clementine-agent 1.0.41 → 1.0.43

package/dist/agent/assistant.js

@@ -1052,6 +1052,20 @@ Obsidian vault with YAML frontmatter, [[wikilinks]], #tags.
 **Remembering:** Durable facts → memory_write(action="update_memory"). Daily context → note_take / memory_write(action="append_daily"). New person → note_create. New task → task_add.
 Save important facts immediately; a background agent also extracts after each exchange.
 
+## Self-Configuration (don't make the owner edit config files)
+
+When ${owner} gives you an API key, access token, or similar credential in chat, **save it yourself** with \`env_set\`. Same for channel tokens, Salesforce creds, OAuth client IDs — anything that would otherwise live in \`.env\`. \`env_set(key, value)\` writes to \`~/.clementine/.env\` and hot-reloads into \`process.env\` so the next tool call can use it. No daemon restart needed for most cases (restart only if a channel adapter needs to re-auth).
+
+Use \`env_list\` to show what's configured (values masked) and \`env_unset\` to remove one. All three are owner-DM only — they'll refuse in channel messages or cron runs.
+
+### Tool schema self-extension
+
+If a tool call fails with **"not in my function schema" / "tool not allowed" / "unknown tool"** BUT you can see it in the SDK init inventory (e.g. \`mcp__claude_ai_Google_Drive__search_files\`), call \`allow_tool(name)\` to add it to your whitelist. Takes effect on your next query — no restart, no owner intervention. Then try the original task again.
+
+This is the correct response to "tool not in schema" errors. **Do not dead-end** and tell ${owner} to edit a config file. Use \`list_allowed_tools\` to see what you've already added, \`disallow_tool\` to remove one.
+
+Don't tell ${owner} "add this to your .env" — just call env_set and report what you saved. For integrations connected at claude.ai (Google Drive, Gmail, Slack, Notion, Linear, etc.), the \`mcp__claude_ai_*\` tools appear in your SDK init inventory; if your first call is refused, call \`allow_tool\` with the exact tool name and retry.
+
 ## Context Window Management
 
 Delegate data-heavy work (SEO, analytics, bulk API calls for 3+ entities) to sub-agents via the Agent tool. They run in their own context and return summaries. Never pull bulk data directly.
@@ -1354,6 +1368,15 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
             mcpTool('workspace_config'),
             mcpTool('workspace_list'),
             mcpTool('workspace_info'),
+            // Env file self-management (owner-DM gated inside the tool)
+            mcpTool('env_set'),
+            mcpTool('env_list'),
+            mcpTool('env_unset'),
+            // Self-service tool whitelist — Clementine can add tools she discovers
+            // in the SDK init inventory but that aren't in her baseline allowedTools
+            mcpTool('allow_tool'),
+            mcpTool('list_allowed_tools'),
+            mcpTool('disallow_tool'),
             mcpTool('self_restart'),
             mcpTool('cron_list'),
             mcpTool('add_cron_job'),
@@ -1411,6 +1434,41 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
             }
         }
         catch { /* non-fatal — dynamic tools are supplementary */ }
+        // Claude Desktop connector tools (mcp__claude_ai_*). These reach the SDK
+        // subprocess via Claude Code's runtime but are NOT added to allowedTools
+        // automatically — which caused the model to see them in the init
+        // inventory but get refused when it tried to call one ("not in my
+        // function schema"). Add every tool from every auto-registered
+        // integration (populated from the SDK init message on prior queries) so
+        // the whitelist matches reality.
+        try {
+            const integrations = _mcpBridge?.getClaudeIntegrations() ?? [];
+            for (const ig of integrations) {
+                for (const tool of ig.tools) {
+                    const fullName = `mcp__claude_ai_${ig.name}__${tool}`;
+                    if (!allowedTools.includes(fullName))
+                        allowedTools.push(fullName);
+                }
+            }
+        }
+        catch { /* non-fatal */ }
+        // Self-service extension — Clementine can add tools to her own whitelist
+        // at runtime via the `allow_tool` MCP tool, writing to allowed-tools-
+        // extra.json. This eliminates the "tool not in schema → dead end → tell
+        // owner to edit config" failure pattern. See admin-tools.ts:allow_tool.
+        try {
+            const extraPath = path.join(BASE_DIR, 'allowed-tools-extra.json');
+            if (fs.existsSync(extraPath)) {
+                const extras = JSON.parse(fs.readFileSync(extraPath, 'utf-8'));
+                if (Array.isArray(extras)) {
+                    for (const t of extras) {
+                        if (typeof t === 'string' && !allowedTools.includes(t))
+                            allowedTools.push(t);
+                    }
+                }
+            }
+        }
+        catch { /* non-fatal */ }
         // Agent tool whitelist: filter down to only allowed tools
         if (profile?.team?.allowedTools?.length) {
             const whitelist = new Set(profile.team.allowedTools.flatMap(t => [t, mcpTool(t)]));

package/dist/tools/admin-tools.js

@@ -15,7 +15,62 @@ import path from 'node:path';
 import Anthropic from '@anthropic-ai/sdk';
 import { z } from 'zod';
 import { BASE_DIR, CRON_FILE, SYSTEM_DIR, env, getStore, logger, textResult, } from './shared.js';
+import { getInteractionSource } from '../agent/hooks.js';
+import { renameSync } from 'node:fs';
 function readEnvFile() { return env; }
+// ── Env file management helpers (tools registered inside registerAdminTools) ──
+const ENV_PATH = path.join(BASE_DIR, '.env');
+/** Parse a .env file into key→value pairs. Preserves order when re-serialized. */
+function parseEnvFile() {
+    const map = new Map();
+    if (!existsSync(ENV_PATH))
+        return map;
+    const text = readFileSync(ENV_PATH, 'utf-8');
+    for (const rawLine of text.split(/\r?\n/)) {
+        const line = rawLine.trim();
+        if (!line || line.startsWith('#'))
+            continue;
+        const eq = line.indexOf('=');
+        if (eq < 0)
+            continue;
+        const key = line.slice(0, eq).trim();
+        let value = line.slice(eq + 1);
+        if ((value.startsWith('"') && value.endsWith('"')) || (value.startsWith("'") && value.endsWith("'"))) {
+            value = value.slice(1, -1);
+        }
+        map.set(key, value);
+    }
+    return map;
+}
+/** Atomic write — write to .tmp then rename. Mode 0o600. */
+function writeEnvFile(map) {
+    if (!existsSync(BASE_DIR))
+        mkdirSync(BASE_DIR, { recursive: true });
+    const lines = [];
+    for (const [key, value] of map) {
+        const needsQuote = /[\s#'"\\]/.test(value) || value === '';
+        lines.push(`${key}=${needsQuote ? `"${value.replace(/"/g, '\\"')}"` : value}`);
+    }
+    const tmp = ENV_PATH + '.tmp';
+    writeFileSync(tmp, lines.join('\n') + '\n', { mode: 0o600 });
+    renameSync(tmp, ENV_PATH);
+}
+/** Mask a secret for safe logging: keep first 4 + last 4, dots in between. */
+function maskSecret(value) {
+    if (value.length <= 8)
+        return '•'.repeat(Math.max(value.length, 4));
+    return value.slice(0, 4) + '…' + value.slice(-4);
+}
+function requireOwnerDm() {
+    const source = getInteractionSource();
+    if (source !== 'owner-dm') {
+        return {
+            ok: false,
+            message: `Env writes are restricted to direct owner conversations. Current interaction source: ${source}. Ask the owner to message directly if they want to change credentials.`,
+        };
+    }
+    return { ok: true };
+}
 export function registerAdminTools(server) {
     // ── 16. set_timer ──────────────────────────────────────────────────────
     const TIMERS_FILE = path.join(BASE_DIR, '.timers.json');
@@ -57,6 +112,140 @@ export function registerAdminTools(server) {
         });
         return textResult(`Timer set. Reminder in ${minutes} minute${minutes !== 1 ? 's' : ''} (~${fireTime}): "${message}"`);
     });
+    // ── Env self-configuration (owner-DM only) ────────────────────────────
+    server.tool('env_set', 'Save or update an environment variable in ~/.clementine/.env (API keys, tokens, config). Owner-DM only. Changes take effect immediately — the new value becomes available to process.env and to the next tool call. Use this when the owner gives a credential in chat instead of telling them to hand-edit files.', {
+        key: z.string().describe('Env var name (uppercase with underscores, e.g. STRIPE_API_KEY)'),
+        value: z.string().describe('The value to store. Never echo back to the user; it will be masked in logs.'),
+    }, async ({ key, value }) => {
+        const gate = requireOwnerDm();
+        if (!gate.ok)
+            return textResult(gate.message);
+        const normalizedKey = key.trim();
+        if (!/^[A-Z][A-Z0-9_]*$/.test(normalizedKey)) {
+            return textResult(`Env var name must be uppercase letters, digits, and underscores only. Got: ${normalizedKey}`);
+        }
+        if (!value)
+            return textResult('Refused: empty value. Use env_unset to remove a key.');
+        const map = parseEnvFile();
+        const existed = map.has(normalizedKey);
+        map.set(normalizedKey, value);
+        try {
+            writeEnvFile(map);
+        }
+        catch (err) {
+            return textResult(`Failed to write .env: ${String(err).slice(0, 200)}`);
+        }
+        process.env[normalizedKey] = value;
+        logger.info({ key: normalizedKey, existed, masked: maskSecret(value) }, 'env_set');
+        return textResult(`${existed ? 'Updated' : 'Added'} ${normalizedKey} in ~/.clementine/.env (value: ${maskSecret(value)}). Available to tools immediately; a daemon restart is not required for most cases.`);
+    });
+    server.tool('env_list', 'List the names of environment variables configured in ~/.clementine/.env. Returns key names only — values are masked. Owner-DM only.', {}, async () => {
+        const gate = requireOwnerDm();
+        if (!gate.ok)
+            return textResult(gate.message);
+        const map = parseEnvFile();
+        if (map.size === 0)
+            return textResult('No env vars configured in ~/.clementine/.env');
+        const lines = [...map.entries()].map(([k, v]) => `- ${k} = ${maskSecret(v)}`);
+        return textResult(`Configured env vars (${map.size}):\n${lines.join('\n')}`);
+    });
+    server.tool('env_unset', 'Remove an environment variable from ~/.clementine/.env. Owner-DM only. Also clears from the running process.', {
+        key: z.string().describe('Env var name to remove'),
+    }, async ({ key }) => {
+        const gate = requireOwnerDm();
+        if (!gate.ok)
+            return textResult(gate.message);
+        const normalizedKey = key.trim();
+        const map = parseEnvFile();
+        if (!map.has(normalizedKey))
+            return textResult(`${normalizedKey} is not set in ~/.clementine/.env`);
+        map.delete(normalizedKey);
+        try {
+            writeEnvFile(map);
+        }
+        catch (err) {
+            return textResult(`Failed to write .env: ${String(err).slice(0, 200)}`);
+        }
+        delete process.env[normalizedKey];
+        logger.info({ key: normalizedKey }, 'env_unset');
+        return textResult(`Removed ${normalizedKey} from ~/.clementine/.env`);
+    });
+    // ── Self-service tool whitelist ────────────────────────────────────────
+    const ALLOWED_TOOLS_EXTRA = path.join(BASE_DIR, 'allowed-tools-extra.json');
+    function readExtraAllowedTools() {
+        if (!existsSync(ALLOWED_TOOLS_EXTRA))
+            return [];
+        try {
+            const arr = JSON.parse(readFileSync(ALLOWED_TOOLS_EXTRA, 'utf-8'));
+            return Array.isArray(arr) ? arr.filter((x) => typeof x === 'string') : [];
+        }
+        catch {
+            return [];
+        }
+    }
+    function writeExtraAllowedTools(tools) {
+        if (!existsSync(BASE_DIR))
+            mkdirSync(BASE_DIR, { recursive: true });
+        const unique = [...new Set(tools)].sort();
+        writeFileSync(ALLOWED_TOOLS_EXTRA, JSON.stringify(unique, null, 2));
+    }
+    server.tool('allow_tool', 'Add a tool name to your self-managed allowedTools list. Use when you see a tool in the SDK inventory but get "not in function schema" when you try to call it. Writes to ~/.clementine/allowed-tools-extra.json; takes effect on your NEXT query. Owner-DM only. Common case: Claude Desktop connector tools like mcp__claude_ai_Google_Drive__search_files that appear in the init inventory but aren\'t in your baseline whitelist.', {
+        name: z.string().describe('Exact tool name (e.g. "mcp__claude_ai_Google_Drive__search_files")'),
+        reason: z.string().optional().describe('Brief note: why you need this tool. For audit trail.'),
+    }, async ({ name, reason }) => {
+        const gate = requireOwnerDm();
+        if (!gate.ok)
+            return textResult(gate.message);
+        const trimmed = name.trim();
+        if (!trimmed)
+            return textResult('Refused: empty tool name.');
+        // Loose format check — MCP tool names, built-in tool names, or namespaced patterns.
+        if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(trimmed.replace(/__[A-Za-z0-9_-]+/g, ''))) {
+            return textResult(`Refused: "${trimmed}" doesn't look like a valid tool name. Use a literal name like "mcp__claude_ai_Google_Drive__search_files" or a built-in like "WebFetch".`);
+        }
+        const current = readExtraAllowedTools();
+        if (current.includes(trimmed)) {
+            return textResult(`${trimmed} is already in your extra-allowed list. If it's still being refused, it may be disallowed by a higher-priority block (heartbeat/cron disallowed tools, profile tier).`);
+        }
+        current.push(trimmed);
+        try {
+            writeExtraAllowedTools(current);
+        }
+        catch (err) {
+            return textResult(`Failed to persist: ${String(err).slice(0, 200)}`);
+        }
+        logger.info({ name: trimmed, reason, totalExtras: current.length }, 'allow_tool');
+        return textResult(`Added ${trimmed} to ~/.clementine/allowed-tools-extra.json (${current.length} total extras). Active on your next query — no daemon restart needed.${reason ? ` Reason: ${reason}` : ''}`);
+    });
+    server.tool('list_allowed_tools', 'Show the current self-managed allowedTools extras (tools you added via allow_tool on top of the built-in whitelist). Owner-DM only.', {}, async () => {
+        const gate = requireOwnerDm();
+        if (!gate.ok)
+            return textResult(gate.message);
+        const current = readExtraAllowedTools();
+        if (current.length === 0)
+            return textResult('No extra tools registered. The built-in whitelist is the only source; add entries via `allow_tool` when you encounter "not in function schema" errors.');
+        return textResult(`Extra allowed tools (${current.length}):\n${current.map(t => `- ${t}`).join('\n')}\n\nStored in ~/.clementine/allowed-tools-extra.json; merged into allowedTools on every query.`);
+    });
+    server.tool('disallow_tool', 'Remove a tool from your self-managed allowedTools extras. Takes effect on next query. Owner-DM only.', {
+        name: z.string().describe('Exact tool name to remove'),
+    }, async ({ name }) => {
+        const gate = requireOwnerDm();
+        if (!gate.ok)
+            return textResult(gate.message);
+        const trimmed = name.trim();
+        const current = readExtraAllowedTools();
+        if (!current.includes(trimmed))
+            return textResult(`${trimmed} isn't in the extras list. Nothing to remove.`);
+        const next = current.filter(t => t !== trimmed);
+        try {
+            writeExtraAllowedTools(next);
+        }
+        catch (err) {
+            return textResult(`Failed to persist: ${String(err).slice(0, 200)}`);
+        }
+        logger.info({ name: trimmed, totalExtras: next.length }, 'disallow_tool');
+        return textResult(`Removed ${trimmed} from extras (${next.length} remaining).`);
+    });
     // ── Workspace Tools ─────────────────────────────────────────────────────
     /** Common developer directories to auto-scan (relative to home). */
     const DEFAULT_WORKSPACE_CANDIDATES = [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clementine-agent",
-  "version": "1.0.41",
+  "version": "1.0.43",
   "description": "Clementine — Personal AI Assistant (TypeScript)",
   "type": "module",
   "main": "dist/index.js",