nothumanallowed 9.5.2 → 9.6.0

package/src/config.mjs

@@ -283,8 +283,6 @@ export function setConfigValue(key, value) {
     'my-role': 'profile.role',
     'role': 'profile.role',
     'profile-notes': 'profile.notes',
-    'language': 'language',
-    'lang': 'language',
   };
 
   const resolved = aliases[key] || key;

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '9.5.2';
+export const VERSION = '9.6.0';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/services/google-oauth.mjs

@@ -11,9 +11,8 @@ import os from 'os';
 import { saveTokens, loadTokens, deleteTokens } from './token-store.mjs';
 import { info, ok, fail, warn } from '../ui.mjs';
 
-// NHA published OAuth client — same credentials as the mobile app
-const DEFAULT_CLIENT_ID = '740354841334-o0l6rhkn900jtjtfcls3bkr2n9f1l3tt.apps.googleusercontent.com';
-const DEFAULT_CLIENT_SECRET = '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';
+// NHA published OAuth client (Desktop app type — client_id is not a secret)
+const DEFAULT_CLIENT_ID = ''; // Will be set when Google Cloud project is verified
 const SCOPES = [
   'https://www.googleapis.com/auth/gmail.modify',
   'https://www.googleapis.com/auth/gmail.send',
@@ -80,7 +79,7 @@ function waitForCallback(state, port) {
         return;
       }
 
-      if (!code || !returnedState?.startsWith(state.split('|')[0])) {
+      if (!code || returnedState !== state) {
         res.writeHead(400, { 'Content-Type': 'text/html' });
         res.end('<html><body><h2>Invalid callback</h2><p>Missing code or state mismatch.</p></body></html>');
         server.close();
@@ -160,7 +159,20 @@ async function getUserEmail(accessToken) {
  */
 export async function runAuthFlow(config) {
   const clientId = config.google?.clientId || DEFAULT_CLIENT_ID;
-  const clientSecret = config.google?.clientSecret || DEFAULT_CLIENT_SECRET;
+  const clientSecret = config.google?.clientSecret || '';
+
+  if (!clientId) {
+    fail('Google OAuth client ID not configured.');
+    info('Get credentials from Google Cloud Console:');
+    info('  1. Go to https://console.cloud.google.com/apis/credentials');
+    info('  2. Create an OAuth 2.0 Client ID (Desktop app type)');
+    info('  3. Enable Gmail API and Calendar API');
+    info('  4. Run:');
+    info('     nha config set google-client-id YOUR_CLIENT_ID');
+    info('     nha config set google-client-secret YOUR_CLIENT_SECRET');
+    info('  5. Run: nha google auth');
+    return false;
+  }
 
   // Find available port
   let port = 0;
@@ -180,16 +192,13 @@ export async function runAuthFlow(config) {
     return false;
   }
 
-  // Use our server as OAuth redirect (same as mobile app)
-  // The callback page extracts the code and redirects to localhost
-  const serverRedirectUri = 'https://nothumanallowed.com/auth/callback';
-  const localCallbackUrl = `http://127.0.0.1:${port}/callback`;
+  const redirectUri = `http://127.0.0.1:${port}/callback`;
   const { verifier, challenge } = generatePKCE();
-  const state = crypto.randomBytes(32).toString('hex') + `|localhost:${port}`;
+  const state = crypto.randomBytes(32).toString('hex');
 
   const authUrl = new URL('https://accounts.google.com/o/oauth2/v2/auth');
   authUrl.searchParams.set('client_id', clientId);
-  authUrl.searchParams.set('redirect_uri', serverRedirectUri);
+  authUrl.searchParams.set('redirect_uri', redirectUri);
   authUrl.searchParams.set('response_type', 'code');
   authUrl.searchParams.set('scope', SCOPES);
   authUrl.searchParams.set('state', state);
@@ -206,7 +215,7 @@ export async function runAuthFlow(config) {
     const { code } = await waitForCallback(state, port);
     info('Authorization code received. Exchanging for tokens...');
 
-    const tokenData = await exchangeCode(code, verifier, clientId, clientSecret, serverRedirectUri);
+    const tokenData = await exchangeCode(code, verifier, clientId, clientSecret, redirectUri);
     const email = await getUserEmail(tokenData.access_token);
 
     const tokens = {

package/src/services/llm.mjs

@@ -275,144 +275,6 @@ export async function callLLM(config, systemPrompt, userMessage, opts = {}) {
   return callFn(apiKey, model, systemPrompt, userMessage, false);
 }
 
-/**
- * Call an LLM provider with streaming enabled.
- * Calls onToken(chunk) for each token, returns full text at the end.
- * @returns {Promise<string>} The full LLM response text.
- */
-export async function callLLMStream(config, systemPrompt, userMessage, onToken, opts = {}) {
-  const provider = opts.provider || config.llm.provider || 'anthropic';
-  const model = opts.model || config.llm.model || null;
-  const apiKey = getApiKey(config, provider);
-  if (!apiKey) throw new Error(`No API key for ${provider}`);
-
-  const callFn = getProviderCall(provider);
-  if (!callFn) throw new Error(`Unknown provider: ${provider}`);
-
-  // Gemini and Cohere don't support streaming — fall back to non-streaming
-  if (provider === 'gemini' || provider === 'cohere') {
-    const text = await callFn(apiKey, model, systemPrompt, userMessage, false);
-    if (onToken) onToken(text);
-    return text;
-  }
-
-  const format = provider === 'anthropic' ? 'anthropic' : 'openai';
-  const body = buildRequestBody(provider, model, systemPrompt, userMessage, true);
-  const url = getProviderUrl(provider, model, apiKey);
-  const headers = getProviderHeaders(provider, apiKey);
-
-  const res = await fetch(url, {
-    method: 'POST',
-    headers,
-    body: JSON.stringify(body),
-  });
-  if (!res.ok) {
-    const err = await res.text();
-    throw new Error(`${provider} ${res.status}: ${err}`);
-  }
-
-  return streamSSEWithCallback(res, format, onToken);
-}
-
-/** Build request body for a provider */
-function buildRequestBody(provider, model, systemPrompt, userMessage, stream) {
-  if (provider === 'anthropic') {
-    return {
-      model: model || 'claude-sonnet-4-20250514',
-      max_tokens: 8192,
-      system: systemPrompt,
-      messages: [{ role: 'user', content: userMessage }],
-      stream,
-    };
-  }
-  // OpenAI-compatible format (OpenAI, DeepSeek, Grok, Mistral)
-  const modelDefaults = {
-    openai: 'gpt-4o',
-    deepseek: 'deepseek-chat',
-    grok: 'grok-3-latest',
-    mistral: 'mistral-large-latest',
-  };
-  return {
-    model: model || modelDefaults[provider] || 'gpt-4o',
-    max_tokens: 8192,
-    messages: [
-      { role: 'system', content: systemPrompt },
-      { role: 'user', content: userMessage },
-    ],
-    stream,
-  };
-}
-
-/** Get provider API URL */
-function getProviderUrl(provider, model, apiKey) {
-  const urls = {
-    anthropic: 'https://api.anthropic.com/v1/messages',
-    openai: 'https://api.openai.com/v1/chat/completions',
-    deepseek: 'https://api.deepseek.com/v1/chat/completions',
-    grok: 'https://api.x.ai/v1/chat/completions',
-    mistral: 'https://api.mistral.ai/v1/chat/completions',
-  };
-  return urls[provider] || urls.openai;
-}
-
-/** Get provider request headers */
-function getProviderHeaders(provider, apiKey) {
-  if (provider === 'anthropic') {
-    return {
-      'Content-Type': 'application/json',
-      'x-api-key': apiKey,
-      'anthropic-version': '2023-06-01',
-    };
-  }
-  return {
-    'Content-Type': 'application/json',
-    'Authorization': `Bearer ${apiKey}`,
-  };
-}
-
-/** SSE stream parser with onToken callback (does NOT write to stdout directly) */
-async function streamSSEWithCallback(res, format, onToken) {
-  const reader = res.body.getReader();
-  const decoder = new TextDecoder();
-  let buffer = '';
-  let fullText = '';
-
-  while (true) {
-    const { done, value } = await reader.read();
-    if (done) break;
-
-    buffer += decoder.decode(value, { stream: true });
-    const lines = buffer.split('\n');
-    buffer = lines.pop() || '';
-
-    for (const line of lines) {
-      if (!line.startsWith('data: ')) continue;
-      const data = line.slice(6).trim();
-      if (data === '[DONE]') continue;
-
-      try {
-        const json = JSON.parse(data);
-        let chunk = '';
-
-        if (format === 'anthropic') {
-          if (json.type === 'content_block_delta') {
-            chunk = json.delta?.text || '';
-          }
-        } else {
-          chunk = json.choices?.[0]?.delta?.content || '';
-        }
-
-        if (chunk) {
-          fullText += chunk;
-          if (onToken) onToken(chunk);
-        }
-      } catch {}
-    }
-  }
-
-  return fullText;
-}
-
 /**
  * Call an agent by name — loads the agent file, calls LLM, returns response.
  * No streaming. Used by PAO pipeline for batch agent calls.

package/src/services/ops-daemon.mjs

@@ -36,8 +36,237 @@ const STATE_FILE = path.join(DAEMON_DIR, 'state.json');
 const LOG_FILE = path.join(DAEMON_DIR, 'daemon.log');
 const BRIEFS_DIR = path.join(NHA_DIR, 'ops', 'briefs');
 const INSIGHTS_DIR = path.join(NHA_DIR, 'ops', 'insights');
+const CRON_FILE = path.join(DAEMON_DIR, 'cron.json');
+const HEARTBEAT_FILE = path.join(DAEMON_DIR, 'heartbeat.json');
 const WS_PORT = 3848;
 
+// ── Cron / Heartbeat Persistence ────────────────────────────────────────────
+
+function loadCronJobs() {
+  if (!fs.existsSync(CRON_FILE)) return [];
+  try { return JSON.parse(fs.readFileSync(CRON_FILE, 'utf-8')); } catch { return []; }
+}
+
+function saveCronJobs(jobs) {
+  fs.mkdirSync(DAEMON_DIR, { recursive: true });
+  fs.writeFileSync(CRON_FILE, JSON.stringify(jobs, null, 2), { mode: 0o600 });
+}
+
+function loadHeartbeats() {
+  if (!fs.existsSync(HEARTBEAT_FILE)) return [];
+  try { return JSON.parse(fs.readFileSync(HEARTBEAT_FILE, 'utf-8')); } catch { return []; }
+}
+
+function saveHeartbeats(beats) {
+  fs.mkdirSync(DAEMON_DIR, { recursive: true });
+  fs.writeFileSync(HEARTBEAT_FILE, JSON.stringify(beats, null, 2), { mode: 0o600 });
+}
+
+/**
+ * Parse a human-readable schedule into a cron-like spec.
+ * Supports:
+ *   "every 5m" / "every 2h" / "every 30min"
+ *   "every monday 9am" / "every friday 17:00"
+ *   "every day 8:30" / "daily 9am"
+ *   "every hour"
+ *   "at 14:00" (once daily)
+ *
+ * Returns { type: 'interval'|'daily'|'weekly', intervalMs?, hour?, minute?, dayOfWeek? }
+ */
+function parseSchedule(schedule) {
+  const s = schedule.toLowerCase().trim();
+
+  // Interval: "every 5m", "every 2h", "every 30min", "every 1 hour"
+  const intervalMatch = s.match(/every\s+(\d+)\s*(m(?:in(?:utes?)?)?|h(?:ours?)?|s(?:ec(?:onds?)?)?)/);
+  if (intervalMatch) {
+    const num = parseInt(intervalMatch[1]);
+    const unit = intervalMatch[2][0]; // m, h, or s
+    const ms = unit === 'h' ? num * 3_600_000 : unit === 'm' ? num * 60_000 : num * 1_000;
+    return { type: 'interval', intervalMs: Math.max(ms, 60_000) }; // min 1 minute
+  }
+
+  // "every hour"
+  if (s === 'every hour' || s === 'hourly') {
+    return { type: 'interval', intervalMs: 3_600_000 };
+  }
+
+  // Weekly: "every monday 9am", "every friday 17:00"
+  const weeklyMatch = s.match(/every\s+(monday|tuesday|wednesday|thursday|friday|saturday|sunday)\s+(?:at\s+)?(\d{1,2})(?::(\d{2}))?\s*(am|pm)?/);
+  if (weeklyMatch) {
+    const days = { sunday: 0, monday: 1, tuesday: 2, wednesday: 3, thursday: 4, friday: 5, saturday: 6 };
+    let hour = parseInt(weeklyMatch[2]);
+    const minute = parseInt(weeklyMatch[3] || '0');
+    const ampm = weeklyMatch[4];
+    if (ampm === 'pm' && hour < 12) hour += 12;
+    if (ampm === 'am' && hour === 12) hour = 0;
+    return { type: 'weekly', dayOfWeek: days[weeklyMatch[1]], hour, minute };
+  }
+
+  // Daily: "every day 8:30", "daily 9am", "at 14:00"
+  const dailyMatch = s.match(/(?:every\s*day|daily|at)\s+(\d{1,2})(?::(\d{2}))?\s*(am|pm)?/);
+  if (dailyMatch) {
+    let hour = parseInt(dailyMatch[1]);
+    const minute = parseInt(dailyMatch[2] || '0');
+    const ampm = dailyMatch[3];
+    if (ampm === 'pm' && hour < 12) hour += 12;
+    if (ampm === 'am' && hour === 12) hour = 0;
+    return { type: 'daily', hour, minute };
+  }
+
+  return null;
+}
+
+/**
+ * Check if a cron job should run now (within the current minute).
+ */
+function shouldRunNow(spec, lastRun) {
+  const now = new Date();
+
+  if (spec.type === 'interval') {
+    if (!lastRun) return true;
+    return (now.getTime() - lastRun) >= spec.intervalMs;
+  }
+
+  if (spec.type === 'daily') {
+    const nowMinutes = now.getHours() * 60 + now.getMinutes();
+    const targetMinutes = spec.hour * 60 + spec.minute;
+    // Run if we're in the right minute and haven't run today
+    if (Math.abs(nowMinutes - targetMinutes) > 1) return false;
+    if (lastRun) {
+      const lastRunDate = new Date(lastRun);
+      if (lastRunDate.toDateString() === now.toDateString()) return false;
+    }
+    return true;
+  }
+
+  if (spec.type === 'weekly') {
+    if (now.getDay() !== spec.dayOfWeek) return false;
+    const nowMinutes = now.getHours() * 60 + now.getMinutes();
+    const targetMinutes = spec.hour * 60 + spec.minute;
+    if (Math.abs(nowMinutes - targetMinutes) > 1) return false;
+    if (lastRun) {
+      const lastRunDate = new Date(lastRun);
+      const daysDiff = (now.getTime() - lastRunDate.getTime()) / 86_400_000;
+      if (daysDiff < 1) return false;
+    }
+    return true;
+  }
+
+  return false;
+}
+
+/**
+ * Add a cron job. Returns the job object.
+ */
+export function addCronJob(schedule, prompt, options = {}) {
+  const spec = parseSchedule(schedule);
+  if (!spec) return { ok: false, error: `Cannot parse schedule: "${schedule}"` };
+
+  const jobs = loadCronJobs();
+  const job = {
+    id: crypto.randomUUID(),
+    schedule,
+    spec,
+    prompt,
+    agent: options.agent || null,    // null = auto-route
+    notify: options.notify !== false, // default: send notification
+    enabled: true,
+    createdAt: new Date().toISOString(),
+    lastRun: null,
+    lastResult: null,
+    runCount: 0,
+  };
+  jobs.push(job);
+  saveCronJobs(jobs);
+
+  // Notify daemon if running (it will pick up changes on next tick)
+  if (isRunning()) {
+    wsBroadcast({ type: 'cron_added', data: { id: job.id, schedule, prompt } });
+  }
+
+  return { ok: true, job };
+}
+
+/**
+ * Remove a cron job by ID or index.
+ */
+export function removeCronJob(idOrIndex) {
+  const jobs = loadCronJobs();
+  let removed;
+  if (typeof idOrIndex === 'number' || /^\d+$/.test(idOrIndex)) {
+    const idx = parseInt(idOrIndex) - 1; // 1-based
+    if (idx < 0 || idx >= jobs.length) return { ok: false, error: 'Invalid job index' };
+    removed = jobs.splice(idx, 1)[0];
+  } else {
+    const idx = jobs.findIndex(j => j.id === idOrIndex);
+    if (idx === -1) return { ok: false, error: 'Job not found' };
+    removed = jobs.splice(idx, 1)[0];
+  }
+  saveCronJobs(jobs);
+  return { ok: true, removed };
+}
+
+/**
+ * List all cron jobs.
+ */
+export function listCronJobs() {
+  return loadCronJobs();
+}
+
+/**
+ * Add a heartbeat (recurring prompt at fixed interval).
+ * Convenience wrapper over cron with interval spec.
+ */
+export function addHeartbeat(intervalStr, prompt, options = {}) {
+  return addCronJob(`every ${intervalStr}`, prompt, options);
+}
+
+/**
+ * Execute cron jobs that are due. Called from daemon loop.
+ */
+async function executeDueCronJobs(config) {
+  const jobs = loadCronJobs();
+  let changed = false;
+
+  for (const job of jobs) {
+    if (!job.enabled) continue;
+    if (!shouldRunNow(job.spec, job.lastRun)) continue;
+
+    log(`[Cron] Executing: "${job.prompt}" (schedule: ${job.schedule})`);
+
+    try {
+      const agent = job.agent || 'conductor';
+      const result = await callAgent(config, agent, job.prompt);
+      job.lastRun = Date.now();
+      job.lastResult = result.slice(0, 500); // cap stored result
+      job.runCount++;
+      changed = true;
+
+      log(`[Cron] Completed: "${job.prompt}" → ${result.slice(0, 100)}...`);
+
+      // Broadcast result to connected clients
+      wsBroadcast({
+        type: 'cron_result',
+        timestamp: new Date().toISOString(),
+        data: { id: job.id, schedule: job.schedule, prompt: job.prompt, result: result.slice(0, 500) },
+      });
+
+      // Send notification if enabled
+      if (job.notify) {
+        await notify('Scheduled Task', `${job.prompt}\n\n${result.slice(0, 200)}`, config);
+      }
+    } catch (err) {
+      log(`[Cron] Error executing "${job.prompt}": ${err.message}`);
+      job.lastRun = Date.now();
+      job.lastResult = `ERROR: ${err.message}`;
+      job.runCount++;
+      changed = true;
+    }
+  }
+
+  if (changed) saveCronJobs(jobs);
+}
+
 // ── Daemon Control ─────────────────────────────────────────────────────────
 
 /**
@@ -837,6 +1066,13 @@ async function daemonLoop() {
       }
     }
 
+    // ── User-defined Cron Jobs ────────────────────────────
+    try {
+      await executeDueCronJobs(config);
+    } catch (err) {
+      log(`[Cron] Execution error: ${err.message}`);
+    }
+
     // Reset daily flags at midnight
     if (currentTime === '00:00') {
       todayPlanDone = false;

package/src/services/screen-capture.mjs

@@ -0,0 +1,160 @@
+/**
+ * Screen Capture + Vision — captures desktop screenshots for LLM analysis.
+ *
+ * macOS:  screencapture -x (native, silent)
+ * Linux:  import -window root (ImageMagick) or gnome-screenshot or scrot
+ * Windows (WSL): PowerShell screenshot via clip
+ *
+ * Returns base64 PNG for multimodal LLM input.
+ * Zero npm dependencies.
+ */
+
+import { execSync } from 'child_process';
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+
+const SCREENSHOT_DIR = path.join(os.tmpdir(), 'nha-screenshots');
+
+/**
+ * Capture a screenshot of the desktop.
+ * @param {object} options
+ * @param {number} [options.monitor=1] - Monitor number (multi-monitor)
+ * @param {boolean} [options.base64=true] - Return base64 instead of file path
+ * @returns {{ ok: boolean, path?: string, base64?: string, error?: string, width?: number, height?: number }}
+ */
+export function captureScreen(options = {}) {
+  const { monitor = 1, base64: returnBase64 = true } = options;
+  const platform = os.platform();
+
+  fs.mkdirSync(SCREENSHOT_DIR, { recursive: true });
+  const filename = `screen-${Date.now()}.png`;
+  const filepath = path.join(SCREENSHOT_DIR, filename);
+
+  try {
+    if (platform === 'darwin') {
+      // macOS: native screencapture, -x = no sound
+      const monitorFlag = monitor > 1 ? `-D ${monitor}` : '';
+      execSync(`screencapture -x ${monitorFlag} "${filepath}"`, { timeout: 10_000 });
+    } else if (platform === 'linux') {
+      // Linux: try multiple tools in order of preference
+      const tools = [
+        { cmd: `gnome-screenshot -f "${filepath}"`, check: 'which gnome-screenshot' },
+        { cmd: `scrot "${filepath}"`, check: 'which scrot' },
+        { cmd: `import -window root "${filepath}"`, check: 'which import' },
+        { cmd: `grim "${filepath}"`, check: 'which grim' }, // Wayland
+      ];
+
+      let captured = false;
+      for (const tool of tools) {
+        try {
+          execSync(tool.check, { stdio: 'ignore' });
+          execSync(tool.cmd, { timeout: 10_000 });
+          captured = true;
+          break;
+        } catch { continue; }
+      }
+
+      if (!captured) {
+        return { ok: false, error: 'No screenshot tool found. Install: sudo apt install scrot' };
+      }
+    } else if (platform === 'win32') {
+      // Windows: PowerShell screenshot
+      const psScript = `
+        Add-Type -AssemblyName System.Windows.Forms
+        $screen = [System.Windows.Forms.Screen]::PrimaryScreen.Bounds
+        $bitmap = New-Object System.Drawing.Bitmap($screen.Width, $screen.Height)
+        $graphics = [System.Drawing.Graphics]::FromImage($bitmap)
+        $graphics.CopyFromScreen($screen.Location, [System.Drawing.Point]::Empty, $screen.Size)
+        $bitmap.Save('${filepath.replace(/\\/g, '\\\\')}')
+        $graphics.Dispose()
+        $bitmap.Dispose()
+      `.trim();
+      execSync(`powershell -Command "${psScript}"`, { timeout: 15_000 });
+    } else {
+      return { ok: false, error: `Unsupported platform: ${platform}` };
+    }
+
+    if (!fs.existsSync(filepath)) {
+      return { ok: false, error: 'Screenshot file not created' };
+    }
+
+    const stats = fs.statSync(filepath);
+    if (stats.size < 100) {
+      fs.rmSync(filepath, { force: true });
+      return { ok: false, error: 'Screenshot file is empty' };
+    }
+
+    const result = { ok: true, path: filepath };
+
+    if (returnBase64) {
+      const buf = fs.readFileSync(filepath);
+      // Resize if too large (>2MB) to save tokens
+      if (buf.length > 2_000_000) {
+        try {
+          // Try to resize with sips (macOS) or convert (Linux)
+          const resized = path.join(SCREENSHOT_DIR, `resized-${filename}`);
+          if (platform === 'darwin') {
+            execSync(`sips --resampleWidth 1280 "${filepath}" --out "${resized}"`, { stdio: 'ignore', timeout: 10_000 });
+          } else {
+            execSync(`convert "${filepath}" -resize 1280x "${resized}"`, { stdio: 'ignore', timeout: 10_000 });
+          }
+          if (fs.existsSync(resized)) {
+            result.base64 = fs.readFileSync(resized).toString('base64');
+            fs.rmSync(resized, { force: true });
+          } else {
+            result.base64 = buf.toString('base64');
+          }
+        } catch {
+          result.base64 = buf.toString('base64');
+        }
+      } else {
+        result.base64 = buf.toString('base64');
+      }
+    }
+
+    // Clean up old screenshots (keep last 5)
+    cleanupOldScreenshots();
+
+    return result;
+  } catch (err) {
+    return { ok: false, error: `Screenshot failed: ${err.message}` };
+  }
+}
+
+/**
+ * Clean up old screenshot files, keeping only the 5 most recent.
+ */
+function cleanupOldScreenshots() {
+  try {
+    const files = fs.readdirSync(SCREENSHOT_DIR)
+      .filter(f => f.startsWith('screen-') && f.endsWith('.png'))
+      .map(f => ({ name: f, path: path.join(SCREENSHOT_DIR, f), mtime: fs.statSync(path.join(SCREENSHOT_DIR, f)).mtimeMs }))
+      .sort((a, b) => b.mtime - a.mtime);
+
+    // Keep only last 5
+    for (const file of files.slice(5)) {
+      fs.rmSync(file.path, { force: true });
+    }
+  } catch { /* non-fatal */ }
+}
+
+/**
+ * Check if screen capture is available on this platform.
+ */
+export function isScreenCaptureAvailable() {
+  const platform = os.platform();
+  if (platform === 'darwin') return true; // screencapture always available
+  if (platform === 'win32') return true;  // PowerShell always available
+  if (platform === 'linux') {
+    const tools = ['gnome-screenshot', 'scrot', 'import', 'grim'];
+    for (const tool of tools) {
+      try {
+        execSync(`which ${tool}`, { stdio: 'ignore' });
+        return true;
+      } catch { continue; }
+    }
+    return false;
+  }
+  return false;
+}