aiden-runtime 4.1.1 → 4.1.2

package/dist/core/version.js

@@ -2,4 +2,4 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VERSION = void 0;
 // AUTO-GENERATED by scripts/inject-version.js — do not edit by hand
-exports.VERSION = '4.1.1';
+exports.VERSION = '4.1.2';

package/dist/moat/memoryGuard.js

@@ -31,6 +31,7 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.MemoryGuard = void 0;
+exports.containsInSection = containsInSection;
 class MemoryGuard {
     constructor(memory) {
         this.memory = memory;
@@ -113,6 +114,75 @@ class MemoryGuard {
         }
         return { ok: true, verified: true, fileLength: text.length };
     }
+    /**
+     * Phase v4.1.2 alive-core: section-aware write. Replaces the body of
+     * a markdown `## <header>` section, creating the section at file end
+     * if it doesn't yet exist. Body lines below the header up to the
+     * next `## ` (or EOF) are replaced wholesale.
+     *
+     * Preserves the standard verify-on-disk contract: the post-write read
+     * confirms `newBody` is present and (when applicable) the previous
+     * section body is gone before returning `verified: true`.
+     *
+     * Additive — does not change `guardedAdd` / `guardedReplace` /
+     * `guardedRemove` semantics.
+     */
+    async replaceSection(file, header, newBody) {
+        const headerTrim = header.trim();
+        if (!headerTrim.startsWith('## ')) {
+            return {
+                ok: false,
+                verified: false,
+                reason: 'header must start with "## " (markdown h2)',
+            };
+        }
+        const bodyTrim = newBody.trim();
+        if (!bodyTrim) {
+            return {
+                ok: false,
+                verified: false,
+                reason: 'newBody cannot be empty. Use guardedRemove() to drop a section.',
+            };
+        }
+        // Read current file state so we can compute the precise old block.
+        const snapBefore = await this.memory.loadSnapshot();
+        const before = pickFile(snapBefore, file);
+        // Match `<header>` and everything below it up to the next `## `
+        // line or EOF. No `m` flag — we want `$` to mean end-of-string;
+        // with `m`, the trailing-`$` lookahead would match at every line
+        // ending and chop off all but the first body line.
+        const escapedHeader = headerTrim.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+        const sectionRe = new RegExp(`${escapedHeader}[^\\n]*(?:\\r?\\n[\\s\\S]*?)?(?=\\n## |$)`);
+        const match = before.match(sectionRe);
+        const newSection = `${headerTrim}\n${bodyTrim}`;
+        let mutation;
+        if (match && match[0]) {
+            mutation = await this.memory.replace(file, match[0], newSection);
+        }
+        else {
+            // Section doesn't exist — append at end with a blank-line gap.
+            const sep = before.length > 0 && !before.endsWith('\n') ? '\n\n' : '\n';
+            mutation = await this.memory.add(file, `${sep}${newSection}`);
+        }
+        if (!mutation.ok) {
+            return {
+                ok: false,
+                verified: false,
+                reason: mutation.reason ?? 'section write failed',
+            };
+        }
+        const snapAfter = await this.memory.loadSnapshot();
+        const after = pickFile(snapAfter, file);
+        if (!after.includes(headerTrim) || !after.includes(bodyTrim)) {
+            return {
+                ok: false,
+                verified: false,
+                reason: 'Section write claimed but header/body not found post-write',
+                fileLength: after.length,
+            };
+        }
+        return { ok: true, verified: true, fileLength: after.length };
+    }
     async guardedRemove(file, text) {
         const trimmed = text.trim();
         if (!trimmed) {
@@ -144,3 +214,44 @@ exports.MemoryGuard = MemoryGuard;
 function pickFile(snap, file) {
     return file === 'user' ? snap.userMd : snap.memoryMd;
 }
+/**
+ * Phase v4.1.2-bug-X: section-aware containment check.
+ *
+ * Returns `true` if `target` appears anywhere within the body of the
+ * section identified by `sectionHeader` (e.g. `"## Durable facts"`).
+ * The section body runs from the line after the header to the line
+ * before the next `## ` header — or end-of-file, whichever comes
+ * first. Returns `false` when the section doesn't exist OR when the
+ * target sits outside it.
+ *
+ * Pure: no I/O, deterministic from inputs. Used by `memory_remove`
+ * to protect user-approved durable facts from autonomous deletion:
+ * the model proposed substring-match against MEMORY.md, but
+ * substring removal operates whole-file — partial protection would
+ * still nuke the durable copy as side-effect. STRICT containment
+ * (rejects if the substring appears ANYWHERE in the section body)
+ * is the honest guard.
+ *
+ * Case-sensitive: matches the existing `guardedRemove` semantics
+ * which use `String.prototype.includes` directly on the raw content.
+ *
+ * @param fileContent  Full file content (e.g. MEMORY.md as one string).
+ * @param target       Substring the caller intends to remove.
+ * @param sectionHeader Header line including the `## ` prefix.
+ */
+function containsInSection(fileContent, target, sectionHeader) {
+    if (!fileContent || !target || !sectionHeader)
+        return false;
+    const headerEscaped = sectionHeader.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    // Match the header line, then capture the body until the next `## `
+    // (any h2) or end-of-string. No `m` flag — the trailing-`$` would
+    // otherwise match every line ending and chop the body at the first
+    // newline (the same trap the slice2 sessionSummary regex already
+    // documents).
+    const sectionRe = new RegExp(`${headerEscaped}[^\\n]*\\n([\\s\\S]*?)(?=\\n## |$)`);
+    const m = fileContent.match(sectionRe);
+    if (!m)
+        return false;
+    const body = m[1] ?? '';
+    return body.includes(target);
+}

package/dist/moat/skillTeacher.js

@@ -97,7 +97,7 @@ class SkillTeacher {
     /** Optional handler-resolver to look up toolset metadata for trace
      *  entries that don't carry their own toolset. Used for the 2-toolset
      *  diversity check. */
-    resolveHandler) {
+    resolveHandler, healthTracker) {
         this.skillLoader = skillLoader;
         this.skillManager = skillManager;
         this.resolveHandler = resolveHandler;
@@ -107,6 +107,7 @@ class SkillTeacher {
         this.qualityPath =
             qualityFilePath ??
                 node_path_1.default.join(process.cwd(), '.aiden-skill-quality.json');
+        this.healthTracker = healthTracker;
     }
     setTier(tier) {
         this.tier = tier;
@@ -203,9 +204,11 @@ class SkillTeacher {
                 name: proposal.proposedName,
                 content,
             }, {});
+            this.healthTracker?.recordSuccess();
             return { created: true, skillName: proposal.proposedName };
         }
         catch (e) {
+            this.healthTracker?.recordFailure(e);
             const msg = e instanceof Error ? e.message : String(e);
             return { created: false, reason: `create_failed: ${msg}` };
         }
@@ -336,8 +339,11 @@ ${[...new Set(proposal.toolsUsed)].map((t) => `- ${t}`).join('\n')}
                 return this.qualityCache;
             }
         }
-        catch {
-            // ignore — corrupt file is replaced on next save.
+        catch (e) {
+            // Phase v4.1.2-slice3: record corrupt-file / JSON parse / read
+            // failures into the health tracker. We still fall through to an
+            // empty cache so behavior is unchanged — telemetry is additive.
+            this.healthTracker?.recordFailure(e);
         }
         this.qualityCache = {};
         return this.qualityCache;
@@ -346,8 +352,11 @@ ${[...new Set(proposal.toolsUsed)].map((t) => `- ${t}`).join('\n')}
         try {
             await node_fs_1.promises.writeFile(this.qualityPath, JSON.stringify(cache, null, 2), 'utf-8');
         }
-        catch {
-            // ignore disk failures — quality data is best-effort.
+        catch (e) {
+            // Phase v4.1.2-slice3: surface disk-write failures (EACCES,
+            // ENOSPC, EROFS) instead of silently dropping. Best-effort
+            // semantic preserved — we still return without throwing.
+            this.healthTracker?.recordFailure(e);
         }
     }
 }

package/dist/providers/v4/chatCompletionsAdapter.js

@@ -68,6 +68,7 @@ class ChatCompletionsAdapter {
         this.timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
         this.maxRetries = opts.maxRetries ?? DEFAULT_MAX_RETRIES;
         this.extraHeaders = opts.extraHeaders ?? {};
+        this.defaultExtraBody = opts.defaultExtraBody;
     }
     // ── Non-streaming ────────────────────────────────────────────────────
     async call(input) {
@@ -127,6 +128,14 @@ class ChatCompletionsAdapter {
             // the stream closes promptly and we get accurate token accounting.
             body.stream_options = { include_usage: true };
         }
+        // Phase v4.1.2-deepseek: merge order is base body → defaultExtraBody
+        // (model-mandated, from resolver lookup in MODEL_DEFAULTS) → per-call
+        // input.extraBody (caller). Per-call wins so a single request can
+        // override a default (e.g. disabling thinking on a probe). This
+        // matters because providers/v4/modelDefaults.ts sets thinking +
+        // reasoning_effort for deepseek-v4-pro on EVERY call.
+        if (this.defaultExtraBody)
+            Object.assign(body, this.defaultExtraBody);
         if (input.extraBody)
             Object.assign(body, input.extraBody);
         return body;

package/dist/providers/v4/errors.js

@@ -19,10 +19,17 @@ exports.ProviderRateLimitError = exports.ProviderTimeoutError = exports.Provider
 exports.formatRawForMessage = formatRawForMessage;
 /**
  * Format a raw response body for inclusion in the user-facing error
- * message. Recognises the OpenAI / Anthropic JSON envelope shape
- * (`{ error: { message: "..." } }`) and falls back to the raw string
- * for plain-text bodies. Returns null when nothing useful is available
- * so callers can omit the ": <detail>" tail entirely.
+ * message. Recognises three JSON envelope shapes and falls back to the
+ * raw string for plain-text bodies. Returns null when nothing useful is
+ * available so callers can omit the ": <detail>" tail entirely.
+ *
+ * Recognised envelopes (most-specific first):
+ *   1. OpenAI / Anthropic:  `{ error: { message: "..." } }`
+ *   2. Top-level message:   `{ message: "..." }`
+ *   3. Codex Responses:     `{ detail: "..." }` (Phase v4.1.2-bug3 —
+ *      surfaced by slice5: the Codex backend at chatgpt.com/backend-api/
+ *      codex/responses returns 4xx bodies in this shape, e.g.
+ *      `{"detail": "The 'gpt-5.1-codex-max' model is not supported..."}`)
  *
  * Truncates to 300 chars to keep multi-line responses from blowing
  * up the user's terminal — full body remains on `error.raw` for
@@ -45,6 +52,15 @@ function formatRawForMessage(raw) {
         if (typeof topMsg === 'string' && topMsg.length > 0) {
             return topMsg.length > 300 ? `${topMsg.slice(0, 300)}…` : topMsg;
         }
+        // Codex Responses envelope: { detail: "..." }. Distinct from the
+        // OpenAI shape — the Codex backend uses FastAPI-style validation
+        // errors that surface as `detail` (str) for tier/auth rejections
+        // and `detail: [{...}]` for schema errors. Only the string form is
+        // useful in the message tail; the array form is left to .raw.
+        const detail = raw.detail;
+        if (typeof detail === 'string' && detail.length > 0) {
+            return detail.length > 300 ? `${detail.slice(0, 300)}…` : detail;
+        }
         return null;
     }
     // Plain string body.

package/dist/providers/v4/modelDefaults.js

@@ -0,0 +1,65 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * providers/v4/modelDefaults.ts — Phase v4.1.2-deepseek.
+ *
+ * Per-model default request parameters. Keyed by `${providerId}:${modelId}`
+ * so the same model slug appearing under multiple providers doesn't
+ * collide (e.g. a future shared-slug case across compat endpoints).
+ *
+ * Today's only consumer:
+ *   deepseek:deepseek-v4-pro → always send extra_body.thinking +
+ *   reasoning_effort, per DeepSeek's V4-Pro API guidance:
+ *
+ *     client.chat.completions.create(
+ *       model="deepseek-v4-pro",
+ *       messages=...,
+ *       reasoning_effort="high",
+ *       extra_body={"thinking": {"type": "enabled"}},
+ *     )
+ *
+ * The defaults are merged into the wire body by ChatCompletionsAdapter:
+ *   base body → defaultExtraBody (from this map) → per-call extraBody
+ *   (from the caller's ProviderCallInput)
+ *
+ * Per-call extraBody wins so a caller can disable thinking on a single
+ * request without un-registering the model default.
+ *
+ * Adding a new entry: keep this file small. Per-model knowledge lives
+ * here so resolver / registry / adapter stay pure (credential
+ * resolution / provider facts / wire-format mechanics respectively).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MODEL_DEFAULTS = void 0;
+exports.getModelDefaults = getModelDefaults;
+/**
+ * Per-`${providerId}:${modelId}` defaults. `undefined` lookup means
+ * the model takes no special handling.
+ */
+exports.MODEL_DEFAULTS = Object.freeze({
+    // DeepSeek V4 Pro — thinking-mode flagship.
+    // Reference: https://api-docs.deepseek.com/ (verified 2026-05).
+    // deepseek-v4-flash exists too but is not wired this slice; its
+    // legacy aliases (deepseek-chat = v4-flash non-think,
+    // deepseek-reasoner = v4-flash think) stay un-defaulted to preserve
+    // the existing pass-through behavior for users who explicitly
+    // selected them.
+    'deepseek:deepseek-v4-pro': {
+        extraBody: {
+            thinking: { type: 'enabled' },
+            reasoning_effort: 'high',
+        },
+    },
+});
+/**
+ * Look up defaults for a (provider, model) pair. Returns `undefined`
+ * when no entry exists — caller skips the extraBody merge.
+ */
+function getModelDefaults(providerId, modelId) {
+    return exports.MODEL_DEFAULTS[`${providerId}:${modelId}`];
+}

package/dist/providers/v4/registry.js

@@ -232,12 +232,19 @@ exports.PROVIDER_REGISTRY = {
         apiMode: 'chat_completions',
         baseUrl: 'https://api.deepseek.com/v1',
         apiKeyEnvVar: 'DEEPSEEK_API_KEY',
-        description: 'DeepSeek direct API — V3 chat + R1 reasoning.',
+        description: 'DeepSeek direct API — V4 Pro reasoning flagship + legacy aliases.',
         tier: 'paid',
         hasFreeTier: false,
         docsUrl: 'https://api-docs.deepseek.com/',
         supportsToolCalling: true,
-        modelIds: ['deepseek-chat', 'deepseek-reasoner'],
+        // Phase v4.1.2-deepseek: `deepseek-v4-pro` prepended as the new
+        // flagship — becomes the auto-pick default for new users via
+        // pickProbeModel(). Legacy `deepseek-chat` and `deepseek-reasoner`
+        // retained for back-compat (still functional aliases of the V4
+        // flash family per DeepSeek docs; deprecated-but-live). Removal
+        // is its own deprecation slice. Per-call thinking + reasoning
+        // _effort defaults for v4-pro live in providers/v4/modelDefaults.ts.
+        modelIds: ['deepseek-v4-pro', 'deepseek-chat', 'deepseek-reasoner'],
     },
     mistral: {
         id: 'mistral',

package/dist/providers/v4/runtimeResolver.js

@@ -39,6 +39,7 @@ const chatCompletionsAdapter_1 = require("./chatCompletionsAdapter");
 const anthropicAdapter_1 = require("./anthropicAdapter");
 const codexResponsesAdapter_1 = require("./codexResponsesAdapter");
 const ollamaPromptToolsAdapter_1 = require("./ollamaPromptToolsAdapter");
+const modelDefaults_1 = require("./modelDefaults");
 const tokenStore_1 = require("../../core/v4/auth/tokenStore");
 class RuntimeResolver {
     constructor(credentialResolver) {
@@ -61,6 +62,11 @@ class RuntimeResolver {
                     model: model.id,
                     providerName: entry.id,
                     extraHeaders: entry.extraHeaders,
+                    // Phase v4.1.2-deepseek: per-model body defaults (e.g.
+                    // DeepSeek V4-Pro's mandatory thinking + reasoning_effort).
+                    // Undefined for models without registered defaults — adapter
+                    // skips the merge in that case.
+                    defaultExtraBody: (0, modelDefaults_1.getModelDefaults)(entry.id, model.id)?.extraBody,
                 });
             case 'anthropic_messages':
                 if (!credentials.apiKey) {

package/dist/tools/v4/index.js

@@ -21,7 +21,7 @@
  * Status: PHASE 8.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.memoryRemoveTool = exports.memoryReplaceTool = exports.memoryAddTool = exports.processWaitTool = exports.processKillTool = exports.processLogReadTool = exports.processListTool = exports.processSpawnTool = exports.executeCodeTool = exports.shellExecTool = exports.naturalEventsTool = exports.nowPlayingTool = exports.systemInfoTool = exports.makeLookupToolSchema = exports.skillManageTool = exports.skillViewTool = exports.skillsListTool = exports.sessionListTool = exports.sessionSearchTool = exports.browserCloseTool = exports.browserScrollTool = exports.browserFillTool = exports.browserTypeTool = exports.browserClickTool = exports.browserNavigateTool = exports.browserGetUrlTool = exports.browserExtractTool = exports.browserScreenshotTool = exports.fileCopyTool = exports.fileMoveTool = exports.fileDeleteTool = exports.filePatchTool = exports.fileWriteTool = exports.fileListTool = exports.fileReadTool = exports.deepResearchTool = exports.webPageTool = exports.webFetchTool = exports.webSearchTool = exports.makeSubagentFanoutTool = void 0;
+exports.sessionSummaryTool = exports.memoryRemoveTool = exports.memoryReplaceTool = exports.memoryAddTool = exports.processWaitTool = exports.processKillTool = exports.processLogReadTool = exports.processListTool = exports.processSpawnTool = exports.executeCodeTool = exports.shellExecTool = exports.clipboardWriteTool = exports.clipboardReadTool = exports.appCloseTool = exports.appLaunchTool = exports.volumeSetTool = exports.mediaKeyTool = exports.osProcessListTool = exports.screenshotTool = exports.naturalEventsTool = exports.nowPlayingTool = exports.systemInfoTool = exports.makeLookupToolSchema = exports.skillManageTool = exports.skillViewTool = exports.skillsListTool = exports.sessionListTool = exports.sessionSearchTool = exports.browserCloseTool = exports.browserScrollTool = exports.browserFillTool = exports.browserTypeTool = exports.browserClickTool = exports.browserNavigateTool = exports.browserGetUrlTool = exports.browserExtractTool = exports.browserScreenshotTool = exports.fileCopyTool = exports.fileMoveTool = exports.fileDeleteTool = exports.filePatchTool = exports.fileWriteTool = exports.fileListTool = exports.fileReadTool = exports.deepResearchTool = exports.webPageTool = exports.webFetchTool = exports.webSearchTool = exports.makeSubagentFanoutTool = void 0;
 exports.registerReadOnlyTools = registerReadOnlyTools;
 exports.registerWriteTools = registerWriteTools;
 exports.registerAllTools = registerAllTools;
@@ -49,6 +49,7 @@ const browserScroll_1 = require("./browser/browserScroll");
 const browserClose_1 = require("./browser/browserClose");
 const sessionSearch_1 = require("./sessions/sessionSearch");
 const sessionList_1 = require("./sessions/sessionList");
+const recallSession_1 = require("./sessions/recallSession");
 const skillsList_1 = require("./skills/skillsList");
 const skillView_1 = require("./skills/skillView");
 const skillManage_1 = require("./skills/skillManage");
@@ -56,6 +57,18 @@ const lookupToolSchema_1 = require("./skills/lookupToolSchema");
 const systemInfo_1 = require("./system/systemInfo");
 const nowPlaying_1 = require("./system/nowPlaying");
 const naturalEvents_1 = require("./system/naturalEvents");
+// Phase v4.1.2-followup-3 computer-control bundle.
+const screenshot_1 = require("./system/screenshot");
+const osProcessList_1 = require("./system/osProcessList");
+const mediaKey_1 = require("./system/mediaKey");
+const volumeSet_1 = require("./system/volumeSet");
+const appLaunch_1 = require("./system/appLaunch");
+const appClose_1 = require("./system/appClose");
+const clipboardRead_1 = require("./system/clipboardRead");
+const clipboardWrite_1 = require("./system/clipboardWrite");
+// Phase v4.1.2-update — natural-language self-update entry point.
+// Routes through the same shared executeInstall executor as `/update install`.
+const aidenSelfUpdate_1 = require("./system/aidenSelfUpdate");
 const shellExec_1 = require("./terminal/shellExec");
 const executeCode_1 = require("./executeCode");
 const processSpawn_1 = require("./process/processSpawn");
@@ -66,6 +79,7 @@ const processWait_1 = require("./process/processWait");
 const memoryAdd_1 = require("./memory/memoryAdd");
 const memoryReplace_1 = require("./memory/memoryReplace");
 const memoryRemove_1 = require("./memory/memoryRemove");
+const sessionSummary_1 = require("./memory/sessionSummary");
 const subagentFanout_1 = require("./subagent/subagentFanout");
 /**
  * Register every read-only tool into `registry`. The
@@ -94,11 +108,21 @@ function registerReadOnlyTools(registry) {
     registry.register(browserGetUrl_1.browserGetUrlTool);
     registry.register(sessionSearch_1.sessionSearchTool);
     registry.register(sessionList_1.sessionListTool);
+    // Phase v4.1.2-memory-C: recall_session reads SessionDistillation
+    // files written by Phase A+B. Sits alongside session_search — the
+    // two have distinct purposes (FTS5-over-messages vs ranked
+    // distillation summaries); descriptions force the right model
+    // choice.
+    registry.register(recallSession_1.recallSessionTool);
     registry.register(skillsList_1.skillsListTool);
     registry.register(skillView_1.skillViewTool);
     registry.register(systemInfo_1.systemInfoTool);
     registry.register(nowPlaying_1.nowPlayingTool);
     registry.register(naturalEvents_1.naturalEventsTool);
+    // Phase v4.1.2-followup-3 — computer-control read-only tools.
+    registry.register(screenshot_1.screenshotTool);
+    registry.register(osProcessList_1.osProcessListTool);
+    registry.register(clipboardRead_1.clipboardReadTool);
     registry.register((0, lookupToolSchema_1.makeLookupToolSchema)(registry));
     // Phase v4.1-subagent — register a stub for subagent_fanout so its
     // schema is visible to the agent loop, the MCP server, and the
@@ -158,9 +182,22 @@ function registerWriteTools(registry) {
     registry.register(memoryAdd_1.memoryAddTool);
     registry.register(memoryReplace_1.memoryReplaceTool);
     registry.register(memoryRemove_1.memoryRemoveTool);
+    // Phase v4.1.2 alive-core: cross-session continuity via /quit auto-summary.
+    registry.register(sessionSummary_1.sessionSummaryTool);
     // Phase 10: skill_manage — mutating, also goes through the approval
     // engine. skills_list / skill_view stay in registerReadOnlyTools.
     registry.register(skillManage_1.skillManageTool);
+    // Phase v4.1.2-update: natural-language entry to the same install
+    // executor that /update install uses. Two-step confirmation gate
+    // (confirm:false → status; confirm:true → install).
+    registry.register(aidenSelfUpdate_1.aidenSelfUpdateTool);
+    // Phase v4.1.2-followup-3 — computer-control mutating tools. All
+    // route through the approval engine like every other write.
+    registry.register(mediaKey_1.mediaKeyTool);
+    registry.register(volumeSet_1.volumeSetTool);
+    registry.register(appLaunch_1.appLaunchTool);
+    registry.register(appClose_1.appCloseTool);
+    registry.register(clipboardWrite_1.clipboardWriteTool);
 }
 /** Register every v4 tool. Most callers want this. */
 function registerAllTools(registry) {
@@ -227,6 +264,23 @@ var nowPlaying_2 = require("./system/nowPlaying");
 Object.defineProperty(exports, "nowPlayingTool", { enumerable: true, get: function () { return nowPlaying_2.nowPlayingTool; } });
 var naturalEvents_2 = require("./system/naturalEvents");
 Object.defineProperty(exports, "naturalEventsTool", { enumerable: true, get: function () { return naturalEvents_2.naturalEventsTool; } });
+// Phase v4.1.2-followup-3 computer-control bundle exports.
+var screenshot_2 = require("./system/screenshot");
+Object.defineProperty(exports, "screenshotTool", { enumerable: true, get: function () { return screenshot_2.screenshotTool; } });
+var osProcessList_2 = require("./system/osProcessList");
+Object.defineProperty(exports, "osProcessListTool", { enumerable: true, get: function () { return osProcessList_2.osProcessListTool; } });
+var mediaKey_2 = require("./system/mediaKey");
+Object.defineProperty(exports, "mediaKeyTool", { enumerable: true, get: function () { return mediaKey_2.mediaKeyTool; } });
+var volumeSet_2 = require("./system/volumeSet");
+Object.defineProperty(exports, "volumeSetTool", { enumerable: true, get: function () { return volumeSet_2.volumeSetTool; } });
+var appLaunch_2 = require("./system/appLaunch");
+Object.defineProperty(exports, "appLaunchTool", { enumerable: true, get: function () { return appLaunch_2.appLaunchTool; } });
+var appClose_2 = require("./system/appClose");
+Object.defineProperty(exports, "appCloseTool", { enumerable: true, get: function () { return appClose_2.appCloseTool; } });
+var clipboardRead_2 = require("./system/clipboardRead");
+Object.defineProperty(exports, "clipboardReadTool", { enumerable: true, get: function () { return clipboardRead_2.clipboardReadTool; } });
+var clipboardWrite_2 = require("./system/clipboardWrite");
+Object.defineProperty(exports, "clipboardWriteTool", { enumerable: true, get: function () { return clipboardWrite_2.clipboardWriteTool; } });
 var shellExec_2 = require("./terminal/shellExec");
 Object.defineProperty(exports, "shellExecTool", { enumerable: true, get: function () { return shellExec_2.shellExecTool; } });
 var executeCode_2 = require("./executeCode");
@@ -247,3 +301,5 @@ var memoryReplace_2 = require("./memory/memoryReplace");
 Object.defineProperty(exports, "memoryReplaceTool", { enumerable: true, get: function () { return memoryReplace_2.memoryReplaceTool; } });
 var memoryRemove_2 = require("./memory/memoryRemove");
 Object.defineProperty(exports, "memoryRemoveTool", { enumerable: true, get: function () { return memoryRemove_2.memoryRemoveTool; } });
+var sessionSummary_2 = require("./memory/sessionSummary");
+Object.defineProperty(exports, "sessionSummaryTool", { enumerable: true, get: function () { return sessionSummary_2.sessionSummaryTool; } });

package/dist/tools/v4/memory/memoryRemove.js

@@ -12,14 +12,37 @@
  * Returns `verified: true` only after the post-write read confirms
  * the text is gone from the file.
  *
- * Status: PHASE 9.
+ * Phase v4.1.2-bug-X: user-approved durable facts (anything in
+ * MEMORY.md `## Durable facts`) are protected from autonomous
+ * deletion. A subsequent session on a weak model (llama-3.3 in the
+ * smoke test) called memory_remove on a Phase-D-promoted fact with
+ * reasoning "outdated" — violating Phase D's opt-in trust contract.
+ *
+ * The guard is STRICT: if the requested substring appears ANYWHERE
+ * in the `## Durable facts` body, the call is rejected. Substring
+ * removal operates whole-file, so partial protection would still
+ * nuke the durable copy as side-effect. Hard rejection (vs propose-
+ * and-defer) is honest: model must surface to user; only the user
+ * (editing MEMORY.md directly, or via a future `/forget` slash
+ * command) can revoke durable content.
+ *
+ * Status: PHASE 9 (PHASE v4.1.2-bug-X: section protection).
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.memoryRemoveTool = void 0;
+const memoryGuard_1 = require("../../../moat/memoryGuard");
+/** Section in MEMORY.md that Phase D promotion writes to. */
+const DURABLE_FACTS_HEADER = '## Durable facts';
 exports.memoryRemoveTool = {
     schema: {
         name: 'memory_remove',
-        description: 'Remove an entry from MEMORY.md or USER.md by substring match. Returns verified=true only after the change is confirmed on disk.',
+        description: 'Remove an entry from MEMORY.md or USER.md by substring match. ' +
+            'CANNOT remove entries in MEMORY.md `## Durable facts` — those are ' +
+            'user-approved facts the user explicitly promoted; only the user ' +
+            'can revoke them by editing MEMORY.md directly. If you think a ' +
+            'durable fact is outdated, surface that to the user and ask them ' +
+            'to confirm; do not propose autonomous removal. Returns ' +
+            'verified=true only after the change is confirmed on disk.',
         inputSchema: {
             type: 'object',
             properties: {
@@ -42,6 +65,38 @@ exports.memoryRemoveTool = {
         }
         const file = args.file === 'user' ? 'user' : 'memory';
         const text = String(args.text ?? '');
+        // Phase v4.1.2-bug-X: durable-section protection. Only applies
+        // to MEMORY.md (USER.md has no section structure today). The
+        // check requires snapshot access — when ctx.memory is not
+        // wired (test contexts, future surface refactors), we fall
+        // through to the existing guardedRemove behavior. Real CLI
+        // sessions wire memoryManager, so production paths get the
+        // guard. Documented intentional fall-through.
+        if (file === 'memory' && ctx.memory) {
+            try {
+                const snap = await ctx.memory.loadSnapshot();
+                const memoryMd = snap?.memoryMd ?? '';
+                if (memoryMd && (0, memoryGuard_1.containsInSection)(memoryMd, text, DURABLE_FACTS_HEADER)) {
+                    const preview = text.length > 60
+                        ? `${text.slice(0, 60)}…`
+                        : text;
+                    return {
+                        success: false,
+                        verified: false,
+                        error: `Cannot remove "${preview}" — it's in MEMORY.md ` +
+                            `\`${DURABLE_FACTS_HEADER}\`, which holds user-approved facts. ` +
+                            `Only the user can revoke these. Ask them to confirm removal ` +
+                            `in their next message; do not propose autonomous deletion.`,
+                        file,
+                        protectedSection: DURABLE_FACTS_HEADER,
+                    };
+                }
+            }
+            catch {
+                // Snapshot read failed — fall through to old behavior rather
+                // than block legitimate removals on transient I/O errors.
+            }
+        }
         const r = await ctx.memoryGuard.guardedRemove(file, text);
         return {
             success: r.ok,