omnikey-cli 1.0.16 → 1.0.18

package/README.md

@@ -6,6 +6,7 @@ A command-line tool for onboarding users to the Omnikey open-source app, configu
 
 OmnikeyAI is a productivity tool that helps you quickly rewrite selected text using your preferred LLM provider. The CLI allows you to configure and run the backend daemon on your local machine, manage your API keys, choose your LLM provider (OpenAI, Anthropic, or Gemini), and optionally configure the web search tool.
 
+- Website: [omnikeyai.ca](https://omnikeyai.ca)
 - For more details about the app and its features, see the [main README](https://github.com/GurinderRawala/OmniKey-AI).
 - Download the latest macOS app here: [Download OmniKeyAI for macOS](https://omnikeyai-saas-fmytqc3dra-uc.a.run.app/macos/download)
 - Download the latest Windows app here: [Download OmniKeyAI for Windows](https://omnikeyai-saas-fmytqc3dra-uc.a.run.app/windows/download)
@@ -33,16 +34,45 @@ omnikey daemon --port 7071
 # Kill the daemon
 omnikey kill-daemon
 
-# Remove the config directory and SQLite database (and persistence agent)
+# Restart the daemon (kill + start in one step)
+omnikey restart-daemon --port 7071
+
+# Show current configuration (API keys are masked)
+omnikey config
+
+# Set a single configuration value
+omnikey set OMNIKEY_PORT 8080
+
+# Remove the config directory (keeps SQLite database)
 omnikey remove-config
 
+# Remove config and also the SQLite database
+omnikey remove-config --db
+
 # Check daemon status
 omnikey status
 
 # Check daemon logs
 omnikey logs --lines 100
+
+# Check daemon error logs only
+omnikey logs --errors
 ```
 
+### Command reference
+
+| Command | Description |
+|---|---|
+| `omnikey onboard` | Interactive setup for LLM provider and web search |
+| `omnikey daemon [--port]` | Start the backend daemon (default port: 7071) |
+| `omnikey kill-daemon` | Stop the running daemon |
+| `omnikey restart-daemon [--port]` | Kill and restart the daemon |
+| `omnikey config` | Display current config with masked API keys |
+| `omnikey set <key> <value>` | Update a single config value |
+| `omnikey remove-config [--db]` | Remove config files; add `--db` to also delete the database |
+| `omnikey status` | Show what process is using the daemon port |
+| `omnikey logs [--lines N] [--errors]` | Tail daemon logs |
+
 ## Platform notes
 
 ### macOS
@@ -51,9 +81,49 @@ The daemon is registered as a **launchd agent** (`~/Library/LaunchAgents/com.omn
 
 ### Windows
 
-The daemon is registered as a **Windows Task Scheduler** task (`OmnikeyDaemon`) that runs at every logon. A wrapper script (`~/.omnikey/start-daemon.cmd`) is generated to set the required environment variables before launching the Node.js backend.
+The daemon runs as a **Windows Service** managed by [NSSM (Non-Sucking Service Manager)](https://nssm.cc/). This gives it production-grade persistence:
+
+| Behaviour | Detail |
+|---|---|
+| Starts on boot | Runs as `SERVICE_AUTO_START` — no login required |
+| Auto-restarts on crash | Restarts after a 3-second delay on any unexpected exit |
+| Runs in the background | No console window, no logged-in user needed |
+| Log rotation | stdout/stderr written to `~/.omnikey/daemon.log` and `daemon-error.log` with rotation enabled |
+
+#### Prerequisites
+
+NSSM must be installed and the command must be run from an **elevated (Administrator) terminal**.
+
+If NSSM is not found, `omnikey daemon` will prompt you:
+
+```
+? NSSM is required but not found. Install it now via winget? (Y/n)
+```
+
+Answering **Y** runs `winget install nssm` automatically and continues setup. Alternatively install it manually:
+
+```sh
+winget install nssm          # Windows Package Manager (built-in on Win 10/11)
+scoop install nssm           # Scoop
+choco install nssm           # Chocolatey
+```
 
-> **Note:** `schtasks` is a built-in Windows command — no third-party tools or administrator rights are required for user-level scheduled tasks.
+#### Service management
+
+```sh
+# View service status in Services console
+services.msc
+
+# Or via the command line
+sc query OmnikeyDaemon
+
+# Stop / start manually
+nssm stop OmnikeyDaemon
+nssm start OmnikeyDaemon
+
+# Uninstall (also done automatically by omnikey kill-daemon / remove-config)
+nssm remove OmnikeyDaemon confirm
+```
 
 Commands that query process state use `netstat` (instead of `lsof`) on Windows, and process termination uses `taskkill` (instead of `SIGTERM`).
 

package/backend-dist/agent/agentPrompts.js

@@ -2,96 +2,63 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getAgentPrompt = getAgentPrompt;
 const config_1 = require("../config");
-function getAgentPrompt(platform) {
+function getAgentPrompt(platform, hasTaskInstructions) {
     const isWindows = config_1.config.terminalPlatform?.toLowerCase() === 'windows' || platform?.toLowerCase() === 'windows';
-    const windowsShellScriptInstructions = `
-\`\`\`
-<shell_script>
-# your commands here
-</shell_script>
-\`\`\`
-
-Follow these guidelines:
-
-- Use a single, self-contained PowerShell script per response; do not send multiple \`<shell_script>\` blocks in one turn.
-- Inside the script, group related commands logically and add brief inline comments only when they clarify non-obvious or complex steps.
-- Prefer safe, idempotent commands that can be run multiple times without unintended side effects.
-- Never use elevated privileges (do not use \`sudo\`, \`Run as Administrator\`, or equivalent).
-- Use PowerShell cmdlets and syntax (for example, \`Get-ChildItem\`, \`Select-Object\`, \`Where-Object\`) rather than cmd.exe or bash equivalents.`;
     return `
-You are an AI assistant capable of reasoning about user situations and executing shell scripts in a terminal environment. You have full access to the terminal.
-
-Your responsibilities are:
-1. **Read and respect stored instructions**: When provided with \`<stored_instructions>\`, follow them carefully regarding behavior, focus areas, and output style.
-2. **Process user input**: Analyze what the user has typed or requested.
-3. **Gather context when needed**: Decide if additional machine-level information is required. If so, generate appropriate shell scripts to collect it.
-4. **Produce a complete answer**: Combine results from any previously executed scripts, the stored instructions, and the user input to deliver a helpful final response.
+You are an AI assistant with full terminal access. You reason about user requests and execute shell scripts to gather live data.
 
-**Guidelines for script generation:**
-- Create only safe, read-only commands focused on inspection, diagnostics, and information gathering.
-- Do not generate commands that install software, modify user data, or change system settings.
-- Never ask the user to run commands with \`sudo\` or administrator/root privileges.
-- Ensure all commands are compatible with ${!isWindows ? 'macOS and Linux; avoid Windows-specific commands.' : 'Use Windows-specific commands; avoid macOS and Linux-specific commands.'}
-- Scripts must be self-contained and ready to run without requiring the user to edit them.
+**Input:**
+${hasTaskInstructions
+        ? `- Follow \`<stored_instructions>\` for behavior, priorities, and output style. Apply them to the goal in \`<user_input>\`.`
+        : `- \`<user_input>\` contains \`@omniAgent <question/command>\`. Everything after \`@omniAgent\` is your directive; surrounding text is context.`}
+- Priority order for conflicts: system rules > stored instructions > user input.
 
-When you generate shell scripts, make them clear, efficient, and focused on gathering the information needed to answer the user's question or complete their request.
+**When to use shell scripts:**
+- Default to a \`<shell_script>\` for anything involving the machine, network, files, processes, env vars, or system state — never answer these from training data alone.
+- Scripts must be safe and read-only (inspection/diagnostics only). No installs, no data modification, no system changes, no sudo/admin privileges.
+- Use ${!isWindows ? 'bash (macOS/Linux)' : 'PowerShell'}. Scripts must be self-contained and ready to run as-is.
+- One comprehensive script per turn; wait for output only if you genuinely need it to proceed.
+- Skip the script only for purely factual/conversational requests with no live data dependency (e.g. "what is 2+2").
 
-**Instruction handling:**
-- Treat stored task instructions (if present) as authoritative for how to prioritize, what to examine, and how to format your answer, as long as they do not conflict with system rules or safety guidelines.
-- Treat the current user input as the immediate goal or question you must solve, applying the stored instructions to that specific situation.
-- If there is a conflict, follow: system rules first, then stored instructions, then ad-hoc guidance in the current input.
+**When to use web tools:**
+- Use the built-in \`web_fetch\` tool when the user provides a URL that must be retrieved.
+- Use the built-in \`web_search\` tool when the user asks to search online, or when current information (prices, docs, recent events) is needed.
+- If a request needs BOTH machine data AND web search: emit a \`<shell_script>\` first → wait for \`TERMINAL OUTPUT:\` → then call the web tool with concrete values. Never use placeholders like "my IP" in a web query.
 
-**Web tools:**
-You have access to web tools, but you must use them sparingly and only when explicitly required:
-- \`web_fetch(url)\`: Only call this when the user has provided a specific URL in their current input or stored instructions and you need to retrieve its contents.
-- \`web_search(query)\`: Only call this when the user has explicitly asked you to search the web or look something up online.
+**Incoming message tags:**
+- \`TERMINAL OUTPUT:\` — stdout/stderr from a prior script. Use it to continue reasoning or emit a follow-up.
+- \`COMMAND ERROR:\` — script failed. Diagnose and emit a corrected \`<shell_script>\` or explain in \`<final_answer>\`.
+- No prefix — direct user message; treat as the primary request.
 
-Do NOT use web tools proactively. Do NOT call them to look up documentation, error references, or general information you could infer from the machine output or your own knowledge. Your primary workflow is to generate shell scripts, wait for the terminal output, and reason from that output. Only reach for web tools when there is a clear, explicit instruction or a URL provided by the user.
+**Response format — every response must be exactly one of:**
+1. \`<shell_script>...</shell_script>\` — to run commands.
+2. A \`web_search\` or \`web_fetch\` tool call — to fetch web context (use native tool calling, not XML tags).
+3. \`<final_answer>...</final_answer>\` — when done.
 
-**User message tags:**
-User messages may be prefixed with special tags that indicate their origin:
-- \`TERMINAL OUTPUT:\` — the content is stdout/stderr returned from a previously requested \`<shell_script>\`. Parse it as machine output and use it to continue your reasoning toward a \`<final_answer>\` or a follow-up \`<shell_script>\`.
-- \`COMMAND ERROR:\` — the shell script failed or the terminal returned a non-zero exit code. Treat the content as error output: diagnose the failure, then either emit a corrected \`<shell_script>\` or explain the issue in a \`<final_answer>\`.
-- No prefix — the content is a direct message from the user; treat it as the primary request or question to address.
+No plain text, reasoning, or other tags outside these blocks. Never wrap in additional XML/JSON.
 
-**Interaction rules:**
-- When you need to execute ANY shell command, respond with a single \`<shell_script>\` block that contains the FULL script to run.
-- Within that script, include all steps needed to carry out the current diagnostic or information-gathering task as completely as possible (for example, collect all relevant logs, inspect all relevant services, perform all necessary checks), rather than issuing minimal or placeholder commands.
-- Prefer one comprehensive script over multiple small scripts; only wait for another round of output if you genuinely need the previous results to decide on the next actions.
-- If further machine-level investigation is unnecessary, skip the shell script and respond directly with a \`<final_answer>\`.
-- Every response MUST be exactly one of:
-  - A single \`<shell_script>...</shell_script>\` block, and nothing else; or
-  - A single \`<final_answer>...</final_answer>\` block, and nothing else.
-- Never send plain text or explanation outside of these tags. If you are not emitting a \`<shell_script>\`, you MUST emit a \`<final_answer>\`.
-- When you are completely finished and ready to present the result back to the user, respond with a single \`<final_answer>\` block.
-- Do NOT include reasoning, commentary, or any other tags outside of \`<shell_script>...</shell_script>\` or \`<final_answer>...</final_answer>\`.
-- Never wrap your entire response in other XML or JSON structures.
-
-**Shell script block structure:**
-Always emit exactly this structure when you want to run commands: ${!isWindows
-        ? `
-\`\`\`bash
+**Shell script structure:**
+${!isWindows
+        ? `\`\`\`bash
 <shell_script>
 #!/usr/bin/env bash
 set -euo pipefail
-# your commands here
+# commands here
 </shell_script>
-\`\`\`
-
-- Use a single, self-contained script per turn; do not send multiple \`<shell_script>\` blocks in one response.
-- Inside the script, group related commands logically and add brief inline comments ONLY when they clarify non-obvious steps.
-- Prefer safe, idempotent commands. Never ask for sudo.`
-        : windowsShellScriptInstructions}
-
-**Final answer block structure:**
-When you have gathered enough information and completed the requested work, respond once with:
+\`\`\``
+        : `\`\`\`
+<shell_script>
+# PowerShell commands here
+# Use cmdlets (Get-ChildItem, Select-Object, etc.), not cmd.exe/bash equivalents
+# No Run as Administrator
+</shell_script>
+\`\`\``}
 
+**Final answer structure:**
 \`\`\`
 <final_answer>
-...user-facing result here (clear summary, key findings, concrete recommendations or next steps, formatted according to any stored instructions)...
+...summary, key findings, and next steps formatted per stored instructions...
 </final_answer>
 \`\`\`
-
-- Do not emit any text before or after the \`<final_answer>\` block; the entire response must be inside the \`<final_answer>\` tags.
   `;
 }

package/backend-dist/agent/agentServer.js

@@ -49,6 +49,67 @@ const featureRoutes_1 = require("../featureRoutes");
 const authMiddleware_1 = require("../authMiddleware");
 const web_search_provider_1 = require("../web-search-provider");
 const ai_client_1 = require("../ai-client");
+async function runToolLoop(initialResult, session, sessionId, send, log, tools, onUsage) {
+    const MAX_TOOL_ITERATIONS = 10;
+    let toolIterations = 0;
+    let result = initialResult;
+    while (result.finish_reason === 'tool_calls' && toolIterations < MAX_TOOL_ITERATIONS) {
+        toolIterations++;
+        const toolCalls = result.tool_calls ?? [];
+        // If the model claims tool_calls but sent none, treat it as a normal text
+        // response — pushing an assistant message with no following tool results
+        // would leave the history ending with an assistant turn, causing a 400.
+        if (!toolCalls.length)
+            break;
+        session.history.push(result.assistantMessage);
+        log.info('Agent executing tool calls', {
+            sessionId,
+            turn: session.turns,
+            toolIteration: toolIterations,
+            tools: toolCalls.map((tc) => tc.name),
+        });
+        const toolResults = await Promise.all(toolCalls.map(async (tc) => {
+            const args = tc.arguments;
+            // Notify the frontend that a web tool call is about to execute.
+            const webCallContent = tc.name === 'web_search'
+                ? `Searching the web for: "${args.query ?? ''}"`
+                : `Fetching URL: ${args.url ?? ''}`;
+            send({
+                session_id: sessionId,
+                sender: 'agent',
+                content: webCallContent,
+                is_terminal_output: false,
+                is_error: false,
+                is_web_call: true,
+            });
+            const toolResult = await (0, web_search_provider_1.executeTool)(tc.name, args, log);
+            log.info('Tool call completed', {
+                sessionId,
+                tool: tc.name,
+                resultLength: toolResult.length,
+            });
+            return { id: tc.id, name: tc.name, result: toolResult };
+        }));
+        for (const { id, name, result: toolResult } of toolResults) {
+            session.history.push({
+                role: 'tool',
+                tool_call_id: id,
+                tool_name: name,
+                content: toolResult,
+            });
+        }
+        // Call the AI again with the tool results in history to get the next response.
+        result = await ai_client_1.aiClient.complete(aiModel, session.history, {
+            tools: tools.length ? tools : undefined,
+            temperature: 0.2,
+        });
+        await onUsage(result);
+    }
+    log.info('Finished reasoning and tool calls: ', {
+        reason: result.finish_reason,
+    });
+    return result;
+}
 function buildAvailableTools() {
     // web_search is always available — DuckDuckGo is used as free fallback
     return [web_search_provider_1.WEB_FETCH_TOOL, web_search_provider_1.WEB_SEARCH_TOOL];
@@ -64,14 +125,19 @@ async function getOrCreateSession(sessionId, subscription, platform, log) {
             subscriptionId: existing.subscription.id,
             turns: existing.turns,
         });
-        return existing;
+        return {
+            sessionState: existing,
+            hasStoredPrompt: existing.history
+                .filter((h) => h.role === 'user')
+                .some((h) => h.content.includes('<stored_instructions>')),
+        };
     }
-    const systemPrompt = (0, agentPrompts_1.getAgentPrompt)(platform);
     // use these instructions as user instructions
     const prompt = await (0, featureRoutes_1.getPromptForCommand)(log, 'task', subscription).catch((err) => {
         log.error('Failed to get system prompt for new agent session', { error: err });
         return '';
     });
+    const systemPrompt = (0, agentPrompts_1.getAgentPrompt)(platform, !!prompt);
     const entry = {
         subscription,
         history: [
@@ -102,7 +168,10 @@ ${prompt}
         subscriptionId: subscription.id,
         hasCustomPrompt: Boolean(prompt),
     });
-    return entry;
+    return {
+        sessionState: entry,
+        hasStoredPrompt: !!prompt,
+    };
 }
 async function authenticateFromAuthHeader(authHeader, log) {
     if (config_1.config.isSelfHosted) {
@@ -169,8 +238,11 @@ async function authenticateFromAuthHeader(authHeader, log) {
         return null;
     }
 }
+function createUserContent(content, hasStoredPrompt) {
+    return hasStoredPrompt ? content.replace(/@omniAgent/g, '').trim() : content;
+}
 async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
-    const session = await getOrCreateSession(sessionId, subscription, clientMessage.platform, log);
+    const { sessionState: session, hasStoredPrompt } = await getOrCreateSession(sessionId, subscription, clientMessage.platform, log);
     // Count this call as one agent iteration.
     session.turns += 1;
     log.info('Starting agent turn', {
@@ -204,10 +276,15 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
         rawContentLength: (clientMessage.content || '').length,
         userContentLength: userContent.length,
     });
-    session.history.push({
-        role: 'user',
-        content: userContent,
-    });
+    const isAssistance = isTerminalOutput || isErrorFlag;
+    if (!clientMessage?.is_web_call) {
+        session.history.push({
+            role: 'user',
+            content: isAssistance
+                ? userContent
+                : `<user_input>${createUserContent(userContent, hasStoredPrompt)}</user_input>`,
+        });
+    }
     // On the final turn we omit tools so the model is forced to emit a
     // plain text <final_answer> rather than issuing another tool call.
     const isFinalTurn = session.turns >= MAX_TURNS;
@@ -249,88 +326,8 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
             temperature: 0.2,
         });
         await recordUsage(result);
-        // Tool-call loop: execute any requested tools and feed results back
-        // until the model emits a non-tool-call response (or we hit the limit).
-        const MAX_TOOL_ITERATIONS = 10;
-        let toolIterations = 0;
-        while (result.finish_reason === 'tool_calls' && toolIterations < MAX_TOOL_ITERATIONS) {
-            toolIterations++;
-            const toolCalls = result.tool_calls ?? [];
-            // If the model claims tool_calls but sent none, treat it as a normal text
-            // response — pushing an assistant message with no following tool results
-            // would leave the history ending with an assistant turn, causing a 400.
-            if (!toolCalls.length)
-                break;
-            session.history.push(result.assistantMessage);
-            log.info('Agent executing tool calls', {
-                sessionId,
-                turn: session.turns,
-                toolIteration: toolIterations,
-                tools: toolCalls.map((tc) => tc.name),
-            });
-            const toolResults = await Promise.all(toolCalls.map(async (tc) => {
-                const args = tc.arguments;
-                // Notify the frontend that a web tool call is about to execute.
-                const webCallContent = tc.name === 'web_search'
-                    ? `Searching the web for: "${args.query ?? ''}"`
-                    : `Fetching URL: ${args.url ?? ''}`;
-                send({
-                    session_id: sessionId,
-                    sender: 'agent',
-                    content: webCallContent,
-                    is_terminal_output: false,
-                    is_error: false,
-                    is_web_call: true,
-                });
-                const toolResult = await (0, web_search_provider_1.executeTool)(tc.name, args, log);
-                log.info('Tool call completed', {
-                    sessionId,
-                    tool: tc.name,
-                    resultLength: toolResult.length,
-                });
-                return { id: tc.id, name: tc.name, result: toolResult };
-            }));
-            for (const { id, name, result: toolResult } of toolResults) {
-                session.history.push({
-                    role: 'tool',
-                    tool_call_id: id,
-                    tool_name: name,
-                    content: toolResult,
-                });
-            }
-            result = await ai_client_1.aiClient.complete(aiModel, session.history, {
-                tools: tools?.length ? tools : undefined,
-                temperature: 0.2,
-            });
-            await recordUsage(result);
-        }
-        log.info('Finished reasoning and tool calls: ', {
-            reason: result.finish_reason,
-        });
-        const content = result.content.trim();
-        // If the tool loop was exhausted while the model still wants more tool calls,
-        // the last result has empty content. Force one final no-tools call so the model
-        // must synthesize a text answer from everything gathered so far.
-        if (result.finish_reason === 'tool_calls' || !content) {
-            log.warn('Tool iteration limit reached with pending tool calls; forcing final text response', {
-                sessionId,
-                turn: session.turns,
-            });
-            // Do NOT push result.assistantMessage here — it contains tool_use blocks that
-            // require corresponding tool_result blocks (Anthropic API constraint). Since we
-            // are not executing those tool calls, just inject a plain user nudge so the model
-            // synthesizes a text answer from the history already accumulated.
-            session.history.push({
-                role: 'user',
-                content: 'You have reached the maximum number of tool calls. Based on all information gathered so far, please provide your best answer now.',
-            });
-            result = await ai_client_1.aiClient.complete(aiModel, session.history, {
-                tools: undefined,
-                temperature: 0.2,
-            });
-            await recordUsage(result);
-        }
-        if (!content) {
+        let content = result.content.trim();
+        if (!content && result.finish_reason !== 'tool_calls') {
             log.warn('Agent LLM returned empty content; sending generic error to client.');
             const errorMessage = 'The agent returned an empty response. Please try again.';
             sendFinalAnswer(send, sessionId, errorMessage, true);
@@ -339,6 +336,23 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
             sessionMessages.delete(sessionId);
             return;
         }
+        // If the model requested web tool calls, execute them and get a follow-up
+        // response before deciding what to send to the client.
+        if (!isFinalTurn && result.finish_reason === 'tool_calls') {
+            log.info('Running web tool calls to gather information', {
+                sessionId,
+                subscriptionId: subscription.id,
+                turn: session.turns,
+            });
+            result = await runToolLoop(result, session, sessionId, send, log, buildAvailableTools(), recordUsage);
+            content = result.content.trim();
+            if (!content) {
+                log.warn('Agent returned empty content after tool loop; sending generic error.');
+                sendFinalAnswer(send, sessionId, 'The agent returned an empty response. Please try again.', true);
+                sessionMessages.delete(sessionId);
+                return;
+            }
+        }
         // Ensure that a proper <final_answer> block is produced for the
         // desktop clients once we reach the final turn. If the model did
         // not emit either a <shell_script> or <final_answer> tag on the
@@ -347,50 +361,40 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
         // waiting and paste the result.
         const hasShellScriptTag = content.includes('<shell_script>');
         const hasFinalAnswerTag = content.includes('<final_answer>');
-        log.info('Agent LLM raw response summary', {
-            sessionId,
-            turn: session.turns,
-            rawContentLength: content.length,
-            hasShellScriptTag,
-            hasFinalAnswerTag,
-        });
-        const normalizedContent = !hasShellScriptTag && !hasFinalAnswerTag && session.turns >= MAX_TURNS
-            ? `<final_answer>\n${content}\n</final_answer>`
-            : content;
-        log.info('Agent LLM normalized response summary', {
-            sessionId,
-            turn: session.turns,
-            normalizedContentLength: normalizedContent.length,
-        });
-        // Record assistant message back into history for future turns.
-        session.history.push({
-            role: 'assistant',
-            content: normalizedContent,
-        });
-        send({
-            session_id: sessionId,
-            sender: 'agent',
-            content: normalizedContent,
-            is_terminal_output: false,
-            is_error: false,
-        });
-        // After the MAX_TURNS iteration or if a final answer tag is present, treat this as the final answer
-        // and clear the session from memory while marking it completed.
-        if (session.turns >= MAX_TURNS || hasFinalAnswerTag) {
+        if (hasShellScriptTag && !isFinalTurn) {
+            log.info('Completed agent turn. Sending back scripts, waiting for results.', {
+                sessionId,
+                subscriptionId: subscription.id,
+                turn: session.turns,
+                responseLength: result.content.length,
+            });
+            session.history.push({
+                role: 'assistant',
+                content,
+            });
+            send({
+                session_id: sessionId,
+                sender: 'agent',
+                content,
+                is_terminal_output: false,
+                is_error: false,
+            });
+            return;
+        }
+        if (isFinalTurn || hasFinalAnswerTag) {
             log.info('Finalizing agent session after max turns or final answer tag', {
                 sessionId,
                 subscriptionId: subscription.id,
                 turns: session.turns,
                 hasFinalAnswerTag,
             });
+            send({
+                session_id: sessionId,
+                sender: 'agent',
+                content: hasFinalAnswerTag ? content : `<final_answer>\n${content}\n</final_answer>`,
+            });
             sessionMessages.delete(sessionId);
         }
-        log.info('Completed agent turn', {
-            sessionId,
-            subscriptionId: subscription.id,
-            turn: session.turns,
-            responseLength: normalizedContent.length,
-        });
     }
     catch (err) {
         log.error('Agent LLM call failed', { error: err });