clementine-agent 1.18.138 → 1.18.140

package/dist/agent/action-enforcer.d.ts

@@ -20,10 +20,4 @@ export declare function assessActionResponse(input: {
     backgroundStarted?: boolean;
     delegated?: boolean;
 }): ActionResponseAssessment;
-export declare function buildActionEnforcementPrompt(input: {
-    userText: string;
-    previousResponse: string;
-    reason: string;
-}): string;
-export declare function fallbackUnverifiedActionResponse(reason: string): string;
 //# sourceMappingURL=action-enforcer.d.ts.map

package/dist/agent/action-enforcer.js

@@ -92,29 +92,4 @@ export function assessActionResponse(input) {
     }
     return { violation: false, reason: 'no unsupported action claim detected' };
 }
-export function buildActionEnforcementPrompt(input) {
-    return [
-        '[SYSTEM ACTION ENFORCEMENT]',
-        'Your previous response was not allowed because it implied action without verified tool activity.',
-        `Reason: ${input.reason}`,
-        '',
-        'Original user request:',
-        input.userText.slice(0, 1200),
-        '',
-        'Previous response:',
-        input.previousResponse.slice(0, 1200),
-        '',
-        'Now correct this in the same turn:',
-        '- If the action is possible, use the appropriate tool now.',
-        '- If the action is blocked, say exactly what is blocking it.',
-        '- Do not say "done", "sent", "queued", "checked", or similar unless a tool call actually verifies it.',
-    ].join('\n');
-}
-export function fallbackUnverifiedActionResponse(reason) {
-    return [
-        "I didn't complete that yet.",
-        `I caught an action-verification issue: ${reason}.`,
-        "I won't call it done without a tool confirmation. Please resend the request and I'll retry from a clean turn.",
-    ].join(' ');
-}
 //# sourceMappingURL=action-enforcer.js.map

package/dist/agent/execution-advisor.d.ts

@@ -5,7 +5,7 @@
  * cron job execution parameters: turn limits, models, timeouts, prompt
  * enrichment, escalation, and circuit-breaking.
  */
-import { CronRunLog } from '../gateway/heartbeat.js';
+import { CronRunLog } from '../gateway/cron-scheduler.js';
 import type { CronJobDefinition, ExecutionAdvice } from '../types.js';
 export declare const TIER_MAX_TURNS: Record<number, number>;
 export declare const DEFAULT_TIMEOUT_MS = 600000;

package/dist/agent/execution-advisor.js

@@ -9,7 +9,7 @@ import { existsSync, readFileSync } from 'node:fs';
 import path from 'node:path';
 import pino from 'pino';
 import { ADVISOR_RULES_LOADER, CRON_REFLECTIONS_DIR, ADVISOR_LOG_PATH } from '../config.js';
-import { CronRunLog } from '../gateway/heartbeat.js';
+import { CronRunLog } from '../gateway/cron-scheduler.js';
 import { evolvePrompt } from './prompt-evolver.js';
 import { loadAdvisorRules, getLoadedRules, watchUserRulesDir, } from './advisor-rules/loader.js';
 import { buildRuleContext } from './advisor-rules/context.js';

package/dist/agent/mcp-bridge.js

@@ -86,12 +86,18 @@ export function discoverMcpServers() {
     }
     catch { /* ignore */ }
     // 2. Claude Code settings — project-level MCP configs
-    try {
-        const claudeDir = path.join(os.homedir(), '.claude');
-        const settingsFile = path.join(claudeDir, 'settings.json');
-        if (existsSync(settingsFile)) {
-            const settings = JSON.parse(readFileSync(settingsFile, 'utf-8'));
-            // Check mcpServers in settings
+    //    Two files to check: ~/.claude/settings.json (newer; user-edited)
+    //    and ~/.claude.json (where `claude mcp add` writes by default).
+    //    Both surface mcpServers; we read both so users get the same set
+    //    that Claude Code sees.
+    for (const claudeFile of [
+        path.join(os.homedir(), '.claude', 'settings.json'),
+        path.join(os.homedir(), '.claude.json'),
+    ]) {
+        try {
+            if (!existsSync(claudeFile))
+                continue;
+            const settings = JSON.parse(readFileSync(claudeFile, 'utf-8'));
             for (const [name, config] of Object.entries(settings.mcpServers ?? {})) {
                 if (servers.has(name))
                     continue;
@@ -110,8 +116,8 @@ export function discoverMcpServers() {
                 });
             }
         }
+        catch { /* skip malformed file */ }
     }
-    catch { /* ignore */ }
     // 3. Claude Desktop Extensions (newer format — ant.dir.* directories)
     try {
         const extensionsDir = path.join(os.homedir(), 'Library', 'Application Support', 'Claude', 'Claude Extensions');

package/dist/agent/self-improve.js

@@ -688,7 +688,7 @@ export class SelfImproveLoop {
             .filter(f => f.rating === 'negative');
         store.close();
         // Gather cron errors from run logs
-        const { CronRunLog } = await import('../gateway/heartbeat.js');
+        const { CronRunLog } = await import('../gateway/cron-scheduler.js');
         const runLog = new CronRunLog();
         const cronErrors = [];
         let cronTotal = 0;

package/dist/channels/discord-agent-bot.d.ts

@@ -15,7 +15,7 @@
 import { EmbedBuilder } from 'discord.js';
 import type { AgentProfile } from '../types.js';
 import type { Gateway } from '../gateway/router.js';
-import type { CronScheduler } from '../gateway/heartbeat.js';
+import type { CronScheduler } from '../gateway/cron-scheduler.js';
 export interface AgentBotConfig {
     slug: string;
     token: string;

package/dist/channels/discord-bot-manager.d.ts

@@ -7,7 +7,7 @@
  * to all visible).
  */
 import type { Gateway } from '../gateway/router.js';
-import type { CronScheduler } from '../gateway/heartbeat.js';
+import type { CronScheduler } from '../gateway/cron-scheduler.js';
 import { type AgentBotStatus } from './discord-agent-bot.js';
 export interface BotManagerConfig {
     gateway: Gateway;

package/dist/channels/discord.d.ts

@@ -5,7 +5,8 @@
  * Features: streaming responses, message chunking, model switching,
  * heartbeat/cron commands, slash commands, and autonomous notifications.
  */
-import type { HeartbeatScheduler, CronScheduler } from '../gateway/heartbeat.js';
+import type { HeartbeatScheduler } from '../gateway/heartbeat-scheduler.js';
+import type { CronScheduler } from '../gateway/cron-scheduler.js';
 import type { NotificationDispatcher } from '../gateway/notifications.js';
 import type { Gateway } from '../gateway/router.js';
 export declare function startDiscord(gateway: Gateway, heartbeat: HeartbeatScheduler, cronScheduler: CronScheduler, dispatcher: NotificationDispatcher, botManager?: import('./discord-bot-manager.js').BotManager): Promise<void>;

package/dist/cli/cron.js

@@ -11,7 +11,8 @@ import os from 'node:os';
 import path from 'node:path';
 import cron from 'node-cron';
 import matter from 'gray-matter';
-import { parseCronJobs, HeartbeatScheduler, CronRunLog, classifyError, } from '../gateway/heartbeat.js';
+import { HeartbeatScheduler } from '../gateway/heartbeat-scheduler.js';
+import { parseCronJobs, CronRunLog, classifyError } from '../gateway/cron-scheduler.js';
 const BASE_DIR = process.env.CLEMENTINE_HOME || path.join(os.homedir(), '.clementine');
 const LAST_RUN_FILE = path.join(BASE_DIR, '.cron_last_run.json');
 /** Exponential backoff schedule in ms: 30s, 1m, 5m, 15m, 60m */

package/dist/cli/dashboard.js

@@ -1485,17 +1485,6 @@ async function getBuildUsageForOperations(hoursInput = 168, limitInput = 50) {
         db.close();
     }
 }
-function getTimers() {
-    const timersFile = path.join(BASE_DIR, '.timers.json');
-    if (!existsSync(timersFile))
-        return [];
-    try {
-        return JSON.parse(readFileSync(timersFile, 'utf-8'));
-    }
-    catch {
-        return [];
-    }
-}
 function getHeartbeat() {
     const hbFile = path.join(BASE_DIR, '.heartbeat_state.json');
     if (!existsSync(hbFile))
@@ -2128,8 +2117,6 @@ export async function cmdDashboard(opts) {
         }
         persistSessions();
     }, 10 * 60 * 1000);
-    // Quick ping — bypasses all middleware, tests /api path routing
-    app.get('/api/ping', (_req, res) => { res.json({ pong: true }); });
     // ── Background project scanner ───────────────────────────────────────
     // scanProjects() does heavy synchronous filesystem I/O (statSync across
     // hundreds of Desktop/Documents entries) which permanently blocks the
@@ -2661,9 +2648,6 @@ export async function cmdDashboard(opts) {
     app.get('/api/cron', (_req, res) => {
         res.json(getCronJobs());
     });
-    app.get('/api/timers', (_req, res) => {
-        res.json(getTimers());
-    });
     app.get('/api/heartbeat', (_req, res) => {
         res.json(getHeartbeat());
     });
@@ -2846,23 +2830,6 @@ export async function cmdDashboard(opts) {
             res.status(500).json({ error: String(err).slice(0, 200) });
         }
     });
-    app.get('/api/autonomy', async (req, res) => {
-        try {
-            const { getStore } = await import('../tools/shared.js');
-            const store = await getStore();
-            const logs = store.queryAutonomyLog({
-                component: typeof req.query.component === 'string' ? req.query.component : undefined,
-                event: typeof req.query.event === 'string' ? req.query.event : undefined,
-                agentSlug: typeof req.query.agentSlug === 'string' ? req.query.agentSlug : undefined,
-                limit: typeof req.query.limit === 'string' ? parseInt(req.query.limit, 10) : 100,
-                since: typeof req.query.since === 'string' ? req.query.since : undefined,
-            });
-            res.json({ logs });
-        }
-        catch (err) {
-            res.status(500).json({ error: String(err).slice(0, 200) });
-        }
-    });
     app.get('/api/heartbeat/agent/:slug', (req, res) => {
         const slug = req.params.slug;
         const state = getHeartbeat();
@@ -6964,28 +6931,6 @@ If the tool returns nothing or errors, return an empty array \`[]\`.`,
             res.status(500).json({ error: String(err) });
         }
     });
-    app.post('/api/timers/:id/cancel', (req, res) => {
-        const timerId = req.params.id;
-        const timersFile = path.join(BASE_DIR, '.timers.json');
-        try {
-            if (!existsSync(timersFile)) {
-                res.status(404).json({ error: 'No timers file' });
-                return;
-            }
-            const timers = JSON.parse(readFileSync(timersFile, 'utf-8'));
-            const idx = timers.findIndex((t) => String(t.id) === timerId);
-            if (idx === -1) {
-                res.status(404).json({ error: `Timer "${timerId}" not found` });
-                return;
-            }
-            timers.splice(idx, 1);
-            writeFileSync(timersFile, JSON.stringify(timers, null, 2));
-            res.json({ ok: true, message: `Cancelled timer: ${timerId}` });
-        }
-        catch (err) {
-            res.status(500).json({ error: String(err) });
-        }
-    });
     // ── Projects ─────────────────────────────────────────────────
     // Returns the project list from $CLEMENTINE_HOME/projects.json.
     // Used by the trick builder's Quick Add Step picker so users can
@@ -12854,26 +12799,6 @@ If the tool returns nothing or errors, return an empty array \`[]\`.`,
     });
     // ── Advisor Decision Analytics API ─────────────────────────────
     const ADVISOR_LOG = path.join(BASE_DIR, 'cron', 'advisor-decisions.jsonl');
-    app.get('/api/advisor/decisions', (req, res) => {
-        const limit = parseInt(String(req.query.limit ?? '100'), 10);
-        if (!existsSync(ADVISOR_LOG)) {
-            res.json({ decisions: [] });
-            return;
-        }
-        try {
-            const lines = readFileSync(ADVISOR_LOG, 'utf-8').trim().split('\n').filter(Boolean);
-            const decisions = lines.slice(-limit).map(l => { try {
-                return JSON.parse(l);
-            }
-            catch {
-                return null;
-            } }).filter(Boolean).reverse();
-            res.json({ decisions });
-        }
-        catch {
-            res.json({ decisions: [] });
-        }
-    });
     app.get('/api/advisor/analytics', (_req, res) => {
         // Build analytics from run logs + advisor decisions
         const runsDir = path.join(BASE_DIR, 'cron', 'runs');

package/dist/cli/index.js

@@ -1417,155 +1417,7 @@ async function cmdConfigDoctor(opts) {
     console.log();
     process.exit(report.exitCode);
 }
-// ── Config migrate-to-keychain ───────────────────────────────────────
-async function cmdConfigMigrateToKeychain(opts) {
-    const { planMigration, applyMigration } = await import('../config/migrate-keychain.js');
-    const DIM = '\x1b[0;90m';
-    const BOLD = '\x1b[1m';
-    const GREEN = '\x1b[0;32m';
-    const YELLOW = '\x1b[0;33m';
-    const RED = '\x1b[0;31m';
-    const CYAN = '\x1b[0;36m';
-    const RESET = '\x1b[0m';
-    // Commander gives us either ['a', 'b'] or ['a,b'] depending on how the
-    // user passed the flag — normalize.
-    const only = opts.key
-        ? opts.key.flatMap(k => k.split(',').map(s => s.trim()).filter(Boolean))
-        : undefined;
-    const plan = planMigration(BASE_DIR, only ? { only } : {});
-    console.log();
-    console.log(`  ${BOLD}.env path:${RESET}  ${plan.envPath}`);
-    console.log();
-    if (plan.candidates.length === 0) {
-        console.log(`  ${DIM}No env entries found (.env may be empty or missing).${RESET}`);
-        console.log();
-        return;
-    }
-    // Group by status for readable output
-    const groups = {};
-    for (const c of plan.candidates) {
-        (groups[c.status] ??= []).push(c);
-    }
-    const renderGroup = (label, color, items) => {
-        if (!items || items.length === 0)
-            return;
-        console.log(`  ${color}${label}${RESET} ${DIM}(${items.length})${RESET}`);
-        for (const c of items) {
-            console.log(`    ${c.key} ${DIM}(${c.valueLength} chars)${RESET}`);
-        }
-        console.log();
-    };
-    renderGroup('Will migrate to keychain', CYAN, groups.migrated);
-    renderGroup('Already in keychain (skipped)', DIM, groups['already-keychain']);
-    renderGroup('Not credential-shaped (skipped)', DIM, groups['not-sensitive']);
-    renderGroup('Too short to be a credential (skipped)', DIM, groups['too-short']);
-    if (plan.toMigrate.length === 0) {
-        console.log(`  ${GREEN}Nothing to migrate.${RESET}`);
-        console.log();
-        return;
-    }
-    if (opts.dryRun) {
-        console.log(`  ${YELLOW}Dry run — no changes written.${RESET}`);
-        console.log(`  ${DIM}Re-run without --dry-run to apply.${RESET}`);
-        console.log();
-        return;
-    }
-    console.log(`  ${BOLD}Applying...${RESET}`);
-    let result;
-    try {
-        result = applyMigration(BASE_DIR, only ? { only } : {});
-    }
-    catch (err) {
-        console.error(`  ${RED}Failed:${RESET} ${err.message}`);
-        process.exit(1);
-    }
-    if (result.failed.length > 0) {
-        console.log(`  ${RED}Some keychain writes failed — .env was NOT modified:${RESET}`);
-        for (const f of result.failed) {
-            console.log(`    ${RED}✗${RESET} ${f.key}: ${f.error}`);
-        }
-        console.log();
-        process.exit(1);
-    }
-    for (const key of result.migrated) {
-        console.log(`    ${GREEN}✓${RESET} ${key} ${DIM}→ keychain${RESET}`);
-    }
-    console.log();
-    console.log(`  ${GREEN}Migrated ${result.migrated.length} key${result.migrated.length === 1 ? '' : 's'}.${RESET}`);
-    console.log(`  ${DIM}First daemon read of each ref will trigger a one-time keychain prompt;${RESET}`);
-    console.log(`  ${DIM}choose Always Allow to make the prompt permanent.${RESET}`);
-    console.log();
-}
-// ── Config migrate-from-keychain (inverse of migrate-to-keychain) ───
-async function cmdConfigMigrateFromKeychain(opts) {
-    const { planReverseMigration, applyReverseMigration } = await import('../config/migrate-from-keychain.js');
-    const DIM = '\x1b[0;90m';
-    const BOLD = '\x1b[1m';
-    const GREEN = '\x1b[0;32m';
-    const YELLOW = '\x1b[0;33m';
-    const RED = '\x1b[0;31m';
-    const CYAN = '\x1b[0;36m';
-    const RESET = '\x1b[0m';
-    const only = opts.key
-        ? opts.key.flatMap(k => k.split(',').map(s => s.trim()).filter(Boolean))
-        : undefined;
-    const plan = planReverseMigration(BASE_DIR, only ? { only } : {});
-    console.log();
-    console.log(`  ${BOLD}.env path:${RESET}  ${plan.envPath}`);
-    console.log();
-    const groups = {};
-    for (const c of plan.candidates)
-        (groups[c.status] ??= []).push(c);
-    const renderGroup = (label, color, items, showRef = false) => {
-        if (!items || items.length === 0)
-            return;
-        console.log(`  ${color}${label}${RESET} ${DIM}(${items.length})${RESET}`);
-        for (const c of items) {
-            const refTag = showRef && c.ref ? ` ${DIM}${c.ref}${RESET}` : '';
-            console.log(`    ${c.key}${refTag}`);
-        }
-        console.log();
-    };
-    renderGroup('Will migrate from keychain → .env', CYAN, groups.migrated);
-    renderGroup('Sensitive — left in keychain (correct)', DIM, groups['sensitive-skipped']);
-    renderGroup('Unresolvable refs (keychain entry missing)', RED, groups.unresolvable, true);
-    if (plan.toMigrate.length === 0) {
-        console.log(`  ${GREEN}Nothing to migrate.${RESET}`);
-        if (plan.unresolvable.length > 0) {
-            console.log(`  ${YELLOW}${plan.unresolvable.length} unresolvable ref(s) above — fix or delete by hand.${RESET}`);
-        }
-        console.log();
-        return;
-    }
-    if (opts.dryRun) {
-        console.log(`  ${YELLOW}Dry run — no changes written.${RESET}`);
-        console.log();
-        return;
-    }
-    console.log(`  ${BOLD}Applying...${RESET}`);
-    let result;
-    try {
-        result = applyReverseMigration(BASE_DIR, only ? { only } : {});
-    }
-    catch (err) {
-        console.error(`  ${RED}Failed:${RESET} ${err.message}`);
-        process.exit(1);
-    }
-    if (result.failed.length > 0) {
-        console.log(`  ${RED}Some keychain reads failed — .env was NOT modified:${RESET}`);
-        for (const f of result.failed)
-            console.log(`    ${RED}✗${RESET} ${f.key}: ${f.error}`);
-        console.log();
-        process.exit(1);
-    }
-    for (const key of result.migrated) {
-        console.log(`    ${GREEN}✓${RESET} ${key} ${DIM}→ .env (keychain entry deleted)${RESET}`);
-    }
-    console.log();
-    console.log(`  ${GREEN}Migrated ${result.migrated.length} key${result.migrated.length === 1 ? '' : 's'} out of keychain.${RESET}`);
-    console.log();
-}
-// ── Config harden-permissions ────────────────────────────────────────
+// ── Config harden-permissions ───────────────────────────────────────
 async function cmdConfigHardenPermissions(opts) {
     const { hardenPermissions } = await import('../config/harden-permissions.js');
     const report = hardenPermissions(BASE_DIR, { dryRun: opts.dryRun });
@@ -1624,84 +1476,6 @@ async function cmdConfigHardenPermissions(opts) {
     }
     process.exit(report.failed > 0 ? 1 : 0);
 }
-// ── Config keychain-fix-acl ─────────────────────────────────────────
-async function cmdConfigKeychainFixAcl(opts) {
-    const { listClementineKeychainEntries, fixAllClementineEntries } = await import('../config/keychain-fix-acl.js');
-    const { markKeychainWizardDone, readPasswordFromTty } = await import('../config/keychain-first-run-wizard.js');
-    const DIM = '\x1b[0;90m';
-    const BOLD = '\x1b[1m';
-    const GREEN = '\x1b[0;32m';
-    const YELLOW = '\x1b[0;33m';
-    const RED = '\x1b[0;31m';
-    const RESET = '\x1b[0m';
-    const entries = listClementineKeychainEntries();
-    console.log();
-    console.log(`  ${BOLD}Found ${entries.length} clementine-agent keychain entr${entries.length === 1 ? 'y' : 'ies'}.${RESET}`);
-    for (const e of entries)
-        console.log(`    ${DIM}${e.account}${RESET}`);
-    console.log();
-    if (entries.length === 0) {
-        console.log(`  ${GREEN}Nothing to fix.${RESET}`);
-        console.log();
-        // No entries means the launch wizard has nothing to do either.
-        markKeychainWizardDone(BASE_DIR);
-        return;
-    }
-    if (opts.list) {
-        console.log(`  ${DIM}--list mode — no changes made. Drop the flag to apply.${RESET}`);
-        console.log();
-        return;
-    }
-    console.log(`  ${DIM}Enter your macOS login password ONCE — it authorizes${RESET}`);
-    console.log(`  ${DIM}all ${entries.length} ACL update${entries.length === 1 ? '' : 's'} in a single pass. Not stored.${RESET}`);
-    console.log();
-    const password = await readPasswordFromTty(`  ${BOLD}macOS login password:${RESET} `);
-    if (!password) {
-        console.log();
-        console.log(`  ${YELLOW}Empty password — aborted.${RESET}`);
-        console.log();
-        return;
-    }
-    console.log();
-    console.log(`  ${BOLD}Fixing ACLs...${RESET}`);
-    console.log();
-    const results = fixAllClementineEntries({ keychainPassword: password });
-    let okCount = 0;
-    let failCount = 0;
-    let wrongPasswordHit = false;
-    for (const r of results) {
-        if (r.status === 'fixed') {
-            console.log(`    ${GREEN}✓${RESET} ${r.account}`);
-            okCount++;
-        }
-        else if (r.status === 'failed') {
-            console.log(`    ${RED}✗${RESET} ${r.account} ${DIM}— ${r.error}${RESET}`);
-            failCount++;
-            if (r.error && /MAC verification|AuthFailure|UserCanceled|-25293/i.test(r.error)) {
-                wrongPasswordHit = true;
-            }
-        }
-    }
-    console.log();
-    if (failCount === 0) {
-        console.log(`  ${GREEN}All ${okCount} entries fixed.${RESET} ${DIM}Future reads via the security CLI succeed silently.${RESET}`);
-    }
-    else if (wrongPasswordHit && okCount === 0) {
-        console.log(`  ${RED}Wrong password — no entries repaired.${RESET}`);
-        console.log(`  ${DIM}Re-run: clementine config keychain-fix-acl${RESET}`);
-    }
-    else {
-        console.log(`  ${YELLOW}${okCount} fixed, ${failCount} failed.${RESET}`);
-        console.log(`  ${DIM}Failed entries can be fixed manually in Keychain Access.app:${RESET}`);
-        console.log(`  ${DIM}  search "clementine-agent" → double-click → Access Control → Allow all applications.${RESET}`);
-    }
-    // Mark the launch wizard satisfied unless the password was clearly wrong —
-    // user has explicitly decided to deal with this via the manual command.
-    if (!(wrongPasswordHit && okCount === 0)) {
-        markKeychainWizardDone(BASE_DIR);
-    }
-    console.log();
-}
 // ── Analytics ────────────────────────────────────────────────────────
 async function cmdAnalyticsToolUsage(opts) {
     const { buildToolUsageReport, defaultAuditLogPath } = await import('../analytics/tool-usage.js');
@@ -2634,29 +2408,6 @@ configCmd
     .action(async (opts) => {
     await cmdConfigDoctor(opts);
 });
-configCmd
-    .command('migrate-to-keychain')
-    .description('Move plaintext credentials in .env into the macOS keychain (NOT recommended in v1.1.4+ — keychain entries can produce per-process approval prompts; plain .env at mode 0600 is the supported default)')
-    .option('--dry-run', 'Show what would migrate without writing anything')
-    .option('-k, --key <name...>', 'Limit to specific key(s); repeat or comma-separate for multiple')
-    .action(async (opts) => {
-    await cmdConfigMigrateToKeychain(opts);
-});
-configCmd
-    .command('migrate-from-keychain')
-    .description('Pull non-credential values OUT of keychain back to plaintext .env (only API keys belong in keychain)')
-    .option('--dry-run', 'Show what would migrate without writing anything')
-    .option('-k, --key <name...>', 'Limit to specific key(s); repeat or comma-separate for multiple')
-    .action(async (opts) => {
-    await cmdConfigMigrateFromKeychain(opts);
-});
-configCmd
-    .command('keychain-fix-acl')
-    .description('One-shot fix for clementine-agent keychain entries that prompt on every read (one master prompt then no more)')
-    .option('--list', 'List entries without changing anything')
-    .action(async (opts) => {
-    await cmdConfigKeychainFixAcl(opts);
-});
 configCmd
     .command('harden-permissions')
     .description('Tighten file modes in ~/.clementine/ — files to 0600, directories to 0700')

package/dist/index.js

@@ -717,7 +717,8 @@ async function asyncMain() {
         }
     })();
     // Heartbeat + Cron schedulers
-    const { HeartbeatScheduler, CronScheduler } = await import('./gateway/heartbeat.js');
+    const { HeartbeatScheduler } = await import('./gateway/heartbeat-scheduler.js');
+    const { CronScheduler } = await import('./gateway/cron-scheduler.js');
     const heartbeat = new HeartbeatScheduler(gateway, dispatcher);
     const cronScheduler = new CronScheduler(gateway, dispatcher);
     heartbeat.setCronScheduler(cronScheduler);

package/dist/tools/admin-tools.js

@@ -1095,7 +1095,7 @@ export function registerAdminTools(server) {
         parsed.data.jobs = jobs;
         // Write back preserving body content — validate first to prevent daemon crash
         const output = matterMod.default.stringify(parsed.content, parsed.data);
-        const { validateCronYaml } = await import('../gateway/heartbeat.js');
+        const { validateCronYaml } = await import('../gateway/cron-scheduler.js');
         const yamlErr = validateCronYaml(output);
         if (yamlErr) {
             logger.error({ yamlErr, jobName }, 'Generated CRON.md has invalid YAML — aborting write');
@@ -1268,7 +1268,7 @@ export function registerAdminTools(server) {
         }
         parsed.data.jobs = jobs;
         const output = matterMod.default.stringify(parsed.content, parsed.data);
-        const { validateCronYaml } = await import('../gateway/heartbeat.js');
+        const { validateCronYaml } = await import('../gateway/cron-scheduler.js');
         const yamlErr = validateCronYaml(output);
         if (yamlErr) {
             logger.error({ yamlErr, jobName }, 'Generated CRON.md has invalid YAML — aborting write');
@@ -1976,14 +1976,6 @@ export function registerAdminTools(server) {
         logger.info({ jobName: job_name, runCount: updated.runCount }, 'Cron progress saved');
         return textResult(`Progress saved for "${job_name}" (run #${updated.runCount}). ${(completedItems?.length ?? 0)} items completed, ${(updated.pendingItems?.length ?? 0)} pending.`);
     });
-    // ── Browser harness — chat-driven Chrome connect ────────────────────
-    server.tool('browser_connect', 'Connect Chrome to the browser harness via CDP. Idempotent — if Chrome is already running with remote debugging on :9222 this is a no-op. If no Chrome is running, launches Chrome with --remote-debugging-port=9222. If Chrome is running normally without the flag, refuses unless force_quit=true (which closes the user\'s open tabs). Use this so the user can connect from any chat channel without dropping to the terminal.', {
-        force_quit: z.boolean().optional().describe('If true, quit any running Chrome before relaunching with the debug flag. DESTRUCTIVE — closes the user\'s open tabs. Only set after the user has explicitly confirmed they want this. Defaults to false.'),
-    }, async ({ force_quit }) => {
-        const { runConnectNonInteractive } = await import('../cli/browser.js');
-        const result = await runConnectNonInteractive({ allowQuitChrome: !!force_quit });
-        return textResult(result.message);
-    });
     // ── Broken-job diagnosis + fix-application (chat-equivalent of dashboard buttons) ──
     //
     // Before this, when the user asked "fix audit-inbox-check" in chat,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clementine-agent",
-  "version": "1.18.138",
+  "version": "1.18.140",
   "description": "Clementine — Personal AI Assistant (TypeScript)",
   "type": "module",
   "main": "dist/index.js",

package/dist/agent/contradiction-validator.d.ts

@@ -1,70 +0,0 @@
-/**
- * Post-turn contradiction validator.
- *
- * After a chat turn's SDK stream completes, compares the assistant's outgoing
- * reply against the actual tool_use/tool_result pairs from that turn. If a
- * claude_ai_* connector succeeded (or returned an argument error — a fixable
- * per-call failure) but the reply claims the connector is broken, missing from
- * the schema, or otherwise generalizes a single failure into connector-level
- * "deadness," we flag it.
- *
- * This is deterministic: it does NOT rely on the model obeying prompt rules.
- * It's the load-bearing guardrail that replaces the forbidden-phrase list we
- * used to patch into the system prompt.
- */
-export type ToolResultClass = 'success' | 'arg_error' | 'auth_error' | 'other_error';
-export interface ToolCallRecord {
-    /** Tool name, e.g. mcp__claude_ai_Google_Drive__search_files */
-    name: string;
-    /** tool_use_id from the assistant's request */
-    id: string;
-    /** Classification of the paired tool_result */
-    resultClass: ToolResultClass;
-    /** First ~200 chars of the literal result content (or error text) */
-    resultPreview: string;
-}
-/**
- * Regex matching reply phrasings that claim a connector-wide failure.
- *
- * Shrunk in 1.0.66 after the root-cause fix (env: SAFE_ENV was stripping
- * claude.ai connector bootstrap in the daemon, landed in 1.0.65). That
- * removed the upstream need for ~15 defensive phrasings. We keep three
- * core patterns as a cheap safety net — anything else means the model
- * invented a new way to confabulate, which we'd rather see raw in the
- * audit log than silently paper over.
- */
-export declare const CONTRADICTION_RE: RegExp;
-export declare function classifyResult(content: string, isError: boolean): ToolResultClass;
-/**
- * Walk collected SDK messages (assistant + user) and pair every tool_use with
- * its tool_result. Returns one record per tool_use; unpaired ones (still
- * running at end of stream) are skipped.
- */
-export declare function collectToolCalls(messages: Array<{
-    type: string;
-    message?: any;
-}>): ToolCallRecord[];
-export interface ContradictionFinding {
-    /** The tool call whose result contradicts the reply */
-    tool: ToolCallRecord;
-    /** The exact phrase from the reply that triggered detection */
-    matchedPhrase: string;
-}
-/**
- * Check a reply against a set of tool-call records. Returns the first
- * contradiction found, or null if the reply is consistent with tool results.
- *
- * Contradiction = reply contains a CONTRADICTION_RE phrase AND at least one
- * mcp__claude_ai_* tool in this turn classified `success` or `arg_error`.
- * `auth_error` and `other_error` are legitimate failures that can support
- * those reply phrasings.
- */
-export declare function detectContradiction(reply: string, calls: ToolCallRecord[]): ContradictionFinding | null;
-/**
- * Build the system-follow-up message we inject when a contradiction fires.
- * The SDK will run one more turn with this as a user-role message (using
- * `canUseTool` or similar hook), and the model's next reply replaces the
- * bad one.
- */
-export declare function buildCorrectionPrompt(finding: ContradictionFinding): string;
-//# sourceMappingURL=contradiction-validator.d.ts.map

package/dist/agent/contradiction-validator.js

@@ -1,143 +0,0 @@
-/**
- * Post-turn contradiction validator.
- *
- * After a chat turn's SDK stream completes, compares the assistant's outgoing
- * reply against the actual tool_use/tool_result pairs from that turn. If a
- * claude_ai_* connector succeeded (or returned an argument error — a fixable
- * per-call failure) but the reply claims the connector is broken, missing from
- * the schema, or otherwise generalizes a single failure into connector-level
- * "deadness," we flag it.
- *
- * This is deterministic: it does NOT rely on the model obeying prompt rules.
- * It's the load-bearing guardrail that replaces the forbidden-phrase list we
- * used to patch into the system prompt.
- */
-const ARG_ERROR_RE = /\b(invalid|unknown field|required|missing parameter|schema|unrecognized|unexpected property)\b/i;
-const AUTH_ERROR_RE = /\b(unauthori[sz]ed|401|not authenticated|token expired|token has expired|invalid[_ ]?token|access denied)\b/i;
-/**
- * Regex matching reply phrasings that claim a connector-wide failure.
- *
- * Shrunk in 1.0.66 after the root-cause fix (env: SAFE_ENV was stripping
- * claude.ai connector bootstrap in the daemon, landed in 1.0.65). That
- * removed the upstream need for ~15 defensive phrasings. We keep three
- * core patterns as a cheap safety net — anything else means the model
- * invented a new way to confabulate, which we'd rather see raw in the
- * audit log than silently paper over.
- */
-export const CONTRADICTION_RE = /(dead\s*end|not in (the |my )?schema|no such tool available)/i;
-export function classifyResult(content, isError) {
-    if (!isError)
-        return 'success';
-    if (ARG_ERROR_RE.test(content))
-        return 'arg_error';
-    if (AUTH_ERROR_RE.test(content))
-        return 'auth_error';
-    return 'other_error';
-}
-/** Extract string content from a tool_result block (which can be string or array of content blocks). */
-function stringifyResultContent(content) {
-    if (typeof content === 'string')
-        return content;
-    if (Array.isArray(content)) {
-        return content
-            .map((b) => (typeof b === 'string' ? b : (b?.text ?? b?.content ?? JSON.stringify(b))))
-            .join('\n');
-    }
-    if (content == null)
-        return '';
-    try {
-        return JSON.stringify(content);
-    }
-    catch {
-        return String(content);
-    }
-}
-/**
- * Walk collected SDK messages (assistant + user) and pair every tool_use with
- * its tool_result. Returns one record per tool_use; unpaired ones (still
- * running at end of stream) are skipped.
- */
-export function collectToolCalls(messages) {
-    const toolUses = new Map();
-    const results = new Map();
-    for (const msg of messages) {
-        if (msg.type === 'assistant' && msg.message?.content) {
-            const blocks = Array.isArray(msg.message.content) ? msg.message.content : [];
-            for (const b of blocks) {
-                if (b?.type === 'tool_use' && b.id && b.name) {
-                    toolUses.set(b.id, { name: b.name, id: b.id });
-                }
-            }
-        }
-        else if (msg.type === 'user' && msg.message?.content) {
-            const blocks = Array.isArray(msg.message.content) ? msg.message.content : [];
-            for (const b of blocks) {
-                if (b?.type === 'tool_result' && b.tool_use_id) {
-                    results.set(b.tool_use_id, {
-                        content: stringifyResultContent(b.content),
-                        isError: !!b.is_error,
-                    });
-                }
-            }
-        }
-    }
-    const records = [];
-    for (const [id, tu] of toolUses) {
-        const r = results.get(id);
-        if (!r)
-            continue;
-        records.push({
-            name: tu.name,
-            id,
-            resultClass: classifyResult(r.content, r.isError),
-            resultPreview: r.content.slice(0, 200),
-        });
-    }
-    return records;
-}
-/**
- * Check a reply against a set of tool-call records. Returns the first
- * contradiction found, or null if the reply is consistent with tool results.
- *
- * Contradiction = reply contains a CONTRADICTION_RE phrase AND at least one
- * mcp__claude_ai_* tool in this turn classified `success` or `arg_error`.
- * `auth_error` and `other_error` are legitimate failures that can support
- * those reply phrasings.
- */
-export function detectContradiction(reply, calls) {
-    if (!reply)
-        return null;
-    const match = reply.match(CONTRADICTION_RE);
-    if (!match)
-        return null;
-    // Cover every connector — claude_ai_* (remote), imessage/figma/hostinger/etc.
-    // (Desktop Extensions + stdio servers), everything except Clementine's own
-    // tools server and plugins. Earlier versions only filtered claude_ai_*,
-    // which let "isn't loaded" replies slip through for iMessage etc.
-    const connectorCalls = calls.filter(c => c.name.startsWith('mcp__') &&
-        !c.name.startsWith('mcp__clementine-tools__') &&
-        !c.name.startsWith('mcp__plugin_'));
-    const recoverable = connectorCalls.find(c => c.resultClass === 'success' || c.resultClass === 'arg_error');
-    if (!recoverable)
-        return null;
-    return { tool: recoverable, matchedPhrase: match[0] };
-}
-/**
- * Build the system-follow-up message we inject when a contradiction fires.
- * The SDK will run one more turn with this as a user-role message (using
- * `canUseTool` or similar hook), and the model's next reply replaces the
- * bad one.
- */
-export function buildCorrectionPrompt(finding) {
-    const { tool, matchedPhrase } = finding;
-    const classLabel = tool.resultClass === 'success' ? 'returned successful content' :
-        tool.resultClass === 'arg_error' ? 'returned an argument error (fixable by correcting the args — the connector itself works)' :
-            tool.resultClass;
-    return (`Your previous reply contained "${matchedPhrase}" but ${tool.name} ${classLabel}.\n\n` +
-        `Literal tool result (first 200 chars):\n${tool.resultPreview}\n\n` +
-        `Rewrite your reply using the actual tool result. ` +
-        (tool.resultClass === 'arg_error'
-            ? `This was an argument error for one call — the connector is NOT broken. Re-read the tool's schema (the rejected argument names are in the error above), retry the call with correct args, and report what comes back.`
-            : `Do not generalize this to "the connector is broken" or "the tool doesn't exist" — those claims contradict the tool's actual return value.`));
-}
-//# sourceMappingURL=contradiction-validator.js.map

package/dist/config/migrate-from-keychain.d.ts

@@ -1,70 +0,0 @@
-/**
- * Inverse of migrate-keychain.ts: pulls non-credential values OUT of the
- * macOS keychain and back into plaintext .env entries.
- *
- * Why this exists: an earlier env_set bug routed every value to keychain
- * regardless of whether the key looked like a credential, producing stale
- * keychain entries for things like TASK_BUDGET_HEARTBEAT (a token-count
- * config knob, not a secret). Each one costs the user a keychain prompt
- * for no benefit. This module reverses that mistake — and the user-rule
- * "only actual API keys belong in keychain" stays enforced going forward
- * by the env_set classifier fix in 897bb97.
- *
- * For each line in .env that holds a `keychain:` ref AND whose key does
- * NOT match the sensitivity classifier:
- *   1. Resolve via `security find-generic-password`
- *   2. Replace the .env line with `KEY=<plaintext value>`
- *   3. Delete the keychain entry
- *
- * Atomic: phase-1 reads + writes succeed in a temp file before the original
- * .env is replaced via rename. Keychain deletes happen last, so a partial
- * failure leaves the keychain entry intact (no data loss).
- *
- * Idempotent + opt-in: lines whose key IS credential-shaped pass through
- * untouched even when stored as a keychain ref — we don't undo legitimate
- * keychain storage. --key filter for surgical migrations.
- */
-export type ReverseMigrationStatus = 'migrated' | 'sensitive-skipped' | 'not-keychain' | 'unresolvable' | 'skipped';
-export interface ReverseMigrationCandidate {
-    key: string;
-    status: ReverseMigrationStatus;
-    /** The keychain stub itself (always safe to log — it's just an account name). */
-    ref?: string;
-}
-export interface ReverseMigrationPlan {
-    envPath: string;
-    candidates: ReverseMigrationCandidate[];
-    /** Keys this run would migrate out of keychain. */
-    toMigrate: string[];
-    /** Refs that look bad — surfaced separately so doctor can flag them. */
-    unresolvable: string[];
-}
-export interface ReverseMigrationResult {
-    envPath: string;
-    migrated: string[];
-    failed: Array<{
-        key: string;
-        error: string;
-    }>;
-}
-/**
- * Pure read + classify pass — no .env writes, no keychain deletes, but
- * DOES make read-only `security find-generic-password` calls to detect
- * unresolvable refs (and to verify resolvable ones won't fail later).
- */
-export declare function planReverseMigration(baseDir: string, opts?: {
-    only?: string[];
-}): ReverseMigrationPlan;
-/**
- * Apply the migration. Two phases:
- *   1. Rewrite .env in a temp file, swapping each migrated ref for plaintext.
- *      If anything throws, the original .env is untouched.
- *   2. Atomically rename the temp file over .env.
- *   3. Delete each migrated key's keychain entry. Best-effort — failure to
- *      delete is logged but doesn't roll back the .env update (the value
- *      is now safely in .env regardless).
- */
-export declare function applyReverseMigration(baseDir: string, opts?: {
-    only?: string[];
-}): ReverseMigrationResult;
-//# sourceMappingURL=migrate-from-keychain.d.ts.map

package/dist/config/migrate-from-keychain.js

@@ -1,173 +0,0 @@
-/**
- * Inverse of migrate-keychain.ts: pulls non-credential values OUT of the
- * macOS keychain and back into plaintext .env entries.
- *
- * Why this exists: an earlier env_set bug routed every value to keychain
- * regardless of whether the key looked like a credential, producing stale
- * keychain entries for things like TASK_BUDGET_HEARTBEAT (a token-count
- * config knob, not a secret). Each one costs the user a keychain prompt
- * for no benefit. This module reverses that mistake — and the user-rule
- * "only actual API keys belong in keychain" stays enforced going forward
- * by the env_set classifier fix in 897bb97.
- *
- * For each line in .env that holds a `keychain:` ref AND whose key does
- * NOT match the sensitivity classifier:
- *   1. Resolve via `security find-generic-password`
- *   2. Replace the .env line with `KEY=<plaintext value>`
- *   3. Delete the keychain entry
- *
- * Atomic: phase-1 reads + writes succeed in a temp file before the original
- * .env is replaced via rename. Keychain deletes happen last, so a partial
- * failure leaves the keychain entry intact (no data loss).
- *
- * Idempotent + opt-in: lines whose key IS credential-shaped pass through
- * untouched even when stored as a keychain ref — we don't undo legitimate
- * keychain storage. --key filter for surgical migrations.
- */
-import { existsSync, readFileSync, renameSync, writeFileSync } from 'node:fs';
-import path from 'node:path';
-import * as keychain from '../secrets/keychain.js';
-import { isSensitiveEnvKey } from '../secrets/sensitivity.js';
-const REF_PREFIX = 'keychain:'; // pragma: allowlist secret
-function parseLine(line) {
-    const trimmed = line.trim();
-    if (!trimmed || trimmed.startsWith('#'))
-        return { raw: line, passthrough: true };
-    const eq = trimmed.indexOf('=');
-    if (eq === -1)
-        return { raw: line, passthrough: true };
-    const key = trimmed.slice(0, eq);
-    let value = trimmed.slice(eq + 1);
-    if ((value.startsWith('"') && value.endsWith('"')) ||
-        (value.startsWith("'") && value.endsWith("'"))) {
-        value = value.slice(1, -1);
-    }
-    return { raw: line, key, value, passthrough: false };
-}
-function refAccount(stub) {
-    return stub.slice(REF_PREFIX.length);
-}
-function tryResolveRef(stub) {
-    // Account names are stored under the well-known service "clementine-agent",
-    // and the stub is encoded as keychain:<service>-<envVar>. The actual
-    // keychain lookup uses the env-var name as the account label, which is
-    // also the suffix of the stub past the service prefix.
-    const account = refAccount(stub);
-    // The keychain `get(envVar)` helper expects just the env-var name; our
-    // stub format is `keychain:clementine-agent-<envVar>`, so strip the
-    // service prefix before delegating.
-    const SERVICE_PREFIX = 'clementine-agent-';
-    const envVar = account.startsWith(SERVICE_PREFIX) ? account.slice(SERVICE_PREFIX.length) : account;
-    return keychain.get(envVar);
-}
-/**
- * Pure read + classify pass — no .env writes, no keychain deletes, but
- * DOES make read-only `security find-generic-password` calls to detect
- * unresolvable refs (and to verify resolvable ones won't fail later).
- */
-export function planReverseMigration(baseDir, opts = {}) {
-    const envPath = path.join(baseDir, '.env');
-    if (!existsSync(envPath)) {
-        return { envPath, candidates: [], toMigrate: [], unresolvable: [] };
-    }
-    const raw = readFileSync(envPath, 'utf-8');
-    const onlySet = opts.only ? new Set(opts.only) : undefined;
-    const candidates = [];
-    const toMigrate = [];
-    const unresolvable = [];
-    for (const line of raw.split('\n')) {
-        const parsed = parseLine(line);
-        if (parsed.passthrough || !parsed.key || parsed.value === undefined)
-            continue;
-        if (onlySet && !onlySet.has(parsed.key)) {
-            candidates.push({ key: parsed.key, status: 'skipped' });
-            continue;
-        }
-        if (!parsed.value.startsWith(REF_PREFIX)) {
-            candidates.push({ key: parsed.key, status: 'not-keychain' });
-            continue;
-        }
-        if (isSensitiveEnvKey(parsed.key)) {
-            candidates.push({ key: parsed.key, status: 'sensitive-skipped', ref: parsed.value });
-            continue;
-        }
-        // Try to resolve. If unresolvable, surface separately — caller decides
-        // whether to delete the orphan stub.
-        const resolved = tryResolveRef(parsed.value);
-        if (resolved === undefined) {
-            candidates.push({ key: parsed.key, status: 'unresolvable', ref: parsed.value });
-            unresolvable.push(parsed.key);
-            continue;
-        }
-        candidates.push({ key: parsed.key, status: 'migrated', ref: parsed.value });
-        toMigrate.push(parsed.key);
-    }
-    return { envPath, candidates, toMigrate, unresolvable };
-}
-/**
- * Apply the migration. Two phases:
- *   1. Rewrite .env in a temp file, swapping each migrated ref for plaintext.
- *      If anything throws, the original .env is untouched.
- *   2. Atomically rename the temp file over .env.
- *   3. Delete each migrated key's keychain entry. Best-effort — failure to
- *      delete is logged but doesn't roll back the .env update (the value
- *      is now safely in .env regardless).
- */
-export function applyReverseMigration(baseDir, opts = {}) {
-    const envPath = path.join(baseDir, '.env');
-    const result = { envPath, migrated: [], failed: [] };
-    if (!existsSync(envPath))
-        return result;
-    const raw = readFileSync(envPath, 'utf-8');
-    const onlySet = opts.only ? new Set(opts.only) : undefined;
-    const lines = raw.split('\n');
-    const parsedLines = lines.map(parseLine);
-    // Phase 1: resolve every target via keychain (read-only). Bail before
-    // touching anything if any target is unresolvable — caller can rerun
-    // with --key to skip the bad ones.
-    const newValues = new Map();
-    for (const parsed of parsedLines) {
-        if (parsed.passthrough || !parsed.key || parsed.value === undefined)
-            continue;
-        if (onlySet && !onlySet.has(parsed.key))
-            continue;
-        if (!parsed.value.startsWith(REF_PREFIX))
-            continue;
-        if (isSensitiveEnvKey(parsed.key))
-            continue;
-        const resolved = tryResolveRef(parsed.value);
-        if (resolved === undefined) {
-            result.failed.push({ key: parsed.key, error: `keychain entry missing or unreadable for ${parsed.value}` });
-            continue;
-        }
-        newValues.set(parsed.key, resolved);
-    }
-    if (result.failed.length > 0)
-        return result;
-    if (newValues.size === 0)
-        return result;
-    // Phase 2: rewrite .env atomically.
-    const newLines = parsedLines.map((parsed) => {
-        if (parsed.passthrough || !parsed.key)
-            return parsed.raw;
-        const newValue = newValues.get(parsed.key);
-        if (newValue === undefined)
-            return parsed.raw;
-        return `${parsed.key}=${newValue}`;
-    });
-    const tmp = `${envPath}.${process.pid}.${Date.now()}.tmp`;
-    writeFileSync(tmp, newLines.join('\n'));
-    renameSync(tmp, envPath);
-    // Phase 3: best-effort keychain deletes.
-    for (const key of newValues.keys()) {
-        try {
-            keychain.remove(key);
-        }
-        catch {
-            /* keychain delete failure is non-fatal — the value is in .env now */
-        }
-        result.migrated.push(key);
-    }
-    return result;
-}
-//# sourceMappingURL=migrate-from-keychain.js.map

package/dist/config/migrate-keychain.d.ts

@@ -1,55 +0,0 @@
-/**
- * Migrate plaintext credential values from .env into the macOS keychain.
- *
- * For each line in .env whose key looks like a credential (per the
- * sensitivity classifier) and whose value is plaintext (not a `keychain:`
- * stub), writes the value into the keychain under the well-known
- * `clementine-agent` service and replaces the .env line with a stub ref.
- *
- * Atomic: all keychain writes complete first, then a single temp-file +
- * rename rewrites .env. If any keychain write fails, the .env is untouched.
- *
- * Idempotent: lines already holding a keychain ref are skipped. Lines
- * that don't match the sensitivity classifier are passed through verbatim.
- *
- * Pure: never reads .env from process.env, never mutates ambient state.
- */
-export type MigrationStatus = 'migrated' | 'already-keychain' | 'not-sensitive' | 'too-short' | 'skipped';
-export interface MigrationCandidate {
-    key: string;
-    status: MigrationStatus;
-    /** Length of the original value (never the value itself — avoid leaking via logs). */
-    valueLength: number;
-}
-export interface MigrationPlan {
-    envPath: string;
-    candidates: MigrationCandidate[];
-    /** Keys this run would actually migrate (status === 'migrated' after apply). */
-    toMigrate: string[];
-}
-export interface MigrationResult {
-    envPath: string;
-    migrated: string[];
-    failed: Array<{
-        key: string;
-        error: string;
-    }>;
-    unchanged: number;
-}
-/**
- * Compute what would happen — pure read, no .env write, no keychain write.
- * Use --dry-run paths or pre-flight UX in front of apply().
- */
-export declare function planMigration(baseDir: string, opts?: {
-    only?: string[];
-}): MigrationPlan;
-/**
- * Execute the migration. Two-phase to avoid leaving .env in an inconsistent
- * state: (1) write every value to keychain, (2) atomically rewrite .env
- * replacing each migrated value with its stub ref. Any keychain write
- * failure aborts before the .env rewrite.
- */
-export declare function applyMigration(baseDir: string, opts?: {
-    only?: string[];
-}): MigrationResult;
-//# sourceMappingURL=migrate-keychain.d.ts.map

package/dist/config/migrate-keychain.js

@@ -1,144 +0,0 @@
-/**
- * Migrate plaintext credential values from .env into the macOS keychain.
- *
- * For each line in .env whose key looks like a credential (per the
- * sensitivity classifier) and whose value is plaintext (not a `keychain:`
- * stub), writes the value into the keychain under the well-known
- * `clementine-agent` service and replaces the .env line with a stub ref.
- *
- * Atomic: all keychain writes complete first, then a single temp-file +
- * rename rewrites .env. If any keychain write fails, the .env is untouched.
- *
- * Idempotent: lines already holding a keychain ref are skipped. Lines
- * that don't match the sensitivity classifier are passed through verbatim.
- *
- * Pure: never reads .env from process.env, never mutates ambient state.
- */
-import { existsSync, readFileSync, renameSync, writeFileSync } from 'node:fs';
-import path from 'node:path';
-import * as keychain from '../secrets/keychain.js';
-import { isSensitiveEnvKey } from '../secrets/sensitivity.js';
-const REF_PREFIX = 'keychain:'; // pragma: allowlist secret
-const MIN_VALUE_LENGTH = 16;
-function parseLine(line) {
-    const trimmed = line.trim();
-    if (!trimmed || trimmed.startsWith('#')) {
-        return { raw: line, passthrough: true };
-    }
-    const eq = trimmed.indexOf('=');
-    if (eq === -1)
-        return { raw: line, passthrough: true };
-    const key = trimmed.slice(0, eq);
-    let value = trimmed.slice(eq + 1);
-    if ((value.startsWith('"') && value.endsWith('"')) ||
-        (value.startsWith("'") && value.endsWith("'"))) {
-        value = value.slice(1, -1);
-    }
-    return { raw: line, key, value, passthrough: false };
-}
-function classify(parsed, opts) {
-    if (parsed.passthrough || !parsed.key || parsed.value === undefined)
-        return 'skipped';
-    if (opts.only && !opts.only.has(parsed.key))
-        return 'skipped';
-    if (parsed.value.startsWith(REF_PREFIX))
-        return 'already-keychain';
-    if (!isSensitiveEnvKey(parsed.key))
-        return 'not-sensitive';
-    if (parsed.value.length < MIN_VALUE_LENGTH)
-        return 'too-short';
-    return 'migrated';
-}
-/**
- * Compute what would happen — pure read, no .env write, no keychain write.
- * Use --dry-run paths or pre-flight UX in front of apply().
- */
-export function planMigration(baseDir, opts = {}) {
-    const envPath = path.join(baseDir, '.env');
-    if (!existsSync(envPath)) {
-        return { envPath, candidates: [], toMigrate: [] };
-    }
-    const raw = readFileSync(envPath, 'utf-8');
-    const onlySet = opts.only ? new Set(opts.only) : undefined;
-    const candidates = [];
-    const toMigrate = [];
-    for (const line of raw.split('\n')) {
-        const parsed = parseLine(line);
-        if (parsed.passthrough || !parsed.key)
-            continue;
-        const status = classify(parsed, { only: onlySet });
-        candidates.push({
-            key: parsed.key,
-            status,
-            valueLength: parsed.value?.length ?? 0,
-        });
-        if (status === 'migrated')
-            toMigrate.push(parsed.key);
-    }
-    return { envPath, candidates, toMigrate };
-}
-/**
- * Execute the migration. Two-phase to avoid leaving .env in an inconsistent
- * state: (1) write every value to keychain, (2) atomically rewrite .env
- * replacing each migrated value with its stub ref. Any keychain write
- * failure aborts before the .env rewrite.
- */
-export function applyMigration(baseDir, opts = {}) {
-    const envPath = path.join(baseDir, '.env');
-    const result = { envPath, migrated: [], failed: [], unchanged: 0 };
-    if (!existsSync(envPath))
-        return result;
-    if (!keychain.isAvailable()) {
-        throw new Error('macOS keychain is not available on this system');
-    }
-    const raw = readFileSync(envPath, 'utf-8');
-    const onlySet = opts.only ? new Set(opts.only) : undefined;
-    const lines = raw.split('\n');
-    const parsedLines = lines.map(parseLine);
-    // Phase 1: write each migration target into the keychain. Build a map
-    // key → newStubValue. Bail on first keychain write failure (no .env touch).
-    const newValues = new Map();
-    for (const parsed of parsedLines) {
-        if (parsed.passthrough || !parsed.key)
-            continue;
-        const status = classify(parsed, { only: onlySet });
-        if (status !== 'migrated') {
-            if (status !== 'skipped' && status !== 'already-keychain')
-                result.unchanged++;
-            continue;
-        }
-        try {
-            const stub = keychain.set(parsed.key, parsed.value);
-            newValues.set(parsed.key, stub);
-        }
-        catch (err) {
-            result.failed.push({ key: parsed.key, error: String(err).slice(0, 200) });
-        }
-    }
-    if (result.failed.length > 0) {
-        // Don't touch .env if any keychain write failed — keeps the original
-        // plaintext intact rather than half-migrating.
-        return result;
-    }
-    if (newValues.size === 0)
-        return result;
-    // Phase 2: rewrite .env in place, line-by-line, swapping values for stubs.
-    const newLines = parsedLines.map((parsed) => {
-        if (parsed.passthrough || !parsed.key)
-            return parsed.raw;
-        const newStub = newValues.get(parsed.key);
-        if (!newStub)
-            return parsed.raw;
-        // Match the original line's leading whitespace and trailing comment-noise
-        // by reconstructing key=stub from scratch — keys are uppercase identifiers,
-        // so no whitespace ambiguity.
-        return `${parsed.key}=${newStub}`;
-    });
-    const tmp = `${envPath}.${process.pid}.${Date.now()}.tmp`;
-    writeFileSync(tmp, newLines.join('\n'));
-    renameSync(tmp, envPath);
-    for (const key of newValues.keys())
-        result.migrated.push(key);
-    return result;
-}
-//# sourceMappingURL=migrate-keychain.js.map

package/dist/gateway/heartbeat.d.ts

@@ -1,3 +0,0 @@
-export { HeartbeatScheduler } from './heartbeat-scheduler.js';
-export { CronScheduler, CronRunLog, parseCronJobs, parseAgentCronJobs, validateCronYaml, classifyError, logToDailyNote } from './cron-scheduler.js';
-//# sourceMappingURL=heartbeat.d.ts.map

package/dist/gateway/heartbeat.js

@@ -1,3 +0,0 @@
-export { HeartbeatScheduler } from './heartbeat-scheduler.js';
-export { CronScheduler, CronRunLog, parseCronJobs, parseAgentCronJobs, validateCronYaml, classifyError, logToDailyNote } from './cron-scheduler.js';
-//# sourceMappingURL=heartbeat.js.map