bosun 0.36.0 → 0.36.2

package/.env.example

@@ -105,7 +105,7 @@ TELEGRAM_MINIAPP_ENABLED=false
 # ║  • Send commands to agents that execute code on YOUR machine         ║
 # ║  • Access secrets, API keys, and environment variables               ║
 # ║                                                                      ║
-# ║ Combined with TELEGRAM_UI_TUNNEL=auto (Cloudflare tunnel), your UI   ║
+# ║ Combined with TELEGRAM_UI_TUNNEL=named (Cloudflare tunnel), your UI  ║
 # ║ gets a PUBLIC internet URL — meaning ANYONE ON THE INTERNET can      ║
 # ║ find and control your machine.                                       ║
 # ║                                                                      ║
@@ -120,23 +120,72 @@ TELEGRAM_MINIAPP_ENABLED=false
 # ── Cloudflare Tunnel (for persistent HTTPS) ────────────────────────────────
 # Telegram Mini App requires HTTPS with a valid cert. Cloudflare tunnels provide this.
 #
-# Two modes:
-# 1. **Quick tunnel** (default): Random *.trycloudflare.com URL, no setup required.
-#    Pros: Zero config. Cons: URL changes on every restart (refresh Telegram button).
+# Default mode is **named** (permanent hostname, zero tunnel traffic cost):
+#   1. Create tunnel: `cloudflared tunnel create <name>`
+#   2. Save credentials json path
+#   3. Set base domain + Cloudflare DNS API token/zone id
+# Bosun will resolve deterministic per-user hostnames and create/verify the CNAME idempotently.
 #
-# 2. **Named tunnel** (persistent): Custom domain that never changes.
-#    Setup:
-#      a) Create tunnel: `cloudflared tunnel create <name>`
-#      b) Add DNS: `cloudflared tunnel route dns <name> subdomain.yourdomain.com`
-#      c) Set env vars below.
-#    Pros: Stable URL (no Telegram button refresh). Cons: Requires Cloudflare account.
-#
-# Named tunnel env vars (leave blank for quick tunnel):
+# Named tunnel required env:
 # CLOUDFLARE_TUNNEL_NAME=my-tunnel
 # CLOUDFLARE_TUNNEL_CREDENTIALS=/home/user/.cloudflared/<tunnel-id>.json
+# CLOUDFLARE_BASE_DOMAIN=bosun.det.io
+# CLOUDFLARE_ZONE_ID=<cloudflare-zone-id>
+# CLOUDFLARE_API_TOKEN=<token-with-zone-dns-edit-scope>
+#
+# Optional overrides:
+# CLOUDFLARE_TUNNEL_HOSTNAME=jon.bosun.det.io
+# CLOUDFLARE_USERNAME_HOSTNAME_POLICY=per-user-fixed   # per-user-fixed | fixed
+# CLOUDFLARE_DNS_SYNC_ENABLED=true
+# CLOUDFLARE_DNS_MAX_RETRIES=3
+# CLOUDFLARE_DNS_RETRY_BASE_MS=750
 #
-# Tunnel mode control: auto | cloudflared | disabled
-# TELEGRAM_UI_TUNNEL=auto
+# Tunnel mode control: named | quick | auto | cloudflared | disabled
+# TELEGRAM_UI_TUNNEL=named
+# TELEGRAM_UI_ALLOW_QUICK_TUNNEL_FALLBACK=false
+#
+# Fallback admin auth (secondary path; never stores plaintext credentials):
+# Use API to set/reset credential after startup:
+#   POST /api/auth/fallback/set   { "secret": "..." }
+#   POST /api/auth/fallback/rotate { "secret": "..." }
+#   POST /api/auth/fallback/reset
+#   POST /api/auth/fallback/login { "secret": "..." }
+# TELEGRAM_UI_FALLBACK_AUTH_ENABLED=true
+# TELEGRAM_UI_FALLBACK_AUTH_RATE_LIMIT_IP_PER_MIN=10
+# TELEGRAM_UI_FALLBACK_AUTH_RATE_LIMIT_GLOBAL_PER_MIN=60
+# TELEGRAM_UI_FALLBACK_AUTH_MAX_FAILURES=5
+# TELEGRAM_UI_FALLBACK_AUTH_LOCKOUT_MS=600000
+# TELEGRAM_UI_FALLBACK_AUTH_ROTATE_DAYS=30
+# TELEGRAM_UI_FALLBACK_AUTH_TRANSIENT_COOLDOWN_MS=5000
+
+# ─── Voice Assistant (v0.36+) ───────────────────────────────────────────────
+# Enable real-time voice mode in the UI.
+VOICE_ENABLED=true
+# auto | openai | azure | claude | gemini | fallback
+VOICE_PROVIDER=auto
+# Realtime model (used by openai/azure Tier 1, or as provider-specific default override)
+VOICE_MODEL=gpt-4o-realtime-preview-2024-12-17
+# Vision model for live screen/camera frame understanding
+VOICE_VISION_MODEL=gpt-4.1-mini
+# Optional dedicated key for realtime sessions (falls back to OPENAI_API_KEY)
+# OPENAI_REALTIME_API_KEY=
+# Azure Realtime settings (used when VOICE_PROVIDER=azure, or auto with Azure vars)
+# AZURE_OPENAI_REALTIME_ENDPOINT=https://<resource>.openai.azure.com
+# AZURE_OPENAI_REALTIME_API_KEY=
+# AZURE_OPENAI_REALTIME_DEPLOYMENT=gpt-4o-realtime-preview
+# Claude provider mode (Tier 2 voice fallback + Claude vision)
+# ANTHROPIC_API_KEY=
+# Gemini provider mode (Tier 2 voice fallback + Gemini vision)
+# GEMINI_API_KEY=
+# GOOGLE_API_KEY=
+# Voice output persona
+VOICE_ID=alloy
+# server_vad | semantic_vad | none
+VOICE_TURN_DETECTION=server_vad
+# browser | disabled (used when Tier 1 realtime is unavailable)
+VOICE_FALLBACK_MODE=browser
+# Executor used by voice tool delegations for complex requests
+VOICE_DELEGATE_EXECUTOR=codex-sdk
 
 # ─── Desktop Portal ────────────────────────────────────────────────────────
 # Auto-start bosun daemon when the desktop portal launches (default: true)
@@ -294,7 +343,7 @@ TELEGRAM_MINIAPP_ENABLED=false
 # INTERNAL_EXECUTOR_BASE_BRANCH_PARALLEL=0
 # How often to poll kanban for new tasks in ms (default: 30000)
 # INTERNAL_EXECUTOR_POLL_MS=30000
-# SDK to use: "auto" | "codex" | "copilot" | "claude" (default: auto)
+# SDK to use: "auto" | "codex" | "copilot" | "claude" | "gemini" | "opencode" (default: auto)
 # INTERNAL_EXECUTOR_SDK=auto
 # Timeout per task execution in ms (default: 5400000 = 90 min)
 # INTERNAL_EXECUTOR_TIMEOUT_MS=5400000
@@ -316,6 +365,18 @@ TELEGRAM_MINIAPP_ENABLED=false
 # INTERNAL_EXECUTOR_REPLENISH_MAX_NEW_TASKS=2
 # Require explicit priority for generated tasks (default: true)
 # INTERNAL_EXECUTOR_REPLENISH_REQUIRE_PRIORITY=true
+# Stream retry ceiling for transient stream disconnects (default: 5)
+# INTERNAL_EXECUTOR_STREAM_MAX_RETRIES=5
+# Stream retry backoff base delay in ms (default: 2000)
+# INTERNAL_EXECUTOR_STREAM_RETRY_BASE_MS=2000
+# Stream retry backoff max delay in ms (default: 32000)
+# INTERNAL_EXECUTOR_STREAM_RETRY_MAX_MS=32000
+# Abort/retry turns that emit no stream events within this budget (default: 120000)
+# INTERNAL_EXECUTOR_STREAM_FIRST_EVENT_TIMEOUT_MS=120000
+# Cap number of completed stream items retained per turn (default: 600)
+# INTERNAL_EXECUTOR_STREAM_MAX_ITEMS_PER_TURN=600
+# Truncate oversized item payload strings to this char budget (default: 12000)
+# INTERNAL_EXECUTOR_STREAM_MAX_ITEM_CHARS=12000
 # Project requirements profile used by planner/replenishment prompts
 # Allowed: simple-feature | feature | large-feature | system | multi-system
 # PROJECT_REQUIREMENTS_PROFILE=feature
@@ -653,7 +714,7 @@ VK_RECOVERY_PORT=54089
 # Set to true to disable all Codex/AI features (analysis, autofix, shell)
 # CODEX_SDK_DISABLED=false
 
-# Primary agent adapter: codex-sdk | copilot-sdk | claude-sdk
+# Primary agent adapter: codex-sdk | copilot-sdk | claude-sdk | gemini-sdk | opencode-sdk
 # PRIMARY_AGENT=codex-sdk
 # Set to true to disable the primary agent adapter
 # PRIMARY_AGENT_DISABLED=false
@@ -834,6 +895,27 @@ VK_RECOVERY_PORT=54089
 # ANTHROPIC_API_KEY=sk-ant-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 # CLAUDE_API_KEY=your-anthropic-api-key
 # CLAUDE_KEY=your-anthropic-api-key
+
+# ─── Gemini SDK ──────────────────────────────────────────────────────────────
+# Set to true to disable Gemini SDK features
+# GEMINI_SDK_DISABLED=false
+# Transport selector: auto | sdk | cli
+# GEMINI_TRANSPORT=auto
+# Gemini model (default: gemini-2.5-pro)
+# GEMINI_MODEL=gemini-2.5-pro
+# API key (either variable works)
+# GEMINI_API_KEY=
+# GOOGLE_API_KEY=
+# Optional Gemini API base URL override
+# GEMINI_BASE_URL=
+
+# ─── OpenCode SDK ────────────────────────────────────────────────────────────
+# Set to true to disable OpenCode SDK features
+# OPENCODE_SDK_DISABLED=false
+# Local OpenCode server port
+# OPENCODE_PORT=4096
+# Optional model override passed to OpenCode
+# OPENCODE_MODEL=gpt-5.2-codex
 # ─── Merge Strategy (Codex-powered PR decision engine) ───────────────────────
 # When a task completes, analyze the agent's output via Codex SDK to decide:
 # merge_after_ci_pass, prompt (agent), close_pr, re_attempt, manual_review, wait

package/README.md

@@ -44,6 +44,33 @@ Requires:
 
 ---
 
+## Permanent Mini App Hostname + Fallback Auth
+
+Bosun defaults the Mini App tunnel to **named** mode so the Telegram URL can stay stable (`<user>.<base-domain>`), with quick tunnels only as explicit fallback.
+
+Required Cloudflare settings:
+
+- `CLOUDFLARE_TUNNEL_NAME`
+- `CLOUDFLARE_TUNNEL_CREDENTIALS`
+- `CLOUDFLARE_BASE_DOMAIN` (for example `bosun.det.io`)
+- `CLOUDFLARE_ZONE_ID`
+- `CLOUDFLARE_API_TOKEN` (Zone DNS edit scope for the target zone)
+
+Useful optional settings:
+
+- `CLOUDFLARE_TUNNEL_HOSTNAME` (explicit hostname override)
+- `CLOUDFLARE_USERNAME_HOSTNAME_POLICY=per-user-fixed`
+- `TELEGRAM_UI_ALLOW_QUICK_TUNNEL_FALLBACK=false`
+
+Fallback admin auth (secondary path) is available and stores only Argon2id hash + salt, never plaintext. Use:
+
+- `POST /api/auth/fallback/set` to set/rotate
+- `POST /api/auth/fallback/rotate` as explicit rotate alias
+- `POST /api/auth/fallback/reset` to clear
+- `POST /api/auth/fallback/login` to mint normal `ve_session` cookie
+
+---
+
 ## What Bosun does
 
 - Routes work across Codex, Copilot, Claude, and OpenCode executors

package/agent-event-bus.mjs

@@ -387,7 +387,7 @@ export class AgentEventBus {
       if (this._sendTelegram) {
         const task = this._resolveTask(taskId);
         const title = task?.title || taskId;
-        this._sendTelegram(`🛑 Task blocked: "${title}" (source: ${source})`);
+        this._sendTelegram(`:close: Task blocked: "${title}" (source: ${source})`);
       }
     }
   }
@@ -401,7 +401,7 @@ export class AgentEventBus {
       reason: reason || "manual",
     });
     if (this._sendTelegram) {
-      this._sendTelegram(`⏸️ Executor paused: ${reason || "manual"}`);
+      this._sendTelegram(`:pause: Executor paused: ${reason || "manual"}`);
     }
   }
 
@@ -662,7 +662,7 @@ export class AgentEventBus {
           const task = this._resolveTask(taskId);
           const title = task?.title || taskId;
           this._sendTelegram(
-            `🛑 Auto-blocked: "${title}" — ${recovery?.reason || "too many errors"}`,
+            `:close: Auto-blocked: "${title}" — ${recovery?.reason || "too many errors"}`,
           );
         }
         console.log(
@@ -694,7 +694,7 @@ export class AgentEventBus {
         });
         if (this._sendTelegram) {
           this._sendTelegram(
-            `⏸️ Executor auto-paused: ${recovery?.reason || "rate limit flood"}`,
+            `:pause: Executor auto-paused: ${recovery?.reason || "rate limit flood"}`,
           );
         }
         console.log(`${TAG} executor paused: ${recovery?.reason}`);
@@ -710,7 +710,7 @@ export class AgentEventBus {
           const task = this._resolveTask(taskId);
           const title = task?.title || taskId;
           this._sendTelegram(
-            `⚠️ "${title}" needs manual review: ${recovery?.reason || "repeated errors"}`,
+            `:alert: "${title}" needs manual review: ${recovery?.reason || "repeated errors"}`,
           );
         }
         break;

package/agent-pool.mjs

@@ -95,6 +95,117 @@ const MAX_PROMPT_BYTES = 180_000;
 const MAX_SET_TIMEOUT_MS = 2_147_483_647; // Node.js setTimeout 32-bit signed max
 let timeoutClampWarningKey = "";
 const DEFAULT_FIRST_EVENT_TIMEOUT_MS = 120_000;
+const DEFAULT_MAX_ITEMS_PER_TURN = 600;
+const DEFAULT_MAX_ITEM_CHARS = 12_000;
+const TOOL_OUTPUT_GUARDRAIL = String.raw`
+
+[Tool Output Guardrail] Keep tool outputs compact: prefer narrow searches, bounded command output (for example head/tail), and summaries for large results instead of dumping full payloads.`;
+
+function parseBoundedNumber(value, fallback, min, max) {
+  const num = Number(value);
+  if (!Number.isFinite(num)) return fallback;
+  return Math.min(Math.max(Math.trunc(num), min), max);
+}
+
+function getInternalExecutorStreamConfig() {
+  try {
+    const cfg = loadConfig();
+    const stream = cfg?.internalExecutor?.stream;
+    return stream && typeof stream === "object" ? stream : {};
+  } catch {
+    return {};
+  }
+}
+
+function truncateText(text, maxChars) {
+  if (typeof text !== "string") return text;
+  if (!Number.isFinite(maxChars) || maxChars < 1 || text.length <= maxChars) {
+    return text;
+  }
+  const trimmed = text.slice(0, maxChars);
+  const removed = text.length - maxChars;
+  return `${trimmed}
+
+[…truncated ${removed} chars…]`;
+}
+
+function truncateItemForStorage(item, maxChars) {
+  if (!item || typeof item !== "object") return item;
+  if (!Number.isFinite(maxChars) || maxChars < 1) return item;
+
+  const next = { ...item };
+  const directStringKeys = [
+    "text",
+    "output",
+    "aggregated_output",
+    "stderr",
+    "stdout",
+    "result",
+    "message",
+  ];
+  for (const key of directStringKeys) {
+    if (typeof next[key] === "string") {
+      next[key] = truncateText(next[key], maxChars);
+    }
+  }
+
+  if (Array.isArray(next.content)) {
+    next.content = next.content.map((entry) => {
+      if (entry && typeof entry === "object" && typeof entry.text === "string") {
+        return { ...entry, text: truncateText(entry.text, maxChars) };
+      }
+      return entry;
+    });
+  }
+
+  if (next.error && typeof next.error === "object") {
+    next.error = {
+      ...next.error,
+      message: truncateText(next.error.message, maxChars),
+    };
+  }
+
+  return next;
+}
+
+function resolveCodexStreamSafety(totalTimeoutMs) {
+  const streamCfg = getInternalExecutorStreamConfig();
+  const firstEventRaw =
+    process.env.INTERNAL_EXECUTOR_STREAM_FIRST_EVENT_TIMEOUT_MS ||
+    process.env.AGENT_POOL_FIRST_EVENT_TIMEOUT_MS ||
+    streamCfg.firstEventTimeoutMs ||
+    DEFAULT_FIRST_EVENT_TIMEOUT_MS;
+  const maxItemsRaw =
+    process.env.INTERNAL_EXECUTOR_STREAM_MAX_ITEMS_PER_TURN ||
+    streamCfg.maxItemsPerTurn ||
+    DEFAULT_MAX_ITEMS_PER_TURN;
+  const maxItemCharsRaw =
+    process.env.INTERNAL_EXECUTOR_STREAM_MAX_ITEM_CHARS ||
+    streamCfg.maxItemChars ||
+    DEFAULT_MAX_ITEM_CHARS;
+
+  const configuredFirstEventMs = parseBoundedNumber(
+    firstEventRaw,
+    DEFAULT_FIRST_EVENT_TIMEOUT_MS,
+    1_000,
+    60 * 60 * 1000,
+  );
+  const budgetMs = Number(totalTimeoutMs);
+  let firstEventTimeoutMs = null;
+  if (Number.isFinite(budgetMs) && budgetMs > 2_000) {
+    const maxAllowed = Math.max(1_000, budgetMs - 1_000);
+    firstEventTimeoutMs = clampTimerDelayMs(
+      Math.min(configuredFirstEventMs, maxAllowed),
+      "first-event-timeout",
+    );
+  }
+
+  return {
+    firstEventTimeoutMs,
+    maxItemsPerTurn: parseBoundedNumber(maxItemsRaw, DEFAULT_MAX_ITEMS_PER_TURN, 1, 5000),
+    maxItemChars: parseBoundedNumber(maxItemCharsRaw, DEFAULT_MAX_ITEM_CHARS, 1, 250000),
+  };
+}
 
 function clampTimerDelayMs(delayMs, label = "timer") {
   const parsed = Number(delayMs);
@@ -113,14 +224,7 @@ function clampTimerDelayMs(delayMs, label = "timer") {
 }
 
 function getFirstEventTimeoutMs(totalTimeoutMs) {
-  const configured = Number(
-    process.env.AGENT_POOL_FIRST_EVENT_TIMEOUT_MS || DEFAULT_FIRST_EVENT_TIMEOUT_MS,
-  );
-  if (!Number.isFinite(configured) || configured <= 0) return null;
-  const budgetMs = Number(totalTimeoutMs);
-  if (!Number.isFinite(budgetMs) || budgetMs <= 2_000) return null;
-  const maxAllowed = Math.max(5_000, budgetMs - 1_000);
-  return clampTimerDelayMs(Math.min(Math.trunc(configured), maxAllowed), "first-event-timeout");
+  return resolveCodexStreamSafety(totalTimeoutMs).firstEventTimeoutMs;
 }
 
 function sanitizeAndBoundPrompt(text) {
@@ -982,13 +1086,15 @@ async function launchCodexThread(prompt, cwd, timeoutMs, extra = {}) {
 
   // ── 4. Stream the turn ───────────────────────────────────────────────────
   try {
-    const safePrompt = sanitizeAndBoundPrompt(prompt);
+    const streamSafety = resolveCodexStreamSafety(timeoutMs);
+    const safePrompt = sanitizeAndBoundPrompt(`${prompt}${TOOL_OUTPUT_GUARDRAIL}`);
     const turn = await thread.runStreamed(safePrompt, {
       signal: controller.signal,
     });
 
     let finalResponse = "";
     const allItems = [];
+    let droppedItems = 0;
     // Race the event iterator against a hard timeout.
     // The soft timeout fires controller.abort() which the SDK should honor.
     // The hard timeout is a safety net in case the SDK iterator ignores the abort.
@@ -1018,7 +1124,11 @@ async function launchCodexThread(prompt, cwd, timeoutMs, extra = {}) {
           }
         }
         if (event.type === "item.completed") {
-          allItems.push(event.item);
+          if (allItems.length < streamSafety.maxItemsPerTurn) {
+            allItems.push(truncateItemForStorage(event.item, streamSafety.maxItemChars));
+          } else {
+            droppedItems += 1;
+          }
           if (event.item.type === "agent_message" && event.item.text) {
             finalResponse += event.item.text + "\n";
           }
@@ -1026,7 +1136,7 @@ async function launchCodexThread(prompt, cwd, timeoutMs, extra = {}) {
       }
     };
 
-    const firstEventTimeoutMs = getFirstEventTimeoutMs(timeoutMs);
+    const firstEventTimeoutMs = streamSafety.firstEventTimeoutMs;
     if (firstEventTimeoutMs) {
       firstEventTimer = setTimeout(() => {
         if (eventCount > 0 || controller.signal.aborted) return;
@@ -1041,6 +1151,13 @@ async function launchCodexThread(prompt, cwd, timeoutMs, extra = {}) {
     if (firstEventTimer) clearTimeout(firstEventTimer);
     clearAbortScope();
 
+    if (droppedItems > 0) {
+      allItems.push({
+        type: "stream_notice",
+        text: `Dropped ${droppedItems} completed items to stay within INTERNAL_EXECUTOR_STREAM_MAX_ITEMS_PER_TURN=${streamSafety.maxItemsPerTurn}.`,
+      });
+    }
+
     const output =
       finalResponse.trim() || "(Agent completed with no text output)";
     if (steerKey) unregisterActiveSession(steerKey);
@@ -2786,7 +2903,7 @@ export async function launchOrResumeThread(
     ) {
       const remaining = MAX_THREAD_TURNS - existing.turnCount;
       console.warn(
-        `${TAG} ⚠ thread for task "${taskKey}" approaching exhaustion: ${existing.turnCount}/${MAX_THREAD_TURNS} turns (${remaining} remaining)`,
+        `${TAG} :alert: thread for task "${taskKey}" approaching exhaustion: ${existing.turnCount}/${MAX_THREAD_TURNS} turns (${remaining} remaining)`,
       );
     }
 

package/agent-prompts.mjs

@@ -208,13 +208,17 @@ You generate production-grade backlog tasks for autonomous executors.
 - Do not call any kanban API, CLI, or external service to create tasks.
   The workflow will automatically materialize your output into kanban tasks.
 - Output must be machine-parseable JSON — see Output Contract below.
+- Task objects must be valid for Bosun backlog creation with fields:
+  \'title\', \'description\', \'implementation_steps\', \'acceptance_criteria\',
+  \'verification\', optional \'base_branch\'.
+- Do not emit empty or placeholder tasks. Every task must be actionable and execution-ready.
 
 ## Output Contract (MANDATORY — STRICT)
 
 Your ENTIRE response must be a single fenced JSON block. Do NOT include any
 text, commentary, explanations, or markdown before or after the JSON block.
 The downstream parser extracts JSON from fenced blocks — any deviation causes
-task creation to fail silently.
+task creation to hard-fail.
 
 Return exactly this shape:
 
@@ -238,6 +242,8 @@ Rules:
 - Do NOT output partial JSON, truncated arrays, or commentary mixed with JSON.
 - Keep titles unique and specific.
 - Keep file overlap low across tasks to maximize parallel execution.
+- Descriptions must include concrete implementation details, not generic intent text.
+- Include verification commands/checks that a worker can run without additional planning.
 - **Module branch routing:** When the task title follows conventional commit format
   \`feat(module):\` or \`fix(module):\`, set \`base_branch\` to \`origin/<module>\`.
   This routes the task to the module's dedicated branch for parallel, isolated development.

package/agent-sdk.mjs

@@ -4,13 +4,19 @@
  * Reads ~/.codex/config.toml to determine the primary agent SDK and
  * capability flags for bosun integrations.
  *
- * Supported primary agents: "codex", "copilot", "claude"
+ * Supported primary agents: "codex", "copilot", "claude", "opencode", "gemini"
  * Capability flags: steering, subagents, vscode_tools
  */
 
 import { readCodexConfig } from "./codex-config.mjs";
 
-const SUPPORTED_PRIMARY = new Set(["codex", "copilot", "claude", "opencode"]);
+const SUPPORTED_PRIMARY = new Set([
+  "codex",
+  "copilot",
+  "claude",
+  "opencode",
+  "gemini",
+]);
 const DEFAULT_PRIMARY = "codex";
 
 const DEFAULT_CAPABILITIES_BY_PRIMARY = {
@@ -34,6 +40,11 @@ const DEFAULT_CAPABILITIES_BY_PRIMARY = {
     subagents: true,
     vscodeTools: false,
   },
+  gemini: {
+    steering: false,
+    subagents: true,
+    vscodeTools: false,
+  },
 };
 
 const DEFAULT_CAPABILITIES = {

package/agent-supervisor.mjs

@@ -516,7 +516,7 @@ export class AgentSupervisor {
           const state = this._ensureTaskState(taskId);
           if (this._sendTelegram) {
             this._sendTelegram(
-              `🛑 Supervisor blocked "${title}": ${reason}\n` +
+              `:close: Supervisor blocked "${title}": ${reason}\n` +
               `Situation: ${situation}, Interventions attempted: ${state.interventionCount}`,
             );
           }
@@ -535,7 +535,7 @@ export class AgentSupervisor {
             this._pauseExecutor(5 * 60_000, reason);
           }
           if (this._sendTelegram) {
-            this._sendTelegram(`⏸️ Executor paused by supervisor: ${reason}`);
+            this._sendTelegram(`:pause: Executor paused by supervisor: ${reason}`);
           }
           break;
 

package/agent-work-report.mjs

@@ -200,7 +200,7 @@ export function formatWeeklyAgentWorkReport(summary) {
       : buildWeeklyAgentWorkSummary({ metrics: [], errors: [] });
   const totals = safeSummary.totals || {};
   const lines = [
-    "📊 Weekly Agent Work Report",
+    ":chart: Weekly Agent Work Report",
     `Period: ${safeSummary.period?.startIso || "n/a"} → ${safeSummary.period?.endIso || "n/a"}`,
     `Generated: ${safeSummary.period?.generatedAtIso || new Date().toISOString()}`,
     "",

package/anomaly-detector.mjs

@@ -526,7 +526,7 @@ export class AnomalyDetector {
     const s = this.getStats();
     const uptimeMin = Math.round(s.uptimeMs / 60_000);
     const lines = [
-      `<b>🔍 Anomaly Detector Status</b>`,
+      `<b>:search: Anomaly Detector Status</b>`,
       `Uptime: ${uptimeMin}m | Lines: ${s.totalLinesProcessed.toLocaleString()}`,
       `Active: ${s.activeProcesses} | Completed: ${s.completedProcesses}`,
     ];
@@ -573,7 +573,7 @@ export class AnomalyDetector {
       }
       if (concerns.length > 0) {
         lines.push(
-          `\n⚠️ <b>${escapeHtml(proc.shortId)}</b> (${escapeHtml(proc.taskTitle || "?")}):`,
+          `\n:alert: <b>${escapeHtml(proc.shortId)}</b> (${escapeHtml(proc.taskTitle || "?")}):`,
           `  ${concerns.join(", ")}`,
         );
       }
@@ -1202,13 +1202,13 @@ export class AnomalyDetector {
       anomaly.severity === Severity.CRITICAL ||
       anomaly.severity === Severity.HIGH
     ) {
-      const icon = anomaly.severity === Severity.CRITICAL ? "🔴" : "🟠";
+      const icon = anomaly.severity === Severity.CRITICAL ? ":dot:" : ":u1f7e0:";
       const actionLabel =
         anomaly.action === "kill"
-          ? "⛔ KILL"
+          ? ":ban: KILL"
           : anomaly.action === "restart"
-            ? "🔄 RESTART"
-            : "⚠️ ALERT";
+            ? ":refresh: RESTART"
+            : ":alert: ALERT";
 
       const msg = [
         `${icon} <b>Anomaly: ${escapeHtml(anomaly.type)}</b>`,