npm - @rubytech/taskmaster - Versions diffs - 1.2.1 → 1.3.0 - Mend

@rubytech/taskmaster 1.2.1 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

package/dist/agents/auth-profiles/profiles.js +37 -0
package/dist/agents/auth-profiles.js +1 -1
package/dist/agents/pi-tools.policy.js +4 -0
package/dist/agents/taskmaster-tools.js +14 -0
package/dist/agents/tool-policy.js +5 -2
package/dist/agents/tools/apikeys-tool.js +16 -5
package/dist/agents/tools/contact-create-tool.js +59 -0
package/dist/agents/tools/contact-delete-tool.js +48 -0
package/dist/agents/tools/contact-update-tool.js +17 -2
package/dist/agents/tools/file-delete-tool.js +137 -0
package/dist/agents/tools/file-list-tool.js +127 -0
package/dist/auto-reply/reply/commands-tts.js +7 -2
package/dist/build-info.json +3 -3
package/dist/cli/provision-seed.js +1 -2
package/dist/commands/doctor-config-flow.js +13 -0
package/dist/config/agent-tools-reconcile.js +53 -0
package/dist/config/defaults.js +10 -1
package/dist/config/legacy.migrations.part-3.js +26 -0
package/dist/config/zod-schema.core.js +9 -1
package/dist/config/zod-schema.js +1 -0
package/dist/control-ui/assets/index-CPawOl_z.css +1 -0
package/dist/control-ui/assets/{index-N8du4fwV.js → index-DQ1kxYd4.js} +692 -598
package/dist/control-ui/assets/index-DQ1kxYd4.js.map +1 -0
package/dist/control-ui/index.html +2 -2
package/dist/gateway/config-reload.js +1 -0
package/dist/gateway/media-http.js +28 -0
package/dist/gateway/server-methods/apikeys.js +56 -4
package/dist/gateway/server-methods/tts.js +11 -2
package/dist/gateway/server.impl.js +15 -0
package/dist/media-understanding/apply.js +35 -0
package/dist/media-understanding/providers/deepgram/audio.js +1 -1
package/dist/media-understanding/providers/google/audio.js +1 -1
package/dist/media-understanding/providers/google/video.js +1 -1
package/dist/media-understanding/providers/index.js +2 -0
package/dist/media-understanding/providers/openai/audio.js +1 -1
package/dist/media-understanding/providers/sherpa-onnx/index.js +10 -0
package/dist/media-understanding/runner.js +61 -72
package/dist/media-understanding/sherpa-onnx-local.js +223 -0
package/dist/records/records-manager.js +10 -0
package/dist/tts/tts.js +98 -10
package/dist/web/auto-reply/monitor/process-message.js +1 -0
package/dist/web/inbound/monitor.js +9 -1
package/extensions/googlechat/node_modules/.bin/taskmaster +2 -2
package/extensions/googlechat/package.json +2 -2
package/extensions/line/node_modules/.bin/taskmaster +2 -2
package/extensions/line/package.json +1 -1
package/extensions/matrix/node_modules/.bin/taskmaster +2 -2
package/extensions/matrix/package.json +1 -1
package/extensions/msteams/node_modules/.bin/taskmaster +2 -2
package/extensions/msteams/package.json +1 -1
package/extensions/nostr/node_modules/.bin/taskmaster +2 -2
package/extensions/nostr/package.json +1 -1
package/extensions/zalo/node_modules/.bin/taskmaster +2 -2
package/extensions/zalo/package.json +1 -1
package/extensions/zalouser/node_modules/.bin/taskmaster +2 -2
package/extensions/zalouser/package.json +1 -1
package/package.json +3 -2
package/scripts/postinstall.js +76 -0
package/skills/business-assistant/references/crm.md +32 -8
package/taskmaster-docs/USER-GUIDE.md +84 -5
package/templates/beagle/agents/admin/AGENTS.md +4 -2
package/templates/taskmaster/agents/admin/AGENTS.md +1 -0
package/dist/control-ui/assets/index-DtQHRIVD.css +0 -1
package/dist/control-ui/assets/index-N8du4fwV.js.map +0 -1

package/dist/control-ui/index.html CHANGED Viewed

@@ -6,8 +6,8 @@
     <title>Taskmaster Control</title>
     <meta name="color-scheme" content="dark light" />
     <link rel="icon" type="image/png" href="./favicon.png" />
-    <script type="module" crossorigin src="./assets/index-N8du4fwV.js"></script>
-    <link rel="stylesheet" crossorigin href="./assets/index-DtQHRIVD.css">
+    <script type="module" crossorigin src="./assets/index-DQ1kxYd4.js"></script>
+    <link rel="stylesheet" crossorigin href="./assets/index-CPawOl_z.css">
   </head>
   <body>
     <taskmaster-app></taskmaster-app>

package/dist/gateway/config-reload.js CHANGED Viewed

@@ -9,6 +9,7 @@ const BASE_RELOAD_RULES = [
     { prefix: "access", kind: "none" },
     { prefix: "publicChat", kind: "none" },
     { prefix: "apiKeys", kind: "none" },
+    { prefix: "apiKeysDisabled", kind: "none" },
     { prefix: "gateway.remote", kind: "none" },
     { prefix: "gateway.reload", kind: "none" },
     { prefix: "hooks.gmail", kind: "hot", actions: ["restart-gmail-watcher"] },

package/dist/gateway/media-http.js CHANGED Viewed

@@ -22,6 +22,16 @@ const ALLOWED_MEDIA_EXTENSIONS = new Set([
     ".tiff",
     ".tif",
     ".pdf",
+    // Audio
+    ".mp3",
+    ".opus",
+    ".ogg",
+    ".oga",
+    ".wav",
+    ".m4a",
+    ".webm",
+    ".aac",
+    ".flac",
 ]);
 function contentType(ext) {
     switch (ext) {
@@ -45,6 +55,24 @@ function contentType(ext) {
             return "image/tiff";
         case ".pdf":
             return "application/pdf";
+        // Audio
+        case ".mp3":
+            return "audio/mpeg";
+        case ".opus":
+            return "audio/opus";
+        case ".ogg":
+        case ".oga":
+            return "audio/ogg";
+        case ".wav":
+            return "audio/wav";
+        case ".m4a":
+            return "audio/mp4";
+        case ".webm":
+            return "audio/webm";
+        case ".aac":
+            return "audio/aac";
+        case ".flac":
+            return "audio/flac";
         default:
             return "application/octet-stream";
     }

package/dist/gateway/server-methods/apikeys.js CHANGED Viewed

@@ -1,18 +1,24 @@
 /**
  * Gateway handlers for centralized API key management.
  *
- * apikeys.list  — returns provider catalog with set/unset status
- * apikeys.set   — stores a key for a provider (config watcher hot-reloads)
- * apikeys.remove — removes a key for a provider (config watcher hot-reloads)
+ * apikeys.list    — returns provider catalog with set/unset/disabled status
+ * apikeys.set     — stores a key for a provider (config watcher hot-reloads)
+ * apikeys.remove  — removes a key for a provider (config watcher hot-reloads)
+ * apikeys.disable — toggles a key's disabled state (key preserved, not distributed)
  *
  * No explicit restart needed — the config file watcher detects the change,
  * and `applyApiKeys()` runs as a side effect of `readConfigFileSnapshot()`,
  * injecting keys into the auth profile store and tool config paths.
  * The `apiKeys` prefix is registered as "none" in config-reload.ts.
  */
+import { removeAuthProfile } from "../../agents/auth-profiles.js";
 import { readConfigFileSnapshot, writeConfigFile } from "../../config/config.js";
 import { ErrorCodes, errorShape } from "../protocol/index.js";
 import { formatForLog } from "../ws-log.js";
+/** Providers whose API keys are stored as auth profiles (type: api_key). */
+const AUTH_PROFILE_PROVIDERS = new Set([
+    "anthropic", "openai", "google", "replicate", "hume",
+]);
 const PROVIDER_CATALOG = [
     { id: "anthropic", name: "Anthropic", category: "AI Model", primary: true },
     { id: "google", name: "Google", category: "Voice & Video", primary: true },
@@ -29,9 +35,10 @@ export const apikeysHandlers = {
         try {
             const snapshot = await readConfigFileSnapshot();
             const storedKeys = snapshot.config.apiKeys ?? {};
+            const disabledMap = snapshot.config.apiKeysDisabled ?? {};
             const providers = PROVIDER_CATALOG.map((p) => {
                 const raw = storedKeys[p.id]?.trim();
-                return { ...p, hasKey: Boolean(raw), key: raw || undefined };
+                return { ...p, hasKey: Boolean(raw), disabled: Boolean(disabledMap[p.id]), key: raw || undefined };
             });
             respond(true, { providers });
         }
@@ -73,11 +80,56 @@ export const apikeysHandlers = {
             const existing = { ...config.apiKeys };
             delete existing[provider];
             config.apiKeys = Object.keys(existing).length > 0 ? existing : undefined;
+            // Clean up disabled entry when key is removed
+            if (config.apiKeysDisabled?.[provider]) {
+                const disabled = { ...config.apiKeysDisabled };
+                delete disabled[provider];
+                config.apiKeysDisabled = Object.keys(disabled).length > 0 ? disabled : undefined;
+            }
             await writeConfigFile(config);
+            // Remove the auth profile so stale credentials are not picked up by
+            // provider resolution (the profile outlives the config key otherwise).
+            if (AUTH_PROFILE_PROVIDERS.has(provider)) {
+                removeAuthProfile({ profileId: `${provider}:api-key` });
+            }
             respond(true, { ok: true, provider });
         }
         catch (err) {
             respond(false, undefined, errorShape(ErrorCodes.UNAVAILABLE, formatForLog(err)));
         }
     },
+    "apikeys.disable": async ({ params, respond }) => {
+        try {
+            const provider = params.provider?.trim();
+            const disabled = params.disabled;
+            if (!provider || !VALID_PROVIDER_IDS.has(provider)) {
+                respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, `Invalid provider: ${provider ?? "(empty)"}`));
+                return;
+            }
+            if (typeof disabled !== "boolean") {
+                respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, "disabled must be a boolean"));
+                return;
+            }
+            const snapshot = await readConfigFileSnapshot();
+            const config = { ...snapshot.config };
+            if (disabled) {
+                config.apiKeysDisabled = { ...config.apiKeysDisabled, [provider]: true };
+            }
+            else {
+                const existing = { ...config.apiKeysDisabled };
+                delete existing[provider];
+                config.apiKeysDisabled = Object.keys(existing).length > 0 ? existing : undefined;
+            }
+            await writeConfigFile(config);
+            // Eagerly remove/restore auth profile so the change takes effect
+            // before the config watcher fires.
+            if (disabled && AUTH_PROFILE_PROVIDERS.has(provider)) {
+                removeAuthProfile({ profileId: `${provider}:api-key` });
+            }
+            respond(true, { ok: true, provider, disabled });
+        }
+        catch (err) {
+            respond(false, undefined, errorShape(ErrorCodes.UNAVAILABLE, formatForLog(err)));
+        }
+    },
 };

package/dist/gateway/server-methods/tts.js CHANGED Viewed

@@ -80,8 +80,11 @@ export const ttsHandlers = {
     },
     "tts.setProvider": async ({ params, respond }) => {
         const provider = typeof params.provider === "string" ? params.provider.trim() : "";
-        if (provider !== "openai" && provider !== "elevenlabs" && provider !== "edge") {
-            respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, "Invalid provider. Use openai, elevenlabs, or edge."));
+        if (provider !== "openai" &&
+            provider !== "elevenlabs" &&
+            provider !== "edge" &&
+            provider !== "hume") {
+            respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, "Invalid provider. Use openai, elevenlabs, hume, or edge."));
             return;
         }
         try {
@@ -115,6 +118,12 @@ export const ttsHandlers = {
                         configured: Boolean(resolveTtsApiKey(config, "elevenlabs")),
                         models: ["eleven_multilingual_v2", "eleven_turbo_v2_5", "eleven_monolingual_v1"],
                     },
+                    {
+                        id: "hume",
+                        name: "Hume",
+                        configured: Boolean(resolveTtsApiKey(config, "hume")),
+                        models: [],
+                    },
                     {
                         id: "edge",
                         name: "Edge TTS",

package/dist/gateway/server.impl.js CHANGED Viewed

@@ -9,6 +9,7 @@ import { CONFIG_PATH_TASKMASTER, isNixMode, loadConfig, migrateLegacyConfig, rea
 import { VERSION } from "../version.js";
 import { isDiagnosticsEnabled } from "../infra/diagnostic-events.js";
 import { logAcceptedEnvOption } from "../infra/env.js";
+import { reconcileAgentContactTools } from "../config/agent-tools-reconcile.js";
 import { applyPluginAutoEnable } from "../config/plugin-auto-enable.js";
 import { clearAgentRunContext, onAgentEvent } from "../infra/agent-events.js";
 import { onHeartbeatEvent } from "../infra/heartbeat-events.js";
@@ -121,6 +122,20 @@ export async function startGatewayServer(port = 18789, opts = {}) {
             log.warn(`gateway: failed to persist plugin auto-enable changes: ${String(err)}`);
         }
     }
+    // Reconcile agent tool groups (e.g. individual contact tools → group:contacts).
+    const toolReconcile = reconcileAgentContactTools({ config: configSnapshot.config });
+    if (toolReconcile.changes.length > 0) {
+        try {
+            await writeConfigFile(toolReconcile.config);
+            configSnapshot = await readConfigFileSnapshot();
+            log.info(`gateway: reconciled agent tools:\n${toolReconcile.changes
+                .map((entry) => `- ${entry}`)
+                .join("\n")}`);
+        }
+        catch (err) {
+            log.warn(`gateway: failed to persist agent tools reconciliation: ${String(err)}`);
+        }
+    }
     // Stamp config with running version on startup so upgrades keep the stamp current.
     const storedVersion = configSnapshot.config.meta?.lastTouchedVersion;
     if (configSnapshot.exists && storedVersion !== VERSION) {

package/dist/media-understanding/apply.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import { finalizeInboundContext } from "../auto-reply/reply/inbound-context.js";
+import { logVerbose } from "../globals.js";
 import { extractMediaUserText, formatAudioTranscripts, formatMediaUnderstandingBody, } from "./format.js";
 import { runWithConcurrency } from "./concurrency.js";
 import { resolveConcurrency } from "./resolve.js";
@@ -42,6 +43,40 @@ export async function applyMediaUnderstanding(params) {
         if (decisions.length > 0) {
             ctx.MediaUnderstandingDecisions = [...(ctx.MediaUnderstandingDecisions ?? []), ...decisions];
         }
+        // Surface audio failures so the agent can inform the user instead of receiving
+        // a bare <media:audio> placeholder with no context about what went wrong.
+        const audioDecision = decisions.find((d) => d.capability === "audio");
+        const audioTranscribed = outputs.some((o) => o.kind === "audio.transcription");
+        const bodyHint = ctx.CommandBody ?? ctx.RawBody ?? ctx.Body ?? "";
+        const isAudioPlaceholder = /^<media:audio>/i.test(bodyHint.trim());
+        if (isAudioPlaceholder && !audioTranscribed) {
+            let reason;
+            if (ctx.MediaDownloadFailed) {
+                reason = "media download failed — the voice note could not be retrieved from WhatsApp";
+            }
+            else if (audioDecision?.outcome === "no-attachment") {
+                reason = "no audio file available for transcription";
+            }
+            else if (audioDecision?.outcome === "skipped") {
+                // Distinguish between "no providers at all" (empty attempts) and "providers tried but all failed"
+                const hasAttempts = audioDecision.attachments?.some((a) => a.attempts.length > 0);
+                reason = hasAttempts
+                    ? "all transcription attempts failed"
+                    : "no transcription provider configured (add an OpenAI, Google, Groq, or Deepgram API key)";
+            }
+            else if (audioDecision?.outcome === "disabled") {
+                reason = "audio transcription is disabled in config";
+            }
+            else {
+                reason = `transcription ${audioDecision?.outcome ?? "unavailable"}`;
+            }
+            const note = `[Voice note received but could not be transcribed: ${reason}]`;
+            logVerbose(`applyMediaUnderstanding: ${note}`);
+            ctx.Body = note;
+            ctx.CommandBody = note;
+            ctx.RawBody = note;
+            finalizeInboundContext(ctx, { forceBodyForAgent: true, forceBodyForCommands: true });
+        }
         if (outputs.length > 0) {
             ctx.Body = formatMediaUnderstandingBody({ body: ctx.Body, outputs });
             const audioOutputs = outputs.filter((output) => output.kind === "audio.transcription");

package/dist/media-understanding/providers/deepgram/audio.js CHANGED Viewed

@@ -22,7 +22,7 @@ export async function transcribeDeepgramAudio(params) {
     }
     const headers = new Headers(params.headers);
     if (!headers.has("authorization")) {
-        headers.set("authorization", `Token ${params.apiKey}`);
+        headers.set("authorization", `Token ${params.apiKey ?? ""}`);
     }
     if (!headers.has("content-type")) {
         headers.set("content-type", params.mime ?? "application/octet-stream");

package/dist/media-understanding/providers/google/audio.js CHANGED Viewed

@@ -23,7 +23,7 @@ export async function transcribeGeminiAudio(params) {
         headers.set("content-type", "application/json");
     }
     if (!headers.has("x-goog-api-key")) {
-        headers.set("x-goog-api-key", params.apiKey);
+        headers.set("x-goog-api-key", params.apiKey ?? "");
     }
     const body = {
         contents: [

package/dist/media-understanding/providers/google/video.js CHANGED Viewed

@@ -23,7 +23,7 @@ export async function describeGeminiVideo(params) {
         headers.set("content-type", "application/json");
     }
     if (!headers.has("x-goog-api-key")) {
-        headers.set("x-goog-api-key", params.apiKey);
+        headers.set("x-goog-api-key", params.apiKey ?? "");
     }
     const body = {
         contents: [

package/dist/media-understanding/providers/index.js CHANGED Viewed

@@ -5,6 +5,7 @@ import { googleProvider } from "./google/index.js";
 import { groqProvider } from "./groq/index.js";
 import { minimaxProvider } from "./minimax/index.js";
 import { openaiProvider } from "./openai/index.js";
+import { sherpaOnnxProvider } from "./sherpa-onnx/index.js";
 const PROVIDERS = [
     groqProvider,
     openaiProvider,
@@ -12,6 +13,7 @@ const PROVIDERS = [
     anthropicProvider,
     minimaxProvider,
     deepgramProvider,
+    sherpaOnnxProvider,
 ];
 export function normalizeMediaProviderId(id) {
     const normalized = normalizeProviderId(id);

package/dist/media-understanding/providers/openai/audio.js CHANGED Viewed

@@ -25,7 +25,7 @@ export async function transcribeOpenAiCompatibleAudio(params) {
         form.append("prompt", params.prompt.trim());
     const headers = new Headers(params.headers);
     if (!headers.has("authorization")) {
-        headers.set("authorization", `Bearer ${params.apiKey}`);
+        headers.set("authorization", `Bearer ${params.apiKey ?? ""}`);
     }
     const res = await fetchWithTimeout(url, {
         method: "POST",

package/dist/media-understanding/providers/sherpa-onnx/index.js ADDED Viewed

@@ -0,0 +1,10 @@
+import { transcribeLocal, MODEL_LABEL } from "../../sherpa-onnx-local.js";
+export const sherpaOnnxProvider = {
+    id: "sherpa-onnx",
+    isLocal: true,
+    capabilities: ["audio"],
+    transcribeAudio: async (req) => {
+        const result = await transcribeLocal(req.buffer, req.fileName);
+        return { text: result.text, model: result.model ?? MODEL_LABEL };
+    },
+};

package/dist/media-understanding/runner.js CHANGED Viewed

@@ -5,7 +5,7 @@ import path from "node:path";
 import { findModelInCatalog, loadModelCatalog, modelSupportsVision, } from "../agents/model-catalog.js";
 import { applyTemplate } from "../auto-reply/templating.js";
 import { requireApiKey, resolveApiKeyForProvider } from "../agents/model-auth.js";
-import { logVerbose, shouldLogVerbose } from "../globals.js";
+import { createSubsystemLogger } from "../logging/subsystem.js";
 import { runExec } from "../process/exec.js";
 import { MediaAttachmentCache, normalizeAttachments, selectAttachments } from "./attachments.js";
 import { CLI_OUTPUT_MAX_BUFFER, DEFAULT_AUDIO_MODELS, DEFAULT_TIMEOUT_SECONDS, } from "./defaults.js";
@@ -23,6 +23,7 @@ const DEFAULT_IMAGE_MODELS = {
     google: "gemini-3-flash-preview",
     minimax: "MiniMax-VL-01",
 };
+const log = createSubsystemLogger("gateway/media");
 export function buildProviderRegistry(overrides) {
     return buildMediaUnderstandingRegistry(overrides);
 }
@@ -33,7 +34,6 @@ export function createMediaAttachmentCache(attachments) {
     return new MediaAttachmentCache(attachments);
 }
 const binaryCache = new Map();
-const geminiProbeCache = new Map();
 function expandHomeDir(value) {
     if (!value.startsWith("~"))
         return value;
@@ -181,26 +181,6 @@ function extractSherpaOnnxText(raw) {
     }
     return null;
 }
-async function probeGeminiCli() {
-    const cached = geminiProbeCache.get("gemini");
-    if (cached)
-        return cached;
-    const resolved = (async () => {
-        if (!(await hasBinary("gemini")))
-            return false;
-        try {
-            const { stdout } = await runExec("gemini", ["--output-format", "json", "ok"], {
-                timeoutMs: 8000,
-            });
-            return Boolean(extractGeminiResponse(stdout) ?? stdout.toLowerCase().includes("ok"));
-        }
-        catch {
-            return false;
-        }
-    })();
-    geminiProbeCache.set("gemini", resolved);
-    return resolved;
-}
 async function resolveLocalWhisperCppEntry() {
     if (!(await hasBinary("whisper-cli")))
         return null;
@@ -234,7 +214,34 @@ async function resolveLocalWhisperEntry() {
         ],
     };
 }
-async function resolveSherpaOnnxEntry() {
+/**
+ * Check if sherpa-onnx-node (npm package) is available with model + ffmpeg.
+ * Returns a provider entry so the pipeline uses the Node.js API directly
+ * (no CLI binary or SHERPA_ONNX_MODEL_DIR env var required).
+ */
+async function resolveSherpaOnnxNodeEntry() {
+    try {
+        const { isReady } = await import("./sherpa-onnx-local.js");
+        if (await isReady()) {
+            return { type: "provider", provider: "sherpa-onnx" };
+        }
+        // Package + ffmpeg available but model not yet downloaded — still viable
+        // (the provider will trigger a lazy download on first use)
+        const { isAvailable } = await import("./sherpa-onnx-local.js");
+        if (await isAvailable()) {
+            return { type: "provider", provider: "sherpa-onnx" };
+        }
+    }
+    catch {
+        // sherpa-onnx-node not installed — skip
+    }
+    return null;
+}
+/**
+ * Fallback: check for sherpa-onnx-offline CLI binary + SHERPA_ONNX_MODEL_DIR env var.
+ * This is the legacy detection path for users who installed the binary manually.
+ */
+async function resolveSherpaOnnxCliEntry() {
     if (!(await hasBinary("sherpa-onnx-offline")))
         return null;
     const modelDir = process.env.SHERPA_ONNX_MODEL_DIR?.trim();
@@ -265,32 +272,19 @@ async function resolveSherpaOnnxEntry() {
     };
 }
 async function resolveLocalAudioEntry() {
-    const sherpa = await resolveSherpaOnnxEntry();
-    if (sherpa)
-        return sherpa;
+    // Prefer sherpa-onnx-node (npm, no PATH issues, automatic model management)
+    const sherpaNode = await resolveSherpaOnnxNodeEntry();
+    if (sherpaNode)
+        return sherpaNode;
+    // Fallback: CLI binary (legacy/manual installs)
+    const sherpaCli = await resolveSherpaOnnxCliEntry();
+    if (sherpaCli)
+        return sherpaCli;
     const whisperCpp = await resolveLocalWhisperCppEntry();
     if (whisperCpp)
         return whisperCpp;
     return await resolveLocalWhisperEntry();
 }
-async function resolveGeminiCliEntry(_capability) {
-    if (!(await probeGeminiCli()))
-        return null;
-    return {
-        type: "cli",
-        command: "gemini",
-        args: [
-            "--output-format",
-            "json",
-            "--allowed-tools",
-            "read_many_files",
-            "--include-directories",
-            "{{MediaDir}}",
-            "{{Prompt}}",
-            "Use read_many_files to read {{MediaPath}} and respond with only the text output.",
-        ],
-    };
-}
 async function resolveKeyEntry(params) {
     const { cfg, agentDir, providerRegistry, capability } = params;
     const checkProvider = async (providerId, model) => {
@@ -362,9 +356,6 @@ async function resolveAutoEntries(params) {
         if (localAudio)
             return [localAudio];
     }
-    const gemini = await resolveGeminiCliEntry(params.capability);
-    if (gemini)
-        return [gemini];
     const keys = await resolveKeyEntry(params);
     if (keys)
         return [keys];
@@ -635,14 +626,18 @@ async function runProviderEntry(params) {
             maxBytes,
             timeoutMs,
         });
-        const auth = await resolveApiKeyForProvider({
-            provider: providerId,
-            cfg,
-            profileId: entry.profile,
-            preferredProfile: entry.preferredProfile,
-            agentDir: params.agentDir,
-        });
-        const apiKey = requireApiKey(auth, providerId);
+        // Local providers (e.g. sherpa-onnx) do not require an API key.
+        let apiKey;
+        if (!provider.isLocal) {
+            const auth = await resolveApiKeyForProvider({
+                provider: providerId,
+                cfg,
+                profileId: entry.profile,
+                preferredProfile: entry.preferredProfile,
+                agentDir: params.agentDir,
+            });
+            apiKey = requireApiKey(auth, providerId);
+        }
         const providerConfig = cfg.models?.providers?.[providerId];
         const baseUrl = entry.baseUrl ?? params.config?.baseUrl ?? providerConfig?.baseUrl;
         const mergedHeaders = {
@@ -751,9 +746,7 @@ async function runCliEntry(params) {
     };
     const argv = [command, ...args].map((part, index) => index === 0 ? part : applyTemplate(part, templCtx));
     try {
-        if (shouldLogVerbose()) {
-            logVerbose(`Media understanding via CLI: ${argv.join(" ")}`);
-        }
+        log.debug(`CLI: ${argv.join(" ")}`);
         const { stdout } = await runExec(argv[0], argv.slice(1), {
             timeoutMs,
             maxBuffer: CLI_OUTPUT_MAX_BUFFER,
@@ -825,9 +818,7 @@ async function runAttachmentEntries(params) {
                     outcome: "skipped",
                     reason: `${err.reason}: ${err.message}`,
                 }));
-                if (shouldLogVerbose()) {
-                    logVerbose(`Skipping ${capability} model due to ${err.reason}: ${err.message}`);
-                }
+                log.debug(`Skipping ${capability} model: ${err.reason}: ${err.message}`);
                 continue;
             }
             attempts.push(buildModelDecision({
@@ -836,9 +827,7 @@ async function runAttachmentEntries(params) {
                 outcome: "failed",
                 reason: String(err),
             }));
-            if (shouldLogVerbose()) {
-                logVerbose(`${capability} understanding failed: ${String(err)}`);
-            }
+            log.error(`${capability} failed: ${String(err)}`);
         }
     }
     return { output: null, attempts };
@@ -866,9 +855,7 @@ export async function runCapability(params) {
     }
     const scopeDecision = resolveScopeDecision({ scope: config?.scope, ctx });
     if (scopeDecision === "deny") {
-        if (shouldLogVerbose()) {
-            logVerbose(`${capability} understanding disabled by scope policy.`);
-        }
+        log.debug(`${capability} disabled by scope policy`);
         return {
             outputs: [],
             decision: {
@@ -885,9 +872,7 @@ export async function runCapability(params) {
         const catalog = await loadModelCatalog({ config: cfg });
         const entry = findModelInCatalog(catalog, activeProvider, params.activeModel?.model ?? "");
         if (modelSupportsVision(entry)) {
-            if (shouldLogVerbose()) {
-                logVerbose("Skipping image understanding: primary model supports vision natively");
-            }
+            log.debug("Skipping image understanding: primary model supports vision natively");
             const model = params.activeModel?.model?.trim();
             const reason = "primary model supports vision natively";
             return {
@@ -966,8 +951,12 @@ export async function runCapability(params) {
         outcome: outputs.length > 0 ? "success" : "skipped",
         attachments: attachmentDecisions,
     };
-    if (shouldLogVerbose()) {
-        logVerbose(`Media understanding ${formatDecisionSummary(decision)}`);
+    const summary = formatDecisionSummary(decision);
+    if (decision.outcome === "success") {
+        log.info(summary);
+    }
+    else {
+        log.debug(summary);
     }
     return {
         outputs,