assistme 0.3.1 → 0.3.2

package/dist/index.js

@@ -4,9 +4,11 @@ import {
   callMcpHandler,
   log,
   newCorrelationId,
+  readAuthStore,
   setCorrelationId,
-  setLogLevel
-} from "./chunk-UWE5WVQI.js";
+  setLogLevel,
+  writeAuthStore
+} from "./chunk-KX7ITO55.js";
 import {
   clearConfig,
   getConfig,
@@ -24,35 +26,10 @@ import chalk from "chalk";
 import ora from "ora";
 import { createInterface } from "readline";
 
-// src/db/supabase.ts
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
-import { join } from "path";
-import { homedir } from "os";
-var AUTH_DIR = join(homedir(), ".config", "assistme");
-var AUTH_FILE = join(AUTH_DIR, "auth.json");
-function ensureAuthDir() {
-  if (!existsSync(AUTH_DIR)) {
-    mkdirSync(AUTH_DIR, { recursive: true, mode: 448 });
-  }
-}
-function readAuthStore() {
-  try {
-    if (existsSync(AUTH_FILE)) {
-      return JSON.parse(readFileSync(AUTH_FILE, "utf-8"));
-    }
-  } catch {
-  }
-  return {};
-}
-function writeAuthStore(data) {
-  ensureAuthDir();
-  writeFileSync(AUTH_FILE, JSON.stringify(data, null, 2), { mode: 384 });
-}
+// src/db/auth.ts
 async function loginWithToken(mcpToken) {
   if (!mcpToken.startsWith("am_")) {
-    throw new Error(
-      "Invalid token format. Use an am_ token from the web page."
-    );
+    throw new Error("Invalid token format. Use an am_ token from the web page.");
   }
   const result = await callMcpHandler(
     "auth.validate_token",
@@ -65,9 +42,7 @@ async function loginWithToken(mcpToken) {
   return result.user_id;
 }
 async function getCurrentUserId() {
-  const result = await callMcpHandler(
-    "auth.validate_token"
-  );
+  const result = await callMcpHandler("auth.validate_token");
   return result.user_id;
 }
 async function logout() {
@@ -76,7 +51,9 @@ async function logout() {
   } catch {
   }
 }
-async function createSession(_userId, sessionName, workspacePath, version2) {
+
+// src/db/session.ts
+async function createSession(sessionName, workspacePath, version2) {
   const { getConfig: getConfig2 } = await import("./config-PUIS2TQL.js");
   const data = await callMcpHandler("session.create", {
     session_name: sessionName,
@@ -108,10 +85,10 @@ async function setSessionBusy(sessionId, busy) {
 }
 async function cleanupStaleSessions(currentSessionId, thresholdMs = 12e4) {
   try {
-    const result = await callMcpHandler(
-      "session.cleanup_stale",
-      { current_session_id: currentSessionId, threshold_ms: thresholdMs }
-    );
+    const result = await callMcpHandler("session.cleanup_stale", {
+      current_session_id: currentSessionId,
+      threshold_ms: thresholdMs
+    });
     return result.cleaned;
   } catch {
     return 0;
@@ -120,11 +97,9 @@ async function cleanupStaleSessions(currentSessionId, thresholdMs = 12e4) {
 async function getActiveSessions(limit = 5) {
   return callMcpHandler("session.get_active", { limit });
 }
-async function getOrCreateCliConversation(_userId, _sessionId) {
-  const data = await callMcpHandler("conversation.get_or_create");
-  return data;
-}
-async function createTask(conversationId, _userId, sessionId, prompt) {
+
+// src/db/task.ts
+async function createTask(conversationId, sessionId, prompt) {
   const data = await callMcpHandler("task.create", {
     conversation_id: conversationId,
     session_id: sessionId,
@@ -134,10 +109,9 @@ async function createTask(conversationId, _userId, sessionId, prompt) {
 }
 async function pollAndClaimTask(sessionId) {
   try {
-    const data = await callMcpHandler(
-      "task.poll_and_claim",
-      { session_id: sessionId }
-    );
+    const data = await callMcpHandler("task.poll_and_claim", {
+      session_id: sessionId
+    });
     if (!data) return null;
     return {
       ...data,
@@ -171,27 +145,19 @@ async function failTask(messageId, errorMessage) {
     log.error(`Failed to update task status: ${err instanceof Error ? err.message : err}`);
   }
 }
-async function pollAndClaimJobRun(_userId) {
-  try {
-    const data = await callMcpHandler(
-      "job.claim_pending_run"
-    );
-    return data;
-  } catch (err) {
-    log.debug(`Job run poll failed: ${err instanceof Error ? err.message : err}`);
-    return null;
-  }
+
+// src/db/conversation.ts
+async function getOrCreateCliConversation() {
+  const data = await callMcpHandler("conversation.get_or_create");
+  return data;
 }
 async function getConversationHistory(conversationId, excludeMessageId, limit = 20) {
   try {
-    const rows = await callMcpHandler(
-      "conversation.get_history",
-      {
-        conversation_id: conversationId,
-        exclude_message_id: excludeMessageId,
-        limit
-      }
-    );
+    const rows = await callMcpHandler("conversation.get_history", {
+      conversation_id: conversationId,
+      exclude_message_id: excludeMessageId,
+      limit
+    });
     return (rows || []).reverse().map((row) => {
       const prompt = row.metadata?.prompt || "";
       const content = row.content || "";
@@ -203,6 +169,8 @@ async function getConversationHistory(conversationId, excludeMessageId, limit =
     return [];
   }
 }
+
+// src/db/event.ts
 var eventSequence = 0;
 function resetEventSequence() {
   eventSequence = 0;
@@ -220,6 +188,8 @@ async function emitEvent(messageId, eventType, eventData) {
     log.warn(`Failed to emit event: ${err instanceof Error ? err.message : err}`);
   }
 }
+
+// src/db/action.ts
 async function setActionRequest(messageId, actionData) {
   await callMcpHandler("action.set_request", {
     message_id: messageId,
@@ -227,10 +197,20 @@ async function setActionRequest(messageId, actionData) {
   });
 }
 async function pollActionResponse(messageId) {
-  return callMcpHandler(
-    "action.poll_response",
-    { message_id: messageId }
-  );
+  return callMcpHandler("action.poll_response", {
+    message_id: messageId
+  });
+}
+
+// src/db/job-poll.ts
+async function pollAndClaimJobRun() {
+  try {
+    const data = await callMcpHandler("job.claim_pending_run");
+    return data;
+  } catch (err) {
+    log.debug(`Job run poll failed: ${err instanceof Error ? err.message : err}`);
+    return null;
+  }
 }
 
 // src/commands/auth.ts
@@ -248,8 +228,8 @@ function registerAuthCommands(program2) {
     console.log();
     try {
       const { exec: exec2 } = await import("child_process");
-      const platform2 = process.platform;
-      const openCmd = platform2 === "darwin" ? `open "${tokenPageUrl}"` : platform2 === "win32" ? `start "${tokenPageUrl}"` : `xdg-open "${tokenPageUrl}" 2>/dev/null || echo ""`;
+      const platform3 = process.platform;
+      const openCmd = platform3 === "darwin" ? `open "${tokenPageUrl}"` : platform3 === "win32" ? `start "${tokenPageUrl}"` : `xdg-open "${tokenPageUrl}" 2>/dev/null || echo ""`;
       exec2(openCmd);
       console.log(chalk.dim("  (Browser opened automatically)"));
       console.log();
@@ -355,12 +335,9 @@ function registerConfigCommands(program2) {
 import chalk3 from "chalk";
 import ora2 from "ora";
 
-// src/tools/browser.ts
+// src/browser/controller.ts
 import { WebSocket } from "ws";
-import { execSync, spawn } from "child_process";
-import { platform, homedir as homedir2 } from "os";
-import { existsSync as existsSync2, unlinkSync, mkdirSync as mkdirSync2, cpSync } from "fs";
-import { join as join2 } from "path";
+import { platform } from "os";
 var BrowserController = class {
   ws = null;
   debugPort;
@@ -368,6 +345,7 @@ var BrowserController = class {
   callbacks = /* @__PURE__ */ new Map();
   connected = false;
   currentTabId = null;
+  refCache = /* @__PURE__ */ new Map();
   constructor(port = 9222) {
     this.debugPort = port;
   }
@@ -602,8 +580,35 @@ URL: ${info.url}`;
     const result = await this.send("Runtime.evaluate", {
       expression: `
         (function() {
-          const el = document.querySelector(${selectorJS});
-          if (!el) return 'Element not found: ' + ${selectorJS};
+          var sel = ${selectorJS};
+
+          // Support :contains('text') pseudo-selector (not native CSS)
+          var containsMatch = sel.match(/^(.+?)?:contains\\(['"](.+?)['"]\\)$/);
+          if (containsMatch) {
+            var baseTag = (containsMatch[1] || '*').toLowerCase();
+            var searchText = containsMatch[2];
+            var candidates = document.querySelectorAll(baseTag === '*' ? '*' : baseTag);
+            var found = null;
+            for (var i = 0; i < candidates.length; i++) {
+              var c = candidates[i];
+              // Prefer exact text match on direct text content (not children)
+              var directText = Array.from(c.childNodes)
+                .filter(function(n) { return n.nodeType === 3; })
+                .map(function(n) { return n.textContent.trim(); })
+                .join(' ');
+              if (directText === searchText || c.textContent.trim() === searchText) {
+                // Prefer the deepest (most specific) matching element
+                if (!found || found.contains(c)) found = c;
+              }
+            }
+            if (!found) return 'Element not found: ' + sel;
+            found.scrollIntoView({ block: 'center', behavior: 'instant' });
+            found.click();
+            return 'Clicked: ' + (found.tagName || '') + ' ' + (found.textContent || '').slice(0, 50).trim();
+          }
+
+          var el = document.querySelector(sel);
+          if (!el) return 'Element not found: ' + sel;
 
           // Scroll into view
           el.scrollIntoView({ block: 'center', behavior: 'instant' });
@@ -629,9 +634,23 @@ URL: ${info.url}`;
           if (!el) return 'Element not found: ' + ${selectorJS};
 
           el.focus();
-          el.value = ${textJS};
-          el.dispatchEvent(new Event('input', { bubbles: true }));
-          el.dispatchEvent(new Event('change', { bubbles: true }));
+
+          // Clear existing value
+          const nativeInputValueSetter = Object.getOwnPropertyDescriptor(
+            window.HTMLInputElement.prototype, 'value'
+          )?.set || Object.getOwnPropertyDescriptor(
+            window.HTMLTextAreaElement.prototype, 'value'
+          )?.set;
+          if (nativeInputValueSetter) {
+            nativeInputValueSetter.call(el, ${textJS});
+          } else {
+            el.value = ${textJS};
+          }
+
+          // Dispatch events that frameworks (React, Angular, Material) listen to
+          el.dispatchEvent(new Event('input', { bubbles: true, cancelable: true }));
+          el.dispatchEvent(new Event('change', { bubbles: true, cancelable: true }));
+          el.dispatchEvent(new InputEvent('input', { bubbles: true, inputType: 'insertText', data: ${textJS} }));
           return 'Typed into: ' + (el.tagName || '') + ' [' + (el.name || el.id || '') + ']';
         })()
       `,
@@ -689,6 +708,635 @@ URL: ${info.url}`;
     await new Promise((r) => setTimeout(r, 300));
     return "Scrolled up.";
   }
+  // ── Annotated Snapshot (ref system) ─────────────────────────────
+  /**
+   * Take a snapshot of all interactive elements on the page.
+   *
+   * Strategy (informed by research — arxiv:2511.19477):
+   *  - **Text ref table is ALWAYS returned** — compact, low-token, works for
+   *    all page complexities including dense layouts (date pickers, tables).
+   *  - **Annotated screenshot is OPTIONAL** (annotate parameter):
+   *    - true:  overlay ref badges on screenshot (best for simple pages with
+   *             few interactive elements — gives visual context)
+   *    - false: plain screenshot without overlays (default — avoids label
+   *             clutter on dense pages; model still sees the page visually)
+   *    - Research shows text-based grounding outperforms visual annotations
+   *      on complex pages, and the hybrid approach (a11y text primary +
+   *      selective vision) achieves ~85% vs ~50% for pure vision.
+   */
+  async snapshot(annotate = false) {
+    this.ensureConnected();
+    await this.waitForLoad(5e3);
+    const findResult = await this.send("Runtime.evaluate", {
+      expression: `
+        (function() {
+          // Clean up previous refs
+          document.querySelectorAll('[data-assistme-ref]').forEach(function(el) {
+            el.removeAttribute('data-assistme-ref');
+          });
+
+          var selectors = [
+            'a[href]', 'button', 'input:not([type="hidden"])', 'select', 'textarea',
+            '[role="button"]', '[role="link"]', '[role="checkbox"]', '[role="radio"]',
+            '[role="combobox"]', '[role="listbox"]', '[role="menuitem"]', '[role="tab"]',
+            '[role="switch"]', '[role="slider"]', '[role="option"]', '[role="searchbox"]',
+            '[onclick]', '[tabindex]:not([tabindex="-1"])',
+            '[contenteditable="true"]'
+          ].join(', ');
+
+          // Collect elements from main document AND same-origin iframes
+          var all = Array.from(document.querySelectorAll(selectors));
+          try {
+            var iframes = document.querySelectorAll('iframe');
+            for (var fi = 0; fi < iframes.length; fi++) {
+              try {
+                var iframeDoc = iframes[fi].contentDocument;
+                if (iframeDoc) {
+                  var iframeRect = iframes[fi].getBoundingClientRect();
+                  var iframeEls = iframeDoc.querySelectorAll(selectors);
+                  for (var fe = 0; fe < iframeEls.length; fe++) {
+                    // Tag iframe elements with offset for coordinate correction
+                    iframeEls[fe].__iframeOffset = { x: iframeRect.x, y: iframeRect.y };
+                    all.push(iframeEls[fe]);
+                  }
+                }
+              } catch(e) { /* cross-origin iframe, skip */ }
+            }
+          } catch(e) { /* iframe enumeration failed, continue */ }
+
+          var refs = [];
+          var vh = window.innerHeight;
+          var vw = window.innerWidth;
+
+          for (var i = 0; i < all.length && refs.length < 80; i++) {
+            var el = all[i];
+            var rect = el.getBoundingClientRect();
+
+            // Skip invisible / tiny elements
+            if (rect.width < 5 || rect.height < 5) continue;
+            var style = window.getComputedStyle(el);
+            if (style.display === 'none' || style.visibility === 'hidden' || style.opacity === '0') continue;
+
+            // Skip elements far outside viewport
+            if (rect.bottom < -50 || rect.top > vh + 50) continue;
+            if (rect.right < -50 || rect.left > vw + 50) continue;
+
+            // Determine role
+            var role = el.getAttribute('role') || '';
+            if (!role) {
+              var tag = el.tagName.toLowerCase();
+              if (tag === 'a') role = 'link';
+              else if (tag === 'button') role = 'button';
+              else if (tag === 'input') {
+                var t = (el.type || 'text').toLowerCase();
+                if (t === 'checkbox') role = 'checkbox';
+                else if (t === 'radio') role = 'radio';
+                else if (t === 'submit' || t === 'button') role = 'button';
+                else role = 'textbox';
+              }
+              else if (tag === 'select') role = 'combobox';
+              else if (tag === 'textarea') role = 'textbox';
+              else role = tag;
+            }
+
+            // Determine accessible name
+            var name = '';
+            var ariaLabel = el.getAttribute('aria-label');
+            var ariaLabelledBy = el.getAttribute('aria-labelledby');
+            if (ariaLabel) {
+              name = ariaLabel;
+            } else if (ariaLabelledBy) {
+              var labelEl = document.getElementById(ariaLabelledBy);
+              if (labelEl) name = labelEl.textContent.trim();
+            } else if (el.tagName === 'INPUT' || el.tagName === 'TEXTAREA') {
+              if (el.id) {
+                var lbl = document.querySelector('label[for="' + CSS.escape(el.id) + '"]');
+                if (lbl) name = lbl.textContent.trim();
+              }
+              if (!name) name = el.getAttribute('placeholder') || el.getAttribute('name') || '';
+            } else {
+              name = (el.textContent || '').trim().slice(0, 60);
+            }
+
+            var refId = refs.length + 1;
+            el.setAttribute('data-assistme-ref', String(refId));
+
+            // Correct coordinates for elements inside iframes
+            var offsetX = el.__iframeOffset ? el.__iframeOffset.x : 0;
+            var offsetY = el.__iframeOffset ? el.__iframeOffset.y : 0;
+
+            refs.push({
+              id: refId,
+              role: role,
+              name: name,
+              tag: el.tagName.toLowerCase(),
+              type: el.getAttribute('type') || '',
+              box: {
+                x: Math.round(rect.x + offsetX),
+                y: Math.round(rect.y + offsetY),
+                width: Math.round(rect.width),
+                height: Math.round(rect.height)
+              }
+            });
+          }
+
+          return JSON.stringify(refs);
+        })()
+      `,
+      returnByValue: true
+    });
+    const refs = JSON.parse(
+      findResult.result?.value || "[]"
+    ).map((r) => ({
+      id: r.id,
+      role: r.role,
+      name: r.name,
+      tag: r.tag,
+      inputType: r.type || "",
+      box: r.box
+    }));
+    if (annotate && refs.length <= 40) {
+      const refsJson = JSON.stringify(refs);
+      await this.send("Runtime.evaluate", {
+        expression: `
+          (function() {
+            var old = document.getElementById('__assistme_refs__');
+            if (old) old.remove();
+
+            var overlay = document.createElement('div');
+            overlay.id = '__assistme_refs__';
+            overlay.style.cssText = 'position:fixed;top:0;left:0;width:100%;height:100%;pointer-events:none;z-index:2147483647;';
+
+            var refs = ${refsJson};
+            var vh = window.innerHeight;
+            var vw = window.innerWidth;
+
+            for (var i = 0; i < refs.length; i++) {
+              var b = refs[i].box;
+              if (b.y + b.height < 0 || b.y > vh || b.x + b.width < 0 || b.x > vw) continue;
+
+              // Red badge with ref number
+              var badge = document.createElement('div');
+              var badgeTop = Math.max(0, b.y - 14);
+              var badgeLeft = Math.max(0, b.x);
+              badge.style.cssText = 'position:fixed;background:#e8384f;color:#fff;font:bold 10px/1.2 monospace;padding:1px 3px;border-radius:2px;white-space:nowrap;'
+                + 'left:' + badgeLeft + 'px;top:' + badgeTop + 'px;';
+              badge.textContent = String(refs[i].id);
+              overlay.appendChild(badge);
+
+              // Border around element
+              var border = document.createElement('div');
+              border.style.cssText = 'position:fixed;border:1.5px solid #e8384f;border-radius:2px;'
+                + 'left:' + b.x + 'px;top:' + b.y + 'px;width:' + b.width + 'px;height:' + b.height + 'px;';
+              overlay.appendChild(border);
+            }
+
+            document.documentElement.appendChild(overlay);
+          })()
+        `
+      });
+    }
+    const image = await this.screenshot();
+    if (annotate) {
+      await this.send("Runtime.evaluate", {
+        expression: `(function() { var el = document.getElementById('__assistme_refs__'); if (el) el.remove(); })()`
+      });
+    }
+    this.refCache.clear();
+    for (const ref of refs) {
+      this.refCache.set(ref.id, ref);
+    }
+    const pageInfo = await this.getPageInfo();
+    return { image, refs, url: pageInfo.url, title: pageInfo.title };
+  }
+  /**
+   * Build a compact text table of refs for the model.
+   */
+  static formatRefTable(result) {
+    let table = `Page: ${result.title}
+URL: ${result.url}
+
+Refs:
+`;
+    for (const ref of result.refs) {
+      const extra = ref.inputType ? ` (${ref.inputType})` : "";
+      const nameStr = ref.name ? ` "${ref.name}"` : "";
+      table += `[${ref.id}] ${ref.role}${nameStr}${extra}
+`;
+    }
+    if (result.refs.length === 0) {
+      table += "(no interactive elements found)\n";
+    }
+    return table;
+  }
+  // ── Ref Resolution ────────────────────────────────────────────────
+  /**
+   * Resolve a ref ID to its current center coordinates in the viewport.
+   * Uses two strategies:
+   *  1. Fast: find by data-assistme-ref attribute (set during snapshot)
+   *  2. Stable: search by role + accessible name (survives DOM changes)
+   *
+   * Includes actionability checks (like Playwright):
+   *  - Element must be visible (not display:none, not zero-size)
+   *  - Element must be in viewport (scrolls into view if needed)
+   *  - Element must not be covered by another element (checks elementFromPoint)
+   *
+   * Returns null if the element cannot be found or is not actionable.
+   * Returns { error: string } if found but not actionable (for diagnostics).
+   */
+  async resolveRef(refId) {
+    const cached = this.refCache.get(refId);
+    const role = cached?.role || "";
+    const name = cached?.name || "";
+    const roleJS = JSON.stringify(role);
+    const nameJS = JSON.stringify(name);
+    const result = await this.send("Runtime.evaluate", {
+      expression: `
+        (function() {
+          var refId = ${refId};
+          var role = ${roleJS};
+          var name = ${nameJS};
+
+          // Strategy 1: data attribute (fast, from last snapshot)
+          var el = document.querySelector('[data-assistme-ref="' + refId + '"]');
+
+          // Strategy 2: role + name search (stable, survives DOM changes)
+          if (!el && role && name) {
+            var selectorMap = {
+              textbox: 'input, textarea, [role="textbox"], [role="searchbox"]',
+              button: 'button, [role="button"], input[type="submit"], input[type="button"]',
+              link: 'a[href], [role="link"]',
+              combobox: 'select, [role="combobox"]',
+              checkbox: 'input[type="checkbox"], [role="checkbox"]',
+              radio: 'input[type="radio"], [role="radio"]',
+              tab: '[role="tab"]',
+              menuitem: '[role="menuitem"]',
+              option: '[role="option"], option',
+            };
+            var sel = selectorMap[role] || '*[role="' + role + '"]';
+            var candidates = document.querySelectorAll(sel);
+            for (var i = 0; i < candidates.length; i++) {
+              var c = candidates[i];
+              var cName = c.getAttribute('aria-label')
+                || c.getAttribute('placeholder')
+                || (c.textContent || '').trim().slice(0, 60);
+              if (cName === name) { el = c; break; }
+            }
+          }
+
+          if (!el) return 'null';
+
+          // \u2500\u2500 Actionability checks (Playwright-style) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+
+          // Check visibility
+          var style = window.getComputedStyle(el);
+          if (style.display === 'none')
+            return JSON.stringify({ error: 'Element is hidden (display:none)' });
+          if (style.visibility === 'hidden')
+            return JSON.stringify({ error: 'Element is hidden (visibility:hidden)' });
+          if (parseFloat(style.opacity) < 0.05)
+            return JSON.stringify({ error: 'Element is hidden (opacity:0)' });
+
+          // Check disabled
+          if (el.disabled || el.getAttribute('aria-disabled') === 'true')
+            return JSON.stringify({ error: 'Element is disabled' });
+
+          // Scroll into view
+          el.scrollIntoView({ block: 'center', behavior: 'instant' });
+          var r = el.getBoundingClientRect();
+
+          // Check non-zero size
+          if (r.width < 1 || r.height < 1)
+            return JSON.stringify({ error: 'Element has zero size (' + r.width + 'x' + r.height + ')' });
+
+          // Check element is in viewport
+          if (r.bottom < 0 || r.top > window.innerHeight || r.right < 0 || r.left > window.innerWidth)
+            return JSON.stringify({ error: 'Element is outside viewport after scroll' });
+
+          var cx = r.x + r.width / 2;
+          var cy = r.y + r.height / 2;
+
+          // Check not covered by another element (hit test)
+          var topEl = document.elementFromPoint(cx, cy);
+          if (topEl && topEl !== el && !el.contains(topEl) && !topEl.closest('[data-assistme-ref="' + refId + '"]')) {
+            // Check if the covering element is the overlay (ignore it)
+            if (!topEl.closest('#__assistme_refs__')) {
+              var coverTag = topEl.tagName.toLowerCase();
+              var coverText = (topEl.textContent || '').trim().slice(0, 30);
+              return JSON.stringify({
+                error: 'Element is covered by <' + coverTag + '>' + (coverText ? ' "' + coverText + '"' : ''),
+                x: cx, y: cy, width: r.width, height: r.height
+              });
+            }
+          }
+
+          return JSON.stringify({
+            x: cx,
+            y: cy,
+            width: r.width,
+            height: r.height
+          });
+        })()
+      `,
+      returnByValue: true
+    });
+    const value = result.result?.value;
+    if (!value || value === "null") return null;
+    try {
+      return JSON.parse(value);
+    } catch {
+      return null;
+    }
+  }
+  // ── Ref-based Interactions (CDP Input Events) ─────────────────────
+  /**
+   * Click an element by ref using CDP Input.dispatchMouseEvent.
+   * This simulates a real mouse click through the browser's input pipeline,
+   * triggering hover states, focus management, and all native browser events
+   * — more reliable than el.click() for framework components.
+   *
+   * Includes auto-wait: retries up to 3 times (with 500ms intervals) if the
+   * element is not yet actionable (e.g., covered by a loading overlay, still
+   * animating into view). This matches Playwright's auto-waiting behavior.
+   */
+  async clickRef(refId) {
+    this.ensureConnected();
+    const maxRetries = 3;
+    let lastError = "";
+    for (let attempt = 0; attempt < maxRetries; attempt++) {
+      const resolved = await this.resolveRef(refId);
+      if (!resolved) {
+        return `Ref [${refId}] not found. Take a new snapshot with browser_snapshot.`;
+      }
+      if (resolved.error) {
+        lastError = resolved.error;
+        if (attempt < maxRetries - 1) {
+          await new Promise((r) => setTimeout(r, 500));
+          continue;
+        }
+        const ref3 = this.refCache.get(refId);
+        return `Cannot click [${refId}] ${ref3?.role || ""} "${ref3?.name || ""}": ${lastError}`;
+      }
+      if (attempt === 0) {
+        await new Promise((r) => setTimeout(r, 50));
+        const settled = await this.resolveRef(refId);
+        if (settled && !settled.error) {
+          resolved.x = settled.x;
+          resolved.y = settled.y;
+        }
+      }
+      await this.send("Input.dispatchMouseEvent", {
+        type: "mouseMoved",
+        x: resolved.x,
+        y: resolved.y
+      });
+      await this.send("Input.dispatchMouseEvent", {
+        type: "mousePressed",
+        x: resolved.x,
+        y: resolved.y,
+        button: "left",
+        clickCount: 1
+      });
+      await this.send("Input.dispatchMouseEvent", {
+        type: "mouseReleased",
+        x: resolved.x,
+        y: resolved.y,
+        button: "left",
+        clickCount: 1
+      });
+      await new Promise((r) => setTimeout(r, 300));
+      const ref2 = this.refCache.get(refId);
+      return `Clicked [${refId}] ${ref2?.role || ""} "${ref2?.name || ""}"`;
+    }
+    const ref = this.refCache.get(refId);
+    return `Cannot click [${refId}] ${ref?.role || ""} "${ref?.name || ""}": ${lastError}`;
+  }
+  /**
+   * Type text into an element by ref using CDP Input events.
+   * Clicks to focus, selects all existing text (Ctrl/Cmd+A), then uses
+   * Input.insertText for reliable text insertion across all frameworks.
+   */
+  async typeRef(refId, text) {
+    this.ensureConnected();
+    const clickResult = await this.clickRef(refId);
+    if (clickResult.includes("not found")) return clickResult;
+    await new Promise((r) => setTimeout(r, 100));
+    const modifier = platform() === "darwin" ? 4 : 2;
+    await this.send("Input.dispatchKeyEvent", {
+      type: "keyDown",
+      modifiers: modifier,
+      key: "a",
+      code: "KeyA",
+      windowsVirtualKeyCode: 65
+    });
+    await this.send("Input.dispatchKeyEvent", {
+      type: "keyUp",
+      key: "a",
+      code: "KeyA"
+    });
+    await this.send("Input.dispatchKeyEvent", {
+      type: "keyDown",
+      key: "Backspace",
+      code: "Backspace",
+      windowsVirtualKeyCode: 8
+    });
+    await this.send("Input.dispatchKeyEvent", {
+      type: "keyUp",
+      key: "Backspace",
+      code: "Backspace"
+    });
+    await this.send("Input.insertText", { text });
+    await new Promise((r) => setTimeout(r, 100));
+    const ref = this.refCache.get(refId);
+    return `Typed "${text}" into [${refId}] ${ref?.role || ""} "${ref?.name || ""}"`;
+  }
+  /**
+   * Select a dropdown option by ref. Delegates to selectOption with the
+   * ref's data attribute as selector, handling both native <select> and
+   * custom dropdown components.
+   */
+  async selectRef(refId, option) {
+    this.ensureConnected();
+    const cached = this.refCache.get(refId);
+    if (!cached) {
+      return `Ref [${refId}] not found. Take a new snapshot with browser_snapshot.`;
+    }
+    const result = await this.selectOption(`[data-assistme-ref="${refId}"]`, option);
+    return result.replace(
+      /\[data-assistme-ref="\d+"\]/,
+      `[${refId}] ${cached.role} "${cached.name}"`
+    );
+  }
+  // ── Action Pipeline ───────────────────────────────────────────────
+  /**
+   * Execute a batch of actions sequentially using refs.
+   * Reduces round-trips: instead of one tool call per action, the model
+   * can specify a sequence of actions that execute atomically.
+   *
+   * Optionally takes a screenshot after all actions complete.
+   */
+  async act(actions, takeScreenshot = false) {
+    this.ensureConnected();
+    const results = [];
+    for (const spec of actions) {
+      let result;
+      let success = true;
+      try {
+        switch (spec.action) {
+          case "click":
+            result = await this.clickRef(spec.ref);
+            success = !result.includes("not found");
+            break;
+          case "type":
+            result = await this.typeRef(spec.ref, spec.text);
+            success = !result.includes("not found");
+            break;
+          case "select":
+            result = await this.selectRef(spec.ref, spec.option);
+            success = !result.includes("not found");
+            break;
+          case "press":
+            result = await this.pressKey(spec.key);
+            break;
+          case "scroll":
+            result = spec.direction === "up" ? await this.scrollUp() : await this.scrollDown();
+            break;
+          case "wait":
+            await new Promise((r) => setTimeout(r, Math.min(spec.ms, 5e3)));
+            result = `Waited ${spec.ms}ms`;
+            break;
+          default:
+            result = `Unknown action: ${spec.action}`;
+            success = false;
+        }
+      } catch (err) {
+        result = `Error: ${err instanceof Error ? err.message : String(err)}`;
+        success = false;
+      }
+      results.push({
+        action: spec.action,
+        ref: "ref" in spec ? spec.ref : void 0,
+        result,
+        success
+      });
+      if (!success) break;
+      if (spec.action !== "wait") {
+        await new Promise((r) => setTimeout(r, 200));
+      }
+    }
+    let screenshot;
+    if (takeScreenshot) {
+      await new Promise((r) => setTimeout(r, 300));
+      screenshot = await this.screenshot();
+    }
+    return { results, screenshot };
+  }
+  // ── Dropdown/Select ─────────────────────────────────────────────
+  /**
+   * Select an option from a dropdown — handles both native <select> elements
+   * and custom Material Design / React / Angular dropdown components.
+   *
+   * Strategy:
+   * 1. Try native <select> first (by selector or label text)
+   * 2. Fall back to custom dropdown: click to open, then click the option by text
+   */
+  async selectOption(selector, optionText) {
+    this.ensureConnected();
+    const selectorJS = JSON.stringify(selector);
+    const optionJS = JSON.stringify(optionText);
+    const result = await this.send("Runtime.evaluate", {
+      expression: `
+        (function() {
+          var sel = ${selectorJS};
+          var optText = ${optionJS};
+
+          // Strategy 1: Native <select> element
+          var selectEl = document.querySelector(sel);
+          if (selectEl && selectEl.tagName === 'SELECT') {
+            var options = selectEl.querySelectorAll('option');
+            for (var i = 0; i < options.length; i++) {
+              if (options[i].textContent.trim() === optText) {
+                selectEl.value = options[i].value;
+                selectEl.dispatchEvent(new Event('change', { bubbles: true }));
+                selectEl.dispatchEvent(new Event('input', { bubbles: true }));
+                return 'Selected "' + optText + '" in native select';
+              }
+            }
+            return 'Option "' + optText + '" not found in select. Available: ' +
+              Array.from(options).map(function(o) { return o.textContent.trim(); }).join(', ');
+          }
+
+          // Strategy 2: Custom dropdown \u2014 find the trigger element
+          var trigger = selectEl;
+          if (!trigger) {
+            // Try finding by label/placeholder text
+            var allEls = document.querySelectorAll('*');
+            for (var j = 0; j < allEls.length; j++) {
+              var el = allEls[j];
+              var ownText = Array.from(el.childNodes)
+                .filter(function(n) { return n.nodeType === 3; })
+                .map(function(n) { return n.textContent.trim(); })
+                .join('');
+              if (ownText === sel || el.getAttribute('aria-label') === sel) {
+                trigger = el;
+                break;
+              }
+            }
+          }
+
+          if (!trigger) return 'Dropdown not found: ' + sel;
+
+          // Click to open the dropdown
+          trigger.scrollIntoView({ block: 'center', behavior: 'instant' });
+          trigger.click();
+
+          // Wait a frame for the dropdown menu to render, then select the option
+          return new Promise(function(resolve) {
+            setTimeout(function() {
+              // Look for the option in listbox/menu/dropdown overlays
+              var optionContainers = document.querySelectorAll(
+                '[role="listbox"], [role="menu"], [role="presentation"], .MuiMenu-list, .MuiList-root, ul.mdc-list, .VfPpkd-xl07Ob'
+              );
+
+              // Also check all visible elements as fallback
+              var searchIn = optionContainers.length > 0
+                ? Array.from(optionContainers).flatMap(function(c) { return Array.from(c.querySelectorAll('*')); })
+                : Array.from(document.querySelectorAll('li, [role="option"], [role="menuitem"], div[data-value]'));
+
+              for (var k = 0; k < searchIn.length; k++) {
+                var opt = searchIn[k];
+                var txt = opt.textContent ? opt.textContent.trim() : '';
+                if (txt === optText) {
+                  opt.scrollIntoView({ block: 'center', behavior: 'instant' });
+                  opt.click();
+                  resolve('Selected "' + optText + '" from custom dropdown');
+                  return;
+                }
+              }
+
+              // Broader search: any visible element with exact text match
+              var everything = document.querySelectorAll('*');
+              for (var m = 0; m < everything.length; m++) {
+                var candidate = everything[m];
+                if (candidate.textContent && candidate.textContent.trim() === optText &&
+                    candidate.offsetParent !== null && candidate.children.length === 0) {
+                  candidate.click();
+                  resolve('Selected "' + optText + '" (broad match)');
+                  return;
+                }
+              }
+
+              resolve('Option "' + optText + '" not found in dropdown');
+            }, 300);
+          });
+        })()
+      `,
+      returnByValue: true,
+      awaitPromise: true
+    });
+    await new Promise((r) => setTimeout(r, 500));
+    return result.result?.value || "Selection attempted.";
+  }
   // ── JavaScript Evaluation ───────────────────────────────────────
   async evaluate(expression) {
     this.ensureConnected();
@@ -826,12 +1474,28 @@ URL: ${info.url}`;
           (function() {
             var url = window.location.href.toLowerCase();
 
+            // Exclude signup/registration pages \u2014 these are NOT login pages
+            var signupPatterns = [
+              '/signup', '/sign-up', '/sign_up', '/register',
+              '/registration', '/create-account', '/create_account',
+              '/join', '/enroll',
+              'accounts.google.com/lifecycle/steps/signup',
+              'signup.live.com',
+            ];
+            for (var s = 0; s < signupPatterns.length; s++) {
+              if (url.indexOf(signupPatterns[s]) !== -1) {
+                return JSON.stringify({ isLoginPage: false, reason: '' });
+              }
+            }
+
             // URL-based detection
             var loginPatterns = [
               '/login', '/signin', '/sign-in', '/sign_in',
               '/auth/', '/sso/', '/oauth/', '/session/new',
               '/accounts/login', '/users/sign_in',
-              'accounts.google.com', 'login.microsoftonline.com',
+              'accounts.google.com/v3/signin',
+              'accounts.google.com/servicelogin',
+              'login.microsoftonline.com',
               'github.com/login', 'github.com/session',
               'login.live.com', 'appleid.apple.com'
             ];
@@ -885,8 +1549,14 @@ URL: ${info.url}`;
     }
   }
 };
+
+// src/browser/chrome-launcher.ts
+import { execSync, spawn } from "child_process";
+import { platform as platform2, homedir } from "os";
+import { existsSync, unlinkSync, mkdirSync, cpSync } from "fs";
+import { join } from "path";
 function findChromePath() {
-  const os = platform();
+  const os = platform2();
   if (os === "darwin") {
     const paths = [
       "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome",
@@ -895,7 +1565,7 @@ function findChromePath() {
       "/Applications/Microsoft Edge.app/Contents/MacOS/Microsoft Edge",
       "/Applications/Brave Browser.app/Contents/MacOS/Brave Browser"
     ];
-    return paths.find((p) => existsSync2(p)) ?? null;
+    return paths.find((p) => existsSync(p)) ?? null;
   }
   if (os === "linux") {
     const names = [
@@ -932,7 +1602,7 @@ function findChromePath() {
     for (const prefix of prefixes) {
       for (const sub of subPaths) {
         const p = `${prefix}\\${sub}`;
-        if (existsSync2(p)) return p;
+        if (existsSync(p)) return p;
       }
     }
     return null;
@@ -940,39 +1610,39 @@ function findChromePath() {
   return null;
 }
 function getDefaultProfileDir(chromePath) {
-  const home = homedir2();
-  const os = platform();
+  const home = homedir();
+  const os = platform2();
   if (os === "darwin") {
     if (chromePath.includes("Brave Browser"))
-      return join2(home, "Library", "Application Support", "BraveSoftware", "Brave-Browser");
+      return join(home, "Library", "Application Support", "BraveSoftware", "Brave-Browser");
     if (chromePath.includes("Microsoft Edge"))
-      return join2(home, "Library", "Application Support", "Microsoft Edge");
+      return join(home, "Library", "Application Support", "Microsoft Edge");
     if (chromePath.includes("Chromium"))
-      return join2(home, "Library", "Application Support", "Chromium");
+      return join(home, "Library", "Application Support", "Chromium");
     if (chromePath.includes("Canary"))
-      return join2(home, "Library", "Application Support", "Google", "Chrome Canary");
-    return join2(home, "Library", "Application Support", "Google", "Chrome");
+      return join(home, "Library", "Application Support", "Google", "Chrome Canary");
+    return join(home, "Library", "Application Support", "Google", "Chrome");
   }
   if (os === "win32") {
-    const appData = process.env.LOCALAPPDATA || join2(home, "AppData", "Local");
+    const appData = process.env.LOCALAPPDATA || join(home, "AppData", "Local");
     if (chromePath.includes("brave"))
-      return join2(appData, "BraveSoftware", "Brave-Browser", "User Data");
-    if (chromePath.includes("msedge")) return join2(appData, "Microsoft", "Edge", "User Data");
-    return join2(appData, "Google", "Chrome", "User Data");
-  }
-  if (chromePath.includes("brave")) return join2(home, ".config", "BraveSoftware", "Brave-Browser");
-  if (chromePath.includes("microsoft-edge")) return join2(home, ".config", "microsoft-edge");
-  if (chromePath.includes("chromium")) return join2(home, ".config", "chromium");
-  return join2(home, ".config", "google-chrome");
+      return join(appData, "BraveSoftware", "Brave-Browser", "User Data");
+    if (chromePath.includes("msedge")) return join(appData, "Microsoft", "Edge", "User Data");
+    return join(appData, "Google", "Chrome", "User Data");
+  }
+  if (chromePath.includes("brave")) return join(home, ".config", "BraveSoftware", "Brave-Browser");
+  if (chromePath.includes("microsoft-edge")) return join(home, ".config", "microsoft-edge");
+  if (chromePath.includes("chromium")) return join(home, ".config", "chromium");
+  return join(home, ".config", "google-chrome");
 }
 function getDebugProfileDir(chromePath) {
-  const home = homedir2();
-  const debugDir = join2(home, ".assistme", "browser-profile");
-  if (!existsSync2(debugDir)) {
-    mkdirSync2(debugDir, { recursive: true });
+  const home = homedir();
+  const debugDir = join(home, ".assistme", "browser-profile");
+  if (!existsSync(debugDir)) {
+    mkdirSync(debugDir, { recursive: true });
     log.debug(`Created debug profile directory: ${debugDir}`);
     const realDir = getDefaultProfileDir(chromePath);
-    if (existsSync2(realDir)) {
+    if (existsSync(realDir)) {
       seedDebugProfile(realDir, debugDir);
     }
   }
@@ -982,35 +1652,35 @@ function seedDebugProfile(realDir, debugDir) {
   const rootFiles = ["Local State"];
   const profileFiles = ["Bookmarks", "Preferences", "Favicons", "Top Sites", "Shortcuts"];
   for (const file of rootFiles) {
-    const src = join2(realDir, file);
-    const dest = join2(debugDir, file);
+    const src = join(realDir, file);
+    const dest = join(debugDir, file);
     try {
-      if (existsSync2(src)) {
+      if (existsSync(src)) {
         cpSync(src, dest, { force: true });
         log.debug(`Seeded: ${file}`);
       }
     } catch {
     }
   }
-  const srcProfile = join2(realDir, "Default");
-  const destProfile = join2(debugDir, "Default");
-  if (existsSync2(srcProfile)) {
-    mkdirSync2(destProfile, { recursive: true });
+  const srcProfile = join(realDir, "Default");
+  const destProfile = join(debugDir, "Default");
+  if (existsSync(srcProfile)) {
+    mkdirSync(destProfile, { recursive: true });
     for (const file of profileFiles) {
-      const src = join2(srcProfile, file);
-      const dest = join2(destProfile, file);
+      const src = join(srcProfile, file);
+      const dest = join(destProfile, file);
       try {
-        if (existsSync2(src)) {
+        if (existsSync(src)) {
           cpSync(src, dest, { force: true });
           log.debug(`Seeded: Default/${file}`);
         }
       } catch {
       }
     }
-    const srcExt = join2(srcProfile, "Extensions");
-    const destExt = join2(destProfile, "Extensions");
+    const srcExt = join(srcProfile, "Extensions");
+    const destExt = join(destProfile, "Extensions");
     try {
-      if (existsSync2(srcExt)) {
+      if (existsSync(srcExt)) {
         cpSync(srcExt, destExt, { recursive: true, force: true });
         log.debug("Seeded: Default/Extensions");
       }
@@ -1101,14 +1771,14 @@ async function ensureBrowserAvailable(port = 9222) {
     return { success: true, action: "launched", chromePath };
   }
   const debugDir = getDebugProfileDir(chromePath);
-  const lockPath = join2(debugDir, "SingletonLock");
-  if (existsSync2(lockPath)) {
+  const lockPath = join(debugDir, "SingletonLock");
+  if (existsSync(lockPath)) {
     log.debug("Found stale SingletonLock in debug profile \u2014 removing and retrying");
     try {
       unlinkSync(lockPath);
       for (const f of ["SingletonSocket", "SingletonCookie"]) {
         try {
-          unlinkSync(join2(debugDir, f));
+          unlinkSync(join(debugDir, f));
         } catch {
         }
       }
@@ -1365,7 +2035,7 @@ var Scheduler = class {
     }
   }
 };
-async function createScheduledTask(_userId, name, prompt, cronExpression, timezone = "UTC") {
+async function createScheduledTask(name, prompt, cronExpression, timezone = "UTC") {
   const nextRun = getNextRunTime(cronExpression, timezone);
   return callMcpHandler("schedule.create", {
     name,
@@ -1375,7 +2045,7 @@ async function createScheduledTask(_userId, name, prompt, cronExpression, timezo
     next_run_at: nextRun.toISOString()
   });
 }
-async function listScheduledTasks(_userId) {
+async function listScheduledTasks() {
   return callMcpHandler("schedule.list");
 }
 async function toggleScheduledTask(taskId, enabled) {
@@ -1423,20 +2093,10 @@ var SessionManager = class {
     const config = getConfig();
     this.onTask = onTask;
     this.userId = userId;
-    this.session = await createSession(
-      userId,
-      config.sessionName,
-      config.workspacePath,
-      "0.1.0"
-    );
-    this.conversationId = await getOrCreateCliConversation(
-      userId,
-      this.session.id
-    );
+    this.session = await createSession(config.sessionName, config.workspacePath, "0.1.0");
+    this.conversationId = await getOrCreateCliConversation();
     this.running = true;
-    log.success(
-      `Session started: ${this.session.id} (${config.sessionName})`
-    );
+    log.success(`Session started: ${this.session.id} (${config.sessionName})`);
     log.info(`Workspace: ${config.workspacePath}`);
     this.heartbeatTimer = setInterval(async () => {
       if (this.session) {
@@ -1464,20 +2124,15 @@ var SessionManager = class {
     if (!this.session || !this.userId || !this.conversationId) return;
     log.info(`Running scheduled task: "${scheduledTask.name}"`);
     try {
-      await this.submitTask(
-        `[Scheduled: ${scheduledTask.name}] ${scheduledTask.prompt}`
-      );
+      await this.submitTask(`[Scheduled: ${scheduledTask.name}] ${scheduledTask.prompt}`);
     } catch (err) {
       log.error(`Scheduled task error: ${err}`);
     }
   }
   async executeJobRun(jobRun) {
-    if (!this.session || !this.userId || !this.conversationId || !this.onTask)
-      return;
-    log.info(
-      `Executing job run: ${jobRun.job_name} (${jobRun.id.slice(0, 8)}...)`
-    );
-    const runner = new JobRunner(this.userId);
+    if (!this.session || !this.userId || !this.conversationId || !this.onTask) return;
+    log.info(`Executing job run: ${jobRun.job_name} (${jobRun.id.slice(0, 8)}...)`);
+    const runner = new JobRunner();
     const job = await runner.loadJob(jobRun.job_name);
     if (!job) {
       log.error(`Job "${jobRun.job_name}" not found, marking run as failed`);
@@ -1549,7 +2204,7 @@ var SessionManager = class {
           }
         }
       } else if (this.userId) {
-        const jobRun = await pollAndClaimJobRun(this.userId);
+        const jobRun = await pollAndClaimJobRun();
         if (jobRun) {
           this.processingDepth++;
           await setSessionBusy(this.session.id, true);
@@ -1593,12 +2248,7 @@ var SessionManager = class {
     this.processingDepth++;
     await setSessionBusy(this.session.id, true);
     try {
-      const task = await createTask(
-        this.conversationId,
-        this.userId,
-        this.session.id,
-        prompt
-      );
+      const task = await createTask(this.conversationId, this.session.id, prompt);
       await claimTask(task.id);
       await this.onTask(task);
     } catch (err) {
@@ -1656,16 +2306,12 @@ import {
 
 // src/agent/memory.ts
 var MemoryManager = class {
-  constructor(_userId) {
-  }
   /**
    * Store a new memory. Called by the agent after completing tasks
    * to remember important facts about the user.
    */
   async remember(content, category = "general", options) {
-    const expiresAt = options?.expiresInDays ? new Date(
-      Date.now() + options.expiresInDays * 864e5
-    ).toISOString() : null;
+    const expiresAt = options?.expiresInDays ? new Date(Date.now() + options.expiresInDays * 864e5).toISOString() : null;
     const data = await callMcpHandler("memory.store", {
       category,
       content,
@@ -1895,7 +2541,8 @@ function parseDbMetadata(raw) {
     primaryEnv: openclaw.primaryEnv,
     os: openclaw.os,
     always: openclaw.always,
-    skillKey: openclaw.skillKey
+    skillKey: openclaw.skillKey,
+    credentials: openclaw.credentials
   };
 }
 var SkillManager = class {
@@ -2055,23 +2702,6 @@ _(${skills.length - included} additional skills available \u2014 use skill_searc
     }
     return prompt;
   }
-  /** @deprecated Use buildSkillDescriptions() + skill_invoke tool instead. */
-  buildSkillPrompt(taskPrompt) {
-    const relevant = this.findRelevant(taskPrompt);
-    if (relevant.length === 0) return "";
-    let prompt = "\n\n## Available Skills\n";
-    prompt += "The following skills provide detailed instructions for this type of task:\n\n";
-    for (const skill of relevant) {
-      const emoji = skill.metadata.emoji || "";
-      prompt += `### ${emoji ? emoji + " " : ""}${skill.name}
-`;
-      prompt += `*${skill.description}*
-
-`;
-      prompt += skill.content + "\n\n";
-    }
-    return prompt;
-  }
   async create(name, description, content, options) {
     if (!this.userId) return null;
     try {
@@ -2259,7 +2889,10 @@ _(${skills.length - included} additional skills available \u2014 use skill_searc
   async searchDb(query3, limit = 10) {
     if (this.userId) {
       try {
-        const data = await callMcpHandler("skill.search", { query: query3, limit });
+        const data = await callMcpHandler("skill.search", {
+          query: query3,
+          limit
+        });
         if (data) {
           return data.map((row) => ({
             name: row.name,
@@ -2586,7 +3219,7 @@ async function withRetry(fn, opts = {}) {
   throw lastError;
 }
 
-// src/agent/mcp-servers.ts
+// src/mcp/browser-server.ts
 import {
   createSdkMcpServer,
   tool
@@ -2595,7 +3228,7 @@ import { z } from "zod/v4";
 
 // src/tools/filesystem.ts
 import { readFile, writeFile, readdir, stat, mkdir } from "fs/promises";
-import { resolve, relative, join as join3 } from "path";
+import { resolve, relative, join as join2 } from "path";
 import { glob } from "glob";
 function assertWithinWorkspace(filePath) {
   const config = getConfig();
@@ -2632,7 +3265,7 @@ async function searchFiles(pattern, directory) {
     ignore: ["node_modules/**", ".git/**", "dist/**", ".next/**"]
   });
   if (matches.length === 0) return "No files found matching the pattern.";
-  return matches.slice(0, 50).map((m) => relative(config.workspacePath, join3(cwd, m))).join("\n");
+  return matches.slice(0, 50).map((m) => relative(config.workspacePath, join2(cwd, m))).join("\n");
 }
 async function listDirectory(path) {
   const config = getConfig();
@@ -2642,7 +3275,7 @@ async function listDirectory(path) {
   for (const entry of entries) {
     if (entry.name.startsWith(".") && entry.name !== ".env.example") continue;
     const icon = entry.isDirectory() ? "\u{1F4C1}" : "\u{1F4C4}";
-    const info = entry.isFile() ? await stat(join3(resolved, entry.name)).then(
+    const info = entry.isFile() ? await stat(join2(resolved, entry.name)).then(
       (s) => ` (${formatSize(s.size)})`
     ) : "";
     results.push(`${icon} ${entry.name}${info}`);
@@ -2666,11 +3299,11 @@ async function searchContent(pattern, fileGlob, directory) {
   const results = [];
   for (const file of files.slice(0, 200)) {
     try {
-      const content = await readFile(join3(cwd, file), "utf-8");
+      const content = await readFile(join2(cwd, file), "utf-8");
       const lines = content.split("\n");
       for (let i = 0; i < lines.length; i++) {
         if (regex.test(lines[i])) {
-          const relPath = relative(config.workspacePath, join3(cwd, file));
+          const relPath = relative(config.workspacePath, join2(cwd, file));
           results.push(`${relPath}:${i + 1}: ${lines[i].trim()}`);
           regex.lastIndex = 0;
           if (results.length >= 30) break;
@@ -2878,9 +3511,28 @@ async function executeTool(name, input) {
     case "browser_get_elements":
       await ensureConnected(browser);
       return browser.getInteractiveElements();
+    case "browser_select":
+      await ensureConnected(browser);
+      return browser.selectOption(input.selector, input.option);
     case "browser_evaluate":
       await ensureConnected(browser);
       return browser.evaluate(input.expression);
+    case "browser_snapshot": {
+      await ensureConnected(browser);
+      const snap = await browser.snapshot(input.annotate);
+      return BrowserController.formatRefTable(snap) + "\n__SNAPSHOT_IMAGE__:" + snap.image;
+    }
+    case "browser_act": {
+      await ensureConnected(browser);
+      const actions = input.actions;
+      const wantScreenshot = input.screenshot || false;
+      const actResult = await browser.act(actions, wantScreenshot);
+      let response = actResult.results.map((r) => `${r.success ? "OK" : "FAIL"}: ${r.result}`).join("\n");
+      if (actResult.screenshot) {
+        response += "\n__ACT_SCREENSHOT__:" + actResult.screenshot;
+      }
+      return response;
+    }
     case "browser_list_tabs":
       return browser.listTabs();
     case "browser_switch_tab":
@@ -3023,7 +3675,7 @@ function getLimiterForTool(toolName) {
   return null;
 }
 
-// src/agent/mcp-servers.ts
+// src/mcp/browser-server.ts
 async function callTool(name, input) {
   const limiter = getLimiterForTool(name);
   if (limiter) await limiter.acquire();
@@ -3040,6 +3692,9 @@ var BROWSER_TOOL_NAMES = [
   "browser_press_key",
   "browser_scroll",
   "browser_get_elements",
+  "browser_select",
+  "browser_snapshot",
+  "browser_act",
   "browser_evaluate",
   "browser_list_tabs",
   "browser_switch_tab",
@@ -3124,9 +3779,86 @@ function createBrowserMcpServer() {
         {},
         async () => callTool("browser_get_elements", {})
       ),
+      tool(
+        "browser_select",
+        "Select an option from a dropdown menu. Handles both native <select> elements and custom dropdowns (Material Design, React, Angular). Use this instead of manually clicking dropdown items.",
+        {
+          selector: z.string().describe(
+            "CSS selector of the dropdown, or its label/placeholder text (e.g. 'Month', 'Gender', '#country')"
+          ),
+          option: z.string().describe("Visible text of the option to select (e.g. 'March', 'Male')")
+        },
+        async (args) => callTool("browser_select", args)
+      ),
+      tool(
+        "browser_snapshot",
+        "Take a screenshot and discover all interactive elements with numbered refs. Returns a screenshot + a compact ref table. PREFERRED way to understand a page. Set annotate=true to overlay red ref badges (useful for simple pages). Use the ref numbers with browser_act to interact with elements.",
+        {
+          annotate: z.boolean().optional().describe(
+            "Overlay ref badges on the screenshot. Default false. Use true for simple pages where visual context helps."
+          )
+        },
+        async (args) => {
+          const limiter = getLimiterForTool("browser_snapshot");
+          if (limiter) await limiter.acquire();
+          const result = await executeTool("browser_snapshot", args);
+          const parts = result.split("\n__SNAPSHOT_IMAGE__:");
+          const refTable = parts[0];
+          const imageData = parts[1] || "";
+          const content = [];
+          if (imageData.length > 100) {
+            content.push({
+              type: "image",
+              data: imageData,
+              mimeType: "image/png"
+            });
+          }
+          content.push({ type: "text", text: refTable });
+          return { content };
+        }
+      ),
+      tool(
+        "browser_act",
+        "Execute actions using ref numbers from browser_snapshot. Supports: click, type, select, press, scroll, wait. Batch multiple actions in one call to reduce round-trips. Set screenshot=true to see the result.",
+        {
+          actions: z.array(
+            z.object({
+              action: z.enum(["click", "type", "select", "press", "scroll", "wait"]).describe("Action type"),
+              ref: z.number().optional().describe("Ref number from browser_snapshot"),
+              text: z.string().optional().describe("Text to type (for 'type' action)"),
+              option: z.string().optional().describe("Option to select (for 'select' action)"),
+              key: z.string().optional().describe("Key to press (for 'press' action)"),
+              direction: z.string().optional().describe("'up' or 'down' (for 'scroll')"),
+              ms: z.number().optional().describe("Wait duration in ms (for 'wait', max 5000)")
+            })
+          ).describe("Actions to execute sequentially"),
+          screenshot: z.boolean().optional().describe("Take screenshot after actions (default: false)")
+        },
+        async (args) => {
+          const limiter = getLimiterForTool("browser_act");
+          if (limiter) await limiter.acquire();
+          const result = await executeTool("browser_act", {
+            actions: args.actions,
+            screenshot: args.screenshot
+          });
+          const parts = result.split("\n__ACT_SCREENSHOT__:");
+          const actionText = parts[0];
+          const screenshotData = parts[1] || "";
+          const content = [];
+          content.push({ type: "text", text: actionText });
+          if (screenshotData.length > 100) {
+            content.push({
+              type: "image",
+              data: screenshotData,
+              mimeType: "image/png"
+            });
+          }
+          return { content };
+        }
+      ),
       tool(
         "browser_evaluate",
-        "Execute JavaScript in the browser page context.",
+        "Execute JavaScript in the browser page context. Use as a last resort when browser_snapshot + browser_act cannot handle the interaction.",
         { expression: z.string().describe("JavaScript expression to evaluate") },
         async (args) => callTool("browser_evaluate", args)
       ),
@@ -3160,20 +3892,281 @@ function createBrowserMcpServer() {
     ]
   });
 }
+
+// src/mcp/agent-tools-server.ts
+import {
+  createSdkMcpServer as createSdkMcpServer2,
+  tool as tool2
+} from "@anthropic-ai/claude-agent-sdk";
+import { z as z2 } from "zod/v4";
+
+// src/credentials/credential-store.ts
+import { randomUUID } from "crypto";
+import { dirname } from "path";
+
+// src/credentials/encryption.ts
+import { createCipheriv, createDecipheriv, randomBytes, scryptSync, createHash } from "crypto";
+import { existsSync as existsSync2, readFileSync, writeFileSync, mkdirSync as mkdirSync2 } from "fs";
+import { join as join3 } from "path";
+import { homedir as homedir2, hostname, userInfo } from "os";
+var ALGORITHM = "aes-256-gcm";
+var KEY_LENGTH = 32;
+var IV_LENGTH = 12;
+var AUTH_TAG_LENGTH = 16;
+var SALT_FILE = "encryption.salt";
+function deriveKey(basePath) {
+  const saltPath = join3(basePath, SALT_FILE);
+  let salt;
+  if (existsSync2(saltPath)) {
+    salt = readFileSync(saltPath);
+  } else {
+    salt = randomBytes(32);
+    if (!existsSync2(basePath)) {
+      mkdirSync2(basePath, { recursive: true, mode: 448 });
+    }
+    writeFileSync(saltPath, salt, { mode: 384 });
+  }
+  const machineId = createHash("sha256").update(hostname()).update(userInfo().username).update(homedir2()).digest();
+  return scryptSync(machineId, salt, KEY_LENGTH);
+}
+function encrypt(plaintext, key) {
+  const iv = randomBytes(IV_LENGTH);
+  const cipher = createCipheriv(ALGORITHM, key, iv, { authTagLength: AUTH_TAG_LENGTH });
+  const encrypted = Buffer.concat([
+    cipher.update(plaintext, "utf-8"),
+    cipher.final()
+  ]);
+  return {
+    iv: iv.toString("base64"),
+    data: encrypted.toString("base64"),
+    tag: cipher.getAuthTag().toString("base64")
+  };
+}
+function decrypt(payload, key) {
+  const iv = Buffer.from(payload.iv, "base64");
+  const data = Buffer.from(payload.data, "base64");
+  const tag = Buffer.from(payload.tag, "base64");
+  const decipher = createDecipheriv(ALGORITHM, key, iv, { authTagLength: AUTH_TAG_LENGTH });
+  decipher.setAuthTag(tag);
+  return Buffer.concat([
+    decipher.update(data),
+    decipher.final()
+  ]).toString("utf-8");
+}
+
+// src/credentials/local-store.ts
+import Database from "better-sqlite3";
+import { existsSync as existsSync3, mkdirSync as mkdirSync3 } from "fs";
+import { join as join4 } from "path";
+import { homedir as homedir3 } from "os";
+var DEFAULT_DB_DIR = join4(homedir3(), ".config", "assistme");
+var DEFAULT_DB_NAME = "local.db";
+var LocalStore = class {
+  db;
+  dbPath;
+  constructor(dbPath) {
+    const dir = dbPath ? dbPath : DEFAULT_DB_DIR;
+    if (!existsSync3(dir)) {
+      mkdirSync3(dir, { recursive: true, mode: 448 });
+    }
+    this.dbPath = dbPath ? join4(dbPath, DEFAULT_DB_NAME) : join4(DEFAULT_DB_DIR, DEFAULT_DB_NAME);
+    this.db = new Database(this.dbPath);
+    this.db.pragma("journal_mode = WAL");
+    this.db.pragma("foreign_keys = ON");
+    this.migrate();
+  }
+  /** Run schema migrations. Idempotent — safe to call on every startup. */
+  migrate() {
+    this.db.exec(`
+      CREATE TABLE IF NOT EXISTS credentials (
+        id            TEXT PRIMARY KEY,
+        name          TEXT NOT NULL UNIQUE,
+        type          TEXT NOT NULL DEFAULT 'secret',
+        skill_name    TEXT,
+        tags          TEXT NOT NULL DEFAULT '[]',
+        encrypted_data TEXT NOT NULL,
+        created_at    TEXT NOT NULL,
+        updated_at    TEXT NOT NULL
+      );
+
+      CREATE INDEX IF NOT EXISTS idx_credentials_name ON credentials(name);
+      CREATE INDEX IF NOT EXISTS idx_credentials_skill ON credentials(skill_name);
+      CREATE INDEX IF NOT EXISTS idx_credentials_type ON credentials(type);
+    `);
+  }
+  /** Get the raw database handle for direct queries. */
+  getDb() {
+    return this.db;
+  }
+  /** Close the database connection. */
+  close() {
+    this.db.close();
+  }
+};
+var _instance = null;
+function getLocalStore(dbPath) {
+  if (!_instance) {
+    _instance = new LocalStore(dbPath);
+  }
+  return _instance;
+}
+
+// src/credentials/credential-store.ts
+var CredentialStore = class {
+  store;
+  encryptionKey;
+  constructor(dbPath) {
+    this.store = getLocalStore(dbPath);
+    this.encryptionKey = deriveKey(dirname(this.store.dbPath));
+  }
+  // ── CRUD ────────────────────────────────────────────────────────
+  save(name, type, data, opts) {
+    const db = this.store.getDb();
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const encryptedData = this.encryptData(data);
+    const tags = JSON.stringify(opts?.tags || []);
+    const existing = db.prepare("SELECT id FROM credentials WHERE name = ?").get(name);
+    if (existing) {
+      db.prepare(`
+        UPDATE credentials
+        SET type = ?, skill_name = ?, tags = ?, encrypted_data = ?, updated_at = ?
+        WHERE id = ?
+      `).run(type, opts?.skillName ?? null, tags, encryptedData, now, existing.id);
+      log.debug(`Credential "${name}" updated (${existing.id})`);
+      return this.toMeta({ id: existing.id, name, type, skill_name: opts?.skillName ?? null, tags, encrypted_data: encryptedData, created_at: now, updated_at: now });
+    }
+    const id = randomUUID();
+    db.prepare(`
+      INSERT INTO credentials (id, name, type, skill_name, tags, encrypted_data, created_at, updated_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+    `).run(id, name, type, opts?.skillName ?? null, tags, encryptedData, now, now);
+    log.debug(`Credential "${name}" saved (${id})`);
+    return { id, name, type, skillName: opts?.skillName, tags: opts?.tags || [], createdAt: now, updatedAt: now };
+  }
+  get(id) {
+    const row = this.store.getDb().prepare("SELECT * FROM credentials WHERE id = ?").get(id);
+    return row ? this.toCredential(row) : null;
+  }
+  getByName(name) {
+    const row = this.store.getDb().prepare("SELECT * FROM credentials WHERE name = ?").get(name);
+    return row ? this.toCredential(row) : null;
+  }
+  update(id, data) {
+    const row = this.store.getDb().prepare("SELECT * FROM credentials WHERE id = ?").get(id);
+    if (!row) return null;
+    const existing = this.decryptData(row.encrypted_data);
+    const merged = { ...existing };
+    for (const [key, value] of Object.entries(data)) {
+      if (value !== void 0) {
+        merged[key] = value;
+      }
+    }
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const encryptedData = this.encryptData(merged);
+    this.store.getDb().prepare("UPDATE credentials SET encrypted_data = ?, updated_at = ? WHERE id = ?").run(encryptedData, now, id);
+    log.debug(`Credential "${row.name}" updated`);
+    return this.toMeta({ ...row, encrypted_data: encryptedData, updated_at: now });
+  }
+  remove(id) {
+    const result = this.store.getDb().prepare("DELETE FROM credentials WHERE id = ?").run(id);
+    if (result.changes > 0) {
+      log.debug(`Credential ${id} removed`);
+      return true;
+    }
+    return false;
+  }
+  removeByName(name) {
+    const result = this.store.getDb().prepare("DELETE FROM credentials WHERE name = ?").run(name);
+    if (result.changes > 0) {
+      log.debug(`Credential "${name}" removed`);
+      return true;
+    }
+    return false;
+  }
+  // ── Query ───────────────────────────────────────────────────────
+  list() {
+    const rows = this.store.getDb().prepare("SELECT * FROM credentials ORDER BY updated_at DESC").all();
+    return rows.map((r) => this.toMeta(r));
+  }
+  findBySkill(skillName) {
+    const rows = this.store.getDb().prepare("SELECT * FROM credentials WHERE skill_name = ? ORDER BY name").all(skillName);
+    return rows.map((r) => this.toMeta(r));
+  }
+  findByTag(tag) {
+    const rows = this.store.getDb().prepare("SELECT * FROM credentials WHERE tags LIKE ? ORDER BY name").all(`%${tag.toLowerCase()}%`);
+    return rows.filter((r) => {
+      const tags = JSON.parse(r.tags);
+      return tags.some((t) => t.toLowerCase() === tag.toLowerCase());
+    }).map((r) => this.toMeta(r));
+  }
+  findByType(type) {
+    const rows = this.store.getDb().prepare("SELECT * FROM credentials WHERE type = ? ORDER BY name").all(type);
+    return rows.map((r) => this.toMeta(r));
+  }
+  // ── Bulk ────────────────────────────────────────────────────────
+  removeBySkill(skillName) {
+    const result = this.store.getDb().prepare("DELETE FROM credentials WHERE skill_name = ?").run(skillName);
+    return result.changes;
+  }
+  clear() {
+    this.store.getDb().prepare("DELETE FROM credentials").run();
+  }
+  // ── Internal ────────────────────────────────────────────────────
+  encryptData(data) {
+    const payload = encrypt(JSON.stringify(data), this.encryptionKey);
+    return JSON.stringify(payload);
+  }
+  decryptData(encrypted) {
+    const payload = JSON.parse(encrypted);
+    const decrypted = decrypt(payload, this.encryptionKey);
+    return JSON.parse(decrypted);
+  }
+  toMeta(row) {
+    return {
+      id: row.id,
+      name: row.name,
+      type: row.type,
+      skillName: row.skill_name || void 0,
+      tags: JSON.parse(row.tags),
+      createdAt: row.created_at,
+      updatedAt: row.updated_at
+    };
+  }
+  toCredential(row) {
+    try {
+      return {
+        meta: this.toMeta(row),
+        data: this.decryptData(row.encrypted_data)
+      };
+    } catch (err) {
+      log.debug(`Failed to decrypt credential ${row.id}: ${err}`);
+      return null;
+    }
+  }
+};
+var _instance2 = null;
+function getCredentialStore() {
+  if (!_instance2) {
+    _instance2 = new CredentialStore();
+  }
+  return _instance2;
+}
+
+// src/mcp/agent-tools-server.ts
 function createAgentToolsServer(deps) {
-  const { memoryManager, skillManager, taskId, sessionId, userId } = deps;
-  return createSdkMcpServer({
+  const { memoryManager, skillManager, taskId, sessionId } = deps;
+  return createSdkMcpServer2({
     name: "assistme-agent",
     version: "1.0.0",
     tools: [
-      tool(
+      tool2(
         "memory_store",
         "Store a memory about the user that persists across conversations. Use when you learn preferences, habits, or standing instructions.",
         {
-          content: z.string().describe("What to remember (concise, factual statement)"),
-          category: z.string().optional().describe("Category: general, preference, instruction, context, skill_learned, fact"),
-          importance: z.number().optional().describe("Importance 1-10 (default: 5). Use 8+ for instructions"),
-          tags: z.array(z.string()).optional().describe("Optional tags for searchability")
+          content: z2.string().describe("What to remember (concise, factual statement)"),
+          category: z2.string().optional().describe("Category: general, preference, instruction, context, skill_learned, fact"),
+          importance: z2.number().optional().describe("Importance 1-10 (default: 5). Use 8+ for instructions"),
+          tags: z2.array(z2.string()).optional().describe("Optional tags for searchability")
         },
         async (args) => {
           if (!memoryManager) {
@@ -3194,23 +4187,25 @@ function createAgentToolsServer(deps) {
           return { content: [{ type: "text", text: result }] };
         }
       ),
-      tool(
+      tool2(
         "skill_create",
         "Create a new skill and add it to the user's collection. Returns the skill ID on success.",
         {
-          name: z.string().describe("Skill name in kebab-case, e.g. 'flight-booking'"),
-          description: z.string().describe("One-line description of what this skill does"),
-          instructions: z.string().describe("Markdown step-by-step instructions"),
-          emoji: z.string().optional().describe("Single emoji representing this skill")
+          name: z2.string().describe("Skill name in kebab-case, e.g. 'flight-booking'"),
+          description: z2.string().describe("One-line description of what this skill does"),
+          instructions: z2.string().describe("Markdown step-by-step instructions"),
+          emoji: z2.string().optional().describe("Single emoji representing this skill")
         },
         async (args) => {
           const nameError = validateSkillName(args.name);
           if (nameError) {
             return {
-              content: [{
-                type: "text",
-                text: `Invalid skill name: ${nameError}. Use lowercase kebab-case like "flight-booking".`
-              }]
+              content: [
+                {
+                  type: "text",
+                  text: `Invalid skill name: ${nameError}. Use lowercase kebab-case like "flight-booking".`
+                }
+              ]
             };
           }
           const existing = skillManager.findSimilar(args.name);
@@ -3224,12 +4219,10 @@ function createAgentToolsServer(deps) {
               ]
             };
           }
-          const result = await skillManager.create(
-            args.name,
-            args.description,
-            args.instructions,
-            { source: "manual", emoji: args.emoji }
-          );
+          const result = await skillManager.create(args.name, args.description, args.instructions, {
+            source: "manual",
+            emoji: args.emoji
+          });
           if (!result) {
             return {
               content: [{ type: "text", text: `Failed to create skill "${args.name}".` }]
@@ -3257,13 +4250,13 @@ function createAgentToolsServer(deps) {
           };
         }
       ),
-      tool(
+      tool2(
         "skill_improve",
         "Improve an existing skill with better instructions based on what you just learned. Version auto-bumped.",
         {
-          name: z.string().describe("Name of the existing skill to improve"),
-          improved_instructions: z.string().describe("Full updated markdown instructions (not a diff)"),
-          description: z.string().optional().describe("Updated description (optional)")
+          name: z2.string().describe("Name of the existing skill to improve"),
+          improved_instructions: z2.string().describe("Full updated markdown instructions (not a diff)"),
+          description: z2.string().optional().describe("Updated description (optional)")
         },
         async (args) => {
           const existing = skillManager.get(args.name);
@@ -3304,12 +4297,12 @@ function createAgentToolsServer(deps) {
           };
         }
       ),
-      tool(
+      tool2(
         "skill_invoke",
         "Load a skill's full instructions when relevant to the current task. Call this when you determine a skill from the Available Skills list matches the user's request.",
         {
-          name: z.string().describe("Skill name from the Available Skills list"),
-          arguments: z.string().optional().describe("Arguments to pass to the skill (replaces $ARGUMENTS placeholders)")
+          name: z2.string().describe("Skill name from the Available Skills list"),
+          arguments: z2.string().optional().describe("Arguments to pass to the skill (replaces $ARGUMENTS placeholders)")
         },
         async (args) => {
           const skill = skillManager.get(args.name);
@@ -3343,6 +4336,39 @@ ${content}`;
 **Allowed tools for this skill:** ${skill.allowedTools.join(", ")}
 `;
           }
+          const credReqs = skill.metadata.credentials;
+          if (credReqs && credReqs.length > 0) {
+            const store = getCredentialStore();
+            const missing = [];
+            for (const req of credReqs) {
+              const cred = store.getByName(req.name);
+              if (cred) {
+                response += `
+
+**Credential: ${req.name}** (${req.type})
+`;
+                response += `\`\`\`json
+${JSON.stringify(cred.data, null, 2)}
+\`\`\`
+`;
+              } else if (req.required) {
+                missing.push(`${req.name} (${req.description})`);
+              }
+            }
+            if (missing.length > 0) {
+              response += `
+
+**Missing required credentials:**
+`;
+              for (const m of missing) {
+                response += `- ${m}
+`;
+              }
+              response += `
+Use \`ask_user\` to request these from the user, or create them yourself (e.g. register an account), then store with \`credential_set\`.
+`;
+            }
+          }
           log.info(`Skill invoked: "${args.name}"`);
           skillManager.logInvocation(args.name, {
             messageId: taskId,
@@ -3355,12 +4381,12 @@ ${content}`;
           };
         }
       ),
-      tool(
+      tool2(
         "skill_search",
         "Search for skills by keyword. Uses full-text search across skill names, descriptions, and content. Use this to discover relevant skills when the Available Skills list doesn't have an obvious match.",
         {
-          query: z.string().describe("Search query (keywords, topic, or task description)"),
-          limit: z.number().optional().describe("Max results (default: 5)")
+          query: z2.string().describe("Search query (keywords, topic, or task description)"),
+          limit: z2.number().optional().describe("Max results (default: 5)")
         },
         async (args) => {
           const results = await skillManager.searchDb(args.query, args.limit || 5);
@@ -3382,14 +4408,14 @@ ${content}`;
           return { content: [{ type: "text", text: response }] };
         }
       ),
-      tool(
+      tool2(
         "skill_generate",
         "Prepare context for generating skills from a job description. Returns existing skills and job info so you can analyze the job and create skills using skill_create (which auto-adds to user's collection). After creating all skills, call skill_link_job to link them to the job and mark it as analyzed.",
         {
-          job_name: z.string().describe(
+          job_name: z2.string().describe(
             "Short name for this job/role. Example: '\u7535\u5546\u8FD0\u8425', 'Frontend Dev', 'Data Analyst'"
           ),
-          job_description: z.string().describe(
+          job_description: z2.string().describe(
             "Description of the user's job, role, and daily tasks. Can be in any language. Example: '\u6211\u662F\u7535\u5546\u8FD0\u8425\uFF0C\u6BCF\u5929\u8981\u770B\u7ADE\u54C1\u4EF7\u683C\u3001\u5199\u5546\u54C1\u6587\u6848\u3001\u56DE\u590D\u5BA2\u6237\u8BC4\u8BBA'"
           )
         },
@@ -3453,47 +4479,48 @@ ${content}`;
           return { content: [{ type: "text", text: response }] };
         }
       ),
-      tool(
+      tool2(
         "skill_link_job",
         "Link created skills to a job and mark it as analyzed. Call this after creating all skills for a job via skill_create + skill_add.",
         {
-          job_name: z.string().describe("Name of the job to link skills to"),
-          job_description: z.string().describe("Job description (used if job doesn't exist yet)"),
-          skill_names: z.array(z.string()).describe("Names of skills to link to this job")
+          job_name: z2.string().describe("Name of the job to link skills to"),
+          job_description: z2.string().describe("Job description (used if job doesn't exist yet)"),
+          skill_names: z2.array(z2.string()).describe("Names of skills to link to this job")
         },
         async (args) => {
-          if (!userId) {
-            return {
-              content: [{ type: "text", text: "Not authenticated. Cannot link job." }]
-            };
-          }
           try {
-            await saveJobToDb(userId, args.job_name, args.job_description, args.skill_names);
-            log.success(`Job "${args.job_name}": linked ${args.skill_names.length} skills and marked as analyzed`);
+            await saveJobToDb(args.job_name, args.job_description, args.skill_names);
+            log.success(
+              `Job "${args.job_name}": linked ${args.skill_names.length} skills and marked as analyzed`
+            );
             return {
-              content: [{
-                type: "text",
-                text: `Job "${args.job_name}" linked with ${args.skill_names.length} skills and marked as analyzed.`
-              }]
+              content: [
+                {
+                  type: "text",
+                  text: `Job "${args.job_name}" linked with ${args.skill_names.length} skills and marked as analyzed.`
+                }
+              ]
             };
           } catch (err) {
             return {
-              content: [{
-                type: "text",
-                text: `Failed to link job: ${err instanceof Error ? err.message : err}`
-              }]
+              content: [
+                {
+                  type: "text",
+                  text: `Failed to link job: ${err instanceof Error ? err.message : err}`
+                }
+              ]
             };
           }
         }
       ),
-      tool(
+      tool2(
         "skill_browse",
         "Browse the skill marketplace to discover skills published by the community. Search by keyword, filter by category, and sort by popularity or rating.",
         {
-          query: z.string().optional().describe("Search keywords"),
-          category: z.string().optional().describe("Filter by category (e.g. 'productivity', 'ecommerce', 'dev-tools')"),
-          sort: z.enum(["popular", "recent", "rating"]).optional().describe("Sort order (default: popular)"),
-          limit: z.number().optional().describe("Max results (default: 10)")
+          query: z2.string().optional().describe("Search keywords"),
+          category: z2.string().optional().describe("Filter by category (e.g. 'productivity', 'ecommerce', 'dev-tools')"),
+          sort: z2.enum(["popular", "recent", "rating"]).optional().describe("Sort order (default: popular)"),
+          limit: z2.number().optional().describe("Max results (default: 10)")
         },
         async (args) => {
           const results = await skillManager.browse({
@@ -3526,41 +4553,47 @@ ${content}`;
           return { content: [{ type: "text", text: response }] };
         }
       ),
-      tool(
+      tool2(
         "skill_add",
         "Add a skill to your personal collection. Works for both marketplace skills and newly created drafts. This is the approval step \u2014 after adding, the skill becomes available for use via skill_invoke.",
         {
-          skill_id: z.string().describe("The skill UUID (from skill_browse or skill_create results)")
+          skill_id: z2.string().describe("The skill UUID (from skill_browse or skill_create results)")
         },
         async (args) => {
           const added = await skillManager.addSkill(args.skill_id);
           if (!added) {
             return {
-              content: [{ type: "text", text: `Failed to add skill. Check that the ID is correct.` }]
+              content: [
+                { type: "text", text: `Failed to add skill. Check that the ID is correct.` }
+              ]
             };
           }
           const emoji = added.metadata.emoji ? `${added.metadata.emoji} ` : "";
           return {
-            content: [{
-              type: "text",
-              text: `Added **${emoji}${added.name}** v${added.version} to your collection. It's now available for use via skill_invoke.`
-            }]
+            content: [
+              {
+                type: "text",
+                text: `Added **${emoji}${added.name}** v${added.version} to your collection. It's now available for use via skill_invoke.`
+              }
+            ]
           };
         }
       ),
-      tool(
+      tool2(
         "skill_publish",
         "Publish one of your skills to the marketplace so others can discover and install it.",
         {
-          name: z.string().describe("Name of your skill to publish"),
-          category: z.string().optional().describe("Category (e.g. 'productivity', 'ecommerce', 'dev-tools')"),
-          author_name: z.string().optional().describe("Your display name as the author")
+          name: z2.string().describe("Name of your skill to publish"),
+          category: z2.string().optional().describe("Category (e.g. 'productivity', 'ecommerce', 'dev-tools')"),
+          author_name: z2.string().optional().describe("Your display name as the author")
         },
         async (args) => {
           const skill = skillManager.get(args.name);
           if (!skill) {
             return {
-              content: [{ type: "text", text: `Skill "${args.name}" not found in your collection.` }]
+              content: [
+                { type: "text", text: `Skill "${args.name}" not found in your collection.` }
+              ]
             };
           }
           if (skill.source === "external") {
@@ -3574,30 +4607,43 @@ ${content}`;
           });
           if (!result) {
             return {
-              content: [{ type: "text", text: `Failed to publish "${args.name}". The name may already be taken by another author.` }]
+              content: [
+                {
+                  type: "text",
+                  text: `Failed to publish "${args.name}". The name may already be taken by another author.`
+                }
+              ]
             };
           }
           return {
-            content: [{
-              type: "text",
-              text: `Skill "${args.name}" published to the marketplace! Others can now find and install it.`
-            }]
+            content: [
+              {
+                type: "text",
+                text: `Skill "${args.name}" published to the marketplace! Others can now find and install it.`
+              }
+            ]
           };
         }
       ),
       // ── User Interaction Tool ───────────────────────────────────
-      tool(
+      tool2(
         "ask_user",
         "Ask the user a question via the web UI and wait for their response. Shows a message with optional predefined option buttons PLUS a free-text input field \u2014 the user can either click a suggested option or type a custom answer. ALWAYS provide options when you can suggest likely answers. Do NOT use this for information you can discover yourself (git remote, file contents, etc.).",
         {
-          question: z.string().describe("The question to ask (supports markdown). Be specific about what you need and why."),
-          options: z.array(z.object({
-            label: z.string().describe("Button label shown to user"),
-            action_key: z.string().describe("Machine-readable key returned when selected"),
-            description: z.string().optional().describe("Tooltip/description for this option")
-          })).optional().describe("Suggested options shown as buttons. The user can always type a custom answer instead."),
-          placeholder: z.string().optional().describe("Placeholder text for the free-text input field"),
-          timeout_seconds: z.number().optional().describe("How long to wait for response (default: 300)")
+          question: z2.string().describe(
+            "The question to ask (supports markdown). Be specific about what you need and why."
+          ),
+          options: z2.array(
+            z2.object({
+              label: z2.string().describe("Button label shown to user"),
+              action_key: z2.string().describe("Machine-readable key returned when selected"),
+              description: z2.string().optional().describe("Tooltip/description for this option")
+            })
+          ).optional().describe(
+            "Suggested options shown as buttons. The user can always type a custom answer instead."
+          ),
+          placeholder: z2.string().optional().describe("Placeholder text for the free-text input field"),
+          timeout_seconds: z2.number().optional().describe("How long to wait for response (default: 300)")
         },
         async (args) => {
           const actionId = `ask_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
@@ -3615,6 +4661,11 @@ ${content}`;
             log.info(`Ask user ${actionId}: "${args.question.slice(0, 80)}..."`);
             emitEvent(taskId, "user_action_request", actionData).catch(() => {
             });
+            emitEvent(taskId, "status_change", {
+              status: "waiting_for_user",
+              message: args.question
+            }).catch(() => {
+            });
             const startTime = Date.now();
             const pollInterval = 2e3;
             while (Date.now() - startTime < timeout) {
@@ -3625,56 +4676,55 @@ ${content}`;
                 const label = response.label || actionKey || text;
                 log.info(`User responded: "${label}"`);
                 return {
-                  content: [{
-                    type: "text",
-                    text: JSON.stringify({
-                      status: "responded",
-                      action_key: actionKey || "custom_input",
-                      label,
-                      text: text || label
-                    })
-                  }]
+                  content: [
+                    {
+                      type: "text",
+                      text: JSON.stringify({
+                        status: "responded",
+                        action_key: actionKey || "custom_input",
+                        label,
+                        text: text || label
+                      })
+                    }
+                  ]
                 };
               }
               await new Promise((resolve2) => setTimeout(resolve2, pollInterval));
             }
             log.warn(`Ask user ${actionId} timed out after ${args.timeout_seconds || 300}s`);
             return {
-              content: [{
-                type: "text",
-                text: JSON.stringify({
-                  status: "timeout",
-                  message: "User did not respond within the timeout period."
-                })
-              }]
+              content: [
+                {
+                  type: "text",
+                  text: JSON.stringify({
+                    status: "timeout",
+                    message: "User did not respond within the timeout period."
+                  })
+                }
+              ]
             };
           } catch (err) {
             log.error(`ask_user failed: ${err}`);
             return {
-              content: [{
-                type: "text",
-                text: `Failed to ask user: ${err instanceof Error ? err.message : err}`
-              }]
+              content: [
+                {
+                  type: "text",
+                  text: `Failed to ask user: ${err instanceof Error ? err.message : err}`
+                }
+              ]
             };
           }
         }
       ),
       // ── Job Automation Tools ──────────────────────────────────────
-      tool(
+      tool2(
         "job_run",
         "Run a job by loading its goal and available skills as capabilities. You then decide dynamically which skills to use, in what order, and how to chain them based on what you discover. Use this when the user asks to run their job, or when a scheduled job fires.",
         {
-          job_name: z.string().describe(
-            "Name of the job to run (e.g. 'software-engineer', 'Frontend Dev')"
-          )
+          job_name: z2.string().describe("Name of the job to run (e.g. 'software-engineer', 'Frontend Dev')")
         },
         async (args) => {
-          if (!userId) {
-            return {
-              content: [{ type: "text", text: "Not authenticated. Cannot run job." }]
-            };
-          }
-          const runner = new JobRunner(userId);
+          const runner = new JobRunner();
           const job = await runner.loadJob(args.job_name);
           if (!job) {
             const jobs = await runner.listJobs();
@@ -3685,10 +4735,12 @@ ${content}`;
           }
           if (job.skills.length === 0) {
             return {
-              content: [{
-                type: "text",
-                text: `Job "${args.job_name}" has no linked skills. Use skill_generate to add skills to this job.`
-              }]
+              content: [
+                {
+                  type: "text",
+                  text: `Job "${args.job_name}" has no linked skills. Use skill_generate to add skills to this job.`
+                }
+              ]
             };
           }
           const runId = await runner.createRun(job.jobId, {
@@ -3700,51 +4752,55 @@ ${content}`;
             log.debug("Failed to create job run record, proceeding without tracking");
           }
           const prompt = runner.buildJobPrompt(job, runId || "untracked");
-          log.info(`Job "${args.job_name}" started with ${job.skills.length} skills (run: ${runId?.slice(0, 8) || "untracked"})`);
+          log.info(
+            `Job "${args.job_name}" started with ${job.skills.length} skills (run: ${runId?.slice(0, 8) || "untracked"})`
+          );
           return {
             content: [{ type: "text", text: prompt }]
           };
         }
       ),
-      tool(
+      tool2(
         "job_schedule",
         "Schedule a job to run automatically on a recurring basis using a cron expression. For example, schedule your 'software-engineer' job to run every morning at 9am.",
         {
-          job_name: z.string().describe("Name of the job to schedule"),
-          cron: z.string().describe(
+          job_name: z2.string().describe("Name of the job to schedule"),
+          cron: z2.string().describe(
             "Cron expression: 'minute hour day-of-month month day-of-week'. Examples: '0 9 * * *' (daily 9am), '0 9 * * 1-5' (weekdays 9am), '0 */2 * * *' (every 2 hours)"
           ),
-          timezone: z.string().optional().describe("Timezone (default: UTC). Examples: 'UTC', 'America/New_York'"),
-          schedule_name: z.string().optional().describe("Custom name for this schedule (default: 'Job: <job_name>')")
+          timezone: z2.string().optional().describe("Timezone (default: UTC). Examples: 'UTC', 'America/New_York'"),
+          schedule_name: z2.string().optional().describe("Custom name for this schedule (default: 'Job: <job_name>')")
         },
         async (args) => {
-          if (!userId) {
-            return {
-              content: [{ type: "text", text: "Not authenticated. Cannot schedule job." }]
-            };
-          }
-          const runner = new JobRunner(userId);
+          const runner = new JobRunner();
           const job = await runner.loadJob(args.job_name);
           if (!job) {
             return {
-              content: [{ type: "text", text: `Job "${args.job_name}" not found. Create it first with skill_generate.` }]
+              content: [
+                {
+                  type: "text",
+                  text: `Job "${args.job_name}" not found. Create it first with skill_generate.`
+                }
+              ]
             };
           }
           try {
             getNextRunTime(args.cron, args.timezone || "UTC");
           } catch {
             return {
-              content: [{
-                type: "text",
-                text: `Invalid cron expression: "${args.cron}". Use format: "minute hour day-of-month month day-of-week"`
-              }]
+              content: [
+                {
+                  type: "text",
+                  text: `Invalid cron expression: "${args.cron}". Use format: "minute hour day-of-month month day-of-week"`
+                }
+              ]
             };
           }
           const name = args.schedule_name || `Job: ${args.job_name}`;
           const prompt = `[JobRun: ${args.job_name}] Run the "${args.job_name}" job. Use job_run to execute it.`;
           const tz = args.timezone || "UTC";
           try {
-            const task = await createScheduledTask(userId, name, prompt, args.cron, tz);
+            const task = await createScheduledTask(name, prompt, args.cron, tz);
             await callMcpHandler("schedule.link_job", {
               task_id: task.id,
               job_id: job.jobId
@@ -3772,36 +4828,35 @@ ${content}`;
             return { content: [{ type: "text", text: response }] };
           } catch (err) {
             return {
-              content: [{
-                type: "text",
-                text: `Failed to schedule job: ${err instanceof Error ? err.message : err}`
-              }]
+              content: [
+                {
+                  type: "text",
+                  text: `Failed to schedule job: ${err instanceof Error ? err.message : err}`
+                }
+              ]
             };
           }
         }
       ),
-      tool(
+      tool2(
         "job_status",
         "Check the status and run history of a job. Shows recent executions, success rates, and details.",
         {
-          job_name: z.string().optional().describe("Job name to check (omit for all jobs)"),
-          limit: z.number().optional().describe("Max number of runs to show (default: 5)")
+          job_name: z2.string().optional().describe("Job name to check (omit for all jobs)"),
+          limit: z2.number().optional().describe("Max number of runs to show (default: 5)")
         },
         async (args) => {
-          if (!userId) {
-            return {
-              content: [{ type: "text", text: "Not authenticated." }]
-            };
-          }
-          const runner = new JobRunner(userId);
+          const runner = new JobRunner();
           if (!args.job_name) {
             const jobs = await runner.listJobs();
             if (jobs.length === 0) {
               return {
-                content: [{
-                  type: "text",
-                  text: "No jobs defined. Use skill_generate to create a job from your job description."
-                }]
+                content: [
+                  {
+                    type: "text",
+                    text: "No jobs defined. Use skill_generate to create a job from your job description."
+                  }
+                ]
               };
             }
             let response2 = "## Your Jobs\n\n";
@@ -3815,10 +4870,12 @@ ${content}`;
           const runs = await runner.getRunHistory(args.job_name, args.limit || 5);
           if (runs.length === 0) {
             return {
-              content: [{
-                type: "text",
-                text: `No runs found for job "${args.job_name}". Use job_run to execute it.`
-              }]
+              content: [
+                {
+                  type: "text",
+                  text: `No runs found for job "${args.job_name}". Use job_run to execute it.`
+                }
+              ]
             };
           }
           let response = `## Job Status: ${args.job_name}
@@ -3847,18 +4904,142 @@ ${content}`;
           response += "\n";
           return { content: [{ type: "text", text: response }] };
         }
+      ),
+      // ── Credential Tools ──────────────────────────────────────────
+      tool2(
+        "credential_get",
+        "Retrieve a locally stored credential by name. Returns the secret data (API keys, tokens, etc.) stored on the user's machine. Use this when a skill needs authentication or API access.",
+        {
+          name: z2.string().describe("Credential name (e.g. 'amazon-login', 'openai-api-key')")
+        },
+        async (args) => {
+          const store = getCredentialStore();
+          const credential = store.getByName(args.name);
+          if (!credential) {
+            const all = store.list();
+            const available = all.length > 0 ? `Available credentials: ${all.map((m) => m.name).join(", ")}` : "No credentials stored yet.";
+            return {
+              content: [
+                {
+                  type: "text",
+                  text: `Credential "${args.name}" not found. ${available}
+Use ask_user to request it from the user, or create it yourself (e.g. register an account), then store with credential_set.`
+                }
+              ]
+            };
+          }
+          log.info(`Credential accessed: "${args.name}" (${credential.meta.type})`);
+          return {
+            content: [
+              {
+                type: "text",
+                text: JSON.stringify({
+                  name: credential.meta.name,
+                  type: credential.meta.type,
+                  data: credential.data,
+                  skill: credential.meta.skillName || null
+                })
+              }
+            ]
+          };
+        }
+      ),
+      tool2(
+        "credential_set",
+        "Store a credential locally on the user's machine. The credential is encrypted at rest and never sent to any remote server. IMPORTANT: Always use this to persist credentials \u2014 both when receiving them from the user via ask_user AND when you generate new credentials yourself (e.g. registering an account, creating an API key, generating a token). This ensures credentials survive across sessions and don't need to be recreated.",
+        {
+          name: z2.string().describe("Credential name (lowercase kebab-case, e.g. 'amazon-login')"),
+          type: z2.enum(["api_key", "oauth_token", "login", "secret", "custom"]).describe("Credential type"),
+          data: z2.record(z2.string(), z2.string()).describe(
+            'Key-value pairs (e.g. { "username": "...", "password": "..." } or { "api_key": "..." })'
+          ),
+          skill_name: z2.string().optional().describe("Associate with a specific skill"),
+          tags: z2.array(z2.string()).optional().describe("Tags for searchability")
+        },
+        async (args) => {
+          const store = getCredentialStore();
+          const meta = store.save(args.name, args.type, args.data, {
+            skillName: args.skill_name,
+            tags: args.tags
+          });
+          log.info(`Credential stored: "${args.name}" (${args.type})`);
+          return {
+            content: [
+              {
+                type: "text",
+                text: `Credential "${meta.name}" stored locally (type: ${meta.type}, id: ${meta.id}). It is encrypted and will persist across app restarts.`
+              }
+            ]
+          };
+        }
+      ),
+      tool2(
+        "credential_list",
+        "List all locally stored credentials (metadata only, no secrets). Use this to check what credentials are available before executing a skill.",
+        {
+          skill_name: z2.string().optional().describe("Filter by skill name"),
+          type: z2.string().optional().describe("Filter by credential type")
+        },
+        async (args) => {
+          const store = getCredentialStore();
+          let results = store.list();
+          if (args.skill_name) {
+            results = results.filter((m) => m.skillName === args.skill_name);
+          }
+          if (args.type) {
+            results = results.filter((m) => m.type === args.type);
+          }
+          if (results.length === 0) {
+            const filter = args.skill_name ? ` for skill "${args.skill_name}"` : "";
+            return {
+              content: [{ type: "text", text: `No credentials found${filter}.` }]
+            };
+          }
+          let response = "## Stored Credentials\n\n";
+          for (const m of results) {
+            const skill = m.skillName ? ` [${m.skillName}]` : "";
+            const tags = m.tags.length > 0 ? ` (${m.tags.join(", ")})` : "";
+            response += `- **${m.name}** (${m.type})${skill}${tags}
+`;
+          }
+          return { content: [{ type: "text", text: response }] };
+        }
+      ),
+      tool2(
+        "credential_remove",
+        "Remove a locally stored credential by name.",
+        {
+          name: z2.string().describe("Credential name to remove")
+        },
+        async (args) => {
+          const store = getCredentialStore();
+          const removed = store.removeByName(args.name);
+          if (!removed) {
+            return {
+              content: [{ type: "text", text: `Credential "${args.name}" not found.` }]
+            };
+          }
+          log.info(`Credential removed: "${args.name}"`);
+          return {
+            content: [
+              { type: "text", text: `Credential "${args.name}" removed from local storage.` }
+            ]
+          };
+        }
       )
     ]
   });
 }
-async function saveJobToDb(_userId, jobName, jobDescription, createdSkillNames) {
+async function saveJobToDb(jobName, jobDescription, createdSkillNames) {
   try {
     const data = await callMcpHandler("job.save_with_skills", {
       job_name: jobName,
       job_description: jobDescription,
       skill_names: createdSkillNames
     });
-    log.debug(`Job "${jobName}" saved via edge function (id: ${data}), ${createdSkillNames.length} skill(s) linked`);
+    log.debug(
+      `Job "${jobName}" saved via edge function (id: ${data}), ${createdSkillNames.length} skill(s) linked`
+    );
   } catch (err) {
     log.debug(`saveJobToDb error: ${err}`);
   }
@@ -3913,7 +5094,7 @@ function createEventHooks(taskId, toolCallRecords) {
   };
 }
 
-// src/agent/processor.ts
+// src/agent/system-prompt.ts
 var BASE_SYSTEM_PROMPT = `You are AssistMe, an AI assistant that operates like a real human on the user's computer. You control the user's actual Chrome browser and work with their real files.
 
 KEY PRINCIPLE: You operate the user's real browser, not a headless sandbox. This means:
@@ -3928,7 +5109,28 @@ KEY PRINCIPLE: You operate the user's real browser, not a headless sandbox. This
 
 Available capabilities:
 1. BROWSER CONTROL (user's real Chrome via CDP):
-   - Use browser tools (browser_connect, browser_navigate, browser_read_page, browser_screenshot, browser_click, browser_type, browser_press_key, browser_scroll, browser_get_elements, browser_evaluate, browser_list_tabs, browser_switch_tab, browser_new_tab) to control the user's real Chrome
+   **PREFERRED workflow \u2014 Snapshot + Act (ref-based):**
+   - browser_snapshot \u2192 takes a screenshot and discovers all interactive elements with numbered refs
+     Returns a ref table (text) + screenshot (image). The ref table is your PRIMARY context for element identification.
+     Use annotate=true only on simple pages (few elements) where visual badge overlay helps.
+   - browser_act \u2192 execute actions using ref numbers: click, type, select, press, scroll, wait
+   - This is MORE RELIABLE than CSS selectors because:
+     (a) The ref table gives you role, name, and type for every interactive element \u2014 no guessing
+     (b) Refs use stable semantic resolution (role + accessible name) that survives DOM changes
+     (c) Actions use CDP Input events (real mouse/keyboard) instead of JavaScript \u2014 works with all frameworks
+     (d) You can batch multiple actions in one call \u2014 fewer round-trips
+   - Example workflow:
+     1. browser_snapshot \u2192 ref table shows [1] button "Next", [2] textbox "Email", [3] combobox "Month"
+     2. browser_act actions=[{action:"type", ref:2, text:"user@example.com"}, {action:"select", ref:3, option:"March"}, {action:"click", ref:1}] screenshot=true
+   - Refs persist across actions unless the page navigates. Re-snapshot after navigation or major DOM changes.
+
+   **Legacy tools (still available, use when refs don't work):**
+   - browser_click, browser_type, browser_select, browser_get_elements, browser_screenshot, browser_evaluate
+   - browser_click supports :contains('text') pseudo-selectors
+   - browser_select handles native and custom dropdowns
+
+   **Other browser tools:**
+   - browser_connect, browser_navigate, browser_read_page, browser_list_tabs, browser_switch_tab, browser_new_tab
    - If auth is needed: use browser_request_user_action to ask the user to log in
 
 2. FILE OPERATIONS & SHELL:
@@ -3982,18 +5184,29 @@ Available capabilities:
 Workflow for web tasks (e.g. "\u67E5\u4E00\u4E0B kindle \u6700\u65B0\u6B3E\u4EF7\u683C"):
 1. browser_connect \u2192 connect to user's Chrome
 2. browser_new_tab \u2192 open a new tab
-3. browser_navigate \u2192 go to the website (login pages are auto-detected \u2014 the user will be prompted and their session saved)
-4. browser_read_page or browser_screenshot \u2192 read the content
-5. If login is needed but not auto-detected \u2192 use browser_request_user_action to ask the user
-6. Repeat across multiple sites as needed
+3. browser_navigate \u2192 go to the website (login pages are auto-detected)
+4. browser_snapshot \u2192 get ref table + screenshot (use annotate=true for simple pages)
+5. browser_act \u2192 interact using refs (type, click, select, etc.), set screenshot=true to see result
+6. Repeat 4-5 as needed (re-snapshot after navigation or major page changes)
 7. Summarize findings
 
+Workflow for form filling (e.g. "\u6CE8\u518C\u4E00\u4E2A Gmail \u8D26\u53F7"):
+1. browser_connect + browser_navigate \u2192 go to the form page
+2. browser_snapshot \u2192 see all form fields with ref numbers
+3. browser_act \u2192 batch fill multiple fields + click submit in ONE call:
+   actions=[{action:"type", ref:1, text:"John"}, {action:"type", ref:2, text:"Doe"}, {action:"select", ref:3, option:"March"}, {action:"click", ref:7}] screenshot=true
+4. Check the screenshot \u2014 if validation errors appear, re-snapshot and fix
+5. When a username/email is taken, append a random 4-digit suffix and retry
+
 Guidelines:
 - Always use the real browser for web tasks, never try to fetch URLs programmatically
-- Use browser_screenshot when you need to see the visual layout
-- Use browser_get_elements to find clickable elements before clicking
+- ALWAYS use browser_snapshot as your primary way to understand a page \u2014 the ref table gives actionable refs, the screenshot gives visual context
+- Use browser_act to batch multiple actions \u2014 fill an entire form in one call instead of individual clicks/types
+- Only re-snapshot when: (a) the page navigated, (b) significant DOM changes occurred, (c) an action failed with "ref not found"
+- Refs are semantically stable (resolved by role + name), so they often survive minor DOM updates
 - Login pages are auto-detected after navigation \u2014 the user is prompted and sessions are saved automatically
 - If auto-detection misses a login page, use browser_request_user_action manually
+- Fall back to legacy tools (browser_click, browser_type, browser_evaluate) only when refs don't work
 - Be thorough: check multiple sources when comparing prices/products
 - Summarize results clearly at the end
 - When you learn something about the user (preferences, habits), use memory_store to remember it
@@ -4008,21 +5221,21 @@ CRITICAL \u2014 Ask before you guess:
 - After receiving the answer, store it with memory_store if it is likely to be useful in future conversations.
 
 Workspace path: {workspace_path}`;
+
+// src/agent/processor.ts
 var MAX_HISTORY_ENTRIES = 10;
 var MAX_RESPONSE_LENGTH = 1500;
 var TaskProcessor = class {
   memoryManager = null;
   skillManager;
-  userId = null;
   sessionId = null;
   /** In-memory conversation history, keyed by conversation_id */
   historyCache = /* @__PURE__ */ new Map();
   constructor() {
     this.skillManager = new SkillManager();
   }
-  setUserId(userId) {
-    this.userId = userId;
-    this.memoryManager = new MemoryManager(userId);
+  init(userId) {
+    this.memoryManager = new MemoryManager();
     this.skillManager.setUserId(userId);
     this.skillManager.loadFromDb().catch((err) => {
       log.debug(`DB skill load deferred: ${err}`);
@@ -4097,8 +5310,7 @@ var TaskProcessor = class {
         memoryManager: this.memoryManager,
         skillManager: this.skillManager,
         taskId: task.id,
-        sessionId: this.sessionId || void 0,
-        userId: this.userId || void 0
+        sessionId: this.sessionId || void 0
       });
       const eventHooks = createEventHooks(task.id, toolCallRecords);
       const allowedTools = [
@@ -4127,7 +5339,12 @@ var TaskProcessor = class {
         // Job automation tools
         "mcp__assistme-agent__job_run",
         "mcp__assistme-agent__job_schedule",
-        "mcp__assistme-agent__job_status"
+        "mcp__assistme-agent__job_status",
+        // Credential tools (local storage)
+        "mcp__assistme-agent__credential_get",
+        "mcp__assistme-agent__credential_set",
+        "mcp__assistme-agent__credential_list",
+        "mcp__assistme-agent__credential_remove"
       ];
       async function* promptMessages() {
         yield {
@@ -4238,7 +5455,9 @@ var TaskProcessor = class {
       }
       this.historyCache.set(task.conversation_id, convHistory);
       if (agentSessionId) {
-        this.evaluateSkillPostTask(agentSessionId, config.model).catch((err) => log.debug(`Post-task skill evaluation skipped: ${err}`));
+        this.evaluateSkillPostTask(agentSessionId, config.model).catch(
+          (err) => log.debug(`Post-task skill evaluation skipped: ${err}`)
+        );
       }
     } catch (err) {
       const errorMsg = err instanceof Error ? err.message : String(err);
@@ -4261,10 +5480,7 @@ var TaskProcessor = class {
 
 // src/commands/start.ts
 function registerStartCommand(program2) {
-  program2.command("start", { isDefault: true, hidden: true }).description("Start the agent (default command)").option(
-    "-w, --workspace <path>",
-    "Workspace path (default: current directory)"
-  ).option("-n, --name <name>", "Session name").option("-v, --verbose", "Enable verbose/debug logging").action(runAgent);
+  program2.command("start", { isDefault: true, hidden: true }).description("Start the agent (default command)").option("-w, --workspace <path>", "Workspace path (default: current directory)").option("-n, --name <name>", "Session name").option("-v, --verbose", "Enable verbose/debug logging").action(runAgent);
 }
 async function runAgent(opts) {
   if (opts.verbose) {
@@ -4277,26 +5493,10 @@ async function runAgent(opts) {
     setConfig("sessionName", opts.name);
   }
   console.log();
-  console.log(
-    chalk4.bold.cyan(
-      "  \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557"
-    )
-  );
-  console.log(
-    chalk4.bold.cyan(
-      "  \u2551          AssistMe CLI Agent              \u2551"
-    )
-  );
-  console.log(
-    chalk4.bold.cyan(
-      "  \u2551   AI that controls your real browser     \u2551"
-    )
-  );
-  console.log(
-    chalk4.bold.cyan(
-      "  \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D"
-    )
-  );
+  console.log(chalk4.bold.cyan("  \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557"));
+  console.log(chalk4.bold.cyan("  \u2551          AssistMe CLI Agent              \u2551"));
+  console.log(chalk4.bold.cyan("  \u2551   AI that controls your real browser     \u2551"));
+  console.log(chalk4.bold.cyan("  \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D"));
   console.log();
   let userId;
   try {
@@ -4313,9 +5513,7 @@ async function runAgent(opts) {
         launchSpinner.succeed("Browser detected (CDP port 9222)");
         break;
       case "launched":
-        launchSpinner.succeed(
-          "Browser launched with remote debugging (debug profile)"
-        );
+        launchSpinner.succeed("Browser launched with remote debugging (debug profile)");
         break;
     }
   } else {
@@ -4326,9 +5524,7 @@ async function runAgent(opts) {
         break;
       case "port_conflict":
         launchSpinner.fail("Port 9222 is in use by another process");
-        log.info(
-          launchResult.detail ?? "Stop the conflicting process or use a different port."
-        );
+        log.info(launchResult.detail ?? "Stop the conflicting process or use a different port.");
         break;
       default:
         launchSpinner.fail("Failed to start Chrome with remote debugging");
@@ -4338,14 +5534,12 @@ async function runAgent(opts) {
         if (launchResult.chromePath) {
           log.info(`Chrome binary: ${launchResult.chromePath}`);
         }
-        log.info(
-          "Browser will be auto-launched when the first task needs it."
-        );
+        log.info("Browser will be auto-launched when the first task needs it.");
         break;
     }
   }
   const processor = new TaskProcessor();
-  processor.setUserId(userId);
+  processor.init(userId);
   const sessionManager = new SessionManager();
   const browserRef = getBrowser();
   const shutdown = async () => {
@@ -4407,9 +5601,7 @@ async function runAgent(opts) {
     });
     rl.on("close", shutdown);
   } catch (err) {
-    log.error(
-      `Failed to start: ${err instanceof Error ? err.message : err}`
-    );
+    log.error(`Failed to start: ${err instanceof Error ? err.message : err}`);
     process.exit(1);
   }
 }
@@ -4453,13 +5645,7 @@ function registerStatusCommand(program2) {
 import chalk6 from "chalk";
 function registerScheduleCommands(program2) {
   const scheduleCmd = program2.command("schedule").description("Manage scheduled (cron) tasks");
-  scheduleCmd.command("add").description("Add a scheduled task").requiredOption("-n, --name <name>", "Task name").requiredOption(
-    "-p, --prompt <prompt>",
-    "Task prompt (what the AI should do)"
-  ).requiredOption(
-    "-c, --cron <expression>",
-    "Cron expression (e.g. '0 8 * * *' for daily 8am)"
-  ).option("-t, --timezone <tz>", "Timezone (default: UTC)").action(async (opts) => {
+  scheduleCmd.command("add").description("Add a scheduled task").requiredOption("-n, --name <name>", "Task name").requiredOption("-p, --prompt <prompt>", "Task prompt (what the AI should do)").requiredOption("-c, --cron <expression>", "Cron expression (e.g. '0 8 * * *' for daily 8am)").option("-t, --timezone <tz>", "Timezone (default: UTC)").action(async (opts) => {
     try {
       const cronParts = opts.cron.trim().split(/\s+/);
       if (cronParts.length !== 5) {
@@ -4469,14 +5655,8 @@ function registerScheduleCommands(program2) {
         console.log('  Examples: "0 9 * * *" (daily 9am), "*/15 * * * *" (every 15 min)');
         process.exit(1);
       }
-      const userId = await getCurrentUserId();
-      const task = await createScheduledTask(
-        userId,
-        opts.name,
-        opts.prompt,
-        opts.cron,
-        opts.timezone
-      );
+      await getCurrentUserId();
+      const task = await createScheduledTask(opts.name, opts.prompt, opts.cron, opts.timezone);
       log.success(`Scheduled task created: ${task.name}`);
       console.log(`  ID:       ${task.id.slice(0, 8)}...`);
       console.log(`  Cron:     ${task.cron_expression}`);
@@ -4490,8 +5670,8 @@ function registerScheduleCommands(program2) {
   });
   scheduleCmd.command("list").description("List all scheduled tasks").action(async () => {
     try {
-      const userId = await getCurrentUserId();
-      const tasks = await listScheduledTasks(userId);
+      await getCurrentUserId();
+      const tasks = await listScheduledTasks();
       if (tasks.length === 0) {
         console.log(chalk6.yellow("No scheduled tasks."));
         console.log('Run "assistme schedule add" to create one.');
@@ -4501,22 +5681,14 @@ function registerScheduleCommands(program2) {
       for (const t of tasks) {
         const icon = t.enabled ? chalk6.green("\u25CF") : chalk6.dim("\u25CB");
         console.log(`  ${icon} ${t.name} (${t.id.slice(0, 8)}...)`);
-        console.log(
-          `    Cron:     ${t.cron_expression} (${t.timezone})`
-        );
-        console.log(
-          `    Prompt:   ${t.prompt.slice(0, 60)}${t.prompt.length > 60 ? "..." : ""}`
-        );
+        console.log(`    Cron:     ${t.cron_expression} (${t.timezone})`);
+        console.log(`    Prompt:   ${t.prompt.slice(0, 60)}${t.prompt.length > 60 ? "..." : ""}`);
         console.log(`    Runs:     ${t.run_count}`);
         if (t.next_run_at) {
-          console.log(
-            `    Next run: ${new Date(t.next_run_at).toLocaleString()}`
-          );
+          console.log(`    Next run: ${new Date(t.next_run_at).toLocaleString()}`);
         }
         if (t.last_error) {
-          console.log(
-            chalk6.red(`    Error:    ${t.last_error.slice(0, 80)}`)
-          );
+          console.log(chalk6.red(`    Error:    ${t.last_error.slice(0, 80)}`));
         }
         console.log();
       }
@@ -4527,8 +5699,8 @@ function registerScheduleCommands(program2) {
   });
   scheduleCmd.command("toggle <id>").description("Enable/disable a scheduled task").action(async (id) => {
     try {
-      const userId = await getCurrentUserId();
-      const tasks = await listScheduledTasks(userId);
+      await getCurrentUserId();
+      const tasks = await listScheduledTasks();
       const task = tasks.find((t) => t.id.startsWith(id));
       if (!task) {
         log.error(`Task not found: ${id}`);
@@ -4543,8 +5715,8 @@ function registerScheduleCommands(program2) {
   });
   scheduleCmd.command("remove <id>").description("Delete a scheduled task").action(async (id) => {
     try {
-      const userId = await getCurrentUserId();
-      const tasks = await listScheduledTasks(userId);
+      await getCurrentUserId();
+      const tasks = await listScheduledTasks();
       const task = tasks.find((t) => t.id.startsWith(id));
       if (!task) {
         log.error(`Task not found: ${id}`);
@@ -4565,17 +5737,12 @@ function registerMemoryCommands(program2) {
   const memoryCmd = program2.command("memory").description("Manage the agent's memory about you");
   memoryCmd.command("list").description("List stored memories").option("-c, --category <category>", "Filter by category").option("-l, --limit <number>", "Max items (default: 20)").action(async (opts) => {
     try {
-      const userId = await getCurrentUserId();
-      const mm = new MemoryManager(userId);
-      const memories = await mm.list(
-        opts.category,
-        parseInt(opts.limit || "20")
-      );
+      await getCurrentUserId();
+      const mm = new MemoryManager();
+      const memories = await mm.list(opts.category, parseInt(opts.limit || "20"));
       if (memories.length === 0) {
         console.log(chalk7.yellow("No memories stored yet."));
-        console.log(
-          "The agent will automatically remember things as you interact with it."
-        );
+        console.log("The agent will automatically remember things as you interact with it.");
         return;
       }
       console.log(chalk7.bold(`
@@ -4602,8 +5769,8 @@ Memories (${memories.length}):`));
   });
   memoryCmd.command("add <content>").description("Manually add a memory").option("-c, --category <category>", "Category (default: general)").option("-i, --importance <number>", "Importance 1-10 (default: 5)").option("-t, --tags <tags>", "Comma-separated tags").action(async (content, opts) => {
     try {
-      const userId = await getCurrentUserId();
-      const mm = new MemoryManager(userId);
+      await getCurrentUserId();
+      const mm = new MemoryManager();
       const tags = opts.tags ? opts.tags.split(",").map((t) => t.trim()) : [];
       const mem = await mm.add(
         content,
@@ -4611,9 +5778,7 @@ Memories (${memories.length}):`));
         parseInt(opts.importance || "5"),
         tags
       );
-      log.success(
-        `Memory stored: "${mem.content.slice(0, 60)}..." [${mem.category}]`
-      );
+      log.success(`Memory stored: "${mem.content.slice(0, 60)}..." [${mem.category}]`);
     } catch (err) {
       log.error(`${err instanceof Error ? err.message : err}`);
       process.exit(1);
@@ -4621,8 +5786,8 @@ Memories (${memories.length}):`));
   });
   memoryCmd.command("search <query>").description("Search memories").action(async (query3) => {
     try {
-      const userId = await getCurrentUserId();
-      const mm = new MemoryManager(userId);
+      await getCurrentUserId();
+      const mm = new MemoryManager();
       const results = await mm.search(query3);
       if (results.length === 0) {
         console.log(chalk7.yellow(`No memories matching "${query3}"`));
@@ -4641,8 +5806,8 @@ Search results for "${query3}":`));
   });
   memoryCmd.command("remove <id>").description("Delete a specific memory").action(async (id) => {
     try {
-      const userId = await getCurrentUserId();
-      const mm = new MemoryManager(userId);
+      await getCurrentUserId();
+      const mm = new MemoryManager();
       const memories = await mm.list();
       const mem = memories.find((m) => m.id.startsWith(id));
       if (!mem) {
@@ -4658,12 +5823,10 @@ Search results for "${query3}":`));
   });
   memoryCmd.command("clear").description("Clear all memories").option("-c, --category <category>", "Only clear specific category").action(async (opts) => {
     try {
-      const userId = await getCurrentUserId();
-      const mm = new MemoryManager(userId);
+      await getCurrentUserId();
+      const mm = new MemoryManager();
       await mm.clear(opts.category);
-      log.success(
-        `Memories cleared${opts.category ? ` (${opts.category})` : ""}`
-      );
+      log.success(`Memories cleared${opts.category ? ` (${opts.category})` : ""}`);
     } catch (err) {
       log.error(`${err instanceof Error ? err.message : err}`);
       process.exit(1);
@@ -4801,21 +5964,17 @@ function registerJobCommands(program2) {
   jobCmd.command("list").description("List your defined jobs").action(async () => {
     try {
       const userId = await getCurrentUserId();
-      const { JobRunner: JobRunner2 } = await import("./job-runner-N4XAAWLJ.js");
-      const runner = new JobRunner2(userId);
+      const { JobRunner: JobRunner2 } = await import("./job-runner-P2L6MOOX.js");
+      const runner = new JobRunner2();
       const jobs = await runner.listJobs();
       if (jobs.length === 0) {
         console.log(chalk9.yellow("No jobs defined."));
-        console.log(
-          'Use "assistme" and tell the agent about your job to generate skills.'
-        );
+        console.log('Use "assistme" and tell the agent about your job to generate skills.');
         return;
       }
       console.log(chalk9.bold("\nYour Jobs:"));
       for (const job of jobs) {
-        console.log(
-          `  ${chalk9.cyan(job.name)} (${job.skillCount} skills)`
-        );
+        console.log(`  ${chalk9.cyan(job.name)} (${job.skillCount} skills)`);
         console.log(
           `    ${job.description.slice(0, 80)}${job.description.length > 80 ? "..." : ""}`
         );
@@ -4829,38 +5988,23 @@ function registerJobCommands(program2) {
   jobCmd.command("status [name]").description("Show run history for a job (or all jobs)").option("-l, --limit <number>", "Max runs to show (default: 5)").action(async (name, opts) => {
     try {
       const userId = await getCurrentUserId();
-      const { JobRunner: JobRunner2 } = await import("./job-runner-N4XAAWLJ.js");
-      const runner = new JobRunner2(userId);
-      const runs = await runner.getRunHistory(
-        name,
-        parseInt(opts.limit || "5")
-      );
+      const { JobRunner: JobRunner2 } = await import("./job-runner-P2L6MOOX.js");
+      const runner = new JobRunner2();
+      const runs = await runner.getRunHistory(name, parseInt(opts.limit || "5"));
       if (runs.length === 0) {
-        console.log(
-          chalk9.yellow(
-            name ? `No runs found for "${name}".` : "No job runs yet."
-          )
-        );
+        console.log(chalk9.yellow(name ? `No runs found for "${name}".` : "No job runs yet."));
         return;
       }
-      console.log(
-        chalk9.bold(
-          `
-Job Run History${name ? ` \u2014 ${name}` : ""}:`
-        )
-      );
+      console.log(chalk9.bold(`
+Job Run History${name ? ` \u2014 ${name}` : ""}:`));
       for (const run of runs) {
         const icon = run.status === "completed" ? chalk9.green("\u25CF") : run.status === "failed" ? chalk9.red("\u25CF") : run.status === "running" ? chalk9.yellow("\u25CF") : chalk9.dim("\u25CB");
         const date = new Date(run.startedAt).toLocaleString();
         const duration = run.completedAt ? `${Math.round((new Date(run.completedAt).getTime() - new Date(run.startedAt).getTime()) / 1e3)}s` : "in progress";
-        console.log(
-          `  ${icon} ${chalk9.bold(run.jobName)} | ${run.triggerType} | ${date}`
-        );
+        console.log(`  ${icon} ${chalk9.bold(run.jobName)} | ${run.triggerType} | ${date}`);
         console.log(`    Duration: ${duration}`);
         if (run.summary) {
-          console.log(
-            `    ${chalk9.dim(run.summary.slice(0, 100))}`
-          );
+          console.log(`    ${chalk9.dim(run.summary.slice(0, 100))}`);
         }
         console.log();
       }
@@ -4883,28 +6027,20 @@ Job Run History${name ? ` \u2014 ${name}` : ""}:`
         process.exit(1);
       }
       const userId = await getCurrentUserId();
-      const { JobRunner: JobRunner2 } = await import("./job-runner-N4XAAWLJ.js");
-      const runner = new JobRunner2(userId);
+      const { JobRunner: JobRunner2 } = await import("./job-runner-P2L6MOOX.js");
+      const runner = new JobRunner2();
       const job = await runner.loadJob(name);
       if (!job) {
         log.error(`Job "${name}" not found.`);
         const jobs = await runner.listJobs();
         if (jobs.length > 0) {
-          console.log(
-            `Available: ${jobs.map((j) => j.name).join(", ")}`
-          );
+          console.log(`Available: ${jobs.map((j) => j.name).join(", ")}`);
         }
         process.exit(1);
       }
       const tz = opts.timezone || "UTC";
       const prompt = `[JobRun: ${name}] Run the "${name}" job. Use job_run to execute it.`;
-      const task = await createScheduledTask(
-        userId,
-        `Job: ${name}`,
-        prompt,
-        opts.cron,
-        tz
-      );
+      const task = await createScheduledTask(`Job: ${name}`, prompt, opts.cron, tz);
       await callMcpHandler("schedule.link_job", {
         task_id: task.id,
         job_id: job.jobId
@@ -4921,6 +6057,144 @@ Job Run History${name ? ` \u2014 ${name}` : ""}:`
   });
 }
 
+// src/commands/credential.ts
+import chalk10 from "chalk";
+import { createInterface as createInterface3 } from "readline";
+var VALID_TYPES = ["api_key", "oauth_token", "login", "secret", "custom"];
+function registerCredentialCommands(program2) {
+  const credCmd = program2.command("credential").alias("cred").description("Manage locally stored credentials (encrypted, never sent to server)");
+  credCmd.command("list").description("List all stored credentials (metadata only, no secrets)").option("-s, --skill <name>", "Filter by skill name").option("-t, --type <type>", "Filter by credential type").action(async (opts) => {
+    const store = getCredentialStore();
+    let results = store.list();
+    if (opts.skill) {
+      results = results.filter((m) => m.skillName === opts.skill);
+    }
+    if (opts.type) {
+      results = results.filter((m) => m.type === opts.type);
+    }
+    if (results.length === 0) {
+      console.log(chalk10.yellow("  No credentials stored."));
+      console.log(chalk10.dim("  Use `assistme credential set <name>` to add one."));
+      return;
+    }
+    console.log(chalk10.bold("\n  Stored Credentials:\n"));
+    for (const m of results) {
+      const skill = m.skillName ? chalk10.dim(` [${m.skillName}]`) : "";
+      const tags = m.tags.length > 0 ? chalk10.dim(` (${m.tags.join(", ")})`) : "";
+      console.log(`  ${chalk10.cyan(m.name)} ${chalk10.gray(`(${m.type})`)}${skill}${tags}`);
+      console.log(chalk10.dim(`    ID: ${m.id}  Created: ${m.createdAt.slice(0, 10)}`));
+    }
+    console.log();
+  });
+  credCmd.command("set <name>").description("Store or update a credential interactively").option("-t, --type <type>", `Credential type: ${VALID_TYPES.join(", ")}`, "secret").option("-s, --skill <name>", "Associate with a skill").option("--tags <tags>", "Comma-separated tags").action(async (name, opts) => {
+    if (!VALID_TYPES.includes(opts.type)) {
+      log.error(`Invalid type "${opts.type}". Must be one of: ${VALID_TYPES.join(", ")}`);
+      process.exit(1);
+    }
+    const rl = createInterface3({
+      input: process.stdin,
+      output: process.stdout
+    });
+    const ask = (q) => new Promise((resolve2) => {
+      rl.question(q, (answer) => resolve2(answer.trim()));
+    });
+    console.log(chalk10.bold(`
+  Set credential: ${name}`));
+    console.log(chalk10.dim("  Enter key-value pairs. Empty key to finish.\n"));
+    const data = {};
+    if (opts.type === "login") {
+      data.username = await ask(chalk10.cyan("  Username: "));
+      data.password = await ask(chalk10.cyan("  Password: "));
+    } else if (opts.type === "api_key") {
+      data.api_key = await ask(chalk10.cyan("  API Key: "));
+    } else {
+      while (true) {
+        const key = await ask(chalk10.cyan("  Key (empty to finish): "));
+        if (!key) break;
+        const value = await ask(chalk10.cyan(`  Value for "${key}": `));
+        data[key] = value;
+      }
+    }
+    rl.close();
+    if (Object.keys(data).length === 0) {
+      console.log(chalk10.yellow("  No data provided. Credential not saved."));
+      return;
+    }
+    const store = getCredentialStore();
+    const tags = opts.tags ? opts.tags.split(",").map((t) => t.trim()) : [];
+    const meta = store.save(name, opts.type, data, {
+      skillName: opts.skill,
+      tags
+    });
+    log.success(`Credential "${meta.name}" saved (ID: ${meta.id})`);
+    console.log(chalk10.dim("  Encrypted and stored at ~/.config/assistme/credentials/"));
+  });
+  credCmd.command("get <name>").description("Show credential metadata (use --reveal to show secrets)").option("-r, --reveal", "Reveal secret values").action(async (name, opts) => {
+    const store = getCredentialStore();
+    const credential = store.getByName(name);
+    if (!credential) {
+      log.error(`Credential not found: ${name}`);
+      process.exit(1);
+    }
+    const m = credential.meta;
+    console.log(chalk10.bold(`
+  ${m.name} (${m.type})`));
+    if (m.skillName) console.log(`  Skill: ${m.skillName}`);
+    if (m.tags.length > 0) console.log(`  Tags: ${m.tags.join(", ")}`);
+    console.log(`  Created: ${m.createdAt}`);
+    console.log(`  Updated: ${m.updatedAt}`);
+    if (opts.reveal) {
+      console.log(chalk10.bold("\n  Data:"));
+      for (const [key, value] of Object.entries(credential.data)) {
+        console.log(`    ${chalk10.cyan(key)}: ${value}`);
+      }
+    } else {
+      console.log(chalk10.bold("\n  Data keys:"));
+      for (const key of Object.keys(credential.data)) {
+        console.log(`    ${chalk10.cyan(key)}: ${"*".repeat(8)}`);
+      }
+      console.log(chalk10.dim("\n  Use --reveal to show secret values."));
+    }
+    console.log();
+  });
+  credCmd.command("remove <name>").description("Remove a stored credential").action(async (name) => {
+    const store = getCredentialStore();
+    const removed = store.removeByName(name);
+    if (removed) {
+      log.success(`Credential "${name}" removed.`);
+    } else {
+      log.error(`Credential not found: ${name}`);
+    }
+  });
+  credCmd.command("clear").description("Remove ALL stored credentials").action(async () => {
+    const store = getCredentialStore();
+    const count = store.list().length;
+    if (count === 0) {
+      console.log(chalk10.yellow("  No credentials to clear."));
+      return;
+    }
+    const rl = createInterface3({
+      input: process.stdin,
+      output: process.stdout
+    });
+    const answer = await new Promise((resolve2) => {
+      rl.question(
+        chalk10.red(`  Remove ALL ${count} credential(s)? This cannot be undone. (yes/no): `),
+        (ans) => {
+          rl.close();
+          resolve2(ans.trim().toLowerCase());
+        }
+      );
+    });
+    if (answer === "yes" || answer === "y") {
+      store.clear();
+      log.success(`All ${count} credential(s) removed.`);
+    } else {
+      console.log(chalk10.dim("  Cancelled."));
+    }
+  });
+}
+
 // src/index.ts
 loadEnv();
 var require2 = createRequire(import.meta.url);
@@ -4936,4 +6210,5 @@ registerScheduleCommands(program);
 registerMemoryCommands(program);
 registerSkillCommands(program);
 registerJobCommands(program);
+registerCredentialCommands(program);
 program.parse();