clementine-agent 1.0.28 → 1.0.29

package/dist/agent/assistant.d.ts

@@ -12,9 +12,19 @@
 import type { AgentProfile, OnTextCallback, OnToolActivityCallback, VerboseLevel } from '../types.js';
 import { AgentManager } from './agent-manager.js';
 /**
- * Estimate token count using a weighted heuristic.
- * BPE tokenizers average ~4 chars/token for prose, but code, punctuation,
- * and whitespace-heavy content tokenize differently.
+ * Estimate token count for Claude.
+ *
+ * Anthropic's published rule of thumb is ~3.5 chars/token for English prose.
+ * Clementine's prompts blend English guidance with code, JSON, YAML, and
+ * structured memory — so we use 3.3 chars/token, slightly denser than pure
+ * English, which tracks within ~10% of the SDK's reported input_tokens in
+ * practice (see audit.jsonl tokens_in for live calibration).
+ *
+ * The previous weighted-regex heuristic (words×1.3 + punct×0.8 + lines×0.5)
+ * systematically undercounted code and JSON, triggering spurious compactions.
+ *
+ * Callers that need exact counts should read `usage.input_tokens` from the
+ * SDK result; this function is for pre-flight planning only.
  */
 export declare function estimateTokens(text: string): number;
 export interface ProjectMeta {

package/dist/agent/assistant.js

@@ -144,20 +144,24 @@ function getChannelToolDenyList(channel) {
 }
 // ── Token estimation & context window guard ─────────────────────────
 /**
- * Estimate token count using a weighted heuristic.
- * BPE tokenizers average ~4 chars/token for prose, but code, punctuation,
- * and whitespace-heavy content tokenize differently.
+ * Estimate token count for Claude.
+ *
+ * Anthropic's published rule of thumb is ~3.5 chars/token for English prose.
+ * Clementine's prompts blend English guidance with code, JSON, YAML, and
+ * structured memory — so we use 3.3 chars/token, slightly denser than pure
+ * English, which tracks within ~10% of the SDK's reported input_tokens in
+ * practice (see audit.jsonl tokens_in for live calibration).
+ *
+ * The previous weighted-regex heuristic (words×1.3 + punct×0.8 + lines×0.5)
+ * systematically undercounted code and JSON, triggering spurious compactions.
+ *
+ * Callers that need exact counts should read `usage.input_tokens` from the
+ * SDK result; this function is for pre-flight planning only.
  */
 export function estimateTokens(text) {
     if (!text)
         return 0;
-    // Count words (sequences of alphanumeric chars) — average ~1.3 tokens per word
-    const words = text.match(/\b\w+\b/g)?.length ?? 0;
-    // Count non-word tokens: punctuation, brackets, operators (each is ~1 token)
-    const punctuation = text.match(/[^\w\s]/g)?.length ?? 0;
-    // Newlines and indentation: roughly 1 token per line
-    const lines = text.split('\n').length;
-    return Math.ceil(words * 1.3 + punctuation * 0.8 + lines * 0.5);
+    return Math.ceil(text.length / 3.3);
 }
 /**
  * Strip lone Unicode surrogates (U+D800–U+DFFF) from a string so it can be
@@ -765,6 +769,21 @@ export class PersonalAssistant {
         try {
             const data = JSON.parse(fs.readFileSync(SESSIONS_FILE, 'utf-8'));
             const now = Date.now();
+            // Drop old-format Slack session keys that pre-date workspace namespacing
+            // (`slack:user:*`, `slack:dm:*`). The new format is
+            // `slack:team:{teamId}:user:{userId}`; old keys can't be safely remapped
+            // because the originating workspace isn't known, so they're dropped and
+            // users rotate into a fresh session on their next message.
+            let droppedLegacy = 0;
+            for (const key of Object.keys(data)) {
+                if (/^slack:(user|dm):/.test(key)) {
+                    delete data[key];
+                    droppedLegacy++;
+                }
+            }
+            if (droppedLegacy > 0) {
+                logger.info({ dropped: droppedLegacy }, 'Migrated sessions: dropped pre-workspace-namespacing Slack keys');
+            }
             for (const [key, entry] of Object.entries(data)) {
                 const ts = new Date(entry.timestamp);
                 if (now - ts.getTime() > SESSION_EXPIRY_MS)

package/dist/channels/slack.js

@@ -59,7 +59,7 @@ export async function startSlack(gateway, dispatcher, slackBotManager) {
     app.error(async (error) => {
         logger.error({ err: error }, 'Slack app error — continuing');
     });
-    app.message(async ({ message, client }) => {
+    app.message(async ({ message, client, context }) => {
         try {
             // Type guard: only handle regular user messages
             if (!('user' in message) || !('text' in message))
@@ -72,6 +72,10 @@ export async function startSlack(gateway, dispatcher, slackBotManager) {
             if (slackBotManager?.getOwnedChannelIds().includes(message.channel))
                 return;
             const userId = message.user;
+            // Slack user IDs are scoped per-workspace, so a bare `slack:user:{uid}`
+            // collides across workspaces. Namespace by team/workspace ID so sessions
+            // stay isolated even when the same bot is installed in multiple workspaces.
+            const teamId = context.teamId ?? (await client.auth.test().then(r => r.team_id).catch(() => 'unknown'));
             // Owner-only check
             if (SLACK_OWNER_USER_ID && userId !== SLACK_OWNER_USER_ID) {
                 logger.warn(`Ignored Slack message from non-owner: ${userId}`);
@@ -93,7 +97,7 @@ export async function startSlack(gateway, dispatcher, slackBotManager) {
                 return;
             const channel = message.channel;
             const threadTs = ('thread_ts' in message ? message.thread_ts : undefined) ?? message.ts;
-            const sessionKey = `slack:user:${userId}`;
+            const sessionKey = `slack:team:${teamId}:user:${userId}`;
             // ── !stop — abort active query (bypasses session lock) ────────────
             if (text === '!stop' || text === '/stop') {
                 const stopped = gateway.stopSession(sessionKey);

package/dist/gateway/cron-scheduler.d.ts

@@ -60,6 +60,7 @@ export declare class CronScheduler {
     private disabledJobs;
     private scheduledTasks;
     private runningJobs;
+    private runMetadata;
     private completedJobs;
     private watching;
     readonly runLog: CronRunLog;
@@ -71,7 +72,21 @@ export declare class CronScheduler {
     private goalTriggerDir;
     private triggerTimer;
     private statusChangeListeners;
+    private static readonly RUNNING_JOBS_FILE;
     constructor(gateway: Gateway, dispatcher: NotificationDispatcher);
+    /**
+     * Atomically persist the current runningJobs set to disk. Uses write-then-
+     * rename so a crash mid-write cannot corrupt the file.
+     */
+    private persistRunningJobs;
+    /**
+     * On startup, read the persisted running-jobs file. Any entries present
+     * represent jobs interrupted by a previous crash. Surface each to audit.jsonl
+     * and clear the file. Deliberately do NOT auto-restart — the next scheduled
+     * tick handles it, avoiding duplicate external side effects (emails sent,
+     * commits pushed, etc.) from a partial prior run.
+     */
+    private reconcileInterruptedJobs;
     /** Load job definitions from CRON.md and agent dirs without scheduling tasks. */
     private loadJobDefinitions;
     /** Register a listener that fires when system state changes (job start/finish, self-improve, etc). */

package/dist/gateway/cron-scheduler.js

@@ -7,7 +7,7 @@
  * retry helpers, CronRunLog, and daily-note logging utilities used by both schedulers.
  */
 import { execSync } from 'node:child_process';
-import { appendFileSync, existsSync, mkdirSync, readFileSync, readdirSync, statSync, unlinkSync, watchFile, unwatchFile, writeFileSync, } from 'node:fs';
+import { appendFileSync, existsSync, mkdirSync, readFileSync, readdirSync, renameSync, statSync, unlinkSync, watchFile, unwatchFile, writeFileSync, } from 'node:fs';
 import path from 'node:path';
 import cron from 'node-cron';
 import matter from 'gray-matter';
@@ -17,6 +17,7 @@ import { listAllGoals, findGoalPath, readGoalById } from '../tools/shared.js';
 import { scanner } from '../security/scanner.js';
 import { parseAllWorkflows as parseAllWorkflowsSync } from '../agent/workflow-runner.js';
 import { SelfImproveLoop } from '../agent/self-improve.js';
+import { logAuditJsonl } from '../agent/hooks.js';
 const logger = pino({ name: 'clementine.cron' });
 /** Default timeout for standard cron jobs (10 minutes). */
 const CRON_STANDARD_TIMEOUT_MS = 10 * 60 * 1000;
@@ -332,6 +333,7 @@ export class CronScheduler {
     disabledJobs = new Set();
     scheduledTasks = new Map();
     runningJobs = new Set();
+    runMetadata = new Map();
     completedJobs = new Map(); // jobName → completion timestamp
     watching = false;
     runLog;
@@ -346,6 +348,10 @@ export class CronScheduler {
     triggerTimer = null;
     // Event-driven status change listeners (used by Discord status embed)
     statusChangeListeners = [];
+    // Disk-backed mirror of runningJobs for crash-safe idempotency. If the
+    // daemon dies mid-run, startup reconciliation surfaces the interrupted job
+    // to audit.jsonl and clears the file so the next scheduled tick proceeds.
+    static RUNNING_JOBS_FILE = path.join(BASE_DIR, 'cron-running.json');
     constructor(gateway, dispatcher) {
         this.gateway = gateway;
         this.dispatcher = dispatcher;
@@ -355,6 +361,65 @@ export class CronScheduler {
         // query jobs on connect which happens before start().
         this.loadJobDefinitions();
     }
+    /**
+     * Atomically persist the current runningJobs set to disk. Uses write-then-
+     * rename so a crash mid-write cannot corrupt the file.
+     */
+    persistRunningJobs(metaByName) {
+        try {
+            const entries = [...this.runningJobs].map(name => ({
+                jobName: name,
+                startedAt: metaByName?.get(name)?.startedAt ?? new Date().toISOString(),
+                runId: metaByName?.get(name)?.runId ?? '',
+                pid: process.pid,
+            }));
+            const tmp = CronScheduler.RUNNING_JOBS_FILE + '.tmp';
+            writeFileSync(tmp, JSON.stringify(entries, null, 2));
+            renameSync(tmp, CronScheduler.RUNNING_JOBS_FILE);
+        }
+        catch (err) {
+            logger.debug({ err }, 'Failed to persist running-jobs file');
+        }
+    }
+    /**
+     * On startup, read the persisted running-jobs file. Any entries present
+     * represent jobs interrupted by a previous crash. Surface each to audit.jsonl
+     * and clear the file. Deliberately do NOT auto-restart — the next scheduled
+     * tick handles it, avoiding duplicate external side effects (emails sent,
+     * commits pushed, etc.) from a partial prior run.
+     */
+    reconcileInterruptedJobs() {
+        try {
+            if (!existsSync(CronScheduler.RUNNING_JOBS_FILE))
+                return;
+            const raw = readFileSync(CronScheduler.RUNNING_JOBS_FILE, 'utf-8');
+            const entries = JSON.parse(raw);
+            if (!Array.isArray(entries) || entries.length === 0) {
+                unlinkSync(CronScheduler.RUNNING_JOBS_FILE);
+                return;
+            }
+            const detectedAt = new Date().toISOString();
+            for (const entry of entries) {
+                logger.warn({ ...entry, detectedAt }, 'Interrupted cron job detected on startup');
+                logAuditJsonl({
+                    event_type: 'cron_interrupted',
+                    jobName: entry.jobName,
+                    runId: entry.runId,
+                    startedAt: entry.startedAt,
+                    detectedAt,
+                    previousPid: entry.pid,
+                });
+            }
+            unlinkSync(CronScheduler.RUNNING_JOBS_FILE);
+        }
+        catch (err) {
+            logger.warn({ err }, 'Failed to reconcile running-jobs file — starting fresh');
+            try {
+                unlinkSync(CronScheduler.RUNNING_JOBS_FILE);
+            }
+            catch { /* ignore */ }
+        }
+    }
     /** Load job definitions from CRON.md and agent dirs without scheduling tasks. */
     loadJobDefinitions() {
         this.jobs = parseCronJobs();
@@ -376,6 +441,9 @@ export class CronScheduler {
         }
     }
     start() {
+        // Surface any jobs that were mid-run when the daemon last died and clear
+        // the crash-consistency file before scheduling new ticks.
+        this.reconcileInterruptedJobs();
         this.reloadJobs();
         this.reloadWorkflows();
         this.watchCronFile();
@@ -800,6 +868,11 @@ export class CronScheduler {
             catch { /* non-fatal */ }
         }
         this.runningJobs.add(job.name);
+        this.runMetadata.set(job.name, {
+            startedAt: new Date().toISOString(),
+            runId: Math.random().toString(36).slice(2, 10),
+        });
+        this.persistRunningJobs(this.runMetadata);
         this.emitStatusChange();
         try {
             logger.info(`Running cron job: ${job.name}${job.agentSlug ? ` (agent: ${job.agentSlug})` : ''}`);
@@ -969,6 +1042,8 @@ export class CronScheduler {
         }
         finally {
             this.runningJobs.delete(job.name);
+            this.runMetadata.delete(job.name);
+            this.persistRunningJobs(this.runMetadata);
             this.emitStatusChange();
             // Fire-and-forget: check if this agent's profile needs self-learning update
             if (job.agentSlug) {

package/dist/gateway/router.js

@@ -748,6 +748,8 @@ export class Gateway {
                 const isOwnerDm = sessionKey.startsWith('discord:user:') ||
                     sessionKey.startsWith('discord:agent:') ||
                     sessionKey.startsWith('slack:dm:') ||
+                    // New workspace-namespaced Slack DMs: slack:team:{teamId}:user:{userId}
+                    /^slack:team:[^:]+:(user|dm):/.test(sessionKey) ||
                     sessionKey.startsWith('telegram:');
                 const shouldBlock = scan.verdict === 'block' && !isOwnerDm;
                 if (shouldBlock) {
@@ -1308,6 +1310,8 @@ export class Gateway {
                 const isOwnerDm = sessionKey.startsWith('discord:user:') ||
                     sessionKey.startsWith('discord:agent:') ||
                     sessionKey.startsWith('slack:dm:') ||
+                    // New workspace-namespaced Slack DMs: slack:team:{teamId}:user:{userId}
+                    /^slack:team:[^:]+:(user|dm):/.test(sessionKey) ||
                     sessionKey.startsWith('telegram:');
                 const shouldBlock = scan.verdict === 'block' && !isOwnerDm;
                 if (shouldBlock) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clementine-agent",
-  "version": "1.0.28",
+  "version": "1.0.29",
   "description": "Clementine — Personal AI Assistant (TypeScript)",
   "type": "module",
   "main": "dist/index.js",