create-walle 0.8.0 → 0.9.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-walle",
-  "version": "0.8.0",
+  "version": "0.9.0",
   "description": "Wall-E — your personal digital twin. AI agent that learns from Slack, email & calendar. Includes dashboard, chat, and 7 bundled skills.",
   "bin": {
     "create-walle": "bin/create-walle.js"

package/template/README.md

@@ -1,34 +1,54 @@
-# Wall-E
+# Wall-E + CTM
 
-**Your personal digital twin** — an AI agent that learns from your Slack, email, and calendar to build a searchable second brain, answer questions in your voice, and automate daily workflows.
+**Wall-E** is your personal digital twin — an AI agent that learns from your Slack, email, and calendar to build a searchable second brain, answer questions in your voice, and automate daily workflows.
 
-Wall-E runs locally alongside **CTM** (Claude Task Manager), a terminal multiplexer and task dashboard for Claude Code sessions.
+**CTM** (Claude Task Manager) is an agent task manager and terminal multiplexer — a web dashboard for running Claude Code sessions, managing prompts, reviewing code, and controlling Wall-E.
 
-## What It Does
+Together they give you a local-first AI command center: a browser-based workspace where you manage Claude Code sessions, chat with an AI that knows your work context, and automate the repetitive parts of your day.
 
-- **Ingests** your Slack messages, calendar events, and sent emails into a local SQLite brain
-- **Learns** your preferences, relationships, communication style, and knowledge over time
-- **Answers** questions about your work, meetings, and conversations — with citations
-- **Runs skills** on a schedule: morning briefings, Slack sync, calendar sync, and more
-- **Manages tasks** and Claude Code sessions through a web dashboard
+## What You Get
+
+### CTM — Agent Task Manager
+- **Terminal multiplexer** — run multiple Claude Code sessions side-by-side in browser tabs, with session history, search, and replay
+- **Prompt library** — rich-text editor with versioning, folders, tags, and one-click send to any active session
+- **Prompt queue** — batch multiple prompts and send them sequentially to a session with idle detection
+- **Shadow Approver** — learns your permission patterns and auto-approves safe operations across sessions
+- **Code review** — AI-assisted diff review across projects with inline comments
+- **Session insights** — AI analysis of your Claude Code usage with actionable recommendations
+- **Permission manager** — fine-grained control over what Claude Code can do automatically, with risk tiers and rule consolidation
+
+### Wall-E — Personal AI Agent
+- **Second brain** — ingests Slack messages, calendar events, and sent emails into a local SQLite database with full-text search
+- **Chat** — ask questions about your work, meetings, and conversations — grounded in your actual data with citations
+- **Scheduled skills** — morning briefings, Slack sync, calendar sync, email digest, and custom skills on configurable schedules
+- **Background tasks** — recurring or one-shot tasks with live logs, skill execution, and checkpoint/resume
+- **Knowledge graph** — automatically extracts facts, relationships, and patterns from your data over time
+- **People intelligence** — tracks relationships, communication patterns, trust levels, and personas
+- **MCP integration** — calls tools on Slack, GitHub, and custom MCP servers directly from chat
+- **macOS native** — calendar via EventKit, email via AppleScript, Spotlight file search, desktop notifications, clipboard access
 
 ## Architecture
 
 ```
-CTM (port 3456)                    Wall-E
+CTM (port 3456)                    Wall-E Daemon
 +-----------------------+          +------------------------+
 | Web Dashboard         |          | Agent Daemon           |
 |  - Sessions (pty)     |  <--->   |  - Ingest loop (60s)   |
 |  - Prompts editor     |          |  - Think loop (120s)   |
-|  - Task manager       |          |  - Reflect loop (1hr)  |
-|  - Code review        |          |  - Skills loop (5min)  |
-|  - Wall-E chat tab    |          |  - Tasks loop (30s)    |
-+-----------------------+          +------------------------+
-         |                                    |
-         v                                    v
-   task-manager.db                    wall-e-brain.db
-   (sessions, prompts,               (memories, knowledge,
-    tasks, reviews)                   people, skills, tasks)
+|  - Prompt queue       |          |  - Reflect loop (1hr)  |
+|  - Shadow Approver    |          |  - Skills loop (5min)  |
+|  - Code review        |          |  - Tasks loop (30s)    |
+|  - Session insights   |          |                        |
+|  - Permission manager |          | Chat Engine            |
+|  - Wall-E chat tab    |          |  - Tool use (local+MCP)|
++-----------------------+          |  - Memory search       |
+         |                         |  - Skill execution     |
+         v                         +------------------------+
+   task-manager.db                          |
+   (sessions, prompts,                      v
+    rules, reviews)              wall-e-brain.db
+                                 (memories, knowledge,
+                                  people, skills, tasks)
 ```
 
 ## Quickstart
@@ -39,7 +59,7 @@ cd my-agent
 node claude-task-manager/server.js
 ```
 
-Open **http://localhost:3456** — the browser setup page walks you through adding your API key and connecting integrations. Your name and timezone are auto-detected.
+Open **http://localhost:3456** — the setup page walks you through adding your API key and connecting integrations. Your name and timezone are auto-detected.
 
 Or clone manually:
 
@@ -52,6 +72,66 @@ node claude-task-manager/server.js
 
 The first run auto-creates `.env`, `wall-e-config.json`, and `~/.walle/data/`. Finish setup at http://localhost:3456/setup.html.
 
+## Dashboard Features
+
+### Sessions
+Terminal multiplexer for Claude Code — create, monitor, and manage multiple sessions from a single browser tab. Features include:
+- Live terminal output via WebSocket (xterm.js)
+- Session search and AI-powered search across all session history
+- AI auto-titling for sessions
+- Project grouping and filtering
+- Copy session command (with working directory)
+- Session replay and review
+
+### Prompts
+Rich-text prompt editor with a full formatting toolbar. Organize prompts into folders, tag them, track usage across sessions, and send to any active Claude Code session with one click.
+- **Composite prompts** — parent prompt with sub-prompts that compose into a single message
+- **Prompt queue** — batch multiple prompts, send sequentially with idle detection between items
+- **Power tools** — chains (multi-step sequences), templates, pattern detection, harvest (extract prompts from session history), and AI copilot suggestions
+- **Usage tracking** — see which sessions used which prompts and how often
+
+### Wall-E Chat
+Chat directly with Wall-E from the dashboard. Wall-E has access to your full brain (memories, knowledge, people) and can:
+- Search your Slack messages, emails, and calendar
+- Run skills on demand (morning briefing, Slack sync, etc.)
+- Call MCP tools (Slack, GitHub, etc.)
+- Create and manage background tasks
+- Execute shell commands, read files, take screenshots
+- Answer questions grounded in your actual data
+
+Sub-tabs: Chat, Tasks (background task manager), Skills (view and run), Brain (knowledge graph), Actions, Timeline, Questions, Status.
+
+### Shadow Approver
+Learns your permission patterns from Claude Code sessions and auto-approves safe operations. Features:
+- Pattern learning from your approval history
+- AI-driven approval decisions with confidence scoring
+- Domain-specific trust tiers (Observe, Draft, Guarded, Autonomous)
+- Rule consolidation (merges similar Bash rules)
+- Decision history and audit trail
+
+### Code Review
+AI-assisted code review across projects:
+- Inline diff viewer
+- Multi-project support
+- AI review comments with confidence levels
+- Send review to a Claude Code session for implementation
+
+### Session Insights
+AI analysis of your Claude Code usage patterns:
+- Workflow recommendations (automate repetitive tasks)
+- Prompt effectiveness analysis
+- Skill gap detection
+- Cost-saving suggestions
+- Session statistics
+
+### Permission Manager
+Fine-grained control over what Claude Code can do automatically:
+- Search and filter across all rules
+- Risk-based categorization (LOW, MEDIUM, HIGH)
+- Per-project or global scope
+- Rule consolidation for similar patterns
+- Import/export with Claude Code's settings files
+
 ## Configuration
 
 All configuration lives in `.env` (auto-generated on first run). Edit directly or use the browser setup page.
@@ -84,6 +164,7 @@ If you use `devbox ai -c claude`, Wall-E auto-reads your gateway credentials fro
 | `ANTHROPIC_AUTH_TOKEN` | No | Auth token when using a gateway |
 | `ANTHROPIC_CUSTOM_HEADERS_B64` | No | Base64-encoded custom headers (Portkey virtual keys, metadata) |
 | `WALLE_OWNER_NAME` | Auto | Your name (auto-detected from `git config`) |
+| `WALLE_MODEL` | Auto | Model selection (probed on setup: claude-sonnet-4-6, haiku-4-5, etc.) |
 | `CTM_PORT` | No | Dashboard port (default: `3456`) |
 | `WALL_E_PORT` | No | Wall-E API port (default: `CTM_PORT + 1`) |
 | `WALL_E_DATA_DIR` | No | Data directory (default: `~/.walle/data`) |
@@ -105,8 +186,9 @@ Wall-E ships with skills that run on a schedule to keep your brain up to date:
 | `slack-backfill` | manual | Full Slack history backfill (2022-present) |
 | `email-sync` | every 30m | Syncs sent emails from macOS Mail via JXA |
 | `email-digest` | daily 7am | Summarizes recent email activity |
-| `morning-briefing` | daily 7am | AI-generated daily briefing from all sources |
+| `morning-briefing` | daily 7am | AI-generated daily briefing: calendar, Slack activity, tasks, questions |
 | `memory-search` | on-demand | Full-text search across all memories |
+| `file-ingest` | manual | Read a folder of files into the brain with glob filtering |
 
 ### Creating Custom Skills
 
@@ -128,22 +210,15 @@ tags: [sync, data]
 
 Place skills in `wall-e/skills/_bundled/your-skill/SKILL.md` or load from a custom directory.
 
-## Dashboard Features
-
-### Sessions Tab
-Terminal multiplexer for Claude Code — create, monitor, and manage multiple sessions from a single browser tab.
+## Integrations
 
-### Prompts Tab
-Rich-text prompt editor with versioning, tagging, folders, and one-click send to any active Claude session. Supports composite prompts (parent + sub-prompts).
-
-### Tasks Tab
-Task dashboard with recurring task support, skill execution, checkpoint/resume, and live logs.
-
-### Wall-E Tab
-Chat directly with Wall-E — ask about your schedule, search your memories, run skills, and get AI-powered answers grounded in your actual data.
-
-### Code Review Tab
-Review code changes across projects with inline diffs and AI-assisted review.
+| Integration | How it works | Setup |
+|---|---|---|
+| **Slack** | OAuth + MCP protocol for search, read, send | Click "Connect" in setup page |
+| **Google Calendar** | macOS EventKit (reads all calendars: Google, iCloud, Outlook) | Automatic on macOS |
+| **Email** | macOS Mail via JXA/AppleScript | Automatic on macOS |
+| **GitHub** | MCP server (if configured in Claude Code) | Via MCP config |
+| **Custom MCP servers** | Any MCP-compatible server | Add to MCP config |
 
 ## API
 
@@ -152,17 +227,19 @@ CTM runs on port 3456. Key endpoints:
 | Method | Path | Description |
 |---|---|---|
 | GET | `/api/services/status` | CTM and Wall-E process status |
+| POST | `/api/restart/ctm` | Restart CTM server |
 | POST | `/api/restart/walle` | Restart Wall-E daemon |
 | POST | `/api/start/walle` | Start Wall-E daemon |
 | POST | `/api/stop/walle` | Stop Wall-E daemon |
-| GET | `/api/wall-e/status` | Wall-E brain stats and owner info |
+| GET | `/api/wall-e/status` | Brain stats, loop health, owner info |
 | GET | `/api/wall-e/memories` | List memories (filterable by source, since, limit) |
 | GET | `/api/wall-e/knowledge` | List knowledge entries |
 | GET | `/api/wall-e/people` | List known people |
 | GET | `/api/wall-e/timeline` | Memory timeline |
-| POST | `/api/wall-e/chat` | Chat with Wall-E |
+| GET | `/api/wall-e/tasks` | List background tasks |
+| POST | `/api/wall-e/chat` | Chat with Wall-E (supports SSE streaming) |
 | GET | `/api/prompts` | List prompts |
-| GET | `/api/sessions` | List active terminal sessions |
+| GET | `/api/recent-sessions` | List recent Claude Code sessions |
 
 ## Tech Stack
 
@@ -170,24 +247,27 @@ CTM runs on port 3456. Key endpoints:
 - **Database**: SQLite via better-sqlite3 (WAL mode, FTS5 full-text search)
 - **AI**: Claude API via Anthropic SDK (supports Portkey gateway)
 - **Frontend**: Vanilla HTML/CSS/JS (no build step, no React)
+- **Terminal**: xterm.js (frontend) + node-pty (backend)
 - **macOS integration**: EventKit (calendar), JXA (email/AppleScript), Spotlight (file search)
-- **Terminal**: node-pty for session management
 
 ## Development
 
 ```bash
+# Start dev instance (doesn't affect primary on :3456)
+bash bin/dev.sh
+
 # Run Wall-E tests
 cd wall-e && npm test
 
-# Run a single test file
-node --test tests/brain.test.js
-
 # Run Slack backfill manually
 node scripts/slack-backfill.js 2024-01  # single month
 node scripts/slack-backfill.js incremental  # new messages only
 
 # Run calendar sync manually
 node skills/_bundled/google-calendar/run.js
+
+# Run morning briefing manually
+node skills/_bundled/morning-briefing/run.js
 ```
 
 ## License

package/template/claude-task-manager/db.js

@@ -1115,9 +1115,9 @@ function listSessionConversations({ search, limit, offset, hostname, allDevices
     params.push(hostname);
   }
   if (search) {
-    sql += ' AND (title LIKE ? OR first_message LIKE ? OR project_path LIKE ?)';
+    sql += ' AND (title LIKE ? OR first_message LIKE ? OR project_path LIKE ? OR messages LIKE ?)';
     const q = `%${search}%`;
-    params.push(q, q, q);
+    params.push(q, q, q, q);
   }
   sql += ' ORDER BY imported_at DESC';
   if (limit) { sql += ' LIMIT ?'; params.push(limit); }

package/template/claude-task-manager/public/index.html

@@ -2396,6 +2396,7 @@
               <button class="walle-subnav-btn active" data-view="chat" onclick="WE.showView('chat')">Chat</button>
               <button class="walle-subnav-btn" data-view="tasks" onclick="WE.showView('tasks')">Tasks</button>
               <button class="walle-subnav-btn" data-view="skills" onclick="WE.showView('skills')">Skills</button>
+              <button class="walle-subnav-btn" data-view="mcp" onclick="WE.showView('mcp')">MCP</button>
               <div style="position:relative;display:inline-block;" id="we-more-wrap">
                 <button class="walle-subnav-btn" onclick="WE.toggleMoreTabs()" id="we-more-btn">More <span style="font-size:10px;">&#9662;</span></button>
                 <div id="we-more-dropdown" style="display:none;position:absolute;top:100%;left:0;z-index:999;background:var(--bg-light);border:1px solid var(--border);border-radius:6px;padding:4px 0;min-width:120px;box-shadow:0 4px 12px rgba(0,0,0,0.3);">
@@ -4552,6 +4553,7 @@ cwdInput.addEventListener('focus', () => {
 
 // --- Recent Sessions ---
 let allRecentSessions = [];
+let _convSearchPending = false;
 let currentFilter = 'all';
 let aiSearchMode = false;
 let aiSearchDebounce = null;
@@ -4780,13 +4782,36 @@ function renderFilteredSessions() {
   const q = document.getElementById('recent-search').value.toLowerCase();
   let sessions = getFilteredSessions();
   if (q && !aiSearchMode) {
-    sessions = sessions.filter(s =>
-      (s.firstMessage || '').toLowerCase().includes(q) ||
-      (s.aiTitle || '').toLowerCase().includes(q) ||
-      s.project.toLowerCase().includes(q) ||
-      s.sessionId.toLowerCase().includes(q) ||
-      (s.gitBranch || '').toLowerCase().includes(q)
-    );
+    // First filter local metadata
+    const metaMatches = new Set();
+    sessions = sessions.filter(s => {
+      const match = (s.firstMessage || '').toLowerCase().includes(q) ||
+        (s.aiTitle || '').toLowerCase().includes(q) ||
+        s.project.toLowerCase().includes(q) ||
+        s.sessionId.toLowerCase().includes(q) ||
+        (s.gitBranch || '').toLowerCase().includes(q);
+      if (match) metaMatches.add(s.sessionId);
+      return match;
+    });
+    // Also search imported conversations in DB (async, will re-render when results arrive)
+    if (sessions.length === 0 && q.length >= 3 && !_convSearchPending) {
+      _convSearchPending = true;
+      fetch('/api/conversations?search=' + encodeURIComponent(q) + '&limit=20&all_devices=1&token=' + (state.token || ''))
+        .then(r => r.json())
+        .then(data => {
+          _convSearchPending = false;
+          const convResults = (data.backups ? [] : (Array.isArray(data) ? data : []));
+          if (convResults.length === 0) return;
+          // Merge conversation matches into session list
+          for (const c of convResults) {
+            if (metaMatches.has(c.session_id)) continue;
+            const existing = allRecentSessions.find(s => s.sessionId === c.session_id);
+            if (existing && !sessions.includes(existing)) sessions.push(existing);
+          }
+          if (sessions.length > 0) renderRecentSessions(sessions);
+        })
+        .catch(() => { _convSearchPending = false; });
+    }
   }
 
   // Sort: pinned first (in user-defined order), then by modifiedAt
@@ -8059,6 +8084,15 @@ function removeQpItem(idx) {
   renderQpItems();
 }
 
+function resendQpItem(idx) {
+  if (idx >= 0 && idx < qpItems.length) {
+    qpItems[idx].status = 'pending';
+    saveQpDraft();
+    renderQpItems();
+    toast('Item reset to pending — will be sent next', { type: 'info' });
+  }
+}
+
 function toggleQpMode() {
   qpMode = qpMode === 'auto' ? 'manual' : 'auto';
   updateQpModeBtn();
@@ -8382,6 +8416,7 @@ function renderQpItems() {
       </div>
       <div style="display:flex;align-items:center;gap:2px;padding-top:2px;flex-shrink:0;">
         <span style="font-size:9px;color:var(--fg-dim);background:var(--bg-lighter);padding:1px 5px;border-radius:8px;">${item.type === 'prompt' ? '#' + item.promptId : 'inline'}</span>
+        ${isSent && !isEditing ? `<button onclick="resendQpItem(${idx})" style="background:none;border:none;color:var(--fg-dim);cursor:pointer;font-size:10px;padding:0 2px;line-height:1;" onmouseover="this.style.color='var(--accent)'" onmouseout="this.style.color='var(--fg-dim)'" title="Re-send this item">&#8635;</button>` : ''}
         ${!isEditing && item.type === 'inline' ? `<button onclick="saveQpItemAsPrompt(${idx})" style="background:none;border:none;color:var(--fg-dim);cursor:pointer;font-size:10px;padding:0 2px;line-height:1;" onmouseover="this.style.color='var(--green)'" onmouseout="this.style.color='var(--fg-dim)'" title="Save as prompt">💾</button>` : ''}
         ${!isEditing ? `<button onclick="startQpEdit(${idx})" style="background:none;border:none;color:var(--fg-dim);cursor:pointer;font-size:11px;padding:0 2px;line-height:1;" onmouseover="this.style.color='var(--accent)'" onmouseout="this.style.color='var(--fg-dim)'" title="Edit">&#9998;</button>` : ''}
         <button onclick="removeQpItem(${idx})" style="background:none;border:none;color:var(--fg-dim);cursor:pointer;font-size:14px;padding:0 2px;line-height:1;" onmouseover="this.style.color='var(--red)'" onmouseout="this.style.color='var(--fg-dim)'">&times;</button>

package/template/claude-task-manager/public/js/walle.js

@@ -26,10 +26,15 @@ function resolveWalleBase() {
 // Probe on load
 resolveWalleBase();
 
-function api(path) {
+function api(path, opts) {
   var token = window._ctmState?.token || '';
   var sep = path.includes('?') ? '&' : '?';
-  return fetch(WALLE_BASE + '/api/wall-e' + path + sep + 'token=' + token).then(function(r) { return r.json(); });
+  var url = WALLE_BASE + '/api/wall-e' + path + sep + 'token=' + token;
+  var fetchOpts = opts || {};
+  return fetch(url, fetchOpts).then(function(r) {
+    if (!r.ok) return r.json().then(function(d) { throw Object.assign(new Error(d.error || r.statusText), d); });
+    return r.json();
+  });
 }
 
 function apiPost(path, body) {
@@ -228,6 +233,7 @@ WE.showView = function(view) {
   else if (view === 'actions') WE.renderActions();
   else if (view === 'tasks') WE.renderTasks();
   else if (view === 'skills') WE.renderSkills();
+  else if (view === 'mcp') WE.renderMcp();
   else if (view === 'timeline') WE.renderTimeline();
   else if (view === 'questions') WE.renderQuestions();
   else if (view === 'status') WE.renderStatus();
@@ -459,6 +465,151 @@ WE._filterBrain = function() {
 };
 
 // ---- Timeline View ----
+// ---- MCP Servers tab ----
+WE.renderMcp = function() {
+  var body = document.getElementById('walle-body');
+  safeSetHtml(body, '<div style="padding:16px;color:var(--fg-dim)">Loading MCP servers...</div>');
+  api('/mcp/servers').then(function(data) {
+    var servers = data.data || [];
+    var meta = data.meta || {};
+    var html = '';
+    // Header
+    html += '<div style="padding:12px 16px;display:flex;align-items:center;gap:8px;border-bottom:1px solid var(--border,#333)">';
+    html += '<h3 style="margin:0;font-size:14px;flex:1">MCP Servers</h3>';
+    var connected = servers.filter(function(s) { return s.status === 'connected' || s.status === 'cached'; }).length;
+    html += '<span style="font-size:11px;color:var(--fg-dim)">' + connected + '/' + servers.length + ' connected</span>';
+    if (meta.last_scan) html += '<span style="font-size:10px;color:var(--fg-dim)">Last scan: ' + esc(new Date(meta.last_scan).toLocaleString()) + '</span>';
+    html += '<button class="walle-btn" onclick="WE._scanMcp()">Scan All</button>';
+    html += '</div>';
+
+    if (servers.length === 0) {
+      html += '<div style="padding:24px;text-align:center;color:var(--fg-dim)">No MCP servers found.<br><span style="font-size:11px">Configure MCP servers in Claude Code (Settings > MCP Servers) and they will appear here.</span></div>';
+    } else {
+      for (var i = 0; i < servers.length; i++) {
+        var s = servers[i];
+        // Status colors
+        var dotColor = '#666'; // disconnected
+        var statusLabel = 'disconnected';
+        var statusColor = '#666';
+        if (s.status === 'connected') { dotColor = '#5c940d'; statusLabel = 'connected'; statusColor = '#5c940d'; }
+        else if (s.status === 'cached') { dotColor = '#228be6'; statusLabel = 'cached'; statusColor = '#228be6'; }
+        else if (s.status === 'authenticated') { dotColor = '#fab005'; statusLabel = 'authenticated'; statusColor = '#fab005'; }
+
+        html += '<div style="border-bottom:1px solid var(--border,#333);padding:10px 16px;" id="mcp-server-' + esc(s.name) + '">';
+        // Row 1: name + status + actions
+        html += '<div style="display:flex;align-items:center;gap:8px;margin-bottom:4px;">';
+        html += '<span style="display:inline-block;width:8px;height:8px;border-radius:50%;background:' + dotColor + ';flex-shrink:0"></span>';
+        html += '<strong style="font-size:13px;">' + esc(s.name) + '</strong>';
+        html += '<span style="font-size:10px;color:var(--fg-dim);background:var(--bg-lighter,#2a2a3e);padding:1px 6px;border-radius:8px;">' + esc(s.type) + '</span>';
+        html += '<span style="font-size:10px;color:' + statusColor + '">' + statusLabel + '</span>';
+        html += '<span style="flex:1"></span>';
+        // Tool count
+        html += '<span style="font-size:10px;color:var(--fg-dim)">' + s.tool_count + ' tools</span>';
+        // Connect/Test button
+        if (s.status === 'connected' || s.status === 'cached') {
+          html += '<button class="walle-btn" style="font-size:10px;padding:2px 8px;" onclick="WE._connectMcp(\'' + esc(s.name) + '\',this)">Refresh</button>';
+        } else {
+          html += '<button class="walle-btn primary" style="font-size:10px;padding:2px 8px;" onclick="WE._connectMcp(\'' + esc(s.name) + '\',this)">Connect</button>';
+        }
+        html += '</div>';
+        // Row 2: URL
+        if (s.url) html += '<div style="font-size:10px;color:var(--fg-dim);margin-left:16px;margin-bottom:4px;font-family:monospace;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;">' + esc(String(s.url)) + '</div>';
+        // Row 3: tools (collapsible if many)
+        if (s.tools.length > 0) {
+          var showAll = s.tools.length <= 10;
+          html += '<div style="margin-left:16px;display:flex;flex-wrap:wrap;gap:4px;">';
+          var displayTools = showAll ? s.tools : s.tools.slice(0, 8);
+          for (var j = 0; j < displayTools.length; j++) {
+            var t = displayTools[j];
+            html += '<span title="' + esc(t.description || '') + '" style="font-size:10px;background:var(--bg-lighter,#2a2a3e);padding:2px 6px;border-radius:4px;cursor:default;border:1px solid transparent;" onmouseover="this.style.borderColor=\'var(--accent)\'" onmouseout="this.style.borderColor=\'transparent\'">' + esc(t.name) + '</span>';
+          }
+          if (!showAll) {
+            html += '<span style="font-size:10px;color:var(--fg-dim);padding:2px 6px;cursor:pointer;" onclick="this.parentElement.style.display=\'none\';this.parentElement.nextElementSibling.style.display=\'flex\'">+' + (s.tools.length - 8) + ' more</span>';
+          }
+          html += '</div>';
+          if (!showAll) {
+            // Hidden expanded list
+            html += '<div style="margin-left:16px;display:none;flex-wrap:wrap;gap:4px;">';
+            for (var k = 0; k < s.tools.length; k++) {
+              var t2 = s.tools[k];
+              html += '<span title="' + esc(t2.description || '') + '" style="font-size:10px;background:var(--bg-lighter,#2a2a3e);padding:2px 6px;border-radius:4px;cursor:default;border:1px solid transparent;" onmouseover="this.style.borderColor=\'var(--accent)\'" onmouseout="this.style.borderColor=\'transparent\'">' + esc(t2.name) + '</span>';
+            }
+            html += '</div>';
+          }
+        }
+        html += '</div>';
+      }
+    }
+    safeSetHtml(body, html);
+  }).catch(function(e) {
+    safeSetHtml(body, '<div style="padding:16px;color:var(--red)">Failed to load MCP servers: ' + esc(e.message) + '</div>');
+  });
+};
+
+WE._connectMcp = function(serverName, btnEl) {
+  if (btnEl) {
+    btnEl.disabled = true;
+    btnEl.textContent = 'Connecting...';
+  }
+  api('/mcp/connect/' + encodeURIComponent(serverName), { method: 'POST' }).then(function(data) {
+    if (typeof window.toast === 'function') window.toast(serverName + ' connected — ' + data.tools + ' tools', { type: 'success' });
+    setTimeout(function() { WE.renderMcp(); }, 300);
+  }).catch(function(e) {
+    var msg = e.message || '';
+    if (msg.includes('401') || msg.includes('Unauthorized') || msg.includes('auth')) {
+      // Show Authenticate button instead of dead-end error
+      if (btnEl) {
+        btnEl.textContent = 'Authenticate';
+        btnEl.style.color = '#fab005';
+        btnEl.disabled = false;
+        btnEl.onclick = function() { WE._authMcp(serverName, btnEl); };
+      }
+      if (typeof window.toast === 'function') window.toast(serverName + ' needs authentication — click Authenticate to log in.', { type: 'warning' });
+    } else {
+      if (btnEl) { btnEl.textContent = 'Retry'; btnEl.disabled = false; }
+      if (typeof window.toast === 'function') window.toast(serverName + ': ' + msg.slice(0, 100), { type: 'error' });
+    }
+  });
+};
+
+WE._authMcp = function(serverName, btnEl) {
+  if (btnEl) {
+    btnEl.disabled = true;
+    btnEl.textContent = 'Opening browser...';
+  }
+  api('/mcp/auth/' + encodeURIComponent(serverName), { method: 'POST' }).then(function() {
+    if (typeof window.toast === 'function') window.toast('Check your browser — log in to ' + serverName, { type: 'info' });
+    if (btnEl) { btnEl.textContent = 'Waiting for login...'; }
+    // Poll for connection success
+    var attempts = 0;
+    var poll = setInterval(function() {
+      attempts++;
+      api('/mcp/connect/' + encodeURIComponent(serverName), { method: 'POST' }).then(function(data) {
+        clearInterval(poll);
+        if (typeof window.toast === 'function') window.toast(serverName + ' connected — ' + data.tools + ' tools!', { type: 'success' });
+        setTimeout(function() { WE.renderMcp(); }, 300);
+      }).catch(function() {
+        if (attempts > 30) {
+          clearInterval(poll);
+          if (btnEl) { btnEl.textContent = 'Timed out'; btnEl.disabled = false; }
+        }
+      });
+    }, 3000);
+  }).catch(function(e) {
+    if (btnEl) { btnEl.textContent = 'Auth failed'; btnEl.disabled = false; }
+    if (typeof window.toast === 'function') window.toast('Auth failed: ' + (e.message || '').slice(0, 100), { type: 'error' });
+  });
+};
+
+WE._scanMcp = function() {
+  api('/mcp/scan', { method: 'POST' }).then(function() {
+    if (typeof window.toast === 'function') window.toast('Scanning all MCP servers...', { type: 'info' });
+    setTimeout(function() { WE.renderMcp(); }, 8000);
+  }).catch(function(e) {
+    if (typeof window.toast === 'function') window.toast('Scan failed: ' + e.message, { type: 'error' });
+  });
+};
+
 WE.renderTimeline = function() {
   timelineOffset = 0;
   api('/timeline?limit=100').then(function(data) {
@@ -793,6 +944,7 @@ function renderChatUI() {
     html += '<div class="we-export-bar">';
     html += '<span class="we-export-count">' + chatSelected.size + ' selected</span>';
     html += '<button class="walle-btn" onclick="WE._exportAsText()">Copy as Text</button>';
+    html += '<button class="walle-btn" onclick="WE._copyAsImage()">Copy as Image</button>';
     html += '<button class="walle-btn" onclick="WE._exportAsImage()">Save as Image</button>';
     html += '<button class="walle-btn danger" onclick="WE._deleteSelected()">Delete</button>';
     html += '<button class="we-chat-search-clear" onclick="WE._clearSelection()" title="Clear selection">&times;</button>';
@@ -1420,6 +1572,11 @@ WE._toggleTurn = function(turnIdx) {
     copyBtn.textContent = 'Copy as Text';
     copyBtn.onclick = function() { WE._exportAsText(); };
     newBar.appendChild(copyBtn);
+    var clipImgBtn = document.createElement('button');
+    clipImgBtn.className = 'walle-btn';
+    clipImgBtn.textContent = 'Copy as Image';
+    clipImgBtn.onclick = function() { WE._copyAsImage(); };
+    newBar.appendChild(clipImgBtn);
     var imgBtn = document.createElement('button');
     imgBtn.className = 'walle-btn';
     imgBtn.textContent = 'Save as Image';
@@ -1492,11 +1649,29 @@ WE._exportAsText = function() {
   });
 };
 
-WE._exportAsImage = function() {
+WE._copyAsImage = function() {
   var turns = _getSelectedTurns();
   if (turns.length === 0) return;
+  var container = WE._buildExportContainer(turns);
+  document.body.appendChild(container);
+  if (typeof html2canvas !== 'undefined') {
+    html2canvas(container, { backgroundColor: '#1a1a2e', scale: 2 }).then(function(canvas) {
+      document.body.removeChild(container);
+      canvas.toBlob(function(blob) {
+        navigator.clipboard.write([new ClipboardItem({ 'image/png': blob })]).then(function() {
+          if (typeof window.toast === 'function') window.toast('Image copied to clipboard', { type: 'success' });
+        }).catch(function(e) {
+          if (typeof window.toast === 'function') window.toast('Copy failed: ' + e.message, { type: 'error' });
+        });
+      }, 'image/png');
+    });
+  } else {
+    document.body.removeChild(container);
+    if (typeof window.toast === 'function') window.toast('html2canvas not loaded', { type: 'error' });
+  }
+};
 
-  // Build styled content for the export
+WE._buildExportContainer = function(turns) {
   var styles = [
     'body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif; background: #1a1a2e; color: #e0e0e0; padding: 24px; max-width: 700px; margin: 0 auto; }',
     '.turn { border-bottom: 1px solid rgba(255,255,255,0.08); padding: 12px 0; }',
@@ -1512,8 +1687,6 @@ WE._exportAsImage = function() {
     'blockquote { border-left: 2px solid #3b82f6; padding-left: 10px; color: #9ca3af; margin: 4px 0; }',
     '.header { font-size: 10px; color: #666; margin-bottom: 16px; }',
   ].join('\n');
-
-  // Build turn HTML fragments
   var turnHtml = '';
   turns.forEach(function(t) {
     turnHtml += '<div class="turn">';
@@ -1527,8 +1700,6 @@ WE._exportAsImage = function() {
     }
     turnHtml += '</div>';
   });
-
-  // Render into off-screen container for html2canvas
   var container = document.createElement('div');
   container.style.cssText = 'position:fixed;left:-9999px;top:0;width:700px;background:#1a1a2e;color:#e0e0e0;padding:24px;font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,sans-serif;';
   var headerEl = document.createElement('div');
@@ -1538,10 +1709,17 @@ WE._exportAsImage = function() {
   var contentEl = document.createElement('div');
   safeSetHtml(contentEl, turnHtml);
   container.appendChild(contentEl);
-  // Inject styles
   var styleEl = document.createElement('style');
   styleEl.textContent = styles;
   container.appendChild(styleEl);
+  container._styles = styles; // stash for fallback
+  return container;
+};
+
+WE._exportAsImage = function() {
+  var turns = _getSelectedTurns();
+  if (turns.length === 0) return;
+  var container = WE._buildExportContainer(turns);
   document.body.appendChild(container);
 
   if (typeof html2canvas !== 'undefined') {
@@ -1563,7 +1741,7 @@ WE._exportAsImage = function() {
     var w = window.open('', '_blank', 'width=750,height=600');
     var doc = w.document;
     var styleTag = doc.createElement('style');
-    styleTag.textContent = styles;
+    styleTag.textContent = container._styles;
     doc.head.appendChild(styleTag);
     var header = doc.createElement('div');
     header.className = 'header';

package/template/package.json

@@ -1,6 +1,6 @@
 {
   "name": "walle",
-  "version": "0.8.0",
+  "version": "0.9.0",
   "private": true,
   "description": "Wall-E — your personal digital twin",
   "scripts": {

package/template/wall-e/api-walle.js

@@ -239,6 +239,122 @@ function handleWalleApi(req, res, url) {
     return true;
   }
 
+  // GET /api/wall-e/mcp/servers — list all MCP servers and their cached tools
+  if (p === '/api/wall-e/mcp/servers' && m === 'GET') {
+    try {
+      const mcpClient = require('./skills/mcp-client');
+      const configs = mcpClient.loadMcpConfigs();
+
+      // Read cached tools from brain DB
+      const db = getReadDb();
+      let toolsByServer = {};
+      let scanMeta = {};
+      if (db) {
+        try {
+          const tools = db.prepare('SELECT * FROM mcp_tools_cache ORDER BY server, tool_name').all();
+          for (const t of tools) {
+            if (!toolsByServer[t.server]) toolsByServer[t.server] = [];
+            toolsByServer[t.server].push({ name: t.tool_name, description: t.description, scanned_at: t.scanned_at });
+          }
+        } catch {} // table may not exist yet
+        try {
+          const meta = db.prepare('SELECT * FROM mcp_scan_meta').all();
+          for (const row of meta) scanMeta[row.key] = row.value;
+        } catch {}
+      }
+
+      // Check which servers are actually connected (have active transport)
+      const activeConnections = mcpClient.getActiveConnections ? mcpClient.getActiveConnections() : new Map();
+
+      const servers = Object.entries(configs).map(([name, cfg]) => {
+        const hasToken = !!(cfg.oauth?.accessToken);
+        const isConnected = activeConnections.has(name);
+        const hasCachedTools = (toolsByServer[name] || []).length > 0;
+        // Status: connected (green), authenticated but not tested (yellow), needs auth (gray)
+        let status = 'disconnected';
+        if (isConnected) status = 'connected';
+        else if (hasCachedTools) status = 'cached'; // previously connected, tools cached
+        else if (hasToken) status = 'authenticated';
+        return {
+          name,
+          type: cfg.type || (cfg.command ? 'stdio' : 'http'),
+          url: cfg.url || cfg.command || '',
+          authenticated: hasToken,
+          status,
+          tools: toolsByServer[name] || [],
+          tool_count: (toolsByServer[name] || []).length,
+        };
+      });
+
+      jsonResponse(res, { data: servers, meta: scanMeta });
+    } catch (e) {
+      jsonResponse(res, { error: e.message }, 500);
+    }
+    return true;
+  }
+
+  // POST /api/wall-e/mcp/scan — trigger MCP scan now
+  if (p === '/api/wall-e/mcp/scan' && m === 'POST') {
+    try {
+      const { execFile } = require('child_process');
+      const scriptPath = require('path').resolve(__dirname, 'skills/_bundled/mcp-scan/run.js');
+      execFile('node', [scriptPath], { timeout: 60000 }, (err, stdout, stderr) => {
+        if (err) console.error('[mcp-scan] Error:', err.message);
+        else console.log('[mcp-scan]', stdout.trim());
+      });
+      jsonResponse(res, { ok: true, message: 'MCP scan started' });
+    } catch (e) {
+      jsonResponse(res, { error: e.message }, 500);
+    }
+    return true;
+  }
+
+  // POST /api/wall-e/mcp/connect/:server — test connection to a specific MCP server
+  const mcpConnectMatch = p.match(/^\/api\/wall-e\/mcp\/connect\/([^/]+)$/);
+  if (mcpConnectMatch && m === 'POST') {
+    const serverName = decodeURIComponent(mcpConnectMatch[1]);
+    const mcpClient = require('./skills/mcp-client');
+    mcpClient.getConnection(serverName).then(function(conn) {
+      return conn.listTools();
+    }).then(function(tools) {
+      // Cache tools in brain DB (need writable DB)
+      if (brain && ensureBrainInit()) {
+        try {
+          const db = brain.getDb();
+          db.exec("CREATE TABLE IF NOT EXISTS mcp_tools_cache (server TEXT NOT NULL, tool_name TEXT NOT NULL, description TEXT, input_schema TEXT, scanned_at TEXT DEFAULT (datetime('now')), PRIMARY KEY (server, tool_name))");
+          db.prepare('DELETE FROM mcp_tools_cache WHERE server = ?').run(serverName);
+          const ins = db.prepare('INSERT INTO mcp_tools_cache (server, tool_name, description, input_schema) VALUES (?, ?, ?, ?)');
+          for (const t of tools) ins.run(serverName, t.name, t.description || '', JSON.stringify(t.inputSchema || {}));
+        } catch (e) { console.error('[mcp-connect] Cache error:', e.message); }
+      }
+      jsonResponse(res, { ok: true, server: serverName, tools: tools.length, status: 'connected' });
+    }).catch(function(e) {
+      const msg = e.message || '';
+      const needsAuth = msg.includes('401') || msg.includes('Unauthorized') || msg.includes('auth');
+      jsonResponse(res, { error: msg.slice(0, 200), server: serverName, needs_auth: needsAuth }, needsAuth ? 401 : 500);
+    });
+    return true;
+  }
+
+  // POST /api/wall-e/mcp/auth/:server — start OAuth flow for an MCP server
+  const mcpAuthMatch = p.match(/^\/api\/wall-e\/mcp\/auth\/([^/]+)$/);
+  if (mcpAuthMatch && m === 'POST') {
+    const serverName = decodeURIComponent(mcpAuthMatch[1]);
+    try {
+      const mcpClient = require('./skills/mcp-client');
+      // Fire and forget — OAuth opens browser, callback handles the rest
+      mcpClient.authenticateMcpServer(serverName).then(function(token) {
+        console.log('[wall-e] MCP OAuth completed for ' + serverName);
+      }).catch(function(err) {
+        console.error('[wall-e] MCP OAuth failed for ' + serverName + ':', err.message);
+      });
+      jsonResponse(res, { ok: true, message: 'OAuth flow started — check your browser' });
+    } catch (e) {
+      jsonResponse(res, { error: e.message }, 500);
+    }
+    return true;
+  }
+
   // GET /api/wall-e/status
   if (p === '/api/wall-e/status' && m === 'GET') {
     const result = getStatus();

package/template/wall-e/chat.js

@@ -48,14 +48,25 @@ async function chat(message, opts = {}) {
     }
   } catch {}
 
-  // Load available MCP servers so WALL-E knows what it can connect to
+  // Load available MCP servers and their cached tools so WALL-E knows what it can do
   let mcpServerList = '';
   try {
     const { loadMcpConfigs } = require('./skills/mcp-client');
     const configs = loadMcpConfigs();
+    // Read cached tools from brain DB
+    let toolsByServer = {};
+    try {
+      const rows = brain.getDb().prepare('SELECT server, tool_name FROM mcp_tools_cache ORDER BY server').all();
+      for (const r of rows) {
+        if (!toolsByServer[r.server]) toolsByServer[r.server] = [];
+        toolsByServer[r.server].push(r.tool_name);
+      }
+    } catch {} // table may not exist yet
     mcpServerList = Object.entries(configs).map(([name, cfg]) => {
       const hasAuth = cfg.oauth?.accessToken ? 'authenticated' : 'needs auth';
-      return `- ${name}: ${cfg.type || 'stdio'} (${cfg.url || cfg.command || 'local'}) [${hasAuth}]`;
+      const tools = toolsByServer[name];
+      const toolStr = tools ? ` — tools: ${tools.slice(0, 10).join(', ')}${tools.length > 10 ? ' +' + (tools.length - 10) + ' more' : ''}` : '';
+      return `- ${name}: ${cfg.type || 'stdio'} [${hasAuth}]${toolStr}`;
     }).join('\n');
   } catch {}
 
@@ -184,6 +195,7 @@ After gathering evidence, ALWAYS use the **think** tool before responding. This
 - **search_memories**: Full-text search with BM25 ranking. Use source:"slack" for Slack only.
 - remember_fact: Store new knowledge the user teaches you.
 - run_skill, mcp_call, list_mcp_tools: For actions and external services.
+- When mcp_call returns auth_required, tell the user which MCP server needs authentication and suggest they connect it via Claude Code or the MCP tab in the dashboard.
 
 ### Local Machine Tools (macOS)
 - **web_fetch**: Fetch any URL — weather, news, APIs, documentation. Use for ALL real-time data requests.
@@ -484,7 +496,15 @@ When ${ownerName} asks you to DO something (create a file, set a reminder, searc
         }
         return result;
       } catch (err) {
-        return { error: err.message };
+        const msg = err.message || '';
+        if (msg.includes('401') || msg.includes('Unauthorized') || msg.includes('auth')) {
+          return {
+            error: `Authentication failed for ${input.server}. This MCP server requires OAuth tokens that are managed by Claude Code. Ask the user to authenticate ${input.server} through Claude Code first, then try again.`,
+            auth_required: true,
+            server: input.server,
+          };
+        }
+        return { error: msg };
       }
     }
     if (name === 'list_mcp_tools') {

package/template/wall-e/core-tasks.js

@@ -47,7 +47,7 @@ module.exports = [
     description: 'One-time full sync of sent email history from macOS Mail. Run manually to backfill.',
     type: 'once',
     skill: 'email-sync',
-    skill_config: JSON.stringify({ days_back: 90, sync_inbox: true }),
+    skill_config: JSON.stringify({ days_back: 3650, sync_inbox: true }),
     priority: 'normal',
   },
 ];

package/template/wall-e/skills/_bundled/mcp-scan/SKILL.md

@@ -0,0 +1,14 @@
+---
+name: mcp-scan
+description: Discover and cache tools from all Claude Code MCP servers
+version: 1.0.0
+execution: script
+entry: run.js
+trigger:
+  type: interval
+  schedule: "every 1h"
+tags: [mcp, discovery, tools]
+---
+
+Connects to all MCP servers configured in Claude Code and caches their available tools.
+This lets Wall-E know what tools are available across all integrations (Glean, Slack, Rootly, Mezmo, etc.).

package/template/wall-e/skills/_bundled/mcp-scan/run.js

@@ -0,0 +1,86 @@
+#!/usr/bin/env node
+'use strict';
+
+/**
+ * MCP Scan Skill — discovers tools from all Claude Code MCP servers
+ * and caches them in the brain DB for fast lookup.
+ *
+ * Runs hourly. Results are stored in the `mcp_tools_cache` table
+ * and used by the chat system prompt so Wall-E knows what it can do.
+ */
+
+const path = require('path');
+const brain = require(path.resolve(__dirname, '../../..', 'brain'));
+const mcpClient = require(path.resolve(__dirname, '../..', 'mcp-client'));
+
+async function main() {
+  brain.initDb();
+  const db = brain.getDb();
+
+  // Ensure cache table exists
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS mcp_tools_cache (
+      server TEXT NOT NULL,
+      tool_name TEXT NOT NULL,
+      description TEXT,
+      input_schema TEXT,
+      scanned_at TEXT DEFAULT (datetime('now')),
+      PRIMARY KEY (server, tool_name)
+    )
+  `);
+
+  const configs = mcpClient.loadMcpConfigs();
+  const serverNames = Object.keys(configs);
+  console.log('[mcp-scan] Found ' + serverNames.length + ' MCP servers: ' + serverNames.join(', '));
+
+  let totalTools = 0;
+  let successServers = 0;
+  const failedServers = [];
+
+  for (const [name, config] of Object.entries(configs)) {
+    try {
+      const conn = await mcpClient.getConnection(name);
+      const tools = await conn.listTools();
+
+      // Clear old tools for this server and insert fresh
+      db.prepare('DELETE FROM mcp_tools_cache WHERE server = ?').run(name);
+      const insert = db.prepare(
+        'INSERT INTO mcp_tools_cache (server, tool_name, description, input_schema) VALUES (?, ?, ?, ?)'
+      );
+      for (const tool of tools) {
+        insert.run(name, tool.name, tool.description || '', JSON.stringify(tool.inputSchema || {}));
+      }
+
+      totalTools += tools.length;
+      successServers++;
+      console.log('  ' + name + ': ' + tools.length + ' tools');
+    } catch (err) {
+      failedServers.push(name + ': ' + err.message.slice(0, 80));
+      console.log('  ' + name + ': FAILED - ' + err.message.slice(0, 80));
+    }
+  }
+
+  // Update scan metadata
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS mcp_scan_meta (
+      key TEXT PRIMARY KEY,
+      value TEXT
+    )
+  `);
+  const upsert = db.prepare('INSERT OR REPLACE INTO mcp_scan_meta (key, value) VALUES (?, ?)');
+  upsert.run('last_scan', new Date().toISOString());
+  upsert.run('server_count', String(serverNames.length));
+  upsert.run('tool_count', String(totalTools));
+
+  console.log('\n[mcp-scan] Done: ' + successServers + '/' + serverNames.length + ' servers, ' + totalTools + ' tools');
+  if (failedServers.length > 0) {
+    console.log('Failed: ' + failedServers.join(', '));
+  }
+
+  brain.closeDb();
+}
+
+main().catch(function(err) {
+  console.error('[mcp-scan] Error:', err.message);
+  process.exit(1);
+});

package/template/wall-e/skills/mcp-client.js

@@ -23,6 +23,14 @@ function loadMcpConfigs() {
     }
   } catch {}
 
+  // From .claude.json (global MCP servers — Glean, Mezmo, etc.)
+  try {
+    const claudeJson = JSON.parse(fs.readFileSync(path.join(process.env.HOME, '.claude.json'), 'utf8'));
+    for (const [name, cfg] of Object.entries(claudeJson.mcpServers || {})) {
+      if (!configs[name]) configs[name] = { ...cfg, name };
+    }
+  } catch {}
+
   // From mcp.json (stdio servers)
   try {
     const mcp = JSON.parse(fs.readFileSync(path.join(CLAUDE_DIR, 'mcp.json'), 'utf8'));
@@ -201,8 +209,8 @@ class HttpTransport {
     this.nextId = 1;
     this.initialized = false;
     this.sessionUrl = null;
-    // OAuth tokens would be loaded from stored auth
-    this.authHeaders = {};
+    // Start with static headers from config (e.g. Mezmo, Rootly bearer tokens)
+    this.authHeaders = config.headers ? { ...config.headers } : {};
   }
 
   async connect() {
@@ -210,18 +218,77 @@ class HttpTransport {
     if (this.config.oauth) {
       this._loadOAuthToken();
     }
+    // Also try loading a previously saved token from our own storage
+    if (!this.authHeaders['Authorization']) {
+      this._loadSavedToken();
+    }
 
-    // Initialize
-    const result = await this._send('initialize', {
-      protocolVersion: '2024-11-05',
-      capabilities: {},
-      clientInfo: { name: 'wall-e', version: '0.1.0' },
-    });
+    try {
+      // Initialize
+      const result = await this._send('initialize', {
+        protocolVersion: '2024-11-05',
+        capabilities: {},
+        clientInfo: { name: 'wall-e', version: '0.1.0' },
+      });
 
-    // Send initialized notification
-    await this._sendNotification('notifications/initialized');
-    this.initialized = true;
-    return result;
+      // Send initialized notification
+      await this._sendNotification('notifications/initialized');
+      this.initialized = true;
+      return result;
+    } catch (err) {
+      // If 401, try to discover OAuth and re-throw with auth info
+      if (err.message && err.message.includes('401')) {
+        const oauthMeta = await this._discoverOAuth();
+        if (oauthMeta) {
+          err.oauthDiscovered = true;
+          err.oauthMeta = oauthMeta;
+        }
+      }
+      throw err;
+    }
+  }
+
+  _loadSavedToken() {
+    try {
+      // Check slack-mcp.js token for Slack servers (setup page uses this path)
+      if (this.config.url && this.config.url.includes('mcp.slack.com')) {
+        const slackTokenPath = path.join(CLAUDE_DIR, 'wall-e-slack-token.json');
+        if (fs.existsSync(slackTokenPath)) {
+          const data = JSON.parse(fs.readFileSync(slackTokenPath, 'utf8'));
+          if (data.access_token) {
+            this.authHeaders['Authorization'] = 'Bearer ' + data.access_token;
+            return;
+          }
+        }
+      }
+      const tokenPath = path.join(CLAUDE_DIR, 'wall-e-mcp-tokens', this.config.name + '.json');
+      if (fs.existsSync(tokenPath)) {
+        const data = JSON.parse(fs.readFileSync(tokenPath, 'utf8'));
+        if (data.access_token && (!data.expires_at || data.expires_at > Date.now())) {
+          this.authHeaders['Authorization'] = 'Bearer ' + data.access_token;
+        }
+      }
+    } catch {}
+  }
+
+  async _discoverOAuth() {
+    try {
+      // Standard MCP OAuth discovery: /.well-known/oauth-authorization-server at the server's origin
+      const urlObj = new URL(this.url);
+      const discoveryUrl = urlObj.origin + '/.well-known/oauth-authorization-server';
+      const res = await fetch(discoveryUrl, { signal: AbortSignal.timeout(5000) });
+      if (res.ok) {
+        const meta = await res.json();
+        return {
+          authorization_endpoint: meta.authorization_endpoint,
+          token_endpoint: meta.token_endpoint,
+          registration_endpoint: meta.registration_endpoint,
+          scopes_supported: meta.scopes_supported,
+          issuer: meta.issuer,
+        };
+      }
+    } catch {}
+    return null;
   }
 
   _loadOAuthToken() {
@@ -343,7 +410,7 @@ async function getConnection(serverName) {
   if (!config) throw new Error(`MCP server "${serverName}" not found in config`);
 
   let transport;
-  if (config.type === 'http' && config.url) {
+  if ((config.type === 'http' || config.type === 'sse') && config.url) {
     transport = new HttpTransport(config);
   } else if (config.command) {
     transport = new StdioTransport(config);
@@ -396,11 +463,172 @@ function disconnectAll() {
   connections.clear();
 }
 
+function getActiveConnections() {
+  return connections;
+}
+
+/**
+ * Run OAuth flow for an MCP server: discover metadata, register client,
+ * open browser for auth, handle callback, save token.
+ */
+async function authenticateMcpServer(serverName) {
+  const configs = loadMcpConfigs();
+  const config = configs[serverName];
+  if (!config) throw new Error('MCP server "' + serverName + '" not found');
+
+  // Slack uses its own OAuth flow — delegate to slack-mcp.js
+  if (config.url && config.url.includes('mcp.slack.com')) {
+    const slackMcp = require('../tools/slack-mcp');
+    return slackMcp.authenticate();
+  }
+
+  // Discover OAuth metadata
+  const urlObj = new URL(config.url);
+  const discoveryUrl = urlObj.origin + '/.well-known/oauth-authorization-server';
+  const discRes = await fetch(discoveryUrl, { signal: AbortSignal.timeout(5000) });
+  if (!discRes.ok) throw new Error('No OAuth discovery at ' + discoveryUrl);
+  const meta = await discRes.json();
+
+  if (!meta.authorization_endpoint || !meta.token_endpoint) {
+    throw new Error('OAuth metadata missing endpoints');
+  }
+
+  // Dynamic client registration (if supported)
+  let clientId, clientSecret;
+  if (meta.registration_endpoint) {
+    const regRes = await fetch(meta.registration_endpoint, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        client_name: 'Wall-E AI Agent',
+        redirect_uris: ['http://localhost:3119/callback'],
+        grant_types: ['authorization_code'],
+        response_types: ['code'],
+        token_endpoint_auth_method: 'none',
+      }),
+      signal: AbortSignal.timeout(10000),
+    });
+    if (regRes.ok) {
+      const reg = await regRes.json();
+      clientId = reg.client_id;
+      clientSecret = reg.client_secret;
+    }
+  }
+  // Fallback: use configured clientId if dynamic registration fails
+  if (!clientId && config.oauth?.clientId) {
+    clientId = config.oauth.clientId;
+  }
+  if (!clientId) throw new Error('No client_id available (dynamic registration failed and none configured)');
+
+  // PKCE challenge
+  const crypto = require('crypto');
+  const codeVerifier = crypto.randomBytes(32).toString('base64url');
+  const codeChallenge = crypto.createHash('sha256').update(codeVerifier).digest('base64url');
+  const state = crypto.randomBytes(16).toString('hex');
+
+  // Determine scopes
+  const scopes = (meta.scopes_supported || []).filter(function(s) {
+    return ['mcp', 'openid', 'search', 'people', 'chat', 'offline_access'].includes(s);
+  }).join(' ') || 'mcp';
+
+  const CALLBACK_PORT = 3119;
+
+  return new Promise(function(resolve, reject) {
+    const http = require('http');
+    const timeout = setTimeout(function() {
+      server.close();
+      reject(new Error('OAuth timeout (2 minutes)'));
+    }, 120000);
+
+    const server = http.createServer(async function(req, res) {
+      const reqUrl = new URL(req.url, 'http://localhost:' + CALLBACK_PORT);
+      if (reqUrl.pathname !== '/callback') { res.writeHead(404); res.end(); return; }
+
+      const code = reqUrl.searchParams.get('code');
+      const retState = reqUrl.searchParams.get('state');
+      if (retState !== state) { res.writeHead(400); res.end('Invalid state'); clearTimeout(timeout); server.close(); reject(new Error('OAuth state mismatch')); return; }
+
+      try {
+        // Exchange code for token
+        const tokenBody = new URLSearchParams({
+          grant_type: 'authorization_code',
+          code: code,
+          redirect_uri: 'http://localhost:' + CALLBACK_PORT + '/callback',
+          client_id: clientId,
+          code_verifier: codeVerifier,
+        });
+        if (clientSecret) tokenBody.set('client_secret', clientSecret);
+
+        const tokenRes = await fetch(meta.token_endpoint, {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+          body: tokenBody.toString(),
+        });
+
+        if (!tokenRes.ok) {
+          const errText = await tokenRes.text();
+          throw new Error('Token exchange failed: ' + errText.slice(0, 200));
+        }
+
+        const tokenData = await tokenRes.json();
+
+        // Save token
+        const tokenDir = path.join(CLAUDE_DIR, 'wall-e-mcp-tokens');
+        if (!fs.existsSync(tokenDir)) fs.mkdirSync(tokenDir, { recursive: true });
+        fs.writeFileSync(path.join(tokenDir, serverName + '.json'), JSON.stringify({
+          access_token: tokenData.access_token,
+          refresh_token: tokenData.refresh_token,
+          expires_at: tokenData.expires_in ? Date.now() + tokenData.expires_in * 1000 : null,
+          obtained_at: new Date().toISOString(),
+          server: serverName,
+        }, null, 2));
+
+        res.writeHead(200, { 'Content-Type': 'text/html' });
+        res.end('<html><body style="font-family:system-ui;text-align:center;padding:40px"><h2>Wall-E connected to ' + serverName + '!</h2><p>You can close this tab.</p></body></html>');
+
+        clearTimeout(timeout);
+        server.close();
+        resolve(tokenData.access_token);
+      } catch (err) {
+        res.writeHead(500);
+        res.end('Token exchange failed: ' + err.message);
+        clearTimeout(timeout);
+        server.close();
+        reject(err);
+      }
+    });
+
+    server.listen(CALLBACK_PORT, function() {
+      const authUrl = meta.authorization_endpoint
+        + '?response_type=code'
+        + '&client_id=' + encodeURIComponent(clientId)
+        + '&redirect_uri=' + encodeURIComponent('http://localhost:' + CALLBACK_PORT + '/callback')
+        + '&scope=' + encodeURIComponent(scopes)
+        + '&state=' + state
+        + '&code_challenge=' + codeChallenge
+        + '&code_challenge_method=S256';
+
+      console.log('[mcp-client] Opening browser for ' + serverName + ' OAuth...');
+      const { execFile } = require('child_process');
+      execFile('open', [authUrl], function(err) {
+        if (err) console.error('[mcp-client] Failed to open browser:', err.message);
+      });
+    });
+
+    server.on('error', function(err) {
+      clearTimeout(timeout);
+      reject(new Error('OAuth server failed: ' + err.message));
+    });
+  });
+}
+
 module.exports = {
   loadMcpConfigs,
   getConnection,
+  getActiveConnections,
   listAllTools,
   callMcpTool,
+  authenticateMcpServer,
   disconnectAll,
   StdioTransport,
   HttpTransport,

package/template/wall-e/tools/local-tools.js

@@ -654,6 +654,39 @@ const LOCAL_TOOL_DEFINITIONS = [
       required: ['url'],
     },
   },
+  {
+    name: 'glean_search',
+    description: 'Search company documents, wikis, Google Docs, Confluence, Jira, and other connected sources via Glean. Use when the user asks to "search docs", "find a document", "look up X in our wiki", "search Glean", or needs information from internal company knowledge bases.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        query: { type: 'string', description: 'Search query (e.g., "Q4 OKRs", "onboarding guide", "API rate limits")' },
+      },
+      required: ['query'],
+    },
+  },
+  {
+    name: 'glean_people',
+    description: 'Search for people in the company directory via Glean. Use when the user asks "who is X", "who works on Y", "find someone in Z team", org chart questions, or needs contact info for a colleague.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        query: { type: 'string', description: 'Person name, role, team, or skill to search for' },
+      },
+      required: ['query'],
+    },
+  },
+  {
+    name: 'glean_chat',
+    description: 'Ask Glean AI a question that requires reasoning across multiple company documents. Use for complex questions like "what was the decision on X?", "summarize our policy on Y", or "what are the pros/cons of Z according to our docs?".',
+    input_schema: {
+      type: 'object',
+      properties: {
+        question: { type: 'string', description: 'Question to ask Glean AI' },
+      },
+      required: ['question'],
+    },
+  },
   {
     name: 'ingest_folder',
     description: 'Read all text files in a folder and store them in Wall-E brain as memories. Supports .md, .txt, .json, .py, .js, .csv, and many more text formats. Files are deduplicated by path. Use when the user asks to "read a folder", "ingest files", "import documents", "load my notes", or "scan a directory into brain".',
@@ -692,11 +725,43 @@ async function executeLocalTool(name, input) {
     case 'mail_send': return sendMail(input);
     case 'system_info': return getSystemInfo();
     case 'web_fetch': return webFetch(input.url, input);
+    case 'glean_search': return gleanSearch(input);
+    case 'glean_people': return gleanPeople(input);
+    case 'glean_chat': return gleanChat(input);
     case 'ingest_folder': return ingestFolder(input);
     default: return null; // not a local tool
   }
 }
 
+async function _callGleanMcp(toolName, args) {
+  try {
+    const mcpClient = require('../skills/mcp-client');
+    // Ensure Glean MCP is configured
+    const configs = mcpClient.loadMcpConfigs();
+    const gleanName = Object.keys(configs).find(k => k.includes('glean'));
+    if (!gleanName) return 'Glean MCP not configured. Add it to your Claude Code MCP settings.';
+    const result = await mcpClient.callMcpTool(gleanName, toolName, args);
+    if (result && result.content) {
+      return result.content.map(c => c.text || JSON.stringify(c)).join('\n');
+    }
+    return JSON.stringify(result);
+  } catch (e) {
+    return 'Glean error: ' + e.message;
+  }
+}
+
+async function gleanSearch(input) {
+  return _callGleanMcp('search', { query: input.query });
+}
+
+async function gleanPeople(input) {
+  return _callGleanMcp('employee_search', { query: input.query });
+}
+
+async function gleanChat(input) {
+  return _callGleanMcp('chat', { query: input.question });
+}
+
 async function ingestFolder(input) {
   const { execFileSync } = require('child_process');
   const scriptPath = path.join(__dirname, '..', 'skills', '_bundled', 'file-ingest', 'run.js');