alvin-bot 4.26.0 → 5.1.0

package/CHANGELOG.md

@@ -2,6 +2,121 @@
 
 All notable changes to Alvin Bot are documented here.
 
+## [5.1.0] — 2026-05-13
+
+### Permissions Wizard — guided one-and-done macOS setup
+
+macOS' TCC framework architecturally **refuses** to let any app grant Full Disk Access / Automation / Accessibility programmatically — only the user can flip those switches in System Settings. There is no API, no AppleScript trick, no sudo bypass for a normal Node CLI.
+
+What we can do — and what 5.1.0 does — is make the toggling experience painless:
+
+1. **Detect** every permission's current state (sudo + FDA + Automation + Accessibility)
+2. For each missing one: **open the exact right Settings pane**
+3. **Poll for the toggle** every 2 s, up to 60 s per permission
+4. **Verify** and move to the next
+5. End with a clear summary of granted / skipped / still-missing
+
+```bash
+alvin-bot permissions status           # quick state-of-the-world
+alvin-bot permissions wizard           # interactive guided setup
+alvin-bot permissions open <id>        # open one Settings pane
+```
+
+The wizard also bundles **sudo-password storage** (Keychain on macOS, encrypted file on Linux) as the first step, so users get a single upfront onboarding flow instead of separate prompts later. Run-once intent: no more piecemeal permission requests at runtime.
+
+### New detections
+
+- **Automation (Apple Events)** — probes via `osascript -e 'tell application "System Events" to ...'`, catches error code 1743 / "Not authorized" to distinguish denied vs granted. Used by Apple Mail, Apple Notes, Calendar skills.
+- **Accessibility** — now distinguishes "cliclick not installed" from "permission denied", so the wizard suggests the actually-correct fix (install via brew vs. toggle in Settings).
+
+### Doctor integration
+
+`alvin-bot doctor` now uses the same wizard service for its macOS-permissions section — shows all 4 permissions instead of just FDA, points to the wizard for any missing ones.
+
+### Telegram `/setup` integration
+
+`/setup` keyboard gets a new **🛡️ Permissions Wizard (Mac)** button — surfaces the current 4-permission status and the CLI / WebUI commands to actually run the wizard. Mobile UX is intentionally read-only: the wizard needs to drive System Settings panes on the host, which only the local CLI/WebUI can do.
+
+### README — comprehensive CLI section refresh
+
+Documented commands added: `tools`, `provider`, `permissions`, `browser`, `status`. Plus the full env-var opt-out table for Self-Preservation Phase 1 + 2 (`ALVIN_DISABLE_*`, `ALVIN_DEADMAN_THRESHOLD_SEC`, etc.). The README CLI section was missing six commands shipped in 4.23 — 5.0; now matches reality.
+
+### Honest about what we CAN'T do
+
+The README and wizard are explicit about this: macOS TCC permissions cannot be granted by an app. The wizard opens panes and verifies after; the user toggles. No tricks, no entitlement bypass attempts.
+
+## [5.0.0] — 2026-05-13
+
+### Self-Preservation Phase 2 — the bot now reasons about its own failures
+
+The bot now uses **its own AI provider** (whichever one you have configured — claude-sdk, codex-cli, groq, gemini, openai, ollama/gemma4, openrouter, nvidia-nim) to analyze why it failed and where it's heading. Two new features, both event-driven, both opt-out.
+
+The major-version bump reflects a conceptual shift: AI is now part of the bot's **operational loop** about itself, not just the user-facing chat. The feature surface is backwards-compatible — existing setups keep running unchanged; everything new is additive and opt-out via env vars.
+
+#### AI-driven Self-Diagnosis on bundles (feature 3I)
+
+When the watchdog brake fires and 2F writes a forensic bundle, 3I picks up the analysis at **the next successful bot start**:
+
+1. Bot starts → Pre-Flight runs → 3I scans `~/.alvin-bot/diagnostics/` for unanalyzed bundles
+2. For each bundle without a `.analysis.md` sidecar, send it (clipped to ~12 KB, head+tail) to the active AI provider via `provider.query()`
+3. AI returns a structured 5-line response — `HYPOTHESIS / ROOT_CAUSE_CATEGORY / REMEDIATION / CONFIDENCE / EXPLANATION`
+4. Result is written as `.analysis.md` sidecar AND delivered to the operator via 1D Telegram DM
+
+The 5-line plain-text format was chosen over JSON because **JSON parsing reliability is uneven across providers**, especially with smaller models. The format is hard to mess up — and we parse it with a tolerant regex.
+
+Live verified on Apple Silicon with `claude-sdk`: bundle from the actual brake earlier that day was analyzed correctly — AI identified "skills-reload triggered repeated graceful restarts that tripped the brake", suggested the documented recovery command (`rm crash-loop.alert && alvin-bot launchd install`), all within ~9 s.
+
+**Safety policy v1**: the AI's suggested remediation is shown to the operator but **NEVER auto-applied**. This is intentional — we want a track record of accurate suggestions before granting the bot any self-modifying power.
+
+#### Predictive Maintenance via Trends (feature 3J)
+
+A second daily timer writes a one-line JSON snapshot of bot health to `~/.alvin-bot/state/trends.jsonl`:
+
+```jsonl
+{"ts":"2026-05-13T...","uptime_s":86400,"rss_mb":105,"heap_mb":33,"crashes_24h":0,"diag_24h":0,"errors_24h":3,"provider":"claude-sdk","version":"5.0.0"}
+```
+
+After 7 days of data accumulate, every daily snapshot also triggers an AI **anomaly-detection pass** over the last 30 days. Output is a strict 3-line format — `ANOMALY: ... / SEVERITY: warn|critical / SUGGESTION: ...`, or just `ANOMALY: NONE` when nothing's concerning.
+
+Live verified with synthetic 30-day memory-leak data (RSS climbing 100 → 220 MB linearly): `claude-sdk` correctly identified the leak, classified as `critical`, suggested heap-snapshot capture via `kill -USR2`. Confirmed end-to-end with file flag + Telegram DM delivered via 1D.
+
+#### Provider-agnostic by design
+
+Both 3I and 3J use the existing `provider.query()` abstraction — the same code path the bot uses for normal chat. Switching provider via `alvin-bot provider switch <key>` (added in 4.24.0) automatically retargets 3I + 3J as well. No provider-specific code in either feature.
+
+**Tested provider**: `claude-sdk` (the "B1" test path). The `offline-gemma4` test path (B4) — stress-test of prompt design against a small-context local model — is deferred to a follow-up session; the deferral and its acceptance criteria are documented in the (gitignored) project `BACKLOG.md`.
+
+#### Performance budget held
+
+All new code runs detached, on long timers, or at startup-only. Steady-state cost: zero. The startup analyzer (3I) only runs if unanalyzed bundles exist — typically 0 on a healthy run. The trends collector (3J) runs once every 24 h with a 60 s warmup after startup.
+
+Measured on Apple Silicon (vs. 4.26.0 baseline):
+- RSS idle: **+0 MB** (modules loaded lazily via dynamic `import()`)
+- Cold-start ready: **unchanged** (both modules load post-startup, fire-and-forget)
+- 3I per-bundle latency on claude-sdk: ~9 s
+- 3J per-analysis latency on claude-sdk: ~10 s
+
+#### New env vars
+
+```
+ALVIN_DISABLE_SELF_DIAGNOSIS=true        # disable 3I
+ALVIN_DISABLE_TRENDS=true                # disable 3J
+ALVIN_TRENDS_INTERVAL_HOURS=24           # default
+ALVIN_TRENDS_AI_AFTER_DAYS=7             # min history before AI kicks in
+```
+
+(All Phase-1 env vars from 4.26.0 continue to work — `ALVIN_DISABLE_SELF_PRESERVATION=true` still kills everything.)
+
+#### Why a major version bump
+
+Semantically, the bot is now **closing a loop on itself**: it observes its own forensics, asks an AI to interpret them, and reports back. That's a conceptual line worth marking. Nothing breaks — existing users update with `npm install -g alvin-bot@latest` and the new behaviour just appears in their next failure analysis.
+
+#### Files added
+
+- `src/services/self-diagnosis.ts` — 3I startup analyzer + analyzeBundle()
+- `src/services/trends.ts` — 3J snapshot collector + analyzeTrends()
+- `src/index.ts` — two fire-and-forget dynamic imports after Pre-Flight
+
 ## [4.26.0] — 2026-05-13
 
 ### Self-Preservation Phase 1 — four new resilience features, zero hot-path cost

package/README.md

@@ -527,21 +527,105 @@ Drop your own `<name>/SKILL.md` into `~/.alvin-bot/skills/` for hot-reload. List
 
 ## 🛠️ CLI
 
+### Core lifecycle
+
+```bash
+alvin-bot setup           # Interactive setup wizard (Telegram + AI provider + tools)
+alvin-bot start           # Start the bot in background (launchd on macOS, pm2 elsewhere)
+alvin-bot start -f        # Start in foreground (for debugging)
+alvin-bot stop            # Stop the running bot
+alvin-bot status          # Show version + LaunchAgent / pm2 state (offline)
+alvin-bot doctor          # Health check — config, provider, memory, permissions
+alvin-bot update          # Pull latest from npm (or git if running from source)
+alvin-bot version         # Show version
+```
+
+### Interactive chat
+
+```bash
+alvin-bot tui             # Terminal chat UI with streaming + ANSI colors ✨
+alvin-bot chat            # Alias for tui
+alvin-bot tui --lang de   # Force German UI
+```
+
+### AI provider management (since 4.24.0)
+
+Switch between Claude SDK / Codex CLI / Groq / Gemini / OpenAI / OpenRouter / NVIDIA NIM / offline Gemma 4 without re-running the full setup wizard. The switch command runs the same install + auth flow the wizard uses (CLI install + OAuth login for `claude-sdk` / `codex-cli`, API-key prompt + live validation for the rest), then does a byte-preserving merge of `~/.alvin-bot/.env` — the previous provider's API key is **parked, not deleted**, so rollback is one un-comment away.
+
+```bash
+alvin-bot provider list                # Show all providers + per-provider install/key status
+alvin-bot provider show                # Detailed info on the currently configured provider
+alvin-bot provider switch <key>        # Switch (interactive setup + .env merge + bot restart)
+alvin-bot provider doctor              # Validate current provider's auth against its API
+```
+
+`<key>` accepts canonical slugs **or** short aliases: `claude`, `codex`, `gemini`, `nvidia`, `gpt`, `gemma`.
+
+### Optional tools — install / update (since 4.23.0)
+
+A curated set of universally useful CLIs that unlock specific skills. Bootstrap tools (`yt-dlp`, `ffmpeg`, and `wacli` if WhatsApp is enabled) are auto-installed/updated by `setup` and `update`; the rest you opt into through the menu.
+
+```bash
+alvin-bot tools list                   # Show installed / missing optional tools
+alvin-bot tools install                # Interactive menu — pick which to install
+```
+
+### macOS permissions wizard (since 5.1.0)
+
+macOS' TCC framework refuses to let any app grant Full Disk Access / Automation / Accessibility programmatically — only the user can flip those switches. The wizard makes the toggling experience painless: it detects every permission's current state, opens the **exact right Settings pane** for each missing one, waits for you to toggle (polling every 2 s for up to 60 s per permission), verifies, and moves on. Bundles sudo-password storage in the same upfront flow.
+
+```bash
+alvin-bot permissions status           # Quick status: all 4 permissions + current state
+alvin-bot permissions wizard           # Interactive guided setup, one-and-done
+alvin-bot permissions open <id>        # Open one Settings pane (full-disk-access / automation / accessibility)
+alvin-bot perms                        # alias for permissions
+```
+
+### LaunchAgent (macOS only)
+
+```bash
+alvin-bot launchd install              # Write ~/Library/LaunchAgents/com.alvinbot.app.plist + load
+                                       # (Also installs the dead-man-switch companion plist since 4.26.0)
+alvin-bot launchd status               # Show PID + recent stdout/stderr from the LaunchAgent
+alvin-bot launchd uninstall            # Unload + remove both plists
+```
+
+### Browser automation (bot-managed Chromium)
+
+```bash
+alvin-bot browser start                # Launch Chromium with CDP, persistent profile
+alvin-bot browser start headful        # Same, visible (for login flows)
+alvin-bot browser goto <url>           # Open URL, return JSON metadata
+alvin-bot browser shot <url> [file]    # Screenshot → ~/.alvin-bot/browser/screenshots/
+alvin-bot browser eval <url> "<js>"    # Run JS in page context
+alvin-bot browser tabs                 # List open tabs
+alvin-bot browser status               # PID + CDP endpoint
+alvin-bot browser stop                 # Quit Chromium
+alvin-bot browser doctor               # Diagnose Chromium / Playwright setup
+```
+
+### Maintenance & introspection
+
+```bash
+alvin-bot audit                        # Security health check — permissions, secrets, config
+alvin-bot search "<query>"             # Search assets, memories, and skills index
+```
+
+### Environment-variable opt-outs (Self-Preservation features since 4.26.0 / 5.0.0)
+
+Granular opt-out for the resilience subsystems — everything is enabled by default:
+
 ```bash
-alvin-bot setup     # Interactive setup wizard
-alvin-bot tui       # Terminal chat UI ✨
-alvin-bot chat      # Alias for tui
-alvin-bot doctor    # Health check
-alvin-bot update    # Pull latest & rebuild
-alvin-bot start     # Start the bot (background via pm2)
-alvin-bot start -f  # Start in foreground
-alvin-bot stop      # Stop the bot
-alvin-bot launchd install    # macOS only: install as LaunchAgent
-alvin-bot launchd status     # macOS only: show LaunchAgent state
-alvin-bot launchd uninstall  # macOS only: remove LaunchAgent
-alvin-bot audit     # Security health check
-alvin-bot search    # Search assets/memories/skills
-alvin-bot version   # Show version
+ALVIN_DISABLE_SELF_PRESERVATION=true   # Kill ALL Phase-1 + Phase-2 features below
+ALVIN_DISABLE_PREFLIGHT=true           # Skip startup sanity check (Telegram, provider, SQLite, disk)
+ALVIN_DISABLE_CRITICAL_NOTIFY=true     # Skip cross-channel alerts (Telegram + macOS notif + file flag)
+ALVIN_DISABLE_DEAD_MAN=true            # Skip the zombie-detection heartbeat writer
+ALVIN_DISABLE_AUTO_DIAGNOSTIC=true     # Skip forensic-bundle writing on crash
+ALVIN_DISABLE_SELF_DIAGNOSIS=true      # Skip AI analysis of forensic bundles at startup
+ALVIN_DISABLE_TRENDS=true              # Skip daily trend snapshots + AI anomaly detection
+ALVIN_DEADMAN_THRESHOLD_SEC=600        # Dead-man's-switch staleness threshold (default 10 min)
+ALVIN_TRENDS_INTERVAL_HOURS=24         # Trend-snapshot cadence (default 24 h)
+ALVIN_TRENDS_AI_AFTER_DAYS=7           # Days of history before AI anomaly detection kicks in
 ```
 
 ---

package/bin/cli.js

@@ -2538,17 +2538,32 @@ async function doctor() {
   }
 
   // ── macOS permissions (TCC) ────────────────────────────────────────────
+  // 5.1.0 — superseded by the permissions-wizard service, which checks
+  // all four (sudo + FDA + Automation + Accessibility) and gives the
+  // user a single command to fix anything missing. The legacy FDA-only
+  // block stays as a fast-path summary for users who haven't yet run
+  // the wizard.
   if (process.platform === "darwin") {
     console.log("\n  macOS permissions:");
-    const fda = checkMacosFullDiskAccess(process.execPath);
-    if (fda.hasFDA) {
-      console.log(`  ✅ Full Disk Access — granted to ${fda.realNodePath}`);
-    } else {
-      console.log(`  ⚠️  Full Disk Access NOT granted to node (${fda.realNodePath})`);
-      console.log(`     Spawned tools (codex CLI, file-reading skills) may silently fail`);
-      console.log(`     to read protected directories under launchd. To fix:`);
-      console.log(`       open "${fda.paneUrl}"`);
-      console.log(`     and add the path above with the "+" button.`);
+    try {
+      const { readPermissionsSnapshot, formatPermissionsSnapshot } = await import("../dist/services/permissions-wizard.js");
+      const snaps = await readPermissionsSnapshot();
+      console.log(formatPermissionsSnapshot(snaps));
+      const missing = snaps.filter(s => s.state === "missing" || s.state === "tool-missing").length;
+      if (missing > 0) {
+        console.log(`\n  ${missing} permission${missing === 1 ? "" : "s"} need attention. Run:`);
+        console.log("       alvin-bot permissions wizard");
+      }
+    } catch (err) {
+      // Fall back to the legacy FDA-only check if the wizard module
+      // is unavailable for any reason.
+      const fda = checkMacosFullDiskAccess(process.execPath);
+      if (fda.hasFDA) {
+        console.log(`  ✅ Full Disk Access — granted to ${fda.realNodePath}`);
+      } else {
+        console.log(`  ⚠️  Full Disk Access NOT granted to node (${fda.realNodePath})`);
+        console.log(`     To fix:  open "${fda.paneUrl}"  →  add ${fda.realNodePath}`);
+      }
     }
   }
 
@@ -3102,6 +3117,76 @@ switch (cmd) {
     }
     break;
   }
+  case "permissions":
+  case "perms": {
+    const sub = (process.argv[3] || "status").toLowerCase();
+    (async () => {
+      const { readPermissionsSnapshot, formatPermissionsSnapshot, runPermissionsWizard, PERMISSIONS } = await import("../dist/services/permissions-wizard.js");
+      if (sub === "status" || sub === "ls" || sub === "list") {
+        const snaps = await readPermissionsSnapshot();
+        console.log("\n🛡️  Permissions status\n");
+        console.log(formatPermissionsSnapshot(snaps));
+        const missing = snaps.filter(s => s.state === "missing" || s.state === "tool-missing").length;
+        console.log("");
+        if (missing > 0) {
+          console.log(`  ${missing} missing — run:  alvin-bot permissions wizard`);
+        } else {
+          console.log("  All applicable permissions granted.");
+        }
+        console.log("");
+      } else if (sub === "wizard" || sub === "grant" || sub === "setup") {
+        const yes = ["y","yes","j","ja"];
+        await runPermissionsWizard({
+          print: (t) => console.log(t),
+          confirm: async (q) => {
+            const a = (await ask(`${q} (y/n): `)).trim().toLowerCase();
+            return yes.includes(a) || a === "";
+          },
+          promptPassword: async (q) => {
+            // Best-effort: hide password if process.stdin is TTY (we can
+            // toggle echo). Otherwise plain read — acceptable fallback.
+            try {
+              if (process.stdin.isTTY) {
+                process.stdin.setRawMode?.(true);
+              }
+            } catch {}
+            const a = await ask(q);
+            try {
+              process.stdin.setRawMode?.(false);
+            } catch {}
+            return a.trim();
+          },
+        });
+      } else if (sub === "open") {
+        const id = process.argv[4];
+        const perm = PERMISSIONS.find(p => p.id === id);
+        if (!perm || !perm.openPane) {
+          console.log(`Unknown or non-openable permission: ${id}`);
+          console.log("Available: " + PERMISSIONS.filter(p => p.openPane).map(p => p.id).join(", "));
+        } else {
+          const ok = perm.openPane();
+          console.log(ok ? `Opened System Settings → ${perm.name}` : "Could not open Settings.");
+        }
+      } else {
+        console.log("Usage: alvin-bot permissions <status|wizard|open <id>>");
+        console.log("");
+        console.log("  status (default)  — List all permissions + current state");
+        console.log("  wizard            — Interactive guided setup: walks through each missing");
+        console.log("                       permission, opens the right Settings pane, waits for");
+        console.log("                       you to toggle, verifies. macOS-only TCC bits + sudo.");
+        console.log("  open <id>         — Open one specific Settings pane");
+        console.log("                       <id>: full-disk-access | automation | accessibility");
+        console.log("");
+        console.log("Note: macOS does NOT allow apps to grant TCC permissions programmatically.");
+        console.log("The wizard opens the right Settings panes; YOU flip the switches; the wizard");
+        console.log("verifies each one is actually granted before moving on.");
+      }
+    })().then(() => closeRL()).catch((err) => {
+      console.error(err);
+      closeRL();
+    });
+    break;
+  }
   case "provider": {
     const sub = (process.argv[3] || "list").toLowerCase();
     const arg = process.argv[4];
@@ -3494,6 +3579,7 @@ ${t("cli.commands")}
   search    Search your assets, memories, and skills
   tools     List / install optional capability tools (ffmpeg, pandoc, …)
   provider  List / switch AI provider (claude, codex, groq, gemini, …)
+  permissions  Status / wizard for macOS TCC + sudo permissions (alias: perms)
   browser   Manage bot-owned Chromium (start/stop/goto/shot/doctor)
   update    ${t("cli.updateDesc")}
   start     ${t("cli.startDesc")} (background via PM2)

package/dist/handlers/commands.js

@@ -1698,6 +1698,7 @@ export function registerCommands(bot) {
                 .text("🔑 Manage API Keys", "setup:keys").row()
                 .text("📱 Platforms", "setup:platforms").row()
                 .text("🔐 Sudo / Admin Access", "setup:sudo").row()
+                .text("🛡️ Permissions Wizard (Mac)", "setup:permissions").row()
                 .text("🔧 Open Web Dashboard", "setup:web").row();
             await ctx.reply(`⚙️ *Alvin Bot Setup*\n\n` +
                 `*Active Model:* ${activeInfo.name}\n` +
@@ -1854,6 +1855,31 @@ export function registerCommands(bot) {
                     `_The password is securely stored in ${status.storageMethod}._`, { parse_mode: "Markdown" });
                 break;
             }
+            case "permissions": {
+                // 5.1.0 — Permissions Wizard summary. Mobile UX is intentionally
+                // read-only: the wizard itself needs to open System Settings panes
+                // on the host machine, which only the CLI/WebUI can drive. Here
+                // we surface status + tell the user how to run the actual wizard.
+                try {
+                    const { readPermissionsSnapshot } = await import("../services/permissions-wizard.js");
+                    const snaps = await readPermissionsSnapshot();
+                    const icons = { granted: "✅", missing: "❌", "tool-missing": "⚠️", "n/a": "·" };
+                    const lines = snaps.map(s => `${icons[s.state]} *${s.permission.name}* — ${s.state}${s.detail ? "  _(" + s.detail + ")_" : ""}`);
+                    const missing = snaps.filter(s => s.state === "missing" || s.state === "tool-missing").length;
+                    const summary = missing === 0
+                        ? "*All applicable permissions granted.*"
+                        : `*${missing} permission${missing === 1 ? "" : "s"} need attention.*`;
+                    await ctx.editMessageText(`🛡️ *Permissions Status*\n\n${lines.join("\n")}\n\n${summary}\n\n` +
+                        `_macOS doesn't let any app grant TCC permissions on its own — you toggle the switch, the wizard verifies._\n\n` +
+                        `*To run the guided wizard:*\n` +
+                        `• CLI:  \`alvin-bot permissions wizard\` (opens each Settings pane, waits, verifies)\n` +
+                        `• WebUI:  http://localhost:${process.env.WEB_PORT || 3100} → Settings`, { parse_mode: "Markdown" });
+                }
+                catch (err) {
+                    await ctx.editMessageText("🛡️ *Permissions Status*\n\n_Could not load wizard module — try `alvin-bot permissions status` in a terminal._", { parse_mode: "Markdown" });
+                }
+                break;
+            }
             case "web": {
                 await ctx.editMessageText(`🌐 *Web Dashboard*\n\n` +
                     `URL: \`http://localhost:${process.env.WEB_PORT || 3100}\`\n\n` +

package/dist/index.js

@@ -215,6 +215,26 @@ import("./services/preflight.js")
     // Pre-Flight itself must never crash the bot.
     console.warn("⚠️  Pre-Flight check threw:", err?.message || err);
 });
+// AI Self-Diagnosis startup analyzer (Self-Preservation Phase 2, 3I).
+// Scans ~/.alvin-bot/diagnostics/ for forensic bundles without a
+// .analysis.md sidecar and runs AI analysis on each. Findings land on
+// the operator's phone via 1D Telegram channel within ~30 s of the
+// bot recovering from a brake. Fire-and-forget, never blocks startup.
+// Provider-agnostic: uses the active Provider's query() async generator.
+import("./services/self-diagnosis.js")
+    .then(({ runStartupAnalyzer }) => runStartupAnalyzer(registry))
+    .catch((err) => {
+    console.warn("⚠️  Self-diagnosis analyzer threw:", err?.message || err);
+});
+// Predictive-Maintenance Trends collector (Self-Preservation Phase 2, 3J).
+// Snapshots health metrics every 24 h (first one after 60 s warmup).
+// After 7 days of data, also runs AI anomaly detection daily.
+// If a concerning trend is flagged → DM operator via 1D channel.
+import("./services/trends.js")
+    .then(({ startTrendsCollector }) => startTrendsCollector(registry))
+    .catch((err) => {
+    console.warn("⚠️  Trends collector threw:", err?.message || err);
+});
 // Load plugins
 const pluginResult = await loadPlugins();
 if (pluginResult.loaded.length > 0) {