aiden-runtime 4.1.5 → 4.6.0

package/dist/cli/v4/commands/trigger.js

@@ -0,0 +1,378 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * cli/v4/commands/trigger.ts — v4.5 Phase 2: `aiden trigger` command set.
+ *
+ * Subcommands:
+ *   aiden trigger add file --path <p> --name <n> [opts]
+ *     Writes a `triggers` row with source='file' and a normalized
+ *     spec_json. Daemon restart picks it up on next boot. Phase 5
+ *     will add hot-reload.
+ *
+ *   aiden trigger list                  — show all triggers + status
+ *   aiden trigger show <id>             — full spec + stats
+ *   aiden trigger remove <id>           — delete from triggers + cascade
+ *   aiden trigger enable <id>           — set triggers.enabled = 1
+ *   aiden trigger disable <id>          — set triggers.enabled = 0
+ *   aiden trigger test <id>             — fire a synthetic event
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runTriggerSubcommand = runTriggerSubcommand;
+const node_path_1 = __importDefault(require("node:path"));
+const node_crypto_1 = require("node:crypto");
+const daemon_1 = require("../../../core/v4/daemon");
+const paths_1 = require("../../../core/v4/paths");
+const noopOut = (s) => { process.stdout.write(s); };
+const noopErr = (s) => { process.stderr.write(s); };
+/**
+ * Run an `aiden trigger <action>` invocation. Returns the desired
+ * process exit code so the CLI top-level can propagate.
+ */
+async function runTriggerSubcommand(action, args, argv, opts = {}) {
+    const out = opts.writeOut ?? noopOut;
+    const err = opts.writeErr ?? noopErr;
+    const aidenRoot = (0, paths_1.resolveAidenRoot)();
+    const db = (0, daemon_1.openDaemonDb)((0, daemon_1.daemonDbPath)(aidenRoot));
+    switch (action) {
+        case 'add': {
+            const kind = args[0];
+            if (kind === 'webhook') {
+                return runAddWebhook(db, argv, out, err);
+            }
+            if (kind === 'email') {
+                return runAddEmail(db, argv, out, err);
+            }
+            if (kind !== 'file') {
+                err(`trigger add: 'file', 'webhook', or 'email' kind required (got: ${kind ?? '<none>'})\n`);
+                return 2;
+            }
+            const a = argv;
+            if (!a.name || !a.paths || a.paths.length === 0) {
+                err('trigger add file: --name and at least one --path required\n');
+                return 2;
+            }
+            const spec = (0, daemon_1.parseFileWatcherSpec)({
+                paths: a.paths,
+                recursive: daemon_1.DEFAULT_FILE_WATCHER_SPEC.recursive,
+                includeGlobs: a.include,
+                excludeGlobs: a.exclude,
+                eventTypes: a.events,
+                debounceMs: a.debounceMs ?? daemon_1.DEFAULT_FILE_WATCHER_SPEC.debounceMs,
+                settleMs: a.settleMs ?? daemon_1.DEFAULT_FILE_WATCHER_SPEC.settleMs,
+                maxSettleMs: a.maxSettleMs ?? daemon_1.DEFAULT_FILE_WATCHER_SPEC.maxSettleMs,
+                maxQueueDepth: a.maxQueueDepth ?? daemon_1.DEFAULT_FILE_WATCHER_SPEC.maxQueueDepth,
+                ignoreTemp: a.noIgnoreTemp ? false : daemon_1.DEFAULT_FILE_WATCHER_SPEC.ignoreTemp,
+                contentHash: a.contentHash === true,
+                reconcile: a.reconcile ?? daemon_1.DEFAULT_FILE_WATCHER_SPEC.reconcile,
+                polling: a.polling === true ? { enabled: true } : undefined,
+                promptTemplate: a.promptTemplate,
+            });
+            // Resolve paths to absolute upfront so the watcher sees stable inputs.
+            spec.paths = spec.paths.map((p) => node_path_1.default.resolve(p));
+            const id = (0, node_crypto_1.randomUUID)();
+            const now = Date.now();
+            db.prepare(`INSERT INTO triggers
+           (id, source, name, spec_json, enabled, prompt_template, deliver_only,
+            created_at, updated_at)
+         VALUES (?, 'file', ?, ?, ?, ?, 0, ?, ?)`).run(id, a.name, JSON.stringify(spec), a.disabled ? 0 : 1, spec.promptTemplate ?? null, now, now);
+            out(`trigger added: ${id} (${a.name})\n`);
+            out('Restart the daemon to activate the watcher.\n');
+            return 0;
+        }
+        case 'list': {
+            const rows = db.prepare(`SELECT id, source, name, enabled, created_at FROM triggers ORDER BY created_at DESC`).all();
+            if (rows.length === 0) {
+                out('No triggers registered.\n');
+                return 0;
+            }
+            for (const r of rows) {
+                const status = r.enabled ? 'enabled' : 'disabled';
+                out(`${r.id}  ${r.source.padEnd(8)}  ${status.padEnd(9)}  ${r.name}\n`);
+            }
+            return 0;
+        }
+        case 'show': {
+            const id = args[0];
+            if (!id) {
+                err('trigger show: id required\n');
+                return 2;
+            }
+            const row = db.prepare('SELECT * FROM triggers WHERE id = ?').get(id);
+            if (!row) {
+                err(`trigger show: not found: ${id}\n`);
+                return 1;
+            }
+            out(JSON.stringify({
+                id: row.id, source: row.source, name: row.name,
+                enabled: row.enabled === 1, created_at: row.created_at,
+                spec: JSON.parse(row.spec_json),
+            }, null, 2) + '\n');
+            return 0;
+        }
+        case 'remove': {
+            const id = args[0];
+            if (!id) {
+                err('trigger remove: id required\n');
+                return 2;
+            }
+            const r = db.prepare('DELETE FROM triggers WHERE id = ?').run(id);
+            if (r.changes === 0) {
+                err(`trigger remove: not found: ${id}\n`);
+                return 1;
+            }
+            out(`trigger removed: ${id}\n`);
+            return 0;
+        }
+        case 'enable':
+        case 'disable': {
+            const id = args[0];
+            if (!id) {
+                err(`trigger ${action}: id required\n`);
+                return 2;
+            }
+            const r = db.prepare('UPDATE triggers SET enabled = ?, updated_at = ? WHERE id = ?')
+                .run(action === 'enable' ? 1 : 0, Date.now(), id);
+            if (r.changes === 0) {
+                err(`trigger ${action}: not found: ${id}\n`);
+                return 1;
+            }
+            out(`trigger ${action}d: ${id}\n`);
+            return 0;
+        }
+        case 'test': {
+            const id = args[0];
+            if (!id) {
+                err('trigger test: id required\n');
+                return 2;
+            }
+            const row = db.prepare('SELECT source FROM triggers WHERE id = ?').get(id);
+            if (!row) {
+                err(`trigger test: not found: ${id}\n`);
+                return 1;
+            }
+            const bus = (0, daemon_1.createTriggerBus)({ db });
+            const result = bus.insert({
+                source: row.source,
+                sourceKey: id,
+                payload: { synthetic: true, test: true, source: row.source },
+            });
+            out(`trigger test event inserted: id=${result.id} inserted=${result.inserted}\n`);
+            return 0;
+        }
+        case 'logs': {
+            // v4.5 Phase 6 — tail recent run_events for runs whose sessionId
+            // starts with `trigger:<source>:<id>:`. Surfaces what the agent
+            // did on each fire (or what the deliverOnly stub logged).
+            const id = args[0];
+            if (!id) {
+                err('trigger logs: id required\n');
+                return 2;
+            }
+            const trig = db.prepare('SELECT id, source, name FROM triggers WHERE id = ?').get(id);
+            if (!trig) {
+                err(`trigger logs: not found: ${id}\n`);
+                return 1;
+            }
+            const prefix = `trigger:${trig.source}:${id}:`;
+            const rows = db.prepare(`SELECT re.ts, re.kind, re.payload, r.id AS run_id
+           FROM run_events re
+           JOIN runs r ON re.run_id = r.id
+          WHERE r.session_id LIKE ?
+          ORDER BY re.ts DESC
+          LIMIT 50`).all(`${prefix}%`);
+            if (rows.length === 0) {
+                out(`No run events recorded for trigger ${id} (${trig.name}).\n`);
+                return 0;
+            }
+            out(`Last ${rows.length} event(s) for trigger ${id} (${trig.name}):\n`);
+            for (const r of rows.reverse()) { // chronological order for tail-like output
+                const ts = new Date(r.ts).toISOString().slice(0, 19) + 'Z';
+                const payloadStr = r.payload.length > 120 ? r.payload.slice(0, 120) + '…' : r.payload;
+                out(`  [${ts}] run=${r.run_id} ${r.kind.padEnd(20)} ${payloadStr}\n`);
+            }
+            return 0;
+        }
+        case 'runs': {
+            // v4.5 Phase 6 — list runs that originated from this trigger.
+            const id = args[0];
+            if (!id) {
+                err('trigger runs: id required\n');
+                return 2;
+            }
+            const trig = db.prepare('SELECT id, source, name FROM triggers WHERE id = ?').get(id);
+            if (!trig) {
+                err(`trigger runs: not found: ${id}\n`);
+                return 1;
+            }
+            const prefix = `trigger:${trig.source}:${id}:`;
+            const rows = db.prepare(`SELECT id, status, finish_reason, started_at, completed_at
+           FROM runs
+          WHERE session_id LIKE ?
+          ORDER BY started_at DESC
+          LIMIT 50`).all(`${prefix}%`);
+            if (rows.length === 0) {
+                out(`No runs recorded for trigger ${id} (${trig.name}).\n`);
+                return 0;
+            }
+            out(`${'runId'.padEnd(6)}  ${'status'.padEnd(11)}  ${'finish'.padEnd(11)}  started\n`);
+            for (const r of rows) {
+                const started = new Date(r.started_at).toISOString().slice(0, 19) + 'Z';
+                out(`${String(r.id).padEnd(6)}  ${r.status.padEnd(11)}  ${(r.finish_reason ?? '-').padEnd(11)}  ${started}\n`);
+            }
+            out(`\n${rows.length} run${rows.length === 1 ? '' : 's'} for trigger ${id}\n`);
+            return 0;
+        }
+        default:
+            err(`Unknown trigger action: ${action}\n`);
+            err('Actions: add, list, show <id>, remove <id>, enable <id>, disable <id>, test <id>, logs <id>, runs <id>\n');
+            return 2;
+    }
+}
+function runAddWebhook(db, argv, out, err) {
+    const a = argv;
+    if (!a.name) {
+        err('trigger add webhook: --name required\n');
+        return 2;
+    }
+    // Generate the secret if the user didn't supply one — 32 bytes
+    // base64url-encoded (43-character URL-safe string).
+    const secret = a.secret && a.secret.length > 0
+        ? a.secret
+        : (0, node_crypto_1.randomBytes)(32).toString('base64url');
+    const spec = (0, daemon_1.parseWebhookSpec)({
+        name: a.name,
+        secret,
+        hmacFormat: a.hmac ?? daemon_1.DEFAULT_WEBHOOK_SPEC.hmacFormat,
+        allowedEvents: a.events,
+        rateLimit: { perMinute: a.rateLimit ?? daemon_1.DEFAULT_WEBHOOK_SPEC.rateLimit.perMinute },
+        maxBodyBytes: a.maxBodyBytes ?? daemon_1.DEFAULT_WEBHOOK_SPEC.maxBodyBytes,
+        idempotencyTtlMs: a.idempotencyTtlMs ?? daemon_1.DEFAULT_WEBHOOK_SPEC.idempotencyTtlMs,
+        deliverOnly: a.deliverOnly === true,
+        promptTemplate: a.promptTemplate,
+        publicBound: false,
+    });
+    const id = (0, node_crypto_1.randomUUID)();
+    const now = Date.now();
+    db.prepare(`INSERT INTO triggers
+       (id, source, name, spec_json, enabled, prompt_template, deliver_only,
+        created_at, updated_at)
+     VALUES (?, 'webhook', ?, ?, ?, ?, ?, ?, ?)`).run(id, a.name, JSON.stringify(spec), a.disabled ? 0 : 1, spec.promptTemplate ?? null, spec.deliverOnly ? 1 : 0, now, now);
+    const cfg = (0, daemon_1.getDaemonConfig)();
+    const host = process.env.AIDEN_DAEMON_BIND ?? '127.0.0.1';
+    out(`trigger added: ${id} (${a.name})\n`);
+    out(`webhook url:   http://${host}:${cfg.port}/api/triggers/webhook/${id}\n`);
+    out(`hmac format:   ${spec.hmacFormat}\n`);
+    out(`rate limit:    ${spec.rateLimit.perMinute}/min\n`);
+    out(`secret:        ${secret}\n`);
+    out(`⚠ Save this secret now — it cannot be retrieved later.\n`);
+    out(`Restart the daemon to activate the route.\n`);
+    return 0;
+}
+async function runAddEmail(db, argv, out, err) {
+    const a = argv;
+    if (!a.name) {
+        err('trigger add email: --label required\n');
+        return 2;
+    }
+    if (!a.host) {
+        err('trigger add email: --host required\n');
+        return 2;
+    }
+    if (!a.user) {
+        err('trigger add email: --user required\n');
+        return 2;
+    }
+    if (!a.password) {
+        err('trigger add email: --password required\n');
+        return 2;
+    }
+    if (!a.allowSenders || a.allowSenders.length === 0) {
+        err('trigger add email: at least one --allow-sender required.\n' +
+            '  Examples: --allow-sender "user@example.com"\n' +
+            '            --allow-sender "*@taracod.com"\n');
+        return 2;
+    }
+    // Build + validate the spec (this also compile-checks subject regexes).
+    let spec;
+    try {
+        spec = (0, daemon_1.parseEmailSpec)({
+            name: a.name,
+            imap: {
+                host: a.host,
+                port: a.port ?? daemon_1.DEFAULT_IMAP.port,
+                user: a.user,
+                password: a.password,
+                tls: a.noTls ? false : daemon_1.DEFAULT_IMAP.tls,
+                authTimeoutMs: daemon_1.DEFAULT_IMAP.authTimeoutMs,
+            },
+            mailbox: a.mailbox ?? daemon_1.DEFAULT_EMAIL_SPEC.mailbox,
+            pollIntervalMs: a.pollMs ?? daemon_1.DEFAULT_EMAIL_SPEC.pollIntervalMs,
+            allowedSenders: a.allowSenders,
+            allowedSubjectPatterns: a.allowSubjects,
+            maxBodyBytes: a.maxBodyBytes ?? daemon_1.DEFAULT_EMAIL_SPEC.maxBodyBytes,
+            promptTemplate: a.promptTemplate,
+            deliverOnly: a.deliverOnly === true,
+            attachmentPolicy: a.attachmentPolicy ?? daemon_1.DEFAULT_EMAIL_SPEC.attachmentPolicy,
+        });
+    }
+    catch (e) {
+        err(`trigger add email: ${e instanceof Error ? e.message : String(e)}\n`);
+        return 2;
+    }
+    // Q-P4-5 default: validate at add-time. Opt out with --no-validate.
+    if (!a.noValidate) {
+        out('Validating IMAP connectivity ...\n');
+        const conn = (0, daemon_1.createImapConnection)({
+            config: spec.imap,
+            log: (level, msg) => { if (level === 'error')
+                err(msg + '\n'); },
+        });
+        try {
+            await conn.connect();
+            try {
+                await conn.openMailbox(spec.mailbox);
+            }
+            catch (e) {
+                err(`IMAP connectivity validated, but mailbox open failed: ${e instanceof Error ? e.message : String(e)}\n`);
+                await conn.disconnect();
+                return 1;
+            }
+            await conn.disconnect();
+            out('  ✓ connected, authenticated, mailbox opened\n');
+        }
+        catch (e) {
+            err(`IMAP connection failed: ${e instanceof Error ? e.message : String(e)}\n`);
+            err('Use --no-validate to skip the pre-flight check and add the trigger anyway.\n');
+            return 1;
+        }
+    }
+    else {
+        out('Skipping IMAP connectivity validation (--no-validate).\n');
+    }
+    const id = (0, node_crypto_1.randomUUID)();
+    const now = Date.now();
+    db.prepare(`INSERT INTO triggers
+       (id, source, name, spec_json, enabled, prompt_template, deliver_only,
+        created_at, updated_at)
+     VALUES (?, 'email', ?, ?, ?, ?, ?, ?, ?)`).run(id, a.name, JSON.stringify(spec), a.disabled ? 0 : 1, spec.promptTemplate ?? null, spec.deliverOnly ? 1 : 0, now, now);
+    out(`trigger added: ${id} (${a.name})\n`);
+    out(`imap host:     ${spec.imap.host}:${spec.imap.port}${spec.imap.tls ? ' (TLS)' : ''}\n`);
+    out(`mailbox:       ${spec.mailbox}\n`);
+    out(`poll interval: ${spec.pollIntervalMs}ms\n`);
+    out(`allow-senders: ${spec.allowedSenders.join(', ')}\n`);
+    out(`⚠ Password stored in plaintext in daemon.db (chmod 600 on POSIX,\n`);
+    out(`  user-private on Windows). Encryption-at-rest is deferred to v4.6+.\n`);
+    out(`Restart the daemon to activate the trigger.\n`);
+    // Note: runAddEmail returns a Promise<number>, so the outer switch must
+    // await it. (Already handled — runTriggerSubcommand is async.)
+    void node_crypto_1.randomBytes; // imported but only used by webhook helper
+    return 0;
+}

package/dist/cli/v4/commands/update.js

@@ -26,6 +26,8 @@ exports.update = void 0;
 const version_1 = require("../../../core/version");
 const checkUpdate_1 = require("../../../core/v4/update/checkUpdate");
 const executeInstall_1 = require("../../../core/v4/update/executeInstall");
+const installMethodDetect_1 = require("../../../core/v4/update/installMethodDetect");
+const skipState_1 = require("../../../core/v4/update/skipState");
 async function printStatus(ctx) {
     if (!ctx.paths) {
         ctx.display.warn('/update needs Aiden user-data paths — try in a real session.');
@@ -85,18 +87,108 @@ async function runInstall(ctx) {
     }
     ctx.display.warn(result.error ?? 'Install failed (no error message).');
 }
+// ── v4.5 update system — skip + auto subcommands ───────────────────────────
+async function runSkip(ctx) {
+    if (!ctx.paths) {
+        ctx.display.warn('/update skip needs Aiden user-data paths — try in a real session.');
+        return;
+    }
+    const version = ctx.args[1];
+    if (!version || version.trim().length === 0) {
+        ctx.display.printError('Usage: /update skip <version>\n' +
+            'Example: /update skip 4.5.1\n' +
+            'Suppresses the boot prompt for that version + any older. Newer versions still prompt.');
+        return;
+    }
+    // Reject obviously-bad inputs early so users get a clear error.
+    try {
+        (0, checkUpdate_1.compareVersions)(version, version);
+    }
+    catch {
+        ctx.display.printError(`/update skip: "${version}" is not a recognised version (expected MAJOR.MINOR.PATCH).`);
+        return;
+    }
+    try {
+        await (0, checkUpdate_1.updateCacheFile)(ctx.paths, (current) => (0, skipState_1.applySkip)(current, version));
+        ctx.display.write(`Skipping ${version}. Boot prompt will resume when a newer version ships.\n`);
+    }
+    catch (e) {
+        ctx.display.warn(`/update skip: failed to persist (${e instanceof Error ? e.message : String(e)}).`);
+    }
+}
+async function runAuto(ctx) {
+    const sub = (ctx.args[1] ?? 'status').toLowerCase();
+    if (sub === 'status') {
+        const off = process.env.AIDEN_NO_UPDATE_CHECK === '1';
+        ctx.display.write(`Update auto-check: ${off ? 'OFF' : 'ON'}   (source: ${off ? 'env' : 'default'})\n`);
+        if (off) {
+            ctx.display.dim('  unset AIDEN_NO_UPDATE_CHECK or run `/update auto on` to re-enable.');
+        }
+        return;
+    }
+    if (sub === 'on' || sub === 'off') {
+        // The env var is the authoritative gate (matches existing Phase 20
+        // contract). `/update auto on` clears it for the current process;
+        // permanent off needs the user's shell to keep it set, since we
+        // shouldn't quietly write env vars to user shells. Document this
+        // clearly so users aren't confused.
+        if (sub === 'on') {
+            delete process.env.AIDEN_NO_UPDATE_CHECK;
+            ctx.display.write('Update auto-check: ON for this session.\n');
+            ctx.display.dim('  To persist: ensure AIDEN_NO_UPDATE_CHECK is unset in your shell init.');
+        }
+        else {
+            process.env.AIDEN_NO_UPDATE_CHECK = '1';
+            ctx.display.write('Update auto-check: OFF for this session.\n');
+            ctx.display.dim('  To persist: set AIDEN_NO_UPDATE_CHECK=1 in your shell init.');
+        }
+        return;
+    }
+    ctx.display.printError('Usage: /update auto on|off|status');
+}
+async function runClearSkip(ctx) {
+    if (!ctx.paths) {
+        ctx.display.warn('/update unskip needs Aiden user-data paths — try in a real session.');
+        return;
+    }
+    try {
+        await (0, checkUpdate_1.updateCacheFile)(ctx.paths, (current) => (0, skipState_1.clearSkip)(current));
+        ctx.display.write('Cleared skipped-version state. The boot prompt will re-fire next session.\n');
+    }
+    catch (e) {
+        ctx.display.warn(`/update unskip: failed to persist (${e instanceof Error ? e.message : String(e)}).`);
+    }
+}
 exports.update = {
     name: 'update',
-    description: 'Check for / install the latest aiden-runtime. Use "install" subcommand to apply.',
+    description: 'Check, install, or skip aiden-runtime updates.',
     category: 'system',
     icon: '⬆',
     handler: async (ctx) => {
         const sub = (ctx.args[0] ?? '').toLowerCase();
+        // Display install method on `/update` default so users see how
+        // their install will be updated before they trigger one.
         if (sub === 'install') {
             await runInstall(ctx);
+            return;
         }
-        else {
-            await printStatus(ctx);
+        if (sub === 'skip') {
+            await runSkip(ctx);
+            return;
+        }
+        if (sub === 'unskip') {
+            await runClearSkip(ctx);
+            return;
+        }
+        if (sub === 'auto') {
+            await runAuto(ctx);
+            return;
+        }
+        // Default ('' / 'check') → status probe.
+        await printStatus(ctx);
+        if (ctx.paths) {
+            const method = (0, installMethodDetect_1.detectInstallMethod)();
+            ctx.display.dim(`  install method: ${method.description}`);
         }
     },
 };

package/dist/cli/v4/daemonAgentBuilder.js

@@ -0,0 +1,145 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * cli/v4/daemonAgentBuilder.ts — v4.5 Phase 7b.
+ *
+ * Builds the `AgentBuilder` closure the daemon dispatcher uses to
+ * construct a fresh AidenAgent per claimed trigger event. Captures
+ * the REPL's already-initialized provider resolver, tool registry,
+ * auxiliary client, prompt builder, and memory manager — REPL and
+ * daemon turns share these instances per Q-P7b-2(a). State that
+ * MUST stay isolated (memoryDirty Set, cachedSystemPrompt) lives
+ * on AidenAgent instances, and the closure creates a fresh agent
+ * every time the dispatcher invokes it.
+ *
+ * Scope cuts deliberately deferred (per Phase 7b audit greenlight):
+ *   - plannerGuard / honestyEnforcement / skillTeacher / skillMiner
+ *     are NOT wired into daemon-mode agents. They add ~3 LLM calls
+ *     per turn and the daemon's job is "act on the trigger," not
+ *     "improve the agent." Opt-in per-trigger lands in v4.6 if
+ *     real-world use surfaces a need.
+ *   - REPL-only spinner hooks (onMemoryRefreshStart/onPromptBuilt/
+ *     onProviderRequestStart) are omitted; daemon has no display
+ *     surface.
+ *   - skillTeacherCallbacks.promptUser is omitted; daemon has no
+ *     operator to ask.
+ *
+ * Strategy B (closure capture) — chosen over Strategy A (full
+ * factory refactor) to keep the REPL's existing agent construction
+ * untouched. The risk of regression in the REPL path is minimised
+ * because we don't rewrite ANY of the REPL's setup — the daemon
+ * closure just constructs a SECOND lightweight agent on demand
+ * from the same building blocks.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildDaemonAgentBuilder = buildDaemonAgentBuilder;
+const aidenAgent_1 = require("../../core/v4/aidenAgent");
+const approvalEngine_1 = require("../../moat/approvalEngine");
+// ── Implementation ─────────────────────────────────────────────────────────
+const DEFAULT_MAX_TURNS = 90;
+/**
+ * Returns the AgentBuilder the daemon dispatcher consumes. The
+ * returned closure is invoked once per trigger event the
+ * dispatcher claims; each call constructs a fresh AidenAgent with
+ * daemon-flavored options.
+ */
+function buildDaemonAgentBuilder(deps) {
+    const log = deps.log ?? ((msg) => process.stderr.write(msg + '\n'));
+    const maxTurns = deps.maxTurns ?? DEFAULT_MAX_TURNS;
+    return async (input) => {
+        const turnStartMs = Date.now();
+        // Resolve a provider adapter for the chosen (provider, model)
+        // pair. The resolver's resolve() returns an adapter wrapper;
+        // the underlying connection pool is shared per Q-P7b-2(a).
+        // If resolution fails (model not configured, OAuth expired),
+        // fall back to the REPL's existing adapter so the daemon turn
+        // still runs against SOMETHING usable.
+        let adapter;
+        try {
+            adapter = await deps.resolver.resolve({
+                providerId: input.resolvedModel.provider,
+                modelId: input.resolvedModel.model,
+                paths: deps.paths,
+            });
+        }
+        catch {
+            adapter = deps.fallbackAdapter;
+        }
+        // Approval engine — fresh per turn so the session-scoped
+        // allowlist doesn't bleed across daemon turns.
+        const approvalEngine = new approvalEngine_1.ApprovalEngine('smart');
+        approvalEngine['callbacks'] = input.approvalCallbacks;
+        // Per-turn promptBuilderOptions — same snapshot the REPL uses,
+        // only the providerId/modelId fields overridden to reflect the
+        // daemon's resolved model. The MemoryManager is shared (read-
+        // only access via loadSnapshot()), so memory-dirty propagation
+        // is the REPL agent's concern; daemon agent reads a fresh
+        // snapshot on each `runConversation` call and discards.
+        const pbOpts = {
+            ...deps.promptBuilderOptions,
+            providerId: input.resolvedModel.provider,
+            modelId: input.resolvedModel.model,
+        };
+        const agent = new aidenAgent_1.AidenAgent({
+            provider: adapter,
+            // v4.6 Phase 1 — 'daemon' context filter excludes REPL-only
+            // tools (`spawn_sub_agent` per Q6). Tools without an explicit
+            // `contexts` field stay visible to both REPL and daemon.
+            tools: deps.toolRegistry.getSchemas(undefined, 'daemon'),
+            toolExecutor: deps.toolExecutor,
+            maxTurns,
+            auxiliaryClient: deps.auxiliaryClient,
+            // v4.5 Phase 7 — explicit sessionId option threads per-trigger
+            // keying through to v4.4 docker session reuse + v4.3 browser
+            // observer + v4.2 TurnState.
+            sessionId: input.sessionId,
+            // Daemon mode wires the dispatcher's run_events hooks here.
+            // No display-side onToolCall wrapping — the dispatcher's
+            // emission is the only consumer.
+            onToolCall: input.hooks.onToolCall,
+            onBudgetWarning: input.hooks.onBudgetWarning,
+            promptBuilder: deps.promptBuilder,
+            promptBuilderOptions: pbOpts,
+            providerId: input.resolvedModel.provider,
+            modelId: input.resolvedModel.model,
+            resolveVerifiedFlag: deps.resolveVerifiedFlag,
+            resolveToolset: deps.resolveToolset,
+            resolveMutates: deps.resolveMutates,
+            // Memory snapshot refresh — daemon agent doesn't track dirty
+            // bits because each instance is short-lived; we provide the
+            // refresh callback so honestyEnforcement-style consumers (when
+            // we add them) can still rebuild.
+            refreshMemorySnapshot: () => deps.memoryManager.loadSnapshot(),
+            // Scope cuts (Phase 7b): no plannerGuard, no honestyEnforcement,
+            // no skillTeacher, no skillMiner. These add LLM calls + state
+            // that don't fit the daemon's "fire and act" pattern.
+        });
+        // Q-P7b-4(b) — minimal per-turn stdout line for tail-friendly
+        // operator debugging. Fires on builder exit; the dispatcher's
+        // `dispatcher:completed` run_event carries the same data in
+        // structured form for sqlite queries.
+        //
+        // We attach this as a post-construct log via the abort signal's
+        // 'abort' event; if the runner aborts the turn (budget watcher
+        // tripped), the line still surfaces. The dispatcher emits its
+        // own log; the goal here is a one-liner the operator can grep.
+        //
+        // Note: the actual finishReason + duration is the dispatcher's
+        // job to log after runConversation returns — we don't have
+        // that info here in the builder closure. Phase 7b ships the
+        // "starting turn" line; "completed turn" is handled inside
+        // realAgentRunner.ts.
+        // Q-P7b-4(b) stdout one-liner. sessionId follows
+        // `trigger:<source>:<sourceKey>:<hash>` so operators can grep by
+        // source. Per-turn duration + finishReason are logged separately
+        // by the dispatcher's realAgentRunner.ts when the turn completes.
+        log(`[daemon-turn] starting sessionId=${input.sessionId} model=${input.resolvedModel.provider}/${input.resolvedModel.model} policy=${input.approvalPolicy}`);
+        void turnStartMs; // kept for symmetry; the dispatcher computes its own duration
+        return agent;
+    };
+}

package/dist/cli/v4/defaultSoul.js

@@ -30,7 +30,7 @@ exports.PREVIOUS_BUNDLED_SOULS = exports.DEFAULT_SOUL_MD = exports.BUNDLED_SOUL_
 // <act_dont_ask>. ensureSoulMdSeeded compares this against the user's
 // on-disk SOUL.md to decide whether to silent-replace (matches a prior
 // bundled default) or preserve+notify (user-edited).
-exports.BUNDLED_SOUL_VERSION = 'v4.1.5';
+exports.BUNDLED_SOUL_VERSION = 'v4.6.0';
 exports.DEFAULT_SOUL_MD = `You are Aiden — a local-first AI agent built by Shiva Deore at Taracod.
 
 Identity: