forge-openclaw-plugin 0.2.43 → 0.2.45

package/dist/server/server/src/app.js

@@ -56,7 +56,7 @@ import { PSYCHE_ENTITY_TYPES, createBehaviorSchema, createBeliefEntrySchema, cre
 import { createQuestionnaireInstrumentSchema, publishQuestionnaireVersionSchema, startQuestionnaireRunSchema, updateQuestionnaireRunSchema, updateQuestionnaireVersionSchema } from "./questionnaire-types.js";
 import { createPreferenceCatalogItemSchema, createPreferenceCatalogSchema, createPreferenceContextSchema, createPreferenceItemSchema, enqueueEntityPreferenceItemSchema, mergePreferenceContextsSchema, preferenceWorkspaceQuerySchema, startPreferenceGameSchema, submitAbsoluteSignalSchema, submitPairwiseJudgmentSchema, updatePreferenceCatalogItemSchema, updatePreferenceCatalogSchema, updatePreferenceContextSchema, updatePreferenceItemSchema, updatePreferenceScoreSchema } from "./preferences-types.js";
 import { createDataBackupSchema, dataExportQuerySchema, restoreDataBackupSchema, switchDataRootSchema, updateDataManagementSettingsSchema } from "./data-management-types.js";
-import { activityListQuerySchema, activitySourceSchema, createAgentActionSchema, createAgentRuntimeSessionEventSchema, createAgentRuntimeSessionSchema, createAgentTokenSchema, createAiConnectorSchema, createAiProcessorLinkSchema, createAiProcessorSchema, runAiConnectorSchema, writeSurfaceLayoutSchema, upsertAiModelConnectionSchema, testAiModelConnectionSchema, submitOpenAiCodexOauthManualCodeSchema, batchCreateEntitiesSchema, batchDeleteEntitiesSchema, batchRestoreEntitiesSchema, batchSearchEntitiesSchema, batchUpdateEntitiesSchema, createGoalSchema, createInsightFeedbackSchema, createInsightSchema, createStrategySchema, createUserSchema, createNoteSchema, createProjectSchema, createManualRewardGrantSchema, createCalendarEventSchema, createHabitCheckInSchema, createCalendarConnectionSchema, createDiagnosticLogSchema, discoverCalendarConnectionSchema, startGoogleCalendarOauthSchema, startMicrosoftCalendarOauthSchema, testMicrosoftCalendarOauthConfigurationSchema, createHabitSchema, createTaskTimeboxSchema, createWorkBlockTemplateSchema, createSessionEventSchema, createWorkAdjustmentSchema, createTagSchema, calendarOverviewQuerySchema, psycheObservationCalendarExportQuerySchema, notesListQuerySchema, updateTagSchema, createTaskSchema, diagnosticLogListQuerySchema, disconnectAgentRuntimeSessionSchema, eventsListQuerySchema, heartbeatAgentRuntimeSessionSchema, operatorLogWorkSchema, projectBoardPayloadSchema, projectListQuerySchema, entityDeleteQuerySchema, removeActivityEventSchema, reconnectAgentRuntimeSessionSchema, resolveApprovalRequestSchema, rewardsLedgerQuerySchema, habitListQuerySchema, taskContextPayloadSchema, taskRunClaimSchema, taskRunFocusSchema, taskRunFinishSchema, taskRunHeartbeatSchema, taskRunListQuerySchema, taskSplitCreateSchema, taskListQuerySchema, tagSuggestionRequestSchema, uncompleteTaskSchema, updateSettingsSchema, updateGoalSchema, updateHabitSchema, updateInsightSchema, updateStrategySchema, updateUserSchema, updateCalendarConnectionSchema, updateCalendarEventSchema, updateNoteSchema, updateProjectSchema, updateRewardRuleSchema, updateTaskTimeboxSchema, updateTaskSchema, lifeForceProfilePatchSchema, lifeForceTemplateUpdateSchema, fatigueSignalCreateSchema, updateUserAccessGrantSchema, updateWorkBlockTemplateSchema, updateAiConnectorSchema, updateAiProcessorSchema, runAiProcessorSchema, workAdjustmentResultSchema, finalizeWeeklyReviewResultSchema, goalListQuerySchema, recommendTaskTimeboxesSchema, strategyListQuerySchema } from "./types.js";
+import { activityListQuerySchema, activitySourceSchema, defaultAgentBootstrapPolicy, defaultAgentScopePolicy, createAgentActionSchema, createAgentRuntimeSessionEventSchema, createAgentRuntimeSessionSchema, createAgentTokenSchema, createAiConnectorSchema, createAiProcessorLinkSchema, createAiProcessorSchema, runAiConnectorSchema, writeSurfaceLayoutSchema, upsertAiModelConnectionSchema, testAiModelConnectionSchema, submitOpenAiCodexOauthManualCodeSchema, batchCreateEntitiesSchema, batchDeleteEntitiesSchema, batchRestoreEntitiesSchema, batchSearchEntitiesSchema, batchUpdateEntitiesSchema, createGoalSchema, createInsightFeedbackSchema, createInsightSchema, createStrategySchema, createUserSchema, createNoteSchema, createProjectSchema, createManualRewardGrantSchema, createCalendarEventSchema, createHabitCheckInSchema, createCalendarConnectionSchema, createDiagnosticLogSchema, discoverCalendarConnectionSchema, startGoogleCalendarOauthSchema, startMicrosoftCalendarOauthSchema, testMicrosoftCalendarOauthConfigurationSchema, createHabitSchema, createTaskTimeboxSchema, createWorkBlockTemplateSchema, createSessionEventSchema, createWorkAdjustmentSchema, createTagSchema, calendarOverviewQuerySchema, psycheObservationCalendarExportQuerySchema, notesListQuerySchema, updateTagSchema, createTaskSchema, diagnosticLogListQuerySchema, disconnectAgentRuntimeSessionSchema, eventsListQuerySchema, heartbeatAgentRuntimeSessionSchema, operatorLogWorkSchema, projectBoardPayloadSchema, projectListQuerySchema, entityDeleteQuerySchema, removeActivityEventSchema, reconnectAgentRuntimeSessionSchema, resolveApprovalRequestSchema, rewardsLedgerQuerySchema, habitListQuerySchema, taskContextPayloadSchema, taskRunClaimSchema, taskRunFocusSchema, taskRunFinishSchema, taskRunHeartbeatSchema, taskRunListQuerySchema, taskSplitCreateSchema, taskListQuerySchema, tagSuggestionRequestSchema, uncompleteTaskSchema, updateSettingsSchema, updateGoalSchema, updateHabitSchema, updateInsightSchema, updateStrategySchema, updateUserSchema, updateCalendarConnectionSchema, updateCalendarEventSchema, updateNoteSchema, updateProjectSchema, updateRewardRuleSchema, updateTaskTimeboxSchema, updateTaskSchema, lifeForceProfilePatchSchema, lifeForceTemplateUpdateSchema, fatigueSignalCreateSchema, updateUserAccessGrantSchema, updateWorkBlockTemplateSchema, updateAiConnectorSchema, updateAiProcessorSchema, runAiProcessorSchema, workAdjustmentResultSchema, finalizeWeeklyReviewResultSchema, goalListQuerySchema, recommendTaskTimeboxesSchema, strategyListQuerySchema } from "./types.js";
 import { buildOpenApiDocument } from "./openapi.js";
 import { registerWebRoutes } from "./web.js";
 import { createManagerRuntime } from "./managers/runtime.js";
@@ -1980,6 +1980,29 @@ function buildPreferredMutationPath(entityType) {
             return "Read-only surface.";
     }
 }
+function buildPreferredMutationTool(entityType) {
+    if (entityType in AGENT_ONBOARDING_BATCH_ROUTE_BASES) {
+        return "forge_create_entities | forge_update_entities | forge_delete_entities | forge_search_entities";
+    }
+    switch (entityType) {
+        case "wiki_page":
+            return "forge_upsert_wiki_page";
+        case "calendar_connection":
+            return "forge_connect_calendar_provider | forge_sync_calendar_connection";
+        case "task_run":
+            return "forge_start_task_run | forge_heartbeat_task_run | forge_focus_task_run | forge_complete_task_run | forge_release_task_run";
+        case "questionnaire_run":
+            return "forge_start_questionnaire_run | forge_update_questionnaire_run | forge_complete_questionnaire_run";
+        case "preference_judgment":
+            return "forge_submit_preferences_judgment";
+        case "preference_signal":
+            return "forge_submit_preferences_signal";
+        case "work_adjustment":
+            return "forge_adjust_work_minutes";
+        default:
+            return null;
+    }
+}
 function buildPreferredReadPath(entityType) {
     if (entityType in AGENT_ONBOARDING_BATCH_ROUTE_BASES) {
         return AGENT_ONBOARDING_BATCH_ROUTE_BASES[entityType];
@@ -2024,11 +2047,10 @@ function enrichOnboardingEntityGuide(entry) {
             : null,
         preferredMutationPath: buildPreferredMutationPath(entry.entityType),
         preferredReadPath: buildPreferredReadPath(entry.entityType),
-        preferredMutationTool: classification === "batch_crud_entity"
-            ? "forge_create_entities | forge_update_entities | forge_delete_entities | forge_search_entities"
-            : classification === "specialized_domain_surface"
+        preferredMutationTool: buildPreferredMutationTool(entry.entityType) ??
+            (classification === "specialized_domain_surface"
                 ? "Follow forge_get_agent_onboarding.entityRouteModel.specializedDomainSurfaces for the dedicated route family."
-                : null
+                : null)
     };
 }
 const AGENT_ONBOARDING_ENTITY_CATALOG = [
@@ -2758,7 +2780,8 @@ const AGENT_ONBOARDING_CONVERSATION_RULES = [
     "For specialized surfaces, ask what would make the answer or change useful before you ask route-shaped details such as provider, weekday, flow id, run id, or trip id.",
     "When the user already named a precise correction or review target, do not widen back out into a meta lane question. Confirm only the missing route-selecting detail and then act.",
     "Once the route family is clear, say it plainly enough that another agent could follow the same path without guessing.",
-    "For Movement specifically, treat missing-data corrections as user-defined overlay boxes unless the user is editing an already-recorded stay or trip. When the user already gave a clear instruction like 'that missing block was home', act after only the last ambiguity is resolved."
+    "For Movement specifically, treat missing-data corrections as user-defined overlay boxes unless the user is editing an already-recorded stay or trip. When the user already gave a clear instruction like 'that missing block was home', act after only the last ambiguity is resolved.",
+    "For meaning-bearing updates, especially in Psyche, briefly say what feels newly true before you ask for the one structural detail that still changes the save."
 ];
 const AGENT_ONBOARDING_ENTITY_CONVERSATION_PLAYBOOKS = [
     {
@@ -2917,7 +2940,8 @@ const AGENT_ONBOARDING_ENTITY_CONVERSATION_PLAYBOOKS = [
             "Confirm the task.",
             "Confirm the actor only if it is not already obvious.",
             "Ask whether the run should be planned or unlimited only if that changes the action.",
-            "Start the run instead of turning it into a longer intake."
+            "Start the run instead of turning it into a longer intake.",
+            "Use the dedicated task-run tool for start, heartbeat, focus, complete, and release work instead of bouncing to the UI or a generic web route."
         ]
     },
     {
@@ -3071,6 +3095,7 @@ const AGENT_ONBOARDING_ENTITY_CONVERSATION_PLAYBOOKS = [
             "Ask whether the focus is a stay, a trip, a place, a timeline window, or a selected span.",
             "Ask for the time window, place, or movement item that makes the question concrete.",
             "Ask what they are trying to notice, preserve, or answer through that movement context.",
+            "Choose the dedicated day, month, all-time, timeline, places, trip-detail, or selection route once the question shape is clear.",
             "Skip the meta lane question when the user already named the exact correction or review target and only one ambiguity remains.",
             "If the request is filling a missing-data gap, use a user-defined movement box rather than a raw stay or trip patch.",
             "If the request is repairing already-saved movement data, use the repair route that matches the saved object instead of treating it like a missing span.",
@@ -3104,6 +3129,7 @@ const AGENT_ONBOARDING_ENTITY_CONVERSATION_PLAYBOOKS = [
             "Ask whether they need the flow contract, a run result, a published output, or a node result.",
             "Ask what the user is trying to learn, repair, or publish through that flow.",
             "If the user already named the flow and action clearly, skip the meta lane question and ask only for the missing run, node, or output scope.",
+            "If the user wants a stable public input contract or published output, prefer those dedicated reads instead of detouring through run history first.",
             "If the user is still shaping a payload or edit, prefer flow detail or box catalog reads before asking for structured inputs.",
             "Prefer flow detail or published-output reads for stable contracts, and use run or node-result routes only when the user is asking about execution history or debugging.",
             "Route to the dedicated workbench route family once the execution lane is clear."
@@ -3853,8 +3879,66 @@ const AGENT_ONBOARDING_TOOL_INPUT_CATALOG = [
         example: '{"taskRunId":"run_123","actor":"aurel","note":"Stopping for now; blocked on feedback","closeoutNote":{"contentMarkdown":"Blocked on feedback from design before I can continue."}}'
     }
 ];
+const VALIDATION_ROUTE_TOOL_MAP = {
+    "POST /api/v1/entities/search": "forge_search_entities",
+    "POST /api/v1/entities/create": "forge_create_entities",
+    "POST /api/v1/entities/update": "forge_update_entities",
+    "POST /api/v1/entities/delete": "forge_delete_entities",
+    "POST /api/v1/entities/restore": "forge_restore_entities",
+    "POST /api/v1/tasks/:id/runs": "forge_start_task_run",
+    "POST /api/v1/task-runs/:id/heartbeat": "forge_heartbeat_task_run",
+    "POST /api/v1/task-runs/:id/focus": "forge_focus_task_run",
+    "POST /api/v1/task-runs/:id/complete": "forge_complete_task_run",
+    "POST /api/v1/task-runs/:id/release": "forge_release_task_run",
+    "POST /api/tasks/:id/runs": "forge_start_task_run",
+    "POST /api/task-runs/:id/heartbeat": "forge_heartbeat_task_run",
+    "POST /api/task-runs/:id/focus": "forge_focus_task_run",
+    "POST /api/task-runs/:id/complete": "forge_complete_task_run",
+    "POST /api/task-runs/:id/release": "forge_release_task_run"
+};
+function formatValidationSummary(issues) {
+    return issues
+        .slice(0, 3)
+        .map((issue) => `${issue.path}: ${issue.message}`)
+        .join("; ");
+}
+function buildValidationHelp(method, routeUrl, issues) {
+    const route = routeUrl || "unknown_route";
+    const toolName = VALIDATION_ROUTE_TOOL_MAP[`${method.toUpperCase()} ${route}`];
+    const toolInput = toolName
+        ? AGENT_ONBOARDING_TOOL_INPUT_CATALOG.find((entry) => entry.toolName === toolName)
+        : undefined;
+    return {
+        route,
+        validationSummary: formatValidationSummary(issues),
+        ...(toolInput
+            ? {
+                expectedShape: {
+                    toolName: toolInput.toolName,
+                    inputShape: toolInput.inputShape,
+                    requiredFields: [...toolInput.requiredFields],
+                    example: toolInput.example,
+                    notes: [...toolInput.notes]
+                }
+            }
+            : {
+                expectedShape: {
+                    inputShape: "See details[] for the rejected fields on this route.",
+                    requiredFields: [],
+                    example: null,
+                    notes: [
+                        "Retry with only the documented top-level keys for this route.",
+                        "Omit optional fields instead of sending null unless the route contract explicitly allows null."
+                    ]
+                }
+            })
+    };
+}
 function buildAgentOnboardingPayload(request) {
     const origin = getRequestOrigin(request);
+    const auth = parseRequestAuth(request.headers);
+    const effectiveBootstrapPolicy = auth.token?.bootstrapPolicy ?? defaultAgentBootstrapPolicy;
+    const effectiveScopePolicy = auth.token?.scopePolicy ?? defaultAgentScopePolicy;
     return {
         forgeBaseUrl: origin,
         webAppUrl: `${origin}/forge/`,
@@ -3881,6 +3965,10 @@ function buildAgentOnboardingPayload(request) {
         recommendedTrustLevel: "trusted",
         recommendedAutonomyMode: "approval_required",
         recommendedApprovalMode: "approval_by_default",
+        defaultBootstrapPolicy: defaultAgentBootstrapPolicy,
+        effectiveBootstrapPolicy,
+        defaultScopePolicy: defaultAgentScopePolicy,
+        effectiveScopePolicy,
         authModes: {
             operatorSession: {
                 label: "Quick connect",
@@ -3890,7 +3978,7 @@ function buildAgentOnboardingPayload(request) {
             },
             managedToken: {
                 label: "Managed token",
-                summary: "Use a long-lived token when you want explicit scoped auth, remote non-Tailscale access, or durable agent credentials.",
+                summary: "Use a long-lived token when you want explicit scoped auth, remote non-Tailscale access, durable agent credentials, a custom bootstrap budget, or default user/project/tag read boundaries per agent.",
                 tokenRequired: true
             }
         },
@@ -4471,6 +4559,11 @@ function parseRequestAuth(headers) {
     const source = token ? "agent" : activity.source;
     return {
         token,
+        scope: {
+            userIds: token?.scopePolicy.userIds ?? [],
+            projectIds: token?.scopePolicy.projectIds ?? [],
+            tagIds: token?.scopePolicy.tagIds ?? []
+        },
         actor,
         source,
         activity: {
@@ -4560,6 +4653,105 @@ function resolveScopedUserIds(query) {
     const unique = Array.from(new Set(values));
     return unique.length > 0 ? unique : undefined;
 }
+const EMPTY_SCOPED_USER_IDS = ["__forge_scope_none__"];
+function normalizeScopedUserIdsForReads(options) {
+    const validUserIdSet = new Set(options.validUserIds);
+    const validScopedUserIds = options.scope.userIds !== undefined
+        ? options.scope.userIds.filter((userId) => validUserIdSet.has(userId))
+        : undefined;
+    const scopedUserIdsForReads = options.scope.enforceUserIds &&
+        validScopedUserIds !== undefined &&
+        validScopedUserIds.length === 0
+        ? EMPTY_SCOPED_USER_IDS
+        : validScopedUserIds && validScopedUserIds.length > 0
+            ? validScopedUserIds
+            : undefined;
+    return {
+        validScopedUserIds,
+        scopedUserIdsForReads
+    };
+}
+function resolveEffectiveReadScope(query, auth) {
+    const requestedUserIds = resolveScopedUserIds(query);
+    const tokenUserIds = auth.token?.scopePolicy.userIds ?? [];
+    const effectiveUserIds = tokenUserIds.length > 0
+        ? requestedUserIds
+            ? requestedUserIds.filter((userId) => tokenUserIds.includes(userId))
+            : [...tokenUserIds]
+        : requestedUserIds;
+    return {
+        userIds: effectiveUserIds !== undefined ? Array.from(new Set(effectiveUserIds)) : undefined,
+        enforceUserIds: tokenUserIds.length > 0,
+        projectIds: auth.token?.scopePolicy.projectIds ?? [],
+        tagIds: auth.token?.scopePolicy.tagIds ?? []
+    };
+}
+function hasScopeFilters(scope) {
+    return scope.projectIds.length > 0 || scope.tagIds.length > 0;
+}
+function intersects(values, allowed) {
+    if (!values || values.length === 0) {
+        return false;
+    }
+    return values.some((value) => allowed.includes(value));
+}
+function applyTaskScope(tasks, scope) {
+    if (!hasScopeFilters(scope)) {
+        return tasks;
+    }
+    return tasks.filter((task) => {
+        if (scope.projectIds.length > 0 &&
+            (!task.projectId || !scope.projectIds.includes(task.projectId))) {
+            return false;
+        }
+        if (scope.tagIds.length > 0 && !intersects(task.tagIds, scope.tagIds)) {
+            return false;
+        }
+        return true;
+    });
+}
+function applyProjectScope(projects, scope) {
+    if (!hasScopeFilters(scope)) {
+        return projects;
+    }
+    return projects.filter((project) => {
+        if (scope.projectIds.length > 0 &&
+            !scope.projectIds.includes(project.id)) {
+            return false;
+        }
+        if (scope.tagIds.length > 0 &&
+            !intersects(project.tagIds ?? undefined, scope.tagIds)) {
+            return false;
+        }
+        return true;
+    });
+}
+function applyGoalScope(goals, scope, allowedGoalIds) {
+    if (!hasScopeFilters(scope)) {
+        return goals;
+    }
+    return goals.filter((goal) => (scope.tagIds.length > 0 &&
+        intersects(goal.tagIds ?? undefined, scope.tagIds)) ||
+        allowedGoalIds.has(goal.id));
+}
+function applyHabitScope(habits, scope, allowedGoalIds, allowedTaskIds) {
+    if (!hasScopeFilters(scope)) {
+        return habits;
+    }
+    return habits.filter((habit) => intersects(habit.linkedProjectIds, scope.projectIds) ||
+        intersects(habit.linkedTaskIds, [...allowedTaskIds]) ||
+        intersects(habit.linkedGoalIds, [...allowedGoalIds]));
+}
+function applyStrategyScope(strategies, scope, allowedGoalIds) {
+    if (!hasScopeFilters(scope)) {
+        return strategies;
+    }
+    return strategies.filter((strategy) => intersects(strategy.targetProjectIds, scope.projectIds) ||
+        intersects(strategy.targetGoalIds, [...allowedGoalIds]) ||
+        strategy.linkedEntities.some((link) => (link.entityType === "project" &&
+            scope.projectIds.includes(link.entityId)) ||
+            (link.entityType === "goal" && allowedGoalIds.has(link.entityId))));
+}
 function attachMovementTimelineSleepOverlays(movement, userIds) {
     const rangeStart = movement.segments.reduce((earliest, segment) => {
         if (!earliest || Date.parse(segment.startedAt) < Date.parse(earliest)) {
@@ -4606,18 +4798,26 @@ function syncEntityOwnerFromBody(options) {
     const owner = resolveUserForMutation(requestedUserId, options.fallbackLabel);
     setEntityOwner(options.entityType, options.entityId, owner.id);
 }
-function buildV1Context(userIds) {
+function buildV1Context(scope = {
+    userIds: undefined,
+    enforceUserIds: false,
+    projectIds: [],
+    tagIds: []
+}) {
     const users = listUsers();
-    const validUserIdSet = new Set(users.map((user) => user.id));
-    const scopedUserIds = userIds && userIds.length > 0
-        ? userIds.filter((userId) => validUserIdSet.has(userId))
-        : undefined;
-    const goals = filterOwnedEntities("goal", listGoals(), scopedUserIds);
-    const tasks = filterOwnedEntities("task", listTasks(), scopedUserIds);
-    const habits = filterOwnedEntities("habit", listHabits(), scopedUserIds);
-    const dashboard = getDashboard({ userIds: scopedUserIds });
-    const selectedUsers = scopedUserIds && scopedUserIds.length > 0
-        ? users.filter((user) => scopedUserIds.includes(user.id))
+    const { validScopedUserIds, scopedUserIdsForReads } = normalizeScopedUserIdsForReads({
+        scope,
+        validUserIds: users.map((user) => user.id)
+    });
+    const projects = applyProjectScope(listProjectSummaries({ userIds: scopedUserIdsForReads }), scope);
+    const tasks = applyTaskScope(filterOwnedEntities("task", listTasks(), scopedUserIdsForReads), scope);
+    const goals = applyGoalScope(filterOwnedEntities("goal", listGoals(), scopedUserIdsForReads), scope, new Set([...projects.map((project) => project.goalId), ...tasks.map((task) => task.goalId)]
+        .filter((value) => typeof value === "string" && value.length > 0)));
+    const habits = applyHabitScope(filterOwnedEntities("habit", listHabits(), scopedUserIdsForReads), scope, new Set(goals.map((goal) => goal.id)), new Set(tasks.map((task) => task.id)));
+    const strategies = applyStrategyScope(listStrategies({ userIds: scopedUserIdsForReads }), scope, new Set(goals.map((goal) => goal.id)));
+    const dashboard = getDashboard({ userIds: scopedUserIdsForReads });
+    const selectedUsers = validScopedUserIds !== undefined
+        ? users.filter((user) => validScopedUserIds.includes(user.id))
         : users;
     return {
         meta: {
@@ -4629,29 +4829,33 @@ function buildV1Context(userIds) {
         },
         metrics: buildGamificationProfile(goals, tasks, habits),
         dashboard,
-        overview: getOverviewContext(new Date(), { userIds: scopedUserIds }),
-        today: getTodayContext(new Date(), { userIds: scopedUserIds }),
-        risk: getRiskContext(new Date(), { userIds: scopedUserIds }),
+        overview: getOverviewContext(new Date(), { userIds: scopedUserIdsForReads }),
+        today: getTodayContext(new Date(), { userIds: scopedUserIdsForReads }),
+        risk: getRiskContext(new Date(), { userIds: scopedUserIdsForReads }),
         goals,
-        projects: listProjectSummaries({ userIds: scopedUserIds }),
+        projects,
         tags: listTags(),
         tasks,
         habits,
         users,
-        strategies: listStrategies({ userIds: scopedUserIds }),
+        strategies,
         userScope: {
-            selectedUserIds: scopedUserIds ?? [],
+            selectedUserIds: validScopedUserIds ?? [],
             selectedUsers
         },
-        activeTaskRuns: listTaskRuns({ active: true, limit: 25 }),
+        activeTaskRuns: scope.enforceUserIds &&
+            validScopedUserIds !== undefined &&
+            validScopedUserIds.length === 0
+            ? []
+            : listTaskRuns({ active: true, limit: 25, userIds: scopedUserIdsForReads }),
         activity: dashboard.recentActivity,
-        lifeForce: buildLifeForcePayload(new Date(), scopedUserIds)
+        lifeForce: buildLifeForcePayload(new Date(), scopedUserIdsForReads)
     };
 }
-function buildXpMetricsPayload() {
-    const goals = listGoals();
-    const tasks = listTasks();
-    const habits = listHabits();
+function buildXpMetricsPayload(input = {}) {
+    const goals = input.goals ?? listGoals();
+    const tasks = input.tasks ?? listTasks();
+    const habits = input.habits ?? listHabits();
     const rules = listRewardRules();
     const gamificationOverview = buildGamificationOverview(goals, tasks, habits);
     const dailyAmbientCap = rules
@@ -4710,13 +4914,26 @@ function describeWorkAdjustment(input) {
             : `${appliedLabel} ${direction} from the tracked work total.`
     };
 }
-function buildOperatorContext(userIds) {
-    const tasks = filterOwnedEntities("task", listTasks(), userIds);
-    const dueHabits = filterOwnedEntities("habit", listHabits({ dueToday: true }), userIds).slice(0, 12);
-    const activeProjects = listProjectSummaries({
+function buildOperatorContext(scope = {
+    userIds: undefined,
+    enforceUserIds: false,
+    projectIds: [],
+    tagIds: []
+}) {
+    const users = listUsers();
+    const { scopedUserIdsForReads } = normalizeScopedUserIdsForReads({
+        scope,
+        validUserIds: users.map((user) => user.id)
+    });
+    const tasks = applyTaskScope(filterOwnedEntities("task", listTasks(), scopedUserIdsForReads), scope);
+    const dueHabits = filterOwnedEntities("habit", listHabits({ dueToday: true }), scopedUserIdsForReads);
+    const activeProjects = applyProjectScope(listProjectSummaries({
         status: "active",
-        userIds
-    }).filter((project) => project.activeTaskCount > 0 || project.completedTaskCount > 0);
+        userIds: scopedUserIdsForReads
+    }), scope).filter((project) => project.activeTaskCount > 0 || project.completedTaskCount > 0);
+    const goals = applyGoalScope(filterOwnedEntities("goal", listGoals(), scopedUserIdsForReads), scope, new Set([...activeProjects.map((project) => project.goalId), ...tasks.map((task) => task.goalId)]
+        .filter((value) => typeof value === "string" && value.length > 0)));
+    const scopedHabits = applyHabitScope(dueHabits, scope, new Set(goals.map((goal) => goal.id)), new Set(tasks.map((task) => task.id))).slice(0, 12);
     const focusTasks = tasks.filter((task) => task.status === "focus" || task.status === "in_progress");
     const recommendedNextTask = focusTasks[0] ??
         tasks.find((task) => task.status === "backlog") ??
@@ -4726,7 +4943,7 @@ function buildOperatorContext(userIds) {
         generatedAt: new Date().toISOString(),
         activeProjects: activeProjects.slice(0, 8),
         focusTasks: focusTasks.slice(0, 12),
-        dueHabits,
+        dueHabits: scopedHabits,
         currentBoard: {
             backlog: tasks.filter((task) => task.status === "backlog").slice(0, 20),
             focus: tasks.filter((task) => task.status === "focus").slice(0, 20),
@@ -4736,10 +4953,16 @@ function buildOperatorContext(userIds) {
             blocked: tasks.filter((task) => task.status === "blocked").slice(0, 20),
             done: tasks.filter((task) => task.status === "done").slice(0, 20)
         },
-        recentActivity: listActivityEvents({ limit: 20, userIds }),
-        recentTaskRuns: listTaskRuns({ limit: 12, userIds }),
+        recentActivity: listActivityEvents({
+            limit: 20,
+            userIds: scopedUserIdsForReads
+        }),
+        recentTaskRuns: listTaskRuns({
+            limit: 12,
+            userIds: scopedUserIdsForReads
+        }),
         recommendedNextTask,
-        xp: buildXpMetricsPayload()
+        xp: buildXpMetricsPayload({ goals, tasks, habits: scopedHabits })
     };
 }
 function buildUserDirectoryPayload() {
@@ -4867,7 +5090,13 @@ function buildOperatorOverviewRouteGuide() {
 }
 function buildOperatorOverview(request) {
     const auth = parseRequestAuth(request.headers);
-    const userIds = resolveScopedUserIds(request.query);
+    const readScope = resolveEffectiveReadScope(request.query, auth);
+    const users = listUsers();
+    const { scopedUserIdsForReads } = normalizeScopedUserIdsForReads({
+        scope: readScope,
+        validUserIds: users.map((user) => user.id)
+    });
+    const userIds = scopedUserIdsForReads;
     const canReadPsyche = auth.token
         ? hasTokenScope(auth.token, "psyche.read")
         : true;
@@ -4878,8 +5107,8 @@ function buildOperatorOverview(request) {
         ];
     return {
         generatedAt: new Date().toISOString(),
-        snapshot: buildV1Context(userIds),
-        operator: buildOperatorContext(userIds),
+        snapshot: buildV1Context(readScope),
+        operator: buildOperatorContext(readScope),
         sleep: getSleepViewData(userIds),
         domains: listDomains(),
         psyche: canReadPsyche ? getPsycheOverview(userIds) : null,
@@ -5075,6 +5304,10 @@ export async function buildServer(options = {}) {
     });
     app.setErrorHandler((error, request, reply) => {
         const validationIssues = error instanceof ZodError ? formatValidationIssues(error) : undefined;
+        const routeUrl = request.routeOptions.url || request.url;
+        const validationHelp = validationIssues
+            ? buildValidationHelp(request.method, routeUrl, validationIssues)
+            : undefined;
         const statusCode = isHttpError(error)
             ? error.statusCode
             : isManagerError(error)
@@ -5082,7 +5315,6 @@ export async function buildServer(options = {}) {
                 : error instanceof ZodError
                     ? 400
                     : 500;
-        const routeUrl = request.routeOptions.url || request.url;
         if (!shouldSkipAutomaticDiagnosticRoute(routeUrl)) {
             try {
                 recordDiagnosticLog({
@@ -5123,10 +5355,11 @@ export async function buildServer(options = {}) {
                         ? "invalid_request"
                         : "internal_error",
             error: validationIssues
-                ? "Request validation failed"
+                ? `Request validation failed for ${request.method.toUpperCase()} ${routeUrl}. ${validationHelp?.validationSummary ?? ""}`.trim()
                 : getErrorMessage(error),
             statusCode,
             ...(validationIssues ? { details: validationIssues } : {}),
+            ...(validationHelp ?? {}),
             ...(isHttpError(error) && error.details ? error.details : {}),
             ...(isManagerError(error) && error.details ? error.details : {})
         });
@@ -5364,7 +5597,10 @@ export async function buildServer(options = {}) {
         revoked: managers.session.revokeCurrentSession(request.headers, reply)
     }));
     app.get("/api/v1/openapi.json", async () => buildOpenApiDocument());
-    app.get("/api/v1/context", async (request) => buildV1Context(resolveScopedUserIds(request.query)));
+    app.get("/api/v1/context", async (request) => {
+        const auth = authenticateRequest(request.headers);
+        return buildV1Context(resolveEffectiveReadScope(request.query, auth));
+    });
     app.get("/api/v1/life-force", async (request) => ({
         lifeForce: buildLifeForcePayload(new Date(), resolveScopedUserIds(request.query)),
         templates: listLifeForceTemplates(resolveLifeForceUser(resolveScopedUserIds(request.query)).id)
@@ -6021,16 +6257,15 @@ export async function buildServer(options = {}) {
         return { sleep };
     });
     app.get("/api/v1/operator/context", async (request) => {
-        requireOperatorSession(request.headers, {
+        const auth = requireAuthenticatedActor(request.headers, {
             route: "/api/v1/operator/context"
         });
-        const userIds = resolveScopedUserIds(request.query);
         return {
-            context: buildOperatorContext(userIds)
+            context: buildOperatorContext(resolveEffectiveReadScope(request.query, auth))
         };
     });
     app.get("/api/v1/operator/overview", async (request) => {
-        requireOperatorSession(request.headers, {
+        requireAuthenticatedActor(request.headers, {
             route: "/api/v1/operator/overview"
         });
         return {

package/dist/server/server/src/managers/platform/authentication-manager.js

@@ -39,6 +39,11 @@ export class AuthenticationManager extends AbstractManager {
             actor,
             source,
             token,
+            scope: {
+                userIds: token?.scopePolicy.userIds ?? [],
+                projectIds: token?.scopePolicy.projectIds ?? [],
+                tagIds: token?.scopePolicy.tagIds ?? []
+            },
             session
         };
     }

package/dist/server/server/src/managers/platform/session-manager.js

@@ -51,6 +51,11 @@ export class SessionManager extends AbstractAuditedManager {
             host: null,
             ip: null,
             token: null,
+            scope: {
+                userIds: [],
+                projectIds: [],
+                tagIds: []
+            },
             session
         }, {
             actorLabel

package/dist/server/server/src/movement.js

@@ -2780,10 +2780,9 @@ function updateMovementBoxOverrideState(id, input) {
            overridden_user_box_ids_json = ?,
            override_ranges_json = ?,
            is_overridden = ?,
-           is_fully_hidden = ?,
-           updated_at = ?
+           is_fully_hidden = ?
        WHERE id = ?`)
-        .run(input.overrideCount, JSON.stringify(input.overriddenAutomaticBoxIds), input.trueStartedAt, input.trueEndedAt, input.overriddenStartedAt, input.overriddenEndedAt, input.overriddenByBoxId, JSON.stringify(input.overriddenUserBoxIds), JSON.stringify(input.overrideRanges), input.isOverridden ? 1 : 0, input.isFullyHidden ? 1 : 0, nowIso(), id);
+        .run(input.overrideCount, JSON.stringify(input.overriddenAutomaticBoxIds), input.trueStartedAt, input.trueEndedAt, input.overriddenStartedAt, input.overriddenEndedAt, input.overriddenByBoxId, JSON.stringify(input.overriddenUserBoxIds), JSON.stringify(input.overrideRanges), input.isOverridden ? 1 : 0, input.isFullyHidden ? 1 : 0, id);
 }
 function recomputeMovementBoxOverrideState(userId) {
     const rows = listMovementBoxRows({ userIds: [userId] });