@schuttdev/gigai 0.2.9 → 0.3.1

package/dist/{dist-YWMCMOTP.js → dist-DTBR4X7U.js}

@@ -1,275 +1,36 @@
 #!/usr/bin/env node
+import {
+  execCommandSafe
+} from "./chunk-O45SW2HC.js";
+import {
+  editBuiltin,
+  globBuiltin,
+  grepBuiltin,
+  listDirSafe,
+  readBuiltin,
+  readFileSafe,
+  searchFilesSafe,
+  writeBuiltin
+} from "./chunk-FW3JH5IG.js";
+import {
+  ErrorCode,
+  GigaiConfigSchema,
+  GigaiError,
+  decrypt,
+  encrypt,
+  generateEncryptionKey
+} from "./chunk-P53UVHTF.js";
 
 // ../server/dist/index.mjs
 import { parseArgs } from "util";
+import { resolve as resolve7 } from "path";
 import Fastify from "fastify";
 import cors from "@fastify/cors";
 import rateLimit from "@fastify/rate-limit";
 import multipart from "@fastify/multipart";
-
-// ../shared/dist/index.mjs
-import { randomBytes, createCipheriv, createDecipheriv } from "crypto";
-import { z } from "zod";
-var ALGORITHM = "aes-256-gcm";
-var IV_LENGTH = 12;
-var TAG_LENGTH = 16;
-function encrypt(payload, key) {
-  const keyBuffer = Buffer.from(key, "hex");
-  if (keyBuffer.length !== 32) {
-    throw new Error("Encryption key must be 32 bytes (64 hex chars)");
-  }
-  const iv = randomBytes(IV_LENGTH);
-  const cipher = createCipheriv(ALGORITHM, keyBuffer, iv, {
-    authTagLength: TAG_LENGTH
-  });
-  const plaintext = JSON.stringify(payload);
-  const encrypted = Buffer.concat([
-    cipher.update(plaintext, "utf8"),
-    cipher.final()
-  ]);
-  const tag = cipher.getAuthTag();
-  return {
-    iv: iv.toString("base64"),
-    ciphertext: encrypted.toString("base64"),
-    tag: tag.toString("base64")
-  };
-}
-function decrypt(encrypted, key) {
-  const keyBuffer = Buffer.from(key, "hex");
-  if (keyBuffer.length !== 32) {
-    throw new Error("Encryption key must be 32 bytes (64 hex chars)");
-  }
-  const iv = Buffer.from(encrypted.iv, "base64");
-  const ciphertext = Buffer.from(encrypted.ciphertext, "base64");
-  const tag = Buffer.from(encrypted.tag, "base64");
-  const decipher = createDecipheriv(ALGORITHM, keyBuffer, iv, {
-    authTagLength: TAG_LENGTH
-  });
-  decipher.setAuthTag(tag);
-  const decrypted = Buffer.concat([
-    decipher.update(ciphertext),
-    decipher.final()
-  ]);
-  return JSON.parse(decrypted.toString("utf8"));
-}
-function generateEncryptionKey() {
-  return randomBytes(32).toString("hex");
-}
-var ErrorCode = /* @__PURE__ */ ((ErrorCode2) => {
-  ErrorCode2["PAIRING_EXPIRED"] = "PAIRING_EXPIRED";
-  ErrorCode2["PAIRING_INVALID"] = "PAIRING_INVALID";
-  ErrorCode2["PAIRING_USED"] = "PAIRING_USED";
-  ErrorCode2["TOKEN_INVALID"] = "TOKEN_INVALID";
-  ErrorCode2["TOKEN_DECRYPT_FAILED"] = "TOKEN_DECRYPT_FAILED";
-  ErrorCode2["ORG_MISMATCH"] = "ORG_MISMATCH";
-  ErrorCode2["SESSION_EXPIRED"] = "SESSION_EXPIRED";
-  ErrorCode2["SESSION_INVALID"] = "SESSION_INVALID";
-  ErrorCode2["AUTH_REQUIRED"] = "AUTH_REQUIRED";
-  ErrorCode2["TOOL_NOT_FOUND"] = "TOOL_NOT_FOUND";
-  ErrorCode2["EXEC_TIMEOUT"] = "EXEC_TIMEOUT";
-  ErrorCode2["EXEC_FAILED"] = "EXEC_FAILED";
-  ErrorCode2["HTTPS_REQUIRED"] = "HTTPS_REQUIRED";
-  ErrorCode2["RATE_LIMITED"] = "RATE_LIMITED";
-  ErrorCode2["VALIDATION_ERROR"] = "VALIDATION_ERROR";
-  ErrorCode2["INTERNAL_ERROR"] = "INTERNAL_ERROR";
-  ErrorCode2["MCP_ERROR"] = "MCP_ERROR";
-  ErrorCode2["MCP_NOT_CONNECTED"] = "MCP_NOT_CONNECTED";
-  ErrorCode2["TRANSFER_NOT_FOUND"] = "TRANSFER_NOT_FOUND";
-  ErrorCode2["TRANSFER_EXPIRED"] = "TRANSFER_EXPIRED";
-  ErrorCode2["PATH_NOT_ALLOWED"] = "PATH_NOT_ALLOWED";
-  ErrorCode2["COMMAND_NOT_ALLOWED"] = "COMMAND_NOT_ALLOWED";
-  return ErrorCode2;
-})(ErrorCode || {});
-var STATUS_CODES = {
-  [
-    "PAIRING_EXPIRED"
-    /* PAIRING_EXPIRED */
-  ]: 410,
-  [
-    "PAIRING_INVALID"
-    /* PAIRING_INVALID */
-  ]: 400,
-  [
-    "PAIRING_USED"
-    /* PAIRING_USED */
-  ]: 409,
-  [
-    "TOKEN_INVALID"
-    /* TOKEN_INVALID */
-  ]: 401,
-  [
-    "TOKEN_DECRYPT_FAILED"
-    /* TOKEN_DECRYPT_FAILED */
-  ]: 401,
-  [
-    "ORG_MISMATCH"
-    /* ORG_MISMATCH */
-  ]: 403,
-  [
-    "SESSION_EXPIRED"
-    /* SESSION_EXPIRED */
-  ]: 401,
-  [
-    "SESSION_INVALID"
-    /* SESSION_INVALID */
-  ]: 401,
-  [
-    "AUTH_REQUIRED"
-    /* AUTH_REQUIRED */
-  ]: 401,
-  [
-    "TOOL_NOT_FOUND"
-    /* TOOL_NOT_FOUND */
-  ]: 404,
-  [
-    "EXEC_TIMEOUT"
-    /* EXEC_TIMEOUT */
-  ]: 408,
-  [
-    "EXEC_FAILED"
-    /* EXEC_FAILED */
-  ]: 500,
-  [
-    "HTTPS_REQUIRED"
-    /* HTTPS_REQUIRED */
-  ]: 403,
-  [
-    "RATE_LIMITED"
-    /* RATE_LIMITED */
-  ]: 429,
-  [
-    "VALIDATION_ERROR"
-    /* VALIDATION_ERROR */
-  ]: 400,
-  [
-    "INTERNAL_ERROR"
-    /* INTERNAL_ERROR */
-  ]: 500,
-  [
-    "MCP_ERROR"
-    /* MCP_ERROR */
-  ]: 502,
-  [
-    "MCP_NOT_CONNECTED"
-    /* MCP_NOT_CONNECTED */
-  ]: 503,
-  [
-    "TRANSFER_NOT_FOUND"
-    /* TRANSFER_NOT_FOUND */
-  ]: 404,
-  [
-    "TRANSFER_EXPIRED"
-    /* TRANSFER_EXPIRED */
-  ]: 410,
-  [
-    "PATH_NOT_ALLOWED"
-    /* PATH_NOT_ALLOWED */
-  ]: 403,
-  [
-    "COMMAND_NOT_ALLOWED"
-    /* COMMAND_NOT_ALLOWED */
-  ]: 403
-};
-var GigaiError = class extends Error {
-  code;
-  statusCode;
-  details;
-  constructor(code, message, details) {
-    super(message);
-    this.name = "GigaiError";
-    this.code = code;
-    this.statusCode = STATUS_CODES[code];
-    this.details = details;
-  }
-  toJSON() {
-    return {
-      error: {
-        code: this.code,
-        message: this.message,
-        ...this.details !== void 0 && { details: this.details }
-      }
-    };
-  }
-};
-var TailscaleHttpsConfigSchema = z.object({
-  provider: z.literal("tailscale"),
-  funnelPort: z.number().optional()
-});
-var CloudflareHttpsConfigSchema = z.object({
-  provider: z.literal("cloudflare"),
-  tunnelName: z.string(),
-  domain: z.string().optional()
-});
-var ManualHttpsConfigSchema = z.object({
-  provider: z.literal("manual"),
-  certPath: z.string(),
-  keyPath: z.string()
-});
-var HttpsConfigSchema = z.discriminatedUnion("provider", [
-  TailscaleHttpsConfigSchema,
-  CloudflareHttpsConfigSchema,
-  ManualHttpsConfigSchema
-]);
-var CliToolConfigSchema = z.object({
-  type: z.literal("cli"),
-  name: z.string(),
-  command: z.string(),
-  args: z.array(z.string()).optional(),
-  description: z.string(),
-  timeout: z.number().optional(),
-  cwd: z.string().optional(),
-  env: z.record(z.string()).optional()
-});
-var McpToolConfigSchema = z.object({
-  type: z.literal("mcp"),
-  name: z.string(),
-  command: z.string(),
-  args: z.array(z.string()).optional(),
-  description: z.string(),
-  env: z.record(z.string()).optional()
-});
-var ScriptToolConfigSchema = z.object({
-  type: z.literal("script"),
-  name: z.string(),
-  path: z.string(),
-  description: z.string(),
-  timeout: z.number().optional(),
-  interpreter: z.string().optional()
-});
-var BuiltinToolConfigSchema = z.object({
-  type: z.literal("builtin"),
-  name: z.string(),
-  builtin: z.enum(["filesystem", "shell", "read", "write", "edit", "glob", "grep", "bash"]),
-  description: z.string(),
-  config: z.record(z.unknown()).optional()
-});
-var ToolConfigSchema = z.discriminatedUnion("type", [
-  CliToolConfigSchema,
-  McpToolConfigSchema,
-  ScriptToolConfigSchema,
-  BuiltinToolConfigSchema
-]);
-var AuthConfigSchema = z.object({
-  encryptionKey: z.string().length(64),
-  pairingTtlSeconds: z.number().default(300),
-  sessionTtlSeconds: z.number().default(14400)
-});
-var ServerConfigSchema = z.object({
-  port: z.number().default(7443),
-  host: z.string().default("0.0.0.0"),
-  https: HttpsConfigSchema.optional()
-});
-var GigaiConfigSchema = z.object({
-  serverName: z.string().optional(),
-  server: ServerConfigSchema,
-  auth: AuthConfigSchema,
-  tools: z.array(ToolConfigSchema).default([])
-});
-
-// ../server/dist/index.mjs
 import fp from "fastify-plugin";
 import { nanoid } from "nanoid";
-import { randomBytes as randomBytes2 } from "crypto";
+import { randomBytes } from "crypto";
 import { hostname } from "os";
 import { nanoid as nanoid2 } from "nanoid";
 import fp2 from "fastify-plugin";
@@ -278,38 +39,37 @@ import { spawn } from "child_process";
 import fp4 from "fastify-plugin";
 import { Client } from "@modelcontextprotocol/sdk/client/index.js";
 import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
-import { readFileSync } from "fs";
+import fp5 from "fastify-plugin";
+import { readFile, writeFile } from "fs/promises";
 import { resolve } from "path";
-import {
-  readFile as fsReadFile,
-  writeFile as fsWriteFile,
-  readdir
-} from "fs/promises";
-import { resolve as resolve2, relative, join } from "path";
-import { realpath } from "fs/promises";
-import { spawn as spawn2 } from "child_process";
-import { spawn as spawn3 } from "child_process";
-import { writeFile, readFile, unlink, mkdir } from "fs/promises";
-import { join as join2 } from "path";
-import { tmpdir } from "os";
 import { nanoid as nanoid3 } from "nanoid";
-import { execFile, spawn as spawn4 } from "child_process";
+import { dirname as dirname2 } from "path";
+import { readFileSync } from "fs";
+import { resolve as resolve2 } from "path";
+import { platform, hostname as hostname2 } from "os";
+import { platform as platform2 } from "os";
+import { writeFile as writeFile2, readFile as readFile2, unlink, mkdir } from "fs/promises";
+import { join } from "path";
+import { tmpdir } from "os";
+import { nanoid as nanoid4 } from "nanoid";
+import { execFile, spawn as spawn2 } from "child_process";
 import { promisify } from "util";
-import { readFile as readFile2 } from "fs/promises";
+import { readFile as readFile3 } from "fs/promises";
 import { resolve as resolve3 } from "path";
-import { spawn as spawn5 } from "child_process";
-import { spawn as spawn6 } from "child_process";
+import { spawn as spawn3 } from "child_process";
+import { spawn as spawn4 } from "child_process";
 import { input, select, checkbox, confirm } from "@inquirer/prompts";
-import { writeFile as writeFile2 } from "fs/promises";
-import { resolve as resolve4 } from "path";
-import { execFile as execFile2, spawn as spawn7 } from "child_process";
+import { readFile as readFile4, writeFile as writeFile3, readdir } from "fs/promises";
+import { resolve as resolve4, join as join2 } from "path";
+import { execFile as execFile2, spawn as spawn5 } from "child_process";
 import { promisify as promisify2 } from "util";
+import { homedir, platform as platform3 } from "os";
 import { input as input2 } from "@inquirer/prompts";
-import { readFile as readFile3, writeFile as writeFile3 } from "fs/promises";
+import { readFile as readFile5, writeFile as writeFile4 } from "fs/promises";
 import { resolve as resolve5 } from "path";
-import { writeFile as writeFile4 } from "fs/promises";
+import { writeFile as writeFile5 } from "fs/promises";
 import { resolve as resolve6, join as join3 } from "path";
-import { homedir, platform } from "os";
+import { homedir as homedir2, platform as platform4 } from "os";
 import { execFile as execFile3 } from "child_process";
 import { promisify as promisify3 } from "util";
 var AuthStore = class {
@@ -445,7 +205,7 @@ function validateAndPair(store, code, orgUuid, encryptionKey, serverFingerprint)
   );
 }
 function registerAuthRoutes(server, store, config) {
-  const serverFingerprint = randomBytes2(16).toString("hex");
+  const serverFingerprint = randomBytes(16).toString("hex");
   const serverName = config.serverName ?? hostname();
   server.post("/auth/pair", {
     config: {
@@ -623,7 +383,7 @@ function executeTool(entry, args, timeout) {
         `Cannot execute tool of type: ${entry.type}`
       );
   }
-  return new Promise((resolve7, reject) => {
+  return new Promise((resolve8, reject) => {
     const start = Date.now();
     const stdoutChunks = [];
     const stderrChunks = [];
@@ -671,7 +431,7 @@ function executeTool(entry, args, timeout) {
         reject(new GigaiError(ErrorCode.EXEC_TIMEOUT, `Tool execution timed out after ${effectiveTimeout}ms`));
         return;
       }
-      resolve7({
+      resolve8({
         stdout: Buffer.concat(stdoutChunks).toString("utf8"),
         stderr: Buffer.concat(stderrChunks).toString("utf8"),
         exitCode: exitCode ?? 1,
@@ -822,11 +582,296 @@ var mcpPlugin = fp4(async (server, opts) => {
     await lifecycle.shutdown();
   });
 }, { name: "mcp" });
+function parseCronField(field, min, max) {
+  const result = /* @__PURE__ */ new Set();
+  for (const part of field.split(",")) {
+    let [range, stepStr] = part.split("/");
+    const step = stepStr ? parseInt(stepStr, 10) : 1;
+    if (range === "*") {
+      for (let i = min; i <= max; i += step) result.add(i);
+    } else if (range.includes("-")) {
+      const [lo, hi] = range.split("-").map(Number);
+      for (let i = lo; i <= hi; i += step) result.add(i);
+    } else {
+      result.add(parseInt(range, 10));
+    }
+  }
+  return [...result].sort((a, b) => a - b);
+}
+function parseCron(expression) {
+  const parts = expression.trim().split(/\s+/);
+  if (parts.length !== 5) {
+    throw new Error(`Invalid cron expression: expected 5 fields, got ${parts.length}`);
+  }
+  return {
+    minutes: parseCronField(parts[0], 0, 59),
+    hours: parseCronField(parts[1], 0, 23),
+    daysOfMonth: parseCronField(parts[2], 1, 31),
+    months: parseCronField(parts[3], 1, 12),
+    daysOfWeek: parseCronField(parts[4], 0, 6)
+    // 0 = Sunday
+  };
+}
+function matchesCron(date, cron) {
+  return cron.minutes.includes(date.getMinutes()) && cron.hours.includes(date.getHours()) && cron.daysOfMonth.includes(date.getDate()) && cron.months.includes(date.getMonth() + 1) && cron.daysOfWeek.includes(date.getDay());
+}
+function nextRunDate(expression, after = /* @__PURE__ */ new Date()) {
+  const cron = parseCron(expression);
+  const d = new Date(after);
+  d.setSeconds(0, 0);
+  d.setMinutes(d.getMinutes() + 1);
+  const limit = 4 * 366 * 24 * 60;
+  for (let i = 0; i < limit; i++) {
+    if (matchesCron(d, cron)) return d;
+    d.setMinutes(d.getMinutes() + 1);
+  }
+  throw new Error(`Unable to compute next run for expression: ${expression}`);
+}
+function parseAtExpression(input3) {
+  const now = /* @__PURE__ */ new Date();
+  let target;
+  const relMatch = input3.match(/^in\s+(\d+)\s+(minute|minutes|hour|hours)$/i);
+  if (relMatch) {
+    const n = parseInt(relMatch[1], 10);
+    const unit = relMatch[2].toLowerCase();
+    target = new Date(now);
+    if (unit.startsWith("minute")) {
+      target.setMinutes(target.getMinutes() + n);
+    } else {
+      target.setHours(target.getHours() + n);
+    }
+  }
+  if (!target) {
+    const absMatch = input3.match(/^(\d{4}-\d{2}-\d{2})\s+(\d{1,2}):(\d{2})$/);
+    if (absMatch) {
+      const [, datePart, h, m] = absMatch;
+      target = /* @__PURE__ */ new Date(`${datePart}T${h.padStart(2, "0")}:${m}:00`);
+    }
+  }
+  if (!target) {
+    const timeMatch = input3.match(
+      /^(\d{1,2}):(\d{2})\s*(AM|PM)(?:\s+(tomorrow))?$/i
+    );
+    if (timeMatch) {
+      let hours = parseInt(timeMatch[1], 10);
+      const minutes = parseInt(timeMatch[2], 10);
+      const ampm = timeMatch[3].toUpperCase();
+      const isTomorrow = !!timeMatch[4];
+      if (ampm === "PM" && hours !== 12) hours += 12;
+      if (ampm === "AM" && hours === 12) hours = 0;
+      target = new Date(now);
+      target.setHours(hours, minutes, 0, 0);
+      if (isTomorrow) {
+        target.setDate(target.getDate() + 1);
+      } else if (target <= now) {
+        target.setDate(target.getDate() + 1);
+      }
+    }
+  }
+  if (!target) {
+    throw new Error(
+      `Cannot parse time expression: "${input3}". Supported formats: "9:00 AM", "9:00 AM tomorrow", "2024-03-08 14:30", "in 30 minutes", "in 2 hours"`
+    );
+  }
+  const min = target.getMinutes();
+  const hour = target.getHours();
+  const day = target.getDate();
+  const month = target.getMonth() + 1;
+  return `${min} ${hour} ${day} ${month} *`;
+}
+var CronScheduler = class {
+  jobs = [];
+  timer;
+  filePath;
+  executor;
+  log;
+  constructor(configDir, executor, log) {
+    this.filePath = resolve(configDir, "gigai.crons.json");
+    this.executor = executor;
+    this.log = log;
+  }
+  // --- Persistence ---
+  async load() {
+    try {
+      const raw = await readFile(this.filePath, "utf8");
+      const data = JSON.parse(raw);
+      this.jobs = data.jobs ?? [];
+    } catch {
+      this.jobs = [];
+    }
+  }
+  async save() {
+    const data = { jobs: this.jobs };
+    await writeFile(this.filePath, JSON.stringify(data, null, 2) + "\n", "utf8");
+  }
+  // --- Job CRUD ---
+  async addJob(opts) {
+    parseCron(opts.schedule);
+    const job = {
+      id: nanoid3(12),
+      schedule: opts.schedule,
+      tool: opts.tool,
+      args: opts.args,
+      description: opts.description,
+      createdAt: Date.now(),
+      nextRun: nextRunDate(opts.schedule).getTime(),
+      enabled: true,
+      oneShot: opts.oneShot
+    };
+    this.jobs.push(job);
+    await this.save();
+    return job;
+  }
+  async removeJob(id) {
+    const before = this.jobs.length;
+    this.jobs = this.jobs.filter((j) => j.id !== id);
+    if (this.jobs.length === before) return false;
+    await this.save();
+    return true;
+  }
+  async toggleJob(id) {
+    const job = this.jobs.find((j) => j.id === id);
+    if (!job) return void 0;
+    job.enabled = !job.enabled;
+    if (job.enabled) {
+      job.nextRun = nextRunDate(job.schedule).getTime();
+    }
+    await this.save();
+    return job;
+  }
+  listJobs() {
+    return [...this.jobs];
+  }
+  // --- Tick / execution ---
+  start() {
+    this.log.info("Cron scheduler started (30s interval)");
+    this.timer = setInterval(() => void this.tick(), 3e4);
+    void this.tick();
+  }
+  stop() {
+    if (this.timer) {
+      clearInterval(this.timer);
+      this.timer = void 0;
+    }
+    this.log.info("Cron scheduler stopped");
+  }
+  async tick() {
+    const now = /* @__PURE__ */ new Date();
+    let dirty = false;
+    for (const job of this.jobs) {
+      if (!job.enabled) continue;
+      const cron = parseCron(job.schedule);
+      if (!matchesCron(now, cron)) continue;
+      if (job.lastRun) {
+        const lastRunDate = new Date(job.lastRun);
+        if (lastRunDate.getFullYear() === now.getFullYear() && lastRunDate.getMonth() === now.getMonth() && lastRunDate.getDate() === now.getDate() && lastRunDate.getHours() === now.getHours() && lastRunDate.getMinutes() === now.getMinutes()) {
+          continue;
+        }
+      }
+      this.log.info(`Cron executing job ${job.id}: ${job.tool} ${job.args.join(" ")}`);
+      try {
+        await this.executor(job.tool, job.args);
+        this.log.info(`Cron job ${job.id} completed successfully`);
+      } catch (e) {
+        this.log.error(`Cron job ${job.id} failed: ${e.message}`);
+      }
+      job.lastRun = Date.now();
+      if (job.oneShot) {
+        job.enabled = false;
+        this.log.info(`Cron job ${job.id} (one-shot) disabled after execution`);
+      } else {
+        job.nextRun = nextRunDate(job.schedule).getTime();
+      }
+      dirty = true;
+    }
+    if (dirty) {
+      await this.save();
+    }
+  }
+};
+var cronPlugin = fp5(async (server, opts) => {
+  const configDir = dirname2(opts.configPath);
+  const executor = async (tool, args) => {
+    const entry = server.registry.get(tool);
+    if (entry.type === "builtin") {
+      const { execCommandSafe: execCommandSafe2 } = await import("./shell-B35UFUCJ-LJUZUNM6.js");
+      const {
+        readFileSafe: readFileSafe2,
+        listDirSafe: listDirSafe2,
+        searchFilesSafe: searchFilesSafe2,
+        readBuiltin: readBuiltin2,
+        writeBuiltin: writeBuiltin2,
+        editBuiltin: editBuiltin2,
+        globBuiltin: globBuiltin2,
+        grepBuiltin: grepBuiltin2
+      } = await import("./filesystem-JSSD3C2D-FJH6SPOF.js");
+      const builtinConfig = entry.config.config ?? {};
+      switch (entry.config.builtin) {
+        case "filesystem": {
+          const allowedPaths = builtinConfig.allowedPaths ?? ["."];
+          const sub = args[0];
+          const target = args[1] ?? ".";
+          if (sub === "read") await readFileSafe2(target, allowedPaths);
+          else if (sub === "list") await listDirSafe2(target, allowedPaths);
+          else if (sub === "search") await searchFilesSafe2(target, args[2] ?? ".*", allowedPaths);
+          break;
+        }
+        case "shell":
+        case "bash": {
+          const allowlist = builtinConfig.allowlist ?? [];
+          const allowSudo = builtinConfig.allowSudo ?? false;
+          const cmd = args[0];
+          if (cmd) await execCommandSafe2(cmd, args.slice(1), { allowlist, allowSudo });
+          break;
+        }
+        case "read": {
+          const allowedPaths = builtinConfig.allowedPaths ?? ["."];
+          await readBuiltin2(args, allowedPaths);
+          break;
+        }
+        case "write": {
+          const allowedPaths = builtinConfig.allowedPaths ?? ["."];
+          await writeBuiltin2(args, allowedPaths);
+          break;
+        }
+        case "edit": {
+          const allowedPaths = builtinConfig.allowedPaths ?? ["."];
+          await editBuiltin2(args, allowedPaths);
+          break;
+        }
+        case "glob": {
+          const allowedPaths = builtinConfig.allowedPaths ?? ["."];
+          await globBuiltin2(args, allowedPaths);
+          break;
+        }
+        case "grep": {
+          const allowedPaths = builtinConfig.allowedPaths ?? ["."];
+          await grepBuiltin2(args, allowedPaths);
+          break;
+        }
+      }
+      return;
+    }
+    if (entry.type === "mcp") {
+      const client = server.mcpPool.getClient(tool);
+      await client.callTool(args[0] ?? tool, {});
+      return;
+    }
+    await server.executor.execute(entry, args);
+  };
+  const scheduler = new CronScheduler(configDir, executor, server.log);
+  await scheduler.load();
+  scheduler.start();
+  server.decorate("scheduler", scheduler);
+  server.addHook("onClose", async () => {
+    scheduler.stop();
+  });
+}, { name: "cron", dependencies: ["registry", "executor"] });
 var startTime = Date.now();
 var startupVersion = "0.0.0";
 try {
   const pkg = JSON.parse(
-    readFileSync(resolve(import.meta.dirname ?? ".", "../package.json"), "utf8")
+    readFileSync(resolve2(import.meta.dirname ?? ".", "../package.json"), "utf8")
   );
   startupVersion = pkg.version;
 } catch {
@@ -838,13 +883,15 @@ async function healthRoutes(server) {
     return {
       status: "ok",
       version: startupVersion,
-      uptime: Date.now() - startTime
+      uptime: Date.now() - startTime,
+      platform: platform(),
+      hostname: hostname2()
     };
   });
 }
 async function toolRoutes(server) {
   server.get("/tools", async () => {
-    return { tools: server.registry.list() };
+    return { tools: server.registry.list(), platform: platform2() };
   });
   server.get("/tools/search", async (request) => {
     const query = request.query.q?.toLowerCase().trim();
@@ -889,376 +936,6 @@ async function toolRoutes(server) {
     return { tools: mcpTools };
   });
 }
-var MAX_OUTPUT_SIZE2 = 10 * 1024 * 1024;
-var MAX_READ_SIZE = 2 * 1024 * 1024;
-async function validatePath(targetPath, allowedPaths) {
-  const resolved = resolve2(targetPath);
-  let real;
-  try {
-    real = await realpath(resolved);
-  } catch {
-    real = resolved;
-  }
-  const isAllowed = allowedPaths.some((allowed) => {
-    const resolvedAllowed = resolve2(allowed);
-    const allowedPrefix = resolvedAllowed.endsWith("/") ? resolvedAllowed : resolvedAllowed + "/";
-    return real === resolvedAllowed || real.startsWith(allowedPrefix) || resolved === resolvedAllowed || resolved.startsWith(allowedPrefix);
-  });
-  if (!isAllowed) {
-    throw new GigaiError(
-      ErrorCode.PATH_NOT_ALLOWED,
-      `Path not within allowed directories: ${targetPath}`
-    );
-  }
-  return resolved;
-}
-async function readFileSafe(path, allowedPaths) {
-  const safePath = await validatePath(path, allowedPaths);
-  return fsReadFile(safePath, "utf8");
-}
-async function listDirSafe(path, allowedPaths) {
-  const safePath = await validatePath(path, allowedPaths);
-  const entries = await readdir(safePath, { withFileTypes: true });
-  return entries.map((e) => ({
-    name: e.name,
-    type: e.isDirectory() ? "directory" : "file"
-  }));
-}
-async function searchFilesSafe(path, pattern, allowedPaths) {
-  const safePath = await validatePath(path, allowedPaths);
-  const results = [];
-  let regex;
-  try {
-    regex = new RegExp(pattern, "i");
-  } catch {
-    throw new GigaiError(ErrorCode.VALIDATION_ERROR, `Invalid search pattern: ${pattern}`);
-  }
-  async function walk(dir) {
-    const entries = await readdir(dir, { withFileTypes: true });
-    for (const entry of entries) {
-      const fullPath = join(dir, entry.name);
-      if (regex.test(entry.name)) {
-        results.push(relative(safePath, fullPath));
-      }
-      if (entry.isDirectory()) {
-        await walk(fullPath);
-      }
-    }
-  }
-  await walk(safePath);
-  return results;
-}
-async function readBuiltin(args, allowedPaths) {
-  const filePath = args[0];
-  if (!filePath) {
-    throw new GigaiError(ErrorCode.VALIDATION_ERROR, "Usage: read <file> [offset] [limit]");
-  }
-  const safePath = await validatePath(filePath, allowedPaths);
-  const content = await fsReadFile(safePath, "utf8");
-  if (content.length > MAX_READ_SIZE) {
-    throw new GigaiError(
-      ErrorCode.VALIDATION_ERROR,
-      `File too large (${(content.length / 1024 / 1024).toFixed(1)}MB). Max: ${MAX_READ_SIZE / 1024 / 1024}MB. Use offset/limit.`
-    );
-  }
-  const offset = args[1] ? parseInt(args[1], 10) : 0;
-  const limit = args[2] ? parseInt(args[2], 10) : 0;
-  if (offset || limit) {
-    const lines = content.split("\n");
-    const start = Math.max(0, offset);
-    const end = limit ? start + limit : lines.length;
-    const sliced = lines.slice(start, end);
-    return { stdout: sliced.join("\n"), stderr: "", exitCode: 0 };
-  }
-  return { stdout: content, stderr: "", exitCode: 0 };
-}
-async function writeBuiltin(args, allowedPaths) {
-  const filePath = args[0];
-  const content = args[1];
-  if (!filePath || content === void 0) {
-    throw new GigaiError(ErrorCode.VALIDATION_ERROR, "Usage: write <file> <content>");
-  }
-  const safePath = await validatePath(filePath, allowedPaths);
-  const { mkdir: mkdir2 } = await import("fs/promises");
-  const { dirname } = await import("path");
-  await mkdir2(dirname(safePath), { recursive: true });
-  await fsWriteFile(safePath, content, "utf8");
-  return { stdout: `Written: ${safePath}`, stderr: "", exitCode: 0 };
-}
-async function editBuiltin(args, allowedPaths) {
-  const filePath = args[0];
-  const oldStr = args[1];
-  const newStr = args[2];
-  const replaceAll = args.includes("--all");
-  if (!filePath || oldStr === void 0 || newStr === void 0) {
-    throw new GigaiError(ErrorCode.VALIDATION_ERROR, "Usage: edit <file> <old_string> <new_string> [--all]");
-  }
-  const safePath = await validatePath(filePath, allowedPaths);
-  const content = await fsReadFile(safePath, "utf8");
-  if (!content.includes(oldStr)) {
-    throw new GigaiError(ErrorCode.VALIDATION_ERROR, "old_string not found in file");
-  }
-  if (!replaceAll) {
-    const firstIdx = content.indexOf(oldStr);
-    const secondIdx = content.indexOf(oldStr, firstIdx + 1);
-    if (secondIdx !== -1) {
-      throw new GigaiError(
-        ErrorCode.VALIDATION_ERROR,
-        "old_string matches multiple locations. Use --all to replace all, or provide more context to make it unique."
-      );
-    }
-  }
-  const updated = replaceAll ? content.split(oldStr).join(newStr) : content.replace(oldStr, newStr);
-  await fsWriteFile(safePath, updated, "utf8");
-  const count = replaceAll ? content.split(oldStr).length - 1 : 1;
-  return { stdout: `Replaced ${count} occurrence(s) in ${safePath}`, stderr: "", exitCode: 0 };
-}
-async function globBuiltin(args, allowedPaths) {
-  const pattern = args[0];
-  if (!pattern) {
-    throw new GigaiError(ErrorCode.VALIDATION_ERROR, "Usage: glob <pattern> [path]");
-  }
-  const searchPath = args[1] ?? ".";
-  const safePath = await validatePath(searchPath, allowedPaths);
-  const results = [];
-  const globRegex = globToRegex(pattern);
-  async function walk(dir) {
-    let entries;
-    try {
-      entries = await readdir(dir, { withFileTypes: true });
-    } catch {
-      return;
-    }
-    for (const entry of entries) {
-      const fullPath = join(dir, entry.name);
-      const relPath = relative(safePath, fullPath);
-      if (globRegex.test(relPath) || globRegex.test(entry.name)) {
-        results.push(relPath);
-      }
-      if (entry.isDirectory() && !entry.name.startsWith(".") && entry.name !== "node_modules") {
-        await walk(fullPath);
-      }
-      if (results.length >= 1e3) return;
-    }
-  }
-  await walk(safePath);
-  return { stdout: results.join("\n"), stderr: "", exitCode: 0 };
-}
-async function grepBuiltin(args, allowedPaths) {
-  if (args.length === 0) {
-    throw new GigaiError(ErrorCode.VALIDATION_ERROR, "Usage: grep <pattern> [path] [--glob <filter>] [-i] [-n] [-C <num>]");
-  }
-  const positional = [];
-  const flags = [];
-  let i = 0;
-  while (i < args.length) {
-    const arg = args[i];
-    if (arg === "--glob" && args[i + 1]) {
-      flags.push("--glob", args[i + 1]);
-      i += 2;
-    } else if (arg === "--type" && args[i + 1]) {
-      flags.push("--type", args[i + 1]);
-      i += 2;
-    } else if (arg === "-C" && args[i + 1]) {
-      flags.push("-C", args[i + 1]);
-      i += 2;
-    } else if (arg === "-i" || arg === "-n" || arg === "-l") {
-      flags.push(arg);
-      i++;
-    } else {
-      positional.push(arg);
-      i++;
-    }
-  }
-  const pattern = positional[0];
-  if (!pattern) {
-    throw new GigaiError(ErrorCode.VALIDATION_ERROR, "No search pattern provided");
-  }
-  const searchPath = positional[1] ?? ".";
-  const safePath = await validatePath(searchPath, allowedPaths);
-  try {
-    return await spawnGrep("rg", [pattern, safePath, "-n", ...flags]);
-  } catch {
-    try {
-      return await spawnGrep("grep", ["-rn", ...flags, pattern, safePath]);
-    } catch {
-      return jsGrep(pattern, safePath);
-    }
-  }
-}
-function spawnGrep(cmd, args) {
-  return new Promise((resolve7, reject) => {
-    const child = spawn2(cmd, args, { shell: false, stdio: ["ignore", "pipe", "pipe"] });
-    const stdoutChunks = [];
-    const stderrChunks = [];
-    let totalSize = 0;
-    child.stdout.on("data", (chunk) => {
-      totalSize += chunk.length;
-      if (totalSize <= MAX_OUTPUT_SIZE2) stdoutChunks.push(chunk);
-      else child.kill("SIGTERM");
-    });
-    child.stderr.on("data", (chunk) => {
-      totalSize += chunk.length;
-      if (totalSize <= MAX_OUTPUT_SIZE2) stderrChunks.push(chunk);
-    });
-    child.on("error", () => reject(new Error(`${cmd} not available`)));
-    child.on("close", (exitCode) => {
-      resolve7({
-        stdout: Buffer.concat(stdoutChunks).toString("utf8"),
-        stderr: Buffer.concat(stderrChunks).toString("utf8"),
-        exitCode: exitCode ?? 1
-      });
-    });
-  });
-}
-async function jsGrep(pattern, searchPath) {
-  let regex;
-  try {
-    regex = new RegExp(pattern);
-  } catch {
-    throw new GigaiError(ErrorCode.VALIDATION_ERROR, `Invalid pattern: ${pattern}`);
-  }
-  const results = [];
-  async function walk(dir) {
-    let entries;
-    try {
-      entries = await readdir(dir, { withFileTypes: true });
-    } catch {
-      return;
-    }
-    for (const entry of entries) {
-      if (results.length >= 500) return;
-      const fullPath = join(dir, entry.name);
-      if (entry.isDirectory()) {
-        if (!entry.name.startsWith(".") && entry.name !== "node_modules") {
-          await walk(fullPath);
-        }
-      } else {
-        try {
-          const content = await fsReadFile(fullPath, "utf8");
-          const lines = content.split("\n");
-          for (let i = 0; i < lines.length; i++) {
-            if (regex.test(lines[i])) {
-              results.push(`${relative(searchPath, fullPath)}:${i + 1}:${lines[i]}`);
-              if (results.length >= 500) return;
-            }
-          }
-        } catch {
-        }
-      }
-    }
-  }
-  await walk(searchPath);
-  return {
-    stdout: results.join("\n"),
-    stderr: results.length >= 500 ? "Results truncated at 500 matches" : "",
-    exitCode: results.length > 0 ? 0 : 1
-  };
-}
-function globToRegex(pattern) {
-  let regex = "";
-  let i = 0;
-  while (i < pattern.length) {
-    const c = pattern[i];
-    if (c === "*") {
-      if (pattern[i + 1] === "*") {
-        regex += ".*";
-        i += 2;
-        if (pattern[i] === "/") i++;
-      } else {
-        regex += "[^/]*";
-        i++;
-      }
-    } else if (c === "?") {
-      regex += "[^/]";
-      i++;
-    } else if (c === "{") {
-      const end = pattern.indexOf("}", i);
-      if (end !== -1) {
-        const options = pattern.slice(i + 1, end).split(",");
-        regex += `(?:${options.map(escapeRegex).join("|")})`;
-        i = end + 1;
-      } else {
-        regex += escapeRegex(c);
-        i++;
-      }
-    } else {
-      regex += escapeRegex(c);
-      i++;
-    }
-  }
-  return new RegExp(regex);
-}
-function escapeRegex(s) {
-  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-}
-var SHELL_INTERPRETERS = /* @__PURE__ */ new Set([
-  "sh",
-  "bash",
-  "zsh",
-  "fish",
-  "csh",
-  "tcsh",
-  "dash",
-  "ksh",
-  "env",
-  "xargs",
-  "nohup",
-  "strace",
-  "ltrace"
-]);
-var MAX_OUTPUT_SIZE3 = 10 * 1024 * 1024;
-async function execCommandSafe(command, args, config) {
-  if (!config.allowlist.includes(command)) {
-    throw new GigaiError(
-      ErrorCode.COMMAND_NOT_ALLOWED,
-      `Command not in allowlist: ${command}. Allowed: ${config.allowlist.join(", ")}`
-    );
-  }
-  if (command === "sudo" && !config.allowSudo) {
-    throw new GigaiError(ErrorCode.COMMAND_NOT_ALLOWED, "sudo is not allowed");
-  }
-  if (SHELL_INTERPRETERS.has(command)) {
-    throw new GigaiError(
-      ErrorCode.COMMAND_NOT_ALLOWED,
-      `Shell interpreter not allowed: ${command}`
-    );
-  }
-  for (const arg of args) {
-    if (arg.includes("\0")) {
-      throw new GigaiError(ErrorCode.VALIDATION_ERROR, "Null byte in argument");
-    }
-  }
-  return new Promise((resolve7, reject) => {
-    const child = spawn3(command, args, {
-      shell: false,
-      stdio: ["ignore", "pipe", "pipe"]
-    });
-    const stdoutChunks = [];
-    const stderrChunks = [];
-    let totalSize = 0;
-    child.stdout.on("data", (chunk) => {
-      totalSize += chunk.length;
-      if (totalSize <= MAX_OUTPUT_SIZE3) stdoutChunks.push(chunk);
-      else child.kill("SIGTERM");
-    });
-    child.stderr.on("data", (chunk) => {
-      totalSize += chunk.length;
-      if (totalSize <= MAX_OUTPUT_SIZE3) stderrChunks.push(chunk);
-      else child.kill("SIGTERM");
-    });
-    child.on("error", (err) => {
-      reject(new GigaiError(ErrorCode.EXEC_FAILED, `Failed to spawn ${command}: ${err.message}`));
-    });
-    child.on("close", (exitCode) => {
-      resolve7({
-        stdout: Buffer.concat(stdoutChunks).toString("utf8"),
-        stderr: Buffer.concat(stderrChunks).toString("utf8"),
-        exitCode: exitCode ?? 1
-      });
-    });
-  });
-}
 async function execRoutes(server) {
   server.post("/exec", {
     config: {
@@ -1381,7 +1058,7 @@ async function handleBuiltin(config, args) {
   }
 }
 var transfers = /* @__PURE__ */ new Map();
-var TRANSFER_DIR = join2(tmpdir(), "gigai-transfers");
+var TRANSFER_DIR = join(tmpdir(), "gigai-transfers");
 var TRANSFER_TTL = 60 * 60 * 1e3;
 setInterval(async () => {
   const now = Date.now();
@@ -1402,10 +1079,10 @@ async function transferRoutes(server) {
     if (!data) {
       throw new GigaiError(ErrorCode.VALIDATION_ERROR, "No file uploaded");
     }
-    const id = nanoid3(16);
+    const id = nanoid4(16);
     const buffer = await data.toBuffer();
-    const filePath = join2(TRANSFER_DIR, id);
-    await writeFile(filePath, buffer);
+    const filePath = join(TRANSFER_DIR, id);
+    await writeFile2(filePath, buffer);
     const entry = {
       id,
       path: filePath,
@@ -1429,7 +1106,7 @@ async function transferRoutes(server) {
       transfers.delete(id);
       throw new GigaiError(ErrorCode.TRANSFER_EXPIRED, "Transfer expired");
     }
-    const content = await readFile(entry.path);
+    const content = await readFile2(entry.path);
     reply.type(entry.mimeType).send(content);
   });
 }
@@ -1464,7 +1141,7 @@ async function adminRoutes(server) {
         args.push("--dev");
       }
       await server.close();
-      const child = spawn4("gigai", args, {
+      const child = spawn2("gigai", args, {
         detached: true,
         stdio: "ignore",
         cwd: process.cwd()
@@ -1475,8 +1152,55 @@ async function adminRoutes(server) {
     return { updated: true, restarting: true };
   });
 }
+async function cronRoutes(server) {
+  server.get("/cron", async () => {
+    return { jobs: server.scheduler.listJobs() };
+  });
+  server.post("/cron", {
+    schema: {
+      body: {
+        type: "object",
+        required: ["schedule", "tool", "args"],
+        properties: {
+          schedule: { type: "string" },
+          tool: { type: "string" },
+          args: { type: "array", items: { type: "string" } },
+          description: { type: "string" },
+          oneShot: { type: "boolean" }
+        }
+      }
+    }
+  }, async (request) => {
+    let { schedule, tool, args, description, oneShot } = request.body;
+    if (schedule.startsWith("@at ")) {
+      const atExpr = schedule.slice(4);
+      schedule = parseAtExpression(atExpr);
+      oneShot = true;
+    }
+    if (!server.registry.has(tool)) {
+      throw new GigaiError(ErrorCode.TOOL_NOT_FOUND, `Tool not found: ${tool}`);
+    }
+    const job = await server.scheduler.addJob({ schedule, tool, args, description, oneShot });
+    return { job };
+  });
+  server.delete("/cron/:id", async (request, reply) => {
+    const removed = await server.scheduler.removeJob(request.params.id);
+    if (!removed) {
+      throw new GigaiError(ErrorCode.VALIDATION_ERROR, `Cron job not found: ${request.params.id}`);
+    }
+    reply.status(204);
+    return;
+  });
+  server.post("/cron/:id/toggle", async (request) => {
+    const job = await server.scheduler.toggleJob(request.params.id);
+    if (!job) {
+      throw new GigaiError(ErrorCode.VALIDATION_ERROR, `Cron job not found: ${request.params.id}`);
+    }
+    return { job };
+  });
+}
 async function createServer(opts) {
-  const { config, dev = false } = opts;
+  const { config, configPath, dev = false } = opts;
   const server = Fastify({
     logger: {
       level: dev ? "debug" : "info"
@@ -1500,11 +1224,17 @@ async function createServer(opts) {
   await server.register(registryPlugin, { config });
   await server.register(executorPlugin);
   await server.register(mcpPlugin, { config });
+  if (configPath) {
+    await server.register(cronPlugin, { configPath });
+  }
   await server.register(healthRoutes);
   await server.register(toolRoutes);
   await server.register(execRoutes);
   await server.register(transferRoutes);
   await server.register(adminRoutes);
+  if (configPath) {
+    await server.register(cronRoutes);
+  }
   server.setErrorHandler((error, _request, reply) => {
     if (error instanceof GigaiError) {
       reply.status(error.statusCode).send(error.toJSON());
@@ -1526,18 +1256,18 @@ async function createServer(opts) {
 var DEFAULT_CONFIG_PATH = "gigai.config.json";
 async function loadConfig(path) {
   const configPath = resolve3(path ?? DEFAULT_CONFIG_PATH);
-  const raw = await readFile2(configPath, "utf8");
+  const raw = await readFile3(configPath, "utf8");
   const json = JSON.parse(raw);
   return GigaiConfigSchema.parse(json);
 }
 function runCommand(command, args) {
-  return new Promise((resolve7, reject) => {
-    const child = spawn5(command, args, { shell: false, stdio: ["ignore", "pipe", "pipe"] });
+  return new Promise((resolve8, reject) => {
+    const child = spawn3(command, args, { shell: false, stdio: ["ignore", "pipe", "pipe"] });
     const chunks = [];
     child.stdout.on("data", (chunk) => chunks.push(chunk));
     child.on("error", reject);
     child.on("close", (exitCode) => {
-      resolve7({ stdout: Buffer.concat(chunks).toString("utf8").trim(), exitCode: exitCode ?? 1 });
+      resolve8({ stdout: Buffer.concat(chunks).toString("utf8").trim(), exitCode: exitCode ?? 1 });
     });
   });
 }
@@ -1573,7 +1303,7 @@ async function disableFunnel(port) {
   await runCommand("tailscale", ["funnel", "--bg", "off", `${port}`]);
 }
 function runTunnel(tunnelName, localPort) {
-  const child = spawn6("cloudflared", [
+  const child = spawn4("cloudflared", [
     "tunnel",
     "--url",
     `http://localhost:${localPort}`,
@@ -1634,6 +1364,67 @@ async function ensureTailscaleFunnel(port) {
   console.log(`  Tailscale Funnel active: https://${dnsName}`);
   return `https://${dnsName}`;
 }
+async function detectClaudeDesktopConfig() {
+  try {
+    const os = platform3();
+    if (os === "darwin") {
+      const configPath = join2(
+        homedir(),
+        "Library",
+        "Application Support",
+        "Claude",
+        "claude_desktop_config.json"
+      );
+      const contents = await readFile4(configPath, "utf-8");
+      if (contents) return configPath;
+    }
+    if (os === "linux") {
+      try {
+        const procVersion = await readFile4("/proc/version", "utf-8");
+        const isWsl = /microsoft|wsl/i.test(procVersion);
+        if (!isWsl) return null;
+      } catch {
+        return null;
+      }
+      try {
+        const usersDir = "/mnt/c/Users";
+        const entries = await readdir(usersDir, { withFileTypes: true });
+        for (const entry of entries) {
+          if (!entry.isDirectory()) continue;
+          if (entry.name === "Public" || entry.name === "Default" || entry.name === "Default User") continue;
+          const configPath = join2(
+            usersDir,
+            entry.name,
+            "AppData",
+            "Roaming",
+            "Claude",
+            "claude_desktop_config.json"
+          );
+          try {
+            const contents = await readFile4(configPath, "utf-8");
+            if (contents) return configPath;
+          } catch {
+          }
+        }
+      } catch {
+      }
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+async function scanMcpServers(configPath) {
+  try {
+    const raw = await readFile4(configPath, "utf-8");
+    const config = JSON.parse(raw);
+    if (!config.mcpServers || typeof config.mcpServers !== "object") return null;
+    if (Object.keys(config.mcpServers).length === 0) return null;
+    return config.mcpServers;
+  } catch {
+    return null;
+  }
+}
 async function runInit() {
   console.log("\n  gigai server setup\n");
   const httpsProvider = await select({
@@ -1735,6 +1526,54 @@ async function runInit() {
       config: { allowlist, allowSudo }
     });
   }
+  const configFilePath = await detectClaudeDesktopConfig();
+  if (configFilePath) {
+    const mcpServers = await scanMcpServers(configFilePath);
+    if (mcpServers) {
+      const serverNames = Object.keys(mcpServers);
+      console.log(`
+  Found ${serverNames.length} MCP server(s) in Claude Desktop config.`);
+      const selectedMcp = await checkbox({
+        message: "Import MCP servers:",
+        choices: serverNames.map((name) => ({
+          name: `${name} (${mcpServers[name].command}${mcpServers[name].args ? " " + mcpServers[name].args.join(" ") : ""})`,
+          value: name,
+          checked: true
+        }))
+      });
+      if (selectedMcp.length > 0) {
+        for (const name of selectedMcp) {
+          const entry = mcpServers[name];
+          const tool = {
+            type: "mcp",
+            name,
+            command: entry.command,
+            ...entry.args && { args: entry.args },
+            description: `MCP server: ${name}`,
+            ...entry.env && { env: entry.env }
+          };
+          tools.push(tool);
+        }
+        console.log(`  Imported ${selectedMcp.length} MCP server${selectedMcp.length === 1 ? "" : "s"}: ${selectedMcp.join(", ")}`);
+      }
+    }
+  }
+  if (platform3() === "darwin") {
+    const enableIMessage = await confirm({
+      message: "Enable iMessage? (lets Claude send and read iMessages)",
+      default: false
+    });
+    if (enableIMessage) {
+      tools.push({
+        type: "mcp",
+        name: "imessage",
+        command: "npx",
+        args: ["-y", "@foxychat-mcp/apple-imessages"],
+        description: "Send and read iMessages"
+      });
+      console.log("  iMessage requires Full Disk Access for your terminal. Grant it in System Settings > Privacy & Security > Full Disk Access.");
+    }
+  }
   let serverName;
   if (httpsProvider === "tailscale") {
     const dnsName = await getTailscaleDnsName();
@@ -1767,7 +1606,7 @@ async function runInit() {
     tools
   };
   const configPath = resolve4("gigai.config.json");
-  await writeFile2(configPath, JSON.stringify(config, null, 2) + "\n", { mode: 384 });
+  await writeFile3(configPath, JSON.stringify(config, null, 2) + "\n", { mode: 384 });
   console.log(`
   Config written to: ${configPath}`);
   let serverUrl;
@@ -1791,7 +1630,7 @@ async function runInit() {
   console.log("\n  Starting server...");
   const serverArgs = ["start", "--config", configPath];
   if (!httpsConfig) serverArgs.push("--dev");
-  const child = spawn7("gigai", serverArgs, {
+  const child = spawn5("gigai", serverArgs, {
     detached: true,
     stdio: "ignore",
     cwd: resolve4(".")
@@ -1843,28 +1682,56 @@ async function runInit() {
   console.log(`  Run 'gigai pair' to generate a new one.
 `);
 }
+function splitCommand(input3) {
+  const tokens = [];
+  let current = "";
+  let inQuote = null;
+  for (const ch of input3.trim()) {
+    if (inQuote) {
+      if (ch === inQuote) {
+        inQuote = null;
+      } else {
+        current += ch;
+      }
+    } else if (ch === '"' || ch === "'") {
+      inQuote = ch;
+    } else if (ch === " " || ch === "	") {
+      if (current) {
+        tokens.push(current);
+        current = "";
+      }
+    } else {
+      current += ch;
+    }
+  }
+  if (current) tokens.push(current);
+  return { command: tokens[0] ?? input3.trim(), args: tokens.slice(1) };
+}
 async function loadConfigFile(path) {
   const configPath = resolve5(path ?? "gigai.config.json");
-  const raw = await readFile3(configPath, "utf8");
+  const raw = await readFile5(configPath, "utf8");
   const config = GigaiConfigSchema.parse(JSON.parse(raw));
   return { config, path: configPath };
 }
 async function saveConfig(config, path) {
-  await writeFile3(path, JSON.stringify(config, null, 2) + "\n");
+  await writeFile4(path, JSON.stringify(config, null, 2) + "\n");
 }
 async function wrapCli() {
   const { config, path } = await loadConfigFile();
   const name = await input2({ message: "Tool name:", required: true });
-  const command = await input2({ message: "Command:", required: true });
+  const commandInput = await input2({
+    message: "Command (as you'd run it in your terminal):",
+    required: true
+  });
   const description = await input2({ message: "Description:", required: true });
-  const argsStr = await input2({ message: "Default args (space-separated, optional):" });
   const timeoutStr = await input2({ message: "Timeout in ms (optional):", default: "30000" });
+  const { command, args } = splitCommand(commandInput);
   const tool = {
     type: "cli",
     name,
     command,
     description,
-    ...argsStr && { args: argsStr.split(" ").filter(Boolean) },
+    ...args.length > 0 && { args },
     timeout: parseInt(timeoutStr, 10)
   };
   config.tools.push(tool);
@@ -1920,7 +1787,7 @@ async function wrapScript() {
 }
 async function wrapImport(configFilePath) {
   const { config, path } = await loadConfigFile();
-  const raw = await readFile3(resolve5(configFilePath), "utf8");
+  const raw = await readFile5(resolve5(configFilePath), "utf8");
   const desktopConfig = JSON.parse(raw);
   const mcpServers = desktopConfig.mcpServers ?? {};
   for (const [serverName, serverConfig] of Object.entries(mcpServers)) {
@@ -1940,6 +1807,46 @@ async function wrapImport(configFilePath) {
   console.log(`
 Imported ${Object.keys(mcpServers).length} MCP servers.`);
 }
+async function mcpAdd(name, command, args, env) {
+  const { config, path } = await loadConfigFile();
+  const existing = config.tools.find((t) => t.name === name);
+  if (existing) {
+    console.warn(`Warning: a tool named "${name}" already exists \u2014 overwriting.`);
+    config.tools = config.tools.filter((t) => t.name !== name);
+  }
+  const tool = {
+    type: "mcp",
+    name,
+    command,
+    description: `MCP server: ${name}`,
+    ...args.length > 0 && { args },
+    ...env && Object.keys(env).length > 0 && { env }
+  };
+  config.tools.push(tool);
+  await saveConfig(config, path);
+  console.log(`Added MCP server: ${name}`);
+}
+async function mcpList() {
+  const { config } = await loadConfigFile();
+  const mcpTools = config.tools.filter((t) => t.type === "mcp");
+  if (mcpTools.length === 0) {
+    console.log("No MCP servers configured.");
+    return;
+  }
+  console.log(`
+MCP servers (${mcpTools.length}):
+`);
+  for (const t of mcpTools) {
+    const tool = t;
+    const cmdLine = [tool.command, ...tool.args ?? []].join(" ");
+    console.log(`  ${tool.name}`);
+    console.log(`    command: ${cmdLine}`);
+    if (tool.env && Object.keys(tool.env).length > 0) {
+      console.log(`    env: ${Object.keys(tool.env).join(", ")}`);
+    }
+    console.log();
+  }
+}
 async function unwrapTool(name) {
   const { config, path } = await loadConfigFile();
   const idx = config.tools.findIndex((t) => t.name === name);
@@ -2009,11 +1916,11 @@ function getLaunchdPlist(configPath) {
   <key>KeepAlive</key>
   <true/>
   <key>StandardOutPath</key>
-  <string>${join3(homedir(), ".gigai", "server.log")}</string>
+  <string>${join3(homedir2(), ".gigai", "server.log")}</string>
   <key>StandardErrorPath</key>
-  <string>${join3(homedir(), ".gigai", "server.log")}</string>
+  <string>${join3(homedir2(), ".gigai", "server.log")}</string>
   <key>WorkingDirectory</key>
-  <string>${homedir()}</string>
+  <string>${homedir2()}</string>
 </dict>
 </plist>
 `;
@@ -2029,7 +1936,7 @@ Type=simple
 ExecStart=${bin} start --config ${configPath}
 Restart=always
 RestartSec=5
-WorkingDirectory=${homedir()}
+WorkingDirectory=${homedir2()}
 
 [Install]
 WantedBy=default.target
@@ -2037,10 +1944,10 @@ WantedBy=default.target
 }
 async function installDaemon(configPath) {
   const config = resolve6(configPath ?? "gigai.config.json");
-  const os = platform();
+  const os = platform4();
   if (os === "darwin") {
-    const plistPath = join3(homedir(), "Library", "LaunchAgents", "com.gigai.server.plist");
-    await writeFile4(plistPath, getLaunchdPlist(config));
+    const plistPath = join3(homedir2(), "Library", "LaunchAgents", "com.gigai.server.plist");
+    await writeFile5(plistPath, getLaunchdPlist(config));
     console.log(`  Wrote launchd plist: ${plistPath}`);
     try {
       await execFileAsync3("launchctl", ["load", plistPath]);
@@ -2051,11 +1958,11 @@ async function installDaemon(configPath) {
     console.log(`  Logs: ~/.gigai/server.log`);
     console.log(`  Stop:  launchctl unload ${plistPath}`);
   } else if (os === "linux") {
-    const unitDir = join3(homedir(), ".config", "systemd", "user");
+    const unitDir = join3(homedir2(), ".config", "systemd", "user");
     const unitPath = join3(unitDir, "gigai.service");
     const { mkdir: mkdir2 } = await import("fs/promises");
     await mkdir2(unitDir, { recursive: true });
-    await writeFile4(unitPath, getSystemdUnit(config));
+    await writeFile5(unitPath, getSystemdUnit(config));
     console.log(`  Wrote systemd unit: ${unitPath}`);
     try {
       await execFileAsync3("systemctl", ["--user", "daemon-reload"]);
@@ -2073,9 +1980,9 @@ async function installDaemon(configPath) {
   }
 }
 async function uninstallDaemon() {
-  const os = platform();
+  const os = platform4();
   if (os === "darwin") {
-    const plistPath = join3(homedir(), "Library", "LaunchAgents", "com.gigai.server.plist");
+    const plistPath = join3(homedir2(), "Library", "LaunchAgents", "com.gigai.server.plist");
     try {
       await execFileAsync3("launchctl", ["unload", plistPath]);
     } catch {
@@ -2092,7 +1999,7 @@ async function uninstallDaemon() {
       await execFileAsync3("systemctl", ["--user", "disable", "--now", "gigai"]);
     } catch {
     }
-    const unitPath = join3(homedir(), ".config", "systemd", "user", "gigai.service");
+    const unitPath = join3(homedir2(), ".config", "systemd", "user", "gigai.service");
     const { unlink: unlink2 } = await import("fs/promises");
     try {
       await unlink2(unitPath);
@@ -2132,8 +2039,10 @@ async function startServer() {
     },
     strict: false
   });
-  const config = await loadConfig(values.config);
-  const server = await createServer({ config, dev: values.dev });
+  const configFile = values.config;
+  const config = await loadConfig(configFile);
+  const configPath = resolve7(configFile ?? "gigai.config.json");
+  const server = await createServer({ config, configPath, dev: values.dev });
   const port = config.server.port;
   const host = config.server.host;
   await server.listen({ port, host });
@@ -2177,10 +2086,14 @@ async function startServer() {
   process.on("SIGINT", shutdown);
 }
 export {
+  CronScheduler,
   createServer,
   generateServerPairingCode,
   installDaemon,
   loadConfig,
+  mcpAdd,
+  mcpList,
+  parseAtExpression,
   runInit,
   startServer,
   stopServer,