@rubytech/taskmaster 1.42.0 → 1.43.0

package/dist/agents/context.js

@@ -26,6 +26,8 @@ const loadPromise = (async () => {
         // If pi-ai isn't available, leave cache empty; lookup will fall back.
     }
 })();
+/** Resolves when the model cache has been populated (or failed to load). */
+export const modelCacheReady = loadPromise;
 export function lookupContextTokens(modelId) {
     if (!modelId)
         return undefined;

package/dist/agents/pi-embedded-runner/compact.js

@@ -268,6 +268,7 @@ export async function compactEmbeddedPiSessionDirect(params) {
                 ? resolveHeartbeatPrompt(params.config?.agents?.defaults?.heartbeat?.prompt)
                 : undefined,
             skillsPrompt,
+            skillSpawnEntries: params.skillsSnapshot?.skillSpawnEntries,
             docsPath: docsPath ?? undefined,
             ttsHint,
             promptMode,

package/dist/agents/pi-embedded-runner/run/attempt.js

@@ -296,6 +296,7 @@ export async function runEmbeddedAttempt(params) {
                 ? resolveHeartbeatPrompt(params.config?.agents?.defaults?.heartbeat?.prompt)
                 : undefined,
             skillsPrompt,
+            skillSpawnEntries: params.skillsSnapshot?.skillSpawnEntries,
             docsPath: docsPath ?? undefined,
             ttsHint,
             workspaceNotes,

package/dist/agents/pi-embedded-runner/system-prompt.js

@@ -10,6 +10,7 @@ export function buildEmbeddedSystemPrompt(params) {
         reasoningTagHint: params.reasoningTagHint,
         heartbeatPrompt: params.heartbeatPrompt,
         skillsPrompt: params.skillsPrompt,
+        skillSpawnEntries: params.skillSpawnEntries,
         docsPath: params.docsPath,
         ttsHint: params.ttsHint,
         workspaceNotes: params.workspaceNotes,

package/dist/agents/skills/frontmatter.js

@@ -91,7 +91,12 @@ export function resolveTaskmasterMetadata(frontmatter) {
         return {
             always: typeof taskmasterObj.always === "boolean" ? taskmasterObj.always : undefined,
             embed: typeof taskmasterObj.embed === "boolean" ? taskmasterObj.embed : undefined,
-            emoji: typeof taskmasterObj.emoji === "string" ? taskmasterObj.emoji : undefined,
+            icon: typeof taskmasterObj.icon === "string" ? taskmasterObj.icon : undefined,
+            tools: Array.isArray(taskmasterObj.tools)
+                ? taskmasterObj.tools
+                    .map((t) => String(t).trim())
+                    .filter(Boolean)
+                : undefined,
             homepage: typeof taskmasterObj.homepage === "string" ? taskmasterObj.homepage : undefined,
             skillKey: typeof taskmasterObj.skillKey === "string" ? taskmasterObj.skillKey : undefined,
             primaryEnv: typeof taskmasterObj.primaryEnv === "string" ? taskmasterObj.primaryEnv : undefined,
@@ -128,6 +133,85 @@ export function extractEmbedFlag(content) {
     const meta = resolveTaskmasterMetadata(frontmatter);
     return meta?.embed === true;
 }
+/**
+ * Patch icon and/or tools in a SKILL.md content string's frontmatter metadata.
+ * Preserves other metadata fields. Uses the same pattern as applyEmbedFlag.
+ * - tools: [] removes the field; tools: undefined (key explicitly present) removes the field.
+ * - icon: undefined or "" (key explicitly present) removes the field.
+ * - Omitting the icon key entirely leaves any existing icon unchanged.
+ * - Omitting the tools key entirely leaves any existing tools unchanged.
+ */
+export function applySkillMetadataFields(content, fields) {
+    const normalized = content.replace(/\r\n/g, "\n").replace(/\r/g, "\n");
+    const frontmatter = parseFrontmatter(normalized);
+    const rawMeta = frontmatter.metadata;
+    let metaObj = {};
+    if (rawMeta) {
+        try {
+            metaObj = JSON5.parse(rawMeta);
+        }
+        catch {
+            // Start fresh if unparseable.
+        }
+    }
+    const taskmaster = metaObj.taskmaster && typeof metaObj.taskmaster === "object"
+        ? { ...metaObj.taskmaster }
+        : {};
+    // Apply icon patch.
+    if ("icon" in fields) {
+        if (fields.icon) {
+            taskmaster.icon = fields.icon;
+        }
+        else {
+            delete taskmaster.icon;
+        }
+    }
+    // Apply tools patch.
+    if ("tools" in fields) {
+        if (fields.tools && fields.tools.length > 0) {
+            taskmaster.tools = fields.tools;
+        }
+        else {
+            delete taskmaster.tools;
+        }
+    }
+    const hasTaskmasterKeys = Object.keys(taskmaster).length > 0;
+    if (hasTaskmasterKeys) {
+        metaObj.taskmaster = taskmaster;
+    }
+    else {
+        delete metaObj.taskmaster;
+    }
+    const hasMetaKeys = Object.keys(metaObj).length > 0;
+    const newMetaValue = hasMetaKeys ? JSON.stringify(metaObj) : "";
+    // Splice metadata line into frontmatter (same logic as applyEmbedFlag).
+    if (!normalized.startsWith("---")) {
+        if (!newMetaValue)
+            return content;
+        return `---\nmetadata: ${newMetaValue}\n---\n${normalized}`;
+    }
+    const endIndex = normalized.indexOf("\n---", 3);
+    if (endIndex === -1)
+        return content;
+    const block = normalized.slice(4, endIndex);
+    const after = normalized.slice(endIndex + 4);
+    const lines = block.split("\n");
+    let replaced = false;
+    const newLines = [];
+    for (const line of lines) {
+        if (/^metadata:\s/.test(line)) {
+            replaced = true;
+            if (newMetaValue)
+                newLines.push(`metadata: ${newMetaValue}`);
+        }
+        else {
+            newLines.push(line);
+        }
+    }
+    if (!replaced && newMetaValue)
+        newLines.push(`metadata: ${newMetaValue}`);
+    return `---\n${newLines.join("\n")}\n---${after}`;
+}
 /**
  * Set or remove the `embed` flag in a SKILL.md content string's frontmatter metadata.
  * Preserves other metadata fields. Handles the case where no metadata block exists yet.

package/dist/agents/skills/workspace.js

@@ -9,6 +9,7 @@ import { parseFrontmatter, resolveTaskmasterMetadata, resolveSkillInvocationPoli
 import { resolvePluginSkillDirs } from "./plugin-skills.js";
 import { hasMarker } from "../../license/skill-pack.js";
 import { serializeByKey } from "./serialize.js";
+import { clearSkillSpawnProfiles, registerSkillSpawnProfile } from "../tool-policy.js";
 import { resolveSkillAgents } from "./agent-scope.js";
 const fsp = fs.promises;
 const skillsLogger = createSubsystemLogger("skills");
@@ -255,8 +256,27 @@ function loadSkillEntries(workspaceDir, opts) {
 }
 export function buildWorkspaceSkillSnapshot(workspaceDir, opts) {
     const skillEntries = opts?.entries ?? loadSkillEntries(workspaceDir, opts);
+    clearSkillSpawnProfiles();
     const eligible = filterSkillEntries(skillEntries, opts?.config, opts?.skillFilter, opts?.eligibility, opts?.agentId);
-    const promptEntries = eligible.filter((entry) => entry.invocation?.disableModelInvocation !== true);
+    const bundledNames = resolveBundledSkillNamesSet();
+    const skillSpawnEntries = [];
+    const mainAgentSkills = [];
+    for (const entry of eligible) {
+        const isPreloaded = bundledNames.has(entry.skill.name);
+        const allowedAgents = resolveSkillAgents(entry.skill.name, isPreloaded, opts?.config);
+        if (allowedAgents.length === 1 && allowedAgents[0] === "subagent") {
+            registerSkillSpawnProfile(entry.skill.name, entry.taskmaster?.tools ?? []);
+            skillSpawnEntries.push({
+                name: entry.skill.name,
+                description: entry.skill.description ?? "",
+                profile: `spawn:skill:${entry.skill.name}`,
+            });
+        }
+        else {
+            mainAgentSkills.push(entry);
+        }
+    }
+    const promptEntries = mainAgentSkills.filter((entry) => entry.invocation?.disableModelInvocation !== true);
     const resolvedSkills = promptEntries.map((entry) => entry.skill);
     const remoteNote = opts?.eligibility?.remote?.note?.trim();
     const prompt = [remoteNote, formatSkillsForPromptTaskmaster(promptEntries)]
@@ -264,12 +284,13 @@ export function buildWorkspaceSkillSnapshot(workspaceDir, opts) {
         .join("\n");
     return {
         prompt,
-        skills: eligible.map((entry) => ({
+        skills: mainAgentSkills.map((entry) => ({
             name: entry.skill.name,
             primaryEnv: entry.taskmaster?.primaryEnv,
         })),
         resolvedSkills,
         version: opts?.snapshotVersion,
+        skillSpawnEntries,
     };
 }
 export function buildWorkspaceSkillsPrompt(workspaceDir, opts) {

package/dist/agents/skills-status.js

@@ -87,7 +87,7 @@ function buildSkillStatus(entry, config, prefs, eligibility, bundledSkillNames)
     const blockedByAllowlist = !isBundledSkillAllowed(entry, allowBundled);
     const always = entry.taskmaster?.always === true;
     const alwaysActive = entry.taskmaster?.embed === true;
-    const emoji = entry.taskmaster?.emoji ?? entry.frontmatter.emoji;
+    const icon = entry.taskmaster?.icon ?? entry.frontmatter["icon"];
     const homepageRaw = entry.taskmaster?.homepage ??
         entry.frontmatter.homepage ??
         entry.frontmatter.website ??
@@ -172,7 +172,7 @@ function buildSkillStatus(entry, config, prefs, eligibility, bundledSkillNames)
         baseDir: entry.skill.baseDir,
         skillKey,
         primaryEnv: entry.taskmaster?.primaryEnv,
-        emoji,
+        icon,
         homepage,
         always,
         alwaysActive,

package/dist/agents/system-prompt.js

@@ -111,6 +111,20 @@ function buildMessagingSection(params) {
         "",
     ];
 }
+function buildSkillSubAgentsSection(entries) {
+    if (!entries || entries.length === 0)
+        return [];
+    const lines = [
+        "### Skill Sub-Agents",
+        "These skills are handled by sub-agents. When a task matches one of these capabilities, spawn with the listed profile and instruct the sub-agent to use the named skill.",
+        "",
+    ];
+    for (const entry of entries) {
+        lines.push(`- \`${entry.profile}\` — ${entry.name}: ${entry.description}`);
+    }
+    lines.push("");
+    return lines;
+}
 function buildVoiceSection(params) {
     if (params.isMinimal)
         return [];
@@ -139,35 +153,35 @@ function buildDocsSection(params) {
         "",
     ];
 }
+export const CORE_TOOL_SUMMARIES = {
+    read: "Read file contents",
+    write: "Create or overwrite files",
+    edit: "Make precise edits to files",
+    apply_patch: "Apply multi-file patches",
+    grep: "Search file contents for patterns",
+    find: "Find files by glob pattern",
+    ls: "List directory contents",
+    exec: "Run shell commands (pty available for TTY-required CLIs)",
+    process: "Manage background exec sessions",
+    web_search: "Search the web",
+    web_fetch: "Fetch and extract readable content from a URL",
+    browser: "Control web browser",
+    canvas: "Present/eval/snapshot the Canvas",
+    nodes: "List/describe/notify/camera/screen on paired nodes",
+    cron: "Manage scheduled events and wake events (use for reminders; when scheduling a reminder, write the systemEvent text as something that will read like a reminder when it fires, and mention that it is a reminder depending on the time gap between setting and firing; include recent context in reminder text if appropriate)",
+    message: "Send messages and channel actions",
+    gateway: "Restart, apply config, or run updates on the running Taskmaster process",
+    software_update: "Check for software updates, install them, or restart the gateway",
+    agents_list: "List agent ids allowed for sessions_spawn",
+    sessions_list: "List other sessions (incl. sub-agents) with filters/last",
+    sessions_history: "Fetch history for another session/sub-agent",
+    sessions_spawn: "Spawn a sub-agent session",
+    session_status: "Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override",
+    image: "Analyze an image with the configured image model",
+    skill_read: "Read files within skill directories (SKILL.md, references)",
+};
 export function buildAgentSystemPrompt(params) {
-    const coreToolSummaries = {
-        read: "Read file contents",
-        write: "Create or overwrite files",
-        edit: "Make precise edits to files",
-        apply_patch: "Apply multi-file patches",
-        grep: "Search file contents for patterns",
-        find: "Find files by glob pattern",
-        ls: "List directory contents",
-        exec: "Run shell commands (pty available for TTY-required CLIs)",
-        process: "Manage background exec sessions",
-        web_search: "Search the web",
-        web_fetch: "Fetch and extract readable content from a URL",
-        // Channel docking: add login tools here when a channel needs interactive linking.
-        browser: "Control web browser",
-        canvas: "Present/eval/snapshot the Canvas",
-        nodes: "List/describe/notify/camera/screen on paired nodes",
-        cron: "Manage scheduled events and wake events (use for reminders; when scheduling a reminder, write the systemEvent text as something that will read like a reminder when it fires, and mention that it is a reminder depending on the time gap between setting and firing; include recent context in reminder text if appropriate)",
-        message: "Send messages and channel actions",
-        gateway: "Restart, apply config, or run updates on the running Taskmaster process",
-        software_update: "Check for software updates, install them, or restart the gateway",
-        agents_list: "List agent ids allowed for sessions_spawn",
-        sessions_list: "List other sessions (incl. sub-agents) with filters/last",
-        sessions_history: "Fetch history for another session/sub-agent",
-        sessions_spawn: "Spawn a sub-agent session",
-        session_status: "Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override",
-        image: "Analyze an image with the configured image model",
-        skill_read: "Read files within skill directories (SKILL.md, references)",
-    };
+    const coreToolSummaries = CORE_TOOL_SUMMARIES;
     const toolOrder = [
         "read",
         "skill_read",
@@ -335,8 +349,7 @@ export function buildAgentSystemPrompt(params) {
         "- `spawn:worker` — general-purpose (files, memory, web, docs, images, skills)",
         "Pick the most specific profile that covers the task. Use `spawn:worker` when the task spans multiple domains. Always specify a `toolProfile` — omitting it gives the sub-agent your dispatcher tools, which are wrong for actual work.",
         "",
-        "Sub-agents with skill access have specialist knowledge modules (e.g. log review, weather, event management). When a task aligns with a known capability, tell the sub-agent to use the relevant skill in your task description — e.g. \"Use the log-review skill to analyse today's logs.\"",
-        "",
+        ...buildSkillSubAgentsSection(params.skillSpawnEntries),
         "## Tool Call Style",
         "Every text block you produce is delivered as a separate message. Unnecessary text blocks = unnecessary messages sent to the user.",
         "Call tools silently by default. Do not announce what you are about to do, explain what you just did, or summarise completed steps.",

package/dist/agents/tool-policy.js

@@ -1,3 +1,4 @@
+import { CORE_TOOL_SUMMARIES } from "./system-prompt.js";
 const TOOL_NAME_ALIASES = {
     bash: "exec",
     "apply-patch": "apply_patch",
@@ -64,6 +65,9 @@ export const TOOL_GROUPS = {
         "logs_read",
         "network_settings",
         "wifi_settings",
+        "account_manage",
+        "access_manage",
+        "license_manage",
     ],
     // All Taskmaster native tools (excludes provider plugins).
     "group:taskmaster": [
@@ -100,6 +104,7 @@ export const TOOL_GROUPS = {
         "api_keys",
         "file_delete",
         "file_list",
+        "file_manage",
         "skill_draft_save",
         "verify_contact",
         "verify_contact_code",
@@ -115,6 +120,9 @@ export const TOOL_GROUPS = {
         "network_settings",
         "wifi_settings",
         "skill_pack_install",
+        "account_manage",
+        "access_manage",
+        "license_manage",
         "tunnel_status",
         "tunnel_enable",
         "tunnel_disable",
@@ -234,6 +242,30 @@ const TOOL_PROFILES = {
         ],
     },
 };
+// ── Dangerous tools never granted to user-defined skill sub-agents ──────────
+const SKILL_SPAWN_NEVER_GRANT = new Set([
+    "gateway",
+    "software_update",
+    "sessions_spawn",
+    "sessions_list",
+    "sessions_history",
+    "agents_list",
+    "message",
+]);
+// ── Dynamic skill spawn profile registry ─────────────────────────────────────
+const skillSpawnProfileRegistry = new Map();
+export function clearSkillSpawnProfiles() {
+    skillSpawnProfileRegistry.clear();
+}
+export function registerSkillSpawnProfile(skillName, tools) {
+    const workerPolicy = TOOL_PROFILES["spawn:worker"];
+    const workerAllow = workerPolicy?.allow ?? [];
+    const safeDeclared = tools.filter((t) => !SKILL_SPAWN_NEVER_GRANT.has(t));
+    const allow = safeDeclared.length > 0
+        ? ["group:skills", ...safeDeclared]
+        : ["group:skills", ...workerAllow];
+    skillSpawnProfileRegistry.set(`spawn:skill:${skillName}`, { allow });
+}
 export function normalizeToolName(name) {
     const normalized = name.trim().toLowerCase();
     return TOOL_NAME_ALIASES[normalized] ?? normalized;
@@ -350,13 +382,45 @@ export function stripPluginOnlyAllowlist(policy, groups, coreTools) {
 export function resolveToolProfilePolicy(profile) {
     if (!profile)
         return undefined;
-    const resolved = TOOL_PROFILES[profile];
-    if (!resolved)
-        return undefined;
-    if (!resolved.allow && !resolved.deny)
+    const resolved = TOOL_PROFILES[profile] ??
+        skillSpawnProfileRegistry.get(profile);
+    if (!resolved || (!resolved.allow && !resolved.deny))
         return undefined;
     return {
         allow: resolved.allow ? [...resolved.allow] : undefined,
         deny: resolved.deny ? [...resolved.deny] : undefined,
     };
 }
+/**
+ * Returns all tool names available for the skill sub-agent tools selector.
+ * Merges CORE_TOOL_SUMMARIES descriptions with TOOL_GROUPS expansion.
+ * Excludes tools that must never be granted to skill sub-agents.
+ */
+export function buildSelectableToolList() {
+    const result = new Map();
+    // Add group-expanded individual tool names, grouped by group name for description.
+    for (const [groupName, members] of Object.entries(TOOL_GROUPS)) {
+        if (groupName.startsWith("group:")) {
+            const label = groupName
+                .replace("group:", "")
+                .replace(/-/g, " ")
+                .replace(/\b\w/g, (c) => c.toUpperCase());
+            for (const member of members) {
+                if (!member.startsWith("group:") && !result.has(member)) {
+                    result.set(member, `${label} operations`);
+                }
+            }
+        }
+    }
+    // Overwrite with better descriptions from CORE_TOOL_SUMMARIES when available.
+    for (const [name, description] of Object.entries(CORE_TOOL_SUMMARIES)) {
+        result.set(name, description);
+    }
+    // Filter out dangerous tools.
+    for (const name of SKILL_SPAWN_NEVER_GRANT) {
+        result.delete(name);
+    }
+    return Array.from(result.entries())
+        .map(([name, description]) => ({ name, description }))
+        .sort((a, b) => a.name.localeCompare(b.name));
+}

package/dist/agents/tools/access-manage-tool.js

@@ -0,0 +1,110 @@
+/**
+ * Agent tool for managing access control — PINs and named admin users.
+ *
+ * Wraps the gateway `access.status`, `access.setMasterPin`,
+ * `access.setAccountPin`, `access.addAdmin`, `access.removeAdmin`, and
+ * `access.updateAdminPin` RPC methods so the agent can configure access
+ * security directly during setup or administration.
+ */
+import { Type } from "@sinclair/typebox";
+import { stringEnum } from "../schema/typebox.js";
+import { jsonResult, readStringParam } from "./common.js";
+import { callGatewayTool } from "./gateway.js";
+const ACTIONS = [
+    "status",
+    "set_master_pin",
+    "set_account_pin",
+    "add_admin",
+    "remove_admin",
+    "update_admin_pin",
+];
+const AccessManageSchema = Type.Object({
+    action: stringEnum(ACTIONS, {
+        description: '"status" returns current access configuration (PINs set, admin users). ' +
+            '"set_master_pin" sets or changes the master PIN (pin required, currentPin required when changing). ' +
+            '"set_account_pin" sets a PIN for a specific account (accountId + pin required). ' +
+            '"add_admin" creates a named admin user (username + pin + accessToken required). ' +
+            '"remove_admin" deletes a named admin user (username + accessToken required). ' +
+            '"update_admin_pin" changes an admin user\'s PIN (username + newPin + accessToken required).',
+    }),
+    pin: Type.Optional(Type.String({
+        description: "PIN value — required for set_master_pin, set_account_pin, and add_admin.",
+    })),
+    currentPin: Type.Optional(Type.String({
+        description: "Current master PIN — required when changing an existing master PIN (set_master_pin).",
+    })),
+    newPin: Type.Optional(Type.String({
+        description: "New PIN — required for update_admin_pin.",
+    })),
+    accountId: Type.Optional(Type.String({
+        description: "Account ID — required for set_account_pin.",
+    })),
+    username: Type.Optional(Type.String({
+        description: "Admin username — required for add_admin, remove_admin, and update_admin_pin.",
+    })),
+    accessToken: Type.Optional(Type.String({
+        description: "Master session token — required for add_admin, remove_admin, and update_admin_pin.",
+    })),
+});
+export function createAccessManageTool() {
+    return {
+        label: "Access Management",
+        name: "access_manage",
+        description: "Manage access control — PINs and named admin users. " +
+            "Actions: " +
+            '"status" (current access configuration), ' +
+            '"set_master_pin" (set or change the master PIN — pass pin, and currentPin when changing), ' +
+            '"set_account_pin" (set a PIN for a specific account — pass accountId + pin), ' +
+            '"add_admin" (create a named admin user — pass username + pin + accessToken), ' +
+            '"remove_admin" (delete a named admin user — pass username + accessToken), ' +
+            '"update_admin_pin" (change an admin user\'s PIN — pass username + newPin + accessToken).',
+        parameters: AccessManageSchema,
+        execute: async (_toolCallId, args) => {
+            const params = args;
+            const action = readStringParam(params, "action", { required: true });
+            switch (action) {
+                case "status": {
+                    const result = await callGatewayTool("access.status", {});
+                    return jsonResult(result);
+                }
+                case "set_master_pin": {
+                    const pin = readStringParam(params, "pin", { required: true });
+                    const currentPin = readStringParam(params, "currentPin");
+                    const callParams = { pin };
+                    if (currentPin)
+                        callParams.currentPin = currentPin;
+                    const result = await callGatewayTool("access.setMasterPin", {}, callParams);
+                    return jsonResult(result);
+                }
+                case "set_account_pin": {
+                    const accountId = readStringParam(params, "accountId", { required: true });
+                    const pin = readStringParam(params, "pin", { required: true });
+                    const result = await callGatewayTool("access.setAccountPin", {}, { accountId, pin });
+                    return jsonResult(result);
+                }
+                case "add_admin": {
+                    const username = readStringParam(params, "username", { required: true });
+                    const pin = readStringParam(params, "pin", { required: true });
+                    const accessToken = readStringParam(params, "accessToken", { required: true });
+                    const result = await callGatewayTool("access.addAdmin", {}, { username, pin, accessToken });
+                    return jsonResult(result);
+                }
+                case "remove_admin": {
+                    const username = readStringParam(params, "username", { required: true });
+                    const accessToken = readStringParam(params, "accessToken", { required: true });
+                    const result = await callGatewayTool("access.removeAdmin", {}, { username, accessToken });
+                    return jsonResult(result);
+                }
+                case "update_admin_pin": {
+                    const username = readStringParam(params, "username", { required: true });
+                    const newPin = readStringParam(params, "newPin", { required: true });
+                    const accessToken = readStringParam(params, "accessToken", { required: true });
+                    const result = await callGatewayTool("access.updateAdminPin", {}, { username, newPin, accessToken });
+                    return jsonResult(result);
+                }
+                default:
+                    throw new Error(`Unknown action: ${action}. Use "status", "set_master_pin", "set_account_pin", "add_admin", "remove_admin", or "update_admin_pin".`);
+            }
+        },
+    };
+}

package/dist/agents/tools/account-manage-tool.js

@@ -0,0 +1,78 @@
+/**
+ * Agent tool for managing business accounts (workspaces).
+ *
+ * Wraps the gateway `workspaces.list`, `workspaces.create`, `workspaces.remove`,
+ * and `workspaces.rename` RPC methods so the agent can manage accounts directly
+ * during conversation — without requiring the user to navigate the control panel.
+ */
+import { Type } from "@sinclair/typebox";
+import { stringEnum } from "../schema/typebox.js";
+import { jsonResult, readStringParam } from "./common.js";
+import { callGatewayTool } from "./gateway.js";
+const ACCOUNT_MANAGE_ACTIONS = ["list", "create", "remove", "rename"];
+const AccountManageSchema = Type.Object({
+    action: stringEnum(ACCOUNT_MANAGE_ACTIONS, {
+        description: '"list" returns all business accounts. ' +
+            '"create" creates a new account (name required, displayName and template optional). ' +
+            '"remove" deletes an account (name required). ' +
+            '"rename" changes the display name of an account (name + displayName required).',
+    }),
+    name: Type.Optional(Type.String({
+        description: "Workspace name (required for create, remove, rename).",
+    })),
+    displayName: Type.Optional(Type.String({
+        description: "Human-friendly display name (used with create and rename).",
+    })),
+    template: Type.Optional(Type.String({
+        description: "Template name for create. Defaults to cloning the default workspace if omitted.",
+    })),
+});
+export function createAccountManageTool() {
+    return {
+        label: "Account Management",
+        name: "account_manage",
+        description: "Manage business accounts (workspaces): list, create, remove, or rename. " +
+            '"list" returns all configured accounts. ' +
+            '"create" provisions a new account (name required; displayName and template optional). ' +
+            '"remove" deletes an account and its workspace (name required). ' +
+            '"rename" updates the display name of an existing account (name + displayName required).',
+        parameters: AccountManageSchema,
+        execute: async (_toolCallId, args) => {
+            const params = args;
+            const action = readStringParam(params, "action", { required: true });
+            switch (action) {
+                case "list": {
+                    const result = await callGatewayTool("workspaces.list", {}, {});
+                    return jsonResult(result);
+                }
+                case "create": {
+                    const name = readStringParam(params, "name", { required: true, label: "name" });
+                    const displayName = readStringParam(params, "displayName");
+                    const template = readStringParam(params, "template");
+                    const result = await callGatewayTool("workspaces.create", {}, {
+                        name,
+                        ...(displayName ? { displayName } : {}),
+                        ...(template ? { template } : {}),
+                    });
+                    return jsonResult(result);
+                }
+                case "remove": {
+                    const name = readStringParam(params, "name", { required: true, label: "name" });
+                    const result = await callGatewayTool("workspaces.remove", {}, { name });
+                    return jsonResult(result);
+                }
+                case "rename": {
+                    const name = readStringParam(params, "name", { required: true, label: "name" });
+                    const displayName = readStringParam(params, "displayName", {
+                        required: true,
+                        label: "displayName",
+                    });
+                    const result = await callGatewayTool("workspaces.rename", {}, { name, displayName });
+                    return jsonResult(result);
+                }
+                default:
+                    throw new Error(`Unknown action: ${action}. Use "list", "create", "remove", or "rename".`);
+            }
+        },
+    };
+}