clementine-agent 1.0.40 → 1.0.42

package/dist/agent/assistant.js

@@ -694,10 +694,29 @@ export class PersonalAssistant {
     /** Capture MCP server status from system init messages. */
     captureMcpStatus(message) {
         const sysMsg = message;
-        if (sysMsg.subtype === 'init' && sysMsg.mcp_servers) {
+        if (sysMsg.subtype !== 'init')
+            return;
+        if (sysMsg.mcp_servers) {
             this._lastMcpStatus = sysMsg.mcp_servers;
             this._lastMcpStatusTime = new Date().toISOString();
         }
+        // Auto-register Claude Desktop integrations from the authoritative tool
+        // list the SDK reports on init. Previously the claude-integrations file
+        // was written reactively — only after the agent successfully called an
+        // integration tool — which meant a freshly-connected Google Drive or
+        // Gmail was invisible until used. Now every session-init rewrites the
+        // list to match reality.
+        if (Array.isArray(sysMsg.tools) && sysMsg.tools.length > 0 && _mcpBridge) {
+            try {
+                const { added, updated } = _mcpBridge.registerClaudeIntegrationsFromToolList(sysMsg.tools);
+                if (added.length > 0 || updated.length > 0) {
+                    logger.info({ added, updated }, 'Registered Claude Desktop integrations from SDK tool inventory');
+                }
+            }
+            catch (err) {
+                logger.debug({ err }, 'Integration auto-registration failed (non-fatal)');
+            }
+        }
     }
     setUnleashedCompleteCallback(cb) {
         this.onUnleashedComplete = cb;
@@ -1033,6 +1052,14 @@ Obsidian vault with YAML frontmatter, [[wikilinks]], #tags.
 **Remembering:** Durable facts → memory_write(action="update_memory"). Daily context → note_take / memory_write(action="append_daily"). New person → note_create. New task → task_add.
 Save important facts immediately; a background agent also extracts after each exchange.
 
+## Self-Configuration (don't make the owner edit config files)
+
+When ${owner} gives you an API key, access token, or similar credential in chat, **save it yourself** with \`env_set\`. Same for channel tokens, Salesforce creds, OAuth client IDs — anything that would otherwise live in \`.env\`. \`env_set(key, value)\` writes to \`~/.clementine/.env\` and hot-reloads into \`process.env\` so the next tool call can use it. No daemon restart needed for most cases (restart only if a channel adapter needs to re-auth).
+
+Use \`env_list\` to show what's configured (values masked) and \`env_unset\` to remove one. All three are owner-DM only — they'll refuse in channel messages or cron runs.
+
+Don't tell ${owner} "add this to your .env" — just call env_set and report what you saved. For integrations connected at claude.ai (Google Drive, Gmail, Slack, Notion, Linear, etc.), the \`mcp__claude_ai_*\` tools appear automatically via Claude Desktop — never claim one is "not available" without trying the tool call first.
+
 ## Context Window Management
 
 Delegate data-heavy work (SEO, analytics, bulk API calls for 3+ entities) to sub-agents via the Agent tool. They run in their own context and return summaries. Never pull bulk data directly.
@@ -1335,6 +1362,10 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
             mcpTool('workspace_config'),
             mcpTool('workspace_list'),
             mcpTool('workspace_info'),
+            // Env file self-management (owner-DM gated inside the tool)
+            mcpTool('env_set'),
+            mcpTool('env_list'),
+            mcpTool('env_unset'),
             mcpTool('self_restart'),
             mcpTool('cron_list'),
             mcpTool('add_cron_job'),

package/dist/agent/mcp-bridge.d.ts

@@ -54,6 +54,21 @@ export declare function loadClaudeIntegrations(): Record<string, ClaudeIntegrati
 export declare function recordClaudeIntegrationUse(toolName: string): void;
 /** Get all discovered Claude Desktop integrations as a list. */
 export declare function getClaudeIntegrations(): ClaudeIntegration[];
+/**
+ * Register every integration found in a tool inventory. The SDK's system
+ * init message (subtype='init') includes a `tools: string[]` with the full
+ * set of tools the agent actually has access to this session — including
+ * every mcp__claude_ai_* tool Claude Desktop is surfacing. Walking that
+ * list on init gives us the authoritative, up-to-date integration set
+ * without waiting for the agent to blindly try each one.
+ *
+ * Idempotent: if an entry already exists, we merge new tool names into it
+ * and bump `connected = true` without touching firstSeen/lastUsed.
+ */
+export declare function registerClaudeIntegrationsFromToolList(tools: string[]): {
+    added: string[];
+    updated: string[];
+};
 /**
  * Bootstrap integrations from the audit log.
  * Call once on startup to seed the integrations file from historical data.

package/dist/agent/mcp-bridge.js

@@ -384,6 +384,60 @@ export function recordClaudeIntegrationUse(toolName) {
 export function getClaudeIntegrations() {
     return Object.values(loadClaudeIntegrations());
 }
+/**
+ * Register every integration found in a tool inventory. The SDK's system
+ * init message (subtype='init') includes a `tools: string[]` with the full
+ * set of tools the agent actually has access to this session — including
+ * every mcp__claude_ai_* tool Claude Desktop is surfacing. Walking that
+ * list on init gives us the authoritative, up-to-date integration set
+ * without waiting for the agent to blindly try each one.
+ *
+ * Idempotent: if an entry already exists, we merge new tool names into it
+ * and bump `connected = true` without touching firstSeen/lastUsed.
+ */
+export function registerClaudeIntegrationsFromToolList(tools) {
+    const added = [];
+    const updated = [];
+    if (!Array.isArray(tools) || tools.length === 0)
+        return { added, updated };
+    const integrations = loadClaudeIntegrations();
+    const now = new Date().toISOString();
+    let dirty = false;
+    for (const toolName of tools) {
+        const parsed = parseClaudeDesktopTool(toolName);
+        if (!parsed)
+            continue;
+        const existing = integrations[parsed.integration];
+        if (existing) {
+            if (!existing.tools.includes(parsed.tool)) {
+                existing.tools.push(parsed.tool);
+                existing.tools.sort();
+                dirty = true;
+            }
+            if (!existing.connected) {
+                existing.connected = true;
+                dirty = true;
+            }
+            if (!updated.includes(parsed.integration))
+                updated.push(parsed.integration);
+        }
+        else {
+            integrations[parsed.integration] = {
+                name: parsed.integration,
+                label: INTEGRATION_LABELS[parsed.integration] ?? parsed.integration.replace(/_/g, ' '),
+                tools: [parsed.tool],
+                firstSeen: now,
+                lastUsed: now,
+                connected: true,
+            };
+            added.push(parsed.integration);
+            dirty = true;
+        }
+    }
+    if (dirty)
+        saveClaudeIntegrations(integrations);
+    return { added, updated };
+}
 /**
  * Bootstrap integrations from the audit log.
  * Call once on startup to seed the integrations file from historical data.

package/dist/tools/admin-tools.js

@@ -15,7 +15,62 @@ import path from 'node:path';
 import Anthropic from '@anthropic-ai/sdk';
 import { z } from 'zod';
 import { BASE_DIR, CRON_FILE, SYSTEM_DIR, env, getStore, logger, textResult, } from './shared.js';
+import { getInteractionSource } from '../agent/hooks.js';
+import { renameSync } from 'node:fs';
 function readEnvFile() { return env; }
+// ── Env file management helpers (tools registered inside registerAdminTools) ──
+const ENV_PATH = path.join(BASE_DIR, '.env');
+/** Parse a .env file into key→value pairs. Preserves order when re-serialized. */
+function parseEnvFile() {
+    const map = new Map();
+    if (!existsSync(ENV_PATH))
+        return map;
+    const text = readFileSync(ENV_PATH, 'utf-8');
+    for (const rawLine of text.split(/\r?\n/)) {
+        const line = rawLine.trim();
+        if (!line || line.startsWith('#'))
+            continue;
+        const eq = line.indexOf('=');
+        if (eq < 0)
+            continue;
+        const key = line.slice(0, eq).trim();
+        let value = line.slice(eq + 1);
+        if ((value.startsWith('"') && value.endsWith('"')) || (value.startsWith("'") && value.endsWith("'"))) {
+            value = value.slice(1, -1);
+        }
+        map.set(key, value);
+    }
+    return map;
+}
+/** Atomic write — write to .tmp then rename. Mode 0o600. */
+function writeEnvFile(map) {
+    if (!existsSync(BASE_DIR))
+        mkdirSync(BASE_DIR, { recursive: true });
+    const lines = [];
+    for (const [key, value] of map) {
+        const needsQuote = /[\s#'"\\]/.test(value) || value === '';
+        lines.push(`${key}=${needsQuote ? `"${value.replace(/"/g, '\\"')}"` : value}`);
+    }
+    const tmp = ENV_PATH + '.tmp';
+    writeFileSync(tmp, lines.join('\n') + '\n', { mode: 0o600 });
+    renameSync(tmp, ENV_PATH);
+}
+/** Mask a secret for safe logging: keep first 4 + last 4, dots in between. */
+function maskSecret(value) {
+    if (value.length <= 8)
+        return '•'.repeat(Math.max(value.length, 4));
+    return value.slice(0, 4) + '…' + value.slice(-4);
+}
+function requireOwnerDm() {
+    const source = getInteractionSource();
+    if (source !== 'owner-dm') {
+        return {
+            ok: false,
+            message: `Env writes are restricted to direct owner conversations. Current interaction source: ${source}. Ask the owner to message directly if they want to change credentials.`,
+        };
+    }
+    return { ok: true };
+}
 export function registerAdminTools(server) {
     // ── 16. set_timer ──────────────────────────────────────────────────────
     const TIMERS_FILE = path.join(BASE_DIR, '.timers.json');
@@ -57,6 +112,64 @@ export function registerAdminTools(server) {
         });
         return textResult(`Timer set. Reminder in ${minutes} minute${minutes !== 1 ? 's' : ''} (~${fireTime}): "${message}"`);
     });
+    // ── Env self-configuration (owner-DM only) ────────────────────────────
+    server.tool('env_set', 'Save or update an environment variable in ~/.clementine/.env (API keys, tokens, config). Owner-DM only. Changes take effect immediately — the new value becomes available to process.env and to the next tool call. Use this when the owner gives a credential in chat instead of telling them to hand-edit files.', {
+        key: z.string().describe('Env var name (uppercase with underscores, e.g. STRIPE_API_KEY)'),
+        value: z.string().describe('The value to store. Never echo back to the user; it will be masked in logs.'),
+    }, async ({ key, value }) => {
+        const gate = requireOwnerDm();
+        if (!gate.ok)
+            return textResult(gate.message);
+        const normalizedKey = key.trim();
+        if (!/^[A-Z][A-Z0-9_]*$/.test(normalizedKey)) {
+            return textResult(`Env var name must be uppercase letters, digits, and underscores only. Got: ${normalizedKey}`);
+        }
+        if (!value)
+            return textResult('Refused: empty value. Use env_unset to remove a key.');
+        const map = parseEnvFile();
+        const existed = map.has(normalizedKey);
+        map.set(normalizedKey, value);
+        try {
+            writeEnvFile(map);
+        }
+        catch (err) {
+            return textResult(`Failed to write .env: ${String(err).slice(0, 200)}`);
+        }
+        process.env[normalizedKey] = value;
+        logger.info({ key: normalizedKey, existed, masked: maskSecret(value) }, 'env_set');
+        return textResult(`${existed ? 'Updated' : 'Added'} ${normalizedKey} in ~/.clementine/.env (value: ${maskSecret(value)}). Available to tools immediately; a daemon restart is not required for most cases.`);
+    });
+    server.tool('env_list', 'List the names of environment variables configured in ~/.clementine/.env. Returns key names only — values are masked. Owner-DM only.', {}, async () => {
+        const gate = requireOwnerDm();
+        if (!gate.ok)
+            return textResult(gate.message);
+        const map = parseEnvFile();
+        if (map.size === 0)
+            return textResult('No env vars configured in ~/.clementine/.env');
+        const lines = [...map.entries()].map(([k, v]) => `- ${k} = ${maskSecret(v)}`);
+        return textResult(`Configured env vars (${map.size}):\n${lines.join('\n')}`);
+    });
+    server.tool('env_unset', 'Remove an environment variable from ~/.clementine/.env. Owner-DM only. Also clears from the running process.', {
+        key: z.string().describe('Env var name to remove'),
+    }, async ({ key }) => {
+        const gate = requireOwnerDm();
+        if (!gate.ok)
+            return textResult(gate.message);
+        const normalizedKey = key.trim();
+        const map = parseEnvFile();
+        if (!map.has(normalizedKey))
+            return textResult(`${normalizedKey} is not set in ~/.clementine/.env`);
+        map.delete(normalizedKey);
+        try {
+            writeEnvFile(map);
+        }
+        catch (err) {
+            return textResult(`Failed to write .env: ${String(err).slice(0, 200)}`);
+        }
+        delete process.env[normalizedKey];
+        logger.info({ key: normalizedKey }, 'env_unset');
+        return textResult(`Removed ${normalizedKey} from ~/.clementine/.env`);
+    });
     // ── Workspace Tools ─────────────────────────────────────────────────────
     /** Common developer directories to auto-scan (relative to home). */
     const DEFAULT_WORKSPACE_CANDIDATES = [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clementine-agent",
-  "version": "1.0.40",
+  "version": "1.0.42",
   "description": "Clementine — Personal AI Assistant (TypeScript)",
   "type": "module",
   "main": "dist/index.js",