daemora 1.0.1 → 1.0.3

package/src/config/agentProfiles.js

@@ -1,24 +1,24 @@
 /**
- * Agent Profiles — tool presets for common sub-agent roles.
+ * Agent Profiles - tool presets for common sub-agent roles.
  *
  * Rather than giving every sub-agent all 33 tools, profiles provide
  * focused tool sets matched to the task type. Inspired by the research
  * finding that specialized context windows outperform bloated ones.
  *
  * Usage in spawnAgent / parallelAgents:
- *   { profile: "coder" }                        — preset tool list
- *   { profile: "researcher", extraTools: ["writeFile"] }  — preset + additions
- *   { tools: ["readFile", "webSearch"] }         — explicit list (overrides profile)
+ *   { profile: "coder" }                        - preset tool list
+ *   { profile: "researcher", extraTools: ["writeFile"] }  - preset + additions
+ *   { tools: ["readFile", "webSearch"] }         - explicit list (overrides profile)
  *
- * spawnAgent and parallelAgents are injected dynamically based on depth — not in profiles.
+ * spawnAgent and parallelAgents are injected dynamically based on depth - not in profiles.
  */
 
 export const agentProfiles = {
 
   /**
-   * researcher — gather, analyze, summarize, produce findings.
+   * researcher - gather, analyze, summarize, produce findings.
    * Reads files, searches web, fetches URLs, analyzes images. Saves findings to files.
-   * Does NOT ask the user what to look for — searches until it has enough to answer fully.
+   * Does NOT ask the user what to look for - searches until it has enough to answer fully.
    * Produces structured output: facts, sources, analysis, recommendations.
    */
   researcher: [
@@ -33,7 +33,7 @@ export const agentProfiles = {
   ],
 
   /**
-   * coder — build, fix, test, verify.
+   * coder - build, fix, test, verify.
    * Full ownership: writes code, runs builds, starts dev servers, tests UI visually,
    * writes test cases, runs them, fixes failures. Does everything without asking the user.
    */
@@ -51,9 +51,9 @@ export const agentProfiles = {
   ],
 
   /**
-   * writer — produce polished documents, reports, content.
+   * writer - produce polished documents, reports, content.
    * Reads existing content for context, researches via web, produces clean output.
-   * Does NOT ask what tone/format to use unless genuinely ambiguous — infers from context.
+   * Does NOT ask what tone/format to use unless genuinely ambiguous - infers from context.
    * Delivers the final document, not a draft asking for feedback.
    */
   writer: [
@@ -65,7 +65,7 @@ export const agentProfiles = {
   ],
 
   /**
-   * analyst — process data, run scripts, extract insights, produce output.
+   * analyst - process data, run scripts, extract insights, produce output.
    * Shell execution for data processing + web + vision for charts/visuals.
    * Runs scripts, parses output, draws conclusions. Delivers findings, not raw data.
    */
@@ -86,14 +86,14 @@ export const agentProfiles = {
  *
  * Covers the majority of tasks while excluding high-blast-radius tools
  * that sub-agents rarely need and that carry side effects beyond task scope:
- *   - cron          — schedules recurring tasks that outlive the sub-agent
- *   - sendEmail     — sub-agents shouldn't initiate email
- *   - messageChannel — sub-agents shouldn't send messages
- *   - screenCapture — sub-agents don't need screen access
- *   - manageAgents  — sub-agents shouldn't kill/steer other agents
- *   - delegateToAgent — A2A from sub-agents is unpredictable
+ *   - cron          - schedules recurring tasks that outlive the sub-agent
+ *   - sendEmail     - sub-agents shouldn't initiate email
+ *   - messageChannel - sub-agents shouldn't send messages
+ *   - screenCapture - sub-agents don't need screen access
+ *   - manageAgents  - sub-agents shouldn't kill/steer other agents
+ *   - delegateToAgent - A2A from sub-agents is unpredictable
  *
- * spawnAgent and parallelAgents are NOT listed here — they are injected
+ * spawnAgent and parallelAgents are NOT listed here - they are injected
  * dynamically into sub-agents by SubAgentManager based on recursion depth.
  */
 export const defaultSubAgentTools = [
@@ -114,7 +114,7 @@ export const defaultSubAgentTools = [
   "searchMemory", "pruneMemory", "listMemoryCategories",
   // Project tracking
   "projectTracker",
-  // MCP (via specialist agent — no direct mcp__ tools)
+  // MCP (via specialist agent - no direct mcp__ tools)
   "manageMCP",
   "useMCP",
 ];

package/src/config/channels.js

@@ -1,5 +1,5 @@
 /**
- * Channel configuration — which input channels are enabled.
+ * Channel configuration - which input channels are enabled.
  * Actual credentials come from .env via config/default.js.
  */
 export const channelDefaults = {

package/src/config/default.js

@@ -87,7 +87,7 @@ export const config = {
     isolateFilesystem: process.env.TENANT_ISOLATE_FILESYSTEM === "true",
   },
 
-  // Sandbox — OS-level command isolation
+  // Sandbox - OS-level command isolation
   // "process" (default): commands run in the current process, tool-level path guards apply.
   // "docker": commands run inside a Docker container, providing kernel-level isolation.
   //   Requires Docker installed. Container gets no network by default (DOCKER_NETWORK=none).
@@ -101,12 +101,12 @@ export const config = {
 
   // Channels
   // Each channel supports two universal options:
-  //   allowlist — comma-separated IDs/numbers/usernames in env var (e.g. TELEGRAM_ALLOWLIST="123456789,987654321")
+  //   allowlist - comma-separated IDs/numbers/usernames in env var (e.g. TELEGRAM_ALLOWLIST="123456789,987654321")
   //               If empty or not set → open to everyone. Set this to lock down your bot.
-  //   model     — per-channel model override (e.g. TELEGRAM_MODEL="anthropic:claude-opus-4-6")
+  //   model     - per-channel model override (e.g. TELEGRAM_MODEL="anthropic:claude-opus-4-6")
   //               If not set → global DEFAULT_MODEL is used.
   channels: {
-    // HTTP channel is disabled — unauthenticated, see src/channels/index.js
+    // HTTP channel is disabled - unauthenticated, see src/channels/index.js
     http: { enabled: false },
 
     telegram: {
@@ -130,7 +130,12 @@ export const config = {
     },
 
     email: {
-      enabled: !!process.env.EMAIL_USER,
+      // Enabled if EITHER Resend (outbound) OR Gmail/SMTP (full) is configured
+      enabled: !!(process.env.RESEND_API_KEY || process.env.EMAIL_USER),
+      // Resend (recommended - just an API key for outbound sending)
+      resendApiKey: process.env.RESEND_API_KEY || null,
+      resendFrom:   process.env.RESEND_FROM   || null,
+      // Traditional IMAP/SMTP (needed for inbox polling / inbound)
       imap: {
         host: process.env.EMAIL_IMAP_HOST || "imap.gmail.com",
         port: parseInt(process.env.EMAIL_IMAP_PORT || "993", 10),
@@ -139,8 +144,8 @@ export const config = {
         host: process.env.EMAIL_SMTP_HOST || "smtp.gmail.com",
         port: parseInt(process.env.EMAIL_SMTP_PORT || "587", 10),
       },
-      user: process.env.EMAIL_USER,
-      password: process.env.EMAIL_PASSWORD,
+      user: process.env.EMAIL_USER     || null,
+      password: process.env.EMAIL_PASSWORD || null,
       allowlist: process.env.EMAIL_ALLOWLIST
         ? process.env.EMAIL_ALLOWLIST.split(",").map((s) => s.trim()).filter(Boolean)
         : [],

package/src/config/models.js

@@ -1,5 +1,5 @@
 /**
- * Model registry — metadata for all supported models.
+ * Model registry - metadata for all supported models.
  * Used by ModelRouter for selection, cost tracking, and compaction thresholds.
  */
 export const models = {
@@ -79,7 +79,7 @@ export const models = {
     tier: "cheap",
   },
 
-  // Ollama (local — no cost)
+  // Ollama (local - no cost)
   "ollama:llama3": {
     provider: "ollama",
     model: "llama3",
@@ -113,7 +113,7 @@ export const models = {
 };
 
 /**
- * Fallback chains — if preferred model fails, try next in chain.
+ * Fallback chains - if preferred model fails, try next in chain.
  */
 export const fallbackChains = {
   cheap: ["openai:gpt-4.1-mini", "anthropic:claude-haiku-4-5", "google:gemini-2.0-flash"],

package/src/config/permissions.js

@@ -6,7 +6,7 @@
 export const permissionTiers = {
   minimal: {
     name: "Minimal (Read-Only)",
-    description: "Agent can read files, search, and browse the web — no writes, no shell, no communication.",
+    description: "Agent can read files, search, and browse the web - no writes, no shell, no communication.",
     allowedTools: [
       // File reads
       "readFile",
@@ -60,7 +60,7 @@ export const permissionTiers = {
       "screenCapture",
       // Project tracking
       "projectTracker",
-      // MCP inspection (read-only — no side effects)
+      // MCP inspection (read-only - no side effects)
       "manageMCP",
     ],
   },

package/src/core/AgentLoop.js

@@ -13,7 +13,7 @@ import supervisor from "../agents/Supervisor.js";
 import gitRollback from "../safety/GitRollback.js";
 
 /**
- * Core agent loop — model-agnostic via Vercel AI SDK.
+ * Core agent loop - model-agnostic via Vercel AI SDK.
  *
  * Extracted from the original openai.js. This is the brain of the agent:
  * 1. Send messages to model (any provider)
@@ -38,14 +38,14 @@ export async function runAgentLoop({
   taskId = null,
   approvalMode = "auto",   // "auto" | "dangerous-only" | "every-tool"
   channelMeta = null,      // passed through to HumanApproval so channel can notify user
-  signal = null,           // AbortController.signal — hard-kills the loop mid-call
-  steerQueue = null,       // shared mutable array — push strings here to steer the agent
-  apiKeys = {},            // per-tenant API key overlay — passed through to provider factory
+  signal = null,           // AbortController.signal - hard-kills the loop mid-call
+  steerQueue = null,       // shared mutable array - push strings here to steer the agent
+  apiKeys = {},            // per-tenant API key overlay - passed through to provider factory
 }) {
   const selectedModelId = modelId || config.defaultModel;
   const { model, meta, modelId: resolvedModelId } = getModelWithFallback(selectedModelId, apiKeys);
 
-  // Build set of known secret values to redact from tool outputs (dynamic — catches tenant keys)
+  // Build set of known secret values to redact from tool outputs (dynamic - catches tenant keys)
   const _knownSecrets = new Set([
     ...Object.values(apiKeys),
     process.env.OPENAI_API_KEY,
@@ -111,7 +111,7 @@ export async function runAgentLoop({
       while (steerQueue.length > 0) {
         const item = steerQueue.shift();
         if (item && typeof item === "object" && item.type === "user") {
-          // User sent a follow-up mid-task — inject as a natural user turn
+          // User sent a follow-up mid-task - inject as a natural user turn
           console.log(`[AgentLoop] User follow-up injected: "${item.content.slice(0, 80)}"`);
           messages.push({ role: "user", content: item.content });
         } else {
@@ -259,7 +259,7 @@ export async function runAgentLoop({
           continue;
         }
 
-        // Git snapshot — before the first write tool in this task
+        // Git snapshot - before the first write tool in this task
         if (!gitSnapshotDone && WRITE_TOOLS.has(tool_name)) {
           gitRollback.snapshot(taskId);
           gitSnapshotDone = true;
@@ -331,7 +331,7 @@ export async function runAgentLoop({
             });
           }
         } else {
-          console.log(`[Step ${stepCount}] Unknown tool: ${tool_name} — skipping`);
+          console.log(`[Step ${stepCount}] Unknown tool: ${tool_name} - skipping`);
           messages.push({
             role: "user",
             content: JSON.stringify({
@@ -347,7 +347,7 @@ export async function runAgentLoop({
       // --- Final response handling ---
       if (parsedOutput.finalResponse || parsedOutput.type === "text") {
         if (!parsedOutput.text_content) {
-          console.log(`[Loop ${loopCount}] Model signaled done but text_content is null — asking for summary`);
+          console.log(`[Loop ${loopCount}] Model signaled done but text_content is null - asking for summary`);
           messages.push({
             role: "user",
             content:
@@ -363,7 +363,7 @@ export async function runAgentLoop({
           const lastUserMsg = msgs[msgs.length - 1]?.content?.toLowerCase() || "";
           const isAck = /^(ok|okay|yes|yeah|sure|thanks|thank you|no|nah|k|yep|yup|got it|cool|nice|great|good|alright|👍)\.?$/i.test(lastUserMsg.trim());
           if (!isAck && lastUserMsg.length > 5) {
-            console.log(`[Loop ${loopCount}] LAZY MODEL DETECTED — claimed done but used 0 tools. Forcing tool use.`);
+            console.log(`[Loop ${loopCount}] LAZY MODEL DETECTED - claimed done but used 0 tools. Forcing tool use.`);
             messages.push({
               role: "user",
               content: `You responded without using any tools. You MUST actually use tools (readFile, editFile, writeFile, executeCommand, etc.) to complete the task. Do NOT claim you fixed or changed something without actually doing it. Use your tools NOW to fulfill the request.`,
@@ -375,10 +375,10 @@ export async function runAgentLoop({
         // SAFEGUARD 2: Model used only READ tools but claims it modified/fixed something
         // If the response contains action words but no write tool was ever called, push back.
         if (!writeToolUsed && stepCount > 0 && loopCount <= 4 && ACTION_WORDS.test(parsedOutput.text_content)) {
-          console.log(`[Loop ${loopCount}] PHANTOM WRITE DETECTED — model claims "${parsedOutput.text_content.slice(0, 80)}..." but only used read tools. Forcing actual writes.`);
+          console.log(`[Loop ${loopCount}] PHANTOM WRITE DETECTED - model claims "${parsedOutput.text_content.slice(0, 80)}..." but only used read tools. Forcing actual writes.`);
           messages.push({
             role: "user",
-            content: `You claim to have made changes but you only used read tools — you never called writeFile or editFile to actually modify any file. The files are UNCHANGED. You must use writeFile or editFile to actually make the changes. Do it now.`,
+            content: `You claim to have made changes but you only used read tools - you never called writeFile or editFile to actually modify any file. The files are UNCHANGED. You must use writeFile or editFile to actually make the changes. Do it now.`,
           });
           continue;
         }
@@ -406,7 +406,7 @@ export async function runAgentLoop({
         return { text: parsedOutput.text_content, messages: conversationMessages, cost };
       }
     } catch (error) {
-      // Abort signal fires as an error — exit cleanly
+      // Abort signal fires as an error - exit cleanly
       if (signal?.aborted || error.name === "AbortError") {
         console.log(`[Loop ${loopCount}] Aborted mid-call.`);
         return {

package/src/core/Compaction.js

@@ -28,7 +28,7 @@ export function estimateTokens(messages) {
 }
 
 /**
- * Prune a single tool output — truncate if too long.
+ * Prune a single tool output - truncate if too long.
  */
 function pruneToolOutput(content, maxChars = 5000) {
   if (typeof content !== "string") content = JSON.stringify(content);
@@ -52,7 +52,7 @@ function persistLargeOutput(content, taskId, stepIndex) {
   const filename = `${taskId || "unknown"}-step${stepIndex}-${Date.now()}.txt`;
   const filePath = `${dir}/${filename}`;
   writeFileSync(filePath, content);
-  return `[Output saved to disk: ${filePath} — ${content.length} chars]`;
+  return `[Output saved to disk: ${filePath} - ${content.length} chars]`;
 }
 
 /**
@@ -82,7 +82,7 @@ export async function compactIfNeeded(messages, modelMeta, taskId = null) {
   const oldMessages = messages.slice(1, -recentCount);
 
   if (oldMessages.length === 0) {
-    // Nothing to compact — all messages are recent
+    // Nothing to compact - all messages are recent
     return messages;
   }
 

package/src/core/CostTracker.js

@@ -33,7 +33,7 @@ export function logCost({ taskId, modelId, inputTokens, outputTokens, estimatedC
 }
 
 /**
- * Get total cost spent today (global — all tenants combined).
+ * Get total cost spent today (global - all tenants combined).
  */
 export function getTodayCost() {
   const logPath = getTodayLogPath();
@@ -101,7 +101,7 @@ export function estimateCost(modelId, inputTokens, outputTokens) {
   return (inputTokens / 1000) * meta.costPer1kInput + (outputTokens / 1000) * meta.costPer1kOutput;
 }
 
-// Auto-log costs from EventBus — includes tenantId from TenantContext
+// Auto-log costs from EventBus - includes tenantId from TenantContext
 eventBus.on("model:called", (data) => {
   const tenantId = tenantContext.getStore()?.tenant?.id || null;
   const cost = estimateCost(data.modelId, data.inputTokens || 0, data.outputTokens || 0);

package/src/core/EventBus.js

@@ -4,21 +4,21 @@ import { EventEmitter } from "events";
  * Global event bus for inter-module communication.
  *
  * Events:
- *   task:created      — new task enqueued
- *   task:started      — task picked up by runner
- *   task:completed    — task finished successfully
- *   task:failed       — task failed
- *   tool:before       — about to execute a tool (PreToolUse hook point)
- *   tool:after        — tool execution finished (PostToolUse hook point)
- *   tool:blocked      — tool call was blocked by safety
- *   agent:spawned     — sub-agent created
- *   agent:finished    — sub-agent completed
- *   agent:killed      — sub-agent terminated by supervisor
- *   model:called      — LLM API call made (for cost tracking)
- *   compact:triggered — context compaction started
- *   memory:written    — memory entry added
- *   secret:detected   — secret found and redacted
- *   audit:event       — generic audit event
+ *   task:created      - new task enqueued
+ *   task:started      - task picked up by runner
+ *   task:completed    - task finished successfully
+ *   task:failed       - task failed
+ *   tool:before       - about to execute a tool (PreToolUse hook point)
+ *   tool:after        - tool execution finished (PostToolUse hook point)
+ *   tool:blocked      - tool call was blocked by safety
+ *   agent:spawned     - sub-agent created
+ *   agent:finished    - sub-agent completed
+ *   agent:killed      - sub-agent terminated by supervisor
+ *   model:called      - LLM API call made (for cost tracking)
+ *   compact:triggered - context compaction started
+ *   memory:written    - memory entry added
+ *   secret:detected   - secret found and redacted
+ *   audit:event       - generic audit event
  */
 class AgentEventBus extends EventEmitter {
   constructor() {

package/src/core/TaskQueue.js

@@ -1,5 +1,5 @@
 import { createTask, startTask, completeTask, failTask } from "./Task.js";
-import { saveTask, loadTask, recoverStaleTasks } from "../storage/TaskStore.js";
+import { saveTask, loadTask, recoverStaleTasks, loadPendingTasks } from "../storage/TaskStore.js";
 import eventBus from "./EventBus.js";
 
 /**
@@ -21,11 +21,24 @@ class TaskQueue {
   }
 
   /**
-   * Initialize queue — recover any stale tasks from previous crash.
+   * Initialize queue - recover stale tasks from a previous crash/restart and
+   * re-hydrate the in-memory queue so they execute automatically without human
+   * re-input. Tasks that were "running" when the process died are reset to
+   * "pending" on disk first, then all pending tasks are loaded back into queue.
    */
   init() {
-    recoverStaleTasks();
-    console.log(`[TaskQueue] Initialized`);
+    const recovered = recoverStaleTasks();
+
+    const pending = loadPendingTasks();
+    for (const task of pending) {
+      this.queue.push(task);
+    }
+
+    if (pending.length > 0) {
+      console.log(`[TaskQueue] Requeued ${pending.length} pending task(s) from previous session (${recovered} recovered from crash)`);
+    } else {
+      console.log(`[TaskQueue] Initialized (no pending tasks from previous session)`);
+    }
   }
 
   /**
@@ -91,11 +104,15 @@ class TaskQueue {
 
     eventBus.emitEvent("task:completed", { taskId: task.id, cost: task.cost });
 
-    // Resolve any sync waiters
+    // Resolve any sync waiters (normal flow - channel is waiting for completion)
     const waiter = this.waiters.get(taskId);
     if (waiter) {
       waiter.resolve(task);
       this.waiters.delete(taskId);
+    } else if (task.channel && task.channel !== "http" && task.channel !== "a2a") {
+      // No waiter = recovered task (agent restarted while task was in-flight).
+      // Emit so ChannelRegistry can route the reply back to the user automatically.
+      eventBus.emitEvent("task:reply:needed", { task });
     }
 
     return task;
@@ -117,7 +134,7 @@ class TaskQueue {
     // Reject any sync waiters
     const waiter = this.waiters.get(taskId);
     if (waiter) {
-      waiter.resolve(task); // resolve not reject — caller handles error state
+      waiter.resolve(task); // resolve not reject - caller handles error state
       this.waiters.delete(taskId);
     }
 
@@ -137,7 +154,7 @@ class TaskQueue {
         return;
       }
 
-      // Timeout guard — prevent hanging forever (default 5 min)
+      // Timeout guard - prevent hanging forever (default 5 min)
       const timer = setTimeout(() => {
         this.waiters.delete(taskId);
         resolve({

package/src/core/TaskRunner.js

@@ -7,9 +7,10 @@ import { isDailyBudgetExceeded, isTenantDailyBudgetExceeded } from "./CostTracke
 import { config } from "../config/default.js";
 import tenantManager from "../tenants/TenantManager.js";
 import tenantContext from "../tenants/TenantContext.js";
+import inputSanitizer from "../safety/InputSanitizer.js";
 
 /**
- * Task runner — worker loop that picks tasks from the queue and executes them.
+ * Task runner - worker loop that picks tasks from the queue and executes them.
  *
  * Configurable concurrency (default: 2 parallel tasks).
  */
@@ -48,7 +49,7 @@ class TaskRunner {
   }
 
   /**
-   * Poll tick — pick up work if available and under concurrency limit.
+   * Poll tick - pick up work if available and under concurrency limit.
    */
   tick() {
     if (!this.running) return;
@@ -57,13 +58,13 @@ class TaskRunner {
     // ── Steer/inject: if next task belongs to an already-running session,
     //    append its message into the live agent loop rather than spawning a
     //    second loop.  The agent picks it up between tool calls (like Claude Code).
-    // This runs regardless of concurrency — no extra slot needed.
+    // This runs regardless of concurrency - no extra slot needed.
     const nextTask = taskQueue.peek();
     if (nextTask?.sessionId && this.sessionSteerQueues.has(nextTask.sessionId)) {
       const steerTask = taskQueue.dequeue(); // consume from queue
       const steerQueue = this.sessionSteerQueues.get(steerTask.sessionId);
       steerQueue.push({ type: "user", content: steerTask.input }); // inject into live loop
-      taskQueue.merge(steerTask.id);         // complete silently — no duplicate reply
+      taskQueue.merge(steerTask.id);         // complete silently - no duplicate reply
       console.log(`[TaskRunner] Follow-up "${steerTask.input.slice(0, 60)}" injected into running session ${steerTask.sessionId}`);
       return;
     }
@@ -106,6 +107,18 @@ class TaskRunner {
   async processTask(task, steerQueue = []) {
     console.log(`\n[TaskRunner] Processing task ${task.id} from ${task.channel}`);
 
+    // ── Prompt injection detection ─────────────────────────────────────────────
+    // Check user input for jailbreak / credential-extraction attempts.
+    // We don't block — we prepend a SECURITY_NOTICE so the agent is warned.
+    // Channel-sourced tasks only (not http/a2a which have their own auth).
+    if (task.input && task.channel && task.channel !== "http" && task.channel !== "a2a") {
+      const injCheck = inputSanitizer.detectInjection(task.input);
+      if (injCheck.suspicious) {
+        task.input = injCheck.warningPrefix + task.input;
+      }
+    }
+    // ──────────────────────────────────────────────────────────────────────────
+
     // ── Multi-tenant: resolve tenant and effective config ──────────────────────
     // Derive userId from sessionId: sessionId = "${channel}-${userId}"
     let tenant = null;
@@ -121,7 +134,7 @@ class TaskRunner {
       const reason = tenant.suspendReason
         ? `Account suspended: ${tenant.suspendReason}`
         : "Account suspended. Contact the operator.";
-      console.log(`[TaskRunner] Task ${task.id} rejected — tenant ${tenant.id} is suspended`);
+      console.log(`[TaskRunner] Task ${task.id} rejected - tenant ${tenant.id} is suspended`);
       taskQueue.fail(task.id, reason);
       return;
     }
@@ -132,7 +145,7 @@ class TaskRunner {
     // Per-tenant daily budget check (separate from global budget)
     if (tenant && resolvedConfig.maxDailyCost) {
       if (isTenantDailyBudgetExceeded(tenant.id, resolvedConfig.maxDailyCost)) {
-        console.log(`[TaskRunner] Task ${task.id} rejected — tenant ${tenant.id} daily budget ($${resolvedConfig.maxDailyCost}) reached`);
+        console.log(`[TaskRunner] Task ${task.id} rejected - tenant ${tenant.id} daily budget ($${resolvedConfig.maxDailyCost}) reached`);
         taskQueue.fail(task.id, `Daily budget of $${resolvedConfig.maxDailyCost} reached. Tasks resume tomorrow.`);
         return;
       }

package/src/daemon/DaemonManager.js

@@ -9,11 +9,11 @@ const SERVICE_NAME = "daemora-agent";
 const SERVICE_LABEL = "com.daemora.agent";
 
 /**
- * Daemon Manager — native OS service management.
+ * Daemon Manager - native OS service management.
  *
  * Like OpenClaw: uses the OS's native service system, NOT pm2.
- * - macOS: LaunchAgent (launchctl) — ~/Library/LaunchAgents/
- * - Linux: systemd user service — ~/.config/systemd/user/
+ * - macOS: LaunchAgent (launchctl) - ~/Library/LaunchAgents/
+ * - Linux: systemd user service - ~/.config/systemd/user/
  * - Windows: Scheduled Task (schtasks)
  *
  * Features:
@@ -204,7 +204,7 @@ export class DaemonManager {
     const unitPath = join(unitDir, `${SERVICE_NAME}.service`);
 
     const unit = `[Unit]
-Description=Daemora — 24/7 AI Digital Worker
+Description=Daemora - 24/7 AI Digital Worker
 After=network-online.target
 Wants=network-online.target
 

package/src/hooks/HookRunner.js

@@ -5,7 +5,7 @@ import { config } from "../config/default.js";
 import eventBus from "../core/EventBus.js";
 
 /**
- * Hook Runner — event-driven interception at tool lifecycle points.
+ * Hook Runner - event-driven interception at tool lifecycle points.
  * Inspired by Claude Code's hook system.
  *
  * Supports:
@@ -46,7 +46,7 @@ class HookRunner {
       // Create default hooks file
       this.hooks = {};
       this.loaded = true;
-      console.log(`[HookRunner] No hooks.json found — hooks disabled`);
+      console.log(`[HookRunner] No hooks.json found - hooks disabled`);
       return;
     }
 
@@ -110,7 +110,7 @@ class HookRunner {
         console.log(
           `[HookRunner] Hook error (${event}/${hook.matcher}): ${error.message}`
         );
-        // Hook errors don't block execution — fail open
+        // Hook errors don't block execution - fail open
       }
     }
 
@@ -172,7 +172,7 @@ class HookRunner {
         return { decision: "allow", output };
       }
     } catch (error) {
-      // Command failed — treat as allow (fail open)
+      // Command failed - treat as allow (fail open)
       return { decision: "allow", error: error.message };
     }
   }

package/src/index.js

@@ -18,6 +18,7 @@ import scheduler from "./scheduler/Scheduler.js";
 import heartbeat from "./scheduler/Heartbeat.js";
 import { mountAgentCard } from "./a2a/AgentCard.js";
 import { mountA2AServer } from "./a2a/A2AServer.js";
+import voiceWebhook from "./voice/VoiceWebhook.js";
 import daemonManager from "./daemon/DaemonManager.js";
 import secretVault from "./safety/SecretVault.js";
 import tenantManager from "./tenants/TenantManager.js";
@@ -51,6 +52,9 @@ app.use(express.json());
 mountAgentCard(app);
 mountA2AServer(app);
 
+// Mount voice call webhooks (Twilio callbacks during live calls)
+app.use("/voice", voiceWebhook);
+
 // --- Health check ---
 app.get("/health", (req, res) => {
   res.json({
@@ -65,11 +69,11 @@ app.get("/health", (req, res) => {
   });
 });
 
-// --- Chat endpoint (DISABLED — no authentication, anyone on the network could submit tasks) ---
+// --- Chat endpoint (DISABLED - no authentication, anyone on the network could submit tasks) ---
 // Uncomment and add authentication middleware before re-enabling.
 // app.post("/chat", async (req, res) => { ... });
 
-// --- Task submit endpoint (DISABLED — same reason, unauthenticated) ---
+// --- Task submit endpoint (DISABLED - same reason, unauthenticated) ---
 // app.post("/tasks", (req, res) => { ... });
 
 app.get("/tasks/:id", (req, res) => {

package/src/mcp/MCPAgentRunner.js

@@ -2,7 +2,7 @@ import { spawnSubAgent } from "../agents/SubAgentManager.js";
 import mcpManager from "./MCPManager.js";
 
 /**
- * MCP Agent Runner — spawns specialist sub-agents for individual MCP servers.
+ * MCP Agent Runner - spawns specialist sub-agents for individual MCP servers.
  *
  * Each specialist gets:
  *   - ONLY the tools from its assigned MCP server (no built-in tools)
@@ -49,7 +49,7 @@ All MCP tool params must be passed as a single JSON string (the first and only a
   tool_name: "mcp__${serverName}__someToolName"
   params: ['{"param1":"value1","param2":"value2"}']
 
-# Rules — You Own This Task
+# Rules - You Own This Task
 
 - **Do the work, don't describe it.** Your first response must be a tool_call, not a plan.
 - **Chain calls until fully done.** After each tool result, decide: need more tools? Call another. Only set finalResponse true when the task is genuinely complete.
@@ -106,7 +106,7 @@ export async function runMCPAgent(serverName, taskDescription, options = {}) {
     ...options,
     toolOverride: serverTools,
     systemPromptOverride,
-    // MCP agents are always depth 1 — they don't spawn further sub-agents
+    // MCP agents are always depth 1 - they don't spawn further sub-agents
     depth: 1,
   });
 }