@rubytech/taskmaster 1.9.0 → 1.9.2

package/dist/build-info.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.9.0",
-  "commit": "6ec3baf15f49752d39bae9589b10d00ba492cc2a",
-  "builtAt": "2026-02-26T20:00:11.544Z"
+  "version": "1.9.2",
+  "commit": "1780753dfd111891f360a6f6d8e0490437acde9b",
+  "builtAt": "2026-02-27T07:27:50.330Z"
 }

package/dist/config/legacy.migrations.part-3.js

@@ -267,6 +267,34 @@ export const LEGACY_CONFIG_MIGRATIONS_PART_3 = [
             changes.push("Set default model fallbacks: google/gemini-3-pro-preview, openai/gpt-5.2.");
         },
     },
+    {
+        id: "admin-agent-tools-add-image_generate",
+        describe: "Add image_generate to admin agent tools.allow",
+        apply: (raw, changes) => {
+            const agents = getRecord(raw.agents);
+            const list = getAgentsList(agents);
+            for (const entry of list) {
+                if (!isRecord(entry))
+                    continue;
+                const id = typeof entry.id === "string" ? entry.id.trim() : "";
+                if (!id)
+                    continue;
+                const isAdmin = id === "admin" || id.endsWith("-admin");
+                if (!isAdmin)
+                    continue;
+                const tools = getRecord(entry.tools);
+                if (!tools)
+                    continue;
+                if (!Array.isArray(tools.allow))
+                    continue;
+                const allow = tools.allow;
+                if (!allow.includes("image_generate")) {
+                    allow.push("image_generate");
+                    changes.push(`Added image_generate to agent "${id}" tools.allow.`);
+                }
+            }
+        },
+    },
     {
         id: "agents-tools-remove-sessions_send",
         describe: "Remove sessions_send from agent tools.allow (tool removed for security)",

package/dist/cron/service/ops.js

@@ -23,6 +23,17 @@ export function stop(state) {
     stopTimer(state);
 }
 export async function status(state) {
+    // When the store is already loaded, read without the lock.  This avoids
+    // deadlock when an agent running inside a cron job calls cron.status —
+    // the lock is held by executeJob for the entire agent turn.
+    if (state.store) {
+        return {
+            enabled: state.deps.cronEnabled,
+            storePath: state.deps.storePath,
+            jobs: state.store.jobs.length,
+            nextWakeAtMs: state.deps.cronEnabled === true ? (nextWakeAtMs(state) ?? null) : null,
+        };
+    }
     return await locked(state, async () => {
         await ensureLoaded(state);
         return {
@@ -34,6 +45,14 @@ export async function status(state) {
     });
 }
 export async function list(state, opts) {
+    // When the store is already loaded, read without the lock.  This avoids
+    // deadlock when an agent running inside a cron job calls cron.list —
+    // the lock is held by executeJob for the entire agent turn.
+    if (state.store) {
+        const includeDisabled = opts?.includeDisabled === true;
+        const jobs = state.store.jobs.filter((j) => includeDisabled || j.enabled);
+        return jobs.sort((a, b) => (a.state.nextRunAtMs ?? 0) - (b.state.nextRunAtMs ?? 0));
+    }
     return await locked(state, async () => {
         await ensureLoaded(state);
         const includeDisabled = opts?.includeDisabled === true;
@@ -99,19 +118,27 @@ export async function remove(state, id) {
     });
 }
 export async function run(state, id, mode) {
-    return await locked(state, async () => {
+    // Resolve the job under the lock, then release before executing.
+    // executeJob runs a full agent turn whose tools may call back into the
+    // cron service.  Holding the lock during execution causes a deadlock.
+    const resolved = await locked(state, async () => {
         warnIfDisabled(state, "run");
         await ensureLoaded(state);
         const job = findJobOrThrow(state, id);
         const now = state.deps.nowMs();
         const due = isJobDue(job, now, { forced: mode === "force" });
         if (!due)
-            return { ok: true, ran: false, reason: "not-due" };
-        await executeJob(state, job, now, { forced: mode === "force" });
+            return { job: null, now: 0, notDue: true };
+        return { job, now, notDue: false };
+    });
+    if (resolved.notDue)
+        return { ok: true, ran: false, reason: "not-due" };
+    await executeJob(state, resolved.job, resolved.now, { forced: mode === "force" });
+    await locked(state, async () => {
         await persist(state);
         armTimer(state);
-        return { ok: true, ran: true };
     });
+    return { ok: true, ran: true };
 }
 export function wakeNow(state, opts) {
     return wake(state, opts);

package/dist/cron/service/timer.js

@@ -26,9 +26,15 @@ export async function onTimer(state) {
         return;
     state.running = true;
     try {
+        // Load store under the lock, then release before executing jobs.
+        // executeJob runs a full agent turn whose tools may call back into the
+        // cron service (e.g. cron.list).  Holding the lock during execution
+        // causes a deadlock because the inner cron call waits for the same lock.
         await locked(state, async () => {
             await ensureLoaded(state);
-            await runDueJobs(state);
+        });
+        await runDueJobs(state);
+        await locked(state, async () => {
             await persist(state);
             armTimer(state);
         });

package/dist/gateway/server.impl.js

@@ -102,21 +102,16 @@ export async function startGatewayServer(port = 18789, opts = {}) {
                 .join("\n")}`);
         }
     }
-    // Persist default model fallbacks to config if missing.  The in-memory
-    // defaults cover runtime, but writing to disk makes the fallback chain
-    // visible in the config file and survives across gateway restarts.
+    // Run all migrations unconditionally to catch additive changes (new tools
+    // in agent allow lists, new defaults) that the legacy-rules system cannot
+    // detect — rules flag keys that *exist*, not keys that are *missing*.
+    // Migrations are idempotent; nothing is written when there are no changes.
     if (configSnapshot.exists && !isNixMode) {
         const parsed = configSnapshot.parsed;
-        const agentsRaw = parsed?.agents;
-        const defaultsRaw = agentsRaw?.defaults;
-        const modelRaw = defaultsRaw?.model;
-        const fallbacks = modelRaw?.fallbacks;
-        if (!Array.isArray(fallbacks) || fallbacks.length === 0) {
-            const { config: migrated, changes } = migrateLegacyConfig(parsed ?? {});
-            if (migrated && changes.length > 0) {
-                await writeConfigFile(migrated);
-                log.info(`gateway: applied config defaults:\n${changes.map((entry) => `- ${entry}`).join("\n")}`);
-            }
+        const { config: migrated, changes } = migrateLegacyConfig(parsed ?? {});
+        if (migrated && changes.length > 0) {
+            await writeConfigFile(migrated);
+            log.info(`gateway: applied config defaults:\n${changes.map((entry) => `- ${entry}`).join("\n")}`);
         }
     }
     configSnapshot = await readConfigFileSnapshot();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/taskmaster",
-  "version": "1.9.0",
+  "version": "1.9.2",
   "description": "AI-powered business assistant for small businesses",
   "publishConfig": {
     "access": "public"

package/taskmaster-docs/USER-GUIDE.md

@@ -1356,7 +1356,7 @@ Or, if the SD card is already written:
 ssh admin@taskmaster.local
 ```
 
-Enter the password when prompted. The default password depends on how the Pi was set up — typically `taskmaster` for pre-installed devices, or whatever you chose during Raspberry Pi OS setup.
+Enter the password when prompted. The default password is `password` for pre-installed devices, or whatever you chose during Raspberry Pi OS setup.
 
 > **Security tip:** Change the default password after your first SSH login by running `passwd` on the Pi.