Detected outbound DM (fromMe); flagging for session mirroring.");
             return {
                 allowed: false,
                 shouldMarkRead: false,
                 isSelfChat,
                 resolvedAccountId: account.accountId,
+                isOwnerOutbound: true,
             };
         }
         // Admin phones (explicit peer binding for this account) are always allowed,

package/dist/web/inbound/monitor.js

@@ -5,6 +5,8 @@ import { recordChannelActivity } from "../../infra/channel-activity.js";
 import { getChildLogger } from "../../logging/logger.js";
 import { createSubsystemLogger } from "../../logging/subsystem.js";
 import { saveMediaBuffer } from "../../media/store.js";
+import { isPublicAgentActive } from "../../business/opening-hours.js";
+import { loadConfig } from "../../config/config.js";
 import { createInboundDebouncer } from "../../auto-reply/inbound-debounce.js";
 import { resolveJidToE164 } from "../../utils.js";
 import { createWaSocket, getStatusCode, waitForWaConnection } from "../session.js";
@@ -12,6 +14,7 @@ import { checkInboundAccessControl } from "./access-control.js";
 import { isRecentInboundMessage } from "./dedupe.js";
 import { describeReplyContext, extractLocationData, extractMediaPlaceholder, extractMentionedJids, extractText, } from "./extract.js";
 import { downloadInboundMedia } from "./media.js";
+import { mirrorOwnerReplyToSession } from "./owner-mirror.js";
 import { createWebSendApi } from "./send-api.js";
 export async function monitorWebInbox(options) {
     const inboundLogger = getChildLogger({ module: "web-inbound" });
@@ -117,7 +120,7 @@ export async function monitorWebInbox(options) {
         }
     };
     const handleMessagesUpsert = async (upsert) => {
-        inboundLogger.info({ accountId: options.accountId, type: upsert.type, count: upsert.messages?.length ?? 0 }, "messages.upsert received");
+        inboundLogger.debug({ accountId: options.accountId, type: upsert.type, count: upsert.messages?.length ?? 0 }, "messages.upsert received");
         if (upsert.type !== "notify" && upsert.type !== "append") {
             inboundLogger.warn({ type: upsert.type }, "messages.upsert dropped — unexpected type");
             return;
@@ -125,7 +128,7 @@ export async function monitorWebInbox(options) {
         for (const msg of upsert.messages ?? []) {
             const id = msg.key?.id ?? undefined;
             const remoteJid = msg.key?.remoteJid;
-            inboundLogger.info({
+            inboundLogger.debug({
                 accountId: options.accountId,
                 id,
                 remoteJid,
@@ -142,14 +145,14 @@ export async function monitorWebInbox(options) {
                 continue;
             }
             if (remoteJid.endsWith("@status") || remoteJid.endsWith("@broadcast")) {
-                inboundLogger.info({ id, remoteJid }, "dropped — status/broadcast");
+                inboundLogger.debug({ id, remoteJid }, "dropped — status/broadcast");
                 continue;
             }
             const group = isJidGroup(remoteJid) === true;
             if (id) {
                 const dedupeKey = `${options.accountId}:${remoteJid}:${id}`;
                 if (isRecentInboundMessage(dedupeKey)) {
-                    inboundLogger.info({ id, remoteJid }, "dropped — dedupe");
+                    inboundLogger.debug({ id, remoteJid }, "dropped — dedupe");
                     continue;
                 }
             }
@@ -188,11 +191,29 @@ export async function monitorWebInbox(options) {
                 remoteJid,
             });
             if (!access.allowed) {
-                inboundLogger.info({ id, from }, "dropped — access denied");
+                if (access.isOwnerOutbound) {
+                    // Owner sent a DM to a customer — mirror into the public agent's session
+                    // so the agent is aware of the intervention.
+                    const body = extractText(msg.message ?? undefined);
+                    if (body) {
+                        void mirrorOwnerReplyToSession({
+                            cfg: loadConfig(),
+                            from,
+                            body,
+                            accountId: access.resolvedAccountId,
+                            timestamp: messageTimestampMs,
+                            logger: inboundLogger,
+                        });
+                    }
+                }
+                else {
+                    inboundLogger.debug({ id, from }, "dropped — access denied");
+                }
                 continue;
             }
-            inboundLogger.info({ id, from, isSelfChat: access.isSelfChat }, "access granted");
-            if (id && !access.isSelfChat && options.sendReadReceipts !== false) {
+            inboundLogger.debug({ id, from, isSelfChat: access.isSelfChat }, "access granted");
+            const businessClosed = !isPublicAgentActive(loadConfig().business).open;
+            if (id && !access.isSelfChat && options.sendReadReceipts !== false && !businessClosed) {
                 const participant = msg.key?.participant;
                 try {
                     await sock.readMessages([{ remoteJid, id, participant, fromMe: false }]);
@@ -211,7 +232,7 @@ export async function monitorWebInbox(options) {
             }
             // If this is history/offline catch-up, mark read above but skip auto-reply.
             if (upsert.type === "append") {
-                inboundLogger.info({ id, from }, "dropped — append (history catch-up)");
+                inboundLogger.debug({ id, from }, "dropped — append (history catch-up)");
                 continue;
             }
             const location = extractLocationData(msg.message ?? undefined);
@@ -223,7 +244,7 @@ export async function monitorWebInbox(options) {
             if (!body) {
                 body = extractMediaPlaceholder(msg.message ?? undefined);
                 if (!body) {
-                    inboundLogger.info({ id, from }, "dropped — no body or media placeholder");
+                    inboundLogger.debug({ id, from }, "dropped — no body or media placeholder");
                     continue;
                 }
             }
@@ -270,7 +291,7 @@ export async function monitorWebInbox(options) {
             const timestamp = messageTimestampMs;
             const mentionedJids = extractMentionedJids(msg.message);
             const senderName = msg.pushName ?? undefined;
-            inboundLogger.info({ from, to: selfE164 ?? "me", body, mediaPath, mediaType, timestamp }, "inbound message");
+            inboundLogger.debug({ from, to: selfE164 ?? "me", body, mediaPath, mediaType, timestamp }, "inbound message");
             const inboundMessage = {
                 id,
                 from,
@@ -302,6 +323,7 @@ export async function monitorWebInbox(options) {
                 mediaPath,
                 mediaType,
                 mediaDownloadFailed,
+                businessClosed,
             };
             try {
                 const task = Promise.resolve(debouncer.enqueue(inboundMessage));

package/dist/web/inbound/owner-mirror.js

@@ -0,0 +1,35 @@
+import { resolveStorePath } from "../../config/sessions.js";
+import { appendAssistantMessageToSessionTranscript } from "../../config/sessions/transcript.js";
+import { resolveAgentRoute } from "../../routing/resolve-route.js";
+export async function mirrorOwnerReplyToSession(params) {
+    try {
+        // Resolve the session key for this customer's conversation.
+        // The 'from' is the customer's phone number (remoteJid resolved to E.164).
+        const route = resolveAgentRoute({
+            cfg: params.cfg,
+            channel: "whatsapp",
+            accountId: params.accountId,
+            peer: {
+                kind: "dm",
+                id: params.from,
+            },
+        });
+        if (!route.agentId)
+            return;
+        const storePath = resolveStorePath(params.cfg.session?.store, {
+            agentId: route.agentId,
+        });
+        const result = await appendAssistantMessageToSessionTranscript({
+            agentId: route.agentId,
+            sessionKey: route.sessionKey,
+            text: `[Owner reply] ${params.body}`,
+            storePath,
+        });
+        if (result.ok) {
+            params.logger.info({ from: params.from, agentId: route.agentId, sessionKey: route.sessionKey }, "mirrored owner outbound DM to session");
+        }
+    }
+    catch (err) {
+        params.logger.warn({ error: String(err), from: params.from }, "failed to mirror owner outbound DM to session");
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/taskmaster",
-  "version": "1.12.3",
+  "version": "1.13.1",
   "description": "AI-powered business assistant for small businesses",
   "publishConfig": {
     "access": "public"