comisai 1.0.34 → 1.0.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (448) hide show
  1. package/node_modules/@comis/agent/dist/background/auto-background-middleware.d.ts +11 -1
  2. package/node_modules/@comis/agent/dist/background/auto-background-middleware.js +30 -4
  3. package/node_modules/@comis/agent/dist/background/background-task-manager.d.ts +22 -2
  4. package/node_modules/@comis/agent/dist/background/background-task-manager.js +88 -40
  5. package/node_modules/@comis/agent/dist/background/background-task-persistence.js +34 -4
  6. package/node_modules/@comis/agent/dist/background/background-task-types.d.ts +59 -3
  7. package/node_modules/@comis/agent/dist/background/background-task-types.js +1 -1
  8. package/node_modules/@comis/agent/dist/background/completion-dispatcher.d.ts +130 -0
  9. package/node_modules/@comis/agent/dist/background/completion-dispatcher.js +215 -0
  10. package/node_modules/@comis/agent/dist/background/completion-formatter.d.ts +39 -0
  11. package/node_modules/@comis/agent/dist/background/completion-formatter.js +77 -0
  12. package/node_modules/@comis/agent/dist/background/completion-runner.d.ts +62 -0
  13. package/node_modules/@comis/agent/dist/background/completion-runner.js +234 -0
  14. package/node_modules/@comis/agent/dist/background/index.d.ts +10 -1
  15. package/node_modules/@comis/agent/dist/background/index.js +4 -0
  16. package/node_modules/@comis/agent/dist/background/session-resolver.d.ts +85 -0
  17. package/node_modules/@comis/agent/dist/background/session-resolver.js +78 -0
  18. package/node_modules/@comis/agent/dist/bootstrap/sections/messaging-sections.js +1 -0
  19. package/node_modules/@comis/agent/dist/bootstrap/sections/tool-descriptions.js +3 -3
  20. package/node_modules/@comis/agent/dist/bootstrap/sections/tooling-sections.d.ts +30 -2
  21. package/node_modules/@comis/agent/dist/bootstrap/sections/tooling-sections.js +51 -2
  22. package/node_modules/@comis/agent/dist/bootstrap/system-prompt-assembler.d.ts +22 -0
  23. package/node_modules/@comis/agent/dist/bootstrap/system-prompt-assembler.js +2 -2
  24. package/node_modules/@comis/agent/dist/bridge/bridge-event-handlers.d.ts +1 -5
  25. package/node_modules/@comis/agent/dist/bridge/bridge-event-handlers.js +2 -14
  26. package/node_modules/@comis/agent/dist/bridge/bridge-metrics.d.ts +43 -2
  27. package/node_modules/@comis/agent/dist/bridge/bridge-metrics.js +17 -2
  28. package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.d.ts +32 -23
  29. package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.js +145 -62
  30. package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.d.ts +6 -7
  31. package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.js +24 -25
  32. package/node_modules/@comis/agent/dist/budget/cost-tracker.d.ts +1 -1
  33. package/node_modules/@comis/agent/dist/context-engine/constants.d.ts +5 -5
  34. package/node_modules/@comis/agent/dist/context-engine/constants.js +12 -12
  35. package/node_modules/@comis/agent/dist/context-engine/context-engine.js +13 -4
  36. package/node_modules/@comis/agent/dist/context-engine/dag-annotator.d.ts +1 -2
  37. package/node_modules/@comis/agent/dist/context-engine/dag-annotator.js +1 -2
  38. package/node_modules/@comis/agent/dist/context-engine/llm-compaction.js +20 -16
  39. package/node_modules/@comis/agent/dist/context-engine/rehydration.js +6 -6
  40. package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.d.ts +12 -12
  41. package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.js +36 -22
  42. package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.d.ts +10 -10
  43. package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.js +14 -14
  44. package/node_modules/@comis/agent/dist/context-engine/thinking-block-cleaner.d.ts +11 -13
  45. package/node_modules/@comis/agent/dist/context-engine/thinking-block-cleaner.js +14 -15
  46. package/node_modules/@comis/agent/dist/context-engine/types-core.d.ts +15 -0
  47. package/node_modules/@comis/agent/dist/executor/cache-break-detection.d.ts +6 -6
  48. package/node_modules/@comis/agent/dist/executor/cache-break-detection.js +8 -8
  49. package/node_modules/@comis/agent/dist/executor/capability-index-context.d.ts +72 -0
  50. package/node_modules/@comis/agent/dist/executor/capability-index-context.js +329 -0
  51. package/node_modules/@comis/agent/dist/executor/drain-helper.d.ts +122 -0
  52. package/node_modules/@comis/agent/dist/executor/drain-helper.js +173 -0
  53. package/node_modules/@comis/agent/dist/executor/error-classifier.js +2 -2
  54. package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.d.ts +16 -0
  55. package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.js +46 -5
  56. package/node_modules/@comis/agent/dist/executor/executor-post-execution.d.ts +78 -4
  57. package/node_modules/@comis/agent/dist/executor/executor-post-execution.js +150 -31
  58. package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.d.ts +7 -0
  59. package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.js +26 -5
  60. package/node_modules/@comis/agent/dist/executor/executor-response-filter.d.ts +7 -6
  61. package/node_modules/@comis/agent/dist/executor/executor-response-filter.js +9 -42
  62. package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.d.ts +18 -1
  63. package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.js +20 -18
  64. package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.d.ts +2 -2
  65. package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.js +4 -4
  66. package/node_modules/@comis/agent/dist/executor/jit-guide-injector.d.ts +11 -2
  67. package/node_modules/@comis/agent/dist/executor/jit-guide-injector.js +16 -2
  68. package/node_modules/@comis/agent/dist/executor/phase-filter.d.ts +2 -2
  69. package/node_modules/@comis/agent/dist/executor/phase-filter.js +5 -7
  70. package/node_modules/@comis/agent/dist/executor/pi-executor.d.ts +21 -2
  71. package/node_modules/@comis/agent/dist/executor/pi-executor.js +96 -18
  72. package/node_modules/@comis/agent/dist/executor/post-batch-continuation.js +7 -7
  73. package/node_modules/@comis/agent/dist/executor/prompt-assembly.d.ts +9 -1
  74. package/node_modules/@comis/agent/dist/executor/prompt-assembly.js +15 -1
  75. package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.d.ts +1 -1
  76. package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.js +1 -1
  77. package/node_modules/@comis/agent/dist/executor/tool-deferral.d.ts +18 -27
  78. package/node_modules/@comis/agent/dist/executor/tool-deferral.js +34 -43
  79. package/node_modules/@comis/agent/dist/index.d.ts +17 -0
  80. package/node_modules/@comis/agent/dist/index.js +32 -11
  81. package/node_modules/@comis/agent/dist/model/auth-provider.d.ts +25 -2
  82. package/node_modules/@comis/agent/dist/model/auth-provider.js +6 -0
  83. package/node_modules/@comis/agent/dist/model/compaction-model-resolver.d.ts +3 -3
  84. package/node_modules/@comis/agent/dist/model/compaction-model-resolver.js +3 -3
  85. package/node_modules/@comis/agent/dist/model/model-registry-adapter.js +1 -1
  86. package/node_modules/@comis/agent/dist/model/model-scanner.js +1 -1
  87. package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.d.ts +37 -0
  88. package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.js +279 -0
  89. package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.d.ts +49 -0
  90. package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.js +50 -0
  91. package/node_modules/@comis/agent/dist/model/oauth-device-code.d.ts +57 -0
  92. package/node_modules/@comis/agent/dist/model/oauth-device-code.js +302 -0
  93. package/node_modules/@comis/agent/dist/model/oauth-env.d.ts +33 -0
  94. package/node_modules/@comis/agent/dist/model/oauth-env.js +38 -0
  95. package/node_modules/@comis/agent/dist/model/oauth-errors.d.ts +41 -0
  96. package/node_modules/@comis/agent/dist/model/oauth-errors.js +88 -0
  97. package/node_modules/@comis/agent/dist/model/oauth-identity.d.ts +53 -0
  98. package/node_modules/@comis/agent/dist/model/oauth-identity.js +141 -0
  99. package/node_modules/@comis/agent/dist/model/oauth-login-runner.d.ts +99 -0
  100. package/node_modules/@comis/agent/dist/model/oauth-login-runner.js +374 -0
  101. package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.d.ts +58 -0
  102. package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.js +82 -0
  103. package/node_modules/@comis/agent/dist/model/oauth-token-manager.d.ts +86 -16
  104. package/node_modules/@comis/agent/dist/model/oauth-token-manager.js +961 -66
  105. package/node_modules/@comis/agent/dist/model/operation-model-defaults.d.ts +9 -4
  106. package/node_modules/@comis/agent/dist/model/operation-model-defaults.js +36 -9
  107. package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.d.ts +48 -0
  108. package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.js +66 -0
  109. package/node_modules/@comis/agent/dist/provider/capabilities.d.ts +5 -5
  110. package/node_modules/@comis/agent/dist/provider/capabilities.js +10 -23
  111. package/node_modules/@comis/agent/dist/safety/tool-output-safety.js +3 -3
  112. package/node_modules/@comis/agent/dist/safety/tool-retry-breaker.d.ts +11 -1
  113. package/node_modules/@comis/agent/dist/safety/tool-retry-breaker.js +19 -22
  114. package/node_modules/@comis/agent/dist/session/comis-session-manager.d.ts +17 -3
  115. package/node_modules/@comis/agent/dist/session/comis-session-manager.js +1 -1
  116. package/node_modules/@comis/agent/dist/spawn/narrative-caster.d.ts +10 -0
  117. package/node_modules/@comis/agent/dist/spawn/narrative-caster.js +5 -1
  118. package/node_modules/@comis/agent/dist/spawn/pi-mono-adapters.d.ts +1 -1
  119. package/node_modules/@comis/agent/dist/spawn/pi-mono-adapters.js +5 -5
  120. package/node_modules/@comis/agent/dist/workspace/data-env.d.ts +38 -0
  121. package/node_modules/@comis/agent/dist/workspace/data-env.js +56 -0
  122. package/node_modules/@comis/agent/dist/workspace/index.d.ts +1 -0
  123. package/node_modules/@comis/agent/dist/workspace/index.js +1 -0
  124. package/node_modules/@comis/agent/dist/workspace/templates.js +5 -1
  125. package/node_modules/@comis/agent/package.json +1 -1
  126. package/node_modules/@comis/channels/dist/email/email-adapter.js +6 -6
  127. package/node_modules/@comis/channels/dist/email/imap-lifecycle.js +7 -7
  128. package/node_modules/@comis/channels/dist/index.d.ts +1 -1
  129. package/node_modules/@comis/channels/dist/index.js +1 -1
  130. package/node_modules/@comis/channels/dist/shared/channel-manager.d.ts +9 -3
  131. package/node_modules/@comis/channels/dist/shared/deliver-to-channel.js +12 -10
  132. package/node_modules/@comis/channels/dist/shared/inbound-gate.d.ts +1 -1
  133. package/node_modules/@comis/channels/dist/shared/inbound-gate.js +22 -7
  134. package/node_modules/@comis/channels/dist/shared/inbound-pipeline.d.ts +10 -3
  135. package/node_modules/@comis/channels/dist/shared/inbound-route.d.ts +1 -1
  136. package/node_modules/@comis/channels/dist/shared/inbound-route.js +13 -2
  137. package/node_modules/@comis/channels/dist/shared/response-filter.d.ts +11 -24
  138. package/node_modules/@comis/channels/dist/shared/response-filter.js +25 -53
  139. package/node_modules/@comis/channels/dist/telegram/telegram-adapter.js +1 -1
  140. package/node_modules/@comis/channels/package.json +1 -1
  141. package/node_modules/@comis/cli/dist/cli.js +2 -0
  142. package/node_modules/@comis/cli/dist/commands/agent.d.ts +3 -3
  143. package/node_modules/@comis/cli/dist/commands/agent.js +46 -3
  144. package/node_modules/@comis/cli/dist/commands/auth.d.ts +37 -0
  145. package/node_modules/@comis/cli/dist/commands/auth.js +433 -0
  146. package/node_modules/@comis/cli/dist/commands/doctor.d.ts +4 -1
  147. package/node_modules/@comis/cli/dist/commands/doctor.js +20 -5
  148. package/node_modules/@comis/cli/dist/commands/providers.d.ts +1 -2
  149. package/node_modules/@comis/cli/dist/commands/providers.js +5 -6
  150. package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.d.ts +39 -0
  151. package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.js +399 -0
  152. package/node_modules/@comis/cli/dist/doctor/types.d.ts +19 -0
  153. package/node_modules/@comis/cli/dist/index.d.ts +1 -0
  154. package/node_modules/@comis/cli/dist/index.js +10 -4
  155. package/node_modules/@comis/cli/dist/output/relative-time.d.ts +23 -0
  156. package/node_modules/@comis/cli/dist/output/relative-time.js +36 -0
  157. package/node_modules/@comis/cli/dist/wizard/non-interactive.js +17 -8
  158. package/node_modules/@comis/cli/dist/wizard/steps/03-provider.js +2 -1
  159. package/node_modules/@comis/cli/dist/wizard/steps/04-credentials.js +223 -34
  160. package/node_modules/@comis/cli/dist/wizard/steps/10-write-config.js +14 -0
  161. package/node_modules/@comis/cli/dist/wizard/steps/11-daemon-start.js +3 -3
  162. package/node_modules/@comis/cli/dist/wizard/types.d.ts +7 -0
  163. package/node_modules/@comis/cli/package.json +1 -1
  164. package/node_modules/@comis/core/dist/bootstrap.d.ts +1 -1
  165. package/node_modules/@comis/core/dist/config/env-substitution.d.ts +66 -0
  166. package/node_modules/@comis/core/dist/config/env-substitution.js +115 -0
  167. package/node_modules/@comis/core/dist/config/field-metadata.js +2 -0
  168. package/node_modules/@comis/core/dist/config/immutable-keys.js +4 -1
  169. package/node_modules/@comis/core/dist/config/index.d.ts +7 -1
  170. package/node_modules/@comis/core/dist/config/index.js +4 -1
  171. package/node_modules/@comis/core/dist/config/loader.js +61 -0
  172. package/node_modules/@comis/core/dist/config/managed-sections.d.ts +3 -3
  173. package/node_modules/@comis/core/dist/config/managed-sections.js +10 -5
  174. package/node_modules/@comis/core/dist/config/schema-agent.d.ts +4 -792
  175. package/node_modules/@comis/core/dist/config/schema-agent.js +16 -1
  176. package/node_modules/@comis/core/dist/config/schema-approvals.d.ts +0 -14
  177. package/node_modules/@comis/core/dist/config/schema-auto-reply-engine.d.ts +0 -6
  178. package/node_modules/@comis/core/dist/config/schema-background-tasks.d.ts +1 -6
  179. package/node_modules/@comis/core/dist/config/schema-background-tasks.js +7 -0
  180. package/node_modules/@comis/core/dist/config/schema-browser.d.ts +0 -18
  181. package/node_modules/@comis/core/dist/config/schema-channel.d.ts +0 -158
  182. package/node_modules/@comis/core/dist/config/schema-coalescer.d.ts +0 -5
  183. package/node_modules/@comis/core/dist/config/schema-daemon.d.ts +0 -32
  184. package/node_modules/@comis/core/dist/config/schema-delivery.d.ts +1 -17
  185. package/node_modules/@comis/core/dist/config/schema-delivery.js +2 -0
  186. package/node_modules/@comis/core/dist/config/schema-documentation.d.ts +0 -12
  187. package/node_modules/@comis/core/dist/config/schema-embedding.d.ts +0 -20
  188. package/node_modules/@comis/core/dist/config/schema-envelope.d.ts +0 -15
  189. package/node_modules/@comis/core/dist/config/schema-gateway.d.ts +0 -37
  190. package/node_modules/@comis/core/dist/config/schema-gemini-cache.d.ts +0 -4
  191. package/node_modules/@comis/core/dist/config/schema-gemini-cache.js +0 -2
  192. package/node_modules/@comis/core/dist/config/schema-integrations.d.ts +0 -318
  193. package/node_modules/@comis/core/dist/config/schema-lifecycle-reactions.d.ts +0 -18
  194. package/node_modules/@comis/core/dist/config/schema-memory-review.d.ts +0 -7
  195. package/node_modules/@comis/core/dist/config/schema-memory.d.ts +0 -16
  196. package/node_modules/@comis/core/dist/config/schema-messages.d.ts +0 -8
  197. package/node_modules/@comis/core/dist/config/schema-models.d.ts +0 -15
  198. package/node_modules/@comis/core/dist/config/schema-notification.d.ts +0 -5
  199. package/node_modules/@comis/core/dist/config/schema-oauth.d.ts +18 -0
  200. package/node_modules/@comis/core/dist/config/schema-oauth.js +19 -0
  201. package/node_modules/@comis/core/dist/config/schema-observability.d.ts +0 -38
  202. package/node_modules/@comis/core/dist/config/schema-output-retention.d.ts +34 -0
  203. package/node_modules/@comis/core/dist/config/schema-output-retention.js +48 -0
  204. package/node_modules/@comis/core/dist/config/schema-plugins.d.ts +0 -8
  205. package/node_modules/@comis/core/dist/config/schema-providers.d.ts +0 -64
  206. package/node_modules/@comis/core/dist/config/schema-queue.d.ts +0 -58
  207. package/node_modules/@comis/core/dist/config/schema-response-prefix.d.ts +0 -2
  208. package/node_modules/@comis/core/dist/config/schema-retry.d.ts +0 -6
  209. package/node_modules/@comis/core/dist/config/schema-scheduler.d.ts +0 -39
  210. package/node_modules/@comis/core/dist/config/schema-secrets.d.ts +0 -3
  211. package/node_modules/@comis/core/dist/config/schema-security.d.ts +0 -18
  212. package/node_modules/@comis/core/dist/config/schema-send-policy.d.ts +0 -13
  213. package/node_modules/@comis/core/dist/config/schema-sender-trust-display.d.ts +0 -5
  214. package/node_modules/@comis/core/dist/config/schema-serializer.js +2 -0
  215. package/node_modules/@comis/core/dist/config/schema-skills.d.ts +0 -63
  216. package/node_modules/@comis/core/dist/config/schema-skills.js +3 -4
  217. package/node_modules/@comis/core/dist/config/schema-streaming.d.ts +0 -38
  218. package/node_modules/@comis/core/dist/config/schema-telegram-file-guard.d.ts +0 -3
  219. package/node_modules/@comis/core/dist/config/schema-tooling.d.ts +87 -0
  220. package/node_modules/@comis/core/dist/config/schema-tooling.js +152 -0
  221. package/node_modules/@comis/core/dist/config/schema-verbosity.d.ts +0 -12
  222. package/node_modules/@comis/core/dist/config/schema-webhooks.d.ts +0 -40
  223. package/node_modules/@comis/core/dist/config/schema.d.ts +50 -37
  224. package/node_modules/@comis/core/dist/config/schema.js +9 -0
  225. package/node_modules/@comis/core/dist/context/context.d.ts +0 -4
  226. package/node_modules/@comis/core/dist/domain/approval-request.d.ts +0 -17
  227. package/node_modules/@comis/core/dist/domain/background-task-origin.d.ts +29 -0
  228. package/node_modules/@comis/core/dist/domain/background-task-origin.js +39 -0
  229. package/node_modules/@comis/core/dist/domain/delivery-origin.d.ts +0 -5
  230. package/node_modules/@comis/core/dist/domain/execution-graph.d.ts +0 -48
  231. package/node_modules/@comis/core/dist/domain/memory-entry.d.ts +0 -3
  232. package/node_modules/@comis/core/dist/domain/model-compat.d.ts +0 -4
  233. package/node_modules/@comis/core/dist/domain/normalized-message.d.ts +0 -15
  234. package/node_modules/@comis/core/dist/domain/provider-capabilities.d.ts +0 -6
  235. package/node_modules/@comis/core/dist/domain/rich-message.d.ts +0 -14
  236. package/node_modules/@comis/core/dist/domain/subagent-context-config.d.ts +0 -22
  237. package/node_modules/@comis/core/dist/domain/subagent-context-types.d.ts +0 -8
  238. package/node_modules/@comis/core/dist/event-bus/events-agent.d.ts +31 -0
  239. package/node_modules/@comis/core/dist/event-bus/events-infra.d.ts +76 -2
  240. package/node_modules/@comis/core/dist/exports/config.d.ts +2 -2
  241. package/node_modules/@comis/core/dist/exports/config.js +3 -1
  242. package/node_modules/@comis/core/dist/exports/domain.d.ts +2 -0
  243. package/node_modules/@comis/core/dist/exports/domain.js +1 -0
  244. package/node_modules/@comis/core/dist/exports/hooks.d.ts +1 -1
  245. package/node_modules/@comis/core/dist/exports/ports.d.ts +2 -2
  246. package/node_modules/@comis/core/dist/exports/ports.js +1 -1
  247. package/node_modules/@comis/core/dist/ports/channel-plugin.d.ts +0 -13
  248. package/node_modules/@comis/core/dist/ports/delivery-queue.d.ts +23 -0
  249. package/node_modules/@comis/core/dist/ports/delivery-queue.js +2 -0
  250. package/node_modules/@comis/core/dist/ports/index.d.ts +4 -0
  251. package/node_modules/@comis/core/dist/ports/index.js +5 -0
  252. package/node_modules/@comis/core/dist/ports/no-op-tool-capability.d.ts +30 -0
  253. package/node_modules/@comis/core/dist/ports/no-op-tool-capability.js +47 -0
  254. package/node_modules/@comis/core/dist/ports/oauth-credential-store.d.ts +64 -0
  255. package/node_modules/@comis/core/dist/ports/oauth-credential-store.js +37 -0
  256. package/node_modules/@comis/core/dist/ports/tool-capability.d.ts +165 -0
  257. package/node_modules/@comis/core/dist/ports/tool-capability.js +15 -0
  258. package/node_modules/@comis/core/dist/security/audit.d.ts +0 -11
  259. package/node_modules/@comis/core/dist/tool-metadata.d.ts +41 -1
  260. package/node_modules/@comis/core/dist/tool-metadata.js +1 -1
  261. package/node_modules/@comis/core/package.json +1 -1
  262. package/node_modules/@comis/daemon/bundled-skills/skill-creator/scripts/validate-skill.py +1 -1
  263. package/node_modules/@comis/daemon/dist/daemon-types.d.ts +23 -3
  264. package/node_modules/@comis/daemon/dist/daemon.js +168 -30
  265. package/node_modules/@comis/daemon/dist/index.d.ts +2 -0
  266. package/node_modules/@comis/daemon/dist/index.js +5 -0
  267. package/node_modules/@comis/daemon/dist/observability/channel-health-logger.js +3 -3
  268. package/node_modules/@comis/daemon/dist/observability/delivery-queue-logger.js +1 -1
  269. package/node_modules/@comis/daemon/dist/rpc/agent-handlers.d.ts +22 -1
  270. package/node_modules/@comis/daemon/dist/rpc/agent-handlers.js +84 -21
  271. package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.d.ts +1 -1
  272. package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.js +3 -3
  273. package/node_modules/@comis/daemon/dist/rpc/builtin-provider-guard.js +2 -2
  274. package/node_modules/@comis/daemon/dist/rpc/config-handlers.d.ts +9 -1
  275. package/node_modules/@comis/daemon/dist/rpc/config-handlers.js +104 -23
  276. package/node_modules/@comis/daemon/dist/rpc/credential-resolver.d.ts +30 -1
  277. package/node_modules/@comis/daemon/dist/rpc/credential-resolver.js +74 -11
  278. package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.d.ts +8 -0
  279. package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.js +22 -8
  280. package/node_modules/@comis/daemon/dist/rpc/model-handlers.d.ts +1 -1
  281. package/node_modules/@comis/daemon/dist/rpc/model-handlers.js +2 -2
  282. package/node_modules/@comis/daemon/dist/rpc/provider-handlers.js +9 -12
  283. package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.d.ts +1 -0
  284. package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.js +27 -2
  285. package/node_modules/@comis/daemon/dist/setup-docker-restart-warn.js +0 -1
  286. package/node_modules/@comis/daemon/dist/sub-agent-runner.d.ts +18 -0
  287. package/node_modules/@comis/daemon/dist/sub-agent-runner.js +41 -9
  288. package/node_modules/@comis/daemon/dist/wiring/index.d.ts +4 -0
  289. package/node_modules/@comis/daemon/dist/wiring/index.js +2 -0
  290. package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.d.ts +21 -0
  291. package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.js +134 -0
  292. package/node_modules/@comis/daemon/dist/wiring/setup-agents.d.ts +81 -2
  293. package/node_modules/@comis/daemon/dist/wiring/setup-agents.js +164 -3
  294. package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.d.ts +58 -0
  295. package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.js +59 -0
  296. package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.d.ts +10 -3
  297. package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.js +13 -7
  298. package/node_modules/@comis/daemon/dist/wiring/setup-channels.d.ts +9 -2
  299. package/node_modules/@comis/daemon/dist/wiring/setup-channels.js +35 -10
  300. package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.d.ts +20 -5
  301. package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.js +21 -16
  302. package/node_modules/@comis/daemon/dist/wiring/setup-delivery.d.ts +14 -5
  303. package/node_modules/@comis/daemon/dist/wiring/setup-delivery.js +65 -20
  304. package/node_modules/@comis/daemon/dist/wiring/setup-gateway.d.ts +4 -6
  305. package/node_modules/@comis/daemon/dist/wiring/setup-gateway.js +3 -5
  306. package/node_modules/@comis/daemon/dist/wiring/setup-heartbeat.d.ts +20 -5
  307. package/node_modules/@comis/daemon/dist/wiring/setup-heartbeat.js +11 -2
  308. package/node_modules/@comis/daemon/dist/wiring/setup-output-retention.d.ts +89 -0
  309. package/node_modules/@comis/daemon/dist/wiring/setup-output-retention.js +212 -0
  310. package/node_modules/@comis/daemon/dist/wiring/setup-schedulers.js +4 -0
  311. package/node_modules/@comis/daemon/dist/wiring/setup-tools.d.ts +18 -4
  312. package/node_modules/@comis/daemon/dist/wiring/setup-tools.js +29 -10
  313. package/node_modules/@comis/daemon/dist/wiring/tool-capability-adapter.d.ts +75 -0
  314. package/node_modules/@comis/daemon/dist/wiring/tool-capability-adapter.js +253 -0
  315. package/node_modules/@comis/daemon/package.json +1 -1
  316. package/node_modules/@comis/gateway/dist/index.d.ts +2 -0
  317. package/node_modules/@comis/gateway/dist/index.js +2 -0
  318. package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.d.ts +66 -0
  319. package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.js +212 -0
  320. package/node_modules/@comis/gateway/dist/server/hono-server.d.ts +14 -0
  321. package/node_modules/@comis/gateway/dist/server/hono-server.js +10 -0
  322. package/node_modules/@comis/gateway/dist/webhook/webhook-endpoint.d.ts +0 -4
  323. package/node_modules/@comis/gateway/package.json +1 -1
  324. package/node_modules/@comis/infra/dist/logging/log-fields.d.ts +23 -0
  325. package/node_modules/@comis/infra/package.json +1 -1
  326. package/node_modules/@comis/memory/dist/compaction.d.ts +3 -5
  327. package/node_modules/@comis/memory/dist/compaction.js +2 -3
  328. package/node_modules/@comis/memory/dist/delivery-queue-adapter.d.ts +2 -2
  329. package/node_modules/@comis/memory/dist/delivery-queue-adapter.js +49 -1
  330. package/node_modules/@comis/memory/dist/index.d.ts +2 -0
  331. package/node_modules/@comis/memory/dist/index.js +3 -0
  332. package/node_modules/@comis/memory/dist/memory-api.d.ts +1 -1
  333. package/node_modules/@comis/memory/dist/memory-api.js +1 -1
  334. package/node_modules/@comis/memory/dist/oauth-profile-schema.d.ts +17 -0
  335. package/node_modules/@comis/memory/dist/oauth-profile-schema.js +33 -0
  336. package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.d.ts +27 -0
  337. package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.js +144 -0
  338. package/node_modules/@comis/memory/dist/session-store.d.ts +1 -1
  339. package/node_modules/@comis/memory/dist/session-store.js +1 -1
  340. package/node_modules/@comis/memory/dist/sqlite-secret-store.d.ts +29 -3
  341. package/node_modules/@comis/memory/dist/sqlite-secret-store.js +11 -3
  342. package/node_modules/@comis/memory/package.json +1 -1
  343. package/node_modules/@comis/scheduler/dist/cron/cron-types.d.ts +0 -42
  344. package/node_modules/@comis/scheduler/dist/execution/execution-lock.d.ts +13 -0
  345. package/node_modules/@comis/scheduler/dist/execution/execution-lock.js +1 -1
  346. package/node_modules/@comis/scheduler/dist/execution/index.d.ts +2 -0
  347. package/node_modules/@comis/scheduler/dist/execution/index.js +2 -0
  348. package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.d.ts +29 -8
  349. package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.js +20 -8
  350. package/node_modules/@comis/scheduler/dist/index.d.ts +2 -0
  351. package/node_modules/@comis/scheduler/dist/index.js +2 -0
  352. package/node_modules/@comis/scheduler/dist/system-events/system-event-types.d.ts +0 -3
  353. package/node_modules/@comis/scheduler/dist/tasks/task-types.d.ts +0 -17
  354. package/node_modules/@comis/scheduler/package.json +1 -1
  355. package/node_modules/@comis/shared/dist/index.d.ts +3 -0
  356. package/node_modules/@comis/shared/dist/index.js +4 -0
  357. package/node_modules/@comis/shared/dist/mcp-tool-name.d.ts +78 -0
  358. package/node_modules/@comis/shared/dist/mcp-tool-name.js +92 -0
  359. package/node_modules/@comis/shared/dist/silent-tokens.d.ts +38 -0
  360. package/node_modules/@comis/shared/dist/silent-tokens.js +51 -0
  361. package/node_modules/@comis/shared/dist/visible-delivery.d.ts +28 -0
  362. package/node_modules/@comis/shared/dist/visible-delivery.js +16 -0
  363. package/node_modules/@comis/shared/package.json +1 -1
  364. package/node_modules/@comis/skills/dist/bridge/mcp-tool-bridge.d.ts +2 -13
  365. package/node_modules/@comis/skills/dist/bridge/mcp-tool-bridge.js +3 -21
  366. package/node_modules/@comis/skills/dist/bridge/schema-validator.d.ts +38 -0
  367. package/node_modules/@comis/skills/dist/bridge/schema-validator.js +169 -0
  368. package/node_modules/@comis/skills/dist/bridge/tool-metadata-enforcement.js +12 -0
  369. package/node_modules/@comis/skills/dist/bridge/tool-metadata-registry.js +133 -3
  370. package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.d.ts +32 -0
  371. package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.js +127 -0
  372. package/node_modules/@comis/skills/dist/builtin/exec-security.js +38 -0
  373. package/node_modules/@comis/skills/dist/builtin/exec-tool.d.ts +55 -9
  374. package/node_modules/@comis/skills/dist/builtin/exec-tool.js +392 -19
  375. package/node_modules/@comis/skills/dist/builtin/file-tools/grep-tool.js +6 -6
  376. package/node_modules/@comis/skills/dist/builtin/install-detour.d.ts +67 -0
  377. package/node_modules/@comis/skills/dist/builtin/install-detour.js +342 -0
  378. package/node_modules/@comis/skills/dist/builtin/platform/admin-manage-factory.js +5 -5
  379. package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.d.ts +7 -6
  380. package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.js +40 -29
  381. package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.d.ts +4 -1
  382. package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.js +3 -3
  383. package/node_modules/@comis/skills/dist/builtin/platform/cron-tool.js +1 -1
  384. package/node_modules/@comis/skills/dist/builtin/platform/gateway-tool.js +6 -6
  385. package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.d.ts +1 -1
  386. package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.js +9 -9
  387. package/node_modules/@comis/skills/dist/builtin/platform/message-tool.js +18 -0
  388. package/node_modules/@comis/skills/dist/builtin/platform/messaging-factory.d.ts +18 -1
  389. package/node_modules/@comis/skills/dist/builtin/platform/messaging-factory.js +18 -2
  390. package/node_modules/@comis/skills/dist/builtin/platform/models-manage-tool.js +3 -3
  391. package/node_modules/@comis/skills/dist/builtin/process-registry.d.ts +14 -0
  392. package/node_modules/@comis/skills/dist/builtin/process-tool.d.ts +24 -4
  393. package/node_modules/@comis/skills/dist/builtin/process-tool.js +25 -7
  394. package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.d.ts +11 -0
  395. package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.js +123 -1
  396. package/node_modules/@comis/skills/dist/builtin/sandbox/detect-provider.js +40 -15
  397. package/node_modules/@comis/skills/dist/index.d.ts +4 -1
  398. package/node_modules/@comis/skills/dist/index.js +3 -1
  399. package/node_modules/@comis/skills/dist/manifest/capability-parser.d.ts +44 -0
  400. package/node_modules/@comis/skills/dist/manifest/capability-parser.js +68 -0
  401. package/node_modules/@comis/skills/dist/manifest/schema.d.ts +44 -37
  402. package/node_modules/@comis/skills/dist/manifest/schema.js +35 -0
  403. package/node_modules/@comis/skills/dist/media/ssrf-fetcher.d.ts +7 -0
  404. package/node_modules/@comis/skills/dist/media/ssrf-fetcher.js +9 -2
  405. package/node_modules/@comis/skills/dist/registry/discovery.d.ts +8 -0
  406. package/node_modules/@comis/skills/dist/registry/discovery.js +10 -3
  407. package/node_modules/@comis/skills/dist/registry/skill-registry.d.ts +45 -1
  408. package/node_modules/@comis/skills/dist/registry/skill-registry.js +70 -7
  409. package/node_modules/@comis/skills/package.json +1 -1
  410. package/node_modules/@comis/web/dist/assets/{agent-detail-71BSbSfD.js → agent-detail-q8t1NB7w.js} +1 -1
  411. package/node_modules/@comis/web/dist/assets/{agent-editor-CTSDZhwT.js → agent-editor-B46io5gv.js} +1 -1
  412. package/node_modules/@comis/web/dist/assets/{agent-list-BEhni2ea.js → agent-list-DQ6g2Rcx.js} +1 -1
  413. package/node_modules/@comis/web/dist/assets/{billing-view-DVP1IvVs.js → billing-view-IWPR8LgF.js} +1 -1
  414. package/node_modules/@comis/web/dist/assets/{channel-detail-N_YK74xC.js → channel-detail-DlNNZuuC.js} +1 -1
  415. package/node_modules/@comis/web/dist/assets/{channel-list-DRk6ZJaF.js → channel-list-DhGwxiMc.js} +1 -1
  416. package/node_modules/@comis/web/dist/assets/{chat-console-Dm-GtSf9.js → chat-console-Nv6fM3Rc.js} +1 -1
  417. package/node_modules/@comis/web/dist/assets/{config-editor-CIferYX6.js → config-editor-BYKuJF76.js} +1 -1
  418. package/node_modules/@comis/web/dist/assets/{context-dag-browser-CL84rXXM.js → context-dag-browser-ClNEtzYE.js} +1 -1
  419. package/node_modules/@comis/web/dist/assets/{context-engine-B1HOTEZv.js → context-engine-BZJ6HChd.js} +1 -1
  420. package/node_modules/@comis/web/dist/assets/{delivery-view-Y6JKYVFw.js → delivery-view-Cb7I3vGu.js} +1 -1
  421. package/node_modules/@comis/web/dist/assets/{diagnostics-view-DWV1UQjz.js → diagnostics-view-9u9Lyu5a.js} +1 -1
  422. package/node_modules/@comis/web/dist/assets/{ic-chat-message-DfSERzzg.js → ic-chat-message-BFt3cVpx.js} +1 -1
  423. package/node_modules/@comis/web/dist/assets/{ic-connection-dot-CXyhlJup.js → ic-connection-dot-y77LZ3Gu.js} +1 -1
  424. package/node_modules/@comis/web/dist/assets/{ic-tool-call-DNmwTjek.js → ic-tool-call-qt6w1NQl.js} +1 -1
  425. package/node_modules/@comis/web/dist/assets/{index-CBr0Tm9_.js → index-8Tg9oc-C.js} +2 -2
  426. package/node_modules/@comis/web/dist/assets/{mcp-management-BaH2-vox.js → mcp-management-69dtH_kY.js} +2 -2
  427. package/node_modules/@comis/web/dist/assets/{media-config-CZLshJoN.js → media-config-BdjLj5c1.js} +1 -1
  428. package/node_modules/@comis/web/dist/assets/{media-test-C9NUWgo_.js → media-test-DuPqrixi.js} +1 -1
  429. package/node_modules/@comis/web/dist/assets/{memory-inspector-D_fmTcRN.js → memory-inspector-B-Pepbq-.js} +1 -1
  430. package/node_modules/@comis/web/dist/assets/{message-center-BBFlNCZn.js → message-center-B7l0yNYY.js} +1 -1
  431. package/node_modules/@comis/web/dist/assets/{models-BytGLm99.js → models-JHFHuv5S.js} +1 -1
  432. package/node_modules/@comis/web/dist/assets/{observe-view-VXtHqaqq.js → observe-view-r8mqhy4O.js} +1 -1
  433. package/node_modules/@comis/web/dist/assets/{pipeline-builder-CfXczlfJ.js → pipeline-builder-XjkiZRcR.js} +1 -1
  434. package/node_modules/@comis/web/dist/assets/{pipeline-history-CPmXFnbe.js → pipeline-history-CZqJv_Hj.js} +1 -1
  435. package/node_modules/@comis/web/dist/assets/{pipeline-history-detail-DcueTMs9.js → pipeline-history-detail-BEFGMoDy.js} +1 -1
  436. package/node_modules/@comis/web/dist/assets/{pipeline-list-B-xG5WZh.js → pipeline-list-B6q5LvO1.js} +1 -1
  437. package/node_modules/@comis/web/dist/assets/{pipeline-monitor-pnIOYaSY.js → pipeline-monitor-BNomXjVL.js} +1 -1
  438. package/node_modules/@comis/web/dist/assets/{scheduler-BtUIFHhA.js → scheduler-BJEjcGKA.js} +1 -1
  439. package/node_modules/@comis/web/dist/assets/{security-C8mWRq2y.js → security-2G1jhBfV.js} +1 -1
  440. package/node_modules/@comis/web/dist/assets/{session-detail-DgdkO5ka.js → session-detail-DmVPzFBR.js} +1 -1
  441. package/node_modules/@comis/web/dist/assets/{session-list-DcylcfTn.js → session-list-CsqMQoHs.js} +1 -1
  442. package/node_modules/@comis/web/dist/assets/{setup-wizard-BP5yjsuL.js → setup-wizard-CAdM-gSP.js} +1 -1
  443. package/node_modules/@comis/web/dist/assets/{skills-DXt1bX8Z.js → skills-2ODqKaWr.js} +1 -1
  444. package/node_modules/@comis/web/dist/assets/{subagents-C7YbUHXY.js → subagents-BFlwfTbD.js} +1 -1
  445. package/node_modules/@comis/web/dist/assets/{workspace-manager-DP6pW4wa.js → workspace-manager--CbOx_dI.js} +1 -1
  446. package/node_modules/@comis/web/dist/index.html +1 -1
  447. package/node_modules/@comis/web/package.json +1 -1
  448. package/package.json +25 -24
@@ -4,17 +4,34 @@
4
4
  * dependencies (circuit breaker, budget guard, cost tracker, step counter),
5
5
  * and PiExecutor creation.
6
6
  * All agents use PiExecutor (pi-coding-agent AgentSession wrapper).
7
+ *
8
+ * The live ToolCapabilityPort adapter is constructed inside setupSingleAgent
9
+ * (this function), NOT at a higher composition site (daemon.ts). Rationale:
10
+ * skillRegistry is per-agent and the skill-allow/deny precedence chain is
11
+ * per-agent; a daemon-global adapter cannot satisfy this without breaking
12
+ * the port interface (would require adding agentId to every method). The
13
+ * per-agent port is exposed via AgentsResult.toolCapabilityPorts and threaded
14
+ * into setupTools via the getCapabilityPortForAgent closure on ToolsDeps.
15
+ *
7
16
  * @module
8
17
  */
9
18
  import { safePath, SkillsConfigSchema, createScopedSecretManager, createOutputGuard, generateCanaryToken, createInputSecurityGuard, validateInput, PerAgentConfigSchema } from "@comis/core";
19
+ import { createToolCapabilityAdapter } from "./tool-capability-adapter.js";
10
20
  import { suppressError } from "@comis/shared";
11
21
  import { createHmac } from "node:crypto";
12
22
  import { homedir } from "node:os";
13
23
  import { existsSync, mkdirSync } from "node:fs";
14
24
  import { isAbsolute, resolve } from "node:path";
15
25
  import { getModels, getProviders } from "@mariozechner/pi-ai";
16
- import { createCircuitBreaker, createBudgetGuard, createCostTracker, createStepCounter, createSessionLifecycle, ensureWorkspace, resolveWorkspaceDir, createPiExecutor, createComisSessionManager, cleanupStaleLocks, createAuthStorageAdapter, createModelRegistryAdapter, registerCustomProviders, createProviderHealthMonitor, createLastKnownModelTracker, createAuthProfileManager, createAuthRotationAdapter, setSanitizeLogger, setToolNormalizationLogger, resolveOperationDefaults, resolveCompactionModel, LEAN_TOOL_DESCRIPTIONS, resolveDescription, } from "@comis/agent";
26
+ import { createCircuitBreaker, createBudgetGuard, createCostTracker, createStepCounter, createSessionLifecycle, ensureWorkspace, resolveWorkspaceDir, createPiExecutor, createComisSessionManager, cleanupStaleLocks, createAuthStorageAdapter, createAuthProvider, selectOAuthCredentialStore, createModelRegistryAdapter, registerCustomProviders, createProviderHealthMonitor, createLastKnownModelTracker, createAuthProfileManager, createAuthRotationAdapter, setSanitizeLogger, setToolNormalizationLogger, resolveOperationDefaults, resolveCompactionModel, LEAN_TOOL_DESCRIPTIONS, resolveDescription, } from "@comis/agent";
17
27
  import { agentToolsToToolDefinitions, createSkillRegistry, createRuntimeEligibilityContext, TOOL_PROFILES, } from "@comis/skills";
28
+ // Once-per-daemon-process WARN flag for the encrypted-store hot-reload
29
+ // limitation. Lifted to module scope so the flag survives across per-agent
30
+ // setupSingleAgent calls AND any future re-invocations of setupAgents within
31
+ // the same process. Operator-friendly notice — fires exactly once per daemon
32
+ // process so the operator sees it in startup logs without N-times-per-agent
33
+ // noise.
34
+ let encryptedModeWarnFired = false;
18
35
  // ---------------------------------------------------------------------------
19
36
  // Single-agent setup (extracted for hot-add reuse)
20
37
  // ---------------------------------------------------------------------------
@@ -104,6 +121,79 @@ export async function setupSingleAgent(agentId, rawAgentConfig, deps) {
104
121
  secretManager: scopedManager,
105
122
  customProviderEntries,
106
123
  });
124
+ // -------------------------------------------------------------------------
125
+ // FIRST daemon-side OAuth wiring.
126
+ //
127
+ // Closes the unwired-OAuth gap — the createAuthProvider symbol was exported
128
+ // by @comis/agent but never called by the daemon, so refreshed OAuth tokens
129
+ // lived only in the in-memory cache and silently disappeared on restart.
130
+ // AuthProviderConfig.oauth credentialStore + logger + dataDir are REQUIRED
131
+ // so this wiring is type-checked at compile time — future regressions
132
+ // surface as TS errors, not silent runtime failures.
133
+ //
134
+ // All path constructions in this block use safePath from @comis/core (NOT
135
+ // path.join — AGENTS.md §2.2 ESLint security rule).
136
+ // When storage === "encrypted", the OAuth profile adapter SHARES the
137
+ // existing secretsDb handle from createSqliteSecretStore (no dual-handle).
138
+ // -------------------------------------------------------------------------
139
+ const oauthStorageMode = container.config.oauth.storage;
140
+ const dataDirAbs = container.config.dataDir && container.config.dataDir.length > 0
141
+ ? container.config.dataDir
142
+ : safePath(homedir(), ".comis");
143
+ // Use the daemon-level OAuthCredentialStore handle that setupAgents()
144
+ // constructed once and threaded through SingleAgentDeps. Same store
145
+ // reference is also exposed on AgentsResult so daemon.ts can plumb it into
146
+ // RpcDispatchDeps for the agents.update oauthProfiles existence check.
147
+ const oauthCredentialStore = deps.oauthCredentialStore;
148
+ const authProvider = createAuthProvider({
149
+ secretManager: scopedManager,
150
+ additionalProviderKeys: undefined,
151
+ oauth: {
152
+ eventBus: container.eventBus,
153
+ credentialStore: oauthCredentialStore,
154
+ logger: agentLogger.child({ submodule: "oauth-token-manager" }),
155
+ dataDir: dataDirAbs,
156
+ keyPrefix: "OAUTH_",
157
+ // Pass auth-profiles.json path when file adapter active so
158
+ // OAuthTokenManager can register the chokidar watcher and pick up
159
+ // CLI-written profiles within ~250ms without a daemon restart.
160
+ // Encrypted-mode: undefined -> no watcher; documented limitation.
161
+ watchPath: oauthStorageMode === "file"
162
+ ? safePath(dataDirAbs, "auth-profiles.json")
163
+ : undefined,
164
+ // Closure-stability: the closure dereferences
165
+ // container.config.agents[agentId]?.oauthProfiles on every call.
166
+ // This is the only correct shape because:
167
+ // 1. The `container.config.agents[agentId] = effectiveConfig`
168
+ // writeback above (search for that assignment in this file)
169
+ // stores a NEW object built from
170
+ // { ...agentConfig, model, provider } into the daemon's map.
171
+ // The local `agentConfig` parameter diverges from the map
172
+ // immediately at startup — capturing it would observe the
173
+ // wrong value.
174
+ // 2. agents.update at agent-handlers.ts:341 executes
175
+ // `deps.agents[agentId] = parsedConfig`, REPLACING the
176
+ // reference at that key with a new validated object. Capturing
177
+ // the local agentConfig parameter would miss this hot-update.
178
+ // 3. daemon.ts confirms `deps.agents` and `container.config.agents`
179
+ // are THE SAME map object — search for
180
+ // `agents: container.config.agents` in the RpcDispatchDeps
181
+ // construction. The daemon holds a single per-process
182
+ // Container.config instance.
183
+ // The map identity is stable; only the value at the agent key
184
+ // changes. The closure-evaluated dereference observes (1) at
185
+ // startup AND (2) on every agents.update without an event-bus
186
+ // invalidation or daemon restart, allowing the agents_manage tool to
187
+ // update without a daemon restart.
188
+ getAgentOauthProfiles: () => container.config.agents?.[agentId]?.oauthProfiles,
189
+ },
190
+ });
191
+ agentLogger.debug({
192
+ agentId,
193
+ oauthStorage: oauthStorageMode,
194
+ dataDir: dataDirAbs,
195
+ submodule: "setup-agents",
196
+ }, "OAuth credential store + auth provider + per-LLM-call dispatch wired");
107
197
  const piModelRegistry = createModelRegistryAdapter(piAuthStorage);
108
198
  const { registered: customProviderCount, providerAliases } = registerCustomProviders(piModelRegistry, customProviderEntries, scopedManager, agentLogger);
109
199
  if (customProviderCount > 0) {
@@ -146,6 +236,16 @@ export async function setupSingleAgent(agentId, rawAgentConfig, deps) {
146
236
  };
147
237
  const skillRegistry = createSkillRegistry(resolvedSkillsConfig, container.eventBus, { agentId, tenantId: container.config.tenantId, userId: "system" }, perAgentLogger, eligibilityContext);
148
238
  skillRegistry.init();
239
+ // Per-agent ToolCapabilityPort adapter. Construction sits here so the
240
+ // adapter can close over this agent's skillRegistry; the adapter is
241
+ // reused by pi-executor (capability-index renderer) AND by exec/process
242
+ // tools (install-detour parser via setupTools.getCapabilityPortForAgent).
243
+ const toolCapabilityPort = createToolCapabilityAdapter({
244
+ toolingConfig: container.config.tooling,
245
+ skillRegistry,
246
+ mcpClientManager: deps.mcpClientManager,
247
+ logger: perAgentLogger,
248
+ });
149
249
  // Opt-in file watching for automatic skill reload
150
250
  let skillWatcherHandle;
151
251
  if (skillsConfig.watchEnabled) {
@@ -235,6 +335,11 @@ export async function setupSingleAgent(agentId, rawAgentConfig, deps) {
235
335
  eventBus: container.eventBus,
236
336
  logger: perAgentLogger,
237
337
  authStorage: piAuthStorage,
338
+ // Thread OAuthTokenManager into the executor so the per-LLM-call
339
+ // dispatch hook (PiExecutor.execute pre-hook + the two compaction
340
+ // getApiKey callbacks in executor-context-engine-setup.ts) can resolve
341
+ // OAuth tokens via resolveProviderApiKey.
342
+ oauthManager: authProvider.oauth,
238
343
  modelRegistry: piModelRegistry,
239
344
  providerAliases,
240
345
  fallbackModels: fallbackModelStrings.length > 0 ? fallbackModelStrings : undefined,
@@ -268,6 +373,7 @@ export async function setupSingleAgent(agentId, rawAgentConfig, deps) {
268
373
  : undefined,
269
374
  embeddingEnqueue: deps.embeddingQueue?.enqueue.bind(deps.embeddingQueue),
270
375
  embeddingPort: deps.embeddingPort, // Semantic search in discover_tools
376
+ toolCapabilityPort, // Live adapter constructed above from container.config.tooling + skillRegistry + mcpClientManager.
271
377
  // DAG context engine deps (optional -- only when context engine version is dag)
272
378
  contextStore: deps.contextStore,
273
379
  db: deps.db,
@@ -295,6 +401,7 @@ export async function setupSingleAgent(agentId, rawAgentConfig, deps) {
295
401
  piSessionAdapter: sessionAdapter,
296
402
  skillWatcherHandle,
297
403
  skillRegistry,
404
+ toolCapabilityPort, // Exposed for AgentsResult.toolCapabilityPorts map
298
405
  };
299
406
  }
300
407
  // ---------------------------------------------------------------------------
@@ -312,9 +419,23 @@ export async function setupSingleAgent(agentId, rawAgentConfig, deps) {
312
419
  export async function setupAgents(deps) {
313
420
  const { container, memoryAdapter, sessionStore, agentLogger } = deps;
314
421
  // Inject module-level logger for response sanitization pipeline
315
- setSanitizeLogger(agentLogger.child({ module: "response-sanitize" }));
422
+ setSanitizeLogger(agentLogger.child({ submodule: "response-sanitize" }));
316
423
  // Inject module-level logger for tool schema normalization pipeline
317
- setToolNormalizationLogger(agentLogger.child({ module: "tool-normalize" }));
424
+ setToolNormalizationLogger(agentLogger.child({ submodule: "tool-normalize" }));
425
+ // Once-per-daemon WARN for the encrypted-store hot-reload limitation.
426
+ // Placed in setupAgents() body (NOT setupSingleAgent) so the notice fires
427
+ // exactly once per daemon process — not N times for N agents. Operator
428
+ // sees this in startup logs without surprise; daemon restart is required
429
+ // to pick up CLI-written OAuth profiles in encrypted-store mode.
430
+ const overallStorageMode = container.config.oauth.storage;
431
+ if (overallStorageMode === "encrypted" && !encryptedModeWarnFired) {
432
+ encryptedModeWarnFired = true;
433
+ agentLogger.warn({
434
+ hint: "CLI auth login changes require daemon restart in encrypted mode (file-watch unsupported on encrypted SQLite WAL)",
435
+ errorKind: "limitation_known",
436
+ submodule: "setup-agents",
437
+ }, "OAuth hot-reload disabled in encrypted-store mode");
438
+ }
318
439
  const agents = container.config.agents; // Always populated after schema transform
319
440
  const routingConfig = container.config.routing;
320
441
  // Daemon-level tracing defaults
@@ -351,6 +472,9 @@ export async function setupAgents(deps) {
351
472
  const piSessionAdapters = new Map();
352
473
  const skillWatcherHandles = new Map();
353
474
  const skillRegistries = new Map();
475
+ // Per-agent live ToolCapabilityPort adapters, parallel to skillRegistries;
476
+ // mutated in lockstep by hot-add/hot-remove.
477
+ const toolCapabilityPorts = new Map();
354
478
  // Resolve sub-agent tool names from config for delegation awareness
355
479
  const subAgentToolGroups = container.config.security?.agentToAgent?.subAgentToolGroups ?? [];
356
480
  const subAgentToolNames = subAgentToolGroups.length === 0 || subAgentToolGroups.includes("full")
@@ -368,6 +492,19 @@ export async function setupAgents(deps) {
368
492
  });
369
493
  // Global last-known-working model tracker (shared across all agents)
370
494
  const lastKnownModel = createLastKnownModelTracker();
495
+ // Construct the daemon-level OAuthCredentialStore handle ONCE (instead of
496
+ // per-agent inside setupSingleAgent). Same handle is reused across every
497
+ // agent setup AND surfaced on AgentsResult so daemon.ts can plumb it into
498
+ // RpcDispatchDeps for the agents.update oauthProfiles existence check.
499
+ const dataDirAbsForOauth = container.config.dataDir && container.config.dataDir.length > 0
500
+ ? container.config.dataDir
501
+ : safePath(homedir(), ".comis");
502
+ const oauthCredentialStore = selectOAuthCredentialStore({
503
+ storage: container.config.oauth.storage,
504
+ dataDir: dataDirAbsForOauth,
505
+ secretsCrypto: deps.secretsCrypto,
506
+ secretsDb: deps.secretsDb,
507
+ });
371
508
  // Construct shared deps struct once before the loop (for hot-add reuse)
372
509
  const singleAgentDeps = {
373
510
  container,
@@ -395,6 +532,16 @@ export async function setupAgents(deps) {
395
532
  getChannelMaxChars: deps.getChannelMaxChars,
396
533
  backgroundTaskManager: deps.backgroundTaskManager,
397
534
  backgroundNotifyFn: deps.backgroundNotifyFn,
535
+ // Secrets bootstrap output for OAuth wiring.
536
+ secretsCrypto: deps.secretsCrypto,
537
+ secretsDb: deps.secretsDb,
538
+ // Daemon-level OAuth credential store handle (constructed once above,
539
+ // reused per-agent + threaded into RPC deps).
540
+ oauthCredentialStore,
541
+ // Daemon-global MCP client manager. Threaded through so each
542
+ // setupSingleAgent invocation can construct a per-agent
543
+ // ToolCapabilityPort adapter that closes over the live MCP state.
544
+ mcpClientManager: deps.mcpClientManager,
398
545
  };
399
546
  for (const [agentId, agentConfig] of Object.entries(agents)) {
400
547
  const result = await setupSingleAgent(agentId, agentConfig, singleAgentDeps);
@@ -407,6 +554,7 @@ export async function setupAgents(deps) {
407
554
  if (result.skillWatcherHandle)
408
555
  skillWatcherHandles.set(agentId, result.skillWatcherHandle);
409
556
  skillRegistries.set(agentId, result.skillRegistry);
557
+ toolCapabilityPorts.set(agentId, result.toolCapabilityPort);
410
558
  }
411
559
  const defaultAgentId = routingConfig.defaultAgentId;
412
560
  const defaultWorkspaceDir = workspaceDirs.get(defaultAgentId);
@@ -448,9 +596,16 @@ export async function setupAgents(deps) {
448
596
  piSessionAdapters,
449
597
  skillWatcherHandles,
450
598
  skillRegistries,
599
+ // daemon.ts threads this Map into setupTools via
600
+ // getCapabilityPortForAgent and mutates it on hot-add/hot-remove.
601
+ toolCapabilityPorts,
451
602
  lockCleanupTimer,
452
603
  singleAgentDeps,
453
604
  providerHealth,
605
+ // Daemon-level OAuth credential store, plumbed by daemon.ts into
606
+ // RpcDispatchDeps.oauthCredentialStore so agents.update can validate
607
+ // oauthProfiles patches via has().
608
+ oauthCredentialStore,
454
609
  };
455
610
  }
456
611
  // ---------------------------------------------------------------------------
@@ -543,3 +698,9 @@ function deriveCanaryFallback(baseSecret, agentId) {
543
698
  .update(`canary-fallback:${agentId}`)
544
699
  .digest("hex");
545
700
  }
701
+ // ---------------------------------------------------------------------------
702
+ // OAuth credential store selection lives in @comis/agent (CLI cannot import
703
+ // from @comis/daemon, so the helper must live where both daemon and CLI
704
+ // consume it).
705
+ // See: packages/agent/src/model/oauth-credential-store-selector.ts
706
+ // ---------------------------------------------------------------------------
@@ -0,0 +1,58 @@
1
+ /**
2
+ * Background completion dispatcher + runner wiring for daemon startup.
3
+ *
4
+ * Subscribes the dispatcher BEFORE the runner so its synchronous
5
+ * `transitionDispatchState` runs first; the runner's handler then reads
6
+ * the updated `task.dispatchState` and skips when state is "notified"
7
+ * (the dispatcher already fired fallback). Subscription order matters
8
+ * because the event bus fires handlers in registration order; the
9
+ * dispatcher MUST come first.
10
+ *
11
+ * Per AGENTS §2.4: composition root + factories. This wiring lives in
12
+ * @comis/daemon (composition root); the actual factory bodies live in
13
+ * @comis/agent.
14
+ *
15
+ * @module
16
+ */
17
+ import { type BackgroundCompletionRunner, type BackgroundTaskManager, type CompletionDispatcher, type NotifyFn } from "@comis/agent";
18
+ import type { TypedEventBus } from "@comis/core";
19
+ import type { ComisLogger } from "@comis/infra";
20
+ import type { AgentExecutor } from "@comis/agent";
21
+ import type { RunnerSessionStore } from "@comis/agent";
22
+ /** Result of setupBackgroundCompletionRunner -- exposed to the daemon for shutdown. */
23
+ export interface BackgroundCompletionRunnerContext {
24
+ runner: BackgroundCompletionRunner;
25
+ dispatcher: CompletionDispatcher;
26
+ }
27
+ /**
28
+ * The taskManager arg widened to require `transitionDispatchState` so the
29
+ * dispatcher can persist state-machine transitions.
30
+ *
31
+ * The runner only consumes `getTask` (existing contract); the dispatcher
32
+ * consumes both `getTask` and `transitionDispatchState`. Daemon callers
33
+ * pass the full BackgroundTaskManager so structural subtyping covers both.
34
+ */
35
+ export interface SetupBackgroundCompletionRunnerDeps {
36
+ eventBus: TypedEventBus;
37
+ getExecutor: (agentId: string) => AgentExecutor;
38
+ sessionStore: RunnerSessionStore;
39
+ /**
40
+ * Must support `transitionDispatchState`; the dispatcher persists state
41
+ * machine transitions through it. The runner only needs `getTask`.
42
+ */
43
+ taskManager: Pick<BackgroundTaskManager, "getTask" | "transitionDispatchState">;
44
+ /** bgNotifyFn closure used when the originating session is gone. */
45
+ fallbackNotifyFn: NotifyFn;
46
+ /** From config.backgroundTasks.maxBackgroundHops (default 3). NOT config.workflow.*. */
47
+ maxBackgroundHops: number;
48
+ logger: ComisLogger;
49
+ }
50
+ /**
51
+ * Wire the dispatcher + completion runner from daemon-level dependencies.
52
+ * Call this AFTER setupNotifications so fallbackNotifyFn is wired.
53
+ *
54
+ * Subscription order: dispatcher first (synchronous transition), runner
55
+ * second (reads updated state). Reverse-order shutdown so the runner
56
+ * stops accepting events before the dispatcher tears down.
57
+ */
58
+ export declare function setupBackgroundCompletionRunner(deps: SetupBackgroundCompletionRunnerDeps): BackgroundCompletionRunnerContext;
@@ -0,0 +1,59 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ /**
3
+ * Background completion dispatcher + runner wiring for daemon startup.
4
+ *
5
+ * Subscribes the dispatcher BEFORE the runner so its synchronous
6
+ * `transitionDispatchState` runs first; the runner's handler then reads
7
+ * the updated `task.dispatchState` and skips when state is "notified"
8
+ * (the dispatcher already fired fallback). Subscription order matters
9
+ * because the event bus fires handlers in registration order; the
10
+ * dispatcher MUST come first.
11
+ *
12
+ * Per AGENTS §2.4: composition root + factories. This wiring lives in
13
+ * @comis/daemon (composition root); the actual factory bodies live in
14
+ * @comis/agent.
15
+ *
16
+ * @module
17
+ */
18
+ import { createBackgroundCompletionRunner, createCompletionDispatcher, } from "@comis/agent";
19
+ /**
20
+ * Wire the dispatcher + completion runner from daemon-level dependencies.
21
+ * Call this AFTER setupNotifications so fallbackNotifyFn is wired.
22
+ *
23
+ * Subscription order: dispatcher first (synchronous transition), runner
24
+ * second (reads updated state). Reverse-order shutdown so the runner
25
+ * stops accepting events before the dispatcher tears down.
26
+ */
27
+ export function setupBackgroundCompletionRunner(deps) {
28
+ // Dispatcher subscribes FIRST so its synchronous transitionDispatchState
29
+ // runs before the runner's handler reads task.dispatchState within the
30
+ // same event-bus tick.
31
+ const dispatcher = createCompletionDispatcher({
32
+ eventBus: deps.eventBus,
33
+ sessionStore: deps.sessionStore,
34
+ taskManager: deps.taskManager,
35
+ fallbackNotifyFn: deps.fallbackNotifyFn,
36
+ maxBackgroundHops: deps.maxBackgroundHops,
37
+ logger: deps.logger,
38
+ });
39
+ const runner = createBackgroundCompletionRunner({
40
+ eventBus: deps.eventBus,
41
+ getExecutor: deps.getExecutor,
42
+ sessionStore: deps.sessionStore,
43
+ taskManager: deps.taskManager,
44
+ fallbackNotifyFn: deps.fallbackNotifyFn,
45
+ maxBackgroundHops: deps.maxBackgroundHops,
46
+ logger: deps.logger,
47
+ });
48
+ return {
49
+ runner: {
50
+ // Reverse-order shutdown: runner first (stops accepting events), then
51
+ // dispatcher (ensures the at-most-once gate is the last to tear down).
52
+ async shutdown() {
53
+ await runner.shutdown();
54
+ await dispatcher.shutdown();
55
+ },
56
+ },
57
+ dispatcher,
58
+ };
59
+ }
@@ -19,9 +19,16 @@ export interface SetupBackgroundTasksDeps {
19
19
  }
20
20
  /**
21
21
  * Wire the background task subsystem from daemon-level dependencies.
22
- * Creates BackgroundTaskManager with file-based persistence, recovers
23
- * incomplete tasks from the previous daemon run (marking them failed),
24
- * and starts an hourly cleanup timer for stale completed/failed tasks.
22
+ * Creates BackgroundTaskManager with file-based persistence and starts
23
+ * an hourly cleanup timer for stale completed/failed tasks.
24
+ *
25
+ * Note: startup recovery (marking interrupted tasks as failed) is
26
+ * INTENTIONALLY deferred to daemon.ts. The daemon calls it AFTER
27
+ * `setupBackgroundCompletionRunner` has subscribed to
28
+ * background_task:{completed,failed}. If recovery fires before the runner
29
+ * subscribes, the synthesized failure events for restart-interrupted tasks
30
+ * land in an empty handler set and the user never sees the recovery
31
+ * announcement.
25
32
  * @param deps - Daemon-level dependencies
26
33
  * @returns BackgroundTasksContext with manager instance
27
34
  */
@@ -5,24 +5,30 @@
5
5
  * daemon runs, and starts periodic cleanup of stale completed/failed tasks.
6
6
  * @module
7
7
  */
8
- import { createBackgroundTaskManager } from "@comis/agent";
8
+ import { createBackgroundTaskManager, TASK_DIR_NAME } from "@comis/agent";
9
9
  import { safePath } from "@comis/core";
10
10
  /**
11
11
  * Wire the background task subsystem from daemon-level dependencies.
12
- * Creates BackgroundTaskManager with file-based persistence, recovers
13
- * incomplete tasks from the previous daemon run (marking them failed),
14
- * and starts an hourly cleanup timer for stale completed/failed tasks.
12
+ * Creates BackgroundTaskManager with file-based persistence and starts
13
+ * an hourly cleanup timer for stale completed/failed tasks.
14
+ *
15
+ * Note: startup recovery (marking interrupted tasks as failed) is
16
+ * INTENTIONALLY deferred to daemon.ts. The daemon calls it AFTER
17
+ * `setupBackgroundCompletionRunner` has subscribed to
18
+ * background_task:{completed,failed}. If recovery fires before the runner
19
+ * subscribes, the synthesized failure events for restart-interrupted tasks
20
+ * land in an empty handler set and the user never sees the recovery
21
+ * announcement.
15
22
  * @param deps - Daemon-level dependencies
16
23
  * @returns BackgroundTasksContext with manager instance
17
24
  */
18
25
  export function setupBackgroundTasks(deps) {
19
26
  const manager = createBackgroundTaskManager({
20
- dataDir: safePath(deps.dataDir, "background-tasks"),
27
+ dataDir: safePath(deps.dataDir, TASK_DIR_NAME),
21
28
  eventBus: deps.eventBus,
22
29
  logger: deps.logger,
23
30
  });
24
- // Mark incomplete tasks from previous daemon run as failed
25
- manager.recoverOnStartup();
31
+ // Startup recovery is deferred to daemon.ts (after the completion runner subscribes).
26
32
  // Periodic cleanup of stale completed/failed tasks (24h TTL)
27
33
  const cleanupInterval = setInterval(() => manager.cleanup(), 3_600_000); // every hour
28
34
  cleanupInterval.unref(); // don't keep daemon alive for cleanup
@@ -10,7 +10,7 @@
10
10
  */
11
11
  import type { AppContainer, ChannelPort, ChannelPluginPort, NormalizedMessage, SessionKey, TranscriptionPort, TTSPort, ImageAnalysisPort, FileExtractionPort, FileExtractionConfig, MemoryPort, QueueConfig } from "@comis/core";
12
12
  import type { ComisLogger } from "@comis/infra";
13
- import type { AgentExecutor, createSessionLifecycle, ActiveRunRegistry } from "@comis/agent";
13
+ import type { AgentExecutor, createSessionLifecycle, ActiveRunRegistry, BackgroundSessionResolver } from "@comis/agent";
14
14
  import type { createSessionStore } from "@comis/memory";
15
15
  import { type CommandQueue } from "@comis/agent";
16
16
  import { type ChannelManager, type ApprovalNotifier } from "@comis/channels";
@@ -107,6 +107,13 @@ export interface ChannelsDeps {
107
107
  deliveryQueue?: import("@comis/core").DeliveryQueuePort;
108
108
  /** Optional active run registry for SDK-native steer+followup inbound routing */
109
109
  activeRunRegistry?: ActiveRunRegistry;
110
+ /**
111
+ * Optional composite-key resolver. Wired by the daemon as
112
+ * `createBackgroundSessionResolver({ activeRunRegistry })`; supersedes
113
+ * `activeRunRegistry.has/.get` for production lookups in the inbound
114
+ * pipeline.
115
+ */
116
+ sessionResolver?: BackgroundSessionResolver;
110
117
  /** RPC call dispatcher for /config chat commands (deferred dispatch -- safe to pass before wireDispatch). */
111
118
  rpcCall?: RpcCall;
112
119
  /** Optional callback for task extraction after successful agent execution (gated by config.scheduler.tasks.enabled). */
@@ -120,7 +127,7 @@ export interface ChannelsDeps {
120
127
  onMessageReceived?: (msg: NormalizedMessage, channelType: string) => void;
121
128
  /** Optional callback fired AFTER each successful inbound message processing. Used by post-processing state (e.g. notification session activity recording). */
122
129
  onMessageProcessed?: (msg: NormalizedMessage, channelType: string) => void;
123
- /** Optional approval gate for /approve and /deny chat commands in inbound pipeline (APPR-CHAT). */
130
+ /** Optional approval gate for /approve and /deny chat commands in inbound pipeline. */
124
131
  approvalGate?: import("@comis/core").ApprovalGate;
125
132
  /** Per-agent PI session adapters for session stats/destroy in slash commands (CMD-WIRE). */
126
133
  piSessionAdapters?: Map<string, {
@@ -11,9 +11,8 @@
11
11
  */
12
12
  import { readdir, readFile, stat } from "node:fs/promises";
13
13
  import { randomUUID } from "node:crypto";
14
- import { join } from "node:path";
15
14
  import { formatSessionKey, runWithContext, createDeliveryOrigin, safePath } from "@comis/core";
16
- import { createMessageRouter, createCommandQueue, createCommandHandler, parseSlashCommand, sanitizeAssistantResponse, resolveOperationModel, resolveProviderFamily, runMemoryReview } from "@comis/agent";
15
+ import { createMessageRouter, createCommandQueue, createCommandHandler, parseSlashCommand, sanitizeAssistantResponse, resolveOperationModel, resolveProviderFamily, runMemoryReview, classifyError } from "@comis/agent";
17
16
  import { createChannelManager, createRetryEngine, createApprovalNotifier, deliverToChannel, filterResponse, } from "@comis/channels";
18
17
  import { RetryConfigSchema } from "@comis/core";
19
18
  import { shouldAutoTts, resolveOutputFormat, parseOutboundMedia, applyToolPolicy, } from "@comis/skills";
@@ -96,7 +95,7 @@ export async function setupChannels(deps) {
96
95
  return;
97
96
  }
98
97
  const workspacePath = deps.workspaceDirs?.get(agentId) ?? "";
99
- const reviewLogger = logger.child({ agentId, module: "memory-review" });
98
+ const reviewLogger = logger.child({ agentId, submodule: "memory-review" });
100
99
  const reviewResult = await runMemoryReview({
101
100
  agentId,
102
101
  tenantId: deps.tenantId ?? container.config.tenantId ?? "default",
@@ -142,6 +141,25 @@ export async function setupChannels(deps) {
142
141
  // Extract session strategy from event payload (defaults: fresh, 3 turns)
143
142
  const sessionStrategy = payload.sessionStrategy ?? "fresh";
144
143
  const maxHistoryTurns = payload.maxHistoryTurns ?? 3;
144
+ // Cadence-aware cache-waste guard: rolling/accumulate strategies on long cadences
145
+ // guarantee cache-write waste because the prompt cache TTL is short (5 min for "cron"
146
+ // operations — see OPERATION_CACHE_DEFAULTS.cron in @comis/agent). Threshold = 2x TTL
147
+ // so we don't warn on borderline-useful 6-9 min cadences. Operator intent is preserved
148
+ // (no auto-downgrade) — this is informational only. Scoped to schedule.kind === "every"
149
+ // because cron-expression cadence is not threaded through the event payload.
150
+ const CRON_CACHE_TTL_2X_MS = 600_000;
151
+ if (sessionStrategy !== "fresh" &&
152
+ payload.cadenceMs !== undefined &&
153
+ payload.cadenceMs > CRON_CACHE_TTL_2X_MS) {
154
+ logger.warn({
155
+ jobName,
156
+ agentId: payload.agentId,
157
+ sessionStrategy,
158
+ cadenceMs: payload.cadenceMs,
159
+ hint: "Cadence exceeds cache TTL by 2x; rolling/accumulate guarantees per-tick cache-write waste. Set sessionStrategy:'fresh' unless cross-tick session memory is essential.",
160
+ errorKind: "config",
161
+ }, "Cron sessionStrategy may waste cache writes at this cadence");
162
+ }
145
163
  // Resolve cron operation model via 5-level priority chain
146
164
  const agentConfig = agents[payload.agentId];
147
165
  let cronOverrides;
@@ -353,9 +371,10 @@ export async function setupChannels(deps) {
353
371
  logger.warn({ channelType: deliveryTarget.channelType, jobName, hint: "Ensure the target channel adapter is started", errorKind: "config" }, "No adapter found for job suspension notification");
354
372
  return;
355
373
  }
374
+ const classified = classifyError(lastError);
356
375
  const message = [
357
376
  `Scheduled task "${jobName}" was suspended after ${consecutiveErrors} consecutive failures.`,
358
- `Last error: ${lastError.slice(0, 200)}`,
377
+ `Reason: ${classified.userMessage}`,
359
378
  `Re-enable with /cron enable ${jobId}`,
360
379
  ].join("\n");
361
380
  try {
@@ -445,6 +464,7 @@ export async function setupChannels(deps) {
445
464
  voiceResponsePipeline,
446
465
  parseOutboundMedia,
447
466
  activeRunRegistry: deps.activeRunRegistry,
467
+ sessionResolver: deps.sessionResolver,
448
468
  queueConfig: deps.queueConfig,
449
469
  getElevatedReplyConfig: (agentId) => {
450
470
  const agentConfig = agents[agentId];
@@ -498,8 +518,13 @@ export async function setupChannels(deps) {
498
518
  return;
499
519
  }
500
520
  let graphDir;
521
+ // Two-step safePath composition matches the canonical daemon-wiring
522
+ // pattern in setup-output-retention.ts. Both safePath calls throw on
523
+ // traversal; the surrounding catch handles either failure with a
524
+ // single operator-facing WARN.
501
525
  try {
502
- graphDir = safePath(join(dataDir, "graph-runs"), graphId);
526
+ const graphRunsDir = safePath(dataDir, "graph-runs");
527
+ graphDir = safePath(graphRunsDir, graphId);
503
528
  }
504
529
  catch {
505
530
  channelsLogger.warn({ graphId, hint: "Path traversal attempt in graphId", errorKind: "validation" }, "Graph report request rejected");
@@ -510,7 +535,7 @@ export async function setupChannels(deps) {
510
535
  await stat(graphDir);
511
536
  }
512
537
  catch {
513
- channelsLogger.warn({ graphId, graphDir, hint: "Graph run directory not found", errorKind: "not_found" }, "Graph report directory missing");
538
+ channelsLogger.warn({ graphId, graphDir, hint: "Graph run directory not found", errorKind: "validation" }, "Graph report directory missing");
514
539
  await adapter.sendMessage(channelId, "Report not available \u2014 graph run data not found.", threadId ? { extra: { threadId } } : undefined);
515
540
  return;
516
541
  }
@@ -524,7 +549,7 @@ export async function setupChannels(deps) {
524
549
  // Try to identify leaf nodes from metadata
525
550
  let leafOutputFile;
526
551
  try {
527
- const metadataRaw = await readFile(join(graphDir, "_run-metadata.json"), "utf8");
552
+ const metadataRaw = await readFile(safePath(graphDir, "_run-metadata.json"), "utf8");
528
553
  const metadata = JSON.parse(metadataRaw);
529
554
  const completedNodes = Object.entries(metadata.nodes)
530
555
  .filter(([, v]) => v.status === "completed")
@@ -534,7 +559,7 @@ export async function setupChannels(deps) {
534
559
  for (const f of outputFiles) {
535
560
  const nodeId = f.replace(/-output\.md$/, "");
536
561
  if (completedNodes.includes(nodeId)) {
537
- const fileStat = await stat(join(graphDir, f));
562
+ const fileStat = await stat(safePath(graphDir, f));
538
563
  if (fileStat.size > maxSize) {
539
564
  maxSize = fileStat.size;
540
565
  leafOutputFile = f;
@@ -549,7 +574,7 @@ export async function setupChannels(deps) {
549
574
  // Fallback: pick largest output file
550
575
  let maxSize = 0;
551
576
  for (const f of outputFiles) {
552
- const fileStat = await stat(join(graphDir, f));
577
+ const fileStat = await stat(safePath(graphDir, f));
553
578
  if (fileStat.size > maxSize) {
554
579
  maxSize = fileStat.size;
555
580
  leafOutputFile = f;
@@ -560,7 +585,7 @@ export async function setupChannels(deps) {
560
585
  await adapter.sendMessage(channelId, "Report not available \u2014 could not identify output file.", threadId ? { extra: { threadId } } : undefined);
561
586
  return;
562
587
  }
563
- const filePath = join(graphDir, leafOutputFile);
588
+ const filePath = safePath(graphDir, leafOutputFile);
564
589
  const nodeId = leafOutputFile.replace(/-output\.md$/, "");
565
590
  const caption = `Full report \u2014 ${nodeId} (graph ${graphId.slice(0, 8)})`;
566
591
  await adapter.sendAttachment(channelId, {
@@ -1,9 +1,9 @@
1
1
  /**
2
2
  * Cross-session messaging setup: cross-session sender and sub-agent runner.
3
- * Extracted from daemon.ts step 6.6.9 to isolate cross-session service
4
- * creation from the main wiring sequence. The three callback closures
5
- * (executeInSession, sendToChannel, executeSubAgent) are built internally
6
- * from injected dependencies (assembleToolsForAgent, getExecutor, adaptersByType).
3
+ * Isolates cross-session service creation from the main wiring sequence.
4
+ * The three callback closures (executeInSession, sendToChannel,
5
+ * executeSubAgent) are built internally from injected dependencies
6
+ * (assembleToolsForAgent, getExecutor, adaptersByType).
7
7
  * @module
8
8
  */
9
9
  import type { SessionKey } from "@comis/core";
@@ -14,7 +14,7 @@ import { createCrossSessionSender } from "../cross-session-sender.js";
14
14
  import { createSubAgentRunner } from "../sub-agent-runner.js";
15
15
  import { createAnnouncementBatcher } from "../announcement-batcher.js";
16
16
  import { createAnnouncementDeadLetterQueue } from "../announcement-dead-letter.js";
17
- /** All services produced by the cross-session messaging setup phase. */
17
+ /** All services produced by the cross-session messaging setup. */
18
18
  export interface CrossSessionResult {
19
19
  /** Cross-session message sender for agent-to-agent communication. */
20
20
  crossSessionSender: ReturnType<typeof createCrossSessionSender>;
@@ -103,6 +103,21 @@ export declare function setupCrossSession(deps: {
103
103
  abort(): Promise<void>;
104
104
  } | undefined;
105
105
  };
106
+ /**
107
+ * Optional composite-key resolver. Threaded into sub-agent-runner so abort
108
+ * paths use `(agentId, channelType, channelId)` instead of a single-arg
109
+ * formatted-key lookup. Daemon builds it via
110
+ * `createBackgroundSessionResolver({activeRunRegistry})`.
111
+ */
112
+ sessionResolver?: {
113
+ resolveActiveSession(key: {
114
+ agentId: string;
115
+ channelType: string;
116
+ channelId: string;
117
+ }): {
118
+ abort(): Promise<void>;
119
+ } | undefined;
120
+ };
106
121
  /** Delivery queue for crash-safe persistence */
107
122
  deliveryQueue?: import("@comis/core").DeliveryQueuePort;
108
123
  }): CrossSessionResult;