clementine-agent 1.0.42 → 1.0.43

package/dist/agent/assistant.js

@@ -1058,7 +1058,13 @@ When ${owner} gives you an API key, access token, or similar credential in chat,
 
 Use \`env_list\` to show what's configured (values masked) and \`env_unset\` to remove one. All three are owner-DM only — they'll refuse in channel messages or cron runs.
 
-Don't tell ${owner} "add this to your .env" — just call env_set and report what you saved. For integrations connected at claude.ai (Google Drive, Gmail, Slack, Notion, Linear, etc.), the \`mcp__claude_ai_*\` tools appear automatically via Claude Desktop — never claim one is "not available" without trying the tool call first.
+### Tool schema self-extension
+
+If a tool call fails with **"not in my function schema" / "tool not allowed" / "unknown tool"** BUT you can see it in the SDK init inventory (e.g. \`mcp__claude_ai_Google_Drive__search_files\`), call \`allow_tool(name)\` to add it to your whitelist. Takes effect on your next query — no restart, no owner intervention. Then try the original task again.
+
+This is the correct response to "tool not in schema" errors. **Do not dead-end** and tell ${owner} to edit a config file. Use \`list_allowed_tools\` to see what you've already added, \`disallow_tool\` to remove one.
+
+Don't tell ${owner} "add this to your .env" — just call env_set and report what you saved. For integrations connected at claude.ai (Google Drive, Gmail, Slack, Notion, Linear, etc.), the \`mcp__claude_ai_*\` tools appear in your SDK init inventory; if your first call is refused, call \`allow_tool\` with the exact tool name and retry.
 
 ## Context Window Management
 
@@ -1366,6 +1372,11 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
             mcpTool('env_set'),
             mcpTool('env_list'),
             mcpTool('env_unset'),
+            // Self-service tool whitelist — Clementine can add tools she discovers
+            // in the SDK init inventory but that aren't in her baseline allowedTools
+            mcpTool('allow_tool'),
+            mcpTool('list_allowed_tools'),
+            mcpTool('disallow_tool'),
             mcpTool('self_restart'),
             mcpTool('cron_list'),
             mcpTool('add_cron_job'),
@@ -1423,6 +1434,41 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
             }
         }
         catch { /* non-fatal — dynamic tools are supplementary */ }
+        // Claude Desktop connector tools (mcp__claude_ai_*). These reach the SDK
+        // subprocess via Claude Code's runtime but are NOT added to allowedTools
+        // automatically — which caused the model to see them in the init
+        // inventory but get refused when it tried to call one ("not in my
+        // function schema"). Add every tool from every auto-registered
+        // integration (populated from the SDK init message on prior queries) so
+        // the whitelist matches reality.
+        try {
+            const integrations = _mcpBridge?.getClaudeIntegrations() ?? [];
+            for (const ig of integrations) {
+                for (const tool of ig.tools) {
+                    const fullName = `mcp__claude_ai_${ig.name}__${tool}`;
+                    if (!allowedTools.includes(fullName))
+                        allowedTools.push(fullName);
+                }
+            }
+        }
+        catch { /* non-fatal */ }
+        // Self-service extension — Clementine can add tools to her own whitelist
+        // at runtime via the `allow_tool` MCP tool, writing to allowed-tools-
+        // extra.json. This eliminates the "tool not in schema → dead end → tell
+        // owner to edit config" failure pattern. See admin-tools.ts:allow_tool.
+        try {
+            const extraPath = path.join(BASE_DIR, 'allowed-tools-extra.json');
+            if (fs.existsSync(extraPath)) {
+                const extras = JSON.parse(fs.readFileSync(extraPath, 'utf-8'));
+                if (Array.isArray(extras)) {
+                    for (const t of extras) {
+                        if (typeof t === 'string' && !allowedTools.includes(t))
+                            allowedTools.push(t);
+                    }
+                }
+            }
+        }
+        catch { /* non-fatal */ }
         // Agent tool whitelist: filter down to only allowed tools
         if (profile?.team?.allowedTools?.length) {
             const whitelist = new Set(profile.team.allowedTools.flatMap(t => [t, mcpTool(t)]));

package/dist/tools/admin-tools.js

@@ -170,6 +170,82 @@ export function registerAdminTools(server) {
         logger.info({ key: normalizedKey }, 'env_unset');
         return textResult(`Removed ${normalizedKey} from ~/.clementine/.env`);
     });
+    // ── Self-service tool whitelist ────────────────────────────────────────
+    const ALLOWED_TOOLS_EXTRA = path.join(BASE_DIR, 'allowed-tools-extra.json');
+    function readExtraAllowedTools() {
+        if (!existsSync(ALLOWED_TOOLS_EXTRA))
+            return [];
+        try {
+            const arr = JSON.parse(readFileSync(ALLOWED_TOOLS_EXTRA, 'utf-8'));
+            return Array.isArray(arr) ? arr.filter((x) => typeof x === 'string') : [];
+        }
+        catch {
+            return [];
+        }
+    }
+    function writeExtraAllowedTools(tools) {
+        if (!existsSync(BASE_DIR))
+            mkdirSync(BASE_DIR, { recursive: true });
+        const unique = [...new Set(tools)].sort();
+        writeFileSync(ALLOWED_TOOLS_EXTRA, JSON.stringify(unique, null, 2));
+    }
+    server.tool('allow_tool', 'Add a tool name to your self-managed allowedTools list. Use when you see a tool in the SDK inventory but get "not in function schema" when you try to call it. Writes to ~/.clementine/allowed-tools-extra.json; takes effect on your NEXT query. Owner-DM only. Common case: Claude Desktop connector tools like mcp__claude_ai_Google_Drive__search_files that appear in the init inventory but aren\'t in your baseline whitelist.', {
+        name: z.string().describe('Exact tool name (e.g. "mcp__claude_ai_Google_Drive__search_files")'),
+        reason: z.string().optional().describe('Brief note: why you need this tool. For audit trail.'),
+    }, async ({ name, reason }) => {
+        const gate = requireOwnerDm();
+        if (!gate.ok)
+            return textResult(gate.message);
+        const trimmed = name.trim();
+        if (!trimmed)
+            return textResult('Refused: empty tool name.');
+        // Loose format check — MCP tool names, built-in tool names, or namespaced patterns.
+        if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(trimmed.replace(/__[A-Za-z0-9_-]+/g, ''))) {
+            return textResult(`Refused: "${trimmed}" doesn't look like a valid tool name. Use a literal name like "mcp__claude_ai_Google_Drive__search_files" or a built-in like "WebFetch".`);
+        }
+        const current = readExtraAllowedTools();
+        if (current.includes(trimmed)) {
+            return textResult(`${trimmed} is already in your extra-allowed list. If it's still being refused, it may be disallowed by a higher-priority block (heartbeat/cron disallowed tools, profile tier).`);
+        }
+        current.push(trimmed);
+        try {
+            writeExtraAllowedTools(current);
+        }
+        catch (err) {
+            return textResult(`Failed to persist: ${String(err).slice(0, 200)}`);
+        }
+        logger.info({ name: trimmed, reason, totalExtras: current.length }, 'allow_tool');
+        return textResult(`Added ${trimmed} to ~/.clementine/allowed-tools-extra.json (${current.length} total extras). Active on your next query — no daemon restart needed.${reason ? ` Reason: ${reason}` : ''}`);
+    });
+    server.tool('list_allowed_tools', 'Show the current self-managed allowedTools extras (tools you added via allow_tool on top of the built-in whitelist). Owner-DM only.', {}, async () => {
+        const gate = requireOwnerDm();
+        if (!gate.ok)
+            return textResult(gate.message);
+        const current = readExtraAllowedTools();
+        if (current.length === 0)
+            return textResult('No extra tools registered. The built-in whitelist is the only source; add entries via `allow_tool` when you encounter "not in function schema" errors.');
+        return textResult(`Extra allowed tools (${current.length}):\n${current.map(t => `- ${t}`).join('\n')}\n\nStored in ~/.clementine/allowed-tools-extra.json; merged into allowedTools on every query.`);
+    });
+    server.tool('disallow_tool', 'Remove a tool from your self-managed allowedTools extras. Takes effect on next query. Owner-DM only.', {
+        name: z.string().describe('Exact tool name to remove'),
+    }, async ({ name }) => {
+        const gate = requireOwnerDm();
+        if (!gate.ok)
+            return textResult(gate.message);
+        const trimmed = name.trim();
+        const current = readExtraAllowedTools();
+        if (!current.includes(trimmed))
+            return textResult(`${trimmed} isn't in the extras list. Nothing to remove.`);
+        const next = current.filter(t => t !== trimmed);
+        try {
+            writeExtraAllowedTools(next);
+        }
+        catch (err) {
+            return textResult(`Failed to persist: ${String(err).slice(0, 200)}`);
+        }
+        logger.info({ name: trimmed, totalExtras: next.length }, 'disallow_tool');
+        return textResult(`Removed ${trimmed} from extras (${next.length} remaining).`);
+    });
     // ── Workspace Tools ─────────────────────────────────────────────────────
     /** Common developer directories to auto-scan (relative to home). */
     const DEFAULT_WORKSPACE_CANDIDATES = [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clementine-agent",
-  "version": "1.0.42",
+  "version": "1.0.43",
   "description": "Clementine — Personal AI Assistant (TypeScript)",
   "type": "module",
   "main": "dist/index.js",