clementine-agent 1.0.26 → 1.0.28

package/dist/agent/assistant.d.ts

@@ -79,6 +79,13 @@ export declare class PersonalAssistant {
     /** Inject a background work result into the session so the next chat naturally references it. */
     injectPendingContext(sessionKey: string, userPrompt: string, result: string): void;
     private initMemoryStore;
+    /**
+     * Seed the in-memory hotCorrections ring buffer from persisted behavioral
+     * patterns (corrections that recurred across ≥2 sessions in the last 30d).
+     * Without this, daemon restarts would wipe the prompt-injected corrections
+     * until they reoccurred live.
+     */
+    private primeHotCorrections;
     private loadSessions;
     /**
      * Schedule a debounced session persist. Multiple calls within 500ms collapse
@@ -186,7 +193,7 @@ export declare class PersonalAssistant {
         };
         delegateProfile?: AgentProfile;
     }): Promise<string>;
-    runCronJob(jobName: string, jobPrompt: string, tier?: number, maxTurns?: number, model?: string, workDir?: string, timeoutMs?: number, successCriteria?: string[]): Promise<string>;
+    runCronJob(jobName: string, jobPrompt: string, tier?: number, maxTurns?: number, model?: string, workDir?: string, timeoutMs?: number, successCriteria?: string[], agentSlug?: string): Promise<string>;
     /**
      * Goal-backward verification pass using Haiku after cron job execution.
      * Instead of vague quality ratings, verifies actual outcomes:
@@ -195,7 +202,7 @@ export declare class PersonalAssistant {
      * 3. Does it connect to the goal / produce actionable results? (wired)
      */
     private runCronReflection;
-    runUnleashedTask(jobName: string, jobPrompt: string, tier?: number, maxTurns?: number, model?: string, workDir?: string, maxHours?: number): Promise<string>;
+    runUnleashedTask(jobName: string, jobPrompt: string, tier?: number, maxTurns?: number, model?: string, workDir?: string, maxHours?: number, agentSlug?: string): Promise<string>;
     /**
      * Run a team message as an unleashed-style autonomous task.
      * Gives team agents the same multi-phase execution as cron jobs,
@@ -203,7 +210,7 @@ export declare class PersonalAssistant {
      *
      * @param onText  Streaming callback for real-time progress updates
      */
-    runTeamTask(fromName: string, fromSlug: string, content: string, profile: AgentProfile, onText?: (token: string) => void): Promise<string>;
+    runTeamTask(fromName: string, fromSlug: string, content: string, profile: AgentProfile, onText?: (token: string) => void, externalAbortController?: AbortController): Promise<string>;
     /**
      * Inject a user/assistant exchange into a session's context without running
      * a query.  Used to give the DM session visibility of cron/heartbeat outputs

package/dist/agent/assistant.js

@@ -15,7 +15,7 @@ import { query as rawQuery, listSubagents, getSubagentMessages, } from '@anthrop
 import pino from 'pino';
 import { BASE_DIR, PKG_DIR, VAULT_DIR, DAILY_NOTES_DIR, SOUL_FILE, AGENTS_FILE, MEMORY_FILE, PROFILES_DIR, AGENTS_DIR, ASSISTANT_NAME, OWNER_NAME, MODEL, MODELS, HEARTBEAT_MAX_TURNS, SEARCH_CONTEXT_LIMIT, SEARCH_RECENCY_LIMIT, SYSTEM_PROMPT_MAX_CONTEXT_CHARS, SESSION_EXCHANGE_HISTORY_SIZE, SESSION_EXCHANGE_MAX_CHARS, INJECTED_CONTEXT_MAX_CHARS, UNLEASHED_PHASE_TURNS, UNLEASHED_DEFAULT_MAX_HOURS, UNLEASHED_MAX_PHASES, PROJECTS_META_FILE, CRON_PROGRESS_DIR, CRON_REFLECTIONS_DIR, HANDOFFS_DIR, BUDGET, ENABLE_1M_CONTEXT, IDENTITY_FILE, CLAUDE_CODE_OAUTH_TOKEN, ANTHROPIC_API_KEY as CONFIG_ANTHROPIC_API_KEY, } from '../config.js';
 import { DEFAULT_CHANNEL_CAPABILITIES } from '../types.js';
-import { enforceToolPermissions, getSecurityPrompt, getHeartbeatSecurityPrompt, getCronSecurityPrompt, getHeartbeatDisallowedTools, logToolUse, setProfileTier, setProfileAllowedTools, setAgentDir, setSendPolicy, setInteractionSource, } from './hooks.js';
+import { enforceToolPermissions, getSecurityPrompt, getHeartbeatSecurityPrompt, getCronSecurityPrompt, getHeartbeatDisallowedTools, logToolUse, setProfileTier, setProfileAllowedTools, setAgentDir, setSendPolicy, setInteractionSource, logAuditJsonl, } from './hooks.js';
 import { scanner } from '../security/scanner.js';
 import { agentWorkingMemoryFile, listAllGoals } from '../tools/shared.js';
 import { AgentManager } from './agent-manager.js';
@@ -84,6 +84,64 @@ function formatCapabilities(caps) {
         features.push(`max ${caps.maxMessageLength} chars/message`);
     return features.length > 0 ? features.join(', ') : 'text only';
 }
+/** Derive the human-readable channel label from a session key. */
+function deriveChannel(opts) {
+    const { sessionKey, isAutonomous, cronTier } = opts;
+    if (isAutonomous)
+        return cronTier != null ? 'cron' : 'heartbeat';
+    if (!sessionKey)
+        return 'unknown';
+    if (sessionKey.startsWith('discord:user:'))
+        return 'Discord DM';
+    if (sessionKey.startsWith('discord:channel:'))
+        return 'Discord channel';
+    if (sessionKey.startsWith('slack:'))
+        return 'Slack';
+    if (sessionKey.startsWith('telegram:'))
+        return 'Telegram';
+    if (sessionKey.startsWith('whatsapp:'))
+        return 'WhatsApp';
+    if (sessionKey.startsWith('webhook:'))
+        return 'webhook';
+    return 'direct';
+}
+/**
+ * Per-channel tool deny list. Narrows what the agent can invoke based on the
+ * surface area of the channel — e.g. a public Discord channel shouldn't execute
+ * shell commands on the owner's box, and SMS/WhatsApp shouldn't touch the
+ * filesystem. Owner-direct surfaces (Discord DM, dashboard, direct CLI) get the
+ * full toolset.
+ *
+ * Returned tools are added to the SDK's `disallowedTools`. Denial is strict —
+ * it overrides the positive allowlist in buildOptions.
+ */
+function getChannelToolDenyList(channel) {
+    const CODE_EXEC = ['Bash', 'Write', 'Edit'];
+    const SHARED_DENY = [...CODE_EXEC];
+    const SMS_DENY = [
+        ...CODE_EXEC,
+        mcpTool('browser_screenshot'),
+        mcpTool('github_prs'),
+        mcpTool('rss_fetch'),
+        mcpTool('web_search'),
+        mcpTool('analyze_image'),
+        mcpTool('self_restart'),
+        mcpTool('update_self'),
+    ];
+    switch (channel) {
+        case 'Discord channel':
+        case 'Slack':
+            return SHARED_DENY;
+        case 'WhatsApp':
+        case 'Telegram':
+            return SMS_DENY;
+        case 'webhook':
+            return SMS_DENY;
+        default:
+            // Discord DM (owner), direct, dashboard:web, autonomous, unknown → full tools.
+            return [];
+    }
+}
 // ── Token estimation & context window guard ─────────────────────────
 /**
  * Estimate token count using a weighted heuristic.
@@ -575,6 +633,19 @@ export class PersonalAssistant {
     // ── Shared stream helpers ──────────────────────────────────────────
     /** Log SDK result metrics and store usage. Shared across all query methods. */
     logQueryResult(result, source, sessionKey, label, agentSlug) {
+        // Aggregate cache stats across all models used this turn
+        let cacheRead = 0;
+        let cacheCreation = 0;
+        let inputTokens = 0;
+        if (result.modelUsage) {
+            for (const usage of Object.values(result.modelUsage)) {
+                cacheRead += usage.cacheReadInputTokens ?? 0;
+                cacheCreation += usage.cacheCreationInputTokens ?? 0;
+                inputTokens += usage.inputTokens ?? 0;
+            }
+        }
+        const cacheDenominator = inputTokens + cacheRead + cacheCreation;
+        const cacheHitRate = cacheDenominator > 0 ? cacheRead / cacheDenominator : 0;
         if ('total_cost_usd' in result) {
             logger.info({
                 ...(label ? { job: label } : {}),
@@ -582,7 +653,23 @@ export class PersonalAssistant {
                 cost_usd: result.total_cost_usd,
                 num_turns: result.num_turns,
                 duration_ms: result.duration_ms,
+                cache_read_tokens: cacheRead,
+                cache_creation_tokens: cacheCreation,
+                cache_hit_rate: Number(cacheHitRate.toFixed(3)),
             }, `${source} query completed`);
+            logAuditJsonl({
+                event_type: 'query_complete',
+                source,
+                agent_slug: agentSlug,
+                job: label,
+                cost_usd: result.total_cost_usd,
+                num_turns: result.num_turns,
+                duration_ms: result.duration_ms,
+                tokens_in: inputTokens,
+                cache_read_tokens: cacheRead,
+                cache_creation_tokens: cacheCreation,
+                cache_hit_rate: Number(cacheHitRate.toFixed(3)),
+            });
         }
         if (this.memoryStore && result.modelUsage) {
             try {
@@ -638,11 +725,39 @@ export class PersonalAssistant {
             const { MEMORY_DB_PATH } = await import('../config.js');
             this.memoryStore = new MemoryStore(MEMORY_DB_PATH, VAULT_DIR);
             this.memoryStore.initialize();
+            this.primeHotCorrections();
         }
         catch (err) {
             logger.warn({ err }, 'Memory store init failed — falling back to static prompts');
         }
     }
+    /**
+     * Seed the in-memory hotCorrections ring buffer from persisted behavioral
+     * patterns (corrections that recurred across ≥2 sessions in the last 30d).
+     * Without this, daemon restarts would wipe the prompt-injected corrections
+     * until they reoccurred live.
+     */
+    primeHotCorrections() {
+        if (!this.memoryStore)
+            return;
+        try {
+            const patterns = this.memoryStore.getBehavioralPatterns(2);
+            const now = new Date().toISOString();
+            for (const p of patterns.slice(0, 10)) {
+                this.hotCorrections.push({
+                    correction: p.correction,
+                    category: p.category,
+                    timestamp: now,
+                });
+            }
+            if (patterns.length > 0) {
+                logger.info({ primed: Math.min(patterns.length, 10) }, 'Primed hot corrections from behavioral patterns');
+            }
+        }
+        catch (err) {
+            logger.warn({ err }, 'Priming hot corrections failed');
+        }
+    }
     // ── Session Persistence ───────────────────────────────────────────
     loadSessions() {
         if (!fs.existsSync(SESSIONS_FILE))
@@ -864,40 +979,6 @@ export class PersonalAssistant {
                 }
             }
         }
-        const now = new Date();
-        // Derive channel label from session key
-        let channel = 'unknown';
-        if (isAutonomous) {
-            channel = cronTier !== null ? 'cron' : 'heartbeat';
-        }
-        else if (sessionKey) {
-            if (sessionKey.startsWith('discord:user:'))
-                channel = 'Discord DM';
-            else if (sessionKey.startsWith('discord:channel:'))
-                channel = 'Discord channel';
-            else if (sessionKey.startsWith('slack:'))
-                channel = 'Slack';
-            else if (sessionKey.startsWith('telegram:'))
-                channel = 'Telegram';
-            else if (sessionKey.startsWith('whatsapp:'))
-                channel = 'WhatsApp';
-            else if (sessionKey.startsWith('webhook:'))
-                channel = 'webhook';
-            else
-                channel = 'direct';
-        }
-        const resolvedModel = resolveModel(model) ?? MODEL;
-        const modelLabel = Object.entries(MODELS).find(([, v]) => v === resolvedModel)?.[0] ?? resolvedModel;
-        const caps = !isAutonomous ? getChannelCapabilities(channel) : null;
-        parts.push(`## Current Context
-
-- **Date:** ${formatDate(now)}
-- **Time:** ${formatTime(now)}
-- **Timezone:** ${Intl.DateTimeFormat().resolvedOptions().timeZone}
-- **Channel:** ${channel}${caps ? ` (${formatCapabilities(caps)})` : ''}
-- **Model:** ${modelLabel} (${resolvedModel})
-- **Vault:** ${vault}
-`);
         if (isAutonomous) {
             // Minimal vault reference for heartbeats/cron — they know their tools
             parts.push(`Vault: \`${vault}\`. Key files: MEMORY.md, ${todayISO()}.md (today), TASKS.md. Use MCP tools (memory_read/write, task_list/add/update, note_take).`);
@@ -979,7 +1060,8 @@ Never spawn a sub-agent with vague instructions like "handle this brief" — tel
         // Proactive skill injection: match user message against skill triggers
         if (this._lastUserMessage && !isAutonomous) {
             try {
-                const matchedSkills = searchSkillsSync(this._lastUserMessage, 1, profile?.slug);
+                const suppressedNames = this.memoryStore?.getSkillsToSuppress?.(profile?.slug);
+                const matchedSkills = searchSkillsSync(this._lastUserMessage, 1, profile?.slug, { suppressedNames });
                 if (matchedSkills.length > 0 && matchedSkills[0].score >= 4) {
                     const skill = matchedSkills[0];
                     this.memoryStore?.logSkillUse?.({
@@ -1153,6 +1235,21 @@ If you're stuck after reading several files, tell ${owner} what's blocking you.
 You have a cost budget per message — not a hard turn limit. Work until the task is done. For long tasks (10+ tool calls), narrate progress as you go so ${owner} can see you're making headway. If a task needs many database queries, keep result sets small (LIMIT 20) to avoid filling context.`);
         }
         // Security rules are now appended to systemPrompt in buildOptions()
+        // Volatile suffix — put last so the stable prefix above stays cache-friendly.
+        const channel = deriveChannel({ sessionKey, isAutonomous, cronTier });
+        const resolvedModel = resolveModel(model) ?? MODEL;
+        const modelLabel = Object.entries(MODELS).find(([, v]) => v === resolvedModel)?.[0] ?? resolvedModel;
+        const caps = !isAutonomous ? getChannelCapabilities(channel) : null;
+        const now = new Date();
+        parts.push(`## Current Context
+
+- **Date:** ${formatDate(now)}
+- **Time:** ${formatTime(now)}
+- **Timezone:** ${Intl.DateTimeFormat().resolvedOptions().timeZone}
+- **Channel:** ${channel}${caps ? ` (${formatCapabilities(caps)})` : ''}
+- **Model:** ${modelLabel} (${resolvedModel})
+- **Vault:** ${vault}
+`);
         return parts.join('\n\n---\n\n');
     }
     // ── Build SDK Options ─────────────────────────────────────────────
@@ -1271,8 +1368,18 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
         // Cron tier 1 gets heartbeat restrictions (read-only + vault writes).
         const isCron = cronTier !== null;
         const disallowed = isHeartbeat && (!isCron || (cronTier ?? 0) < 2)
-            ? getHeartbeatDisallowedTools()
+            ? [...getHeartbeatDisallowedTools()]
             : [];
+        // Per-channel tool scoping: narrow tools for surfaces where destructive
+        // operations shouldn't happen (public Discord/Slack channels, SMS-like
+        // channels, webhooks). Owner DMs + dashboard keep the full toolset.
+        const channelForScoping = deriveChannel({ sessionKey, isAutonomous: isHeartbeat || isCron, cronTier });
+        const channelDeny = getChannelToolDenyList(channelForScoping);
+        if (channelDeny.length > 0) {
+            for (const t of channelDeny)
+                if (!disallowed.includes(t))
+                    disallowed.push(t);
+        }
         // Cron/heartbeat get turn limits. Interactive chat has no turn cap —
         // cost budget (maxBudgetUsd) is the primary guardrail.
         const effectiveMaxTurns = maxTurns
@@ -1302,11 +1409,16 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
                 : isCron && !isUnleashed ? 'medium'
                     : isPlanStep || isUnleashed ? 'high'
                         : undefined);
-        // ── Compute budget cap ────────────────────────────────────────
+        // ── Compute budget (telemetry only) ───────────────────────────
+        // Cost is informational on a Claude subscription — killing a job
+        // mid-phase because it hit $5 in tokens is worse than the cost.
+        // We still compute the figure so dashboards/logs can show it, but
+        // do not pass it into the SDK as an enforcement knob.
         const computedBudget = maxBudgetUsd ?? (isHeartbeat && !isCron ? BUDGET.heartbeat
             : isCron && (cronTier ?? 0) < 2 ? BUDGET.cronT1
                 : isCron ? BUDGET.cronT2
                     : BUDGET.chat);
+        void computedBudget; // reserved for future cost telemetry — not enforced
         // ── Compute adaptive thinking ─────────────────────────────────
         const supportsThinking = !resolvedModel.includes('haiku');
         const needsThinking = !isHeartbeat && (isPlanStep || isUnleashed || !isCron);
@@ -1355,7 +1467,7 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
             cwd: BASE_DIR,
             env: SAFE_ENV,
             ...(computedEffort ? { effort: computedEffort } : {}),
-            ...(computedBudget !== undefined ? { maxBudgetUsd: computedBudget } : {}),
+            // maxBudgetUsd intentionally omitted — see comment above.
             ...(computedThinking ? { thinking: computedThinking } : {}),
             ...(computedBetas ? { betas: computedBetas } : {}),
             ...(outputFormat ? { outputFormat } : {}),
@@ -1421,7 +1533,8 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
                 (async () => {
                     try {
                         const { searchSkills, recordSkillUse } = await import('./skill-extractor.js');
-                        const matchedSkills = searchSkills(enrichedQuery, 2, agentSlug || undefined);
+                        const suppressedNames = this.memoryStore?.getSkillsToSuppress?.(agentSlug || undefined);
+                        const matchedSkills = searchSkills(enrichedQuery, 2, agentSlug || undefined, { suppressedNames });
                         if (matchedSkills.length > 0) {
                             return `## Relevant Procedures (from past successful executions)\n\n` +
                                 matchedSkills.map(s => {
@@ -1908,6 +2021,7 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
                 let responseText = '';
                 let sessionId = '';
                 let hitRateLimit = false;
+                let rateLimitRetryAfterMs = null;
                 let staleSession = false;
                 let contextRecovery = false;
                 let lastAssistantBlocks = [];
@@ -2078,6 +2192,16 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
                     }
                     else if (errStr.includes('rate') && (errStr.includes('limit') || errStr.includes('rate_limit'))) {
                         hitRateLimit = true;
+                        // Try to respect any retry hint the server surfaced in the error text.
+                        // Matches: "retry-after: 30", "retry after 30 seconds", "retry in 30s".
+                        const m = errStr.match(/retry[-\s]?(?:after|in)[:\s]*(\d+)\s*(ms|s|seconds?|milliseconds?)?/);
+                        if (m) {
+                            const n = Number(m[1]);
+                            if (Number.isFinite(n) && n > 0) {
+                                const unit = (m[2] ?? 's').toLowerCase();
+                                rateLimitRetryAfterMs = unit.startsWith('ms') || unit.startsWith('milli') ? n : n * 1000;
+                            }
+                        }
                     }
                     else if (errStr.includes('autocompact') || errStr.includes('thrash') || errStr.includes('context refilled to the limit')) {
                         // SDK autocompact thrashing — tool outputs are too large for the context window.
@@ -2161,8 +2285,14 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
                     continue;
                 }
                 if (hitRateLimit && attempt < PersonalAssistant.RATE_LIMIT_MAX_RETRIES) {
-                    const wait = PersonalAssistant.RATE_LIMIT_BACKOFF[Math.min(attempt, PersonalAssistant.RATE_LIMIT_BACKOFF.length - 1)];
+                    const base = rateLimitRetryAfterMs
+                        ?? PersonalAssistant.RATE_LIMIT_BACKOFF[Math.min(attempt, PersonalAssistant.RATE_LIMIT_BACKOFF.length - 1)];
+                    // ±25% jitter so concurrent retries don't align and re-collide.
+                    const jitter = 1 + (Math.random() - 0.5) * 0.5;
+                    const wait = Math.max(500, Math.round(base * jitter));
+                    logger.info({ sessionKey, attempt, waitMs: wait, hintedRetryAfterMs: rateLimitRetryAfterMs }, 'Rate-limited — waiting before retry');
                     await new Promise((r) => setTimeout(r, wait));
+                    rateLimitRetryAfterMs = null; // hint is per-attempt
                     continue;
                 }
                 if (hitRateLimit && !responseText) {
@@ -2994,8 +3124,11 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
         return extractDeliverable(trace) ||
             trace.filter(t => t.type === 'text').map(t => t.content).join('').trim();
     }
-    async runCronJob(jobName, jobPrompt, tier = 1, maxTurns, model, workDir, timeoutMs, successCriteria) {
+    async runCronJob(jobName, jobPrompt, tier = 1, maxTurns, model, workDir, timeoutMs, successCriteria, agentSlug) {
         setInteractionSource('autonomous');
+        const cronProfile = agentSlug && agentSlug !== 'clementine'
+            ? this.profileManager.get(agentSlug)
+            : null;
         const cronGuard = new StallGuard();
         const sdkOptions = this.buildOptions({
             isHeartbeat: true,
@@ -3004,6 +3137,7 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
             model: model ?? null,
             enableTeams: true,
             stallGuard: cronGuard,
+            profile: cronProfile,
         });
         // Override cwd if a project workDir is specified
         if (workDir) {
@@ -3140,7 +3274,8 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
             const { searchSkills, recordSkillUse } = await import('./skill-extractor.js');
             const cronAgentSlug = sdkOptions.env?.CLEMENTINE_TEAM_AGENT;
             const skillQuery = jobName + ' ' + jobPrompt.slice(0, 200);
-            const matchedSkills = searchSkills(skillQuery, 2, cronAgentSlug || undefined);
+            const suppressedNames = this.memoryStore?.getSkillsToSuppress?.(cronAgentSlug || undefined);
+            const matchedSkills = searchSkills(skillQuery, 2, cronAgentSlug || undefined, { suppressedNames });
             if (matchedSkills.length > 0) {
                 const skillLines = matchedSkills.map(s => {
                     recordSkillUse(s.name);
@@ -3406,8 +3541,11 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
         }
     }
     // ── Unleashed Mode (Long-Running Autonomous Tasks) ─────────────────
-    async runUnleashedTask(jobName, jobPrompt, tier = 1, maxTurns, model, workDir, maxHours) {
+    async runUnleashedTask(jobName, jobPrompt, tier = 1, maxTurns, model, workDir, maxHours, agentSlug) {
         setInteractionSource('autonomous');
+        const unleashedProfile = agentSlug && agentSlug !== 'clementine'
+            ? this.profileManager.get(agentSlug)
+            : null;
         const effectiveMaxHours = maxHours ?? UNLEASHED_DEFAULT_MAX_HOURS;
         const turnsPerPhase = maxTurns ?? UNLEASHED_PHASE_TURNS;
         const deadline = Date.now() + effectiveMaxHours * 60 * 60 * 1000;
@@ -3478,6 +3616,7 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
                 isUnleashed: true,
                 maxBudgetUsd: BUDGET.unleashedPhase,
                 stallGuard: phaseGuard,
+                profile: unleashedProfile,
             });
             // Enable progress summaries for real-time status updates
             sdkOptions.agentProgressSummaries = true;
@@ -3498,7 +3637,8 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
                     const { searchSkills, recordSkillUse } = await import('./skill-extractor.js');
                     const unleashedAgentSlug = jobName.includes(':') ? jobName.split(':')[0] : undefined;
                     const unleashedSkillQuery = jobName + ' ' + jobPrompt.slice(0, 200);
-                    const matchedSkills = searchSkills(unleashedSkillQuery, 2, unleashedAgentSlug);
+                    const suppressedNames = this.memoryStore?.getSkillsToSuppress?.(unleashedAgentSlug);
+                    const matchedSkills = searchSkills(unleashedSkillQuery, 2, unleashedAgentSlug, { suppressedNames });
                     if (matchedSkills.length > 0) {
                         unleashedSkillContext = `\n\n## Learned Procedures\nFollow these proven approaches when applicable:\n\n` +
                             matchedSkills.map(s => {
@@ -3796,7 +3936,7 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
      *
      * @param onText  Streaming callback for real-time progress updates
      */
-    async runTeamTask(fromName, fromSlug, content, profile, onText) {
+    async runTeamTask(fromName, fromSlug, content, profile, onText, externalAbortController) {
         setInteractionSource('autonomous');
         const taskName = `team-msg:${fromSlug}-to-${profile.slug}`;
         const maxHours = 1; // Team messages get 1 hour max (not 6 like cron unleashed)
@@ -3808,6 +3948,10 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
         let lastOutput = '';
         let consecutiveErrors = 0;
         while (phase < maxPhases) {
+            if (externalAbortController?.signal.aborted) {
+                logger.info({ taskName, phase }, 'Team task aborted by caller');
+                return lastOutput || `Team task aborted by caller at phase ${phase}.`;
+            }
             if (Date.now() >= deadline) {
                 logger.info({ taskName, phase }, 'Team task timed out');
                 return lastOutput || `Team task timed out after ${maxHours}h at phase ${phase}.`;
@@ -3878,6 +4022,17 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
                 phaseAc.abort();
                 logger.warn({ taskName, phase }, `Team task phase ${phase} aborted — deadline reached`);
             }, Math.max(deadline - Date.now(), 0));
+            // Propagate external abort (e.g., user sent "Stop") into the phase controller
+            const onExternalAbort = () => {
+                phaseAc.abort();
+                logger.info({ taskName, phase }, `Team task phase ${phase} aborted by caller`);
+            };
+            if (externalAbortController) {
+                if (externalAbortController.signal.aborted)
+                    phaseAc.abort();
+                else
+                    externalAbortController.signal.addEventListener('abort', onExternalAbort, { once: true });
+            }
             sdkOptions.abortController = phaseAc;
             try {
                 const stream = query({ prompt, options: sdkOptions });
@@ -3933,6 +4088,13 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
             }
             catch (err) {
                 clearTimeout(phaseTimer);
+                externalAbortController?.signal.removeEventListener('abort', onExternalAbort);
+                // If this phase aborted because the caller cancelled, return cleanly —
+                // no retry, no 3-strikes counter.
+                if (externalAbortController?.signal.aborted) {
+                    logger.info({ taskName, phase }, 'Team task aborted mid-phase by caller');
+                    return lastOutput || `Team task aborted by caller at phase ${phase}.`;
+                }
                 logger.error({ err, taskName, phase }, 'Team task phase error');
                 consecutiveErrors++;
                 if (consecutiveErrors >= 3) {
@@ -3942,6 +4104,7 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
                 continue;
             }
             clearTimeout(phaseTimer);
+            externalAbortController?.signal.removeEventListener('abort', onExternalAbort);
             sessionId = phaseSessionId;
             lastOutput = phaseOutput.trim();
             consecutiveErrors = 0;

package/dist/agent/hooks.d.ts

@@ -9,6 +9,44 @@
  *   - Audit logging: persistent file + in-memory buffer
  */
 import type { SendPolicy } from '../types.js';
+export interface TraceContext {
+    trace_id: string;
+    session_id?: string;
+    channel?: string;
+    agent_slug?: string;
+    span_stack: string[];
+}
+/**
+ * Run `fn` inside a trace context. Creates a new trace_id if none is supplied
+ * and inherited from an outer context. Nested calls push a span_id onto the
+ * stack so parent/child relationships survive async hops.
+ */
+export declare function runWithTrace<T>(ctx: {
+    trace_id?: string;
+    session_id?: string;
+    channel?: string;
+    agent_slug?: string;
+}, fn: () => Promise<T> | T): Promise<T> | T;
+export declare function getTraceContext(): TraceContext | undefined;
+export interface AuditEvent {
+    event_type: string;
+    tool_name?: string;
+    duration_ms?: number;
+    tokens_in?: number;
+    tokens_out?: number;
+    cache_read_tokens?: number;
+    cache_creation_tokens?: number;
+    cost_usd?: number;
+    num_turns?: number;
+    error?: string;
+    [key: string]: unknown;
+}
+/**
+ * Append a structured event to audit.jsonl with the current trace context.
+ * Runs alongside (not in place of) the legacy text audit.log so existing
+ * consumers keep working.
+ */
+export declare function logAuditJsonl(event: AuditEvent): void;
 export declare function setHeartbeatMode(active: boolean, tier2Allowed?: boolean): void;
 export declare function setApprovalCallback(cb: ((desc: string) => Promise<boolean>) | null): void;
 export declare function setProfileTier(tier: number | null): void;

package/dist/agent/hooks.js

@@ -10,6 +10,8 @@
  */
 import fs from 'node:fs';
 import path from 'node:path';
+import { AsyncLocalStorage } from 'node:async_hooks';
+import { randomUUID } from 'node:crypto';
 import { OWNER_NAME, BASE_DIR, TIMEZONE } from '../config.js';
 // ── Shared state ───────────────────────────────────────────────────────
 let heartbeatActive = false;
@@ -34,19 +36,27 @@ let interactionSource = 'autonomous';
 const logsDir = path.join(BASE_DIR, 'logs');
 fs.mkdirSync(logsDir, { recursive: true });
 const auditLogPath = path.join(logsDir, 'audit.log');
+const auditJsonlPath = path.join(logsDir, 'audit.jsonl');
 const MAX_AUDIT_SIZE = 5 * 1024 * 1024; // 5 MB
+function rotateIfLarge(filePath) {
+    try {
+        if (!fs.existsSync(filePath))
+            return;
+        const stat = fs.statSync(filePath);
+        if (stat.size <= MAX_AUDIT_SIZE)
+            return;
+        const backup = filePath + '.1';
+        if (fs.existsSync(backup))
+            fs.unlinkSync(backup);
+        fs.renameSync(filePath, backup);
+    }
+    catch {
+        // Non-fatal
+    }
+}
 function appendAuditFile(line) {
     try {
-        // Simple rotation: if file exceeds max size, rename to .log.1 and start fresh
-        if (fs.existsSync(auditLogPath)) {
-            const stat = fs.statSync(auditLogPath);
-            if (stat.size > MAX_AUDIT_SIZE) {
-                const backup = auditLogPath + '.1';
-                if (fs.existsSync(backup))
-                    fs.unlinkSync(backup);
-                fs.renameSync(auditLogPath, backup);
-            }
-        }
+        rotateIfLarge(auditLogPath);
         const timestamp = new Date().toISOString().replace('T', ' ').slice(0, 19);
         fs.appendFileSync(auditLogPath, `${timestamp} ${line}\n`);
     }
@@ -54,6 +64,57 @@ function appendAuditFile(line) {
         // Non-fatal — audit logging should never crash the assistant
     }
 }
+const traceStorage = new AsyncLocalStorage();
+function shortId() {
+    // 8-char id — collision-resistant enough for per-session correlation and
+    // much easier to eyeball in logs than a full UUID.
+    return randomUUID().replace(/-/g, '').slice(0, 8);
+}
+/**
+ * Run `fn` inside a trace context. Creates a new trace_id if none is supplied
+ * and inherited from an outer context. Nested calls push a span_id onto the
+ * stack so parent/child relationships survive async hops.
+ */
+export function runWithTrace(ctx, fn) {
+    const existing = traceStorage.getStore();
+    const trace_id = ctx.trace_id ?? existing?.trace_id ?? shortId();
+    const store = {
+        trace_id,
+        session_id: ctx.session_id ?? existing?.session_id,
+        channel: ctx.channel ?? existing?.channel,
+        agent_slug: ctx.agent_slug ?? existing?.agent_slug,
+        span_stack: [shortId(), ...(existing?.span_stack ?? [])],
+    };
+    return traceStorage.run(store, fn);
+}
+export function getTraceContext() {
+    return traceStorage.getStore();
+}
+/**
+ * Append a structured event to audit.jsonl with the current trace context.
+ * Runs alongside (not in place of) the legacy text audit.log so existing
+ * consumers keep working.
+ */
+export function logAuditJsonl(event) {
+    try {
+        rotateIfLarge(auditJsonlPath);
+        const ctx = traceStorage.getStore();
+        const payload = {
+            ts: new Date().toISOString(),
+            trace_id: ctx?.trace_id,
+            span_id: ctx?.span_stack[0],
+            parent_span_id: ctx?.span_stack[1],
+            session_id: ctx?.session_id,
+            channel: ctx?.channel,
+            agent_slug: ctx?.agent_slug,
+            ...event,
+        };
+        fs.appendFileSync(auditJsonlPath, JSON.stringify(payload) + '\n');
+    }
+    catch {
+        // Non-fatal — audit logging should never crash the assistant
+    }
+}
 // ── State accessors ──────────────────────────────────────────────────
 export function setHeartbeatMode(active, tier2Allowed = false) {
     heartbeatActive = active;
@@ -99,6 +160,11 @@ export function logToolUse(toolName, toolInput) {
     const entry = `- \`${timestamp}\` **${toolName}** — ${summary}`;
     auditLog.push(entry);
     appendAuditFile(`${toolName} — ${summary}`);
+    logAuditJsonl({
+        event_type: 'tool_use',
+        tool_name: toolName,
+        summary,
+    });
 }
 // ── Heartbeat tool restrictions ─────────────────────────────────────
 // These apply to actual heartbeats and tier-1 cron jobs (read-only).

package/dist/agent/route-classifier.d.ts

@@ -23,6 +23,10 @@ export interface RouteDecision {
     confidence: number;
     reasoning: string;
 }
+export declare function isDirectImperative(userMessage: string): {
+    match: boolean;
+    pattern?: string;
+};
 /**
  * Session keys eligible for routing. Any key NOT in this set is
  * considered agent-scoped or system-scoped and never routes.