clementine-agent 1.18.150 → 1.18.152

package/dist/agent/path-b-installer.d.ts

@@ -17,24 +17,39 @@
  *   hand-written project settings.
  *
  * Auth: the hook commands include the dashboard token in the X-Dashboard-Token
- * header. The token is baked into the curl command at install time. If the
- * dashboard restarts and rotates its token, the user has to re-enable hooks
- * (a small UX cost we accept; the alternative is having hooks read the
- * token from disk at fire-time which adds a syscall to every tool call).
+ * header. As of 1.18.151 the token is read from disk at fire-time via
+ * `$(cat ~/.clementine/.dashboard-token)` instead of being baked into the
+ * curl command at install time. The token-file path is interpolated at
+ * install time, but its CONTENT is read on every hook fire — so dashboard
+ * token rotation (which `clementine update restart` does) no longer breaks
+ * installed hooks. The dashboard already maintains this file at startup
+ * (dashboard.ts:2097-2098); we just point the curl at it.
+ *
+ * The cost is one tiny `cat` syscall per tool call — negligible compared to
+ * the curl + dashboard ingestion already happening. The win is no more
+ * silent 401s when the token rotates.
  */
+/** Bumped on every meaningful template change. Heartbeat reads installed
+ *  files' `_clementine.installerVersion` and surfaces a re-install nudge
+ *  when it lags this constant — see heartbeat.ts (1.18.151 stale-template
+ *  detector). We never overwrite user-facing files silently; the user runs
+ *  `clementine hooks install` to opt into the new template. */
+export declare const CURRENT_INSTALLER_VERSION = "1.18.151";
 export interface SettingsTemplateOptions {
-    /** Dashboard token to include in the X-Dashboard-Token header. Required. */
-    token: string;
     /** Localhost port the dashboard is listening on. Defaults to 3030. */
     port?: number;
     /** Mark the file with a comment so users know who wrote it. */
     installerVersion?: string;
+    /** Absolute path to the token file the curl will `cat` at fire time.
+     *  Override is for tests; production always uses the canonical
+     *  ~/.clementine/.dashboard-token. */
+    tokenFilePath?: string;
 }
 /** Build the JSON content of .claude/settings.local.json. The shape matches
  *  the SDK's hook config schema: a top-level `hooks` map keyed by event name,
  *  each value an array of `{ hooks: [{ type, command }] }` matchers. The
  *  empty matcher means "always fire". */
-export declare function buildSettingsTemplate(opts: SettingsTemplateOptions): Record<string, unknown>;
+export declare function buildSettingsTemplate(opts?: SettingsTemplateOptions): Record<string, unknown>;
 export interface InstallResult {
     ok: boolean;
     filePath: string;
@@ -47,8 +62,12 @@ export interface InstallResult {
 }
 /** Write/update .claude/settings.local.json in `workDir`. If the file
  *  already exists and is NOT installer-managed (no _clementine key), we
- *  bail out and refuse to overwrite to avoid clobbering user content. */
-export declare function installPathBHooks(workDir: string, opts: SettingsTemplateOptions): InstallResult;
+ *  bail out and refuse to overwrite to avoid clobbering user content.
+ *
+ *  As of 1.18.151 no token is required at install time — the curl reads
+ *  the live token from disk at fire time. Callers can pass tokenFilePath
+ *  to override the default `~/.clementine/.dashboard-token` (tests). */
+export declare function installPathBHooks(workDir: string, opts?: SettingsTemplateOptions): InstallResult;
 export interface HooksStatus {
     /** Whether a settings.local.json exists in the workDir. */
     installed: boolean;

package/dist/agent/path-b-installer.js

@@ -17,18 +17,28 @@
  *   hand-written project settings.
  *
  * Auth: the hook commands include the dashboard token in the X-Dashboard-Token
- * header. The token is baked into the curl command at install time. If the
- * dashboard restarts and rotates its token, the user has to re-enable hooks
- * (a small UX cost we accept; the alternative is having hooks read the
- * token from disk at fire-time which adds a syscall to every tool call).
+ * header. As of 1.18.151 the token is read from disk at fire-time via
+ * `$(cat ~/.clementine/.dashboard-token)` instead of being baked into the
+ * curl command at install time. The token-file path is interpolated at
+ * install time, but its CONTENT is read on every hook fire — so dashboard
+ * token rotation (which `clementine update restart` does) no longer breaks
+ * installed hooks. The dashboard already maintains this file at startup
+ * (dashboard.ts:2097-2098); we just point the curl at it.
+ *
+ * The cost is one tiny `cat` syscall per tool call — negligible compared to
+ * the curl + dashboard ingestion already happening. The win is no more
+ * silent 401s when the token rotates.
  */
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import os from 'node:os';
 import path from 'node:path';
 /** Hooks we install. Picked for the latency dashboard's needs:
  *  PreToolUse + PostToolUse give us tool durations (PostToolUse carries
  *  duration_ms). SubagentStart/Stop close the gap path C handles via
  *  transcript backfill. Stop / Notification add nice-to-have signal but
- *  are minimal cost. */
+ *  are minimal cost. PreCompact + PostCompact (added 1.18.151) carry
+ *  compaction telemetry — pre/post tokens, summary text, trigger source —
+ *  which the run-detail viewer surfaces as "what got summarized away". */
 const HOOK_EVENTS = [
     'PreToolUse',
     'PostToolUse',
@@ -39,18 +49,33 @@ const HOOK_EVENTS = [
     'UserPromptSubmit',
     'SessionStart',
     'PreCompact',
+    'PostCompact',
 ];
+/** Bumped on every meaningful template change. Heartbeat reads installed
+ *  files' `_clementine.installerVersion` and surfaces a re-install nudge
+ *  when it lags this constant — see heartbeat.ts (1.18.151 stale-template
+ *  detector). We never overwrite user-facing files silently; the user runs
+ *  `clementine hooks install` to opt into the new template. */
+export const CURRENT_INSTALLER_VERSION = '1.18.151';
+/** Default location of the dashboard token file. The dashboard writes this
+ *  on every startup (see dashboard.ts:2097-2098). Hooks read it at fire
+ *  time via `$(cat …)` so token rotations propagate without re-installing. */
+const DEFAULT_TOKEN_FILE = path.join(os.homedir(), '.clementine', '.dashboard-token');
 /** Build the JSON content of .claude/settings.local.json. The shape matches
  *  the SDK's hook config schema: a top-level `hooks` map keyed by event name,
  *  each value an array of `{ hooks: [{ type, command }] }` matchers. The
  *  empty matcher means "always fire". */
-export function buildSettingsTemplate(opts) {
+export function buildSettingsTemplate(opts = {}) {
     const port = opts.port ?? 3030;
+    const tokenFile = opts.tokenFilePath ?? DEFAULT_TOKEN_FILE;
     // Use POSIX `curl` — preinstalled on macOS and most Linuxes; Windows users
     // running WSL or Git Bash also have it. We add `--max-time 2` so a
-    // wedged dashboard can't stall the SDK's tool execution.
+    // wedged dashboard can't stall the SDK's tool execution. The
+    // `$(cat … 2>/dev/null)` substitution reads the live dashboard token at
+    // fire time; if the file is briefly missing during startup the curl
+    // sends an empty token and the dashboard 401s harmlessly (no SDK break).
     const curlCmd = `curl -s --max-time 2 -X POST `
-        + `-H "X-Dashboard-Token: ${opts.token}" `
+        + `-H "X-Dashboard-Token: $(cat ${tokenFile} 2>/dev/null)" `
         + `-H "Content-Type: application/json" `
         + `--data-binary @- `
         + `http://127.0.0.1:${port}/api/hooks/event`;
@@ -70,7 +95,7 @@ export function buildSettingsTemplate(opts) {
         _clementine: {
             managedBy: 'clementine-agent path-b-installer',
             installedAt: new Date().toISOString(),
-            installerVersion: opts.installerVersion ?? '1.18.102',
+            installerVersion: opts.installerVersion ?? CURRENT_INSTALLER_VERSION,
             port,
         },
         hooks,
@@ -78,12 +103,14 @@ export function buildSettingsTemplate(opts) {
 }
 /** Write/update .claude/settings.local.json in `workDir`. If the file
  *  already exists and is NOT installer-managed (no _clementine key), we
- *  bail out and refuse to overwrite to avoid clobbering user content. */
-export function installPathBHooks(workDir, opts) {
+ *  bail out and refuse to overwrite to avoid clobbering user content.
+ *
+ *  As of 1.18.151 no token is required at install time — the curl reads
+ *  the live token from disk at fire time. Callers can pass tokenFilePath
+ *  to override the default `~/.clementine/.dashboard-token` (tests). */
+export function installPathBHooks(workDir, opts = {}) {
     if (!workDir)
         return { ok: false, filePath: '', wasExisting: false, wasUpdate: false, error: 'workDir required' };
-    if (!opts.token)
-        return { ok: false, filePath: '', wasExisting: false, wasUpdate: false, error: 'token required' };
     const dir = path.join(workDir, '.claude');
     const file = path.join(dir, 'settings.local.json');
     let wasExisting = false;

package/dist/cli/dashboard.js

@@ -2047,9 +2047,36 @@ export async function cmdDashboard(opts) {
         jsonParser(req, res, next);
     });
     // ── Dashboard authentication ────────────────────────────────────────
-    const dashboardToken = randomBytes(24).toString('hex');
+    // 1.18.152 — persist the token across restarts. Before this, every
+    // dashboard startup (manual restart, auto-respawn, crash recovery)
+    // generated a fresh random token, which invalidated every browser
+    // bookmark, open tab, and printed URL. Auto-respawn (1.18.146) +
+    // auto-open browser (1.18.147) made this acutely visible — users
+    // would re-open the dashboard and find the URL they had bookmarked
+    // 401'd, then a new browser window would open with a different token,
+    // and any hook commands installed in projects would silently 401 too.
+    //
+    // Fix: read the existing token if `~/.clementine/.dashboard-token`
+    // already exists; only generate-and-persist on first-ever startup.
+    // To rotate tokens deliberately, the user deletes the file and
+    // restarts. Local-machine threat model assumes the home dir is
+    // trusted (see feedback_security_model.md) — a persistent token here
+    // is the same security posture as `~/.ssh/id_rsa`.
     const tokenPath = path.join(BASE_DIR, '.dashboard-token');
-    writeFileSync(tokenPath, dashboardToken, { mode: 0o600 });
+    let dashboardToken;
+    try {
+        const existing = readFileSync(tokenPath, 'utf-8').trim();
+        // Strict format check — anything that doesn't look like a 48-hex-char
+        // token (the format randomBytes(24).toString('hex') produces) gets
+        // regenerated. Defends against truncated / corrupt files.
+        if (!/^[a-f0-9]{48}$/.test(existing))
+            throw new Error('invalid token format on disk');
+        dashboardToken = existing;
+    }
+    catch {
+        dashboardToken = randomBytes(24).toString('hex');
+        writeFileSync(tokenPath, dashboardToken, { mode: 0o600 });
+    }
     // ── Remote access + session management ─────────────────────────────
     const remoteConfig = loadRemoteConfig();
     const sessions = new Map();
@@ -5451,7 +5478,10 @@ export async function cmdDashboard(opts) {
             }
             const port = Number(process.env.PORT) || 3030;
             const { installPathBHooks } = await import('../agent/path-b-installer.js');
-            const result = installPathBHooks(job.workDir, { token: dashboardToken, port });
+            // 1.18.151 — token no longer baked into hook command (read from
+            // ~/.clementine/.dashboard-token at fire time). Path-b installer
+            // takes only port + version sentinel now.
+            const result = installPathBHooks(job.workDir, { port });
             if (!result.ok) {
                 res.status(409).json({ ...result, ok: false });
                 return;
@@ -6693,6 +6723,29 @@ If the tool returns nothing or errors, return an empty array \`[]\`.`,
                     ? body.tool_response.slice(0, 500)
                     : 'tool returned is_error=true';
             }
+            // 1.18.151 — compaction telemetry. PreCompact carries trigger +
+            // optional custom_instructions; PostCompact carries the summary text
+            // and pre/post token counts. We promote these to top-level fields so
+            // the run-detail viewer can render a "summarized N→M tokens" marker
+            // without needing to re-parse the original SDK payload shape.
+            if (hookEventName === 'PreCompact') {
+                ev.kind = 'pre_compact';
+                if (typeof body.trigger === 'string')
+                    ev.compactTrigger = body.trigger;
+                if (typeof body.custom_instructions === 'string')
+                    ev.compactInstructions = body.custom_instructions;
+            }
+            else if (hookEventName === 'PostCompact') {
+                ev.kind = 'post_compact';
+                if (typeof body.trigger === 'string')
+                    ev.compactTrigger = body.trigger;
+                if (typeof body.compact_summary === 'string')
+                    ev.compactSummary = body.compact_summary;
+                if (typeof body.pre_tokens === 'number')
+                    ev.preTokens = body.pre_tokens;
+                if (typeof body.post_tokens === 'number')
+                    ev.postTokens = body.post_tokens;
+            }
             entry.eventLog.append(ev);
             res.json({ ok: true, runId: entry.runId, seq });
         }
@@ -27293,10 +27346,13 @@ function renderRunDetailWaterfall(events, runId, jobName) {
     if (k === 'subagent_start' || k === 'subagent_stop') return '#a855f7';
     if (k === 'rate_limit') return 'var(--yellow)';
     if (k === 'hook') return 'var(--blue)';
+    if (k === 'pre_compact' || k === 'post_compact') return 'var(--orange, #f59e0b)';
     if (k === 'error') return 'var(--red)';
     return 'var(--text-muted)';
   }
   function kindLabel(k) {
+    if (k === 'pre_compact') return 'COMPACT START';
+    if (k === 'post_compact') return 'COMPACT DONE';
     return (k || 'event').toUpperCase().replace(/_/g, ' ');
   }
 
@@ -27369,6 +27425,29 @@ function renderRunDetailWaterfall(events, runId, jobName) {
       preview = ev.sessionId ? 'session ' + String(ev.sessionId).slice(0, 8) + '…' : '';
     } else if (ev.kind === 'session_end') {
       preview = '$' + (ev.costUsd != null ? ev.costUsd.toFixed(4) : '?') + ' · ' + (ev.stopReason || '?');
+    } else if (ev.kind === 'pre_compact') {
+      // 1.18.151 — PreCompact telemetry. Trigger tells us whether the SDK
+      // auto-compacted to stay under context limits or the user/agent
+      // requested it. custom_instructions, when present, biases what gets
+      // preserved — surface it inline so debugging "why did this run forget
+      // X?" is one click away.
+      preview = '⤓ compaction starting (' + (ev.compactTrigger || '?') + ')';
+      fullContent = ev.compactInstructions
+        ? 'Custom instructions for compaction:\\n' + String(ev.compactInstructions)
+        : 'No custom instructions — SDK uses its default summarization.';
+    } else if (ev.kind === 'post_compact') {
+      // 1.18.151 — PostCompact carries the summary text + token deltas.
+      // Showing pre→post tokens makes compaction efficiency visible at a
+      // glance; the summary itself is the canonical "what got remembered"
+      // record for the rest of the run.
+      var tokenDelta = '';
+      if (typeof ev.preTokens === 'number' && typeof ev.postTokens === 'number') {
+        tokenDelta = ' · ' + ev.preTokens.toLocaleString() + '→' + ev.postTokens.toLocaleString() + ' tokens';
+      }
+      preview = '⤴ compaction done' + tokenDelta;
+      fullContent = ev.compactSummary
+        ? 'Summary the SDK kept:\\n\\n' + String(ev.compactSummary)
+        : '(no summary text returned)';
     }
 
     var rowId = 'run-evt-' + j;

package/dist/memory/maintenance.js

@@ -159,6 +159,39 @@ export async function runStartupMaintenance(store) {
     catch (err) {
         logger.warn({ err }, 'Startup .md.bak sweep failed');
     }
+    // Path-B installer-version sweep (1.18.151). For every cron with a workDir
+    // that has a clementine-managed .claude/settings.local.json, check whether
+    // the installerVersion sentinel matches CURRENT_INSTALLER_VERSION. Any
+    // older install is missing the token-at-fire-time fix and will silently
+    // 401 against /api/hooks/event after the next dashboard token rotation.
+    // We log once per startup with the list of paths so the user knows to
+    // re-run `clementine hooks install` (we never silently overwrite — user
+    // owns their .claude/).
+    try {
+        const { parseCronJobs } = await import('../gateway/cron-scheduler.js');
+        const { getHooksStatus, CURRENT_INSTALLER_VERSION } = await import('../agent/path-b-installer.js');
+        const stale = [];
+        const seen = new Set();
+        for (const job of parseCronJobs()) {
+            if (!job.workDir || seen.has(job.workDir))
+                continue;
+            seen.add(job.workDir);
+            const s = getHooksStatus(job.workDir);
+            if (s.managedByUs && s.installerVersion !== CURRENT_INSTALLER_VERSION) {
+                stale.push({ workDir: job.workDir, installerVersion: s.installerVersion });
+            }
+        }
+        if (stale.length > 0) {
+            logger.warn({
+                stale,
+                currentVersion: CURRENT_INSTALLER_VERSION,
+                action: 'Re-run `clementine hooks install` per project to pick up the token-at-fire-time fix (1.18.151) — until then those projects 401 silently after each dashboard token rotation.',
+            }, 'Path-B hook installs are stale');
+        }
+    }
+    catch (err) {
+        logger.warn({ err }, 'Path-B stale-version sweep failed');
+    }
     // Embedding warm-up — pre-embed the most-cited chunks in the background so
     // the first retrievals after startup don't pay cold-start latency. Fire
     // and forget; never blocks startup.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clementine-agent",
-  "version": "1.18.150",
+  "version": "1.18.152",
   "description": "Clementine — Personal AI Assistant (TypeScript)",
   "type": "module",
   "main": "dist/index.js",