clementine-agent 1.0.28 → 1.0.30

package/dist/agent/assistant.d.ts

@@ -12,9 +12,19 @@
 import type { AgentProfile, OnTextCallback, OnToolActivityCallback, VerboseLevel } from '../types.js';
 import { AgentManager } from './agent-manager.js';
 /**
- * Estimate token count using a weighted heuristic.
- * BPE tokenizers average ~4 chars/token for prose, but code, punctuation,
- * and whitespace-heavy content tokenize differently.
+ * Estimate token count for Claude.
+ *
+ * Anthropic's published rule of thumb is ~3.5 chars/token for English prose.
+ * Clementine's prompts blend English guidance with code, JSON, YAML, and
+ * structured memory — so we use 3.3 chars/token, slightly denser than pure
+ * English, which tracks within ~10% of the SDK's reported input_tokens in
+ * practice (see audit.jsonl tokens_in for live calibration).
+ *
+ * The previous weighted-regex heuristic (words×1.3 + punct×0.8 + lines×0.5)
+ * systematically undercounted code and JSON, triggering spurious compactions.
+ *
+ * Callers that need exact counts should read `usage.input_tokens` from the
+ * SDK result; this function is for pre-flight planning only.
  */
 export declare function estimateTokens(text: string): number;
 export interface ProjectMeta {

package/dist/agent/assistant.js

@@ -144,20 +144,24 @@ function getChannelToolDenyList(channel) {
 }
 // ── Token estimation & context window guard ─────────────────────────
 /**
- * Estimate token count using a weighted heuristic.
- * BPE tokenizers average ~4 chars/token for prose, but code, punctuation,
- * and whitespace-heavy content tokenize differently.
+ * Estimate token count for Claude.
+ *
+ * Anthropic's published rule of thumb is ~3.5 chars/token for English prose.
+ * Clementine's prompts blend English guidance with code, JSON, YAML, and
+ * structured memory — so we use 3.3 chars/token, slightly denser than pure
+ * English, which tracks within ~10% of the SDK's reported input_tokens in
+ * practice (see audit.jsonl tokens_in for live calibration).
+ *
+ * The previous weighted-regex heuristic (words×1.3 + punct×0.8 + lines×0.5)
+ * systematically undercounted code and JSON, triggering spurious compactions.
+ *
+ * Callers that need exact counts should read `usage.input_tokens` from the
+ * SDK result; this function is for pre-flight planning only.
  */
 export function estimateTokens(text) {
     if (!text)
         return 0;
-    // Count words (sequences of alphanumeric chars) — average ~1.3 tokens per word
-    const words = text.match(/\b\w+\b/g)?.length ?? 0;
-    // Count non-word tokens: punctuation, brackets, operators (each is ~1 token)
-    const punctuation = text.match(/[^\w\s]/g)?.length ?? 0;
-    // Newlines and indentation: roughly 1 token per line
-    const lines = text.split('\n').length;
-    return Math.ceil(words * 1.3 + punctuation * 0.8 + lines * 0.5);
+    return Math.ceil(text.length / 3.3);
 }
 /**
  * Strip lone Unicode surrogates (U+D800–U+DFFF) from a string so it can be
@@ -765,6 +769,21 @@ export class PersonalAssistant {
         try {
             const data = JSON.parse(fs.readFileSync(SESSIONS_FILE, 'utf-8'));
             const now = Date.now();
+            // Drop old-format Slack session keys that pre-date workspace namespacing
+            // (`slack:user:*`, `slack:dm:*`). The new format is
+            // `slack:team:{teamId}:user:{userId}`; old keys can't be safely remapped
+            // because the originating workspace isn't known, so they're dropped and
+            // users rotate into a fresh session on their next message.
+            let droppedLegacy = 0;
+            for (const key of Object.keys(data)) {
+                if (/^slack:(user|dm):/.test(key)) {
+                    delete data[key];
+                    droppedLegacy++;
+                }
+            }
+            if (droppedLegacy > 0) {
+                logger.info({ dropped: droppedLegacy }, 'Migrated sessions: dropped pre-workspace-namespacing Slack keys');
+            }
             for (const [key, entry] of Object.entries(data)) {
                 const ts = new Date(entry.timestamp);
                 if (now - ts.getTime() > SESSION_EXPIRY_MS)

package/dist/channels/slack.js

@@ -59,7 +59,7 @@ export async function startSlack(gateway, dispatcher, slackBotManager) {
     app.error(async (error) => {
         logger.error({ err: error }, 'Slack app error — continuing');
     });
-    app.message(async ({ message, client }) => {
+    app.message(async ({ message, client, context }) => {
         try {
             // Type guard: only handle regular user messages
             if (!('user' in message) || !('text' in message))
@@ -72,6 +72,10 @@ export async function startSlack(gateway, dispatcher, slackBotManager) {
             if (slackBotManager?.getOwnedChannelIds().includes(message.channel))
                 return;
             const userId = message.user;
+            // Slack user IDs are scoped per-workspace, so a bare `slack:user:{uid}`
+            // collides across workspaces. Namespace by team/workspace ID so sessions
+            // stay isolated even when the same bot is installed in multiple workspaces.
+            const teamId = context.teamId ?? (await client.auth.test().then(r => r.team_id).catch(() => 'unknown'));
             // Owner-only check
             if (SLACK_OWNER_USER_ID && userId !== SLACK_OWNER_USER_ID) {
                 logger.warn(`Ignored Slack message from non-owner: ${userId}`);
@@ -93,7 +97,7 @@ export async function startSlack(gateway, dispatcher, slackBotManager) {
                 return;
             const channel = message.channel;
             const threadTs = ('thread_ts' in message ? message.thread_ts : undefined) ?? message.ts;
-            const sessionKey = `slack:user:${userId}`;
+            const sessionKey = `slack:team:${teamId}:user:${userId}`;
             // ── !stop — abort active query (bypasses session lock) ────────────
             if (text === '!stop' || text === '/stop') {
                 const stopped = gateway.stopSession(sessionKey);
@@ -201,32 +205,42 @@ export async function startSlack(gateway, dispatcher, slackBotManager) {
      * Returns true on success.
      *
      * Session key formats:
-     *   slack:user:{userId}                          → DM to user
+     *   slack:team:{teamId}:user:{userId}            → DM to user (workspace-namespaced, current format)
+     *   slack:team:{teamId}:dm:{userId}              → DM to user (workspace-namespaced)
+     *   slack:user:{userId}                          → DM to user (legacy, pre-namespacing)
+     *   slack:dm:{userId}                            → DM to user (legacy)
      *   slack:channel:{channelId}:{userId}           → post in channel
      *   slack:channel:{channelId}:{slug}:{userId}    → post in channel (agent-scoped chat)
-     *   slack:dm:{userId}                            → DM to user
      *   slack:agent:{slug}:{userId}                  → DM to user (agent-scoped)
      */
     async function trySlackSessionRouting(sessionKey, text) {
         const parts = sessionKey.split(':');
         if (parts[0] !== 'slack' || parts.length < 3)
             return false;
-        const kind = parts[1];
+        // Strip the `team:{teamId}:` workspace prefix if present so downstream
+        // routing logic stays format-agnostic. The current bolt app is connected
+        // to a single workspace, so we use the existing client regardless of which
+        // teamId the session names.
+        let effectiveParts = parts;
+        if (parts[1] === 'team' && parts.length >= 4) {
+            effectiveParts = ['slack', ...parts.slice(3)];
+        }
+        const kind = effectiveParts[1];
         try {
-            if ((kind === 'user' || kind === 'dm') && parts[2]) {
-                const dm = await app.client.conversations.open({ users: parts[2] });
+            if ((kind === 'user' || kind === 'dm') && effectiveParts[2]) {
+                const dm = await app.client.conversations.open({ users: effectiveParts[2] });
                 const channelId = dm.channel?.id;
                 if (!channelId)
                     return false;
                 await sendChunkedSlack(app.client, channelId, mdToSlack(text));
                 return true;
             }
-            if (kind === 'channel' && parts[2]) {
-                await sendChunkedSlack(app.client, parts[2], mdToSlack(text));
+            if (kind === 'channel' && effectiveParts[2]) {
+                await sendChunkedSlack(app.client, effectiveParts[2], mdToSlack(text));
                 return true;
             }
-            if (kind === 'agent' && parts[3]) {
-                const dm = await app.client.conversations.open({ users: parts[3] });
+            if (kind === 'agent' && effectiveParts[3]) {
+                const dm = await app.client.conversations.open({ users: effectiveParts[3] });
                 const channelId = dm.channel?.id;
                 if (!channelId)
                     return false;

package/dist/gateway/cron-scheduler.d.ts

@@ -60,6 +60,7 @@ export declare class CronScheduler {
     private disabledJobs;
     private scheduledTasks;
     private runningJobs;
+    private runMetadata;
     private completedJobs;
     private watching;
     readonly runLog: CronRunLog;
@@ -71,7 +72,21 @@ export declare class CronScheduler {
     private goalTriggerDir;
     private triggerTimer;
     private statusChangeListeners;
+    private static readonly RUNNING_JOBS_FILE;
     constructor(gateway: Gateway, dispatcher: NotificationDispatcher);
+    /**
+     * Atomically persist the current runningJobs set to disk. Uses write-then-
+     * rename so a crash mid-write cannot corrupt the file.
+     */
+    private persistRunningJobs;
+    /**
+     * On startup, read the persisted running-jobs file. Any entries present
+     * represent jobs interrupted by a previous crash. Surface each to audit.jsonl
+     * and clear the file. Deliberately do NOT auto-restart — the next scheduled
+     * tick handles it, avoiding duplicate external side effects (emails sent,
+     * commits pushed, etc.) from a partial prior run.
+     */
+    private reconcileInterruptedJobs;
     /** Load job definitions from CRON.md and agent dirs without scheduling tasks. */
     private loadJobDefinitions;
     /** Register a listener that fires when system state changes (job start/finish, self-improve, etc). */

package/dist/gateway/cron-scheduler.js

@@ -7,7 +7,7 @@
  * retry helpers, CronRunLog, and daily-note logging utilities used by both schedulers.
  */
 import { execSync } from 'node:child_process';
-import { appendFileSync, existsSync, mkdirSync, readFileSync, readdirSync, statSync, unlinkSync, watchFile, unwatchFile, writeFileSync, } from 'node:fs';
+import { appendFileSync, existsSync, mkdirSync, readFileSync, readdirSync, renameSync, statSync, unlinkSync, watchFile, unwatchFile, writeFileSync, } from 'node:fs';
 import path from 'node:path';
 import cron from 'node-cron';
 import matter from 'gray-matter';
@@ -17,6 +17,7 @@ import { listAllGoals, findGoalPath, readGoalById } from '../tools/shared.js';
 import { scanner } from '../security/scanner.js';
 import { parseAllWorkflows as parseAllWorkflowsSync } from '../agent/workflow-runner.js';
 import { SelfImproveLoop } from '../agent/self-improve.js';
+import { logAuditJsonl } from '../agent/hooks.js';
 const logger = pino({ name: 'clementine.cron' });
 /** Default timeout for standard cron jobs (10 minutes). */
 const CRON_STANDARD_TIMEOUT_MS = 10 * 60 * 1000;
@@ -332,6 +333,7 @@ export class CronScheduler {
     disabledJobs = new Set();
     scheduledTasks = new Map();
     runningJobs = new Set();
+    runMetadata = new Map();
     completedJobs = new Map(); // jobName → completion timestamp
     watching = false;
     runLog;
@@ -346,6 +348,10 @@ export class CronScheduler {
     triggerTimer = null;
     // Event-driven status change listeners (used by Discord status embed)
     statusChangeListeners = [];
+    // Disk-backed mirror of runningJobs for crash-safe idempotency. If the
+    // daemon dies mid-run, startup reconciliation surfaces the interrupted job
+    // to audit.jsonl and clears the file so the next scheduled tick proceeds.
+    static RUNNING_JOBS_FILE = path.join(BASE_DIR, 'cron-running.json');
     constructor(gateway, dispatcher) {
         this.gateway = gateway;
         this.dispatcher = dispatcher;
@@ -355,6 +361,65 @@ export class CronScheduler {
         // query jobs on connect which happens before start().
         this.loadJobDefinitions();
     }
+    /**
+     * Atomically persist the current runningJobs set to disk. Uses write-then-
+     * rename so a crash mid-write cannot corrupt the file.
+     */
+    persistRunningJobs(metaByName) {
+        try {
+            const entries = [...this.runningJobs].map(name => ({
+                jobName: name,
+                startedAt: metaByName?.get(name)?.startedAt ?? new Date().toISOString(),
+                runId: metaByName?.get(name)?.runId ?? '',
+                pid: process.pid,
+            }));
+            const tmp = CronScheduler.RUNNING_JOBS_FILE + '.tmp';
+            writeFileSync(tmp, JSON.stringify(entries, null, 2));
+            renameSync(tmp, CronScheduler.RUNNING_JOBS_FILE);
+        }
+        catch (err) {
+            logger.debug({ err }, 'Failed to persist running-jobs file');
+        }
+    }
+    /**
+     * On startup, read the persisted running-jobs file. Any entries present
+     * represent jobs interrupted by a previous crash. Surface each to audit.jsonl
+     * and clear the file. Deliberately do NOT auto-restart — the next scheduled
+     * tick handles it, avoiding duplicate external side effects (emails sent,
+     * commits pushed, etc.) from a partial prior run.
+     */
+    reconcileInterruptedJobs() {
+        try {
+            if (!existsSync(CronScheduler.RUNNING_JOBS_FILE))
+                return;
+            const raw = readFileSync(CronScheduler.RUNNING_JOBS_FILE, 'utf-8');
+            const entries = JSON.parse(raw);
+            if (!Array.isArray(entries) || entries.length === 0) {
+                unlinkSync(CronScheduler.RUNNING_JOBS_FILE);
+                return;
+            }
+            const detectedAt = new Date().toISOString();
+            for (const entry of entries) {
+                logger.warn({ ...entry, detectedAt }, 'Interrupted cron job detected on startup');
+                logAuditJsonl({
+                    event_type: 'cron_interrupted',
+                    jobName: entry.jobName,
+                    runId: entry.runId,
+                    startedAt: entry.startedAt,
+                    detectedAt,
+                    previousPid: entry.pid,
+                });
+            }
+            unlinkSync(CronScheduler.RUNNING_JOBS_FILE);
+        }
+        catch (err) {
+            logger.warn({ err }, 'Failed to reconcile running-jobs file — starting fresh');
+            try {
+                unlinkSync(CronScheduler.RUNNING_JOBS_FILE);
+            }
+            catch { /* ignore */ }
+        }
+    }
     /** Load job definitions from CRON.md and agent dirs without scheduling tasks. */
     loadJobDefinitions() {
         this.jobs = parseCronJobs();
@@ -376,15 +441,25 @@ export class CronScheduler {
         }
     }
     start() {
+        // Surface any jobs that were mid-run when the daemon last died and clear
+        // the crash-consistency file before scheduling new ticks.
+        this.reconcileInterruptedJobs();
         this.reloadJobs();
         this.reloadWorkflows();
         this.watchCronFile();
         this.watchAgentsDir();
         this.watchWorkflowDir();
         this.watchTriggers();
+        // Deep-mode jobs are owned by the router (_deliverDeepResult). The
+        // cron-scheduler callbacks below only dispatch for cron-originated runs;
+        // phase updates for deep-mode runs get routed back to the originating
+        // session instead of fanning out to every registered channel.
+        const isDeepMode = (jobName) => jobName.startsWith('deep-');
         // Wire up push notifications for unleashed task completions
         this.gateway.setUnleashedCompleteCallback((jobName, result) => {
             this.completedJobs.set(jobName, Date.now());
+            if (isDeepMode(jobName))
+                return; // router handles delivery via _deliverDeepResult
             if (result && result !== '__NOTHING__') {
                 const slug = jobName.includes(':') ? jobName.split(':')[0] : undefined;
                 // Strip system metadata for clean conversational delivery
@@ -405,7 +480,15 @@ export class CronScheduler {
             const cleanOutput = output
                 .replace(/^STATUS SUMMARY:?\s*/im, '')
                 .slice(0, 500);
-            this.dispatcher.send(`Still working on it — ${cleanOutput}`, { agentSlug: slug }).catch(err => logger.debug({ err }, 'Failed to send phase progress notification'));
+            // For deep-mode runs, target the originating session so the progress
+            // update lands in the same Discord DM / Slack thread / dashboard window.
+            const deepSessionKey = isDeepMode(jobName) ? this.gateway.findDeepTaskSessionKey(jobName) : null;
+            const ctx = {};
+            if (slug)
+                ctx.agentSlug = slug;
+            if (deepSessionKey)
+                ctx.sessionKey = deepSessionKey;
+            this.dispatcher.send(`Still working on it — ${cleanOutput}`, ctx).catch(err => logger.debug({ err }, 'Failed to send phase progress notification'));
         });
         // Wire up real-time progress summaries (throttled to max 1 per 5 minutes)
         const lastProgressSent = new Map();
@@ -416,7 +499,13 @@ export class CronScheduler {
                 return; // throttle: 1 per 5 minutes
             lastProgressSent.set(jobName, now);
             const slug = jobName.includes(':') ? jobName.split(':')[0] : undefined;
-            this.dispatcher.send(summary.slice(0, 300), { agentSlug: slug }).catch(err => logger.debug({ err }, 'Failed to send phase progress summary'));
+            const deepSessionKey = isDeepMode(jobName) ? this.gateway.findDeepTaskSessionKey(jobName) : null;
+            const ctx = {};
+            if (slug)
+                ctx.agentSlug = slug;
+            if (deepSessionKey)
+                ctx.sessionKey = deepSessionKey;
+            this.dispatcher.send(summary.slice(0, 300), ctx).catch(err => logger.debug({ err }, 'Failed to send phase progress summary'));
         });
         logger.info(`Cron scheduler started with ${this.jobs.length} jobs`);
     }
@@ -800,6 +889,11 @@ export class CronScheduler {
             catch { /* non-fatal */ }
         }
         this.runningJobs.add(job.name);
+        this.runMetadata.set(job.name, {
+            startedAt: new Date().toISOString(),
+            runId: Math.random().toString(36).slice(2, 10),
+        });
+        this.persistRunningJobs(this.runMetadata);
         this.emitStatusChange();
         try {
             logger.info(`Running cron job: ${job.name}${job.agentSlug ? ` (agent: ${job.agentSlug})` : ''}`);
@@ -969,6 +1063,8 @@ export class CronScheduler {
         }
         finally {
             this.runningJobs.delete(job.name);
+            this.runMetadata.delete(job.name);
+            this.persistRunningJobs(this.runMetadata);
             this.emitStatusChange();
             // Fire-and-forget: check if this agent's profile needs self-learning update
             if (job.agentSlug) {

package/dist/gateway/router.d.ts

@@ -75,6 +75,13 @@ export declare class Gateway {
     constructor(assistant: PersonalAssistant);
     /** Get or create a session state entry. */
     private getSession;
+    /**
+     * Reverse-lookup the session key that owns a given deep-mode jobName.
+     * Used by the cron-scheduler callbacks so phase-progress and completion
+     * messages can be routed back to the originating channel instead of
+     * fanning out to every registered sender.
+     */
+    findDeepTaskSessionKey(jobName: string): string | null;
     getAgentManager(): AgentManager;
     getTeamRouter(): TeamRouter;
     getTeamBus(): TeamBus;

package/dist/gateway/router.js

@@ -322,6 +322,19 @@ export class Gateway {
         }
         return s;
     }
+    /**
+     * Reverse-lookup the session key that owns a given deep-mode jobName.
+     * Used by the cron-scheduler callbacks so phase-progress and completion
+     * messages can be routed back to the originating channel instead of
+     * fanning out to every registered sender.
+     */
+    findDeepTaskSessionKey(jobName) {
+        for (const [key, sess] of this.sessions) {
+            if (sess.deepTask?.jobName === jobName)
+                return key;
+        }
+        return null;
+    }
     // ── Team system accessors ──────────────────────────────────────────
     getAgentManager() {
         if (!this._agentManager) {
@@ -748,6 +761,8 @@ export class Gateway {
                 const isOwnerDm = sessionKey.startsWith('discord:user:') ||
                     sessionKey.startsWith('discord:agent:') ||
                     sessionKey.startsWith('slack:dm:') ||
+                    // New workspace-namespaced Slack DMs: slack:team:{teamId}:user:{userId}
+                    /^slack:team:[^:]+:(user|dm):/.test(sessionKey) ||
                     sessionKey.startsWith('telegram:');
                 const shouldBlock = scan.verdict === 'block' && !isOwnerDm;
                 if (shouldBlock) {
@@ -1308,6 +1323,8 @@ export class Gateway {
                 const isOwnerDm = sessionKey.startsWith('discord:user:') ||
                     sessionKey.startsWith('discord:agent:') ||
                     sessionKey.startsWith('slack:dm:') ||
+                    // New workspace-namespaced Slack DMs: slack:team:{teamId}:user:{userId}
+                    /^slack:team:[^:]+:(user|dm):/.test(sessionKey) ||
                     sessionKey.startsWith('telegram:');
                 const shouldBlock = scan.verdict === 'block' && !isOwnerDm;
                 if (shouldBlock) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clementine-agent",
-  "version": "1.0.28",
+  "version": "1.0.30",
   "description": "Clementine — Personal AI Assistant (TypeScript)",
   "type": "module",
   "main": "dist/index.js",