npm - funolio-agent - Versions diffs - 1.0.47 → 1.0.48 - Mend

funolio-agent 1.0.47 → 1.0.48

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (169) hide show

package/dist/agent-config.d.ts +9 -1
package/dist/agent-config.d.ts.map +1 -1
package/dist/agent-config.js +4 -1
package/dist/agent-config.js.map +1 -1
package/dist/auto-organizer.d.ts.map +1 -1
package/dist/auto-organizer.js +4 -3
package/dist/auto-organizer.js.map +1 -1
package/dist/backfill.d.ts.map +1 -1
package/dist/backfill.js +3 -2
package/dist/backfill.js.map +1 -1
package/dist/bot-manager.d.ts +7 -23
package/dist/bot-manager.d.ts.map +1 -1
package/dist/bot-manager.js +52 -388
package/dist/bot-manager.js.map +1 -1
package/dist/clerk-model.d.ts +5 -1
package/dist/clerk-model.d.ts.map +1 -1
package/dist/clerk-model.js +40 -28
package/dist/clerk-model.js.map +1 -1
package/dist/cli-session-epoch.d.ts +10 -0
package/dist/cli-session-epoch.d.ts.map +1 -0
package/dist/cli-session-epoch.js +61 -0
package/dist/cli-session-epoch.js.map +1 -0
package/dist/commands/init.d.ts.map +1 -1
package/dist/commands/init.js +30 -1
package/dist/commands/init.js.map +1 -1
package/dist/commands/pool.js +1 -1
package/dist/commands/pool.js.map +1 -1
package/dist/commands/setup.d.ts +37 -0
package/dist/commands/setup.d.ts.map +1 -1
package/dist/commands/setup.js +146 -43
package/dist/commands/setup.js.map +1 -1
package/dist/commands/start.d.ts.map +1 -1
package/dist/commands/start.js +194 -164
package/dist/commands/start.js.map +1 -1
package/dist/config-cleanup.d.ts.map +1 -1
package/dist/config-cleanup.js +2 -1
package/dist/config-cleanup.js.map +1 -1
package/dist/config.d.ts +6 -9
package/dist/config.d.ts.map +1 -1
package/dist/config.js +8 -30
package/dist/config.js.map +1 -1
package/dist/context-window.d.ts +33 -5
package/dist/context-window.d.ts.map +1 -1
package/dist/context-window.js +121 -20
package/dist/context-window.js.map +1 -1
package/dist/eval/orchestrator-front-door-replay.js +1 -1
package/dist/eval/orchestrator-front-door-replay.js.map +1 -1
package/dist/eval/policy-detection-replay.js +1 -1
package/dist/eval/policy-detection-replay.js.map +1 -1
package/dist/integration-tokens.d.ts +1 -6
package/dist/integration-tokens.d.ts.map +1 -1
package/dist/integration-tokens.js +38 -40
package/dist/integration-tokens.js.map +1 -1
package/dist/local-cli-pty-manager.d.ts +50 -0
package/dist/local-cli-pty-manager.d.ts.map +1 -0
package/dist/local-cli-pty-manager.js +645 -0
package/dist/local-cli-pty-manager.js.map +1 -0
package/dist/local-data.d.ts +30 -0
package/dist/local-data.d.ts.map +1 -1
package/dist/local-data.js +56 -1
package/dist/local-data.js.map +1 -1
package/dist/local-db.d.ts.map +1 -1
package/dist/local-db.js +54 -1
package/dist/local-db.js.map +1 -1
package/dist/local-funnel.d.ts.map +1 -1
package/dist/local-funnel.js +3 -2
package/dist/local-funnel.js.map +1 -1
package/dist/local-memory-search.d.ts +1 -0
package/dist/local-memory-search.d.ts.map +1 -1
package/dist/local-memory-search.js +101 -18
package/dist/local-memory-search.js.map +1 -1
package/dist/local-server.d.ts +0 -16
package/dist/local-server.d.ts.map +1 -1
package/dist/local-server.js +339 -287
package/dist/local-server.js.map +1 -1
package/dist/mcp/bridge-server.d.ts.map +1 -1
package/dist/mcp/bridge-server.js +2 -1
package/dist/mcp/bridge-server.js.map +1 -1
package/dist/mcp/local-memory-server.d.ts +5 -0
package/dist/mcp/local-memory-server.d.ts.map +1 -1
package/dist/mcp/local-memory-server.js +15 -2
package/dist/mcp/local-memory-server.js.map +1 -1
package/dist/mcp/manager.d.ts +3 -22
package/dist/mcp/manager.d.ts.map +1 -1
package/dist/mcp/manager.js +66 -388
package/dist/mcp/manager.js.map +1 -1
package/dist/memory-extraction.d.ts +2 -0
package/dist/memory-extraction.d.ts.map +1 -1
package/dist/memory-extraction.js +3 -1
package/dist/memory-extraction.js.map +1 -1
package/dist/message-loop.d.ts +9 -6
package/dist/message-loop.d.ts.map +1 -1
package/dist/message-loop.js +217 -538
package/dist/message-loop.js.map +1 -1
package/dist/mqtt-client.d.ts +2 -31
package/dist/mqtt-client.d.ts.map +1 -1
package/dist/mqtt-client.js +2 -2
package/dist/mqtt-client.js.map +1 -1
package/dist/oauth.d.ts +6 -0
package/dist/oauth.d.ts.map +1 -1
package/dist/oauth.js +91 -0
package/dist/oauth.js.map +1 -1
package/dist/orchestration/front-door-policy.d.ts +5 -2
package/dist/orchestration/front-door-policy.d.ts.map +1 -1
package/dist/orchestration/front-door-policy.js +25 -28
package/dist/orchestration/front-door-policy.js.map +1 -1
package/dist/orchestration/orchestrator-blocked-prompt.js +1 -1
package/dist/orchestration/orchestrator-final-response-prompt.js +1 -1
package/dist/orchestration/orchestrator-operating-prompt.d.ts +11 -0
package/dist/orchestration/orchestrator-operating-prompt.d.ts.map +1 -1
package/dist/orchestration/orchestrator-operating-prompt.js +67 -44
package/dist/orchestration/orchestrator-operating-prompt.js.map +1 -1
package/dist/orchestration/worker-operating-prompt.js +3 -3
package/dist/orchestration/worker-operating-prompt.js.map +1 -1
package/dist/orchestrator.d.ts +5 -1
package/dist/orchestrator.d.ts.map +1 -1
package/dist/orchestrator.js +141 -81
package/dist/orchestrator.js.map +1 -1
package/dist/prompt-template.js +3 -3
package/dist/prompt-template.js.map +1 -1
package/dist/providers/claude-cli-prompt.d.ts.map +1 -1
package/dist/providers/claude-cli-prompt.js +22 -6
package/dist/providers/claude-cli-prompt.js.map +1 -1
package/dist/providers/claude-cli.d.ts.map +1 -1
package/dist/providers/claude-cli.js +20 -2
package/dist/providers/claude-cli.js.map +1 -1
package/dist/providers/codex-cli.d.ts.map +1 -1
package/dist/providers/codex-cli.js +71 -16
package/dist/providers/codex-cli.js.map +1 -1
package/dist/providers/index.d.ts +11 -0
package/dist/providers/index.d.ts.map +1 -1
package/dist/providers/index.js.map +1 -1
package/dist/runtime-context.d.ts +10 -0
package/dist/runtime-context.d.ts.map +1 -0
package/dist/runtime-context.js +30 -0
package/dist/runtime-context.js.map +1 -0
package/dist/subagent/queue.d.ts.map +1 -1
package/dist/subagent/queue.js +1 -0
package/dist/subagent/queue.js.map +1 -1
package/dist/summarization-pipeline.d.ts +1 -0
package/dist/summarization-pipeline.d.ts.map +1 -1
package/dist/summarization-pipeline.js +94 -25
package/dist/summarization-pipeline.js.map +1 -1
package/dist/tool-permissions.d.ts +2 -0
package/dist/tool-permissions.d.ts.map +1 -0
package/dist/tool-permissions.js +25 -0
package/dist/tool-permissions.js.map +1 -0
package/dist/tools/index.d.ts +7 -8
package/dist/tools/index.d.ts.map +1 -1
package/dist/tools/index.js +70 -60
package/dist/tools/index.js.map +1 -1
package/dist/tools/search-memory.d.ts.map +1 -1
package/dist/tools/search-memory.js +9 -3
package/dist/tools/search-memory.js.map +1 -1
package/dist/tools/spawn-subagent.d.ts.map +1 -1
package/dist/tools/spawn-subagent.js +1 -0
package/dist/tools/spawn-subagent.js.map +1 -1
package/dist/types.d.ts +3 -0
package/dist/types.d.ts.map +1 -1
package/dist/types.js +0 -3
package/dist/types.js.map +1 -1
package/dist/wizard-support.d.ts.map +1 -1
package/dist/wizard-support.js +8 -6
package/dist/wizard-support.js.map +1 -1
package/dist/workflow-engine.d.ts +6 -2
package/dist/workflow-engine.d.ts.map +1 -1
package/dist/workflow-engine.js +254 -77
package/dist/workflow-engine.js.map +1 -1
package/package.json +2 -1

package/dist/bot-manager.js CHANGED Viewed

@@ -42,7 +42,6 @@ const data = __importStar(require("./local-data"));
 const message_loop_1 = require("./message-loop");
 const auto_detect_1 = require("./auth/auto-detect");
 const agent_config_1 = require("./agent-config");
-const default_tool_profile_1 = require("./default-tool-profile");
 /** Dedup recent command IDs (MQTT QoS 1 can redeliver) */
 const DEDUP_WINDOW_MS = 30_000;
 const DEDUP_MAX_SIZE = 200;
@@ -50,10 +49,6 @@ const DEDUP_MAX_SIZE = 200;
  * Manages agent MessageLoops, keyed by agent ID.
  * The active agent runs as "__default__" loop.
  * Runtime source of truth: config.agents[] + config.activeAgentId.
- *
- * Auth modes supported:
- *   1. CLI providers (claude-cli, codex-cli) — handle their own auth
- *   2. API key (BYOK) — standard x-api-key authentication
  */
 class BotManager {
     loops = new Map();
@@ -64,17 +59,13 @@ class BotManager {
     constructor(options) {
         this.options = options;
     }
-    /** Start the active agent loop */
+    /** Start the active agent loop, auto-detecting OAuth credentials if no API key is configured */
     async startActive() {
         let provider = this.options.defaultProvider;
         let model = this.options.defaultModel;
         let apiKey = this.options.defaultApiKey;
         let oauthToken = this.options.defaultOauthToken;
-        let authMode;
-        let baseUrl;
-        let apiStyle;
-        let resolvedAuth;
-        // Resolve auth — handles API key detection plus OAuth/subscription runtimes
+        // Resolve auth — handles token refresh for OAuth, auto-detection if no key/token
         try {
             const auth = await (0, auto_detect_1.resolveAuth)({
                 provider,
@@ -86,36 +77,26 @@ class BotManager {
             });
             if (auth) {
                 this.resolvedAuth = auth;
-                resolvedAuth = auth;
                 provider = auth.provider;
                 model = auth.model;
-                apiKey = auth.source === 'api-key' || auth.source === 'env' ? auth.apiKey : undefined;
-                oauthToken = auth.source === 'oauth' ? auth.apiKey : oauthToken;
-                authMode = auth.authMode;
-                baseUrl = auth.baseUrl;
-                apiStyle = auth.apiStyle;
+                oauthToken = auth.apiKey;
+                apiKey = auth.source === 'api-key' ? auth.apiKey : undefined;
                 console.log(chalk_1.default.green(`✓ Auth resolved: provider=${auth.provider}, source=${auth.source}`));
             }
-            else if (!apiKey) {
-                console.log(chalk_1.default.yellow('⚠ No API key found — LLM calls may fail'));
+            else if (!apiKey && !oauthToken) {
+                console.log(chalk_1.default.yellow('⚠ No API key or OAuth credentials found — LLM calls may fail'));
             }
         }
         catch (err) {
             console.error(chalk_1.default.red(`✗ Auth resolution failed: ${err}`));
         }
-        const effectiveKey = apiKey || oauthToken || '';
-        const isOAuthBearer = effectiveKey.startsWith('sk-ant-oat');
         this.startLoop({
             id: '__default__',
             name: 'active',
             provider,
             model,
-            apiKey: effectiveKey || undefined,
-            oauthToken: authMode === 'oauth-bearer' || provider === 'openai' ? effectiveKey : undefined,
-            authMode: authMode || (isOAuthBearer ? 'oauth-bearer' : undefined),
-            baseUrl,
-            apiStyle,
-            resolvedAuth,
+            apiKey,
+            oauthToken,
         });
     }
     /**
@@ -140,31 +121,11 @@ class BotManager {
                 const defaultLoop = this.loops.get('__default__');
                 if (defaultLoop) {
                     const defaultOpts = defaultLoop.options;
-                    if (defaultOpts.provider === agentCfg.provider && defaultOpts.model === agentCfg.model) {
+                    if (defaultOpts.provider === (agentCfg.runtimeProvider || agentCfg.provider) &&
+                        defaultOpts.model === (agentCfg.runtimeModel || agentCfg.model)) {
                         // Same provider+model as default — just register the botId mapping
                         if (agentCfg.botId) {
                             this.botIdToLoopId.set(agentCfg.botId, '__default__');
-                            // Ensure agent_profile exists in local DB so the clerk prompt builder works.
-                            const profileFields = {
-                                provider: agentCfg.provider,
-                                model: agentCfg.model,
-                                name: agentCfg.name || name,
-                                permissionMode: agentCfg.permissionMode || 'approve-destructive',
-                                enabledBuiltinToolsJson: JSON.stringify((0, default_tool_profile_1.normalizeEnabledTools)(agentCfg.enabledTools)),
-                                enabledMcpToolsJson: JSON.stringify(agentCfg.enabledMcpTools || []),
-                                isActive: true,
-                            };
-                            const existingProfile = data.getAgentProfile(agentCfg.botId);
-                            if (existingProfile) {
-                                data.updateAgentProfile(agentCfg.botId, profileFields);
-                            }
-                            else {
-                                data.createAgentProfile({
-                                    ...profileFields,
-                                    providerConnectionId: data.findProviderConnection(agentCfg.provider)?.id,
-                                    isDefault: false,
-                                });
-                            }
                         }
                         continue;
                     }
@@ -175,30 +136,18 @@ class BotManager {
             // Resolve auth for this bot
             let apiKey = agentCfg.apiKey;
             let oauthToken = agentCfg.oauthToken;
-            let provider = agentCfg.provider;
-            let model = agentCfg.model;
-            let authMode;
-            let baseUrl;
-            let apiStyle;
-            let resolvedAuth;
             try {
                 const auth = await (0, auto_detect_1.resolveAuth)({
-                    provider,
-                    model,
+                    provider: agentCfg.runtimeProvider || agentCfg.provider,
+                    model: agentCfg.runtimeModel || agentCfg.model,
                     apiKey,
                     oauthToken,
                     oauthRefreshToken: agentCfg.oauthRefreshToken,
                     oauthExpiresAt: agentCfg.oauthExpiresAt,
                 });
                 if (auth) {
-                    resolvedAuth = auth;
-                    provider = auth.provider;
-                    model = auth.model;
-                    apiKey = auth.source === 'api-key' || auth.source === 'env' ? auth.apiKey : undefined;
-                    oauthToken = auth.source === 'oauth' ? auth.apiKey : oauthToken;
-                    authMode = auth.authMode;
-                    baseUrl = auth.baseUrl;
-                    apiStyle = auth.apiStyle;
+                    oauthToken = auth.apiKey;
+                    apiKey = auth.source === 'api-key' ? auth.apiKey : undefined;
                 }
             }
             catch (err) {
@@ -206,28 +155,25 @@ class BotManager {
                 continue;
             }
             if (!apiKey && !oauthToken) {
-                console.warn(chalk_1.default.yellow(`⚠ No credentials for bot "${name}" (${provider}) — skipping`));
+                console.warn(chalk_1.default.yellow(`⚠ No credentials for bot "${name}" (${agentCfg.provider}) — skipping`));
                 continue;
             }
             this.startLoop({
                 id: loopId,
                 name: agentCfg.name || name,
-                provider,
-                model,
-                apiKey: apiKey || oauthToken,
+                provider: agentCfg.runtimeProvider || agentCfg.provider,
+                model: agentCfg.runtimeModel || agentCfg.model,
+                apiKey,
                 oauthToken,
                 enabledTools: agentCfg.enabledTools,
-                authMode,
-                baseUrl,
-                apiStyle,
-                resolvedAuth,
+                enabledMcpTools: agentCfg.enabledMcpTools,
             });
             // Register botId → loopId mapping
             if (agentCfg.botId) {
                 this.botIdToLoopId.set(agentCfg.botId, loopId);
             }
             started++;
-            console.log(chalk_1.default.green(`✓ Bot "${agentCfg.name || name}" loaded (${agentCfg.provider}/${agentCfg.model})`));
+            console.log(chalk_1.default.green(`✓ Bot "${agentCfg.name || name}" loaded (${agentCfg.runtimeProvider || agentCfg.provider}/${agentCfg.runtimeModel || agentCfg.model})`));
         }
         if (started > 0) {
             console.log(chalk_1.default.blue(`  ${started + 1} bot(s) active (1 default + ${started} additional)`));
@@ -242,7 +188,6 @@ class BotManager {
             // Try direct lookup by botId
             if (this.loops.has(botId))
                 return this.loops.get(botId);
-            return undefined;
         }
         return this.getDefaultLoop();
     }
@@ -340,25 +285,24 @@ class BotManager {
     startLoop(agent) {
         if (this.loops.has(agent.id))
             return;
-        const isOAuthBearer = !!agent.oauthToken && agent.oauthToken.startsWith('sk-ant-oat');
         const loop = new message_loop_1.MessageLoop({
             provider: agent.provider,
             model: agent.model,
             apiKey: agent.apiKey || '',
             oauthToken: agent.oauthToken,
-            ...(agent.authMode ? { authMode: agent.authMode } : {}),
-            ...(agent.baseUrl ? { baseUrl: agent.baseUrl } : {}),
-            ...(agent.apiStyle ? { apiStyle: agent.apiStyle } : {}),
+            resolvedAuth: this.resolvedAuth ? {
+                ...this.resolvedAuth,
+                credential: this.resolvedAuth.credential ? { ...this.resolvedAuth.credential } : undefined,
+            } : undefined,
             projectDir: this.options.projectDir,
             userId: this.options.userId,
             mqttClient: this.options.mqttClient,
             permissionMode: this.options.permissionMode,
-            enabledTools: agent.enabledTools || this.options.enabledTools,
+            enabledTools: agent.enabledTools !== undefined ? agent.enabledTools : this.options.enabledTools,
+            enabledMcpTools: agent.enabledMcpTools !== undefined ? agent.enabledMcpTools : this.options.enabledMcpTools,
             systemPrompt: this.options.systemPrompt,
             mcpManager: this.options.mcpManager,
             agentName: agent.name,
-            resolvedAuth: agent.resolvedAuth || undefined,
-            ...(!agent.authMode && isOAuthBearer ? { authMode: 'oauth-bearer' } : {}),
         });
         this.loops.set(agent.id, loop);
     }
@@ -371,260 +315,22 @@ class BotManager {
     getDefaultLoop() {
         return this.loops.get('__default__');
     }
-    async fetchServerConfig() {
-        const { loadConfig, FUNOLIO_API_URL } = require('./config');
-        const cfg = loadConfig();
-        const authToken = cfg.auth?.token;
-        if (!authToken) {
-            console.warn(chalk_1.default.yellow('  [bot-manager] No auth token — cannot fetch config from server'));
-            return null;
-        }
-        try {
-            const res = await fetch(`${FUNOLIO_API_URL}/api/v1/agent/config`, {
-                headers: { Authorization: `Bearer ${authToken}` },
-            });
-            if (!res.ok)
-                return null;
-            return await res.json();
-        }
-        catch (err) {
-            console.warn(chalk_1.default.yellow(`  [bot-manager] Server config fetch failed: ${err?.message}`));
-            return null;
-        }
-    }
-    /**
-     * Re-fetch full config from server, returning the bot and its resolved credential.
-     * This is the single source of truth for bot credentials — no secrets over MQTT.
-     * Handles both API key and OAuth credential types.
-     */
-    async fetchBotFromServer(botId) {
-        const body = await this.fetchServerConfig();
-        if (!body)
-            return null;
-        return this.resolveBotFromConfig(botId, body);
-    }
-    /** Extract a single bot's credentials from a server config response */
-    resolveBotFromConfig(botId, body) {
-        const bot = (body.bots || []).find((b) => b.id === botId);
-        if (!bot?.llmProvider)
-            return null;
-        // Find the credential for this bot — match by provider id AND credential type
-        // Multiple providers can share the same id (e.g., two "openai" entries: one oauth, one apiKey)
-        const providers = body.providers || [];
-        const botRole = bot.role || bot.credentialSource; // "oauth", "apikey", "subscription"
-        let credential;
-        if (botRole === 'oauth') {
-            // OAuth bots → match provider with connectionType "oauth"
-            credential = providers.find((p) => p.id === bot.llmProvider && p.connectionType === 'oauth');
-        }
-        else if (botRole === 'apikey') {
-            // API key bots → prefer bot-specific key (label starts with "bot:"), then any apiKey type
-            credential = providers.find((p) => p.label?.startsWith('bot:') && p.id === bot.llmProvider && p.connectionType === 'apiKey')
-                || providers.find((p) => p.id === bot.llmProvider && p.connectionType === 'apiKey');
-        }
-        else if (botRole === 'subscription') {
-            // Subscription bots → match provider with connectionType "subscription"
-            credential = providers.find((p) => p.id === bot.llmProvider && p.connectionType === 'subscription');
-        }
-        // Fallback: any provider matching the bot's provider id
-        if (!credential) {
-            credential = providers.find((p) => p.id === bot.llmProvider);
-        }
-        if (!credential)
-            return null;
-        // Handle OAuth credentials (access_token/refresh_token) vs plain API keys
-        if (credential.connectionType === 'oauth' || credential.access_token) {
-            return {
-                provider: bot.llmProvider,
-                model: bot.llmModel || '',
-                name: bot.name,
-                oauthToken: credential.access_token,
-                oauthRefreshToken: credential.refresh_token,
-            };
-        }
-        return {
-            provider: bot.llmProvider,
-            model: bot.llmModel || '',
-            name: bot.name,
-            apiKey: credential.apiKey,
-        };
-    }
-    /**
-     * Fix B: Sync all cloud-configured bots at startup.
-     * Calls /api/v1/agent/config and starts loops for bots that aren't already running locally.
-     * This ensures bots created on the web UI are available without manual local config.
-     */
-    async syncBotsFromCloud() {
-        console.log(chalk_1.default.gray('  Syncing bot configs from cloud...'));
-        const body = await this.fetchServerConfig();
-        if (!body) {
-            console.log(chalk_1.default.gray('  Cloud sync skipped — no server config available'));
-            return;
-        }
-        const bots = body.bots || [];
-        let synced = 0;
-        for (const bot of bots) {
-            if (!bot.id || !bot.llmProvider)
-                continue;
-            // Skip if this bot already has a loop running (loaded from local config)
-            if (this.botIdToLoopId.has(bot.id) || this.loops.has(bot.id)) {
-                continue;
-            }
-            // Resolve credentials from the server config
-            const resolved = this.resolveBotFromConfig(bot.id, body);
-            if (!resolved) {
-                console.warn(chalk_1.default.yellow(`  ⚠ Cloud bot "${bot.name}" (${bot.llmProvider}) — no credentials found, skipping`));
-                continue;
-            }
-            // Resolve auth (handles OAuth token detection, refresh, baseUrl/apiStyle for OpenAI sub)
-            let provider = resolved.provider;
-            let model = resolved.model;
-            let apiKey = resolved.apiKey;
-            let oauthToken = resolved.oauthToken;
-            let authMode;
-            let baseUrl;
-            let apiStyle;
-            let resolvedAuth;
-            try {
-                const auth = await (0, auto_detect_1.resolveAuth)({
-                    provider,
-                    model,
-                    apiKey,
-                    oauthToken,
-                    oauthRefreshToken: resolved.oauthRefreshToken,
-                });
-                if (auth) {
-                    resolvedAuth = auth;
-                    provider = auth.provider;
-                    model = auth.model;
-                    apiKey = auth.source === 'api-key' || auth.source === 'env' ? auth.apiKey : undefined;
-                    oauthToken = auth.source === 'oauth' ? auth.apiKey : oauthToken;
-                    authMode = auth.authMode;
-                    baseUrl = auth.baseUrl;
-                    apiStyle = auth.apiStyle;
-                }
-            }
-            catch (err) {
-                console.warn(chalk_1.default.yellow(`  ⚠ Auth resolution failed for cloud bot "${bot.name}": ${err} — skipping`));
-                continue;
-            }
-            if (!apiKey && !oauthToken) {
-                console.warn(chalk_1.default.yellow(`  ⚠ No usable credentials for cloud bot "${bot.name}" (${provider}) — skipping`));
-                continue;
-            }
-            const effectiveKey = apiKey || oauthToken || '';
-            // Start the loop
-            this.startLoop({
-                id: bot.id,
-                name: bot.name,
-                provider,
-                model,
-                apiKey: effectiveKey,
-                oauthToken,
-                authMode,
-                baseUrl,
-                apiStyle,
-                resolvedAuth,
-            });
-            this.botIdToLoopId.set(bot.id, bot.id);
-            // Persist agent profile locally for prompt building
-            const profileFields = {
-                provider,
-                model,
-                name: bot.name,
-                permissionMode: default_tool_profile_1.DEFAULT_PERMISSION_MODE,
-                enabledBuiltinToolsJson: JSON.stringify([]),
-                enabledMcpToolsJson: JSON.stringify([]),
-                isActive: true,
-            };
-            const existing = data.getAgentProfile(bot.id);
-            if (existing) {
-                data.updateAgentProfile(bot.id, profileFields);
-            }
-            else {
-                data.createAgentProfile({
-                    ...profileFields,
-                    providerConnectionId: data.findProviderConnection(provider)?.id,
-                    isDefault: false,
-                });
-            }
-            synced++;
-            console.log(chalk_1.default.green(`  ✓ Cloud bot "${bot.name}" synced (${provider}/${model})`));
-        }
-        if (synced > 0) {
-            console.log(chalk_1.default.blue(`  ${synced} bot(s) synced from cloud`));
-        }
-        else {
-            console.log(chalk_1.default.gray('  No additional cloud bots to sync'));
-        }
-    }
-    /** Add a new agent — re-fetches config from server to get credentials */
-    async handleAgentAdd(command) {
+    /** Add a new agent — persists to config.agents[] */
+    handleAgentAdd(command) {
         if (!command.bot) {
             console.error(chalk_1.default.red('agent_add command missing agent payload'));
             return;
         }
         const agent = command.bot;
-        let provider = agent.provider;
-        let model = agent.model;
-        // Fail closed: if provider is missing, do not fall through to default
-        if (!provider) {
-            console.error(chalk_1.default.red(`✗ Agent "${agent.name}" has no provider binding — cannot start. Fix in Mission Control.`));
-            return;
-        }
-        // Re-fetch credentials from server (secrets stay on authenticated HTTPS, not MQTT)
-        const serverCreds = await this.fetchBotFromServer(agent.id);
-        let apiKey;
-        let oauthToken;
-        let oauthRefreshToken;
-        if (serverCreds) {
-            apiKey = serverCreds.apiKey;
-            oauthToken = serverCreds.oauthToken;
-            oauthRefreshToken = serverCreds.oauthRefreshToken;
-        }
-        else {
-            // Fallback: try local provider config
-            const { loadConfig, getProvider } = require('./config');
-            const localProvider = getProvider(loadConfig(), provider);
-            if (localProvider) {
-                apiKey = localProvider.apiKey;
-            }
-        }
-        if (!apiKey && !oauthToken) {
-            console.error(chalk_1.default.red(`✗ Agent "${agent.name}" (${provider}/${model}) has no credential binding — cannot start.`));
-            return;
-        }
-        // Resolve auth (handles OAuth → baseUrl/apiStyle for OpenAI subscription, token refresh, etc.)
-        let authMode;
-        let baseUrl;
-        let apiStyle;
-        let resolvedAuth;
-        try {
-            const auth = await (0, auto_detect_1.resolveAuth)({ provider, model, apiKey, oauthToken, oauthRefreshToken });
-            if (auth) {
-                resolvedAuth = auth;
-                provider = auth.provider;
-                model = auth.model;
-                apiKey = auth.source === 'api-key' || auth.source === 'env' ? auth.apiKey : undefined;
-                oauthToken = auth.source === 'oauth' ? auth.apiKey : oauthToken;
-                authMode = auth.authMode;
-                baseUrl = auth.baseUrl;
-                apiStyle = auth.apiStyle;
-            }
-        }
-        catch (err) {
-            console.warn(chalk_1.default.yellow(`  ⚠ Auth resolution failed for "${agent.name}": ${err}`));
-        }
-        const effectiveKey = apiKey || oauthToken || '';
         const existing = data.getAgentProfile(agent.id);
         const fields = {
-            provider,
-            model,
+            provider: agent.provider,
+            model: agent.model,
             name: agent.name,
-            permissionMode: agent.permissionMode || default_tool_profile_1.DEFAULT_PERMISSION_MODE,
+            permissionMode: agent.permissionMode || 'autopilot',
             finalPrompt: agent.systemPrompt || undefined,
             purposeMd: agent.agentDescription || undefined,
-            enabledBuiltinToolsJson: JSON.stringify((0, default_tool_profile_1.normalizeEnabledTools)(agent.enabledTools)),
+            enabledBuiltinToolsJson: JSON.stringify(agent.enabledTools || []),
             enabledMcpToolsJson: JSON.stringify(agent.enabledMcpTools || []),
             isActive: true,
         };
@@ -634,15 +340,16 @@ class BotManager {
         else {
             data.createAgentProfile({
                 ...fields,
-                providerConnectionId: data.findProviderConnection(provider)?.id,
+                providerConnectionId: data.findProviderConnection(agent.provider)?.id,
                 isDefault: false,
             });
         }
-        this.startLoop({ ...agent, provider, model, apiKey: effectiveKey, oauthToken, authMode, baseUrl, apiStyle, resolvedAuth });
+        this.startLoop(agent);
+        // Register botId → loopId mapping
         if (agent.id) {
             this.botIdToLoopId.set(agent.id, agent.id);
         }
-        console.log(chalk_1.default.green(`✓ Agent added: "${agent.name}" (${provider} / ${model})`));
+        console.log(chalk_1.default.green(`✓ Agent added: "${agent.name}" (${agent.provider} / ${agent.model})`));
     }
     /** Remove an agent — persists to config.agents[] */
     handleAgentRemove(command) {
@@ -661,72 +368,22 @@ class BotManager {
             console.log(chalk_1.default.gray(`  Agent "${agentId}" was not running`));
         }
     }
-    /** Update an agent — re-fetches config from server to get credentials */
-    async handleAgentUpdate(command) {
+    /** Update an agent — persists to config.agents[] */
+    handleAgentUpdate(command) {
         if (!command.bot) {
             console.error(chalk_1.default.red('agent_update command missing agent payload'));
             return;
         }
         const agent = command.bot;
-        let provider = agent.provider;
-        let model = agent.model;
         this.stopLoop(agent.id);
-        // Fail closed: if provider is missing, do not fall through to default
-        if (!provider) {
-            console.error(chalk_1.default.red(`✗ Agent "${agent.name}" has no provider binding — cannot update. Fix in Mission Control.`));
-            return;
-        }
-        // Re-fetch credentials from server
-        const serverCreds = await this.fetchBotFromServer(agent.id);
-        let apiKey;
-        let oauthToken;
-        let oauthRefreshToken;
-        if (serverCreds) {
-            apiKey = serverCreds.apiKey;
-            oauthToken = serverCreds.oauthToken;
-            oauthRefreshToken = serverCreds.oauthRefreshToken;
-        }
-        else {
-            const { loadConfig, getProvider } = require('./config');
-            const localProvider = getProvider(loadConfig(), provider);
-            if (localProvider) {
-                apiKey = localProvider.apiKey;
-            }
-        }
-        if (!apiKey && !oauthToken) {
-            console.error(chalk_1.default.red(`✗ Agent "${agent.name}" (${provider}/${model}) has no credential binding — cannot update.`));
-            return;
-        }
-        // Resolve auth (handles OAuth → baseUrl/apiStyle for OpenAI subscription, token refresh, etc.)
-        let authMode;
-        let baseUrl;
-        let apiStyle;
-        let resolvedAuth;
-        try {
-            const auth = await (0, auto_detect_1.resolveAuth)({ provider, model, apiKey, oauthToken, oauthRefreshToken });
-            if (auth) {
-                resolvedAuth = auth;
-                provider = auth.provider;
-                model = auth.model;
-                apiKey = auth.source === 'api-key' || auth.source === 'env' ? auth.apiKey : undefined;
-                oauthToken = auth.source === 'oauth' ? auth.apiKey : oauthToken;
-                authMode = auth.authMode;
-                baseUrl = auth.baseUrl;
-                apiStyle = auth.apiStyle;
-            }
-        }
-        catch (err) {
-            console.warn(chalk_1.default.yellow(`  ⚠ Auth resolution failed for "${agent.name}": ${err}`));
-        }
-        const effectiveKey = apiKey || oauthToken || '';
         const fields = {
-            provider,
-            model,
+            provider: agent.provider,
+            model: agent.model,
             name: agent.name,
-            permissionMode: agent.permissionMode || default_tool_profile_1.DEFAULT_PERMISSION_MODE,
+            permissionMode: agent.permissionMode || 'autopilot',
             finalPrompt: agent.systemPrompt || undefined,
             purposeMd: agent.agentDescription || undefined,
-            enabledBuiltinToolsJson: JSON.stringify((0, default_tool_profile_1.normalizeEnabledTools)(agent.enabledTools)),
+            enabledBuiltinToolsJson: JSON.stringify(agent.enabledTools || []),
             enabledMcpToolsJson: JSON.stringify(agent.enabledMcpTools || []),
             isActive: true,
         };
@@ -736,15 +393,22 @@ class BotManager {
         else {
             data.createAgentProfile({
                 ...fields,
-                providerConnectionId: data.findProviderConnection(provider)?.id,
+                providerConnectionId: data.findProviderConnection(agent.provider)?.id,
                 isDefault: false,
             });
         }
-        this.startLoop({ ...agent, provider, model, apiKey: effectiveKey, oauthToken, authMode, baseUrl, apiStyle, resolvedAuth });
+        this.startLoop(agent);
         if (agent.id) {
             this.botIdToLoopId.set(agent.id, agent.id);
         }
-        console.log(chalk_1.default.blue(`✓ Agent updated: "${agent.name}" (${provider} / ${agent.model})`));
+        console.log(chalk_1.default.blue(`✓ Agent updated: "${agent.name}" (${agent.provider} / ${agent.model})`));
+    }
+    /** Update OAuth token for all running loops (used by token refresh) */
+    updateDefaultToken(token) {
+        this.options.defaultOauthToken = token;
+        for (const [_id, loop] of this.loops) {
+            loop.updateToken(token);
+        }
     }
     async handleUpdateCommand(command) {
         console.log(chalk_1.default.cyan('⟳ Remote update requested via MQTT'));