daemora 1.0.8 → 1.0.10

package/src/agents/systemPrompt.js

@@ -52,6 +52,7 @@ export async function buildSystemPrompt(taskInput, promptMode = "full", runtimeM
         renderMCPTools(),
         renderToolUsageRules(),
         renderSkills(taskInput, 10),
+        renderMemory(),
         renderSubagentContext(runtimeMeta.taskDescription || taskInput),
       ])
     : await Promise.all([
@@ -65,7 +66,6 @@ export async function buildSystemPrompt(taskInput, promptMode = "full", runtimeM
         renderMemory(),
         renderSemanticRecall(taskInput),
         renderDailyLog(),
-        renderOperationalGuidelines(),
       ]);
 
   const runtime = renderRuntime(runtimeMeta);
@@ -149,30 +149,47 @@ You MUST respond with a JSON object matching this exact schema on every turn:
 }
 \`\`\`
 
-## Rules for each response type:
-
-### When you need to use a tool (type = "tool_call"):
-- Set type to "tool_call"
-- Set tool_call.tool_name to the tool name
-- Set tool_call.params to an array of STRING arguments (even numbers must be strings)
-- Set text_content to null
-- Set finalResponse to false
-- You will receive the tool result in the next message, then continue
-
-### When you are truly finished (type = "text"):
-- Set type to "text"
-- Set text_content to a brief summary of what you DID (past tense)
-- Set tool_call to null
-- Set finalResponse to true
-
-## CRITICAL RULES:
-1. NEVER set finalResponse to true unless the work is VERIFIED complete - not just written, but confirmed working.
-2. If the user asks you to DO something (fix, create, edit, build, search, etc.), your FIRST response MUST be type "tool_call". Not text. Not a plan. A tool call.
-3. Chain multiple tool calls across turns. After each tool result, decide: need more tools? Call another. Done with verification? Set finalResponse true.
-4. If a tool fails, try an alternative approach. Do NOT give up and ask the user to do it manually.
-5. After writing or editing any file, ALWAYS read it back to verify the content is correct before moving on.
-6. After any coding task, run the build/test command. If it fails, fix the errors and run again. Repeat until it passes. NEVER set finalResponse true while a build is still failing.
-7. NEVER claim you "fixed" or "created" something without having called writeFile or editFile. Saying it is not doing it.`;
+## When to use each type
+
+### type = "tool_call"
+- User asks to DO something → FIRST response is always a tool call. Not text. Not a plan.
+- Set tool_call.tool_name and tool_call.params (array of STRINGS).
+- Set text_content to null, finalResponse to false.
+- Chain tool calls across turns until the work is verified complete.
+
+### type = "text"
+- Conversation (greetings, questions, chat) → reply naturally. finalResponse = true.
+- Task complete and verified → concise outcome in 1-3 sentences. finalResponse = true.
+
+## Task execution rules
+1. Action requests → start with a tool call immediately.
+2. Chain multiple tool calls. After each result: need more? Call another. Done? Verify first, then finalize.
+3. After writing/editing any file, read it back to verify.
+4. After code changes, run build/tests. Fix failures until clean.
+5. Tool fails → try a different approach. That fails → try another. Exhaust every option before reporting failure.
+6. Never give up. Never ask the user to do it manually. Never report a problem without attempting to solve it.
+7. Never claim you did something without actually calling the tool.
+8. Never set finalResponse=true while errors or failures exist.
+
+## Understanding user intent
+- Read the full request carefully. Identify exactly what the user wants done.
+- Infer context from conversation history, memory, and available information.
+- If the request has multiple parts, handle all of them. Don't skip any.
+- If genuinely ambiguous, ask ONE focused question. Otherwise just do it.
+
+## Final response format
+- 1-3 sentences. What happened, from the user's perspective.
+- Never dump tool output, full email bodies, API responses, status codes, message IDs, or JSON.
+- Never ask what to do next or offer follow-up options.
+- Never expose internal details (tool names, IDs, technical artifacts).
+
+## Output efficiency
+These rules apply to text responses sent to the user — NOT to tool params, sub-agent instructions, or task descriptions (those must remain detailed and complete).
+- Go straight to the point. Try the simplest approach first.
+- Lead with the answer or action, not the reasoning.
+- Skip filler words, preamble, and unnecessary transitions.
+- If you can say it in one sentence, don't use three.
+- Focus text on: decisions needing input, status updates at milestones, errors that change the plan.`;
 }
 
 function renderToolDocs() {
@@ -188,11 +205,19 @@ ${unconfigured.map(t => `- ${t} — needs: ${TOOL_REQUIRED_KEYS[t].join(" or ")}
   return `# Available Tools
 
 All tool params are STRINGS. Pass them as an array of strings.
+Use existing conversation context first — if you already have the data from a previous tool call, web search, file read, or user message, work with that. Only call a tool again when you need fresh or missing information.
 
 ## File Operations
-- readFile(filePath, offset?, limit?) — Read file with line numbers. Always read before editing.
+Always use absolute paths. Resolve ~ and relative paths from the user's context before calling any file tool.
+- MUST read a file before modifying it. Never edit blind — this will error if you haven't read the file first.
+- Don't re-read files already in context. Use existing content — only re-read if you need fresh state after an edit.
+- Read only what you need: use offset/limit to target specific sections, not the entire file.
+- Prefer editFile for modifying existing files — it only sends the diff. Most edits should use this.
+- applyPatch for multi-hunk changes — better than multiple editFile calls.
+- writeFile only for creating new files or complete rewrites. Never writeFile to change a few lines.
+- readFile(filePath, offset?, limit?) — Read file with line numbers. Use offset/limit to read specific sections.
 - writeFile(filePath, content) — Create or overwrite file. Content is the complete file.
-- editFile(filePath, oldString, newString) — Find-and-replace (exactly 3 params). Read file first to get exact match string.
+- editFile(filePath, oldString, newString) — Find-and-replace (exactly 3 params). Supports flexible whitespace matching.
 - applyPatch(filePath, patch) — Apply unified diff patch. Better than editFile for multi-hunk changes.
 - listDirectory(dirPath) — List files and folders with types and sizes.
 - searchFiles(pattern, directory?, optionsJson?) — Find files by name pattern. opts: {"sortBy":"modified","maxDepth":3}
@@ -235,6 +260,7 @@ ${_isToolConfigured("textToSpeech") ? `- textToSpeech(text, optionsJson?) — Te
 - sendFile(channel, target, filePath, caption?) — Send file to a DIFFERENT user on a specific channel.
 
 ## Memory
+Persistent memory per tenant. Contents survive across conversations. Consult memory to build on previous experience.
 - readMemory() — Read long-term MEMORY.md.
 - writeMemory(entry, category?) — Add timestamped entry. category: "user-prefs", "project", "learned", etc.
 - searchMemory(query, optionsJson?) — Search MEMORY.md and daily logs. opts: {"category":"...","limit":50}
@@ -243,9 +269,28 @@ ${_isToolConfigured("textToSpeech") ? `- textToSpeech(text, optionsJson?) — Te
 - readDailyLog(date?) — Read daily log for date (YYYY-MM-DD). Omit for today.
 - writeDailyLog(entry) — Append to today's daily log.
 
+### What to save
+- User preferences for workflow, tools, and communication style.
+- Key architectural decisions, important file paths, and project structure.
+- Solutions to recurring problems and debugging insights.
+- When the user asks to remember something across sessions, save it immediately.
+
+### What NOT to save
+- Session-specific context (current task details, in-progress work, temporary state).
+- Speculative or unverified conclusions from a single interaction.
+- Information that duplicates what's already in memory — check first, update existing entries.
+
+### When to use memory
+- Start of a new conversation → readMemory() to recall user preferences and context.
+- User gives a preference or rule → writeMemory() immediately, don't wait.
+- User asks to forget something → find and remove the relevant entry.
+- Learned something stable across multiple interactions → save it.
+- Daily log for task tracking → writeDailyLog() at end of significant work.
+
 ## Agents
+For complex multi-agent tasks, load \`readFile("skills/orchestration.md")\` first — covers parallel execution, contract-based planning, workspace artifacts, and coordination patterns.
 - spawnAgent(taskDescription, optionsJson?) — Spawn sub-agent. opts: {"profile":"coder|researcher|writer|analyst","extraTools":[...],"skills":["skills/coding.md"],"parentContext":"...","model":"..."}. Pass skills array with skill paths from the Available Skills list — the skill content is injected directly into the sub-agent so it can follow the instructions without loading them. Task description must be comprehensive — sub-agent has no other context.
-- parallelAgents(tasksJson, sharedOptionsJson?) — Spawn multiple agents in parallel. tasksJson: [{"description":"...","options":{...}}]. sharedOptionsJson: {"sharedContext":"..."}. Always pass workspace path in sharedContext.
+- parallelAgents(tasksJson, sharedOptionsJson?) — Spawn multiple agents in parallel. tasksJson: [{"description":"...","options":{...}}]. sharedOptionsJson: {"sharedContext":"..."}. Always pass workspace path and shared contract in sharedContext.
 - manageAgents(action, paramsJson?) — List, kill, or steer agents. action: "list"|"kill"|"steer".
 
 ### useMCP(serverName, taskDescription)
@@ -285,45 +330,50 @@ The following MCP servers are connected. Use \`useMCP(serverName, taskDescriptio
 
 ${serverList}
 
-**IMPORTANT: ALWAYS prefer MCP server tools over built-in equivalents.** For example:
-- To send email → use \`useMCP("Fastn", ...)\` (gmail_send_mail) instead of \`sendEmail\`
-- To manage calendar → use \`useMCP("Fastn", ...)\` instead of built-in tools
-- If an MCP server provides a capability, ALWAYS use it via \`useMCP\` first. Only fall back to built-in tools if no MCP server offers that capability.
+**Prefer MCP servers over built-in tools** when both can do the job. Route tasks through \`useMCP(serverName, taskDescription)\` — the specialist gets only that server's tools. Do not call mcp__ tools directly.
 
-Do NOT call mcp__ tools directly - always route through \`useMCP\`. The specialist agent receives only that server's tools for focused, efficient execution.
-Use \`manageMCP("list")\` to check server connection status at any time.`;
+**Never expose MCP tool names to the user.** When describing capabilities, use natural language (e.g. "I can manage your calendar" not "I have google_calendar_create_event"). Internal tool names are implementation details.`;
 }
 
 function renderToolUsageRules() {
   return `# Tool Usage Rules
 
-## Read Before Edit
-- ALWAYS read a file before modifying it. Never edit blind.
-- Use enough context in oldString for unambiguous match.
+## Workflow
+1. Read → understand before touching anything.
+2. Act → editFile for small changes, writeFile for rewrites. Use tools, never tell the user to do it manually.
+3. Verify → readFile after writes. Run build/tests after code changes.
+4. Fix → build/test fails → fix and re-verify until clean.
+5. Report → 1-3 sentences. What happened, key outcomes. No raw output, no internal details.
 
-## Choose the Right Tool
-- Small change → editFile. Major rewrite → writeFile. editFile keeps failing → switch to writeFile.
-- Find content → searchContent/grep. Find files → searchFiles/glob/listDirectory (not executeCommand("ls")).
+## Tool Selection
+- Small change → editFile. Full rewrite → writeFile. editFile keeps failing → switch to writeFile.
+- Find content → searchContent/grep. Find files → searchFiles/glob/listDirectory.
+- editFile oldString not found → re-read file, retry with exact content.
 
 ## Error Recovery
-- editFile oldString not found → re-read file, retry with exact content.
-- Command fails → read error, diagnose, try different approach.
-- NEVER tell user to do something manually. Use tools.
-
-## Don't Over-Engineer
-- Only make changes directly requested or clearly necessary.
-- No extra features, refactoring, or "improvements" beyond what was asked.
-- No comments/docstrings/type annotations on untouched code.
-- No error handling for impossible scenarios. No premature abstractions.
-- Unused code → delete it completely. No backwards-compatibility hacks.
-
-## Security
-- No command injection, XSS, SQL injection, path traversal. Fix insecure code immediately.
-- Never hardcode secrets. Use environment variables. Sanitize user input at boundaries.
-
-## Quality
-- Follow existing code conventions. Match project patterns. Check surrounding code first.
-- Prefer simplest correct solution. Complexity is a cost.`;
+- Tool fails → read error, try different approach. Fails again → try another. Exhaust options before reporting failure.
+- Same params fail twice → stop and diagnose. Don't brute force.
+- Never use destructive workarounds to clear a blocker.
+
+## Code Quality
+- Read before edit. Always. Use enough context in oldString for unambiguous match.
+- Follow existing conventions. Match project patterns. Simplest correct solution wins.
+- Only change what's requested. No extra features, refactoring, or "improvements" beyond scope.
+- No comments/docstrings on untouched code. No error handling for impossible scenarios.
+- Unused code → delete completely. No backwards-compatibility hacks.
+- No command injection, XSS, SQL injection, path traversal. Never hardcode secrets.
+
+## What NOT To Do
+- NEVER expose raw API responses, status codes, message IDs, or internal artifacts.
+- NEVER ask what to do next or offer follow-up options. Either do it or don't.
+- NEVER claim "fixed" without calling writeFile/editFile. NEVER plan without executing.
+- NEVER ask user to do things manually. NEVER give up after one failure.
+- NEVER set finalResponse true without verification or while errors exist.
+
+## Context Management
+- \`<conversation-summary>\` blocks are compacted history — treat as ground truth for earlier work.
+- Don't re-do work mentioned in the summary. Continue from where it left off.
+- If context is growing long, write key decisions to memory before they get compacted.`;
 }
 
 async function renderSkills(taskInput, limit = 20) {
@@ -343,6 +393,7 @@ async function renderSkills(taskInput, limit = 20) {
   return `# Available Skills
 
 Before replying, scan this list. If a skill applies, use readFile to load it, then follow it.
+Skills that need API keys or credentials access them from the runtime environment automatically — never ask the user for keys in chat.
 
 ${lines.join("\n")}${dirHint}`;
 }
@@ -369,38 +420,7 @@ function renderDailyLog() {
   return `# Today's Log (${today})\n\n${dailyLog}`;
 }
 
-function renderOperationalGuidelines() {
-  return `# Operational Guidelines
-
-## Tone & Style
-- Natural, warm, direct. Match the user's tone. Never robotic or sycophantic.
-- Final responses: 1-3 sentences. Report outcomes, not process.
-- Casual messages get casual responses — don't reach for tools on conversational input.
-- Never expose internal details (tool names, IDs, JSON) in final responses.
-
-## Understanding Requirements
-- Infer implied intent from vague requests.
-- If truly ambiguous, ask ONE focused question. Otherwise just do it.
-- Match existing code style, patterns, and conventions.
-
-## Workflow: Read → Act → Verify → Fix → Report
-1. **Read** every file before touching it.
-2. **Act** with tools. editFile for small changes, writeFile for rewrites.
-3. **Verify** — readFile after writes. Run build/tests after code changes.
-4. **Fix** — if build/test fails, fix and re-verify. Loop until clean.
-5. **Report** — set finalResponse true only after verification. Summarize in 1-3 sentences.
-- NEVER set finalResponse true while a build error or test failure exists.
-
-## When Blocked
-- Don't brute force. Read the error, try a different approach.
-- Tool fails twice with same params → stop and diagnose.
-- Never use destructive workarounds to clear a blocker.
-
-## What NOT To Do
-- NEVER claim "fixed" without calling writeFile/editFile. NEVER plan without executing.
-- NEVER ask user to do things manually. NEVER give up after one failure.
-- NEVER set finalResponse true without verification. NEVER over-engineer.`;
-}
+// renderOperationalGuidelines merged into renderToolUsageRules
 
 function renderSubagentContext(taskDescription) {
   if (!taskDescription) return null;
@@ -421,7 +441,10 @@ function renderRuntime(meta = {}) {
   if (meta.model) parts.push(`model=${meta.model}`);
   if (meta.thinkingLevel) parts.push(`thinking=${meta.thinkingLevel}`);
   if (meta.agentId) parts.push(`agent=${meta.agentId}`);
-  if (parts.length === 0) return null;
+  parts.push(`date=${new Date().toISOString().split("T")[0]}`);
+  parts.push(`os=${process.platform}/${process.arch}`);
+  parts.push(`cwd=${process.cwd()}`);
+  parts.push(`shell=${process.env.SHELL || "unknown"}`);
   return `Runtime: ${parts.join(" | ")}`;
 }
 

package/src/cli.js

@@ -550,6 +550,12 @@ async function handleMCP(action, args) {
 
       let serverConfig;
       if (commandOrUrl.startsWith("http://") || commandOrUrl.startsWith("https://")) {
+        // Detect URLs that were truncated by shell (& splits in zsh/bash)
+        if (commandOrUrl.includes("?") && !commandOrUrl.includes("&") && restArgs.some(a => a.includes("="))) {
+          console.error(`\n  ${S.cross}  URL appears truncated by the shell. Wrap it in quotes:`);
+          console.error(`  ${S.arrow}  daemora mcp add ${name} "${commandOrUrl}&${restArgs.filter(a => a.includes("=")).join("&")}"\n`);
+          process.exit(1);
+        }
         const isSSE = restArgs.includes("--sse");
         serverConfig = { url: commandOrUrl, enabled: true };
         if (isSSE) serverConfig.transport = "sse";
@@ -2217,7 +2223,7 @@ ${line}
   ${t.dim("$")} daemora mcp env notion NOTION_TOKEN ntn_...
   ${t.dim("$")} daemora mcp env stripe STRIPE_SECRET_KEY sk_live_...
   ${t.dim("$")} daemora mcp enable notion
-  ${t.dim("$")} daemora mcp add myserver https://api.example.com/mcp
+  ${t.dim("$")} daemora mcp add myserver "https://api.example.com/mcp?key=123&id=456"
   ${t.dim("$")} daemora mcp add mysse https://api.example.com/sse --sse
   ${t.dim("$")} daemora mcp remove github
   ${t.dim("$")} daemora mcp add                   (interactive - prompts for everything)

package/src/config/models.js

@@ -333,6 +333,78 @@ export const models = {
     tier: "cheap",
   },
 
+  // ─── xAI ───────────────────────────────────────────────────────────────────
+
+  "xai:grok-4": {
+    provider: "xai", model: "grok-4",
+    contextWindow: 131_072, compactAt: 90_000,
+    costPer1kInput: 0.003, costPer1kOutput: 0.015,
+    capabilities: ["text", "tools", "structured-output"],
+    tier: "standard",
+  },
+  "xai:grok-3-beta": {
+    provider: "xai", model: "grok-3-beta",
+    contextWindow: 131_072, compactAt: 90_000,
+    costPer1kInput: 0.003, costPer1kOutput: 0.015,
+    capabilities: ["text", "tools"],
+    tier: "standard",
+  },
+  "xai:grok-3-mini-beta": {
+    provider: "xai", model: "grok-3-mini-beta",
+    contextWindow: 131_072, compactAt: 90_000,
+    costPer1kInput: 0.0005, costPer1kOutput: 0.005,
+    capabilities: ["text", "tools", "reasoning"],
+    tier: "cheap",
+  },
+
+  // ─── DeepSeek ──────────────────────────────────────────────────────────────
+
+  "deepseek:deepseek-chat": {
+    provider: "deepseek", model: "deepseek-chat",
+    contextWindow: 128_000, compactAt: 90_000,
+    costPer1kInput: 0.00027, costPer1kOutput: 0.0011,
+    capabilities: ["text", "tools", "structured-output"],
+    tier: "cheap",
+  },
+  "deepseek:deepseek-reasoner": {
+    provider: "deepseek", model: "deepseek-reasoner",
+    contextWindow: 128_000, compactAt: 90_000,
+    costPer1kInput: 0.00055, costPer1kOutput: 0.0022,
+    capabilities: ["text", "reasoning"],
+    tier: "cheap",
+  },
+
+  // ─── Mistral ───────────────────────────────────────────────────────────────
+
+  "mistral:mistral-large-latest": {
+    provider: "mistral", model: "mistral-large-latest",
+    contextWindow: 128_000, compactAt: 90_000,
+    costPer1kInput: 0.002, costPer1kOutput: 0.006,
+    capabilities: ["text", "tools", "structured-output"],
+    tier: "standard",
+  },
+  "mistral:mistral-medium-latest": {
+    provider: "mistral", model: "mistral-medium-latest",
+    contextWindow: 128_000, compactAt: 90_000,
+    costPer1kInput: 0.0004, costPer1kOutput: 0.002,
+    capabilities: ["text", "tools"],
+    tier: "cheap",
+  },
+  "mistral:codestral-latest": {
+    provider: "mistral", model: "codestral-latest",
+    contextWindow: 256_000, compactAt: 180_000,
+    costPer1kInput: 0.0003, costPer1kOutput: 0.0009,
+    capabilities: ["text", "tools"],
+    tier: "cheap",
+  },
+  "mistral:mistral-small-latest": {
+    provider: "mistral", model: "mistral-small-latest",
+    contextWindow: 128_000, compactAt: 90_000,
+    costPer1kInput: 0.0001, costPer1kOutput: 0.0003,
+    capabilities: ["text", "tools"],
+    tier: "cheap",
+  },
+
   // ─── Ollama (local — no cost) ────────────────────────────────────────────────
 
   "ollama:llama3": {

package/src/index.js

@@ -871,14 +871,23 @@ app.get("/api/settings", (req, res) => {
     }
   }
 
-  // Mask values for security
+  // Merge vault secrets (if unlocked) — vault takes priority
+  const vaultActive = secretVault.isUnlocked();
+  if (vaultActive) {
+    const vaultSecrets = secretVault.getAsEnv();
+    for (const key of Object.keys(vaultSecrets)) {
+      envVars[key] = vaultSecrets[key]; // vault overrides .env
+    }
+  }
+
+  // Uniform masking — never leak any characters
   const masked = {};
   for (const [key, val] of Object.entries(envVars)) {
     if (!val) { masked[key] = ""; continue; }
-    masked[key] = val.length <= 4 ? "****" : val.slice(0, 4) + "*".repeat(Math.min(val.length - 4, 20));
+    masked[key] = "••••••••";
   }
 
-  res.json({ vars: masked, available });
+  res.json({ vars: masked, available, vaultActive });
 });
 
 app.put("/api/settings", (req, res) => {
@@ -887,25 +896,52 @@ app.put("/api/settings", (req, res) => {
     return res.status(400).json({ error: "updates object is required" });
   }
 
-  const envPath = join(__dirname, "..", ".env");
-  let content = existsSync(envPath) ? readFileSync(envPath, "utf-8") : "";
+  const vaultActive = secretVault.isUnlocked();
+  const sensitivePattern = /KEY|TOKEN|SECRET|PASSWORD|PASSPHRASE|CREDENTIAL/i;
+
+  // Separate sensitive vs non-sensitive
+  const envUpdates = {};
+  const vaultUpdates = {};
 
   for (const [key, value] of Object.entries(updates)) {
-    // Validate key format (alphanumeric + underscore only)
     if (!/^[A-Z][A-Z0-9_]*$/.test(key)) continue;
-    const regex = new RegExp(`^${key.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}=.*$`, "m");
-    if (regex.test(content)) {
-      content = content.replace(regex, `${key}=${value}`);
+    if (vaultActive && sensitivePattern.test(key)) {
+      vaultUpdates[key] = value;
     } else {
-      content = content.trimEnd() + `\n${key}=${value}\n`;
+      envUpdates[key] = value;
     }
-    // Also update process.env so changes take effect without restart
+    // Always update process.env so changes take effect immediately
     process.env[key] = value;
   }
 
-  writeFileSync(envPath, content, "utf-8");
+  // Write non-sensitive (or all if vault locked) to .env
+  if (Object.keys(envUpdates).length > 0 || (!vaultActive && Object.keys(vaultUpdates).length === 0)) {
+    const allEnvUpdates = vaultActive ? envUpdates : { ...envUpdates, ...vaultUpdates };
+    const envPath = join(__dirname, "..", ".env");
+    let content = existsSync(envPath) ? readFileSync(envPath, "utf-8") : "";
+    for (const [key, value] of Object.entries(allEnvUpdates)) {
+      const regex = new RegExp(`^${key.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}=.*$`, "m");
+      if (regex.test(content)) {
+        content = content.replace(regex, `${key}=${value}`);
+      } else {
+        content = content.trimEnd() + `\n${key}=${value}\n`;
+      }
+    }
+    writeFileSync(envPath, content, "utf-8");
+  }
+
+  // Write sensitive keys to vault
+  if (vaultActive && Object.keys(vaultUpdates).length > 0) {
+    for (const [key, value] of Object.entries(vaultUpdates)) {
+      secretVault.set(key, value);
+    }
+  }
+
+  const stored = vaultActive
+    ? { env: Object.keys(envUpdates), vault: Object.keys(vaultUpdates) }
+    : { env: Object.keys(updates).filter(k => /^[A-Z][A-Z0-9_]*$/.test(k)) };
 
-  res.json({ message: `Updated ${Object.keys(updates).length} variable(s)`, updated: Object.keys(updates) });
+  res.json({ message: `Updated ${Object.keys(updates).length} variable(s)`, stored });
 });
 
 // --- User Profile endpoints ---

package/src/mcp/MCPAgentRunner.js

@@ -57,7 +57,7 @@ All MCP tool params must be passed as a single JSON string (the first and only a
 - **Never ask for clarification.** You have everything you need in the task description. Make reasonable decisions and proceed.
 - **Handle errors yourself.** If a tool call fails, read the error, adjust your approach, try again. Do not give up and report failure unless you have exhausted all approaches.
 - **Be thorough.** If the task says "update all tasks in a project", update all of them. If it says "research X", gather enough detail to be useful. Don't do a half job.
-- **End with a useful summary.** When done, set finalResponse true and write a clear summary: what was done, what was created/updated/found, and any important details the main agent needs.`,
+- **End with a concise summary.** When done, set finalResponse true. Write 1-3 sentences: what was done and key outcomes. Never dump raw API responses, full JSON payloads, message IDs, status codes, or technical artifacts. The main agent will relay your response to the user.`,
   };
 }