drafted 1.7.25 → 1.8.0

package/mcp/gates.mjs

@@ -0,0 +1,124 @@
+// Pure gate logic for the Drafted compounding harness.
+//
+// These helpers are intentionally side-effect free (no `api()`, no network, no
+// module state) so they can be unit tested in isolation. mcp/server.mjs imports
+// them and wires the decisions into the tool handlers + per-session getState().
+//
+// See docs/plans/compounding-harness.md and the Drafted "gates-checklist" frame.
+
+// One combined per-project budget for the auto-injected priming set:
+// attached-skill bodies + project anchor bodies + the active layer's rules.
+// Single source of truth lives in src/shared so the server-side deposit caps
+// enforce the identical limit. Re-exported here for the MCP gate helpers.
+import { PROJECT_CONTEXT_BUDGET_CHARS, selectWithinBudget } from '../src/shared/gate-budget.mjs';
+export { PROJECT_CONTEXT_BUDGET_CHARS, selectWithinBudget };
+
+// ── Per-session gate flags (reset every MCP session) ──────────────────────────
+
+export function createGateState() {
+  return { wikiSearched: false, skillSearched: false, templateSearched: false };
+}
+
+// kind: 'wiki' | 'skill' | 'template'
+export function markSearched(gateState, kind) {
+  if (kind === 'wiki') gateState.wikiSearched = true;
+  else if (kind === 'skill') gateState.skillSearched = true;
+  else if (kind === 'template') gateState.templateSearched = true;
+  return gateState;
+}
+
+// ── Enforce gates (create chain). Return an error string if blocked, else null ─
+
+export function g1Block(gateState, wikiIndex) {
+  if (gateState.wikiSearched) return null;
+  let msg =
+    'G1: search the org wiki before reading or editing anything. ' +
+    'Call wiki(action="search", query="<relevant terms>") first, then retry. ' +
+    'More knowledge = less searching — start by drawing on what the org already knows.';
+  if (wikiIndex) msg += `\n\nWiki index (what exists to search):\n${wikiIndex}`;
+  return msg;
+}
+
+export function g2Block(gateState) {
+  if (gateState.skillSearched) return null;
+  return (
+    'G2: search for prior-art skills before creating one. ' +
+    'Call skill(action="search", query="<topic>") first — if a close match exists, improve it ' +
+    '(/drafted:improve-skill) instead of duplicating — then retry skill(action="add").'
+  );
+}
+
+export function g3Block(gateState) {
+  const missing = [];
+  if (!gateState.wikiSearched) missing.push('wiki(action="search")');
+  if (!gateState.skillSearched) missing.push('skill(action="search")');
+  if (!gateState.templateSearched) missing.push('template(action="list")');
+  if (missing.length === 0) return null;
+  return (
+    `G3: search before creating a project. Run ${missing.join(', ')} first ` +
+    '(reuse existing knowledge, skills, and templates), then retry project(action="create").'
+  );
+}
+
+// ── Per-project context budget (auto-inject set) ──────────────────────────────
+
+function itemChars(it) {
+  if (typeof it === 'number') return it;
+  if (typeof it === 'string') return it.length;
+  if (it && typeof it === 'object') {
+    if (typeof it.chars === 'number') return it.chars;
+    if (it.content != null) return String(it.content).length;
+  }
+  return 0;
+}
+
+export function sumChars(items) {
+  if (!Array.isArray(items)) return 0;
+  return items.reduce((total, it) => total + itemChars(it), 0);
+}
+
+export function budgetRemaining(currentTotal, budget = PROJECT_CONTEXT_BUDGET_CHARS) {
+  return Math.max(0, budget - currentTotal);
+}
+
+export function wouldExceedBudget(currentTotal, addChars, budget = PROJECT_CONTEXT_BUDGET_CHARS) {
+  return currentTotal + addChars > budget;
+}
+
+export function budgetError(currentTotal, addChars, label, budget = PROJECT_CONTEXT_BUDGET_CHARS) {
+  const remaining = budgetRemaining(currentTotal, budget);
+  return (
+    `Per-project context budget exceeded: ${label} needs ${addChars} chars but only ${remaining} ` +
+    `of ${budget} remain. Tighten existing attached skills / anchors / layer rules first ` +
+    `(see /drafted:improve-project-harness).`
+  );
+}
+
+// ── G6 layer-rule default detection ───────────────────────────────────────────
+
+// A layer prompt is "default" (skip G6 inject) when it is empty or byte-identical
+// to the template's default prompt for that layer key.
+export function isLayerPromptDefault(layerPrompt, templateDefaultPrompt) {
+  const p = (layerPrompt ?? '').trim();
+  if (p === '') return true;
+  const d = (templateDefaultPrompt ?? '').trim();
+  return d !== '' && p === d;
+}
+
+export function shouldInjectLayerPrompt(layerPrompt, templateDefaultPrompt) {
+  return !isLayerPromptDefault(layerPrompt, templateDefaultPrompt);
+}
+
+// ── Wiki index formatting (bounded map injected with the G1 block) ────────────
+
+export function formatWikiIndex(pages, max = 50) {
+  if (!Array.isArray(pages) || pages.length === 0) return '(wiki is empty — no pages yet)';
+  const lines = pages.slice(0, max).map((p) => {
+    const path = typeof p === 'string' ? p : p.path ?? p.slug ?? '';
+    const title = typeof p === 'object' && p && p.title ? ` — ${p.title}` : '';
+    return `  ${path}${title}`;
+  });
+  const more = pages.length > max ? `\n  …and ${pages.length - max} more` : '';
+  return lines.join('\n') + more;
+}
+

package/mcp/server.mjs

@@ -20,6 +20,16 @@ import { registerAppResource, RESOURCE_MIME_TYPE } from '@modelcontextprotocol/e
 import WebSocket from 'ws';
 import { LAYERS } from '../src/shared/constants.mjs';
 import { emptyExcalidrawScene, excalidrawSceneFromMermaid, stringifyExcalidrawScene } from '../src/shared/excalidraw.mjs';
+import { createGateState, markSearched, g1Block, g2Block, g3Block, selectWithinBudget, wouldExceedBudget, budgetError, formatWikiIndex, PROJECT_CONTEXT_BUDGET_CHARS } from './gates.mjs';
+
+// Frame actions that mutate content — gated by G1 (wiki search before editing).
+// Read-style actions (read, search, versions, get_*/read_*) are exempt.
+const G1_MUTATING_FRAME_ACTIONS = new Set([
+  'write', 'write_excalidraw', 'edit', 'mv', 'anchor', 'restore_version',
+  'write_sheet_values', 'append_sheet_rows', 'clear_sheet_range', 'update_sheet',
+  'write_doc_content', 'append_doc_content', 'clear_doc_content', 'update_doc',
+  'write_slide_content', 'append_slides', 'clear_slides', 'update_slide',
+]);
 const { UMAMI_EVENTS, trackUmamiEvent } = await (async () => {
   try {
     return await import('../server/lib/umami.mjs');
@@ -76,6 +86,7 @@ function getOrCreateSessionState(sid) {
       activeProjectId: null,
       activeProjectMeta: null,
       loadedSkillIds: new Set(),
+      gates: createGateState(),
       cachedOrgId: null,
       cachedOrgIdTime: 0,
       wsSessionId: null,
@@ -112,6 +123,23 @@ export function runWithRequestState(initial, fn) {
 // Stripped from the advertised schema on remote transports.
 const LOCAL_ONLY_PARAMS = ['file_path'];
 
+// Per-tool params whose value is arbitrary / deeply-nested JSON. Zod renders
+// these (z.any(), z.array(z.any()), z.object({}).passthrough()) as an UNTYPED
+// schema — an empty `{}` or an array whose `items` has no `type`. ChatGPT's
+// connector import runs OpenAI's strict Structured-Outputs JSON-Schema
+// validator over the whole `tools/list` and rejects the ENTIRE connector if any
+// tool contains an untyped subschema (Claude tolerates it; ChatGPT does not).
+// On remote transports we advertise each of these as a single JSON-encoded
+// string (always a valid typed schema) and parse it back to an object in the
+// tool wrapper before the handler runs — so the stdio contract, the Zod runtime
+// validation, and every handler stay byte-for-byte unchanged.
+const REMOTE_JSON_STRING_PARAMS = {
+  frame: ['excalidraw_data', 'requests'],
+  wiki: ['frontmatter', 'pages'],
+  project: ['layers'],
+  template: ['layers'],
+};
+
 // Remove sentences that reference local-file params from a tool description,
 // so remote-transport descriptions don't mention options that were stripped.
 function scrubLocalPathMentions(description) {
@@ -290,6 +318,15 @@ function tool(name, descOrSchema, schemaOrHandler, handler) {
         inputSchema[k] = field.describe(scrubLocalPathMentions(field.description));
       }
     }
+    // Present arbitrary-JSON params as a JSON string so the advertised schema is
+    // ChatGPT-valid (untyped `{}` subschemas fail OpenAI's strict validator and
+    // fail the whole connector). The wrapper below parses them back.
+    for (const k of (REMOTE_JSON_STRING_PARAMS[name] || [])) {
+      const field = inputSchema[k];
+      if (!field) continue;
+      const orig = field.description ? ` ${field.description}` : '';
+      inputSchema[k] = z.string().optional().describe(`JSON-encoded value — pass a JSON string.${orig}`);
+    }
     description = scrubLocalPathMentions(description);
   }
   const config = {
@@ -316,6 +353,17 @@ function tool(name, descOrSchema, schemaOrHandler, handler) {
     try {
       const requiredUpdateError = await getRequiredMcpUpdateError(name, args?.[0] || {});
       if (requiredUpdateError) return err(new Error(requiredUpdateError));
+      // Reverse the remote JSON-string encoding (see REMOTE_JSON_STRING_PARAMS)
+      // so handlers receive the same object/array shapes they get on stdio.
+      if (isRemote && args?.[0] && typeof args[0] === 'object') {
+        for (const k of (REMOTE_JSON_STRING_PARAMS[name] || [])) {
+          const v = args[0][k];
+          if (typeof v === 'string' && v.trim()) {
+            try { args[0][k] = JSON.parse(v); }
+            catch { return err(new Error(`Param "${k}" must be a JSON-encoded ${k === 'excalidraw_data' || k === 'frontmatter' ? 'object' : 'array'} string; JSON.parse failed.`)); }
+          }
+        }
+      }
       return await cb(...args);
     } finally {
       state.currentTool = previousTool;
@@ -614,34 +662,50 @@ function schedulePendingAuthPoll(delayMs = 2000) {
   if (typeof pendingAuthPollTimer.unref === 'function') pendingAuthPollTimer.unref();
 }
 
+// Cookie for normal tool operations. Deliberately uses ONLY this instance's
+// per-process session (getState().sessionId) and never the shared root login in
+// ~/.drafted/auth.json. The root is a *credential for minting child sessions*
+// (see cloneSession): every agent process on the machine reads the same root, so
+// operating on it directly is exactly what let one agent's get_org switch move
+// every other agent's active org. ensureSession() guarantees a per-instance
+// session before any operation runs.
 function getAuthHeaders() {
-  const sid = getState().sessionId || getBootstrapSessionId();
+  const sid = getState().sessionId;
   if (sid) return { Cookie: `gc_session=${sid}` };
   return {};
 }
 
+// Mint a fresh per-instance child session from the shared root login and bind it
+// to this process. The root session id (getBootstrapSessionId) is shared by every
+// agent on this machine via ~/.drafted/auth.json; the clone gives THIS process its
+// own server-side session so its active org/project stay isolated from other
+// agents. Returns true once a per-instance session is set.
 async function cloneSession() {
+  if (getState().sessionId) return true;
   const bootstrapId = getBootstrapSessionId();
-  if (!bootstrapId) return;
+  if (!bootstrapId) return false;
 
   try {
-    const url = `${getServerUrl()}/auth/session/clone`;
-    const res = await fetch(url, {
+    const res = await fetch(`${getServerUrl()}/auth/session/clone`, {
       method: 'POST',
       headers: { Cookie: `gc_session=${bootstrapId}` },
     });
-    if (!res.ok) return;
-    const data = await res.json();
-    if (data.sessionId) {
-      getState().sessionId = data.sessionId;
+    if (res.ok) {
+      const data = await res.json();
+      if (data.sessionId) {
+        getState().sessionId = data.sessionId;
+        return true;
+      }
     }
-  } catch { /* server may not be ready yet, will retry on first API call */ }
+  } catch { /* server may not be ready yet; caller retries on next API call */ }
+  return false;
 }
 
 async function ensureSession() {
   if (getState().sessionId) return;
-  await consumePendingDeviceCode();
-  if (getState().sessionId) return;
+  // A pending device-code login (from `auth get_link`) takes priority; consuming
+  // it mints this instance's own session. Otherwise clone the saved root login.
+  if (await consumePendingDeviceCode()) return;
   await cloneSession();
 }
 
@@ -905,94 +969,10 @@ function err(error) {
   return { content: [{ type: 'text', text: error.message || String(error) }], isError: true };
 }
 
-// ── Anchor enforcement ────────────────────────────────────────────
-// Track which frames this session has fully read (no line range = full read)
-const readFrameIds = new Set();
-
-// Cache anchored frames (refreshed on each check)
-let anchoredCache = null;
-let anchoredCacheTime = 0;
-
-async function getAnchoredFrames() {
-  // Cache for 10 seconds to avoid hammering the API
-  if (anchoredCache && Date.now() - anchoredCacheTime < 10000) return anchoredCache;
-  try {
-    anchoredCache = await api('GET', '/api/designs/anchored');
-    anchoredCacheTime = Date.now();
-    return anchoredCache;
-  } catch {
-    return [];
-  }
-}
-
 function parseLayer(path) {
   return path.replace(/^\/+/, '').split('/')[0];
 }
 
-async function checkAnchors(layer) {
-  const anchored = await getAnchoredFrames();
-  if (!Array.isArray(anchored)) return null;
-
-  const layerAnchors = anchored.filter(f => f.layer === layer);
-  if (layerAnchors.length === 0) return null;
-
-  const unread = layerAnchors.filter(f => !readFrameIds.has(f.id));
-  if (unread.length === 0) return null;
-
-  const paths = unread.map(f => `/${f.layer}/${f.lane}/${f.label}`);
-  return `This layer has ${layerAnchors.length} anchored frame(s) that must be read before making changes. ` +
-    `Unread anchors:\n${paths.map(p => '  read path="' + p + '"').join('\n')}\n\n` +
-    `Read all anchored frames first, then retry your operation.`;
-}
-
-// ── Project skill enforcement ─────────────────────────────────────
-// Skills attached to a project must be loaded by the agent before any
-// mutating operation in that project. Same shape as anchor enforcement.
-//
-// Loaded-skill state is per-MCP-session (see getSessionState) so that
-// (a) skill.load + wiki.write across separate HTTP requests stay coherent
-// and (b) one user's loads never satisfy another user's gate.
-const projectSkillsCache = new Map(); // projectId -> { data, time }
-
-async function getProjectSkills(projectId) {
-  if (!projectId) return [];
-  const cached = projectSkillsCache.get(projectId);
-  if (cached && Date.now() - cached.time < 10000) return cached.data;
-  try {
-    const result = await api('GET', `/api/projects/${projectId}/skills`);
-    const skills = Array.isArray(result?.skills) ? result.skills : (Array.isArray(result) ? result : []);
-    projectSkillsCache.set(projectId, { data: skills, time: Date.now() });
-    return skills;
-  } catch {
-    return [];
-  }
-}
-
-function invalidateProjectSkillsCache(projectId) {
-  if (projectId) projectSkillsCache.delete(projectId);
-}
-
-async function checkProjectSkills(projectId, operation) {
-  if (!projectId) return null;
-  const skills = await getProjectSkills(projectId);
-  if (skills.length === 0) return null;
-  const loaded = getSessionState().loadedSkillIds;
-  const unloaded = skills.filter(s => !loaded.has(s.id));
-  if (unloaded.length === 0) return null;
-
-  // Fire-and-forget: tell the server so any open browser shows a toast.
-  api('POST', `/api/projects/${projectId}/skill-gate-events`, {
-    unloadedSkills: unloaded.map(s => ({ id: s.id, name: s.name, slug: s.slug })),
-    operation: operation || 'mutation',
-    agent: process.env.DRAFTED_AGENT_NAME || null,
-  }).catch(() => { /* non-fatal */ });
-
-  const lines = unloaded.map(s => `  skill(action="load", skill="${s.slug || s.id}")  -- ${s.name}`);
-  return `This project has ${skills.length} attached skill(s) that must be loaded before making changes. ` +
-    `Unloaded skills:\n${lines.join('\n')}\n\n` +
-    `Load all attached skills first, then retry your operation. Skills tell you HOW to do the work — they're not optional.`;
-}
-
 // ── Org skill enforcement ────────────────────────────────────────
 // Same shape as project skill enforcement but for org-attached skills.
 // Wiki mutations require org skills to be loaded first.
@@ -1027,6 +1007,42 @@ async function getOrgSkills(orgId) {
   } catch { return []; }
 }
 
+// Sum the per-project priming content (attached skill bodies + project anchor
+// bodies) so deposits can be capped against the per-project context budget (G4/G5).
+async function getProjectPrimingSize(projectId) {
+  if (!projectId) return 0;
+  let total = 0;
+  try {
+    const { skills = [] } = (await api('GET', `/api/projects/${projectId}/skills`)) || {};
+    for (const s of skills) {
+      try { const full = await api('GET', `/api/skills/${s.id}`); total += (full?.content || '').length; } catch { /* skip */ }
+    }
+  } catch { /* skills unavailable */ }
+  try {
+    const anchored = await api('GET', `/api/designs/anchored?projectId=${projectId}`);
+    for (const a of (Array.isArray(anchored) ? anchored : [])) total += (a?.content || '').length;
+  } catch { /* anchors unavailable */ }
+  return total;
+}
+
+// Best-effort size (chars) of a frame's content by path / URL / id — for the
+// anchor deposit cap. Returns 0 if it can't be read (cap then allows).
+async function getFrameContentSize(path) {
+  try {
+    const s = String(path);
+    const frameId = s.match(/\/f\/([a-f0-9-]{36})/)?.[1] || (s.match(/^[a-f0-9-]{36}$/) ? s : null);
+    let result;
+    if (frameId) {
+      result = await api('GET', `/api/fs/by-id/${frameId}`);
+    } else {
+      const parts = s.replace(/^\/+/, '').split('/');
+      if (parts.length !== 3) return 0;
+      result = await api('GET', `/api/fs/${parts[0]}/${parts[1]}/${parts[2]}`);
+    }
+    return (result?.content || '').length;
+  } catch { return 0; }
+}
+
 async function checkOrgSkills(orgId, operation) {
   if (!orgId) return null;
   const skills = await getOrgSkills(orgId);
@@ -1130,10 +1146,14 @@ async function consumePendingDeviceCode() {
     if (!res.ok) return false;
     const data = await res.json();
     if (data.status === 'approved' && data.sessionId) {
+      // data.sessionId is the shared ROOT login. Persist it as the machine-level
+      // credential, then mint our OWN per-instance child session from it (mirrors
+      // the `auth login` tool) so this process never operates on the shared root.
       persistAuthSession(data);
-      getState().sessionId = data.sessionId;
       clearPendingDeviceCode();
-      return true;
+      getState().sessionId = null;
+      await cloneSession();
+      return !!getState().sessionId;
     }
     if (data.status === 'expired') {
       clearPendingDeviceCode();
@@ -1303,42 +1323,62 @@ tool('project', 'START HERE for project management. Dispatch by `action`: list (
             exec(`${cmd} ${JSON.stringify(url)}`);
           }
         }
-        let projectSkillsList = [];
-        try {
-          const skillData = await api('GET', `/api/projects/${projectId}/skills`);
-          projectSkillsList = skillData.skills || [];
-        } catch { /* skills not available yet */ }
-
-        if (projectSkillsList.length > 0 && projectSkillsList.length <= 3) {
+        // G4/G5 auto-inject (locked design): the project's attached skills + anchors
+        // are pushed into the open response within the per-project context budget,
+        // replacing the reject-style gate. Prefer the server-computed `priming`
+        // (authoritative + fresh on deploy); fall back to MCP-side assembly for
+        // older servers that don't return it.
+        let responseExtras;
+        const priming = result && result.priming ? result.priming : null;
+        if (priming) {
+          const primedSkills = priming.skills || [];
+          const primedAnchors = priming.anchors || [];
+          for (const s of primedSkills) getSessionState().loadedSkillIds.add(s.id);
+          responseExtras = { url, opened: true, navigated, skills: primedSkills, anchors: primedAnchors };
+          if (priming.budgetNotice) responseExtras.budgetNotice = priming.budgetNotice;
+        } else {
+          let projectSkillsList = [];
+          try {
+            const skillData = await api('GET', `/api/projects/${projectId}/skills`);
+            projectSkillsList = skillData.skills || [];
+          } catch { /* skills not available yet */ }
           for (const s of projectSkillsList) {
             try {
               const full = await api('GET', `/api/skills/${s.id}`);
               s.content = full.content;
               s.files = full.files || [];
-              // Skill content was inlined in this response — count it as loaded
-              // so the project-skill gate doesn't immediately demand a re-load.
-              getSessionState().loadedSkillIds.add(s.id);
-            } catch { /* skip */ }
+            } catch { /* leaves this skill without inlined content */ }
           }
-        }
-
-        // Refresh project-skill cache so the gate uses fresh data after open
-        invalidateProjectSkillsCache(projectId);
-
-        const responseExtras = { url, opened: true, navigated, skills: projectSkillsList };
-        if (projectSkillsList.length > 3) {
-          const sessionLoaded = getSessionState().loadedSkillIds;
-          const unloaded = projectSkillsList.filter(s => !sessionLoaded.has(s.id));
-          if (unloaded.length > 0) {
-            responseExtras.skillGateNotice =
-              `This project has ${projectSkillsList.length} attached skills (too many to auto-inline). ` +
-              `You MUST call skill(action="load") for each before any mutation. Unloaded: ` +
-              unloaded.map(s => s.slug || s.id).join(', ');
+          let anchors = [];
+          try {
+            const anchored = await api('GET', `/api/designs/anchored?projectId=${projectId}`);
+            anchors = (Array.isArray(anchored) ? anchored : []).map(a => ({
+              id: a.id,
+              path: a.path || `/${a.layer || ''}/${a.lane || ''}/${a.label || ''}`,
+              layer: a.layer,
+              content: a.content || '',
+            }));
+          } catch { /* anchors unavailable */ }
+          const sel = selectWithinBudget([...projectSkillsList, ...anchors], PROJECT_CONTEXT_BUDGET_CHARS);
+          for (const it of sel.included) {
+            if (projectSkillsList.includes(it)) getSessionState().loadedSkillIds.add(it.id);
+          }
+          for (const it of sel.deferred) { it.content = undefined; if ('files' in it) it.files = undefined; }
+          responseExtras = { url, opened: true, navigated, skills: projectSkillsList, anchors };
+          if (sel.deferred.length > 0) {
+            responseExtras.budgetNotice =
+              `${sel.deferred.length} attached skill(s)/anchor(s) exceeded the per-project context budget ` +
+              `(${PROJECT_CONTEXT_BUDGET_CHARS} chars) and were not inlined — load explicitly if needed: ` +
+              sel.deferred.map(it => it.slug || it.path || it.id).join(', ');
           }
         }
+        // Don't echo the raw priming blob (surfaced via skills/anchors/budgetNotice).
+        if (result && typeof result === 'object') delete result.priming;
         return ok({ ...result, ...responseExtras });
       }
       case 'create': {
+        const g3 = g3Block(getSessionState().gates);
+        if (g3) return err(new Error(g3));
         const { name, description, templateSlug } = args;
         if (!name) throw new Error('name required for action=create');
         const body = { name };
@@ -1380,8 +1420,11 @@ tool('template', 'Manage project templates in the org. Dispatch by `action`: lis
   try {
     const { action } = args;
     switch (action) {
-      case 'list':
-        return ok(await api('GET', '/api/templates'));
+      case 'list': {
+        const tpls = await api('GET', '/api/templates');
+        markSearched(getSessionState().gates, 'template');
+        return ok(tpls);
+      }
       case 'create': {
         const { name, description, layers, skillSlugs, visibility } = args;
         if (!name || !description || !layers) throw new Error('name, description, layers required for action=create');
@@ -1468,6 +1511,7 @@ tool('screenshot', 'Render a PNG via headless browser. `scope=frame` captures a
         frameId = frame.id;
       }
       const url = `${getServerUrl()}/api/screenshot/${frameId}?width=${width}&height=${height}&fullPage=${fullPage}`;
+      await ensureSession();
       const res = await fetch(url, { headers: getAuthHeaders() });
       if (!res.ok) throw new Error(`Screenshot failed: ${res.status}`);
       const buffer = await res.arrayBuffer();
@@ -1486,6 +1530,7 @@ tool('screenshot', 'Render a PNG via headless browser. `scope=frame` captures a
         targetSlug = active.slug;
       }
       const url = `${getServerUrl()}/api/canvas-screenshot/${encodeURIComponent(targetSlug)}?layer=${encodeURIComponent(layer)}&width=${width}&height=${height}`;
+      await ensureSession();
       const res = await fetch(url, { headers: getAuthHeaders() });
       if (!res.ok) throw new Error(`Canvas screenshot failed: ${res.status} ${await res.text()}`);
       const buffer = await res.arrayBuffer();
@@ -1514,8 +1559,6 @@ tool('layer', 'Manage layers in a project. Dispatch by `action`: add/update/remo
   try {
     const { action, projectId } = args;
     if (!projectId) throw new Error('projectId is required');
-    const skillErr = await checkProjectSkills(projectId);
-    if (skillErr) return err(new Error(skillErr));
     switch (action) {
       case 'add': {
         const { key, label, type, width, height, description, prompt } = args;
@@ -1827,11 +1870,11 @@ tool('frame', 'Frame CRUD in the ACTIVE PROJECT. Dispatch by `action`: read (by
     bullets: z.array(z.string()).optional(),
     speakerNotes: z.string().optional(),
     layout: z.string().optional(),
-  }).passthrough()).optional().describe('[write_slide_content|append_slides] Structured slide spec: [{ title, bullets, speakerNotes?, layout? }].'),
+  })).optional().describe('[write_slide_content|append_slides] Structured slide spec: [{ title, bullets, speakerNotes?, layout? }].'),
   requests: z.array(z.any()).optional().describe('[update_doc|update_slide] Raw Google Docs/Slides batchUpdate requests for advanced updates only; common Doc/Slide population should use write_doc_content/append_doc_content/write_slide_content/append_slides.'),
   slideObjectIds: z.array(z.string()).optional().describe('[clear_slides] Optional slide object IDs to delete. Omit to clear all slides.'),
   range: z.string().optional().describe('[Sheet value actions] A1 range, e.g. Sheet1!A1 or Data!A:Z.'),
-  values: z.array(z.array(z.any())).optional().describe('[write_sheet_values|append_sheet_rows] 2D array of row values.'),
+  values: z.array(z.array(z.union([z.string(), z.number(), z.boolean(), z.null()]))).optional().describe('[write_sheet_values|append_sheet_rows] 2D array of row values (each cell: string, number, boolean, or null).'),
   valueInputOption: z.enum(['RAW', 'USER_ENTERED']).optional().describe('[write_sheet_values|append_sheet_rows] Google Sheets value input option. Defaults to USER_ENTERED.'),
   majorDimension: z.enum(['ROWS', 'COLUMNS']).optional().describe('[Sheet value actions] Major dimension for values. Defaults to ROWS when writing/appending.'),
   valueRenderOption: z.enum(['FORMATTED_VALUE', 'UNFORMATTED_VALUE', 'FORMULA']).optional().describe('[read_sheet_values] How values should be rendered. Defaults to Google Sheets API default.'),
@@ -1862,6 +1905,16 @@ tool('frame', 'Frame CRUD in the ACTIVE PROJECT. Dispatch by `action`: read (by
 }, async (args) => {
   try {
     const { action } = args;
+    // G1: don't edit frame content before the session has searched the wiki.
+    // When blocking, auto-inject the (bounded) wiki index so the search lands.
+    if (G1_MUTATING_FRAME_ACTIONS.has(action)) {
+      const gs = getSessionState().gates;
+      if (!gs.wikiSearched) {
+        let wikiIndex = '';
+        try { const tree = await api('GET', '/api/wiki/tree'); wikiIndex = formatWikiIndex(tree?.pages || []); } catch { /* index best-effort */ }
+        return err(new Error(g1Block(gs, wikiIndex)));
+      }
+    }
     // Echo project context on every mutation so the agent sees where the
     // write landed before it can develop a wrong assumption.
     const projectCtx = getCurrentProjectContext();
@@ -1902,9 +1955,6 @@ tool('frame', 'Frame CRUD in the ACTIVE PROJECT. Dispatch by `action`: read (by
           if (parts.length !== 3) throw new Error('Path must be /{layer}/{lane}/{filename}, a frame URL, or a frame ID');
           result = await api('GET', `/api/fs/${parts[0]}/${parts[1]}/${parts[2]}${query}`);
         }
-        if (!lines && result.ok && result.id) {
-          readFrameIds.add(result.id);
-        }
         // Surface content as the visible text. Some Claude clients prefer
         // structuredContent over text when both are present and structured looks
         // "complete" — so include content in BOTH places to ensure the agent
@@ -2036,10 +2086,6 @@ tool('frame', 'Frame CRUD in the ACTIVE PROJECT. Dispatch by `action`: read (by
         const writeSources = [content != null, !!file_path, base64 != null, !!googleType].filter(Boolean).length;
         if (writeSources > 1) throw new Error('Provide only one of content, file_path, base64, or googleType');
         if (writeSources === 0) throw new Error('Provide content, file_path, base64, or googleType');
-        const skillErr = await checkProjectSkills(getState().projectId);
-        if (skillErr) return err(new Error(skillErr));
-        const anchorErr = await checkAnchors(parseLayer(path));
-        if (anchorErr) return err(new Error(anchorErr));
         const parts = path.replace(/^\/+/, '').split('/');
         if (parts.length !== 3) throw new Error('Path must be /{layer}/{lane}/{filename}');
         if (googleType) {
@@ -2101,10 +2147,6 @@ tool('frame', 'Frame CRUD in the ACTIVE PROJECT. Dispatch by `action`: read (by
         const { path, excalidraw_data, mermaid, width, height, color } = args;
         if (!path) throw new Error('path required for action=write_excalidraw');
         if (excalidraw_data != null && mermaid) throw new Error('Provide only one of excalidraw_data or mermaid');
-        const skillErr = await checkProjectSkills(getState().projectId);
-        if (skillErr) return err(new Error(skillErr));
-        const anchorErr = await checkAnchors(parseLayer(path));
-        if (anchorErr) return err(new Error(anchorErr));
         const parts = path.replace(/^\/+/, '').split('/');
         if (parts.length !== 3) throw new Error('Path must be /{layer}/{lane}/{filename}');
         const filename = parts[2].toLowerCase().endsWith('.excalidraw') ? parts[2] : parts[2] + '.excalidraw';
@@ -2123,10 +2165,6 @@ tool('frame', 'Frame CRUD in the ACTIVE PROJECT. Dispatch by `action`: read (by
         const { path, operations } = args;
         if (!path) throw new Error('path required for action=edit');
         if (!Array.isArray(operations) || operations.length === 0) throw new Error('operations (array) required for action=edit');
-        const skillErr = await checkProjectSkills(getState().projectId);
-        if (skillErr) return err(new Error(skillErr));
-        const anchorErr = await checkAnchors(parseLayer(path));
-        if (anchorErr) return err(new Error(anchorErr));
         const result = await api('POST', '/api/fs/edit', { path, operations });
         return ok(withProject(result), {
           structuredContent: frameStructuredContent(result, projectCtx),
@@ -2148,20 +2186,19 @@ tool('frame', 'Frame CRUD in the ACTIVE PROJECT. Dispatch by `action`: read (by
             note: 'No changes applied. Re-call with dryRun=false (or omit) to perform the rename.',
           }));
         }
-        const skillErr = await checkProjectSkills(getState().projectId);
-        if (skillErr) return err(new Error(skillErr));
-        const fromErr = await checkAnchors(parseLayer(from));
-        if (fromErr) return err(new Error(fromErr));
-        const toErr = await checkAnchors(parseLayer(to));
-        if (toErr) return err(new Error(toErr));
         return ok(withProject(await api('POST', '/api/fs/mv', { from, to })));
       }
       case 'anchor': {
         const { path, anchored } = args;
         if (!path) throw new Error('path required for action=anchor');
         if (typeof anchored !== 'boolean') throw new Error('anchored (boolean) required for action=anchor');
-        const skillErr = await checkProjectSkills(getState().projectId);
-        if (skillErr) return err(new Error(skillErr));
+        // Cap (G5): anchoring adds the frame's body to the project's required-reading
+        // set — reject if it would push the project past the per-project budget.
+        if (anchored === true) {
+          const used = await getProjectPrimingSize(getState().projectId);
+          const addSize = await getFrameContentSize(path);
+          if (wouldExceedBudget(used, addSize)) return err(new Error(budgetError(used, addSize, 'this anchored frame')));
+        }
         return ok(withProject(await api('POST', '/api/fs/anchor', { path, anchored })));
       }
 
@@ -2180,8 +2217,6 @@ tool('frame', 'Frame CRUD in the ACTIVE PROJECT. Dispatch by `action`: read (by
       case 'restore_version': {
         const { versionId, reason } = args;
         if (!versionId) throw new Error('versionId required for action=restore_version');
-        const skillErr = await checkProjectSkills(getState().projectId);
-        if (skillErr) return err(new Error(skillErr));
         const result = await api('POST', '/api/fs/restore-version', { versionId, reason });
         return ok(withProject(result));
       }
@@ -2275,10 +2310,6 @@ tool('rm', 'Delete a frame or lane from the ACTIVE PROJECT. Response includes "p
   path: z.string().describe('Path to delete: /{layer}/{lane}/{filename} or /{layer}/{lane} (deletes entire lane).'),
 }, async ({ path }) => {
   try {
-    const skillErr = await checkProjectSkills(getState().projectId);
-    if (skillErr) return err(new Error(skillErr));
-    const anchorErr = await checkAnchors(parseLayer(path));
-    if (anchorErr) return err(new Error(anchorErr));
     const clean = path.replace(/^\/+|\/+$/g, '');
     const result = await api('DELETE', `/api/fs/${clean}`);
     return ok({ ...result, project: getCurrentProjectContext() });
@@ -2316,8 +2347,6 @@ tool('batch', 'Batch operations on the ACTIVE PROJECT. Response includes "projec
       if (op.to) layers.add(parseLayer(op.to));
     }
     for (const layer of layers) {
-      const anchorErr = await checkAnchors(layer);
-      if (anchorErr) return err(new Error(anchorErr));
     }
 
     // Resolve file_path → base64 for write operations before sending to server
@@ -2407,8 +2436,6 @@ tool('asset', 'Manage supporting files (CSS, JS, images, fonts) in the ACTIVE PR
     const projectId = getState().projectId;
     if (!projectId) throw new Error('No active project. Call project(action="open") first.');
     if (action === 'upload') {
-      const skillErr = await checkProjectSkills(projectId);
-      if (skillErr) return err(new Error(skillErr));
       const { asset_path, file_path, content, base64: rawBase64, content_type, frame_id } = args;
       if (!asset_path) throw new Error('asset_path is required for action=upload');
       if (asset_path.includes('..')) throw new Error('asset_path must not contain ".."');
@@ -2438,8 +2465,6 @@ tool('asset', 'Manage supporting files (CSS, JS, images, fonts) in the ACTIVE PR
       return ok(await api('GET', `/api/projects/${projectId}/assets${query}`));
     }
     if (action === 'rm') {
-      const skillErr = await checkProjectSkills(projectId);
-      if (skillErr) return err(new Error(skillErr));
       const { asset_path } = args;
       if (!asset_path) throw new Error('asset_path is required for action=rm');
       if (asset_path.includes('..')) throw new Error('asset_path must not contain ".."');
@@ -2465,8 +2490,6 @@ tool('shape', 'Create a flowchart shape on the surface. Shapes are lightweight t
   layoutIgnore: z.boolean().optional().describe('Exclude this shape from auto-layout. Use for annotations, labels, or manually positioned elements.'),
 }, async ({ text, shape, layer, lane, color, fill, textColor, group, width, height, layoutIgnore }) => {
   try {
-    const skillErr = await checkProjectSkills(getState().projectId);
-    if (skillErr) return err(new Error(skillErr));
     const body = { text, shape };
     if (layer) body.layer = layer;
     if (lane) body.lane = lane;
@@ -2491,8 +2514,6 @@ tool('group', 'Create a group (swim lane / region) on the surface. Groups are la
   order: z.number().optional().describe('Sort order for group positioning (lower = first). Default: 0'),
 }, async ({ label, color, fill, layer, lane, order }) => {
   try {
-    const skillErr = await checkProjectSkills(getState().projectId);
-    if (skillErr) return err(new Error(skillErr));
     const body = { label };
     if (color) body.color = color;
     if (fill) body.fill = fill;
@@ -2515,8 +2536,6 @@ tool('connector', 'Create or remove connectors (arrows) between frames on the su
   connectorId: z.string().optional().describe('[disconnect] connector ID to delete directly'),
 }, async (args) => {
   try {
-    const skillErr = await checkProjectSkills(getState().projectId);
-    if (skillErr) return err(new Error(skillErr));
     const { action } = args;
     if (action === 'connect') {
       const { source, target, label, type = 'arrow-forward', color } = args;
@@ -2558,8 +2577,6 @@ tool('layout', 'Auto-arrange frames using graph layout algorithm. Positions conn
   groups: z.boolean().optional().default(false).describe('Enable group clustering. When true, shapes assigned to a group (via the group param) are clustered together, and group frames are resized to enclose their members.'),
 }, async ({ direction, groups }) => {
   try {
-    const skillErr = await checkProjectSkills(getState().projectId);
-    if (skillErr) return err(new Error(skillErr));
     const body = { direction };
     if (groups) body.groups = true;
     const result = await api('POST', '/api/layout', body);
@@ -2602,6 +2619,7 @@ tool('skill', 'Manage the Drafted skill library. Skills are reusable prompts/gui
         const qs = params.toString();
         const endpoint = query ? '/api/skills/search' : '/api/skills';
         const result = await api('GET', `${endpoint}${qs ? '?' + qs : ''}`);
+        markSearched(getSessionState().gates, 'skill');
         const cap = Math.min(Math.max(1, limit || 25), 100);
         if (Array.isArray(result?.skills)) {
           if (result.skills.length > cap) {
@@ -2657,6 +2675,8 @@ tool('skill', 'Manage the Drafted skill library. Skills are reusable prompts/gui
         return ok(await api('GET', `/api/orgs/${orgId}/skills`));
       }
       case 'add': {
+        const g2 = g2Block(getSessionState().gates);
+        if (g2) return err(new Error(g2));
         const { name, description, content, tags, triggerPatterns } = args;
         if (!name || !description || !content) throw new Error('name, description, content required for action=add');
         const body = { name, description, content };
@@ -2685,8 +2705,15 @@ tool('skill', 'Manage the Drafted skill library. Skills are reusable prompts/gui
         const { skillId } = args;
         if (!skillId) throw new Error('skillId required for action=attach');
         if (!getState().projectId) throw new Error('No active project. Call project(action="open") first.');
+        // Cap (G4): keep attached skills + anchors within the per-project budget so
+        // the auto-inject set always fits — reject the attach if it would overflow.
+        try {
+          const used = await getProjectPrimingSize(getState().projectId);
+          let addSize = 0;
+          try { const full = await api('GET', `/api/skills/${skillId}`); addSize = (full?.content || '').length; } catch { /* unknown size */ }
+          if (wouldExceedBudget(used, addSize)) return err(new Error(budgetError(used, addSize, 'this skill')));
+        } catch { /* size check is best-effort */ }
         const result = await api('POST', `/api/projects/${getState().projectId}/skills`, { skillId });
-        invalidateProjectSkillsCache(getState().projectId);
         return ok(result);
       }
       case 'detach': {
@@ -2694,7 +2721,6 @@ tool('skill', 'Manage the Drafted skill library. Skills are reusable prompts/gui
         if (!skillId) throw new Error('skillId required for action=detach');
         if (!getState().projectId) throw new Error('No active project. Call project(action="open") first.');
         const result = await api('DELETE', `/api/projects/${getState().projectId}/skills/${skillId}`);
-        invalidateProjectSkillsCache(getState().projectId);
         return ok(result);
       }
       case 'favorite': {
@@ -2889,6 +2915,7 @@ tool('wiki', 'Per-org wiki. Markdown pages with paths as hierarchy. You and othe
         if (!searchQuery) throw new Error('query required for action=search');
         const result = await api('GET', `/api/wiki/search?q=${encodeURIComponent(searchQuery)}&limit=${searchLimit}`);
         const hits = (result.hits || []).map(h => ({ path: h.path, title: h.title, url: wikiBrowserUrl(h.path) }));
+        markSearched(getSessionState().gates, 'wiki');
         return ok({ hits });
       }
 
@@ -2967,10 +2994,6 @@ tool('wiki', 'Per-org wiki. Markdown pages with paths as hierarchy. You and othe
         const { path, excalidraw_data, mermaid, width, height, color } = args;
         if (!path) throw new Error('path required for action=write_excalidraw');
         if (excalidraw_data != null && mermaid) throw new Error('Provide only one of excalidraw_data or mermaid');
-        const skillErr = await checkProjectSkills(getState().projectId);
-        if (skillErr) return err(new Error(skillErr));
-        const anchorErr = await checkAnchors(parseLayer(path));
-        if (anchorErr) return err(new Error(anchorErr));
         const parts = path.replace(/^\/+/, '').split('/');
         if (parts.length !== 3) throw new Error('Path must be /{layer}/{lane}/{filename}');
         const filename = parts[2].toLowerCase().endsWith('.excalidraw') ? parts[2] : parts[2] + '.excalidraw';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "drafted",
-  "version": "1.7.25",
+  "version": "1.8.0",
   "description": "Drafted — visual thinking surface for humans and AI agents. Renders HTML, markdown, images, and code as frames on a zoomable canvas, with MCP tools for AI agents and real-time sync for humans.",
   "type": "module",
   "files": [
@@ -28,7 +28,7 @@
     "import:legacy": "tsx scripts/import-legacy.mts",
     "test": "vitest run",
     "test:watch": "vitest",
-    "version": "node scripts/sync-versions.mjs && git add plugin/.claude-plugin/plugin.json .claude-plugin/marketplace.json",
+    "version": "node scripts/sync-versions.mjs && git add plugin/.claude-plugin/plugin.json .claude-plugin/marketplace.json web-plugin/.claude-plugin/plugin.json web-plugin/.claude-plugin/marketplace.json",
     "version:check": "node scripts/sync-versions.mjs",
     "postpublish": "bash scripts/sync-plugin.sh \"chore: sync plugin to v$npm_package_version\"",
     "deploy:check:google": "node scripts/check-google-drive-deploy.mjs",

package/src/shared/gate-budget.mjs

@@ -0,0 +1,30 @@
+// Single source of truth for the per-project auto-inject context budget.
+// Shared by the MCP gate logic (mcp/gates.mjs) and the server-side deposit caps
+// (server/lib/project-skill-routes.mjs) so web-remote, local-stdio, and raw-API
+// callers all enforce the same limit. ~24k chars ≈ 6k tokens.
+export const PROJECT_CONTEXT_BUDGET_CHARS = 24000;
+
+function gateItemChars(it) {
+  if (it && typeof it === 'object') {
+    if (it.content != null) return String(it.content).length;
+    if (typeof it.chars === 'number') return it.chars;
+  }
+  if (typeof it === 'string') return it.length;
+  if (typeof it === 'number') return it;
+  return 0;
+}
+
+// Greedily include items whose sizes fit the budget (in priority order); defer the
+// rest. Shared by the server-side project-open priming assembly and the MCP gate
+// fallback so both produce identical auto-inject sets.
+export function selectWithinBudget(items, budget = PROJECT_CONTEXT_BUDGET_CHARS, sizeOf = gateItemChars) {
+  const included = [];
+  const deferred = [];
+  let used = 0;
+  for (const it of items || []) {
+    const size = sizeOf(it);
+    if (used + size <= budget) { included.push(it); used += size; }
+    else { deferred.push(it); }
+  }
+  return { included, deferred, used, budget };
+}