bloby-bot 0.70.12 → 0.71.0

package/supervisor/chat/src/components/Chat/MessageBubble.tsx

@@ -11,6 +11,7 @@ import BlobyTextCard from './BlobyTextCard';
 import NotchCard from './NotchCard';
 import MorphyActionCard from './MorphyActionCard';
 import type { StoredAttachment } from '../../hooks/useChat';
+import type { LightboxImage } from './ImageLightbox';
 
 interface Props {
   role: 'user' | 'assistant';
@@ -19,7 +20,7 @@ interface Props {
   hasAttachments?: boolean;
   audioData?: string;
   attachments?: StoredAttachment[];
-  onImageClick?: (images: string[], index: number) => void;
+  onImageClick?: (images: LightboxImage[], index: number) => void;
   transcribing?: boolean;
 }
 
@@ -261,16 +262,27 @@ export default function MessageBubble({ role, content, timestamp, hasAttachments
   // Strip channel tag (and [voice] prefix / echoed tags in assistant replies) from BOTH sides
   const { tag: channelTag, body: displayContent } = parseChannelTag(content);
 
-  // Separate image and document attachments
-  const imageAtts = attachments?.filter((a) => a.mediaType?.startsWith('image/')) || [];
-  const docAtts = attachments?.filter((a) => !a.mediaType?.startsWith('image/')) || [];
-
-  // Resolve image URLs
-  const imageUrls = imageAtts
-    .filter((a) => a.filePath)
-    .map((a) =>
-      a.filePath.startsWith('data:') ? a.filePath : `/api/files/${a.filePath}`
-    );
+  // Separate image and document attachments. An attachment counts as an image whenever
+  // its mediaType says so, its type is 'image', OR its name/path has an image extension —
+  // Mac/channel attachments often arrive with a missing or odd mediaType.
+  const isImageAtt = (a: StoredAttachment) =>
+    a.mediaType?.startsWith('image/') ||
+    a.type === 'image' ||
+    /\.(png|jpe?g|gif|webp|avif|bmp|svg|heic|heif)$/i.test(a.name || a.filePath || '');
+  const imageAtts = attachments?.filter(isImageAtt) || [];
+  const docAtts = attachments?.filter((a) => !isImageAtt(a)) || [];
+
+  // Resolve image URLs (keeping them aligned 1:1 with imageAtts so names thread through)
+  const imageAttsWithUrl = imageAtts.filter((a) => a.filePath);
+  const imageUrls = imageAttsWithUrl.map((a) =>
+    a.filePath.startsWith('data:') ? a.filePath : `/api/files/${a.filePath}`
+  );
+  // Lightbox data model: thread the human filename alongside each URL so downloads/alt
+  // text use the real name rather than a data:-URL or random stamp.
+  const imageItems: LightboxImage[] = imageUrls.map((url, i) => ({
+    url,
+    name: imageAttsWithUrl[i]?.name,
+  }));
 
   if (isUser) {
     return (
@@ -285,19 +297,26 @@ export default function MessageBubble({ role, content, timestamp, hasAttachments
                   <AuthedImage
                     key={i}
                     src={url}
-                    alt={imageAtts[i]?.name || 'attachment'}
+                    alt={imageAttsWithUrl[i]?.name || 'attachment'}
                     className="w-28 h-28 rounded-lg object-cover cursor-pointer border border-white/10 hover:opacity-80 transition-opacity"
-                    onClick={() => onImageClick?.(imageUrls, i)}
+                    onClick={() => onImageClick?.(imageItems, i)}
                   />
                 ))}
               </div>
             )}
-            {/* Document attachments */}
+            {/* Document attachments — one row per file with paperclip + filename */}
             {docAtts.length > 0 && (
-              <span className="inline-flex items-center gap-1 text-primary-foreground/60 mr-1.5">
-                <Paperclip className="h-3 w-3" />
-                {docAtts.length > 1 && <span className="text-xs">{docAtts.length}</span>}
-              </span>
+              <div className="flex flex-col gap-1 mb-2">
+                {docAtts.map((a, i) => {
+                  const label = a.name || a.filePath?.split('/').pop() || 'file';
+                  return (
+                    <span key={i} className="inline-flex items-center gap-1 text-primary-foreground/80 text-xs" title={label}>
+                      <Paperclip className="h-3 w-3 shrink-0" />
+                      <span className="truncate max-w-[14rem]">{label}</span>
+                    </span>
+                  );
+                })}
+              </div>
             )}
             {/* Fallback paperclip for legacy messages with no parsed attachments */}
             {!attachments?.length && hasAttachments && (

package/supervisor/chat/src/components/Chat/MessageList.tsx

@@ -2,7 +2,7 @@ import { useCallback, useEffect, useRef, useState } from 'react';
 import type { ChatMessage, ToolActivity } from '../../hooks/useChat';
 import MessageBubble from './MessageBubble';
 import TypingIndicator from './TypingIndicator';
-import ImageLightbox from './ImageLightbox';
+import ImageLightbox, { type LightboxImage } from './ImageLightbox';
 
 interface Props {
   messages: ChatMessage[];
@@ -19,9 +19,9 @@ export default function MessageList({ messages, streaming, streamBuffer, tools,
   const sentinelRef = useRef<HTMLDivElement>(null);
   const isInitialLoad = useRef(true);
   const [loadingOlder, setLoadingOlder] = useState(false);
-  const [lightbox, setLightbox] = useState<{ images: string[]; index: number } | null>(null);
+  const [lightbox, setLightbox] = useState<{ images: LightboxImage[]; index: number } | null>(null);
 
-  const handleImageClick = useCallback((images: string[], index: number) => {
+  const handleImageClick = useCallback((images: LightboxImage[], index: number) => {
     setLightbox({ images, index });
   }, []);
 

package/supervisor/chat/src/hooks/useChat.ts

@@ -39,9 +39,14 @@ export function useChat(ws: WsClient | null) {
   const [streamBuffer, setStreamBuffer] = useState('');
   const [tools, setTools] = useState<ToolActivity[]>([]);
   const loaded = useRef(false);
+  /** Ref to current conversationId (avoids stale closures in the once-registered WS callbacks) */
+  const conversationIdRef = useRef<string | null>(null);
   /** Ref to current streamBuffer (avoids stale closures in callbacks) */
   const streamBufferRef = useRef('');
 
+  // Keep conversationIdRef in sync with state
+  useEffect(() => { conversationIdRef.current = conversationId; }, [conversationId]);
+
   // Load current conversation from DB on mount
   useEffect(() => {
     if (loaded.current) return;
@@ -185,6 +190,53 @@ export function useChat(ws: WsClient | null) {
           },
         ]);
       }),
+      // Cross-device / channel sync: append a message broadcast by the server.
+      // Covers channel-inbound (WhatsApp/Telegram), peer-client, scheduler, and
+      // workspace messages — none of which produce an optimistic bubble here, and
+      // the server skips the sender, so a plain append is correct (no de-dup needed).
+      ws.on('chat:sync', (data: { conversationId: string; message: { role: string; content: string; timestamp?: string; attachments?: StoredAttachment[]; audio_data?: string } }) => {
+        if (data.conversationId !== conversationIdRef.current) return;
+
+        // Resolve audioData the same way the DB loader does (usually absent on sync)
+        let audioData: string | undefined;
+        const raw = data.message.audio_data;
+        if (raw) {
+          if (raw.startsWith('data:')) {
+            audioData = raw;
+          } else if (raw.includes('/')) {
+            audioData = `/api/files/${raw}`;
+          } else {
+            audioData = `data:audio/webm;base64,${raw}`;
+          }
+        }
+
+        setMessages((msgs) => [
+          ...msgs,
+          {
+            id: Date.now().toString(),
+            role: data.message.role as 'user' | 'assistant',
+            content: data.message.content,
+            timestamp: data.message.timestamp || new Date().toISOString(),
+            attachments: data.message.attachments,
+            hasAttachments: !!(data.message.attachments?.length),
+            audioData,
+          },
+        ]);
+      }),
+      // Server created a new conversation (first message of a fresh context)
+      ws.on('chat:conversation-created', (data: { conversationId: string }) => {
+        setConversationId(data.conversationId);
+      }),
+      // Context cleared from any client
+      ws.on('chat:cleared', () => {
+        setMessages([]);
+        setConversationId(null);
+        setStreamBuffer('');
+        streamBufferRef.current = '';
+        setStreaming(false);
+        setTools([]);
+        loaded.current = false;
+      }),
     ];
 
     return () => unsubs.forEach((u) => u());

package/supervisor/chat/src/lib/authedFile.ts

@@ -13,37 +13,49 @@ import { authFetch } from './auth';
  * surface) and handing back a `blob:` object URL is the secure way to render it.
  *
  * `data:`, `blob:`, and other non-`/api/files` inputs (and `undefined`) pass through
- * unchanged. The created object URL is revoked when the input changes or the component
- * unmounts. Returns `undefined` while the fetch is in flight or if it failed, so callers
- * can show a placeholder.
+ * unchanged with status `'ready'`. The created object URL is revoked when the input
+ * changes or the component unmounts. Returns `{ url, status }` so callers can tell a
+ * still-loading fetch (`'loading'`) apart from a failed one (`'error'`, on a non-ok
+ * response or a network throw) and render a distinct broken-image affordance.
  */
-export function useAuthedFileUrl(rawUrl: string | undefined): string | undefined {
+export interface AuthedFile {
+  url: string | undefined;
+  status: 'loading' | 'ready' | 'error';
+}
+
+export function useAuthedFileUrl(rawUrl: string | undefined): AuthedFile {
   const requiresAuthedFetch = !!rawUrl && rawUrl.startsWith('/api/files/');
-  const [resolvedUrl, setResolvedUrl] = useState<string | undefined>(
-    requiresAuthedFetch ? undefined : rawUrl,
+  const [state, setState] = useState<AuthedFile>(
+    requiresAuthedFetch
+      ? { url: undefined, status: 'loading' }
+      : { url: rawUrl, status: 'ready' },
   );
 
   useEffect(() => {
     // Pass through anything that isn't a protected file path (data:/blob:/undefined).
     if (!rawUrl || !rawUrl.startsWith('/api/files/')) {
-      setResolvedUrl(rawUrl);
+      setState({ url: rawUrl, status: 'ready' });
       return;
     }
 
     let createdObjectUrl: string | null = null;
     let cancelled = false;
-    setResolvedUrl(undefined);
+    setState({ url: undefined, status: 'loading' });
 
     (async () => {
       try {
         const response = await authFetch(rawUrl);
-        if (!response.ok) return; // leave undefined → caller shows a placeholder
+        if (cancelled) return;
+        if (!response.ok) {
+          setState({ url: undefined, status: 'error' }); // caller shows a broken-image affordance
+          return;
+        }
         const blob = await response.blob();
         if (cancelled) return;
         createdObjectUrl = URL.createObjectURL(blob);
-        setResolvedUrl(createdObjectUrl);
+        setState({ url: createdObjectUrl, status: 'ready' });
       } catch {
-        /* network error — leave undefined so the caller renders its placeholder */
+        if (!cancelled) setState({ url: undefined, status: 'error' }); // network error → broken-image affordance
       }
     })();
 
@@ -53,5 +65,5 @@ export function useAuthedFileUrl(rawUrl: string | undefined): string | undefined
     };
   }, [rawUrl]);
 
-  return resolvedUrl;
+  return state;
 }

package/supervisor/file-saver.ts

@@ -10,41 +10,114 @@ export interface SavedFile {
   absPath: string;
 }
 
+/** Per-file decoded-byte ceiling. Anything larger is rejected at the save chokepoint
+ *  so a single message can't write an unbounded blob to disk. */
+export const MAX_ATTACHMENT_BYTES = 12 * 1024 * 1024;
+/** Per-message guards (enforced by callers around the save loop). */
+export const MAX_ATTACHMENTS_PER_MESSAGE = 12;
+export const MAX_TOTAL_ATTACHMENT_BYTES = 48 * 1024 * 1024;
+
 export function ensureFileDirs(): void {
   fs.mkdirSync(paths.filesAudio, { recursive: true });
   fs.mkdirSync(paths.filesImages, { recursive: true });
   fs.mkdirSync(paths.filesDocuments, { recursive: true });
 }
 
-export function saveAttachment(att: { type: 'image' | 'file'; name: string; mediaType: string; data: string }): SavedFile {
-  const category = att.type === 'image' ? 'images' : 'documents';
+const EXT_FROM_MIME: Record<string, string> = {
+  'image/png': 'png', 'image/jpeg': 'jpg', 'image/gif': 'gif', 'image/webp': 'webp',
+  'image/avif': 'avif', 'image/bmp': 'bmp', 'image/heic': 'heic', 'image/heif': 'heif', 'image/svg+xml': 'svg',
+  'application/pdf': 'pdf', 'text/plain': 'txt', 'text/markdown': 'md', 'text/csv': 'csv',
+  'application/json': 'json', 'application/xml': 'xml', 'text/html': 'html',
+  'application/zip': 'zip', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet': 'xlsx',
+  'application/vnd.openxmlformats-officedocument.wordprocessingml.document': 'docx',
+};
+
+/** Dependency-free magic-byte sniff for the common binary types. Returns the detected
+ *  media type or undefined when the bytes aren't a recognized signature. We trust this
+ *  over the client-claimed mediaType when it fires — the client controls both name and
+ *  mediaType, so the on-disk extension / served Content-Type must derive from content. */
+function sniffMediaType(buf: Buffer): string | undefined {
+  if (buf.length >= 8 && buf[0] === 0x89 && buf[1] === 0x50 && buf[2] === 0x4e && buf[3] === 0x47) return 'image/png';
+  if (buf.length >= 3 && buf[0] === 0xff && buf[1] === 0xd8 && buf[2] === 0xff) return 'image/jpeg';
+  if (buf.length >= 6) { const s = buf.toString('latin1', 0, 6); if (s === 'GIF87a' || s === 'GIF89a') return 'image/gif'; }
+  if (buf.length >= 12 && buf.toString('latin1', 0, 4) === 'RIFF' && buf.toString('latin1', 8, 12) === 'WEBP') return 'image/webp';
+  if (buf.length >= 5 && buf.toString('latin1', 0, 5) === '%PDF-') return 'application/pdf';
+  if (buf.length >= 4 && buf[0] === 0x50 && buf[1] === 0x4b && (buf[2] === 0x03 || buf[2] === 0x05 || buf[2] === 0x07)) return 'application/zip';
+  return undefined;
+}
+
+/** Strip path separators / control chars from a client-supplied display name and bound
+ *  its length. Never used to build the on-disk filename (that is random) — only for the
+ *  persisted/displayed name. */
+function sanitizeName(name?: string): string {
+  if (!name) return '';
+  return name.replace(/[/\\\u0000-\u001f]/g, '_').replace(/\s+/g, ' ').trim().slice(0, 200);
+}
 
+function stampPrefix(): string {
   const now = new Date();
   const ts = now.toISOString().replace(/[-:T]/g, '').slice(0, 14);
-  const stamp = `${ts.slice(0, 8)}_${ts.slice(8, 14)}`;
-  const rand = crypto.randomBytes(3).toString('hex');
-
-  // Extract extension from original name or mediaType
-  const extFromName = att.name?.includes('.') ? att.name.split('.').pop()! : '';
-  const extFromMime: Record<string, string> = {
-    'image/png': 'png', 'image/jpeg': 'jpg', 'image/gif': 'gif', 'image/webp': 'webp',
-    'application/pdf': 'pdf', 'text/plain': 'txt', 'text/csv': 'csv',
-  };
-  const ext = extFromName || extFromMime[att.mediaType] || 'bin';
+  return `${ts.slice(0, 8)}_${ts.slice(8, 14)}_${crypto.randomBytes(3).toString('hex')}`;
+}
 
-  const filename = `${stamp}_${rand}.${ext}`;
-  const relPath = `${category}/${filename}`;
+export function saveAttachment(att: { type: 'image' | 'file'; name?: string; mediaType: string; data: string }): SavedFile {
+  const buf = Buffer.from(att.data || '', 'base64');
+  if (buf.length === 0) throw new Error('empty attachment payload');
+  if (buf.length > MAX_ATTACHMENT_BYTES) {
+    throw new Error(`attachment too large: ${buf.length} bytes (max ${MAX_ATTACHMENT_BYTES})`);
+  }
 
-  const dir = category === 'images' ? paths.filesImages : paths.filesDocuments;
+  // Content is authoritative. When we recognize the bytes, the sniffed type drives the
+  // media type, the on-disk category, and the rendered image/doc classification — so a
+  // client can't mislabel a PDF as image/png (or vice-versa) to land it in the wrong bucket.
+  const sniffed = sniffMediaType(buf);
+  const claimedImage = att.type === 'image' || (att.mediaType || '').toLowerCase().startsWith('image/');
+  const isImage = sniffed ? sniffed.startsWith('image/') : claimedImage;
+  const effectiveMediaType = sniffed || att.mediaType || (isImage ? 'image/jpeg' : 'application/octet-stream');
+
+  const category = isImage ? 'images' : 'documents';
+  const cleanName = sanitizeName(att.name);
+
+  // Extension: prefer the validated/sniffed media type, then a sanitized client extension,
+  // then a generic fallback. (Never trust the raw client name for the on-disk path.)
+  const extFromName = cleanName.includes('.') ? cleanName.split('.').pop()!.toLowerCase().replace(/[^a-z0-9]/g, '').slice(0, 8) : '';
+  const ext = EXT_FROM_MIME[effectiveMediaType] || extFromName || 'bin';
+
+  const filename = `${stampPrefix()}.${ext}`;
+  const relPath = `${category}/${filename}`;
+  const dir = isImage ? paths.filesImages : paths.filesDocuments;
   const absPath = `${dir}/${filename}`;
 
-  fs.writeFileSync(absPath, Buffer.from(att.data, 'base64'));
+  fs.writeFileSync(absPath, buf);
 
   return {
-    type: att.type === 'image' ? 'image' : 'document',
-    name: att.name,
-    mediaType: att.mediaType,
+    type: isImage ? 'image' : 'document',
+    name: cleanName,
+    mediaType: effectiveMediaType,
     relPath,
     absPath,
   };
 }
+
+/** Persist a voice/audio clip (raw base64) to files/audio and return its served path.
+ *  Audio rides on a message as meta.audio_data = relPath (not in the attachments array),
+ *  so the chat can replay it after a refresh. */
+export function saveAudio(base64: string, mediaType = 'audio/webm'): { relPath: string; absPath: string; mediaType: string } {
+  const buf = Buffer.from(base64 || '', 'base64');
+  if (buf.length === 0) throw new Error('empty audio payload');
+  if (buf.length > MAX_ATTACHMENT_BYTES) throw new Error(`audio too large: ${buf.length} bytes`);
+
+  const mt = (mediaType || 'audio/webm').toLowerCase();
+  const ext = mt.includes('webm') ? 'webm'
+    : (mt.includes('mp4') || mt.includes('m4a') || mt.includes('aac')) ? 'm4a'
+    : (mt.includes('mpeg') || mt.includes('mp3')) ? 'mp3'
+    : mt.includes('wav') ? 'wav'
+    : mt.includes('ogg') ? 'ogg'
+    : 'webm';
+
+  const filename = `${stampPrefix()}.${ext}`;
+  const relPath = `audio/${filename}`;
+  const absPath = `${paths.filesAudio}/${filename}`;
+  fs.writeFileSync(absPath, buf);
+  return { relPath, absPath, mediaType: mediaType || 'audio/webm' };
+}

package/supervisor/harnesses/attachment-policy.ts

@@ -0,0 +1,111 @@
+/**
+ * Shared attachment-ingestion policy — the SINGLE source of truth all three
+ * harnesses (Claude Agent SDK, Codex app-server, PI) consult when turning an
+ * AgentAttachment into provider content. Centralizing it here is what makes the
+ * three harnesses behave consistently instead of drifting (different text
+ * allowlists, different size caps, different "saved to disk" wording, etc.).
+ *
+ * Routing rule (per the canonical attachment contract):
+ *   • image/*           → native image content block (vision)
+ *   • application/pdf    → native document block WHERE the provider supports it
+ *                          (Claude always; PI-anthropic; PI-gemini). Otherwise the
+ *                          file is on disk and the model reads it via its file tools.
+ *   • text-like          → decode + cap + inline as a text note
+ *   • everything else     → a disk-pointer note (the agent opens it with Read/Bash)
+ *
+ * The constraint on what is ingested is the MODEL's capability, never an arbitrary
+ * blocklist of ours — anything that cannot be inlined is still saved to disk and
+ * surfaced to the agent's file tools, so nothing is silently dropped.
+ */
+
+import type { SavedFile } from '../file-saver.js';
+
+/** Per-file / cross-file budgets for INLINING text-like documents as model-visible text.
+ *  Both expressed in characters of decoded text so all harnesses agree on the unit
+ *  (Codex previously capped on bytes, PI on chars — they diverged). The file is also
+ *  on disk, so truncating the inline copy is lossless for a tool-capable agent. */
+export const INLINE_TEXT_PER_FILE_CHARS = 48_000;
+export const INLINE_TEXT_TOTAL_CHARS = 96_000;
+
+/** Hard ceiling on a single inlined base64 image (decoded bytes). Over this we drop the
+ *  inline image and fall back to the saved-files disk pointer rather than bloat every
+ *  stateless resend with a multi-MB payload. */
+export const MAX_INLINE_IMAGE_BYTES = 5 * 1024 * 1024;
+
+/** Media types whose bytes are safe/useful to decode and inline as plain text.
+ *  Anchored, union of the lists Codex and PI carried separately. */
+const INLINE_TEXT_RE =
+  /^(?:text\/[\w.+-]+|application\/(?:json|xml|x-ndjson|ld\+json|yaml|x-yaml|toml|x-sh|javascript|ecmascript|x-www-form-urlencoded|csv))$/i;
+
+/** Image media types we will hand to a provider as a native image block. */
+const INLINE_IMAGE_RE = /^image\/(?:png|jpe?g|gif|webp|avif|bmp|heic|heif)$/i;
+
+export function isInlineTextMediaType(mt?: string): boolean {
+  if (!mt) return false;
+  const base = mt.split(';')[0].trim().toLowerCase();
+  return INLINE_TEXT_RE.test(base);
+}
+
+export function isInlinePdf(mt?: string): boolean {
+  if (!mt) return false;
+  return mt.split(';')[0].trim().toLowerCase() === 'application/pdf';
+}
+
+export function isImageMediaType(mt?: string): boolean {
+  if (!mt) return false;
+  return INLINE_IMAGE_RE.test(mt.split(';')[0].trim().toLowerCase());
+}
+
+/** Coerce an image media type to one every provider accepts. Unknown/garbage
+ *  (undefined, "", "application/octet-stream", "img/png", …) → image/jpeg so we
+ *  never emit `data:undefined;base64,` or a provider-rejected document type. */
+export function normalizeImageMediaType(mt?: string): string {
+  if (!mt) return 'image/jpeg';
+  const base = mt.split(';')[0].trim().toLowerCase();
+  if (base === 'image/jpg') return 'image/jpeg';
+  return INLINE_IMAGE_RE.test(base) ? base : 'image/jpeg';
+}
+
+/** Approximate decoded byte length of a base64 string without allocating a Buffer. */
+export function approxBase64Bytes(data: string): number {
+  if (!data) return 0;
+  const len = data.length;
+  let padding = 0;
+  if (data.endsWith('==')) padding = 2;
+  else if (data.endsWith('=')) padding = 1;
+  return Math.max(0, Math.floor((len * 3) / 4) - padding);
+}
+
+export type AttachmentRoute = 'image' | 'native-document' | 'inline-text' | 'reference-only';
+
+/**
+ * Decide how a non-image / document attachment should reach the model, given the
+ * active provider's native-document capability.
+ *  - canNativeDocument: true for Claude, PI-anthropic, PI-gemini (PDF via document block).
+ */
+export function routeAttachment(
+  att: { type: 'image' | 'file'; mediaType: string; data?: string },
+  opts: { canNativeDocument: boolean },
+): AttachmentRoute {
+  // An empty/undefined payload must never become an inline provider block: a
+  // `data:''`/empty base64 image or document source 400s the entire turn on
+  // Anthropic/Gemini. Degrade to reference-only (there's no SavedFile for it
+  // either, so it's simply skipped). Mirrors Codex's `if (!att.data) break;`.
+  if (!att.data) return 'reference-only';
+  if (att.type === 'image' || isImageMediaType(att.mediaType)) return 'image';
+  if (isInlinePdf(att.mediaType) && opts.canNativeDocument) return 'native-document';
+  if (isInlineTextMediaType(att.mediaType)) return 'inline-text';
+  return 'reference-only';
+}
+
+/**
+ * The ONE canonical "files are on disk, read them with your tools" note. Every
+ * harness emits byte-identical wording so the agent's behavior doesn't depend on
+ * which provider is active. Cites the ABSOLUTE path because the persisted relPath
+ * (`<category>/<file>`) omits the `files/` segment and isn't openable as-is.
+ */
+export function buildSavedFilesNote(savedFiles: SavedFile[]): string {
+  if (!savedFiles?.length) return '';
+  const lines = savedFiles.map((f) => `- ${f.name || f.relPath} (${f.mediaType}) → ${f.absPath}`);
+  return `[attached files saved to disk — open them with your file tools (Read/Bash) if you need their contents]\n${lines.join('\n')}`;
+}

package/supervisor/harnesses/claude.ts

@@ -21,6 +21,15 @@ import { assembleSystemPrompt } from '../../worker/prompts/prompt-assembler.js';
 import { buildAgents } from '../agents/index.js';
 import { preWarm, claimWarmup, discardWarmup } from '../cli-warmup.js';
 import { mirrorSkillsInto } from './skills.js';
+import {
+  routeAttachment,
+  normalizeImageMediaType,
+  approxBase64Bytes,
+  buildSavedFilesNote,
+  INLINE_TEXT_PER_FILE_CHARS,
+  INLINE_TEXT_TOTAL_CHARS,
+  MAX_INLINE_IMAGE_BYTES,
+} from './attachment-policy.js';
 
 // ── Types ──────────────────────────────────────────────────────────────────
 
@@ -157,30 +166,68 @@ function loadMcpServers(): Record<string, any> | undefined {
   return undefined;
 }
 
-/** Build an SDKUserMessage from text + optional attachments */
+/** Build an SDKUserMessage from text + optional attachments.
+ *  Routing is delegated to the shared attachment-policy so all three harnesses
+ *  ingest identically. The Anthropic Messages API base64 document source accepts
+ *  ONLY application/pdf — handing it a docx/xlsx/csv/markdown/octet-stream 400s
+ *  the whole turn — so non-PDF binaries are NOT emitted as provider blocks; they
+ *  ride on the saved-files disk pointer instead. Blocks stay MEDIA-FIRST, TEXT-last. */
 function buildUserMessage(text: string, attachments?: AgentAttachment[], savedFiles?: SavedFile[]): SDKUserMessage {
   const content: any[] = [];
 
   if (attachments?.length) {
+    // Running budget so the cross-file inline-text total never exceeds the cap.
+    let inlineTextBudget = INLINE_TEXT_TOTAL_CHARS;
+
     for (const att of attachments) {
-      if (att.type === 'image') {
-        content.push({
-          type: 'image',
-          source: { type: 'base64', media_type: att.mediaType, data: att.data },
-        });
-      } else {
-        content.push({
-          type: 'document',
-          source: { type: 'base64', media_type: att.mediaType, data: att.data },
-        });
+      // Claude natively renders PDF document blocks (vision over the rendered pages).
+      const route = routeAttachment(att, { canNativeDocument: true });
+      switch (route) {
+        case 'image': {
+          // Drop the inline copy when it would bloat every stateless resend — the
+          // file is on disk and buildSavedFilesNote points the file tools at it.
+          if (approxBase64Bytes(att.data) > MAX_INLINE_IMAGE_BYTES) break;
+          content.push({
+            type: 'image',
+            source: { type: 'base64', media_type: normalizeImageMediaType(att.mediaType), data: att.data },
+          });
+          break;
+        }
+        case 'native-document': {
+          content.push({
+            type: 'document',
+            source: { type: 'base64', media_type: 'application/pdf', data: att.data },
+          });
+          break;
+        }
+        case 'inline-text': {
+          if (inlineTextBudget <= 0) break;
+          let decoded = '';
+          try {
+            decoded = Buffer.from(att.data, 'base64').toString('utf-8');
+          } catch {
+            break; // undecodable → rely on the saved-files note
+          }
+          const cap = Math.min(INLINE_TEXT_PER_FILE_CHARS, inlineTextBudget);
+          const slice = decoded.slice(0, cap);
+          inlineTextBudget -= slice.length;
+          // text/csv/markdown also 400 as document sources, so inline as a text note.
+          content.push({ type: 'text', text: `--- ${att.name} ---\n${slice}` });
+          break;
+        }
+        case 'reference-only':
+        default:
+          // Binary we can't inline (docx/xlsx/zip/…) or an unexpected route — no
+          // provider block; the saved-files note below carries the disk pointer.
+          break;
       }
     }
   }
 
   let promptText = text || '(attached files)';
   if (savedFiles?.length) {
-    const lines = savedFiles.map((f) => `- ${f.name} -> ${f.relPath}`);
-    promptText += `\n\n[Attached files saved to disk]\n${lines.join('\n')}\nYou can read or reference these files using the paths above (relative to your cwd).`;
+    const note = buildSavedFilesNote(savedFiles);
+    if (note) promptText += `\n\n${note}`;
   }
 
   content.push({ type: 'text', text: promptText });
@@ -663,8 +710,8 @@ export async function startBlobyAgentQuery(
 
   let plainPrompt = prompt;
   if (savedFiles?.length && !attachments?.length) {
-    const lines = savedFiles.map((f) => `- ${f.name} -> ${f.relPath}`);
-    plainPrompt += `\n\n[Attached files saved to disk]\n${lines.join('\n')}\nYou can read or reference these files using the paths above (relative to your cwd).`;
+    const note = buildSavedFilesNote(savedFiles);
+    if (note) plainPrompt += `\n\n${note}`;
   }
 
   const sdkPrompt: string | AsyncIterable<SDKUserMessage> =