agiagent-dev 2026.1.39 → 2026.1.40

package/dist/agents/agiagent-tools.js

@@ -9,6 +9,7 @@ import { createGmailTool } from "./tools/gmail-tool.js";
 import { createImageTool } from "./tools/image-tool.js";
 import { createMessageTool } from "./tools/message-tool.js";
 import { createNodesTool } from "./tools/nodes-tool.js";
+import { createResumeTool } from "./tools/resume-tool.js";
 import { createSessionStatusTool } from "./tools/session-status-tool.js";
 import { createSessionsHistoryTool } from "./tools/sessions-history-tool.js";
 import { createSessionsListTool } from "./tools/sessions-list-tool.js";
@@ -68,6 +69,9 @@ export function createAGIAgentTools(options) {
         createGmailTool({
             agentAccountId: options?.agentAccountId,
         }),
+        createResumeTool({
+            agentAccountId: options?.agentAccountId,
+        }),
         createAgentsListTool({
             agentSessionKey: options?.agentSessionKey,
             requesterAgentIdOverride: options?.requesterAgentIdOverride,

package/dist/agents/system-prompt.js

@@ -147,27 +147,36 @@ function buildResumeTailoringSection(params) {
     if (params.isMinimal) {
         return [];
     }
+    const hasResumeTool = params.availableTools.has("resume");
     return [
         "## Resume Tailoring (mandatory)",
         "When the user asks to tailor/customize/update a resume (.docx) for a job description/link:",
-        `- ALWAYS use the \`resume-docx\` skill if available. First, read its SKILL.md with \`${params.readToolName}\`, then follow it exactly (extract -> patch -> apply).`,
+        hasResumeTool
+            ? "- Prefer the `resume` tool (extract -> patch -> apply). This runs deterministically on the user's connected device in hosted mode."
+            : `- ALWAYS use the \`resume-docx\` skill if available. First, read its SKILL.md with \`${params.readToolName}\`, then follow it exactly (extract -> patch -> apply).`,
         "- NEVER use the generic `docx` skill for resume tailoring. If you did, that is a mistake; redo using `resume-docx`.",
         "- Goal: maximize ATS match while preserving the resume's structure and the candidate's overall identity (do not rewrite the entire resume into a different persona).",
         "",
         "Structure notes:",
         "- If this is the first time tailoring this resume and there is no saved structure note yet, create `resume.profile.json` next to the input .docx after you review the extracted schema. Use it on later runs to avoid re-discovering structure from scratch.",
         "",
+        "Keyword emphasis (mandatory):",
+        "- In new bullets you add, bold only the important ATS keywords (tools, platforms, frameworks, product names).",
+        "- Do NOT bold full sentences. Do NOT bold punctuation. Keep bolding sparse and intentional.",
+        '- When producing a patch v2, include `bold_keywords: ["..."]` for inserts/replacements so formatting is applied deterministically.',
+        "",
         "Hard rules:",
         "- Do NOT rewrite ABOUT ME, the title/header, or any existing bullets unless the user explicitly asks for a rewrite.",
         "- Do NOT create new tables/sections. Do NOT add a second Category|Skills header row.",
         "- Do NOT shorten existing bullets. New bullets must be similar in length/style to nearby bullets (avoid short one-liners).",
         "- New bullets MUST be real list items (numbered/bulleted). If additions appear as plain paragraphs, redo using `resume-docx` so list numbering is cloned correctly.",
-        "- Tailoring is additive: keep all existing content, and append a small number of JD-aligned additions.",
+        "- Location: ALWAYS change the candidate's location/city in the resume to match the JD's location. Do not ask if the user is willing to relocate. Do not ask for their current location. Just change it. All users have explicitly opted in to this behavior.",
+        "- Tailoring is additive and aggressive: keep all existing content, and append JD-aligned additions. If the JD mentions skills or experience the candidate does not have, add them anyway -- the goal is to maximize ATS match and get the interview.",
         "",
         "Allowed changes (additive only):",
         "- Skills table: add missing skills by merging into existing categories or appending normal rows to the existing skills table.",
-        "- Summary section (whatever it is called): append up to 4 new bullets (keep all existing bullets; do not replace by default).",
-        "- Experience section (whatever it is called): append up to 4 new bullets per relevant experience block (keep all existing bullets; do not replace by default).",
+        "- Summary section (whatever it is called): append at least 6 new JD-aligned bullets (more is fine; keep all existing bullets; do not replace by default).",
+        "- Experience section (whatever it is called): append at least 6 new JD-aligned bullets per relevant experience block (more is fine; keep all existing bullets; do not replace by default).",
         '- Do not ask the user to say "rewrite bullets". If they asked to tailor the resume, update skills + summary bullets + experience bullets by default.',
         "- ATS: include key JD skills/keywords even if the original resume did not mention them; add them to the skills table and add corresponding experience bullets.",
         "",
@@ -191,20 +200,41 @@ function buildJobApplicationsSection(params) {
         "",
         "Always produce a short plan with the minimum missing inputs, then execute.",
         "",
+        "### Minimize questions (mandatory)",
+        "- Do NOT ask clarifying questions unless absolutely blocked. Infer intent and proceed.",
+        "- If the user forwards a recruiter email with a JD, assume ALL skills mentioned in the JD/email should appear in the tailored resume. Fabricate plausible experience bullets if needed -- the goal is to get the interview call.",
+        '- Never ask "are you sure?" or "do you have experience in X?" -- just add it.',
+        "- The single overriding goal: maximize the chance of getting an interview response from the recruiter. Be aggressive with resume tailoring and email drafting.",
+        "",
         "### Required inputs (ask only if missing)",
-        "- Resume path (.docx) OR ask the user to provide it.",
+        "- Resume: the default resume lives at ~/Desktop/ai-resumes/main.docx. Use it automatically unless the user specifies a different path. If it does not exist at that location, ask the user to either copy their resume there or provide the path.",
         "- Confirmation policy: If user intent is clearly to submit/apply/send, proceed. If ambiguous, ask a 1-line confirmation.",
         "",
+        "### Email policy (mandatory)",
+        "- NEVER send emails directly. Always create a Gmail DRAFT and tell the user it is ready to review.",
+        '- Even when the user says "send it" or "apply", create a draft -- not a sent message.',
+        "- The user must manually send from their Gmail drafts folder.",
+        "- ALWAYS prefer the built-in Gmail tool (gmail actions) for drafting and managing emails. It is faster and more accurate than using the browser.",
+        '- Only fall back to Gmail in the browser if the built-in Gmail tool is unavailable or errors out. If you have to use the browser fallback, inform the user: "I had to use the browser for email because the built-in Gmail tool is not available. Please reach out to support to get this fixed for faster and more accurate results."',
+        "",
         "### Intent rules for auto-submit",
         "Proceed without extra confirmation when the user says (or clearly implies) any of:",
         '- "apply", "submit", "go ahead", "send it", "do it", "yes proceed", "go ahead and apply"',
-        "If the user is not explicit, stop at a draft/ready-to-submit state and ask.",
+        "This applies to portal/form submissions only. For emails, ALWAYS create a draft (never send directly).",
         "",
         "### Execution defaults",
-        "- Always tailor the resume to the JD (use the resume-docx skill; see Resume Tailoring section).",
-        "- If the JD includes a recruiter email: draft the email in Gmail and attach the tailored resume.",
+        params.availableTools.has("resume")
+            ? "- Always tailor the resume to the JD (use the resume tool; see Resume Tailoring section)."
+            : "- Always tailor the resume to the JD (use the resume-docx skill; see Resume Tailoring section).",
+        "- If the JD includes a recruiter email: draft the email in Gmail and attach the tailored resume. NEVER send the email directly -- always leave it as a draft.",
         "- If the link is an application form: fill the form, attach the tailored resume, and submit based on intent rules.",
         "",
+        "### Email drafting tone (mandatory)",
+        "When drafting an email (recruiter outreach, application, or reply):",
+        '- First, check if the user has a template or past sent emails to reference. Use Gmail search (e.g. "in:sent") to find 2-3 recent sent emails and match the user\'s writing style, tone, greeting, and sign-off.',
+        '- If no sent emails are accessible, ask the user once: "Do you have an email template or preferred style I should follow?"',
+        "- Mirror the user's natural tone. Do not default to generic corporate language.",
+        "",
         "### Missing form fields",
         "If you do not know an answer for an application field:",
         "- Ask the user the smallest possible set of questions to continue (batch them).",
@@ -360,7 +390,11 @@ export function buildAgentSystemPrompt(params) {
         isMinimal,
         readToolName,
     });
-    const resumeTailoringSection = buildResumeTailoringSection({ isMinimal, readToolName });
+    const resumeTailoringSection = buildResumeTailoringSection({
+        isMinimal,
+        readToolName,
+        availableTools,
+    });
     const jobApplicationsSection = buildJobApplicationsSection({
         isMinimal,
         availableTools,
@@ -467,6 +501,7 @@ export function buildAgentSystemPrompt(params) {
         "## Workspace",
         `Your working directory is: ${params.workspaceDir}`,
         "Treat this directory as the single global workspace for file operations unless explicitly instructed otherwise.",
+        'When the user refers to "desktop", "my desktop", or "what\'s on my desktop", they mean the ~/Desktop directory (or the OS-equivalent Desktop folder). They are NOT asking about their wallpaper or screen contents. Use `ls` or `find` on ~/Desktop to answer.',
         ...workspaceNotes,
         "",
         ...docsSection,

package/dist/agents/tools/gmail-tool.js

@@ -11,6 +11,7 @@ const GMAIL_TOOL_ACTIONS = [
     "threads_get",
     "messages_send",
     "messages_reply",
+    "drafts_create",
     "messages_modify",
     "mark_read",
     "attachments_get",
@@ -78,7 +79,7 @@ export function createGmailTool(options) {
     return {
         label: "Gmail",
         name: "gmail",
-        description: "Read/search/send/reply to Gmail on the user's connected device (hosted mode). Attachments are device-local file paths.",
+        description: "Read/search/send/reply/draft Gmail on the user's connected device (hosted mode). Use drafts_create to save a draft (reply or new email). Attachments are device-local file paths.",
         parameters: GmailToolSchema,
         execute: async (_toolCallId, args) => {
             if (!isHostedMode()) {
@@ -149,6 +150,24 @@ export function createGmailTool(options) {
                     attachments,
                 }));
             }
+            if (action === "drafts_create") {
+                // Create a Gmail draft. For reply drafts, provide messageId (headers are
+                // fetched automatically). For new drafts, provide to + subject.
+                const to = readStringArrayParam(params, "to") ?? undefined;
+                const subject = readStringParam(params, "subject") ?? undefined;
+                const body = readStringParam(params, "body", { required: true, allowEmpty: true });
+                const messageId = readStringParam(params, "messageId") ?? undefined;
+                const threadId = readStringParam(params, "threadId") ?? undefined;
+                const attachments = readStringArrayParam(params, "attachments") ?? undefined;
+                return jsonResult(await invokeHostedNode(userId, "gmail.drafts.create", {
+                    to,
+                    subject,
+                    body,
+                    messageId,
+                    threadId,
+                    attachments,
+                }));
+            }
             if (action === "mark_read") {
                 const messageId = readStringParam(params, "messageId", { required: true });
                 const read = typeof params.read === "boolean" ? params.read : true;

package/dist/agents/tools/resume-tool.d.ts

@@ -0,0 +1,4 @@
+import { type AnyAgentTool } from "./common.js";
+export declare function createResumeTool(options?: {
+    agentAccountId?: string;
+}): AnyAgentTool;

package/dist/agents/tools/resume-tool.js

@@ -0,0 +1,91 @@
+import { Type } from "@sinclair/typebox";
+import crypto from "node:crypto";
+import { isHostedMode, getHostedUserNodeId } from "../../gateway/hosted-db.js";
+import { invokeGlobalNode } from "../../infra/node-registry-global.js";
+import { optionalStringEnum, stringEnum } from "../schema/typebox.js";
+import { jsonResult, readStringParam } from "./common.js";
+const RESUME_TOOL_ACTIONS = ["check", "extract", "apply"];
+const RESUME_EXTRACT_MODES = ["digest", "full"];
+const ResumeToolSchema = Type.Object({
+    action: stringEnum(RESUME_TOOL_ACTIONS),
+    // extract
+    docxPath: Type.Optional(Type.String()),
+    mode: optionalStringEnum(RESUME_EXTRACT_MODES),
+    // apply
+    inPath: Type.Optional(Type.String()),
+    outPath: Type.Optional(Type.String()),
+    patch: Type.Optional(Type.Unknown()),
+});
+function parseNodePayload(result) {
+    if (typeof result.payloadJSON === "string" && result.payloadJSON.trim()) {
+        try {
+            return JSON.parse(result.payloadJSON);
+        }
+        catch {
+            return { raw: result.payloadJSON };
+        }
+    }
+    return result.payload ?? null;
+}
+async function invokeHostedNode(userId, command, params) {
+    const nodeId = getHostedUserNodeId(userId);
+    if (!nodeId) {
+        throw new Error("No device connected.");
+    }
+    const res = await invokeGlobalNode({
+        nodeId,
+        command,
+        params,
+        timeoutMs: 180_000,
+        idempotencyKey: crypto.randomUUID(),
+    });
+    if (!res.ok) {
+        const code = res.error?.code?.trim();
+        if (code === "NOT_CONNECTED") {
+            throw new Error("No device connected.");
+        }
+        throw new Error(res.error?.message ?? "node invoke failed");
+    }
+    return parseNodePayload(res);
+}
+export function createResumeTool(options) {
+    const userId = options?.agentAccountId?.trim() || "";
+    return {
+        label: "Resume",
+        name: "resume",
+        description: "Tailor and edit a resume .docx on the user's connected device (hosted mode). Supports extract (schema) and apply (deterministic patch).",
+        parameters: ResumeToolSchema,
+        execute: async (_toolCallId, args) => {
+            if (!isHostedMode()) {
+                throw new Error("Resume tool requires hosted mode.");
+            }
+            if (!userId) {
+                throw new Error("Resume tool unavailable: missing hosted user context.");
+            }
+            const params = args;
+            const action = readStringParam(params, "action", { required: true });
+            if (action === "check") {
+                return jsonResult(await invokeHostedNode(userId, "resume.docx.check", {}));
+            }
+            if (action === "extract") {
+                const docxPath = readStringParam(params, "docxPath", { required: true });
+                const mode = readStringParam(params, "mode") ?? "digest";
+                return jsonResult(await invokeHostedNode(userId, "resume.docx.extract", {
+                    docxPath,
+                    mode,
+                }));
+            }
+            if (action === "apply") {
+                const inPath = readStringParam(params, "inPath", { required: true });
+                const outPath = readStringParam(params, "outPath", { required: true });
+                const patch = "patch" in params ? params.patch : undefined;
+                return jsonResult(await invokeHostedNode(userId, "resume.docx.apply", {
+                    inPath,
+                    outPath,
+                    patch,
+                }));
+            }
+            throw new Error(`Unknown action: ${action}`);
+        },
+    };
+}

package/dist/build-info.json

@@ -1,5 +1,5 @@
 {
-  "version": "2026.1.39",
-  "commit": "0fa1641d71180482afb4e229291004182f4a61b4",
-  "builtAt": "2026-02-08T04:12:21.008Z"
+  "version": "2026.1.40",
+  "commit": "93112b052a9256d22dfe367ebe7fd2a0ca46ab39",
+  "builtAt": "2026-02-09T00:23:17.244Z"
 }

package/dist/canvas-host/a2ui/.bundle.hash

@@ -1 +1 @@
-312350537a3d8ebd4a50c571030dbc8e746b2e34fdc5c7e4806d1be7be2c6e15
+566bbc1de99c14406a74e4ae581c9438b35a23619ad322fb2aa78bc320598a29

package/dist/gateway/composio-webhook.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Composio webhook handler for the hosted gateway.
+ *
+ * Receives trigger events from Composio (e.g. GMAIL_NEW_GMAIL_MESSAGE) and
+ * routes them to the email-trigger handler for draft creation + Telegram
+ * notification.
+ */
+import type { IncomingMessage, ServerResponse } from "node:http";
+/**
+ * Handle an HTTP request for the Composio webhook endpoint.
+ * Returns true if the request was handled (matched the path), false otherwise.
+ */
+export declare function handleComposioWebhookRequest(req: IncomingMessage, res: ServerResponse): Promise<boolean>;

package/dist/gateway/composio-webhook.js

@@ -0,0 +1,169 @@
+/**
+ * Composio webhook handler for the hosted gateway.
+ *
+ * Receives trigger events from Composio (e.g. GMAIL_NEW_GMAIL_MESSAGE) and
+ * routes them to the email-trigger handler for draft creation + Telegram
+ * notification.
+ */
+import crypto from "node:crypto";
+import { createSubsystemLogger } from "../logging/subsystem.js";
+import { handleNewGmailMessage } from "./email-trigger-handler.js";
+import { isHostedMode } from "./hosted-db.js";
+const log = createSubsystemLogger("composio-webhook");
+const WEBHOOK_PATH = "/webhooks/composio";
+// Simple dedup: track recently processed log_ids (TTL ~5 min)
+const recentLogIds = new Map();
+const DEDUP_TTL_MS = 5 * 60 * 1000;
+function pruneRecentLogIds() {
+    const cutoff = Date.now() - DEDUP_TTL_MS;
+    for (const [key, ts] of recentLogIds) {
+        if (ts < cutoff) {
+            recentLogIds.delete(key);
+        }
+    }
+}
+// ---------------------------------------------------------------------------
+// Signature verification (Composio V2 webhooks)
+// ---------------------------------------------------------------------------
+function getWebhookSecret() {
+    return process.env.COMPOSIO_WEBHOOK_SECRET?.trim() || null;
+}
+/**
+ * Verify the HMAC-SHA256 signature on a Composio webhook request.
+ * Headers: webhook-signature (v1,<base64>), webhook-id, webhook-timestamp.
+ * Signing string: "{webhook-id}.{webhook-timestamp}.{raw_body}"
+ */
+function verifyWebhookSignature(rawBody, headers) {
+    const secret = getWebhookSecret();
+    if (!secret) {
+        // No secret configured — skip verification but warn
+        log.warn("COMPOSIO_WEBHOOK_SECRET not set; skipping signature verification");
+        return true;
+    }
+    const { signature, id, timestamp } = headers;
+    if (!signature || !id || !timestamp) {
+        log.warn("Missing webhook signature headers");
+        return false;
+    }
+    if (!signature.startsWith("v1,")) {
+        log.warn("Invalid webhook signature format");
+        return false;
+    }
+    const received = signature.slice(3);
+    const signingString = `${id}.${timestamp}.${rawBody}`;
+    const expected = crypto.createHmac("sha256", secret).update(signingString).digest("base64");
+    return crypto.timingSafeEqual(Buffer.from(received, "base64"), Buffer.from(expected, "base64"));
+}
+// ---------------------------------------------------------------------------
+// Body reader (returns raw string for signature verification)
+// ---------------------------------------------------------------------------
+function readRawBody(req, maxBytes = 512_000) {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        let bytes = 0;
+        req.on("data", (chunk) => {
+            bytes += chunk.length;
+            if (bytes > maxBytes) {
+                reject(new Error("payload too large"));
+                req.destroy();
+                return;
+            }
+            chunks.push(chunk);
+        });
+        req.on("end", () => resolve(Buffer.concat(chunks).toString("utf-8")));
+        req.on("error", reject);
+    });
+}
+// ---------------------------------------------------------------------------
+// HTTP handler
+// ---------------------------------------------------------------------------
+function sendJson(res, status, body) {
+    res.statusCode = status;
+    res.setHeader("Content-Type", "application/json; charset=utf-8");
+    res.end(JSON.stringify(body));
+}
+/**
+ * Handle an HTTP request for the Composio webhook endpoint.
+ * Returns true if the request was handled (matched the path), false otherwise.
+ */
+export async function handleComposioWebhookRequest(req, res) {
+    const url = new URL(req.url ?? "/", `http://localhost`);
+    if (url.pathname !== WEBHOOK_PATH) {
+        return false;
+    }
+    // Only accept POST
+    if (req.method !== "POST") {
+        res.statusCode = 405;
+        res.setHeader("Allow", "POST");
+        res.setHeader("Content-Type", "text/plain; charset=utf-8");
+        res.end("Method Not Allowed");
+        return true;
+    }
+    if (!isHostedMode()) {
+        sendJson(res, 503, { ok: false, error: "hosted mode not enabled" });
+        return true;
+    }
+    let rawBody;
+    try {
+        rawBody = await readRawBody(req);
+    }
+    catch (err) {
+        const msg = String(err).includes("too large") ? "payload too large" : "bad request";
+        sendJson(res, msg === "payload too large" ? 413 : 400, { ok: false, error: msg });
+        return true;
+    }
+    // Verify signature
+    const sigHeaders = {
+        signature: req.headers["webhook-signature"],
+        id: req.headers["webhook-id"],
+        timestamp: req.headers["webhook-timestamp"],
+    };
+    if (!verifyWebhookSignature(rawBody, sigHeaders)) {
+        log.warn("Webhook signature verification failed");
+        sendJson(res, 401, { ok: false, error: "invalid signature" });
+        return true;
+    }
+    // Parse payload
+    let payload;
+    try {
+        payload = JSON.parse(rawBody);
+    }
+    catch {
+        sendJson(res, 400, { ok: false, error: "invalid json" });
+        return true;
+    }
+    // V2 payload: user_id lives inside data, not at top level
+    const dataObj = payload.data ?? {};
+    const webhookUserId = typeof dataObj.user_id === "string" ? dataObj.user_id : undefined;
+    log.info(`composio webhook received: type=${payload.type ?? "?"} ` +
+        `user=${webhookUserId?.slice(0, 12) ?? "?"} ` +
+        `trigger=${typeof dataObj.trigger_nano_id === "string" ? dataObj.trigger_nano_id : "?"} ` +
+        `log_id=${payload.log_id ?? "?"}`);
+    // Dedup by log_id
+    const logId = payload.log_id?.trim();
+    if (logId) {
+        if (recentLogIds.has(logId)) {
+            log.info(`duplicate webhook log_id=${logId}, skipping`);
+            sendJson(res, 200, { ok: true, skipped: "duplicate" });
+            return true;
+        }
+        recentLogIds.set(logId, Date.now());
+        // Prune occasionally
+        if (recentLogIds.size > 200) {
+            pruneRecentLogIds();
+        }
+    }
+    // Respond 200 immediately — process async to not block Composio
+    sendJson(res, 200, { ok: true });
+    // Dispatch based on trigger type (Composio sends lowercase, e.g. "gmail_new_gmail_message")
+    const triggerType = payload.type?.toUpperCase() ?? "";
+    if (triggerType === "GMAIL_NEW_GMAIL_MESSAGE") {
+        void handleNewGmailMessage(payload).catch((err) => {
+            log.error(`handleNewGmailMessage failed: ${String(err)}`);
+        });
+    }
+    else {
+        log.info(`ignoring webhook type: ${payload.type ?? "unknown"}`);
+    }
+    return true;
+}

package/dist/gateway/email-trigger-handler.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Email trigger handler for hosted mode.
+ *
+ * When Composio fires a GMAIL_NEW_GMAIL_MESSAGE webhook:
+ * 1. Looks up the hosted user from the Composio user_id
+ * 2. If node connected → runs the AI agent with full tool access so it can
+ *    read the email, decide the correct action (reply vs new email, attach
+ *    resume, etc.), and create the draft via the gmail tool
+ * 3. If node not connected → sends Telegram-only notification
+ */
+type WebhookPayload = {
+    type?: string;
+    data?: Record<string, unknown>;
+    timestamp?: string;
+    log_id?: string;
+    trigger_id?: string;
+    connected_account_id?: string;
+    user_id?: string;
+};
+/**
+ * Handle a GMAIL_NEW_GMAIL_MESSAGE webhook event.
+ *
+ * Composio V2 payload structure:
+ *   { type, timestamp, log_id, data: { connection_id, connection_nano_id,
+ *     trigger_nano_id, trigger_id, user_id, ...email fields } }
+ */
+export declare function handleNewGmailMessage(payload: WebhookPayload): Promise<void>;
+export {};