clementine-agent 1.18.67 → 1.18.68

package/dist/agent/run-agent-cron.d.ts

@@ -62,9 +62,15 @@ export interface SkillContextResult {
  * that don't resolve are surfaced via `missing[]` (warned, never fatal) so
  * the dashboard can flag broken references.
  *
+ * When `opts.skipAutoMatch` is true (predictable mode), only pinned skills
+ * load — the runtime keyword/semantic match is skipped entirely. The trick
+ * runs with ONLY the skills the user explicitly attached.
+ *
  * Exported only for testability — the production caller is `runAgentCron`.
  */
-export declare function buildSkillContext(jobName: string, jobPrompt: string, agentSlug: string | undefined, pinnedSkills: string[] | undefined, memoryStore?: MemoryStore | null): Promise<SkillContextResult>;
+export declare function buildSkillContext(jobName: string, jobPrompt: string, agentSlug: string | undefined, pinnedSkills: string[] | undefined, memoryStore?: MemoryStore | null, opts?: {
+    skipAutoMatch?: boolean;
+}): Promise<SkillContextResult>;
 /** Minimal interface for the post-task reflection + skill extraction
  *  hooks. Lets `runAgentCron` stay decoupled from the full
  *  PersonalAssistant import while still benefiting from the existing
@@ -115,6 +121,13 @@ export interface RunAgentCronOptions {
      *  Applied after `buildExtraMcpForRunAgent` runs, so the effective set
      *  is `profile ∩ trick`. */
     allowedMcpServers?: string[];
+    /** Predictable mode — when true, the runner skips the auto-injected
+     *  context blocks (MEMORY.md, team comms, delegation queue) and the
+     *  auto-matched skill search. The trick runs with ONLY what was
+     *  explicitly attached: prompt, criteria, pinned skills, linked goals,
+     *  prior progress. The fix for fire-time memory drift. Undefined =
+     *  legacy behavior (inject everything). */
+    predictable?: boolean;
 }
 export interface RunAgentCronResult extends RunAgentResult {
     /** The final prompt that was sent to the agent (after context injection).
@@ -167,6 +180,10 @@ export interface CronExecutionPlan {
     maxBudgetUsd: number | undefined;
     agentSlug: string | undefined;
     ownerName: string;
+    /** Whether the trick is in predictable (contract) mode — true means
+     *  MEMORY.md / team / delegation / auto-skills were intentionally
+     *  skipped. Used by the Preview verdict line. */
+    predictable: boolean;
 }
 /**
  * Plan a cron run — assemble all context, resolve skills, intersect tool/MCP

package/dist/agent/run-agent-cron.js

@@ -226,9 +226,13 @@ function buildCriteriaContext(successCriteria) {
  * that don't resolve are surfaced via `missing[]` (warned, never fatal) so
  * the dashboard can flag broken references.
  *
+ * When `opts.skipAutoMatch` is true (predictable mode), only pinned skills
+ * load — the runtime keyword/semantic match is skipped entirely. The trick
+ * runs with ONLY the skills the user explicitly attached.
+ *
  * Exported only for testability — the production caller is `runAgentCron`.
  */
-export async function buildSkillContext(jobName, jobPrompt, agentSlug, pinnedSkills, memoryStore) {
+export async function buildSkillContext(jobName, jobPrompt, agentSlug, pinnedSkills, memoryStore, opts) {
     const applied = [];
     const missing = [];
     try {
@@ -259,8 +263,10 @@ export async function buildSkillContext(jobName, jobPrompt, agentSlug, pinnedSki
             }
         }
         // 2. Auto-match fills the remainder, deduped against pins.
+        //    In predictable (contract) mode we skip this entirely — only
+        //    pinned skills load, the runtime keyword/semantic search is off.
         const remaining = MAX_INJECTED_SKILLS - prepared.length;
-        if (remaining > 0) {
+        if (remaining > 0 && !opts?.skipAutoMatch) {
             const matched = searchSkills(skillQuery, remaining + (pinnedSkills?.length ?? 0), agentSlug, { suppressedNames });
             for (const m of matched) {
                 if (prepared.length >= MAX_INJECTED_SKILLS)
@@ -320,13 +326,22 @@ export async function buildCronExecutionPlan(opts) {
     const tier = opts.tier ?? 1;
     const agentSlug = opts.profile?.slug;
     const ownerName = process.env.OWNER_NAME ?? 'the user';
-    const memoryContext = buildAutonomousMemoryContext(opts.profile);
-    const progressContext = buildProgressContext(opts.jobName);
-    const goalContext = buildGoalContext(opts.jobName);
-    const delegationContext = buildDelegationContext(agentSlug);
-    const teamContext = buildTeamContext(agentSlug);
+    // ── Predictable (contract) mode ────────────────────────────────────
+    // When `predictable: true`, the trick runs with ONLY what was explicitly
+    // attached — prompt, criteria, pinned skills, linked goals, prior progress.
+    // We skip MEMORY.md, team comms, delegation queue, and the runtime skill
+    // auto-match. This is the fix for the email-cadence failure mode where the
+    // agent agreed to a plan in chat then re-derived from drifted memory at
+    // fire time. Legacy tricks (predictable === undefined) preserve existing
+    // behavior so we don't surprise anyone.
+    const predictable = opts.predictable === true;
+    const memoryContext = predictable ? '' : buildAutonomousMemoryContext(opts.profile);
+    const progressContext = buildProgressContext(opts.jobName); // opt-in via cron_progress writes
+    const goalContext = buildGoalContext(opts.jobName); // explicit links; not auto-inferred
+    const delegationContext = predictable ? '' : buildDelegationContext(agentSlug);
+    const teamContext = predictable ? '' : buildTeamContext(agentSlug);
     const criteriaContext = buildCriteriaContext(opts.successCriteria);
-    const skillResult = await buildSkillContext(opts.jobName, opts.jobPrompt, agentSlug, opts.pinnedSkills, opts.memoryStore);
+    const skillResult = await buildSkillContext(opts.jobName, opts.jobPrompt, agentSlug, opts.pinnedSkills, opts.memoryStore, { skipAutoMatch: predictable });
     const skillContext = skillResult.text;
     const howToRespond = `## How to respond\n` +
         `You're sending this directly to ${ownerName} as a DM. ` +
@@ -390,6 +405,7 @@ export async function buildCronExecutionPlan(opts) {
         maxBudgetUsd: maxBudget,
         agentSlug,
         ownerName,
+        predictable,
     };
 }
 /**

package/dist/cli/dashboard.js

@@ -6237,7 +6237,7 @@ If the tool returns nothing or errors, return an empty array \`[]\`.`,
     // ── CRON CRUD routes (continued) ──────────────────────────────
     app.post('/api/cron', (req, res) => {
         try {
-            const { name, schedule, prompt, tier, enabled, work_dir, mode, max_hours, max_retries, after, agent, context, skills, allowedTools, allowedMcpServers, tags, category, } = req.body;
+            const { name, schedule, prompt, tier, enabled, work_dir, mode, max_hours, max_retries, after, agent, context, skills, allowedTools, allowedMcpServers, tags, category, predictable, } = req.body;
             if (!name || !schedule || !prompt) {
                 res.status(400).json({ error: 'name, schedule, and prompt are required' });
                 return;
@@ -6293,6 +6293,9 @@ If the tool returns nothing or errors, return an empty array \`[]\`.`,
             if (typeof category === 'string' && category.trim()) {
                 job.category = category.trim().slice(0, 64);
             }
+            // Predictable mode — default to true (contract execution) for new
+            // tricks created via the dashboard. Mirror the MCP tool default.
+            job.predictable = (predictable === false) ? false : true;
             jobs.push(job);
             writeCronFileAt(cronFile, parsed, jobs);
             res.json({ ok: true, message: `Created cron job: ${name}` });
@@ -6431,6 +6434,9 @@ If the tool returns nothing or errors, return an empty array \`[]\`.`,
                     delete jobs[idx].category;
                 }
             }
+            if (updates.predictable !== undefined) {
+                jobs[idx].predictable = Boolean(updates.predictable);
+            }
             if (updates.name !== undefined && updates.name !== bareJobName) {
                 // Rename — check for duplicates
                 const dup = jobs.find((j, i) => i !== idx && String(j.name ?? '').toLowerCase() === String(updates.name).toLowerCase());
@@ -6548,6 +6554,7 @@ If the tool returns nothing or errors, return an empty array \`[]\`.`,
                 pinnedSkills: job.skills,
                 allowedTools: job.allowedTools,
                 allowedMcpServers: job.allowedMcpServers,
+                predictable: job.predictable,
             });
             // Enrich each applied skill with its title/description/full markdown
             // body so the UI can render "what the agent will actually read".
@@ -6586,7 +6593,9 @@ If the tool returns nothing or errors, return an empty array \`[]\`.`,
                     mode: job.mode ?? null,
                     tags: job.tags ?? [],
                     category: job.category ?? null,
+                    predictable: typeof job.predictable === 'boolean' ? job.predictable : null,
                 },
+                predictable: plan.predictable,
                 profile: profile ? { slug: profile.slug, name: profile.name } : null,
                 builtPrompt: plan.builtPrompt,
                 contextBlocks: plan.contextBlocks,
@@ -19673,6 +19682,19 @@ if('serviceWorker' in navigator){navigator.serviceWorker.getRegistrations().then
       <div class="form-group">
         <label class="form-label">Capabilities <span style="color:var(--text-muted);font-weight:normal">(optional — pin skills + scope tools/MCP)</span></label>
         <div class="form-hint" style="margin-bottom:6px">Pin learned procedures and constrain which tools / MCP servers this trick can use. Empty = inherit defaults. Use Preview on the card to see exactly what gets sent.</div>
+        <div class="cap-section">
+          <label class="cap-section-label">Predictable Mode</label>
+          <label style="display:flex;align-items:flex-start;gap:8px;cursor:pointer;font-size:12px;color:var(--text-primary)">
+            <input type="checkbox" id="cron-predictable" checked style="margin-top:3px">
+            <span>
+              <strong>Run with only what's attached</strong> (recommended)
+              <div style="font-size:11px;color:var(--text-muted);margin-top:3px;line-height:1.5">
+                ON: MEMORY.md, team comms, delegation queue, and auto-matched skills are SKIPPED at fire-time. The trick runs ONLY with the prompt + pinned skills + tools you see here. No drift, no surprise.<br>
+                OFF: legacy mode — runner injects MEMORY.md and other live context. Use only when the trick legitimately needs to re-read memory each fire (e.g. "summarize yesterday's daily note").
+              </div>
+            </span>
+          </label>
+        </div>
         <div class="cap-section">
           <label class="cap-section-label">Pinned Skills</label>
           <div class="cap-picker-chips" id="cron-skills-chips"></div>
@@ -22726,6 +22748,8 @@ function renderScheduledTaskCard(task) {
   var badges = '';
   if (task.owner) badges += '<span class="badge badge-orange">' + esc(task.owner) + '</span>';
   if (task.category) badges += '<span class="badge badge-gray" title="Category">' + esc(task.category) + '</span>';
+  if (task.predictable === true) badges += '<span class="badge badge-green" title="Contract mode — runs with only the prompt + pinned skills/tools. No MEMORY.md, no auto-matched skills, no team comms injection at fire-time.">🔒 predictable</span>';
+  else if (task.predictable === false) badges += '<span class="badge badge-yellow" title="Dynamic mode — fire-time injects MEMORY.md, recent team activity, and auto-matched skills. Can drift from chat-time intent.">🔄 reads memory</span>';
   if (task.mode === 'unleashed') badges += '<span class="badge badge-purple">long-running</span>';
   if (task.after) badges += '<span class="badge badge-yellow" title="Triggered after ' + esc(task.after) + '">after ' + esc(task.after) + '</span>';
   if (task.maxRetries != null) badges += '<span class="badge badge-gray">' + esc(task.maxRetries) + ' retries</span>';
@@ -23789,6 +23813,9 @@ function resetTrickCapabilityState() {
   if (toolsToggle) toolsToggle.textContent = '▾ Show';
   var catEl = document.getElementById('cron-category');
   if (catEl) catEl.value = '';
+  // Default: predictable ON for new tricks (matches add_cron_job default).
+  var predEl = document.getElementById('cron-predictable');
+  if (predEl) predEl.checked = true;
   renderSkillsPickerChips();
   renderMcpPickerChips();
   renderTagsPickerChips();
@@ -24102,6 +24129,10 @@ function openEditCronModal(jobName) {
   if (allowedTools.length > 0) toggleAllowedToolsPanel();
   var catEl = document.getElementById('cron-category');
   if (catEl) catEl.value = job.category || '';
+  // Predictable: respect saved value; if undefined (legacy trick), keep
+  // unchecked so we don't silently change runner behavior.
+  var predEl = document.getElementById('cron-predictable');
+  if (predEl) predEl.checked = (job.predictable === true);
   renderSkillsPickerChips();
   renderMcpPickerChips();
   renderTagsPickerChips();
@@ -24140,7 +24171,23 @@ function closeCronPreviewModal() {
 
 function renderCronPreview(d) {
   var html = '';
-  // Warnings band first
+  // Predictable verdict line — the headline visibility win.
+  html += '<div class="preview-section">';
+  if (d.predictable === true) {
+    html += '<div style="padding:10px 12px;border-radius:6px;background:rgba(16,185,129,0.12);color:var(--green);font-size:13px;font-weight:500">'
+      + '🔒 <strong>Predictable</strong> — what you see here is exactly what will run. No MEMORY.md, no team comms, no auto-matched skills injected at fire-time.'
+      + '</div>';
+  } else if (d.predictable === false) {
+    html += '<div style="padding:10px 12px;border-radius:6px;background:rgba(245,158,11,0.12);color:var(--yellow);font-size:13px;font-weight:500">'
+      + '⚠ <strong>Reads memory at fire-time</strong> — fire-time will ALSO inject MEMORY.md, recent team comms, delegation queue, and auto-matched skills. Output may differ from this preview if those drift between now and fire.'
+      + '</div>';
+  } else {
+    html += '<div style="padding:10px 12px;border-radius:6px;background:var(--bg-tertiary);color:var(--text-muted);font-size:12px">'
+      + 'Legacy trick — predictable mode not set. Runs in dynamic mode (injects MEMORY.md, etc). Edit and turn on Predictable Mode to lock down behavior.'
+      + '</div>';
+  }
+  html += '</div>';
+  // Warnings band
   if (Array.isArray(d.warnings) && d.warnings.length > 0) {
     html += '<div class="preview-section">';
     for (var w = 0; w < d.warnings.length; w++) {
@@ -24341,6 +24388,7 @@ async function saveCronJob() {
   const categoryRaw = (document.getElementById('cron-category')?.value || '').trim();
   const category = categoryRaw || undefined;
   const allowedTools = parseAllowedToolsRaw();
+  const predictable = !!document.getElementById('cron-predictable')?.checked;
 
   if (!name || !schedule || !prompt) {
     toast('Please fill in all fields', 'error');
@@ -24363,6 +24411,7 @@ async function saveCronJob() {
       : (_cronSelectedMcp.length ? _cronSelectedMcp : undefined),
     tags: editingCronJob ? _cronTags : (_cronTags.length ? _cronTags : undefined),
     category: editingCronJob ? (category || '') : category,
+    predictable,
   };
 
   if (editingCronJob) {

package/dist/dashboard/build-operations.d.ts

@@ -97,6 +97,10 @@ export interface ScheduledTaskCard {
     tags?: string[];
     /** Optional category bucket. */
     category?: string;
+    /** Predictable (contract) mode — true means runner skips MEMORY.md /
+     *  team comms / auto-matched skills. The visibility-on-card flag for
+     *  "this trick will run with only what you see here." */
+    predictable?: boolean;
 }
 export interface ScheduledWorkflowCard {
     type: 'scheduled_workflow';

package/dist/dashboard/build-operations.js

@@ -215,6 +215,7 @@ export function buildOperationsSnapshot(input) {
             allowedMcpServers: asStringArray(job.allowed_mcp_servers ?? job.allowedMcpServers),
             tags: asStringArray(job.tags),
             category: typeof job.category === 'string' && job.category.trim() ? job.category.trim() : undefined,
+            predictable: typeof job.predictable === 'boolean' ? job.predictable : undefined,
         };
     }).sort((a, b) => a.owner.localeCompare(b.owner) || a.displayName.localeCompare(b.displayName));
     const scheduledWorkflows = input.workflowSummaries

package/dist/gateway/cron-scheduler.js

@@ -132,6 +132,8 @@ export function parseCronJobs() {
         const category = typeof categoryRaw === 'string' && categoryRaw.trim()
             ? categoryRaw.trim().slice(0, 64)
             : undefined;
+        // Predictable (contract) mode — undefined means legacy behavior.
+        const predictable = typeof job.predictable === 'boolean' ? job.predictable : undefined;
         if (!name || !schedule || !prompt) {
             logger.warn({ job }, 'Skipping malformed cron job');
             continue;
@@ -139,7 +141,7 @@ export function parseCronJobs() {
         jobs.push({
             name, schedule, prompt, enabled, tier, maxTurns, model, workDir, mode,
             maxHours, maxRetries, after, successCriteria, alwaysDeliver, context, preCheck, agentSlug,
-            skills, allowedTools, allowedMcpServers, tags, category,
+            skills, allowedTools, allowedMcpServers, tags, category, predictable,
         });
     }
     return jobs;
@@ -199,6 +201,7 @@ export function parseAgentCronJobs(agentsDir) {
                 const category = typeof categoryRaw === 'string' && categoryRaw.trim()
                     ? categoryRaw.trim().slice(0, 64)
                     : undefined;
+                const predictable = typeof job.predictable === 'boolean' ? job.predictable : undefined;
                 if (!name || !schedule || !prompt) {
                     logger.warn({ job, agent: slug }, 'Skipping malformed agent cron job');
                     continue;
@@ -209,7 +212,7 @@ export function parseAgentCronJobs(agentsDir) {
                     schedule, prompt, enabled, tier, maxTurns, model, workDir,
                     mode, maxHours, maxRetries, after, successCriteria, context, preCheck,
                     agentSlug: slug,
-                    skills, allowedTools, allowedMcpServers, tags, category,
+                    skills, allowedTools, allowedMcpServers, tags, category, predictable,
                 });
             }
         }
@@ -1094,12 +1097,12 @@ export class CronScheduler {
                 const startedAt = new Date();
                 try {
                     // Standard cron jobs get a timeout via SDK AbortController (advisor may override)
-                    let response = await this.gateway.handleCronJob(job.name, jobPrompt, job.tier, job.maxTurns, job.model, job.workDir, job.mode, job.maxHours, effectiveTimeoutMs, job.successCriteria, job.agentSlug, job.skills, job.allowedTools, job.allowedMcpServers);
+                    let response = await this.gateway.handleCronJob(job.name, jobPrompt, job.tier, job.maxTurns, job.model, job.workDir, job.mode, job.maxHours, effectiveTimeoutMs, job.successCriteria, job.agentSlug, job.skills, job.allowedTools, job.allowedMcpServers, job.predictable);
                     // alwaysDeliver: retry once if the response is empty/noise
                     if (job.alwaysDeliver && (!response || CronScheduler.isCronNoise(response))) {
                         logger.info({ job: job.name }, 'alwaysDeliver: empty/noise response — retrying once');
                         try {
-                            const retryResponse = await this.gateway.handleCronJob(job.name, jobPrompt + '\n\nYou MUST produce a brief status update. Do NOT return __NOTHING__.', job.tier, job.maxTurns, job.model, job.workDir, job.mode, job.maxHours, effectiveTimeoutMs, job.successCriteria, job.agentSlug, job.skills, job.allowedTools, job.allowedMcpServers);
+                            const retryResponse = await this.gateway.handleCronJob(job.name, jobPrompt + '\n\nYou MUST produce a brief status update. Do NOT return __NOTHING__.', job.tier, job.maxTurns, job.model, job.workDir, job.mode, job.maxHours, effectiveTimeoutMs, job.successCriteria, job.agentSlug, job.skills, job.allowedTools, job.allowedMcpServers, job.predictable);
                             if (retryResponse && !CronScheduler.isCronNoise(retryResponse)) {
                                 response = retryResponse;
                             }

package/dist/gateway/router.d.ts

@@ -175,7 +175,9 @@ export declare class Gateway {
     handleCronJob(jobName: string, jobPrompt: string, tier?: number, maxTurns?: number, model?: string, workDir?: string, 
     /** Accepted for back-compat; canonical SDK path executes every job
      *  identically. Affects only UI display + budget heuristics elsewhere. */
-    _mode?: 'standard' | 'unleashed', maxHours?: number, timeoutMs?: number, successCriteria?: string[], agentSlug?: string, pinnedSkills?: string[], allowedTools?: string[], allowedMcpServers?: string[]): Promise<string>;
+    _mode?: 'standard' | 'unleashed', maxHours?: number, timeoutMs?: number, successCriteria?: string[], agentSlug?: string, pinnedSkills?: string[], allowedTools?: string[], allowedMcpServers?: string[], 
+    /** Predictable (contract) mode — runner skips memory/team/auto-skills. */
+    predictable?: boolean): Promise<string>;
     /**
      * Process a team message as an autonomous task — same multi-phase execution
      * as cron unleashed jobs, so agents can work until done instead of being

package/dist/gateway/router.js

@@ -1969,7 +1969,9 @@ export class Gateway {
      *  identically. Affects only UI display + budget heuristics elsewhere. */
     _mode, maxHours, timeoutMs, successCriteria, agentSlug, 
     // ── Trick capabilities (optional; preserve today's behavior when omitted) ─
-    pinnedSkills, allowedTools, allowedMcpServers) {
+    pinnedSkills, allowedTools, allowedMcpServers, 
+    /** Predictable (contract) mode — runner skips memory/team/auto-skills. */
+    predictable) {
         const releaseLane = await lanes.acquire('cron');
         // Build a wall-clock abort timer from maxHours / timeoutMs.
         // Whichever is shorter wins. Defaults to 1h if neither is set.
@@ -2010,6 +2012,7 @@ export class Gateway {
                     pinnedSkills,
                     allowedTools,
                     allowedMcpServers,
+                    predictable,
                 });
                 scanner.refreshIntegrity();
                 // Stash trick-capability metadata for the scheduler to read when

package/dist/tools/admin-tools.js

@@ -1025,20 +1025,21 @@ export function registerAdminTools(server) {
         return textResult(lines.join('\n\n'));
     });
     // ── Add Cron Job ────────────────────────────────────────────────────────
-    server.tool('add_cron_job', 'Add a new scheduled cron job ("trick"). Validates the schedule expression and writes to CRON.md. The daemon auto-reloads on file change. The canonical SDK path runs every job through runAgentCron — there is no separate "unleashed" mode anymore; the SDK handles compaction + multi-turn work natively up to maxBudgetUsd. CAPABILITIES: pin specific skills with `skills`, constrain tools with `allowed_tools`, and constrain MCP servers with `allowed_mcp_servers` so the trick has predictable behavior at fire time. Without these, the runtime auto-matches skills which can surprise the user.', {
+    server.tool('add_cron_job', 'Add a new scheduled task. ⚠ BEFORE CALLING THIS TOOL: propose the concrete plan to the user in chat and get explicit approval. The `prompt` you save should be SELF-CONTAINED — list the actual recipients, the actual template/content, the actual criteria. AVOID vague references like "recent leads" or "this week\'s items" that the trick will re-derive at fire-time, because re-derivation reads from MEMORY.md which drifts between chat-time agreement and fire-time execution. Good prompt: "Send template `monday-followup` to alice@x.com, bob@y.com, carol@z.com." Bad prompt: "Send follow-up to recent leads." The default `predictable: true` mode runs the trick with ONLY the prompt + explicitly-attached skills/tools — no MEMORY.md, no team-comms injection, no runtime skill auto-match. Set `predictable: false` ONLY if the user explicitly wants a dynamic trick that re-resolves data each fire (e.g., "summarize yesterday\'s daily note" where the data legitimately changes).', {
         name: z.string().describe('Job name (unique identifier)'),
         schedule: z.string().describe('Cron expression (e.g., "0 9 * * 1" for Monday 9 AM)'),
-        prompt: z.string().describe('The prompt/instruction for the assistant to execute'),
+        prompt: z.string().describe('The prompt/instruction for the assistant to execute. SHOULD BE CONCRETE — list actual recipients, criteria, content. Vague prompts re-derive at fire-time and cause "agent agreed in chat but emailed wrong people" failures.'),
         tier: z.number().optional().default(1).describe('Security tier (1=auto, 2=logged, 3=approval). Tier 2+ also raises the per-run budget cap.'),
         enabled: z.boolean().optional().default(true).describe('Whether the job is enabled'),
         work_dir: z.string().optional().describe('Project directory to run in (agent gets access to project tools, CLAUDE.md, files)'),
         max_hours: z.number().optional().describe('Wall-clock cap in hours. Defaults to 1h. Run aborts via AbortSignal when exceeded.'),
-        skills: z.array(z.string()).optional().describe('Pinned skill slugs (filename minus .md, slashes flattened to dashes). Loaded BEFORE runtime auto-match. Total injected per run capped at 4. Pin skills here so the trick has predictable behavior — empty/omitted falls back to runtime auto-match.'),
+        predictable: z.boolean().optional().default(true).describe('PREDICTABLE MODE (default true, recommended). When true, the runner runs with ONLY the prompt + pinned skills + criteria + linked goals + prior progress — MEMORY.md, team comms, delegation queue, and runtime skill auto-match are SKIPPED. This is the contract model: trick executes the plan you saved, not whatever memory says today. Set to false only when the user EXPLICITLY needs dynamic behavior — and tell them what that means.'),
+        skills: z.array(z.string()).optional().describe('Pinned skill slugs (filename minus .md, slashes flattened to dashes). Loaded BEFORE runtime auto-match. Total injected per run capped at 4. In predictable mode, ONLY pinned skills load (no auto-match).'),
         allowed_tools: z.array(z.string()).optional().describe('Per-trick tool whitelist. When set, intersected with the agent profile allowlist. Agent is always force-included for sub-agent delegation. Empty/omitted inherits from profile.'),
         allowed_mcp_servers: z.array(z.string()).optional().describe('Per-trick MCP server whitelist (server names from list_mcp_servers). Applied AFTER profile allowlist. Empty/omitted inherits from profile.'),
         tags: z.array(z.string()).optional().describe('Free-form tags for grouping/filtering in the dashboard.'),
         category: z.string().optional().describe('Single category bucket (e.g. "ops", "research").'),
-    }, async ({ name: jobName, schedule, prompt, tier, enabled, work_dir, max_hours, skills, allowed_tools, allowed_mcp_servers, tags, category }) => {
+    }, async ({ name: jobName, schedule, prompt, tier, enabled, work_dir, max_hours, predictable, skills, allowed_tools, allowed_mcp_servers, tags, category }) => {
         // Validate cron expression
         const cronMod = await import('node-cron');
         if (!cronMod.default.validate(schedule)) {
@@ -1076,6 +1077,9 @@ export function registerAdminTools(server) {
             newJob.work_dir = work_dir;
         if (max_hours)
             newJob.max_hours = max_hours;
+        // Predictable mode: persist explicitly so behavior is locked. Default
+        // for new chat-created tricks is true (contract execution).
+        newJob.predictable = predictable !== false;
         // ── Trick capabilities (snake_case YAML keys) ──────────────────
         if (Array.isArray(skills) && skills.length)
             newJob.skills = skills.map(s => String(s).trim()).filter(Boolean);
@@ -1121,6 +1125,7 @@ export function registerAdminTools(server) {
             details.push(`  Project: ${work_dir}`);
         if (max_hours)
             details.push(`  Wall-clock cap: ${max_hours}h`);
+        details.push(`  Predictable mode: ${newJob.predictable ? 'ON — runs with only the prompt + pinned skills/tools (no MEMORY.md drift)' : 'OFF — runs with MEMORY.md + auto-matched skills (dynamic, may surprise)'}`);
         if (Array.isArray(skills) && skills.length)
             details.push(`  Pinned skills: ${skills.join(', ')}`);
         if (Array.isArray(allowed_tools) && allowed_tools.length)
@@ -1138,7 +1143,7 @@ export function registerAdminTools(server) {
         return textResult(`Added cron job "${jobName}":\n${details.join('\n')}\n\n${verifyMsg}${goalHint}`);
     });
     // ── Update Cron Job ─────────────────────────────────────────────────────
-    server.tool('update_cron_job', 'Update an existing cron job in CRON.md. Partial — only fields you supply change. To CLEAR a capability allowlist (skills/allowed_tools/allowed_mcp_servers/tags), pass an empty array. To clear category, pass an empty string. The daemon auto-reloads on file change. Use preview_cron_job to confirm what will run before the next fire.', {
+    server.tool('update_cron_job', 'Update an existing cron job in CRON.md. Partial — only fields you supply change. To CLEAR a capability allowlist (skills/allowed_tools/allowed_mcp_servers/tags), pass an empty array. To clear category, pass an empty string. The daemon auto-reloads on file change. Use preview_cron_job to confirm what will run before the next fire. ⚠ Flipping `predictable` from true to false changes whether the trick reads MEMORY.md at fire-time — make sure the user understands the tradeoff before you toggle it.', {
         name: z.string().describe('Existing job name to update.'),
         schedule: z.string().optional().describe('New cron expression.'),
         prompt: z.string().optional().describe('New prompt.'),
@@ -1146,12 +1151,13 @@ export function registerAdminTools(server) {
         enabled: z.boolean().optional().describe('Enable/disable.'),
         work_dir: z.string().optional().describe('Project directory. Empty string clears.'),
         max_hours: z.number().optional().describe('Wall-clock cap in hours.'),
+        predictable: z.boolean().optional().describe('Predictable (contract) mode. true = runner skips MEMORY.md / team comms / auto-matched skills, runs ONLY with the prompt + pinned items. false = legacy injects-everything mode (memory drift risk). Tell the user what they\'re opting into when flipping this.'),
         skills: z.array(z.string()).optional().describe('Pinned skill slugs. Empty array clears.'),
         allowed_tools: z.array(z.string()).optional().describe('Tool allowlist. Empty array clears.'),
         allowed_mcp_servers: z.array(z.string()).optional().describe('MCP allowlist. Empty array clears.'),
         tags: z.array(z.string()).optional().describe('Tags. Empty array clears.'),
         category: z.string().optional().describe('Category bucket. Empty string clears.'),
-    }, async ({ name: jobName, schedule, prompt, tier, enabled, work_dir, max_hours, skills, allowed_tools, allowed_mcp_servers, tags, category }) => {
+    }, async ({ name: jobName, schedule, prompt, tier, enabled, work_dir, max_hours, predictable, skills, allowed_tools, allowed_mcp_servers, tags, category }) => {
         if (!existsSync(CRON_FILE)) {
             return textResult('CRON.md not found. Use add_cron_job to create one first.');
         }
@@ -1202,6 +1208,10 @@ export function registerAdminTools(server) {
             job.max_hours = max_hours;
             changed.push(`max_hours → ${max_hours}`);
         }
+        if (predictable !== undefined) {
+            job.predictable = predictable;
+            changed.push(`predictable → ${predictable ? 'ON (contract mode — only what\'s attached)' : 'OFF (dynamic — reads MEMORY.md, may drift)'}`);
+        }
         // ── Capabilities — empty array CLEARS, omitted leaves alone ────
         if (skills !== undefined) {
             if (skills.length) {
@@ -1298,11 +1308,20 @@ export function registerAdminTools(server) {
             pinnedSkills: job.skills,
             allowedTools: job.allowedTools,
             allowedMcpServers: job.allowedMcpServers,
+            predictable: job.predictable,
         });
         const allServers = discoverMcpServers();
         const lines = [];
         lines.push(`# Preview: ${job.name}`);
         lines.push('');
+        // Verdict line — the headline visibility win for the user.
+        if (plan.predictable) {
+            lines.push(`✓ **Predictable** — what you see here is exactly what will run. No MEMORY.md, no team activity, no auto-matched skills injected at fire-time. Pure contract execution.`);
+        }
+        else {
+            lines.push(`⚠ **Reads memory at fire-time** — this trick is in dynamic mode. At fire-time, the runner ALSO injects MEMORY.md, recent team comms, delegation queue, and auto-matched skills. The agent's output may differ from this preview if those have drifted since chat-time. Set \`predictable: true\` if that's not what you want.`);
+        }
+        lines.push('');
         lines.push(`**Schedule:** ${job.schedule}    **Tier:** ${plan.tier} (${plan.effort}${plan.maxBudgetUsd ? `, budget $${plan.maxBudgetUsd}` : ''})`);
         if (job.agentSlug)
             lines.push(`**Agent:** ${job.agentSlug}`);

package/dist/types.d.ts

@@ -354,6 +354,22 @@ export interface CronJobDefinition {
     /** Single category bucket — convenience for default grouping in the
      *  dashboard (e.g. "ops", "research", "morning"). */
     category?: string;
+    /**
+     * Predictable mode (the "contract" model) — runs the trick with ONLY
+     * the prompt + explicitly-attached skills/criteria/goals + tools. Skips
+     * MEMORY.md injection, auto-matched skills, team comms, and delegation
+     * queue. The fix for "agent said OK in chat then fired with stale memory."
+     *
+     * - undefined / false: legacy behavior — runner injects everything
+     *   (MEMORY.md, auto-matched skills, team activity, delegation). What
+     *   chat-style autonomous work needs, but contaminates scheduled tasks.
+     * - true: contract mode — runner only includes what was explicitly
+     *   attached. The trick executes the plan you saw in chat, nothing more.
+     *
+     * `add_cron_job` defaults this to `true` for new chat-created tricks.
+     * Existing tricks (no field set) keep current behavior — backward compat.
+     */
+    predictable?: boolean;
 }
 export type LongTaskRisk = 'normal' | 'long' | 'huge' | 'unsafe';
 export type LongTaskRoute = 'standard' | 'checkpointed' | 'opus_1m' | 'sonnet_1m' | 'split_required';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clementine-agent",
-  "version": "1.18.67",
+  "version": "1.18.68",
   "description": "Clementine — Personal AI Assistant (TypeScript)",
   "type": "module",
   "main": "dist/index.js",