nodal-agents 0.4.4 → 0.5.2

package/README.md

@@ -23,11 +23,13 @@ with **any LLM** — frontier or local, paid or free.
 | | |
 | --- | --- |
 | 🏠  **Local-first** | Single binary, embedded Postgres, zero cloud dependency. Your conversations, memory, and credentials stay on your machine. |
-| 🔌  **Any model, per agent** | Anthropic, OpenAI, Google, Groq, Mistral, OpenRouter, or any local model (LM Studio, Ollama). Setup is just an API key per provider — **each agent picks its own model**, so you can run Claude for the orchestrator and **DeepSeek V4** for the workers. The quirks of OSS frontier models (DeepSeek's non-spec tool args, Kimi/Qwen/GLM XML tool formats, and round-tripping a reasoning model's chain-of-thought across tool calls so MiniMax M3 / DeepSeek / Gemini 3 don't degrade mid-task) are handled automatically. |
+| 🔌  **Any model, per agent** | Anthropic, OpenAI, Google, Groq, Mistral, OpenRouter, **native DeepSeek** (`api.deepseek.com`) and **native MiniMax** (`api.minimax.io`), or any local model (LM Studio, Ollama). Setup is just an API key per provider — **each agent picks its own model**, so you can run Claude for the orchestrator and **DeepSeek V4** for the workers. The quirks of OSS frontier models (DeepSeek's non-spec tool args, Kimi/Qwen/GLM XML tool formats, and round-tripping a reasoning model's chain-of-thought across tool calls so MiniMax M3 / DeepSeek / Gemini 3 don't degrade mid-task) are handled automatically. |
 | 🛟  **Provider failover** | Give an agent a backup key chain — if its provider 5xx's, times out, or hits quota mid-job, the runner fails over to the next one and keeps going (and fails loud only when the whole chain is down). |
 | 🧠  **Memory that compounds** | Persistent facts (entity-scoped, auto-injected into every job) and chat-thread continuity (your agent remembers what it said 30 seconds ago — and what it said yesterday). |
-| 🤝  **Orchestrators that finish** | Router and planner orchestrators delegate to specialist sub-agents, then resume on completion to wrap up the answer. |
-| 🛡️  **Agents that don't lie, loop, or die** | Generic runtime guards: a per-job token budget and a no-progress detector kill runaway loops; a no-false-success guard refuses to report "done" when an action actually failed (fail loud, never fake it); turn/chain/delegation caps bound everything. |
+| 🤝  **Orchestrators that finish** | Every orchestrator picks the delegation style per request — route to one specialist and resume on its result, or fan out independent work to many sub-agents in parallel and compile their results — then wraps up the answer. |
+| 🌱  **Self-improving agents** | Opt-in learning loop: after a substantial job, an agent reflects on the transcript and writes itself a reusable skill; a weekly curator consolidates and prunes them. Every learned skill is reviewable, assignable, and revocable from the dashboard (off by default, per workspace). |
+| 📥  **Install any community skill** | Point it at any open `SKILL.md` — a GitHub repo, a skills.sh slug, or a ClawHub package — and it fetches, unpacks, and installs it as a first-class skill. Pure HTTPS fetch with SSRF allow-listing and zip-slip guards; bundled scripts are flagged, never executed. |
+| 🛡️  **Agents that don't lie, loop, or die** | Generic runtime guards: a per-job **real-dollar cost cap** (from the provider's actual billed cost) and a no-progress detector kill runaway loops; a no-false-success guard refuses to report "done" when an action actually failed; an atomic job claim prevents the same job running twice; and every failed or blocked job hands you a short, specific reason — never a silent stop. Turn/chain/delegation caps bound everything. |
 | 🔧  **Multi-instance connectors** | Gmail perso *and* Gmail boulot on the same install. OAuth *and* API-key supported. Active list + Marketplace UI in the dashboard. |
 | 🗂️  **Workspaces** | Multiple isolated workspaces on one install (personal vs work) — each with its own agents, skills, connectors, jobs and memory. Switch from the sidebar. |
 | 🤖  **Self-extending (ROOT agent)** | Designate an orchestrator as ROOT and let it create skills/agents and assign them on your behalf — gated by per-grant toggles and an autonomy level (propose-confirm → fully-autonomous). |
@@ -84,7 +86,7 @@ When a newer version is available, `nodal-agents up` also prints a one-line
 notice:
 
 ```
-ℹ v0.4.4 available — run `nodal-agents update`
+ℹ v0.5.1 available — run `nodal-agents update`
 ```
 
 ### Build from source
@@ -144,7 +146,8 @@ Delegations create child jobs that resume the parent on completion.
 | `/connectors` | Active connector instances + Marketplace (multi-instance, OAuth or API-key). |
 | `/mcp` | Active MCP servers + Marketplace — HTTP & stdio, a growing catalogue, plus add/edit your own custom servers. |
 | `/memories` | Persistent facts per entity — search, edit, archive. |
-| `/skills` | Assigned / Custom / Built-in Library tabs — reusable instructions appended to an agent's prompt; create your own or customise built-ins. |
+| `/skills` | Assigned / Custom / Built-in Library tabs — reusable instructions appended to an agent's prompt; create your own, customise built-ins, or install any community `SKILL.md` from GitHub / skills.sh / ClawHub. |
+| `/learned-skills` | Skills the agents wrote themselves (learning loop) — review, assign, archive, restore; toggle reflection + auto-assign per workspace. |
 | `/logs` | Tool-call audit — input/output JSON per call, filterable by tool name. |
 | `/approvals` | Human-in-the-loop gates for risky tools (and the ROOT agent's meta-tools under propose-confirm). |
 | `/automations` | Cron-scheduled agent triggers. |
@@ -212,7 +215,7 @@ pnpm deps:check   # runs locally and in CI before every release
 
 ## Status
 
-**Current release:** `0.4.4` on npm `latest`. Used daily by the
+**Current release:** `0.5.2` on npm `latest`. Used daily by the
 maintainer, stable enough for personal production. Pre-1.0 — breaking
 changes are still possible between minors.
 
@@ -220,26 +223,45 @@ changes are still possible between minors.
 
 - Multi-LLM, **per-agent model selection** — provider setup is just an API key
   (one per provider); each agent chooses its own model on top. Frontier and
-  local providers, including **DeepSeek V4** (non-spec tool-call args normalized
-  automatically) and **reasoning models like MiniMax M3** (their hidden
-  chain-of-thought is round-tripped across tool calls so they keep reasoning on
-  multi-turn tasks), plus native tool-call parsing for Kimi K2 / Qwen3-Coder / GLM
+  local providers, plus **native DeepSeek** (`api.deepseek.com`) and **native
+  MiniMax** (`api.minimax.io`) endpoints alongside OpenRouter — pick the route
+  per key. **DeepSeek V4** non-spec tool-call args are normalized automatically
+  and **reasoning models like MiniMax M3** have their hidden chain-of-thought
+  round-tripped across tool calls so they keep reasoning on multi-turn tasks,
+  plus native tool-call parsing for Kimi K2 / Qwen3-Coder / GLM
 - **Provider failover** — an opt-in ordered key chain per agent; on a 5xx /
   timeout / quota mid-job the runner fails over to the next key, and fails loud
   (`all_providers_failed`) only when the whole chain is exhausted
-- **Reliability guards (generic, model-agnostic)** — per-job token budget +
-  no-progress detector (kill runaway loops), a no-false-success guard that
-  refuses to complete a job as "success" when a tool action failed and was never
-  resolved (fail loud, never fake it), and context compaction that evicts stale
-  tool output before the model's context window overflows
-- **Diagnosable failures** — every failed job persists its full transcript and
-  the real upstream provider error (not an opaque "provider returned error"), so
-  you can see exactly what the agent did and why it stopped
+- **Reliability guards (generic, model-agnostic)** — a per-job **real-dollar
+  cost cap** (read from the provider's actually-billed cost, `cost_budget_exceeded`)
+  + token budget + no-progress / no-delivery detectors (kill runaway loops), an
+  **atomic job claim** so the same job never executes twice, a no-false-success
+  guard that refuses to complete a job as "success" when a tool action failed and
+  was never resolved (fail loud, never fake it), a **recoverable** path for a
+  mis-named tool call (a bounded "did you mean…" nudge, not an instant kill), and
+  context compaction that evicts stale tool output before the context window overflows
+- **Never a silent stop** — every failed *or blocked* job hands the user a short,
+  specific reason (in the agent's own words when it blocks), propagated up through
+  delegation; a blocked job is honestly `failed`, never a fake "completed"
+- **Diagnosable failures** — every failed job persists its full transcript, the
+  real upstream provider error (not an opaque "provider returned error"), and the
+  actual upstream that served each turn, so you can see exactly what the agent did
+  and why it stopped
+- **Self-improving agents (opt-in learning loop)** — after a substantial job, an
+  agent reflects on its transcript and writes itself a reusable skill (sandboxed
+  provenance); a weekly curator consolidates and prunes them. Review, assign,
+  archive or revoke every learned skill from `/learned-skills` (off by default,
+  per workspace; auto-assign or require approval)
+- **Install any community skill** — fetch any open `SKILL.md` from a GitHub repo,
+  a skills.sh slug, or a ClawHub package and install it as a first-class skill
+  (pure HTTPS, SSRF allow-list, zip-slip guard; bundled scripts flagged, never run)
 - Persistent memory (sanitation, dedup, importance ranking, auto-injection,
   feedback loop)
 - Session-thread continuity on chat channels (Telegram today)
-- Orchestrator (router + planner) with delegation chains that resume the
-  parent on completion
+- **Unified orchestrator** — every orchestrator gets both delegation styles and
+  picks per request: route to one specialist and resume on its result (router),
+  or fan out independent tasks to a parallel task board that compiles + delivers
+  the combined result (planner). One commits to a single style per job
 - Multi-instance connectors with OAuth (Gmail, Drive, Sheets, Docs, Notion,
   Airtable) and API-key (Notion, Airtable, Apify, Firecrawl, Tavily)
 - MCP catalog — Streamable HTTP *and* stdio (local subprocess) servers, API-key auth; a growing catalogue (Stripe, n8n, Supabase, Airtable, Notion…) with a "test pending" badge on entries not yet verified live, plus add *and edit* your own custom HTTP/stdio servers from the dashboard
@@ -248,14 +270,25 @@ changes are still possible between minors.
 - ROOT agent — your first orchestrator automatically becomes the workspace ROOT (the single top-level agent; later orchestrators slot under it). It can create *and update* skills, create agents and assign them, and create MCP servers + API connectors — each gated by per-grant toggles + an autonomy/approval level (powers start off, opt in per grant). Provisioning verifies before it writes (an MCP server is connected and its tools listed first); skill authoring is grounded in the workspace's real tools (a linter rejects skills referencing tools the agent doesn't have)
 - Office file editing — Excel in-place edit, Word/PowerPoint create, in the agent workspace (office-editing skill)
 - Multiple filesystem folders per agent (sandboxed `file_*` tools)
+- **Shell execution** — agents can run shell commands in their workspace
+  (`run_command`: install deps, run scripts, build steps) via an opt-in
+  `command-execution` skill. Safe-by-default: every command pauses for your
+  approval, with an optional per-agent auto-run ("Yolo"). On a shared / LAN
+  install auto-run is gated behind an explicit workspace-owner opt-in and
+  **enforced at execution time** — flip the workspace switch off and even an
+  already-trusted agent drops back to requiring approval. A live bell surfaces
+  pending approvals from anywhere in the dashboard
 - Telegram delivery (long-poll, group filters, multi-agent routing,
   delegation gracefulness) — exactly-once delivery contract: anti-spam guard
   against runaway message loops + a guard that re-prompts (then fails loud)
   rather than completing a job without ever replying
 - Approval gates for risky tools (execute-the-approved-action on resume) — on a chat channel, the agent sends a heads-up before the job pauses so the user knows an approval is waiting
 - Cron scheduling — trigger any automation out-of-band ("Run now") + opt-in Telegram confirmation when a scheduled job succeeds
+- Duplicate any automation in one click; opt-in retention to purge old terminal jobs
 - `nodal-agents update` — one-command upgrade + boot version notice
-- Encryption at rest for LLM keys + MCP keys
+- Encryption at rest for LLM keys + MCP keys; in LAN / multi-user modes the
+  runner requires a shared `WORKER_SECRET` on every mutating route (no
+  unauthenticated job/LLM spend from other devices on the network)
 - Embedded Postgres distribution via npm (no external DB to install)
 
 ### On the roadmap (genuine, not vaporware)

package/cli.js

@@ -11260,7 +11260,7 @@ var init_types2 = __esm({
 
 // ../../packages/shared/src/enums.ts
 import { z as z2 } from "zod";
-var JOB_CHANNELS, JobChannelSchema, JOB_STATUSES, JobStatusSchema, TASK_STATUSES, TaskStatusSchema, TASK_PRIORITIES, TaskPrioritySchema, AGENT_ROLES, AgentRoleSchema, ORCHESTRATOR_MODES, OrchestratorModeSchema, CONNECTOR_AUTH_TYPES, ConnectorAuthTypeSchema, APPROVAL_STATUSES, ApprovalStatusSchema, APPROVAL_RULE_ACTIONS, ApprovalRuleActionSchema, MEMORY_CATEGORIES, MemoryCategorySchema, MEMORY_SOURCES, MemorySourceSchema, MEMORY_LAYERS, MemoryLayerSchema, SCHEDULE_TYPES, ScheduleTypeSchema, SCHEDULE_LAST_STATUSES, ScheduleLastStatusSchema, RUN_KEY_SOURCES, RunKeySourceSchema, ENTITY_MEMBER_ROLES, EntityMemberRoleSchema, ENTITY_INDUSTRIES, EntityIndustrySchema, OPERATION_RISK_LEVELS, OperationRiskLevelSchema, PLUGIN_TYPES, PluginTypeSchema, PLUGIN_HOOKS, PluginHookSchema, MCP_TRANSPORTS, McpTransportSchema;
+var JOB_CHANNELS, JobChannelSchema, JOB_STATUSES, JobStatusSchema, TASK_STATUSES, TaskStatusSchema, TASK_PRIORITIES, TaskPrioritySchema, AGENT_ROLES, AgentRoleSchema, ORCHESTRATOR_MODES, OrchestratorModeSchema, CONNECTOR_AUTH_TYPES, ConnectorAuthTypeSchema, APPROVAL_STATUSES, ApprovalStatusSchema, APPROVAL_RULE_ACTIONS, ApprovalRuleActionSchema, MEMORY_CATEGORIES, MemoryCategorySchema, MEMORY_SOURCES, MemorySourceSchema, MEMORY_LAYERS, MemoryLayerSchema, SCHEDULE_TYPES, ScheduleTypeSchema, SCHEDULE_LAST_STATUSES, ScheduleLastStatusSchema, ENTITY_MEMBER_ROLES, EntityMemberRoleSchema, ENTITY_INDUSTRIES, EntityIndustrySchema, OPERATION_RISK_LEVELS, OperationRiskLevelSchema, PLUGIN_TYPES, PluginTypeSchema, PLUGIN_HOOKS, PluginHookSchema, MCP_TRANSPORTS, McpTransportSchema;
 var init_enums = __esm({
   "../../packages/shared/src/enums.ts"() {
     "use strict";
@@ -11310,8 +11310,6 @@ var init_enums = __esm({
     ScheduleTypeSchema = z2.enum(SCHEDULE_TYPES);
     SCHEDULE_LAST_STATUSES = ["success", "failed", "no_action"];
     ScheduleLastStatusSchema = z2.enum(SCHEDULE_LAST_STATUSES);
-    RUN_KEY_SOURCES = ["entity", "operator"];
-    RunKeySourceSchema = z2.enum(RUN_KEY_SOURCES);
     ENTITY_MEMBER_ROLES = ["owner", "admin", "member", "viewer"];
     EntityMemberRoleSchema = z2.enum(ENTITY_MEMBER_ROLES);
     ENTITY_INDUSTRIES = [
@@ -11342,7 +11340,7 @@ var init_enums = __esm({
 
 // ../../packages/shared/src/ids.ts
 import { z as z3 } from "zod";
-var EntityIdSchema, UserIdSchema, AgentIdSchema, JobIdSchema, TaskIdSchema, ConnectorIdSchema, SkillIdSchema, ToolCallIdSchema, ApprovalRequestIdSchema, ApprovalRuleIdSchema, MemoryIdSchema, WebhookTriggerIdSchema, ScheduleIdSchema, McpServerIdSchema, PluginIdSchema, LlmKeyIdSchema, AgentRunIdSchema;
+var EntityIdSchema, UserIdSchema, AgentIdSchema, JobIdSchema, TaskIdSchema, ConnectorIdSchema, SkillIdSchema, ToolCallIdSchema, ApprovalRequestIdSchema, ApprovalRuleIdSchema, MemoryIdSchema, WebhookTriggerIdSchema, ScheduleIdSchema, McpServerIdSchema, PluginIdSchema, LlmKeyIdSchema;
 var init_ids = __esm({
   "../../packages/shared/src/ids.ts"() {
     "use strict";
@@ -11362,7 +11360,6 @@ var init_ids = __esm({
     McpServerIdSchema = z3.string().guid().brand();
     PluginIdSchema = z3.string().guid().brand();
     LlmKeyIdSchema = z3.string().guid().brand();
-    AgentRunIdSchema = z3.string().guid().brand();
   }
 });
 
@@ -11994,44 +11991,6 @@ var init_llm_key = __esm({
   }
 });
 
-// ../../packages/shared/src/entities/agent-run.ts
-import { z as z18 } from "zod";
-var AgentRunSchema, AgentRunInsertSchema;
-var init_agent_run = __esm({
-  "../../packages/shared/src/entities/agent-run.ts"() {
-    "use strict";
-    init_enums();
-    AgentRunSchema = z18.object({
-      id: z18.string().guid(),
-      entity_id: z18.string().guid().nullable(),
-      agent_id: z18.string().guid().nullable(),
-      task: z18.string().min(1),
-      result: z18.string().nullable(),
-      success: z18.boolean(),
-      tools_used: z18.array(z18.string()),
-      tokens_used: z18.number().int().min(0).nullable(),
-      input_tokens: z18.number().int().min(0).nullable(),
-      output_tokens: z18.number().int().min(0).nullable(),
-      duration_ms: z18.number().int().min(0).nullable(),
-      key_source: RunKeySourceSchema.nullable(),
-      created_at: z18.string().datetime()
-    }).strict();
-    AgentRunInsertSchema = AgentRunSchema.omit({
-      id: true,
-      created_at: true
-    }).extend({
-      success: z18.boolean().default(true),
-      tools_used: z18.array(z18.string()).default([]),
-      result: z18.string().nullable().optional(),
-      tokens_used: z18.number().int().min(0).nullable().optional(),
-      input_tokens: z18.number().int().min(0).nullable().optional(),
-      output_tokens: z18.number().int().min(0).nullable().optional(),
-      duration_ms: z18.number().int().min(0).nullable().optional(),
-      key_source: RunKeySourceSchema.nullable().optional()
-    });
-  }
-});
-
 // ../../packages/shared/src/types/operation.ts
 var init_operation = __esm({
   "../../packages/shared/src/types/operation.ts"() {
@@ -12160,19 +12119,20 @@ var init_providers = __esm({
 });
 
 // ../../packages/shared/src/root-agent.ts
-import { z as z19 } from "zod";
+import { z as z18 } from "zod";
 var AutonomyLevelSchema, RootGrantsSchema;
 var init_root_agent = __esm({
   "../../packages/shared/src/root-agent.ts"() {
     "use strict";
-    AutonomyLevelSchema = z19.enum(["propose_confirm", "destructive_gate", "fully_autonomous"]);
-    RootGrantsSchema = z19.object({
-      createAgent: z19.boolean(),
-      createSkill: z19.boolean(),
-      updateSkill: z19.boolean(),
-      assignSkill: z19.boolean(),
-      createMcp: z19.boolean(),
-      createConnector: z19.boolean(),
+    AutonomyLevelSchema = z18.enum(["propose_confirm", "destructive_gate", "fully_autonomous"]);
+    RootGrantsSchema = z18.object({
+      createAgent: z18.boolean(),
+      attachAgent: z18.boolean(),
+      createSkill: z18.boolean(),
+      updateSkill: z18.boolean(),
+      assignSkill: z18.boolean(),
+      createMcp: z18.boolean(),
+      createConnector: z18.boolean(),
       autonomy: AutonomyLevelSchema
     });
   }
@@ -12212,7 +12172,6 @@ var init_src2 = __esm({
     init_skill();
     init_schedule();
     init_llm_key();
-    init_agent_run();
     init_operation();
     init_providers();
     init_root_agent();
@@ -12320,7 +12279,17 @@ var init_entities = __esm({
         // Default is an empty object — the runtime falls back to DEFAULT_ROOT_GRANTS.
         rootGrants: jsonb("root_grants").notNull().default(sql`'{}'::jsonb`),
         createdAt: timestamp("created_at", { withTimezone: true }).defaultNow(),
-        updatedAt: timestamp("updated_at", { withTimezone: true }).defaultNow()
+        updatedAt: timestamp("updated_at", { withTimezone: true }).defaultNow(),
+        lastCuratorRunAt: timestamp("last_curator_run_at", { withTimezone: true }),
+        reflectionEnabled: boolean("reflection_enabled").notNull().default(false),
+        // Controls whether agent-authored skills are auto-assigned to the authoring
+        // agent ('auto') or queued for the entity owner to approve ('approval').
+        skillAssignmentMode: text("skill_assignment_mode").notNull().default("approval").$type(),
+        // Allows the workspace OWNER to opt into Yolo (auto-approve run_command)
+        // even in non-local-trust (LAN/local-auth) mode. Off by default: in
+        // local-auth mode, commands always require approval unless the owner
+        // explicitly opts in here.
+        lanCommandYolo: boolean("lan_command_yolo").notNull().default(false)
       },
       (table) => [
         uniqueIndex("entities_mcp_token_idx").on(table.mcpToken),
@@ -12519,6 +12488,37 @@ var init_jobs = __esm({
         totalDurationMs: integer("total_duration_ms").default(0),
         inputTokens: integer("input_tokens").default(0),
         outputTokens: integer("output_tokens").default(0),
+        /**
+         * Cumulative EFFECTIVE (non-cached) input tokens = Σ(inputTokens −
+         * cachedInputTokens) per turn. The token budget (Guard 1a) measures this,
+         * not raw input, so a job that re-sends a prompt-cached history (cheap, the
+         * bulk read from cache) is not penalised as if every re-send were fresh.
+         * Persisted alongside input_tokens so the budget stays cumulative across
+         * self-chain resumes.
+         */
+        effectiveInputTokens: integer("effective_input_tokens").default(0),
+        /**
+         * Cumulative real dollar cost billed to the provider across all turns of
+         * this job (sum of per-call costs reported by the provider). Populated only
+         * when the provider reports per-call cost (OpenRouter with
+         * `usage:{include:true}`); undefined/null for providers that don't report it
+         * (Anthropic, Ollama, etc.). Used by the cost-budget guard (Guard 1e) and
+         * for cost observability in the dashboard.
+         *
+         * Stored as a real/float because sub-cent values are common (e.g. $0.00056).
+         * Cumulative across self-chain / approval / delegation resumes, exactly like
+         * effectiveInputTokens.
+         */
+        totalCostUsd: real("total_cost_usd").default(0),
+        /**
+         * The upstream provider that actually served the last LLM call for this job
+         * (e.g. 'DeepSeek' when an OpenRouter job was routed to the DeepSeek
+         * upstream via provider-order preference). Populated from
+         * `providerMetadata.openrouter.provider` on each LLM call; only the last
+         * non-empty value is stored. NULL for providers that don't report upstream
+         * identity (Anthropic, Ollama, etc.) or when the field was absent.
+         */
+        servedProvider: text("served_provider"),
         delegationDepth: integer("delegation_depth").default(0),
         /**
          * The slug of the last delegated child that failed on this parent job.
@@ -12924,12 +12924,38 @@ var init_skills = __esm({
         requiredConfig: jsonb("required_config").default(sql`'[]'::jsonb`),
         operations: jsonb("operations").default(sql`'[]'::jsonb`),
         requiredBuiltins: text("required_builtins").array().notNull().default(sql`'{}'::text[]`),
+        // ─── Community-installed skills (open Agent Skills / SKILL.md format) ───
+        // is_community = true for skills installed at runtime from an external
+        // source (vs system catalog or user-authored custom skills). source is the
+        // install origin (GitHub URL / skills.sh path). installed_scripts records
+        // the bundled scripts detected at install (.py/.sh/etc.) — surfaced to the
+        // user as a warning, since the runtime does NOT execute skill scripts.
+        isCommunity: boolean("is_community").notNull().default(false),
+        source: text("source"),
+        installedScripts: jsonb("installed_scripts").$type(),
+        // ─── Learning-loop columns (Phase A) ─────────────────────────────────────
+        // createdBy: provenance — 'user' (default) | 'system' | 'agent'
+        // state: lifecycle — 'active' (default) | 'stale' | 'archived'
+        // lastUsedAt: fire-and-forget timestamp bumped each job, NULL = never used
+        // patchCount: agent-authored patches applied so far
+        // archivedAt: when the skill moved to state='archived' (NULL while active)
+        createdBy: text("created_by").notNull().default("user"),
+        // Which agent authored this skill (populated by the Tier-1 reflection pass).
+        // NULL for user/system skills and curator umbrella skills (created_by_agent_id=null).
+        createdByAgentId: uuid("created_by_agent_id").references(() => agents.id, {
+          onDelete: "set null"
+        }),
+        state: text("state").notNull().default("active"),
+        lastUsedAt: timestamp("last_used_at", { withTimezone: true }),
+        patchCount: integer("patch_count").notNull().default(0),
+        archivedAt: timestamp("archived_at", { withTimezone: true }),
         createdAt: timestamp("created_at", { withTimezone: true }).defaultNow(),
         updatedAt: timestamp("updated_at", { withTimezone: true }).defaultNow()
       },
       (table) => [
         index("idx_agent_skills_entity_id").on(table.entityId),
-        index("idx_skills_active").on(table.active, table.slug)
+        index("idx_skills_active").on(table.active, table.slug),
+        index("idx_agent_skills_is_community").on(table.isCommunity)
       ]
     );
     skillVersions = pgTable(
@@ -13022,46 +13048,6 @@ var init_schedules = __esm({
   }
 });
 
-// ../../packages/db/src/schema/runs.ts
-var agentRuns;
-var init_runs = __esm({
-  "../../packages/db/src/schema/runs.ts"() {
-    "use strict";
-    init_pg_core();
-    init_drizzle_orm();
-    init_entities();
-    init_agents();
-    agentRuns = pgTable(
-      "agent_runs",
-      {
-        id: uuid("id").primaryKey().defaultRandom(),
-        entityId: uuid("entity_id").references(() => entities.id, { onDelete: "cascade" }),
-        agentId: uuid("agent_id").references(() => agents.id, { onDelete: "cascade" }),
-        task: text("task").notNull(),
-        result: text("result"),
-        success: boolean("success").default(true),
-        toolsUsed: text("tools_used").array().default(sql`'{}'::text[]`),
-        tokensUsed: integer("tokens_used"),
-        inputTokens: integer("input_tokens"),
-        outputTokens: integer("output_tokens"),
-        durationMs: integer("duration_ms"),
-        keySource: text("key_source"),
-        createdAt: timestamp("created_at", { withTimezone: true }).defaultNow()
-      },
-      (table) => [
-        index("idx_agent_runs_entity_id").on(table.entityId),
-        index("idx_agent_runs_agent_created").on(table.agentId, sql`${table.createdAt} DESC`),
-        index("idx_runs_agent").on(table.agentId, sql`${table.createdAt} DESC`),
-        index("idx_runs_recent").on(sql`${table.createdAt} DESC`),
-        check(
-          "agent_runs_key_source_check",
-          sql`${table.keySource} IN ('entity','operator') OR ${table.keySource} IS NULL`
-        )
-      ]
-    );
-  }
-});
-
 // ../../packages/db/src/schema/mcp.ts
 var mcpServers, agentMcpServers, mcpConnections;
 var init_mcp = __esm({
@@ -13385,7 +13371,6 @@ __export(schema_exports, {
   ORCHESTRATOR_MODES: () => ORCHESTRATOR_MODES,
   PLUGIN_HOOKS: () => PLUGIN_HOOKS,
   PLUGIN_TYPES: () => PLUGIN_TYPES,
-  RUN_KEY_SOURCES: () => RUN_KEY_SOURCES,
   SCHEDULE_LAST_STATUSES: () => SCHEDULE_LAST_STATUSES,
   SCHEDULE_TYPES: () => SCHEDULE_TYPES,
   TASK_PRIORITIES: () => TASK_PRIORITIES,
@@ -13398,7 +13383,6 @@ __export(schema_exports, {
   agentMcpServers: () => agentMcpServers,
   agentMemory: () => agentMemory,
   agentPlugins: () => agentPlugins,
-  agentRuns: () => agentRuns,
   agentSchedules: () => agentSchedules,
   agentSkillAssignments: () => agentSkillAssignments,
   agentSkills: () => agentSkills,
@@ -13445,7 +13429,6 @@ var init_schema2 = __esm({
     init_skills();
     init_schedules();
     init_llm_keys();
-    init_runs();
     init_mcp();
     init_misc();
     init_auth();
@@ -13527,6 +13510,14 @@ var init_skills2 = __esm({
   }
 });
 
+// ../../packages/db/src/repos/retention.ts
+var init_retention = __esm({
+  "../../packages/db/src/repos/retention.ts"() {
+    "use strict";
+    init_schema2();
+  }
+});
+
 // ../../packages/db/src/index.ts
 var init_src4 = __esm({
   "../../packages/db/src/index.ts"() {
@@ -13537,6 +13528,7 @@ var init_src4 = __esm({
     init_credentials2();
     init_agents2();
     init_skills2();
+    init_retention();
     init_drizzle_orm();
   }
 });
@@ -13666,7 +13658,9 @@ function buildEnvForWeb(config, databaseUrl) {
   const bind = config.bind === "loopback" ? "127.0.0.1" : "0.0.0.0";
   const env = {
     DATABASE_URL: databaseUrl,
-    RUNNER_URL: `http://localhost:${config.ports.runner}`,
+    // 127.0.0.1, not localhost: on Windows localhost prefers IPv6 (::1), letting a
+    // foreign IPv6 server on the runner port silently steal the web→runner traffic.
+    RUNNER_URL: `http://127.0.0.1:${config.ports.runner}`,
     AUTH_MODE: authMode,
     // Expose auth mode to the client so login/page.tsx can render the right form.
     NEXT_PUBLIC_AUTH_MODE: authMode,
@@ -14008,17 +14002,13 @@ async function runUp(opts = {}) {
       await stopOrphanPostgres();
       if (isPidAlive(pgOrphan.pid)) {
         try {
-          if (process.platform === "win32") {
-            await execa4("taskkill", ["/T", "/F", "/PID", String(pgOrphan.pid)], { reject: false });
-          } else {
-            process.kill(pgOrphan.pid, "SIGKILL");
-          }
+          process.kill(pgOrphan.pid, "SIGKILL");
         } catch {
         }
         await waitForPidDead(pgOrphan.pid, 5e3);
       }
       if (isPidAlive(pgOrphan.pid)) {
-        const killCmd = process.platform === "win32" ? `taskkill /T /F /PID ${pgOrphan.pid}` : `kill -9 ${pgOrphan.pid}`;
+        const killCmd = process.platform === "win32" ? `powershell Stop-Process -Id ${pgOrphan.pid} -Force` : `kill -9 ${pgOrphan.pid}`;
         throw new Error(
           `An orphaned Postgres (pid ${pgOrphan.pid}) is still running and holds the shared-memory block for the data dir. Rotating ports won't help \u2014 the SHM segment is keyed to the data dir, not the port.
   Fix: run \`nodal-agents down\`, then \`${killCmd}\`. If it persists, reboot to clear the orphan kernel object. No data is lost \u2014 pg-data is preserved.`

package/migrations/0035_community_agent_skills.sql

@@ -0,0 +1,13 @@
+-- Community-installed skills (open Agent Skills / SKILL.md format).
+-- is_community marks a skill installed at runtime from an external source (vs a
+-- system-catalog skill or a user-authored custom skill). source records the
+-- install origin (GitHub URL / skills.sh path) and doubles as the reinstall key.
+-- installed_scripts lists the bundled scripts detected at install (.py/.sh/...)
+-- — surfaced to the user as a warning, because the runtime does NOT execute
+-- skill scripts (agents act through a controlled tool whitelist).
+ALTER TABLE "agent_skills"
+  ADD COLUMN IF NOT EXISTS "is_community" boolean DEFAULT false NOT NULL,
+  ADD COLUMN IF NOT EXISTS "source" text,
+  ADD COLUMN IF NOT EXISTS "installed_scripts" jsonb;
+
+CREATE INDEX IF NOT EXISTS "idx_agent_skills_is_community" ON "agent_skills" ("is_community");

package/migrations/0036_agent_jobs_effective_input_tokens.sql

@@ -0,0 +1,18 @@
+-- Cache-aware token budget (Guard 1a). The cumulative per-job token budget now
+-- counts EFFECTIVE (non-cached) input — inputTokens minus cachedInputTokens —
+-- so a job that re-sends a prompt-cached history (cheap, ~10x via caching) is
+-- no longer killed at the budget wall as if every re-send were fresh tokens.
+-- This column persists the cumulative effective-input across self-chain resumes,
+-- mirroring input_tokens / output_tokens.
+ALTER TABLE "agent_jobs"
+  ADD COLUMN IF NOT EXISTS "effective_input_tokens" integer DEFAULT 0;
+
+-- Backfill in-flight (resumable) jobs conservatively: seed effective from the
+-- already-accumulated raw input so a resume AFTER this migration never
+-- under-counts (treats prior raw as fully effective). Terminal jobs never
+-- resume, so this only matters for jobs suspended in awaiting_* at upgrade time.
+UPDATE "agent_jobs"
+SET "effective_input_tokens" = COALESCE("input_tokens", 0)
+WHERE COALESCE("effective_input_tokens", 0) = 0
+  AND COALESCE("input_tokens", 0) > 0
+  AND "completed_at" IS NULL;

package/migrations/0037_agent_jobs_total_cost_usd.sql

@@ -0,0 +1,11 @@
+-- Real dollar cost budget (Guard 1e). Track what was ACTUALLY BILLED per job
+-- (not token proxies) so the runner can enforce a hard dollar cap and the
+-- dashboard can surface real $/job cost. Populated by OpenRouter when
+-- `usage:{include:true}` is sent — `usage.cost` in the response lands in
+-- providerMetadata.openrouter.usage.cost on the AI SDK result. NULL / 0 for
+-- providers that don't report per-call cost (Anthropic, Ollama, etc.).
+--
+-- Stored as real (float4) — sub-cent values are common (e.g. $0.00056).
+-- Default 0 so existing rows are valid without a backfill.
+ALTER TABLE "agent_jobs"
+  ADD COLUMN IF NOT EXISTS "total_cost_usd" real DEFAULT 0;

package/migrations/0038_agent_jobs_served_provider.sql

@@ -0,0 +1,7 @@
+-- Served-upstream observability (P0-B). Tracks which upstream provider actually
+-- handled a given job execution (e.g. 'DeepSeek' when routed via OpenRouter's
+-- provider-order preference). Populated from providerMetadata.openrouter.provider
+-- on each LLM call; only the LAST non-empty value is stored per job. NULL for
+-- providers that don't report upstream identity (Anthropic, Ollama, etc.).
+ALTER TABLE "agent_jobs"
+  ADD COLUMN IF NOT EXISTS "served_provider" text;

package/migrations/0039_agent_skills_learning_loop.sql

@@ -0,0 +1,20 @@
+-- Learning-loop columns for agent_skills (Phase A).
+-- created_by: provenance — who created this skill ('user' | 'system' | 'agent').
+--   Default 'user' for forward-compatibility; backfilled to 'system' for
+--   community/bundled skills below.
+-- state: lifecycle state — 'active' (default) | 'stale' | 'archived'.
+--   No hard-delete path — skills are archived, never deleted.
+-- last_used_at: fire-and-forget timestamp, bumped each time the skill is injected
+--   into a job's system prompt. NULL = never used. Used to surface stale skills.
+-- patch_count: how many agent-authored patches have been applied. Starts at 0.
+-- archived_at: when the skill was moved to state='archived'. NULL while active.
+
+ALTER TABLE "agent_skills"
+  ADD COLUMN IF NOT EXISTS "created_by" text NOT NULL DEFAULT 'user',
+  ADD COLUMN IF NOT EXISTS "state" text NOT NULL DEFAULT 'active',
+  ADD COLUMN IF NOT EXISTS "last_used_at" timestamptz,
+  ADD COLUMN IF NOT EXISTS "patch_count" integer NOT NULL DEFAULT 0,
+  ADD COLUMN IF NOT EXISTS "archived_at" timestamptz;
+
+-- Backfill: community/bundled skills are 'system' provenance
+UPDATE "agent_skills" SET "created_by" = 'system' WHERE "is_community" = true;

package/migrations/0040_entities_last_curator_run.sql

@@ -0,0 +1,7 @@
+-- Tier-2 CURATOR cadence tracker.
+-- Per-entity timestamp of the last LLM consolidation pass. NULL = never run.
+-- Used by run-curator.ts to gate the first-run-deferred pattern (skip first
+-- run, set to now(), run on subsequent ticks beyond CURATOR_INTERVAL_DAYS).
+
+ALTER TABLE "entities"
+  ADD COLUMN IF NOT EXISTS "last_curator_run_at" timestamptz;

package/migrations/0041_reflection_enabled.sql

@@ -0,0 +1 @@
+ALTER TABLE entities ADD COLUMN reflection_enabled boolean NOT NULL DEFAULT false;

package/migrations/0042_drop_agent_runs.sql

@@ -0,0 +1 @@
+DROP TABLE IF EXISTS "agent_runs" CASCADE;

package/migrations/0043_skill_assignment.sql

@@ -0,0 +1,2 @@
+ALTER TABLE entities ADD COLUMN skill_assignment_mode text NOT NULL DEFAULT 'approval';
+ALTER TABLE agent_skills ADD COLUMN created_by_agent_id uuid REFERENCES agents(id) ON DELETE SET NULL;

package/migrations/0044_entities_lan_command_yolo.sql

@@ -0,0 +1 @@
+ALTER TABLE "entities" ADD COLUMN "lan_command_yolo" boolean DEFAULT false NOT NULL;