comisai 1.0.33 → 1.0.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (285) hide show
  1. package/node_modules/@comis/agent/dist/background/auto-background-middleware.d.ts +11 -1
  2. package/node_modules/@comis/agent/dist/background/auto-background-middleware.js +21 -4
  3. package/node_modules/@comis/agent/dist/background/background-task-manager.d.ts +2 -2
  4. package/node_modules/@comis/agent/dist/background/background-task-manager.js +61 -20
  5. package/node_modules/@comis/agent/dist/background/background-task-persistence.js +10 -3
  6. package/node_modules/@comis/agent/dist/background/background-task-types.d.ts +10 -3
  7. package/node_modules/@comis/agent/dist/background/background-task-types.js +1 -1
  8. package/node_modules/@comis/agent/dist/background/completion-formatter.d.ts +39 -0
  9. package/node_modules/@comis/agent/dist/background/completion-formatter.js +77 -0
  10. package/node_modules/@comis/agent/dist/background/completion-runner.d.ts +53 -0
  11. package/node_modules/@comis/agent/dist/background/completion-runner.js +151 -0
  12. package/node_modules/@comis/agent/dist/background/index.d.ts +4 -0
  13. package/node_modules/@comis/agent/dist/background/index.js +2 -0
  14. package/node_modules/@comis/agent/dist/bridge/bridge-metrics.d.ts +17 -2
  15. package/node_modules/@comis/agent/dist/bridge/bridge-metrics.js +14 -2
  16. package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.d.ts +23 -23
  17. package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.js +72 -60
  18. package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.d.ts +6 -7
  19. package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.js +24 -25
  20. package/node_modules/@comis/agent/dist/budget/cost-tracker.d.ts +1 -1
  21. package/node_modules/@comis/agent/dist/context-engine/constants.d.ts +5 -5
  22. package/node_modules/@comis/agent/dist/context-engine/constants.js +12 -12
  23. package/node_modules/@comis/agent/dist/context-engine/context-engine.js +13 -4
  24. package/node_modules/@comis/agent/dist/context-engine/dag-annotator.d.ts +1 -2
  25. package/node_modules/@comis/agent/dist/context-engine/dag-annotator.js +1 -2
  26. package/node_modules/@comis/agent/dist/context-engine/llm-compaction.js +20 -16
  27. package/node_modules/@comis/agent/dist/context-engine/rehydration.js +6 -6
  28. package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.d.ts +12 -12
  29. package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.js +36 -22
  30. package/node_modules/@comis/agent/dist/context-engine/types-core.d.ts +15 -0
  31. package/node_modules/@comis/agent/dist/executor/cache-break-detection.d.ts +6 -6
  32. package/node_modules/@comis/agent/dist/executor/cache-break-detection.js +8 -8
  33. package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.d.ts +16 -0
  34. package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.js +46 -5
  35. package/node_modules/@comis/agent/dist/executor/executor-post-execution.d.ts +30 -0
  36. package/node_modules/@comis/agent/dist/executor/executor-post-execution.js +17 -1
  37. package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.js +1 -1
  38. package/node_modules/@comis/agent/dist/executor/executor-response-filter.d.ts +7 -6
  39. package/node_modules/@comis/agent/dist/executor/executor-response-filter.js +9 -42
  40. package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.js +2 -3
  41. package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.d.ts +2 -2
  42. package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.js +4 -4
  43. package/node_modules/@comis/agent/dist/executor/phase-filter.d.ts +2 -2
  44. package/node_modules/@comis/agent/dist/executor/phase-filter.js +5 -7
  45. package/node_modules/@comis/agent/dist/executor/pi-executor.d.ts +13 -0
  46. package/node_modules/@comis/agent/dist/executor/pi-executor.js +71 -6
  47. package/node_modules/@comis/agent/dist/executor/post-batch-continuation.js +7 -7
  48. package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.d.ts +1 -1
  49. package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.js +1 -1
  50. package/node_modules/@comis/agent/dist/executor/tool-deferral.d.ts +2 -2
  51. package/node_modules/@comis/agent/dist/executor/tool-deferral.js +7 -7
  52. package/node_modules/@comis/agent/dist/index.d.ts +17 -0
  53. package/node_modules/@comis/agent/dist/index.js +32 -11
  54. package/node_modules/@comis/agent/dist/model/auth-provider.d.ts +25 -2
  55. package/node_modules/@comis/agent/dist/model/auth-provider.js +6 -0
  56. package/node_modules/@comis/agent/dist/model/compaction-model-resolver.d.ts +3 -3
  57. package/node_modules/@comis/agent/dist/model/compaction-model-resolver.js +3 -3
  58. package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.d.ts +37 -0
  59. package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.js +279 -0
  60. package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.d.ts +49 -0
  61. package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.js +50 -0
  62. package/node_modules/@comis/agent/dist/model/oauth-device-code.d.ts +57 -0
  63. package/node_modules/@comis/agent/dist/model/oauth-device-code.js +302 -0
  64. package/node_modules/@comis/agent/dist/model/oauth-env.d.ts +33 -0
  65. package/node_modules/@comis/agent/dist/model/oauth-env.js +38 -0
  66. package/node_modules/@comis/agent/dist/model/oauth-errors.d.ts +41 -0
  67. package/node_modules/@comis/agent/dist/model/oauth-errors.js +88 -0
  68. package/node_modules/@comis/agent/dist/model/oauth-identity.d.ts +53 -0
  69. package/node_modules/@comis/agent/dist/model/oauth-identity.js +141 -0
  70. package/node_modules/@comis/agent/dist/model/oauth-login-runner.d.ts +99 -0
  71. package/node_modules/@comis/agent/dist/model/oauth-login-runner.js +374 -0
  72. package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.d.ts +58 -0
  73. package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.js +82 -0
  74. package/node_modules/@comis/agent/dist/model/oauth-token-manager.d.ts +86 -16
  75. package/node_modules/@comis/agent/dist/model/oauth-token-manager.js +961 -66
  76. package/node_modules/@comis/agent/dist/model/operation-model-defaults.d.ts +9 -4
  77. package/node_modules/@comis/agent/dist/model/operation-model-defaults.js +36 -9
  78. package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.d.ts +48 -0
  79. package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.js +66 -0
  80. package/node_modules/@comis/agent/dist/provider/capabilities.d.ts +5 -5
  81. package/node_modules/@comis/agent/dist/provider/capabilities.js +10 -23
  82. package/node_modules/@comis/agent/dist/safety/tool-output-safety.js +3 -3
  83. package/node_modules/@comis/agent/dist/session/comis-session-manager.d.ts +1 -1
  84. package/node_modules/@comis/agent/dist/session/comis-session-manager.js +1 -1
  85. package/node_modules/@comis/agent/dist/spawn/narrative-caster.d.ts +10 -0
  86. package/node_modules/@comis/agent/dist/spawn/narrative-caster.js +5 -1
  87. package/node_modules/@comis/agent/package.json +1 -1
  88. package/node_modules/@comis/channels/dist/email/email-adapter.js +6 -6
  89. package/node_modules/@comis/channels/dist/email/imap-lifecycle.js +7 -7
  90. package/node_modules/@comis/channels/dist/shared/deliver-to-channel.js +12 -10
  91. package/node_modules/@comis/channels/dist/telegram/telegram-adapter.js +1 -1
  92. package/node_modules/@comis/channels/package.json +1 -1
  93. package/node_modules/@comis/cli/dist/cli.js +2 -0
  94. package/node_modules/@comis/cli/dist/commands/agent.d.ts +3 -3
  95. package/node_modules/@comis/cli/dist/commands/agent.js +46 -3
  96. package/node_modules/@comis/cli/dist/commands/auth.d.ts +37 -0
  97. package/node_modules/@comis/cli/dist/commands/auth.js +433 -0
  98. package/node_modules/@comis/cli/dist/commands/doctor.d.ts +4 -1
  99. package/node_modules/@comis/cli/dist/commands/doctor.js +20 -5
  100. package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.d.ts +39 -0
  101. package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.js +399 -0
  102. package/node_modules/@comis/cli/dist/doctor/types.d.ts +19 -0
  103. package/node_modules/@comis/cli/dist/index.d.ts +1 -0
  104. package/node_modules/@comis/cli/dist/index.js +10 -4
  105. package/node_modules/@comis/cli/dist/output/relative-time.d.ts +23 -0
  106. package/node_modules/@comis/cli/dist/output/relative-time.js +36 -0
  107. package/node_modules/@comis/cli/dist/wizard/non-interactive.js +17 -8
  108. package/node_modules/@comis/cli/dist/wizard/steps/03-provider.js +2 -1
  109. package/node_modules/@comis/cli/dist/wizard/steps/04-credentials.js +223 -34
  110. package/node_modules/@comis/cli/dist/wizard/steps/10-write-config.js +14 -0
  111. package/node_modules/@comis/cli/dist/wizard/steps/11-daemon-start.js +3 -3
  112. package/node_modules/@comis/cli/dist/wizard/types.d.ts +7 -0
  113. package/node_modules/@comis/cli/package.json +1 -1
  114. package/node_modules/@comis/core/dist/bootstrap.d.ts +1 -1
  115. package/node_modules/@comis/core/dist/config/env-substitution.d.ts +66 -0
  116. package/node_modules/@comis/core/dist/config/env-substitution.js +115 -0
  117. package/node_modules/@comis/core/dist/config/index.d.ts +3 -1
  118. package/node_modules/@comis/core/dist/config/index.js +2 -1
  119. package/node_modules/@comis/core/dist/config/loader.js +61 -0
  120. package/node_modules/@comis/core/dist/config/managed-sections.d.ts +3 -3
  121. package/node_modules/@comis/core/dist/config/managed-sections.js +10 -5
  122. package/node_modules/@comis/core/dist/config/schema-agent.d.ts +4 -0
  123. package/node_modules/@comis/core/dist/config/schema-agent.js +16 -1
  124. package/node_modules/@comis/core/dist/config/schema-background-tasks.d.ts +7 -0
  125. package/node_modules/@comis/core/dist/config/schema-background-tasks.js +7 -0
  126. package/node_modules/@comis/core/dist/config/schema-delivery.d.ts +2 -0
  127. package/node_modules/@comis/core/dist/config/schema-delivery.js +2 -0
  128. package/node_modules/@comis/core/dist/config/schema-gemini-cache.d.ts +0 -2
  129. package/node_modules/@comis/core/dist/config/schema-gemini-cache.js +0 -2
  130. package/node_modules/@comis/core/dist/config/schema-oauth.d.ts +23 -0
  131. package/node_modules/@comis/core/dist/config/schema-oauth.js +19 -0
  132. package/node_modules/@comis/core/dist/config/schema-skills.d.ts +6 -8
  133. package/node_modules/@comis/core/dist/config/schema-skills.js +3 -4
  134. package/node_modules/@comis/core/dist/config/schema.d.ts +10 -0
  135. package/node_modules/@comis/core/dist/config/schema.js +3 -0
  136. package/node_modules/@comis/core/dist/domain/background-task-origin.d.ts +39 -0
  137. package/node_modules/@comis/core/dist/domain/background-task-origin.js +39 -0
  138. package/node_modules/@comis/core/dist/event-bus/events-infra.d.ts +71 -2
  139. package/node_modules/@comis/core/dist/exports/config.d.ts +2 -2
  140. package/node_modules/@comis/core/dist/exports/config.js +1 -1
  141. package/node_modules/@comis/core/dist/exports/domain.d.ts +2 -0
  142. package/node_modules/@comis/core/dist/exports/domain.js +1 -0
  143. package/node_modules/@comis/core/dist/exports/ports.d.ts +2 -2
  144. package/node_modules/@comis/core/dist/exports/ports.js +1 -1
  145. package/node_modules/@comis/core/dist/ports/delivery-queue.d.ts +23 -0
  146. package/node_modules/@comis/core/dist/ports/delivery-queue.js +2 -0
  147. package/node_modules/@comis/core/dist/ports/index.d.ts +2 -0
  148. package/node_modules/@comis/core/dist/ports/index.js +1 -0
  149. package/node_modules/@comis/core/dist/ports/oauth-credential-store.d.ts +64 -0
  150. package/node_modules/@comis/core/dist/ports/oauth-credential-store.js +37 -0
  151. package/node_modules/@comis/core/dist/tool-metadata.d.ts +20 -0
  152. package/node_modules/@comis/core/package.json +1 -1
  153. package/node_modules/@comis/daemon/dist/daemon-types.d.ts +23 -3
  154. package/node_modules/@comis/daemon/dist/daemon.js +82 -19
  155. package/node_modules/@comis/daemon/dist/health/watchdog.js +18 -3
  156. package/node_modules/@comis/daemon/dist/index.d.ts +2 -0
  157. package/node_modules/@comis/daemon/dist/index.js +5 -0
  158. package/node_modules/@comis/daemon/dist/observability/channel-health-logger.js +3 -3
  159. package/node_modules/@comis/daemon/dist/observability/delivery-queue-logger.js +1 -1
  160. package/node_modules/@comis/daemon/dist/rpc/agent-handlers.d.ts +22 -1
  161. package/node_modules/@comis/daemon/dist/rpc/agent-handlers.js +84 -21
  162. package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.js +2 -2
  163. package/node_modules/@comis/daemon/dist/rpc/config-handlers.d.ts +9 -1
  164. package/node_modules/@comis/daemon/dist/rpc/config-handlers.js +104 -23
  165. package/node_modules/@comis/daemon/dist/rpc/credential-resolver.d.ts +30 -1
  166. package/node_modules/@comis/daemon/dist/rpc/credential-resolver.js +74 -11
  167. package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.d.ts +8 -0
  168. package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.js +22 -8
  169. package/node_modules/@comis/daemon/dist/rpc/provider-handlers.js +9 -12
  170. package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.d.ts +1 -0
  171. package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.js +27 -2
  172. package/node_modules/@comis/daemon/dist/setup-docker-restart-warn.js +0 -1
  173. package/node_modules/@comis/daemon/dist/wiring/index.d.ts +2 -0
  174. package/node_modules/@comis/daemon/dist/wiring/index.js +1 -0
  175. package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.d.ts +21 -0
  176. package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.js +134 -0
  177. package/node_modules/@comis/daemon/dist/wiring/setup-agents.d.ts +46 -1
  178. package/node_modules/@comis/daemon/dist/wiring/setup-agents.js +127 -3
  179. package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.d.ts +39 -0
  180. package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.js +32 -0
  181. package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.d.ts +10 -3
  182. package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.js +11 -5
  183. package/node_modules/@comis/daemon/dist/wiring/setup-channels.js +20 -1
  184. package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.js +1 -1
  185. package/node_modules/@comis/daemon/dist/wiring/setup-delivery.d.ts +14 -5
  186. package/node_modules/@comis/daemon/dist/wiring/setup-delivery.js +52 -19
  187. package/node_modules/@comis/daemon/dist/wiring/setup-schedulers.js +4 -0
  188. package/node_modules/@comis/daemon/package.json +1 -1
  189. package/node_modules/@comis/gateway/dist/index.d.ts +2 -0
  190. package/node_modules/@comis/gateway/dist/index.js +2 -0
  191. package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.d.ts +66 -0
  192. package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.js +212 -0
  193. package/node_modules/@comis/gateway/dist/server/hono-server.d.ts +14 -0
  194. package/node_modules/@comis/gateway/dist/server/hono-server.js +10 -0
  195. package/node_modules/@comis/gateway/package.json +1 -1
  196. package/node_modules/@comis/infra/dist/logging/log-fields.d.ts +23 -0
  197. package/node_modules/@comis/infra/package.json +1 -1
  198. package/node_modules/@comis/memory/dist/compaction.d.ts +3 -5
  199. package/node_modules/@comis/memory/dist/compaction.js +2 -3
  200. package/node_modules/@comis/memory/dist/delivery-queue-adapter.d.ts +2 -2
  201. package/node_modules/@comis/memory/dist/delivery-queue-adapter.js +49 -1
  202. package/node_modules/@comis/memory/dist/index.d.ts +2 -0
  203. package/node_modules/@comis/memory/dist/index.js +3 -0
  204. package/node_modules/@comis/memory/dist/memory-api.d.ts +1 -1
  205. package/node_modules/@comis/memory/dist/memory-api.js +1 -1
  206. package/node_modules/@comis/memory/dist/oauth-profile-schema.d.ts +17 -0
  207. package/node_modules/@comis/memory/dist/oauth-profile-schema.js +33 -0
  208. package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.d.ts +27 -0
  209. package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.js +144 -0
  210. package/node_modules/@comis/memory/dist/session-store.d.ts +1 -1
  211. package/node_modules/@comis/memory/dist/session-store.js +1 -1
  212. package/node_modules/@comis/memory/dist/sqlite-secret-store.d.ts +29 -3
  213. package/node_modules/@comis/memory/dist/sqlite-secret-store.js +11 -3
  214. package/node_modules/@comis/memory/package.json +1 -1
  215. package/node_modules/@comis/scheduler/dist/execution/execution-lock.d.ts +13 -0
  216. package/node_modules/@comis/scheduler/dist/execution/execution-lock.js +1 -1
  217. package/node_modules/@comis/scheduler/dist/execution/index.d.ts +2 -0
  218. package/node_modules/@comis/scheduler/dist/execution/index.js +2 -0
  219. package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.js +1 -1
  220. package/node_modules/@comis/scheduler/dist/index.d.ts +2 -0
  221. package/node_modules/@comis/scheduler/dist/index.js +2 -0
  222. package/node_modules/@comis/scheduler/package.json +1 -1
  223. package/node_modules/@comis/shared/package.json +1 -1
  224. package/node_modules/@comis/skills/dist/bridge/schema-validator.d.ts +38 -0
  225. package/node_modules/@comis/skills/dist/bridge/schema-validator.js +169 -0
  226. package/node_modules/@comis/skills/dist/bridge/tool-metadata-enforcement.js +12 -0
  227. package/node_modules/@comis/skills/dist/bridge/tool-metadata-registry.js +130 -0
  228. package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.d.ts +32 -0
  229. package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.js +127 -0
  230. package/node_modules/@comis/skills/dist/builtin/exec-security.js +38 -0
  231. package/node_modules/@comis/skills/dist/builtin/exec-tool.js +9 -0
  232. package/node_modules/@comis/skills/dist/builtin/file-tools/grep-tool.js +6 -6
  233. package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.d.ts +5 -4
  234. package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.js +38 -27
  235. package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.d.ts +4 -1
  236. package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.js +3 -3
  237. package/node_modules/@comis/skills/dist/builtin/platform/cron-tool.js +1 -1
  238. package/node_modules/@comis/skills/dist/builtin/platform/gateway-tool.js +6 -6
  239. package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.d.ts +1 -1
  240. package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.js +9 -9
  241. package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.d.ts +11 -0
  242. package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.js +114 -1
  243. package/node_modules/@comis/skills/dist/builtin/sandbox/detect-provider.js +40 -15
  244. package/node_modules/@comis/skills/dist/media/ssrf-fetcher.d.ts +7 -0
  245. package/node_modules/@comis/skills/dist/media/ssrf-fetcher.js +9 -2
  246. package/node_modules/@comis/skills/package.json +1 -1
  247. package/node_modules/@comis/web/dist/assets/{agent-detail-71BSbSfD.js → agent-detail-q8t1NB7w.js} +1 -1
  248. package/node_modules/@comis/web/dist/assets/{agent-editor-CTSDZhwT.js → agent-editor-B46io5gv.js} +1 -1
  249. package/node_modules/@comis/web/dist/assets/{agent-list-BEhni2ea.js → agent-list-DQ6g2Rcx.js} +1 -1
  250. package/node_modules/@comis/web/dist/assets/{billing-view-DVP1IvVs.js → billing-view-IWPR8LgF.js} +1 -1
  251. package/node_modules/@comis/web/dist/assets/{channel-detail-N_YK74xC.js → channel-detail-DlNNZuuC.js} +1 -1
  252. package/node_modules/@comis/web/dist/assets/{channel-list-DRk6ZJaF.js → channel-list-DhGwxiMc.js} +1 -1
  253. package/node_modules/@comis/web/dist/assets/{chat-console-Dm-GtSf9.js → chat-console-Nv6fM3Rc.js} +1 -1
  254. package/node_modules/@comis/web/dist/assets/{config-editor-CIferYX6.js → config-editor-BYKuJF76.js} +1 -1
  255. package/node_modules/@comis/web/dist/assets/{context-dag-browser-CL84rXXM.js → context-dag-browser-ClNEtzYE.js} +1 -1
  256. package/node_modules/@comis/web/dist/assets/{context-engine-B1HOTEZv.js → context-engine-BZJ6HChd.js} +1 -1
  257. package/node_modules/@comis/web/dist/assets/{delivery-view-Y6JKYVFw.js → delivery-view-Cb7I3vGu.js} +1 -1
  258. package/node_modules/@comis/web/dist/assets/{diagnostics-view-DWV1UQjz.js → diagnostics-view-9u9Lyu5a.js} +1 -1
  259. package/node_modules/@comis/web/dist/assets/{ic-chat-message-DfSERzzg.js → ic-chat-message-BFt3cVpx.js} +1 -1
  260. package/node_modules/@comis/web/dist/assets/{ic-connection-dot-CXyhlJup.js → ic-connection-dot-y77LZ3Gu.js} +1 -1
  261. package/node_modules/@comis/web/dist/assets/{ic-tool-call-DNmwTjek.js → ic-tool-call-qt6w1NQl.js} +1 -1
  262. package/node_modules/@comis/web/dist/assets/{index-CBr0Tm9_.js → index-8Tg9oc-C.js} +2 -2
  263. package/node_modules/@comis/web/dist/assets/{mcp-management-BaH2-vox.js → mcp-management-69dtH_kY.js} +2 -2
  264. package/node_modules/@comis/web/dist/assets/{media-config-CZLshJoN.js → media-config-BdjLj5c1.js} +1 -1
  265. package/node_modules/@comis/web/dist/assets/{media-test-C9NUWgo_.js → media-test-DuPqrixi.js} +1 -1
  266. package/node_modules/@comis/web/dist/assets/{memory-inspector-D_fmTcRN.js → memory-inspector-B-Pepbq-.js} +1 -1
  267. package/node_modules/@comis/web/dist/assets/{message-center-BBFlNCZn.js → message-center-B7l0yNYY.js} +1 -1
  268. package/node_modules/@comis/web/dist/assets/{models-BytGLm99.js → models-JHFHuv5S.js} +1 -1
  269. package/node_modules/@comis/web/dist/assets/{observe-view-VXtHqaqq.js → observe-view-r8mqhy4O.js} +1 -1
  270. package/node_modules/@comis/web/dist/assets/{pipeline-builder-CfXczlfJ.js → pipeline-builder-XjkiZRcR.js} +1 -1
  271. package/node_modules/@comis/web/dist/assets/{pipeline-history-CPmXFnbe.js → pipeline-history-CZqJv_Hj.js} +1 -1
  272. package/node_modules/@comis/web/dist/assets/{pipeline-history-detail-DcueTMs9.js → pipeline-history-detail-BEFGMoDy.js} +1 -1
  273. package/node_modules/@comis/web/dist/assets/{pipeline-list-B-xG5WZh.js → pipeline-list-B6q5LvO1.js} +1 -1
  274. package/node_modules/@comis/web/dist/assets/{pipeline-monitor-pnIOYaSY.js → pipeline-monitor-BNomXjVL.js} +1 -1
  275. package/node_modules/@comis/web/dist/assets/{scheduler-BtUIFHhA.js → scheduler-BJEjcGKA.js} +1 -1
  276. package/node_modules/@comis/web/dist/assets/{security-C8mWRq2y.js → security-2G1jhBfV.js} +1 -1
  277. package/node_modules/@comis/web/dist/assets/{session-detail-DgdkO5ka.js → session-detail-DmVPzFBR.js} +1 -1
  278. package/node_modules/@comis/web/dist/assets/{session-list-DcylcfTn.js → session-list-CsqMQoHs.js} +1 -1
  279. package/node_modules/@comis/web/dist/assets/{setup-wizard-BP5yjsuL.js → setup-wizard-CAdM-gSP.js} +1 -1
  280. package/node_modules/@comis/web/dist/assets/{skills-DXt1bX8Z.js → skills-2ODqKaWr.js} +1 -1
  281. package/node_modules/@comis/web/dist/assets/{subagents-C7YbUHXY.js → subagents-BFlwfTbD.js} +1 -1
  282. package/node_modules/@comis/web/dist/assets/{workspace-manager-DP6pW4wa.js → workspace-manager--CbOx_dI.js} +1 -1
  283. package/node_modules/@comis/web/dist/index.html +1 -1
  284. package/node_modules/@comis/web/package.json +1 -1
  285. package/package.json +17 -16
@@ -74,11 +74,18 @@ export function loadConfigFile(filePath, options) {
74
74
  }
75
75
  // Step 3: Substitute ${VAR} references (if getSecret provided)
76
76
  if (options?.getSecret) {
77
+ // Stash disabled MCP server entries before substitution. A disabled
78
+ // server may legitimately reference env vars the user has not set yet
79
+ // (e.g., a placeholder finnhub entry awaiting an API key). Substitution
80
+ // must not fail bootstrap on those — they are filtered out at
81
+ // connect-time in setup-mcp.ts. Originals are restored verbatim after.
82
+ const stash = stashDisabledMcpServers(processed);
77
83
  const subResult = substituteEnvVars(processed, options.getSecret, resolved);
78
84
  if (!subResult.ok) {
79
85
  return subResult;
80
86
  }
81
87
  processed = subResult.value;
88
+ restoreDisabledMcpServers(processed, stash);
82
89
  }
83
90
  return ok(processed);
84
91
  }
@@ -108,3 +115,57 @@ export function validateConfig(raw) {
108
115
  details: result.error.issues,
109
116
  });
110
117
  }
118
+ /**
119
+ * Replace `enabled: false` MCP server entries in
120
+ * `integrations.mcp.servers[]` with neutral stubs and return the originals
121
+ * so `restoreDisabledMcpServers` can put them back after env substitution.
122
+ *
123
+ * Mutates `processed` in place. The stub keeps no env-substitutable fields,
124
+ * so substitution sees no `${VAR}` refs from disabled servers.
125
+ */
126
+ function stashDisabledMcpServers(processed) {
127
+ const integrations = processed.integrations;
128
+ if (integrations === null || typeof integrations !== "object" || Array.isArray(integrations)) {
129
+ return [];
130
+ }
131
+ const mcp = integrations.mcp;
132
+ if (mcp === null || typeof mcp !== "object" || Array.isArray(mcp))
133
+ return [];
134
+ const servers = mcp.servers;
135
+ if (!Array.isArray(servers))
136
+ return [];
137
+ const stash = [];
138
+ for (let idx = 0; idx < servers.length; idx++) {
139
+ const srv = servers[idx];
140
+ if (srv === null || typeof srv !== "object" || Array.isArray(srv))
141
+ continue;
142
+ if (srv.enabled !== false)
143
+ continue;
144
+ stash.push({ idx, original: srv });
145
+ servers[idx] = { enabled: false };
146
+ }
147
+ return stash;
148
+ }
149
+ /**
150
+ * Restore originals previously saved by `stashDisabledMcpServers`. Operates
151
+ * on the substituted tree (a fresh object returned by `substituteEnvVars`),
152
+ * walking back to the same array index. No-op when stash is empty.
153
+ */
154
+ function restoreDisabledMcpServers(processed, stash) {
155
+ if (stash.length === 0)
156
+ return;
157
+ const integrations = processed.integrations;
158
+ if (integrations === null || typeof integrations !== "object" || Array.isArray(integrations)) {
159
+ return;
160
+ }
161
+ const mcp = integrations.mcp;
162
+ if (mcp === null || typeof mcp !== "object" || Array.isArray(mcp))
163
+ return;
164
+ const servers = mcp.servers;
165
+ if (!Array.isArray(servers))
166
+ return;
167
+ for (const { idx, original } of stash) {
168
+ if (idx < servers.length)
169
+ servers[idx] = original;
170
+ }
171
+ }
@@ -41,7 +41,7 @@ export interface ManagedSectionRedirect {
41
41
  * fields fit in < 20 lines of hint text. Verified against the tool's
42
42
  * TypeBox parameter schema as of this commit.
43
43
  *
44
- * Bug B (260428-gj6): production trace c7b91328 showed the agent burning
44
+ * Bug B: production trace c7b91328 showed the agent burning
45
45
  * ~30s × 4 LLM calls re-loading the agents_manage schema after an
46
46
  * immutable-path rejection. Surfacing the fragment inline closes that
47
47
  * round-trip tax.
@@ -91,8 +91,8 @@ export declare function getManagedSectionRedirect(section: string | undefined, k
91
91
  * stub forwards to the real tool and registers it as discovered).
92
92
  *
93
93
  * Naming `discover_tools` in the hint actively misleads Anthropic
94
- * Sonnet/Opus 4.x because that tool is not in their payload (260428-oyc
95
- * production repro: agent saw "Recovery: (1) call discover_tools(...)" and
94
+ * Sonnet/Opus 4.x because that tool is not in their payload (production
95
+ * repro: agent saw "Recovery: (1) call discover_tools(...)" and
96
96
  * gave up, reporting "I don't have a discover_tools function"). The
97
97
  * single-step framing works on every provider.
98
98
  *
@@ -30,7 +30,7 @@ export const MANAGED_SECTIONS = [
30
30
  // Flat parameter shape -- verified against mcp-manage-tool.ts McpManageToolParams.
31
31
  exampleArgs: {
32
32
  action: "connect",
33
- name: "<server-name>",
33
+ server_name: "<server-name>",
34
34
  transport: "stdio",
35
35
  command: "<command>",
36
36
  args: [],
@@ -44,7 +44,7 @@ export const MANAGED_SECTIONS = [
44
44
  schemaFragment: {
45
45
  actions: ["list", "status", "connect", "disconnect", "reconnect"],
46
46
  requiredByAction: {
47
- connect: ["name", "transport", "command"],
47
+ connect: ["server_name", "transport", "command"],
48
48
  },
49
49
  },
50
50
  },
@@ -120,6 +120,11 @@ export const MANAGED_SECTIONS = [
120
120
  model: "<model-id>",
121
121
  provider: "<provider>",
122
122
  maxSteps: 100,
123
+ // Advertise the per-agent OAuth profile preference to the LLM.
124
+ // Maps provider → "<provider>:<identity>" stored profile ID.
125
+ // Validated end-to-end by the Zod refine and daemon-side has()
126
+ // existence check.
127
+ oauthProfiles: { "openai-codex": "openai-codex:user@example.com" },
123
128
  },
124
129
  },
125
130
  fullyManaged: true,
@@ -173,8 +178,8 @@ export function getManagedSectionRedirect(section, key) {
173
178
  * stub forwards to the real tool and registers it as discovered).
174
179
  *
175
180
  * Naming `discover_tools` in the hint actively misleads Anthropic
176
- * Sonnet/Opus 4.x because that tool is not in their payload (260428-oyc
177
- * production repro: agent saw "Recovery: (1) call discover_tools(...)" and
181
+ * Sonnet/Opus 4.x because that tool is not in their payload (production
182
+ * repro: agent saw "Recovery: (1) call discover_tools(...)" and
178
183
  * gave up, reporting "I don't have a discover_tools function"). The
179
184
  * single-step framing works on every provider.
180
185
  *
@@ -195,7 +200,7 @@ export function formatRedirectHint(redirect, mutablePaths) {
195
200
  else {
196
201
  parts.push(`Call ${redirect.tool} directly; it will auto-load on first invocation.`);
197
202
  }
198
- // Bug B (260428-gj6): inline the dedicated tool's action enum + required
203
+ // Bug B: inline the dedicated tool's action enum + required
199
204
  // fields so the LLM can call it without a separate discover_tools round-
200
205
  // trip. Positioned AFTER the Recovery example (so the example is the first
201
206
  // thing the model sees) and BEFORE the mutablePaths block (which is the
@@ -1783,6 +1783,7 @@ export declare const PerAgentConfigSchema: z.ZodObject<{
1783
1783
  maxTotal: z.ZodDefault<z.ZodNumber>;
1784
1784
  maxBackgroundDurationMs: z.ZodDefault<z.ZodNumber>;
1785
1785
  excludeTools: z.ZodDefault<z.ZodArray<z.ZodString>>;
1786
+ maxBackgroundHops: z.ZodDefault<z.ZodNumber>;
1786
1787
  }, z.core.$strict>>;
1787
1788
  memoryReview: z.ZodOptional<z.ZodObject<{
1788
1789
  enabled: z.ZodDefault<z.ZodBoolean>;
@@ -1793,6 +1794,7 @@ export declare const PerAgentConfigSchema: z.ZodObject<{
1793
1794
  dedupThreshold: z.ZodDefault<z.ZodNumber>;
1794
1795
  autoTags: z.ZodDefault<z.ZodArray<z.ZodString>>;
1795
1796
  }, z.core.$strict>>;
1797
+ oauthProfiles: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
1796
1798
  }, z.core.$strict>;
1797
1799
  /** Agents map: keyed by agent ID string to per-agent configuration. */
1798
1800
  export declare const AgentsMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
@@ -2480,6 +2482,7 @@ export declare const AgentsMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
2480
2482
  maxTotal: z.ZodDefault<z.ZodNumber>;
2481
2483
  maxBackgroundDurationMs: z.ZodDefault<z.ZodNumber>;
2482
2484
  excludeTools: z.ZodDefault<z.ZodArray<z.ZodString>>;
2485
+ maxBackgroundHops: z.ZodDefault<z.ZodNumber>;
2483
2486
  }, z.core.$strict>>;
2484
2487
  memoryReview: z.ZodOptional<z.ZodObject<{
2485
2488
  enabled: z.ZodDefault<z.ZodBoolean>;
@@ -2490,6 +2493,7 @@ export declare const AgentsMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
2490
2493
  dedupThreshold: z.ZodDefault<z.ZodNumber>;
2491
2494
  autoTags: z.ZodDefault<z.ZodArray<z.ZodString>>;
2492
2495
  }, z.core.$strict>>;
2496
+ oauthProfiles: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
2493
2497
  }, z.core.$strict>>;
2494
2498
  export type PerAgentConfig = z.infer<typeof PerAgentConfigSchema>;
2495
2499
  export type PerAgentSchedulerConfig = z.infer<typeof PerAgentSchedulerConfigSchema>;
@@ -8,6 +8,7 @@ import { NotificationConfigSchema } from "./schema-notification.js";
8
8
  import { VerbosityConfigSchema } from "./schema-verbosity.js";
9
9
  import { BackgroundTasksConfigSchema } from "./schema-background-tasks.js";
10
10
  import { MemoryReviewConfigSchema } from "./schema-memory-review.js";
11
+ import { validateProfileId } from "../ports/oauth-credential-store.js";
11
12
  // ── Model Selection Schemas ─────────────────────────────────────────────
12
13
  /**
13
14
  * Model selection configuration schemas.
@@ -363,7 +364,7 @@ export const ContextEngineConfigSchema = z.strictObject({
363
364
  summaryModel: z.string().optional(),
364
365
  /** Optional provider override for DAG summary generation. */
365
366
  summaryProvider: z.string().optional(),
366
- // --- Post-batch continuation (L4 — replaces SEP nudge enforcement) ---
367
+ // --- Post-batch continuation (replaces SEP nudge enforcement) ---
367
368
  /** Post-batch continuation handler: when the LLM emits an empty final
368
369
  * turn after a successful tool batch, fire a directive followUp with
369
370
  * multi-shot retry. Replaces the legacy SEP one-shot completeness nudge
@@ -770,6 +771,20 @@ export const PerAgentConfigSchema = AgentConfigSchema.extend({
770
771
  backgroundTasks: BackgroundTasksConfigSchema.optional(),
771
772
  /** Periodic memory review configuration (session history extraction) */
772
773
  memoryReview: MemoryReviewConfigSchema.optional(),
774
+ /**
775
+ * Per-provider OAuth profile preferences (provider -> profileId map).
776
+ * When set, the OAuthTokenManager resolves the named profile for that
777
+ * provider's LLM calls. Each value must match the `<provider>:<identity>`
778
+ * format enforced by `validateProfileId` from `@comis/core`.
779
+ */
780
+ oauthProfiles: z
781
+ .record(z.string().min(1), z
782
+ .string()
783
+ .min(1)
784
+ .refine((val) => validateProfileId(val).ok, {
785
+ message: 'Invalid profile ID: expected "<provider>:<identity>" format (use validateProfileId from @comis/core to verify).',
786
+ }))
787
+ .optional(),
773
788
  });
774
789
  /** Agents map: keyed by agent ID string to per-agent configuration. */
775
790
  export const AgentsMapSchema = z.record(z.string().min(1), PerAgentConfigSchema);
@@ -21,5 +21,12 @@ export declare const BackgroundTasksConfigSchema: z.ZodObject<{
21
21
  maxBackgroundDurationMs: z.ZodDefault<z.ZodNumber>;
22
22
  /** Tool names excluded from auto-background promotion. */
23
23
  excludeTools: z.ZodDefault<z.ZodArray<z.ZodString>>;
24
+ /** Recursion bound for background-task completion re-trigger (maxBackgroundHops).
25
+ * Each completion re-enters the originating session as a fresh turn;
26
+ * the hop counter prevents a runaway chain when an announcement
27
+ * triggers another background task. Default 3 — enough headroom for
28
+ * normal "install then generate then send" sequences, low enough that
29
+ * loops surface quickly. Runner reads config.backgroundTasks.maxBackgroundHops. */
30
+ maxBackgroundHops: z.ZodDefault<z.ZodNumber>;
24
31
  }, z.core.$strict>;
25
32
  export type BackgroundTasksConfig = z.infer<typeof BackgroundTasksConfigSchema>;
@@ -22,4 +22,11 @@ export const BackgroundTasksConfigSchema = z.strictObject({
22
22
  maxBackgroundDurationMs: z.number().int().positive().default(300_000),
23
23
  /** Tool names excluded from auto-background promotion. */
24
24
  excludeTools: z.array(z.string()).default([]),
25
+ /** Recursion bound for background-task completion re-trigger (maxBackgroundHops).
26
+ * Each completion re-enters the originating session as a fresh turn;
27
+ * the hop counter prevents a runaway chain when an announcement
28
+ * triggers another background task. Default 3 — enough headroom for
29
+ * normal "install then generate then send" sequences, low enough that
30
+ * loops surface quickly. Runner reads config.backgroundTasks.maxBackgroundHops. */
31
+ maxBackgroundHops: z.number().int().positive().default(3),
25
32
  });
@@ -65,6 +65,8 @@ export declare const DeliveryQueueConfigSchema: z.ZodObject<{
65
65
  drainOnStartup: z.ZodDefault<z.ZodBoolean>;
66
66
  /** Maximum time in milliseconds allowed for startup drain before continuing. */
67
67
  drainBudgetMs: z.ZodDefault<z.ZodNumber>;
68
+ /** Interval in milliseconds between recurring drain ticks after startup. Set tick cadence for SPEC-R1 continuous drainer. */
69
+ drainIntervalMs: z.ZodDefault<z.ZodNumber>;
68
70
  /** Interval in milliseconds between automatic prune sweeps for expired entries. */
69
71
  pruneIntervalMs: z.ZodDefault<z.ZodNumber>;
70
72
  }, z.core.$strict>;
@@ -58,6 +58,8 @@ export const DeliveryQueueConfigSchema = z.strictObject({
58
58
  drainOnStartup: z.boolean().default(true),
59
59
  /** Maximum time in milliseconds allowed for startup drain before continuing. */
60
60
  drainBudgetMs: z.number().int().positive().default(60_000),
61
+ /** Interval in milliseconds between recurring drain ticks after startup. Set tick cadence for SPEC-R1 continuous drainer. */
62
+ drainIntervalMs: z.number().int().positive().default(1_000),
61
63
  /** Interval in milliseconds between automatic prune sweeps for expired entries. */
62
64
  pruneIntervalMs: z.number().int().positive().default(300_000),
63
65
  });
@@ -5,8 +5,6 @@ import { z } from "zod";
5
5
  * Controls Gemini CachedContent lifecycle: whether explicit caching is
6
6
  * enabled and the maximum number of active cached contents per agent.
7
7
  *
8
- * Design reference: D-05 (Gemini cache config section).
9
- *
10
8
  * @module
11
9
  */
12
10
  /** Gemini cache configuration (per-agent, nested under AgentConfigSchema). */
@@ -6,8 +6,6 @@ import { z } from "zod";
6
6
  * Controls Gemini CachedContent lifecycle: whether explicit caching is
7
7
  * enabled and the maximum number of active cached contents per agent.
8
8
  *
9
- * Design reference: D-05 (Gemini cache config section).
10
- *
11
9
  * @module
12
10
  */
13
11
  /** Gemini cache configuration (per-agent, nested under AgentConfigSchema). */
@@ -0,0 +1,23 @@
1
+ import { z } from "zod";
2
+ /**
3
+ * OAuth credential storage configuration.
4
+ *
5
+ * Forward-room for Phases 8-11 to add clientId, scopes, profileSelectors
6
+ * etc. without scattering OAuth config across the codebase. Today only
7
+ * the storage-backend selector is meaningful.
8
+ *
9
+ * @module
10
+ */
11
+ export declare const OAuthConfigSchema: z.ZodObject<{
12
+ /**
13
+ * Storage backend for refreshed OAuth credentials.
14
+ * - "file" (default): plaintext JSON at ${dataDir}/auth-profiles.json with mode 0o600
15
+ * - "encrypted": AES-256-GCM SQLite (requires SECRETS_MASTER_KEY)
16
+ */
17
+ storage: z.ZodDefault<z.ZodEnum<{
18
+ file: "file";
19
+ encrypted: "encrypted";
20
+ }>>;
21
+ }, z.core.$strict>;
22
+ /** Inferred OAuth configuration type. */
23
+ export type OAuthConfig = z.infer<typeof OAuthConfigSchema>;
@@ -0,0 +1,19 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ import { z } from "zod";
3
+ /**
4
+ * OAuth credential storage configuration.
5
+ *
6
+ * Forward-room for Phases 8-11 to add clientId, scopes, profileSelectors
7
+ * etc. without scattering OAuth config across the codebase. Today only
8
+ * the storage-backend selector is meaningful.
9
+ *
10
+ * @module
11
+ */
12
+ export const OAuthConfigSchema = z.strictObject({
13
+ /**
14
+ * Storage backend for refreshed OAuth credentials.
15
+ * - "file" (default): plaintext JSON at ${dataDir}/auth-profiles.json with mode 0o600
16
+ * - "encrypted": AES-256-GCM SQLite (requires SECRETS_MASTER_KEY)
17
+ */
18
+ storage: z.enum(["file", "encrypted"]).default("file"),
19
+ });
@@ -24,13 +24,12 @@ export declare const PromptSkillsConfigSchema: z.ZodObject<{
24
24
  */
25
25
  declare const ToolDiscoverySchema: z.ZodObject<{
26
26
  /** Minimum BM25 score as FRACTION OF TOP MATCH (0..1). Default 0.8.
27
- * As of 2026-04-23, BM25 scores are normalized to [0, 1] before this floor
28
- * applies, matching the semantics of minHybridScore. A value of 0.8 means
27
+ * BM25 scores are normalized to [0, 1] before this floor applies,
28
+ * matching the semantics of minHybridScore. A value of 0.8 means
29
29
  * "return only tools scoring >= 80% of the top match". Values > 1.0 fail
30
30
  * validation at config load (stale raw-score overrides would produce zero
31
31
  * matches under the new normalized semantics; fail-fast surfaces the
32
- * error immediately per AGENTS.md §3.4). See design §5.6:
33
- * .planning/design/discover-tools-bm25-fallback-fix.md */
32
+ * error immediately per AGENTS.md §3.4). */
34
33
  minBm25Score: z.ZodDefault<z.ZodNumber>;
35
34
  /** Minimum combined score (0..1 normalized) for hybrid mode. Default 0.35. */
36
35
  minHybridScore: z.ZodDefault<z.ZodNumber>;
@@ -123,13 +122,12 @@ export declare const SkillsConfigSchema: z.ZodObject<{
123
122
  /** discover_tools score-floor thresholds (BM25 + hybrid). */
124
123
  toolDiscovery: z.ZodDefault<z.ZodObject<{
125
124
  /** Minimum BM25 score as FRACTION OF TOP MATCH (0..1). Default 0.8.
126
- * As of 2026-04-23, BM25 scores are normalized to [0, 1] before this floor
127
- * applies, matching the semantics of minHybridScore. A value of 0.8 means
125
+ * BM25 scores are normalized to [0, 1] before this floor applies,
126
+ * matching the semantics of minHybridScore. A value of 0.8 means
128
127
  * "return only tools scoring >= 80% of the top match". Values > 1.0 fail
129
128
  * validation at config load (stale raw-score overrides would produce zero
130
129
  * matches under the new normalized semantics; fail-fast surfaces the
131
- * error immediately per AGENTS.md §3.4). See design §5.6:
132
- * .planning/design/discover-tools-bm25-fallback-fix.md */
130
+ * error immediately per AGENTS.md §3.4). */
133
131
  minBm25Score: z.ZodDefault<z.ZodNumber>;
134
132
  /** Minimum combined score (0..1 normalized) for hybrid mode. Default 0.35. */
135
133
  minHybridScore: z.ZodDefault<z.ZodNumber>;
@@ -94,13 +94,12 @@ const ExecSandboxSchema = z.strictObject({
94
94
  */
95
95
  const ToolDiscoverySchema = z.strictObject({
96
96
  /** Minimum BM25 score as FRACTION OF TOP MATCH (0..1). Default 0.8.
97
- * As of 2026-04-23, BM25 scores are normalized to [0, 1] before this floor
98
- * applies, matching the semantics of minHybridScore. A value of 0.8 means
97
+ * BM25 scores are normalized to [0, 1] before this floor applies,
98
+ * matching the semantics of minHybridScore. A value of 0.8 means
99
99
  * "return only tools scoring >= 80% of the top match". Values > 1.0 fail
100
100
  * validation at config load (stale raw-score overrides would produce zero
101
101
  * matches under the new normalized semantics; fail-fast surfaces the
102
- * error immediately per AGENTS.md §3.4). See design §5.6:
103
- * .planning/design/discover-tools-bm25-fallback-fix.md */
102
+ * error immediately per AGENTS.md §3.4). */
104
103
  minBm25Score: z.number().min(0).max(1).default(0.8),
105
104
  /** Minimum combined score (0..1 normalized) for hybrid mode. Default 0.35. */
106
105
  minHybridScore: z.number().min(0).max(1).default(0.35),
@@ -497,6 +497,7 @@ export declare const AppConfigSchema: z.ZodObject<{
497
497
  maxTotal: z.ZodDefault<z.ZodNumber>;
498
498
  maxBackgroundDurationMs: z.ZodDefault<z.ZodNumber>;
499
499
  excludeTools: z.ZodDefault<z.ZodArray<z.ZodString>>;
500
+ maxBackgroundHops: z.ZodDefault<z.ZodNumber>;
500
501
  }, z.core.$strict>>;
501
502
  memoryReview: z.ZodOptional<z.ZodObject<{
502
503
  enabled: z.ZodDefault<z.ZodBoolean>;
@@ -507,6 +508,7 @@ export declare const AppConfigSchema: z.ZodObject<{
507
508
  dedupThreshold: z.ZodDefault<z.ZodNumber>;
508
509
  autoTags: z.ZodDefault<z.ZodArray<z.ZodString>>;
509
510
  }, z.core.$strict>>;
511
+ oauthProfiles: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
510
512
  }, z.core.$strict>>>;
511
513
  /** Channel adapter configuration */
512
514
  channels: z.ZodDefault<z.ZodObject<{
@@ -1509,6 +1511,13 @@ export declare const AppConfigSchema: z.ZodObject<{
1509
1511
  snapshotIntervalMs: z.ZodDefault<z.ZodNumber>;
1510
1512
  }, z.core.$strict>>;
1511
1513
  }, z.core.$strict>>;
1514
+ /** OAuth credential storage configuration (storage backend selector) */
1515
+ oauth: z.ZodDefault<z.ZodObject<{
1516
+ storage: z.ZodDefault<z.ZodEnum<{
1517
+ file: "file";
1518
+ encrypted: "encrypted";
1519
+ }>>;
1520
+ }, z.core.$strict>>;
1512
1521
  /** Plugin system configuration */
1513
1522
  plugins: z.ZodDefault<z.ZodObject<{
1514
1523
  enabled: z.ZodDefault<z.ZodBoolean>;
@@ -1987,6 +1996,7 @@ export declare const AppConfigSchema: z.ZodObject<{
1987
1996
  defaultExpireMs: z.ZodDefault<z.ZodNumber>;
1988
1997
  drainOnStartup: z.ZodDefault<z.ZodBoolean>;
1989
1998
  drainBudgetMs: z.ZodDefault<z.ZodNumber>;
1999
+ drainIntervalMs: z.ZodDefault<z.ZodNumber>;
1990
2000
  pruneIntervalMs: z.ZodDefault<z.ZodNumber>;
1991
2001
  }, z.core.$strict>>;
1992
2002
  /** Session mirroring persistence configuration */
@@ -19,6 +19,7 @@ import { MessagesConfigSchema } from "./schema-messages.js";
19
19
  import { ModelsConfigSchema } from "./schema-models.js";
20
20
  import { MonitoringConfigSchema } from "./schema-observability.js";
21
21
  import { ObservabilityConfigSchema } from "./schema-observability.js";
22
+ import { OAuthConfigSchema } from "./schema-oauth.js";
22
23
  import { PluginsConfigSchema } from "./schema-plugins.js";
23
24
  import { ProvidersConfigSchema } from "./schema-providers.js";
24
25
  import { QueueConfigSchema } from "./schema-queue.js";
@@ -68,6 +69,8 @@ export const AppConfigSchema = z.strictObject({
68
69
  monitoring: MonitoringConfigSchema.default(() => MonitoringConfigSchema.parse({})),
69
70
  /** Observability persistence configuration */
70
71
  observability: ObservabilityConfigSchema.default(() => ObservabilityConfigSchema.parse({})),
72
+ /** OAuth credential storage configuration (storage backend selector) */
73
+ oauth: OAuthConfigSchema.default(() => OAuthConfigSchema.parse({})),
71
74
  /** Plugin system configuration */
72
75
  plugins: PluginsConfigSchema.default(() => PluginsConfigSchema.parse({})),
73
76
  /** Command queue configuration for session serialization and concurrency control */
@@ -0,0 +1,39 @@
1
+ /**
2
+ * Background task origin: captures the originating session attribution
3
+ * (agent + session + channel + trace + hop count) at the moment a tool
4
+ * execution is promoted to a background task. Persisted on the task so
5
+ * completion can route a re-entry announcement back to the right session
6
+ * even after a daemon restart.
7
+ *
8
+ * Lives in @comis/core (not @comis/agent) so the event-bus payload type
9
+ * in core/src/event-bus/events-infra.ts can carry it without violating
10
+ * the inward-only dependency direction (AGENTS.md §1).
11
+ *
12
+ * @module
13
+ */
14
+ import { z } from "zod";
15
+ /**
16
+ * Origin context captured at promote() time. All string fields are
17
+ * non-empty so the runner can reconstruct a valid SessionKey via
18
+ * parseFormattedSessionKey() and dispatch executor.execute() to the
19
+ * correct session.
20
+ */
21
+ export declare const BackgroundTaskOriginSchema: z.ZodObject<{
22
+ /** The agent that owned the tool call. */
23
+ agentId: z.ZodString;
24
+ /** Formatted session key string (parseFormattedSessionKey-compatible). */
25
+ sessionKey: z.ZodString;
26
+ /** Channel type the originating message arrived on (e.g., "telegram"). */
27
+ channelType: z.ZodString;
28
+ /** Channel-specific identifier for the originating user/group. */
29
+ channelId: z.ZodString;
30
+ /** Per-execution trace identifier; null when no trace was active. */
31
+ traceId: z.ZodNullable<z.ZodString>;
32
+ /** Recursion-bound counter. Captured at promote-time from the inbound
33
+ * NormalizedMessage's metadata.backgroundHopCount (defaults to 0 for
34
+ * top-level user messages). The completion runner increments this
35
+ * when constructing the outgoing synthetic message, and falls back to
36
+ * fallbackNotifyFn when (incomingHopCount + 1) >= maxBackgroundHops. */
37
+ backgroundHopCount: z.ZodDefault<z.ZodNumber>;
38
+ }, z.core.$strict>;
39
+ export type BackgroundTaskOrigin = z.infer<typeof BackgroundTaskOriginSchema>;
@@ -0,0 +1,39 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ /**
3
+ * Background task origin: captures the originating session attribution
4
+ * (agent + session + channel + trace + hop count) at the moment a tool
5
+ * execution is promoted to a background task. Persisted on the task so
6
+ * completion can route a re-entry announcement back to the right session
7
+ * even after a daemon restart.
8
+ *
9
+ * Lives in @comis/core (not @comis/agent) so the event-bus payload type
10
+ * in core/src/event-bus/events-infra.ts can carry it without violating
11
+ * the inward-only dependency direction (AGENTS.md §1).
12
+ *
13
+ * @module
14
+ */
15
+ import { z } from "zod";
16
+ /**
17
+ * Origin context captured at promote() time. All string fields are
18
+ * non-empty so the runner can reconstruct a valid SessionKey via
19
+ * parseFormattedSessionKey() and dispatch executor.execute() to the
20
+ * correct session.
21
+ */
22
+ export const BackgroundTaskOriginSchema = z.strictObject({
23
+ /** The agent that owned the tool call. */
24
+ agentId: z.string().min(1),
25
+ /** Formatted session key string (parseFormattedSessionKey-compatible). */
26
+ sessionKey: z.string().min(1),
27
+ /** Channel type the originating message arrived on (e.g., "telegram"). */
28
+ channelType: z.string().min(1),
29
+ /** Channel-specific identifier for the originating user/group. */
30
+ channelId: z.string().min(1),
31
+ /** Per-execution trace identifier; null when no trace was active. */
32
+ traceId: z.string().nullable(),
33
+ /** Recursion-bound counter. Captured at promote-time from the inbound
34
+ * NormalizedMessage's metadata.backgroundHopCount (defaults to 0 for
35
+ * top-level user messages). The completion runner increments this
36
+ * when constructing the outgoing synthetic message, and falls back to
37
+ * fallbackNotifyFn when (incomingHopCount + 1) >= maxBackgroundHops. */
38
+ backgroundHopCount: z.number().int().nonnegative().default(0),
39
+ });
@@ -1,3 +1,4 @@
1
+ import type { BackgroundTaskOrigin } from "../domain/background-task-origin.js";
1
2
  /**
2
3
  * InfraEvents: Config, plugin, hook, auth, diagnostic,
3
4
  * media, scheduler, system, and metrics events.
@@ -61,9 +62,53 @@ export interface InfraEvents {
61
62
  "auth:token_rotated": {
62
63
  provider: string;
63
64
  profileName: string;
65
+ /** Canonical "<provider>:<identity>" form. Coexists with profileName for backward compat. */
66
+ profileId: string;
64
67
  expiresAtMs: number;
65
68
  timestamp: number;
66
69
  };
70
+ /**
71
+ * OAuth profile bootstrapped from environment variable on first
72
+ * store-empty access. Fires once per process per provider.
73
+ */
74
+ "auth:profile_bootstrapped": {
75
+ provider: string;
76
+ profileId: string;
77
+ /** Semi-redacted email (e.g. "mo…e@gmail.com") or "id-<base64url>" fallback. */
78
+ identity: string;
79
+ timestamp: number;
80
+ };
81
+ /**
82
+ * OAuth profile added to the credential store by an external writer
83
+ * (CLI `auth login` or wizard step 04). Emitted by OAuthTokenManager's
84
+ * file watcher after a chokidar `change`/`add` event invalidates the
85
+ * cache and the store list reveals a new profile.
86
+ *
87
+ * `source: "external"` indicates the writer is outside this manager
88
+ * instance.
89
+ */
90
+ "auth:profile_added": {
91
+ provider: string;
92
+ profileId: string;
93
+ /** Semi-redacted email (e.g. "mo…e@gmail.com") or "id-<base64url>" fallback. */
94
+ identity: string;
95
+ source: "external";
96
+ timestamp: number;
97
+ };
98
+ /**
99
+ * OAuth refresh failed terminally (e.g. refresh_token_reused, network
100
+ * error after retries, timeout). Emitted with coarse errorKind because
101
+ * pi-ai swallows the original cause.
102
+ */
103
+ "auth:refresh_failed": {
104
+ provider: string;
105
+ profileId: string;
106
+ /** Coarse classification: refresh_token_reused | network | timeout | refresh_failed. */
107
+ errorKind: string;
108
+ /** Operator action recommendation. */
109
+ hint: string;
110
+ timestamp: number;
111
+ };
67
112
  /** Full message lifecycle diagnostic with timing and cost */
68
113
  "diagnostic:message_processed": {
69
114
  messageId: string;
@@ -185,6 +230,12 @@ export interface InfraEvents {
185
230
  sessionStrategy?: "fresh" | "rolling" | "accumulate";
186
231
  /** Number of recent turns to keep for rolling strategy. */
187
232
  maxHistoryTurns?: number;
233
+ /** Schedule cadence in ms when known. Populated only for schedule.kind === "every"
234
+ * (where everyMs is a literal). Undefined for cron-expression and one-shot ("at")
235
+ * schedules — deriving cadence from a cron expression would require parsing and is
236
+ * intentionally out of scope for this field. Used by the cron handler to warn when
237
+ * long-cadence jobs run with a cache-wasting sessionStrategy. */
238
+ cadenceMs?: number;
188
239
  /** Per-cron-job model override from CronPayload.agent_turn.model. */
189
240
  cronJobModel?: string;
190
241
  /** Per-cron-job cache retention override from CronJob config. */
@@ -349,21 +400,39 @@ export interface InfraEvents {
349
400
  toolName: string;
350
401
  timestamp: number;
351
402
  };
352
- /** Background task completed successfully */
403
+ /** Background task completed successfully. `origin` carries originating
404
+ * session attribution so subscribers (the completion runner) can
405
+ * re-enter the right session without a synchronous round-trip through
406
+ * the manager. */
353
407
  "background_task:completed": {
354
408
  agentId: string;
355
409
  taskId: string;
356
410
  toolName: string;
357
411
  durationMs: number;
412
+ origin: BackgroundTaskOrigin;
358
413
  timestamp: number;
359
414
  };
360
- /** Background task failed (timeout, error, or daemon restart) */
415
+ /** Background task failed (timeout, error, or daemon restart).
416
+ * `origin` is populated for in-process failures and for restart-recovery
417
+ * failures (recoverOnStartup re-emits with origin from the persisted JSON). */
361
418
  "background_task:failed": {
362
419
  agentId: string;
363
420
  taskId: string;
364
421
  toolName: string;
365
422
  error: string;
366
423
  durationMs: number;
424
+ origin: BackgroundTaskOrigin;
425
+ timestamp: number;
426
+ };
427
+ /** Background completion runner is about to invoke executor.execute() on
428
+ * the originating session (latency-instrumentation hook). Subscribers
429
+ * may compute the delta from background_task:completed.timestamp to
430
+ * this event for SLO tracking (target: p95 ≤ 1000ms over 50 trials). */
431
+ "background_task:reentered": {
432
+ taskId: string;
433
+ agentId: string;
434
+ sessionKey: string;
435
+ hopCount: number;
367
436
  timestamp: number;
368
437
  };
369
438
  /** Background task cancelled by user or system */