omnikey-cli 1.0.42 → 1.1.0

package/backend-dist/agent/agentServer.js

@@ -40,6 +40,7 @@ exports.runAgentTurn = runAgentTurn;
 exports.attachAgentWebSocketServer = attachAgentWebSocketServer;
 exports.createAgentRouter = createAgentRouter;
 const express_1 = __importDefault(require("express"));
+const sequelize_1 = require("sequelize");
 const ws_1 = __importStar(require("ws"));
 const cuid_1 = __importDefault(require("cuid"));
 const config_1 = require("../config");
@@ -56,6 +57,7 @@ const agentAuth_1 = require("./agentAuth");
 const authMiddleware_1 = require("../authMiddleware");
 const imageTool_1 = require("./imageTool");
 const utils_1 = require("./utils");
+const sessionGrouping_1 = require("./sessionGrouping");
 const ai_client_1 = require("../ai-client");
 async function runToolLoop(initialResult, session, sessionId, send, log, tools, mcpDispatch, onUsage) {
     const MAX_TOOL_ITERATIONS = 10;
@@ -191,6 +193,7 @@ async function runToolLoop(initialResult, session, sessionId, send, log, tools,
     return result;
 }
 const aiModel = (0, ai_client_1.getDefaultModel)(config_1.config.aiProvider, 'smart');
+const contextWindowSize = (0, ai_client_1.getContextWindowSize)(config_1.config.aiProvider);
 // ─── DB helpers ───────────────────────────────────────────────────────────────
 async function persistSessionToDB(sessionId, state) {
     try {
@@ -363,6 +366,27 @@ async function runAgentTurnInternal(sessionId, subscription, clientMessage, send
     if (isErrorFlag) {
         userContent = `COMMAND ERROR:\n${userContent}`;
     }
+    // If the client specified a group_name, look up the stored description
+    // and prepend it as a <project_context> block. The frontend never sends
+    // the description itself — the server is the single source of truth.
+    if (clientMessage.group_name && !isTerminalOutput && !isErrorFlag && !clientMessage.is_web_call) {
+        try {
+            const groupRow = await agentSession_1.AgentSession.findOne({
+                where: {
+                    subscriptionId: subscription.id,
+                    groupName: clientMessage.group_name,
+                    groupDescription: { [sequelize_1.Op.not]: null },
+                },
+                attributes: ['groupName', 'groupDescription'],
+            });
+            if (groupRow?.groupDescription) {
+                userContent = `<project_context name="${groupRow.groupName}">\n${groupRow.groupDescription}\n</project_context>\n\n${userContent}`;
+            }
+        }
+        catch (err) {
+            log.warn('Failed to fetch group description for context injection', { error: err });
+        }
+    }
     log.info('Agent turn received client message', {
         sessionId,
         isTerminalOutput,
@@ -413,6 +437,9 @@ async function runAgentTurnInternal(sessionId, subscription, clientMessage, send
                 completionTokensUsed: usage.completion_tokens,
                 totalTokensUsed: usage.total_tokens,
             }, { where: { id: sessionId } });
+            // Track the most recent prompt size so the UI can show accurate
+            // "tokens remaining" without the cumulative-sum skew of promptTokensUsed.
+            await agentSession_1.AgentSession.update({ lastPromptTokens: usage.prompt_tokens }, { where: { id: sessionId } });
         }
         catch (err) {
             log.error('Failed to update agent session token usage', { sessionId, error: err });
@@ -569,6 +596,7 @@ async function runAgentTurnInternal(sessionId, subscription, clientMessage, send
                 sender: 'agent',
                 content: hasFinalAnswerTag ? content : `<final_answer>\n${content}\n</final_answer>`,
             });
+            void (0, sessionGrouping_1.updateSessionGroup)(sessionId, subscription.id);
         }
         else if (content) {
             // Fallback: the LLM returned content without any recognized tag and it
@@ -587,6 +615,7 @@ async function runAgentTurnInternal(sessionId, subscription, clientMessage, send
                 sender: 'agent',
                 content: `<final_answer>\n${content}\n</final_answer>`,
             });
+            void (0, sessionGrouping_1.updateSessionGroup)(sessionId, subscription.id);
         }
         else {
             log.warn('Agent returned empty content with no recognized tags; sending error', {
@@ -691,6 +720,7 @@ function cleanUserTranscriptText(text) {
     return text
         .replace(/<user_input>([\s\S]*?)<\/user_input>/gi, '$1')
         .replace(/<stored_instructions>[\s\S]*?<\/stored_instructions>/gi, '')
+        .replace(/<project_context[^>]*>[\s\S]*?<\/project_context>/gi, '')
         .replace(/@omniagent/gi, '')
         .trim();
 }
@@ -850,6 +880,9 @@ function createAgentRouter() {
                     'totalTokensUsed',
                     'promptTokensUsed',
                     'completionTokensUsed',
+                    'lastPromptTokens',
+                    'groupName',
+                    'groupDescription',
                     'lastActiveAt',
                     'createdAt',
                     'updatedAt',
@@ -863,8 +896,10 @@ function createAgentRouter() {
                 totalTokensUsed: Number(s.totalTokensUsed),
                 promptTokensUsed: Number(s.promptTokensUsed),
                 completionTokensUsed: Number(s.completionTokensUsed),
-                remainingContextTokens: Math.max(0, utils_1.MAX_HISTORY_TOTAL - Number(s.totalTokensUsed)),
-                contextBudget: utils_1.MAX_HISTORY_TOTAL,
+                remainingContextTokens: Math.max(0, contextWindowSize - Number(s.lastPromptTokens)),
+                contextBudget: contextWindowSize,
+                groupName: s.groupName ?? null,
+                groupDescription: s.groupDescription ?? null,
                 lastActiveAt: s.lastActiveAt,
                 createdAt: s.createdAt,
                 updatedAt: s.updatedAt,
@@ -919,6 +954,7 @@ function createAgentRouter() {
                     'totalTokensUsed',
                     'promptTokensUsed',
                     'completionTokensUsed',
+                    'lastPromptTokens',
                     'lastActiveAt',
                 ],
             });
@@ -933,8 +969,8 @@ function createAgentRouter() {
                 totalTokensUsed: Number(session.totalTokensUsed),
                 promptTokensUsed: Number(session.promptTokensUsed),
                 completionTokensUsed: Number(session.completionTokensUsed),
-                remainingContextTokens: Math.max(0, utils_1.MAX_HISTORY_TOTAL - Number(session.totalTokensUsed)),
-                contextBudget: utils_1.MAX_HISTORY_TOTAL,
+                remainingContextTokens: Math.max(0, contextWindowSize - Number(session.lastPromptTokens)),
+                contextBudget: contextWindowSize,
                 lastActiveAt: session.lastActiveAt,
             });
         }
@@ -973,5 +1009,34 @@ function createAgentRouter() {
             res.status(500).json({ error: 'Internal server error' });
         }
     });
+    // GET /api/agent/groups
+    // Returns distinct group names and descriptions for the authenticated
+    // subscription. The client uses this to populate the project-path dropdown
+    // and to filter the sidebar session list by project.
+    router.get('/groups', async (_req, res) => {
+        const { subscription, logger: log } = res.locals;
+        try {
+            const rows = await agentSession_1.AgentSession.findAll({
+                where: {
+                    subscriptionId: subscription.id,
+                    groupName: { [sequelize_1.Op.not]: null },
+                },
+                attributes: ['groupName', 'groupDescription'],
+                group: ['group_name'],
+                order: [['groupName', 'ASC']],
+            });
+            const groups = rows
+                .filter((r) => r.groupName)
+                .map((r) => ({
+                groupName: r.groupName,
+                groupDescription: r.groupDescription ?? null,
+            }));
+            res.json({ groups });
+        }
+        catch (err) {
+            log.error('Failed to fetch session groups', { error: err });
+            res.status(500).json({ error: 'Internal server error' });
+        }
+    });
     return router;
 }

package/backend-dist/agent/mcpRuntime.js

@@ -5,12 +5,20 @@
 // exposes their tools to the agent as `AITool` entries. The agent's tool
 // dispatcher routes any tool call whose name starts with `MCP_TOOL_PREFIX`
 // back here so it is forwarded to the originating MCP server.
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.MCP_TOOL_PREFIX = void 0;
+exports.resolveLoginShell = resolveLoginShell;
+exports.wrapWithLoginShell = wrapWithLoginShell;
+exports.buildStdioChildEnv = buildStdioChildEnv;
 exports.getMcpToolsForSubscription = getMcpToolsForSubscription;
 exports.executeMcpTool = executeMcpTool;
 exports.invalidateMcpRuntimeForServer = invalidateMcpRuntimeForServer;
 exports.shutdownAllMcpClients = shutdownAllMcpClients;
+const fs_1 = require("fs");
+const path_1 = __importDefault(require("path"));
 const index_js_1 = require("@modelcontextprotocol/sdk/client/index.js");
 const stdio_js_1 = require("@modelcontextprotocol/sdk/client/stdio.js");
 const sse_js_1 = require("@modelcontextprotocol/sdk/client/sse.js");
@@ -20,6 +28,130 @@ const mcpServer_1 = require("../models/mcpServer");
 exports.MCP_TOOL_PREFIX = 'mcp_';
 const MAX_TOOL_NAME_LEN = 64;
 const CONNECT_TIMEOUT_MS = 15000;
+const STDIO_STDERR_MAX_BYTES = 16 * 1024;
+const STDIO_STDERR_DRAIN_MS = 2000;
+// Ordered candidate list for resolving the user's login shell on Unix/macOS,
+// mirroring the resolvedLoginShell() logic in the macOS terminal launch path.
+// The SHELL environment variable is checked first at call-time (not here).
+const UNIX_SHELL_CANDIDATES = [
+    // zsh — default on macOS Catalina+
+    '/bin/zsh',
+    '/usr/bin/zsh',
+    '/usr/local/bin/zsh', // Homebrew (Intel)
+    '/opt/homebrew/bin/zsh', // Homebrew (Apple Silicon)
+    // bash — default on older macOS / most Linux distros
+    '/bin/bash',
+    '/usr/bin/bash',
+    '/usr/local/bin/bash',
+    '/opt/homebrew/bin/bash',
+    // fish — popular third-party shell
+    '/usr/local/bin/fish',
+    '/opt/homebrew/bin/fish',
+    '/usr/bin/fish',
+    // ksh — KornShell, common on Linux
+    '/bin/ksh',
+    '/usr/bin/ksh',
+    '/usr/local/bin/ksh',
+    // tcsh — legacy, still present on some macOS/BSD systems
+    '/bin/tcsh',
+    '/usr/bin/tcsh',
+    // sh — POSIX fallback, always present
+    '/bin/sh',
+    '/usr/bin/sh',
+];
+// Ordered candidate list for Windows shells. COMSPEC is checked first at call-time.
+const WINDOWS_SHELL_CANDIDATES = [
+    // PowerShell Core (7+) — preferred for modern Windows
+    'C:\\Program Files\\PowerShell\\7\\pwsh.exe',
+    'C:\\Program Files\\PowerShell\\6\\pwsh.exe',
+    // Windows PowerShell — built-in on all Windows versions
+    'C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe',
+    // cmd.exe — last resort
+    'C:\\Windows\\System32\\cmd.exe',
+    'C:\\Windows\\cmd.exe',
+];
+// Homebrew / system binary directories to prepend on Unix when the daemon's
+// inherited PATH is bare (e.g. launched by launchctl). This is a belt-and-
+// suspenders fallback; running through a login shell already handles this.
+const UNIX_EXTRA_PATH_ENTRIES = [
+    '/opt/homebrew/bin',
+    '/opt/homebrew/sbin',
+    '/usr/local/bin',
+    '/usr/local/sbin',
+];
+// Common Windows binary directories to prepend when PATHEXT / system dirs are
+// missing from the inherited PATH.
+const WINDOWS_EXTRA_PATH_ENTRIES = [
+    'C:\\Windows\\System32',
+    'C:\\Windows',
+    'C:\\Windows\\System32\\Wbem',
+    'C:\\Windows\\System32\\WindowsPowerShell\\v1.0',
+    // Scoop (user-level package manager)
+    `${process.env.USERPROFILE ?? 'C:\\Users\\Default'}\\scoop\\shims`,
+    // Node.js user-level installer
+    `${process.env.APPDATA ?? 'C:\\Users\\Default\\AppData\\Roaming'}\\npm`,
+];
+function isExecutable(filePath) {
+    try {
+        (0, fs_1.accessSync)(filePath, fs_1.constants.X_OK);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Resolve the login shell to use when wrapping stdio MCP child processes.
+ * On Unix/macOS mirrors the resolvedLoginShell() logic from the macOS terminal
+ * launch path: check $SHELL first, then walk a fixed candidate list.
+ * On Windows: check %COMSPEC%, then prefer PowerShell Core > Windows PowerShell > cmd.
+ */
+function resolveLoginShell() {
+    if (process.platform === 'win32') {
+        const comspec = process.env.COMSPEC ?? '';
+        if (comspec && (0, fs_1.existsSync)(comspec))
+            return comspec;
+        for (const candidate of WINDOWS_SHELL_CANDIDATES) {
+            if ((0, fs_1.existsSync)(candidate))
+                return candidate;
+        }
+        return 'cmd.exe';
+    }
+    const envShell = process.env.SHELL ?? '';
+    const candidates = envShell ? [envShell, ...UNIX_SHELL_CANDIDATES] : [...UNIX_SHELL_CANDIDATES];
+    for (const candidate of candidates) {
+        if (candidate && (0, fs_1.existsSync)(candidate) && isExecutable(candidate))
+            return candidate;
+    }
+    return '/bin/sh';
+}
+/** Single-quote a Unix shell argument, safely escaping embedded single quotes. */
+function shellEscapeUnix(arg) {
+    return `'${arg.replace(/'/g, `'\\''`)}'`;
+}
+/**
+ * Wrap `command args` so it is executed through the resolved login shell.
+ *
+ * On Unix: `shell -l -c 'command args...'`
+ *   `-l` sources the login profile (.zprofile, .bash_profile, etc.) so the
+ *   child inherits the same PATH as an interactive terminal session.
+ *
+ * On Windows (powershell / pwsh): `shell -NoProfile -Command "command args..."`
+ * On Windows (cmd):               `shell /c "command args..."`
+ */
+function wrapWithLoginShell(shell, command, args) {
+    if (process.platform === 'win32') {
+        const shellName = path_1.default.basename(shell).toLowerCase();
+        const cmdStr = [command, ...args].join(' ');
+        if (shellName === 'pwsh.exe' || shellName === 'powershell.exe') {
+            return { command: shell, args: ['-NoProfile', '-Command', cmdStr] };
+        }
+        // cmd.exe — /c runs the rest of the line as a command
+        return { command: shell, args: ['/c', cmdStr] };
+    }
+    const fullCmd = [command, ...args].map(shellEscapeUnix).join(' ');
+    return { command: shell, args: ['-l', '-c', fullCmd] };
+}
 const clients = new Map(); // by MCPServer.id
 function slug(s) {
     return s
@@ -38,7 +170,54 @@ function isStdioAllowed() {
     // outbound HTTP/SSE transports are permitted.
     return config_1.config.isSelfHosted === true || config_1.config.isLocal === true;
 }
+/**
+ * Build the environment for a spawned stdio MCP child process.
+ *
+ * Starts from the parent `process.env`, then prepends the standard
+ * Homebrew / `/usr/local` binary directories (Unix) or common Windows system
+ * directories to PATH, preserving the existing PATH after them and never
+ * duplicating entries already present. This is a belt-and-suspenders measure
+ * on top of the login-shell wrapping: the shell's `-l` flag sources the login
+ * profile, but augmenting PATH here also helps when the shell is not found.
+ * User-supplied `serverEnv` is overlaid last so an explicit PATH wins.
+ * The result is a strict `Record<string, string>` with any `undefined`
+ * values stripped out (process.env can legally contain those).
+ */
+function buildStdioChildEnv(serverEnv) {
+    const base = {};
+    for (const [k, v] of Object.entries(process.env)) {
+        if (typeof v === 'string')
+            base[k] = v;
+    }
+    if (process.platform === 'win32') {
+        // On Windows, PATH lookup is case-insensitive; normalize to the 'Path' key
+        // that Node uses, then prepend common system directories.
+        const pathKey = Object.keys(base).find((k) => k.toLowerCase() === 'path') ?? 'Path';
+        const currentPath = base[pathKey] ?? '';
+        const existing = currentPath.split(';').filter((p) => p.length > 0);
+        const existingSet = new Set(existing.map((p) => p.toLowerCase()));
+        const toPrepend = WINDOWS_EXTRA_PATH_ENTRIES.filter((p) => !existingSet.has(p.toLowerCase()));
+        base[pathKey] = [...toPrepend, ...existing].join(';');
+    }
+    else {
+        const currentPath = base.PATH ?? '';
+        const existing = currentPath.split(':').filter((p) => p.length > 0);
+        const existingSet = new Set(existing);
+        const toPrepend = UNIX_EXTRA_PATH_ENTRIES.filter((p) => !existingSet.has(p));
+        base.PATH = [...toPrepend, ...existing].join(':');
+    }
+    if (serverEnv) {
+        for (const [k, v] of Object.entries(serverEnv)) {
+            if (typeof v === 'string')
+                base[k] = v;
+        }
+    }
+    return base;
+}
 async function connectOne(server, log) {
+    // Hoisted so the catch block can drain transport.stderr for diagnostics.
+    let stdioTransport;
+    let stderrBuffer = '';
     try {
         if (server.transport === 'stdio' && !isStdioAllowed()) {
             throw new Error('stdio MCP transport is disabled in this deployment.');
@@ -47,14 +226,39 @@ async function connectOne(server, log) {
         if (server.transport === 'stdio') {
             if (!server.command)
                 throw new Error('command is required for stdio transport');
-            const transport = new stdio_js_1.StdioClientTransport({
+            const childEnv = buildStdioChildEnv(server.env);
+            // Wrap through the login shell so the child process inherits the same
+            // PATH as an interactive terminal session (sources .zprofile, .bash_profile,
+            // etc.). This is equivalent to how macOS Terminal launches a new window.
+            const loginShell = resolveLoginShell();
+            const { command: wrappedCmd, args: wrappedArgs } = wrapWithLoginShell(loginShell, server.command, server.args ?? []);
+            log.info('Spawning stdio MCP server', {
+                mcpServerId: server.id,
+                mcpServerName: server.name,
                 command: server.command,
                 args: server.args ?? [],
-                // Pass-through the user-provided env in addition to a safe default set.
-                env: { ...process.env, ...(server.env ?? {}) },
+                loginShell,
+                wrappedCommand: wrappedCmd,
+                wrappedArgs,
+                path: childEnv.PATH,
+            });
+            stdioTransport = new stdio_js_1.StdioClientTransport({
+                command: wrappedCmd,
+                args: wrappedArgs,
+                env: childEnv,
                 stderr: 'pipe',
             });
-            await withTimeout(client.connect(transport), CONNECT_TIMEOUT_MS, 'MCP stdio connect');
+            // Attach the stderr listener eagerly: the child can fail (e.g. `env: node:
+            // No such file or directory`) and close the stream before our catch block
+            // runs, so we have to start buffering before we await client.connect().
+            stdioTransport.stderr?.on('data', (chunk) => {
+                if (stderrBuffer.length >= STDIO_STDERR_MAX_BYTES)
+                    return;
+                const text = typeof chunk === 'string' ? chunk : chunk.toString('utf8');
+                const remaining = STDIO_STDERR_MAX_BYTES - stderrBuffer.length;
+                stderrBuffer += text.length > remaining ? text.slice(0, remaining) : text;
+            });
+            await withTimeout(client.connect(stdioTransport), CONNECT_TIMEOUT_MS, 'MCP stdio connect');
         }
         else if (server.transport === 'http') {
             if (!server.url)
@@ -89,16 +293,47 @@ async function connectOne(server, log) {
     }
     catch (err) {
         const message = err instanceof Error ? err.message : String(err);
+        let childStderr;
+        if (server.transport === 'stdio' && stdioTransport) {
+            childStderr = await drainStdioStderr(stdioTransport, () => stderrBuffer);
+        }
         log.warn('Failed to connect to MCP server', {
             mcpServerId: server.id,
             mcpServerName: server.name,
             transport: server.transport,
             error: message,
+            ...(childStderr !== undefined ? { childStderr } : {}),
         });
         await mcpServer_1.MCPServer.update({ lastError: message }, { where: { id: server.id } }).catch(() => undefined);
         return null;
     }
 }
+/**
+ * Return the buffered stderr from a failed stdio transport. Waits up to
+ * STDIO_STDERR_DRAIN_MS for the stream to emit any final chunks (the child
+ * process may still be flushing its stderr when we land in the catch block).
+ */
+async function drainStdioStderr(transport, read) {
+    const stderr = transport.stderr;
+    if (!stderr)
+        return read().trim();
+    await new Promise((resolve) => {
+        let settled = false;
+        const finish = () => {
+            if (settled)
+                return;
+            settled = true;
+            clearTimeout(timer);
+            stderr.removeListener('end', finish);
+            stderr.removeListener('close', finish);
+            resolve();
+        };
+        const timer = setTimeout(finish, STDIO_STDERR_DRAIN_MS);
+        stderr.once('end', finish);
+        stderr.once('close', finish);
+    });
+    return read().trim();
+}
 async function getOrConnect(server, log) {
     const cached = clients.get(server.id);
     if (cached)

package/backend-dist/agent/sessionGrouping.js

@@ -0,0 +1,296 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.updateSessionGroup = updateSessionGroup;
+exports.refreshAllSessionGroups = refreshAllSessionGroups;
+exports.startGroupingCronJob = startGroupingCronJob;
+const sequelize_1 = require("sequelize");
+const zod_1 = require("zod");
+const agentSession_1 = require("../models/agentSession");
+const subscription_1 = require("../models/subscription");
+const ai_client_1 = require("../ai-client");
+const config_1 = require("../config");
+const logger_1 = require("../logger");
+const aiModel = (0, ai_client_1.getDefaultModel)(config_1.config.aiProvider, 'fast');
+// ---------------------------------------------------------------------------
+// Extract user_input text from persisted session history
+// ---------------------------------------------------------------------------
+function extractUserInputs(historyJson) {
+    try {
+        const history = JSON.parse(historyJson);
+        const inputs = [];
+        for (const msg of history) {
+            if (msg.role !== 'user')
+                continue;
+            const raw = typeof msg.content === 'string' ? msg.content : '';
+            if (!raw)
+                continue;
+            // Skip injected feedback/control messages
+            if (raw.startsWith('TERMINAL OUTPUT:'))
+                continue;
+            if (raw.startsWith('COMMAND ERROR:'))
+                continue;
+            if (raw.startsWith('Web research is complete'))
+                continue;
+            if (raw.startsWith('IMPORTANT: The web search tool failed'))
+                continue;
+            if (raw.startsWith('Content was truncated'))
+                continue;
+            if (raw.includes('<stored_instructions>'))
+                continue;
+            // Extract the inner text from <user_input> wrapper if present
+            const match = /<user_input>([\s\S]*?)<\/user_input>/i.exec(raw);
+            const text = match ? match[1].trim() : raw.trim();
+            const cleaned = text.replace(/@omniagent\s*/gi, '').trim();
+            if (cleaned.length > 5) {
+                inputs.push(cleaned.slice(0, 400));
+            }
+        }
+        return inputs.slice(0, 8);
+    }
+    catch {
+        return [];
+    }
+}
+// ---------------------------------------------------------------------------
+// Extract the deepest meaningful project root from absolute paths in text.
+// Strategy: find all /abs/path segments, resolve the most commonly referenced
+// root (stops at depth 4 from /, so ~/projects/foo/src/bar → ~/projects/foo).
+// ---------------------------------------------------------------------------
+function extractProjectPath(texts) {
+    const combined = texts.join(' ');
+    // Match absolute paths (Unix) — capture up to 5 path segments
+    const pathRe = /(\/(?:[^\s/<>"'`]+\/){1,5}[^\s/<>"'`]*)/g;
+    const matches = Array.from(combined.matchAll(pathRe), (m) => m[1]);
+    if (!matches.length)
+        return null;
+    // Score candidate roots by frequency: walk up each path up to depth 5
+    // counting how many times each ancestor appears across all matches.
+    const score = new Map();
+    for (const p of matches) {
+        const parts = p.split('/').filter(Boolean);
+        // Build ancestors from depth 2 up to depth 5 (skip / and single-segment)
+        for (let depth = 2; depth <= Math.min(5, parts.length); depth++) {
+            const candidate = '/' + parts.slice(0, depth).join('/');
+            score.set(candidate, (score.get(candidate) ?? 0) + 1);
+        }
+    }
+    // Prefer the deepest path that still has a frequency >= half the top score
+    const entries = Array.from(score.entries()).sort((a, b) => b[1] - a[1]);
+    if (!entries.length)
+        return null;
+    const topScore = entries[0][1];
+    const threshold = Math.max(1, Math.floor(topScore / 2));
+    // Among candidates meeting the threshold, pick the deepest (most segments)
+    const qualified = entries
+        .filter(([, s]) => s >= threshold)
+        .sort((a, b) => b[0].split('/').length - a[0].split('/').length);
+    return qualified[0]?.[0] ?? null;
+}
+// ---------------------------------------------------------------------------
+// Build a deterministic 3-4 sentence description from the project path.
+// Used as a fallback when the LLM does not return a usable description.
+// When a project path is available it is included verbatim so downstream
+// agent prompts can rely on it as the project root.
+// ---------------------------------------------------------------------------
+function buildDescription(projectPath, groupName) {
+    if (!projectPath) {
+        return [
+            `You are working on the ${groupName} project.`,
+            `This group collects sessions related to ${groupName}.`,
+            `No specific file path has been associated with this group yet.`,
+            `Use this context to keep responses focused on the ${groupName} topic.`,
+        ].join(' ');
+    }
+    const projectName = projectPath.split('/').filter(Boolean).pop() ?? groupName;
+    return [
+        `You are working in ${projectPath} — the ${projectName} project.`,
+        `This group collects sessions related to the ${projectName} codebase.`,
+        `Treat ${projectPath} as the project root when interpreting file references and commands.`,
+        `Keep responses scoped to this project's structure and conventions.`,
+    ].join(' ');
+}
+async function classifyGroup(userInputs, existingGroups) {
+    if (!userInputs.length)
+        return null;
+    const existingText = existingGroups.length
+        ? existingGroups.map((g) => `- "${g.groupName}"`).join('\n')
+        : 'None.';
+    const prompt = `Analyze these chat messages and assign a project group.
+
+Messages:
+${userInputs.map((m, i) => `${i + 1}. ${m}`).join('\n')}
+
+Existing groups:
+${existingText}
+
+Rules:
+1. Look for file system paths, repository names, or project names in the messages.
+2. Identify the root project — if "/Users/john/projects/my-app/src/file.ts" appears, the group is "my-app".
+3. If an existing group clearly matches, return its EXACT name.
+4. Otherwise create a concise group name: 2-4 words, Title Case (e.g. "OmniKey AI", "Music Video Editor", "Client Website").
+5. ALWAYS write a 3-4 sentence description (roughly 3-4 lines, 250-500 characters) that explains:
+   - what the project / group is about,
+   - the kind of work that happens in these sessions,
+   - any relevant tech stack, repo, or domain hints inferred from the messages,
+   - and the absolute file path of the project root when one is present in the messages.
+   If a file path is found, you MUST include the exact absolute path verbatim in the description (e.g. "Project root: /Users/john/projects/my-app."). Start the description with "You are working in <path> — the <project-name> project." when a path is available, otherwise start with "You are working on the <project-name> project.". Do not use markdown, bullet points, or newlines — keep it as a single paragraph.
+6. If no paths exist and the session is purely general/conversational, use group name "General" and still produce a 3-4 sentence description summarizing the recurring topic.
+
+Respond with ONLY valid JSON, no markdown:
+{"groupName":"...","groupDescription":"..."}`;
+    try {
+        const result = await ai_client_1.aiClient.complete(aiModel, [
+            {
+                role: 'system',
+                content: 'You are a session categorization assistant. Respond only with the requested JSON object, no extra text.',
+            },
+            { role: 'user', content: prompt },
+        ], { temperature: 0 });
+        const raw = result.content
+            .trim()
+            .replace(/^```(?:json)?\n?/, '')
+            .replace(/\n?```$/, '')
+            .trim();
+        const parsed = JSON.parse(raw);
+        const response = zod_1.z
+            .object({ groupName: zod_1.z.string(), groupDescription: zod_1.z.string() })
+            .parse(parsed);
+        const groupName = response.groupName.trim().slice(0, 100);
+        if (!groupName)
+            return null;
+        // If this matches an existing group, always reuse the stored description.
+        const existingMatch = existingGroups.find((g) => g.groupName.toLowerCase() === groupName.toLowerCase());
+        if (existingMatch) {
+            const groupDescription = existingMatch.groupDescription ??
+                buildDescription(extractProjectPath(userInputs), groupName);
+            return { groupName: existingMatch.groupName, groupDescription };
+        }
+        // New group: prefer the LLM description but fall back to the deterministic builder.
+        // Description is now a 3-4 sentence paragraph (no newlines, capped at 1000 chars
+        // to leave headroom over the ~500 char target while still bounding storage).
+        const rawDesc = response.groupDescription.trim();
+        const projectPath = extractProjectPath(userInputs);
+        let groupDescription = (rawDesc || buildDescription(projectPath, groupName))
+            .replace(/\s*\n+\s*/g, ' ')
+            .replace(/\s{2,}/g, ' ')
+            .trim();
+        // Safety net: if the LLM ignored the rule and a path exists in the messages
+        // but is missing from the description, append it so the contract holds.
+        if (projectPath && !groupDescription.includes(projectPath)) {
+            groupDescription = `${groupDescription} Project root: ${projectPath}.`.trim();
+        }
+        groupDescription = groupDescription.slice(0, 1000);
+        return { groupName, groupDescription };
+    }
+    catch (err) {
+        logger_1.logger.warn('Session group classification failed', { error: err });
+        return null;
+    }
+}
+// ---------------------------------------------------------------------------
+// Public: update one session's group
+// ---------------------------------------------------------------------------
+async function updateSessionGroup(sessionId, subscriptionId) {
+    try {
+        const session = await agentSession_1.AgentSession.findOne({
+            where: { id: sessionId, subscriptionId },
+            attributes: ['id', 'historyJson'],
+        });
+        if (!session)
+            return;
+        const inputs = extractUserInputs(session.historyJson);
+        if (!inputs.length)
+            return;
+        // Fetch existing distinct groups (by name) to encourage reuse
+        const rows = await agentSession_1.AgentSession.findAll({
+            where: {
+                subscriptionId,
+                groupName: { [sequelize_1.Op.not]: null },
+                id: { [sequelize_1.Op.ne]: sessionId },
+            },
+            attributes: ['groupName', 'groupDescription'],
+            group: ['group_name'],
+            limit: 50,
+        });
+        const existingGroups = rows
+            .filter((s) => s.groupName)
+            .map((s) => ({
+            groupName: s.groupName,
+            groupDescription: s.groupDescription ?? null,
+        }));
+        const result = await classifyGroup(inputs, existingGroups);
+        if (!result)
+            return;
+        await agentSession_1.AgentSession.update({ groupName: result.groupName, groupDescription: result.groupDescription }, { where: { id: sessionId } });
+        logger_1.logger.info('Session group updated', { sessionId, groupName: result.groupName });
+    }
+    catch (err) {
+        logger_1.logger.error('Failed to update session group', { sessionId, error: err });
+    }
+}
+// ---------------------------------------------------------------------------
+// Public: refresh all sessions for a subscription (used by cron)
+// ---------------------------------------------------------------------------
+async function refreshAllSessionGroups(subscriptionId) {
+    try {
+        const sessions = await agentSession_1.AgentSession.findAll({
+            where: { subscriptionId },
+            order: [['last_active_at', 'DESC']],
+            limit: 50,
+            attributes: ['id', 'historyJson'],
+        });
+        logger_1.logger.info('Refreshing session groups', {
+            subscriptionId,
+            count: sessions.length,
+        });
+        for (const session of sessions) {
+            await updateSessionGroup(session.id, subscriptionId);
+        }
+    }
+    catch (err) {
+        logger_1.logger.error('Failed to refresh session groups for subscription', {
+            subscriptionId,
+            error: err,
+        });
+    }
+}
+// ---------------------------------------------------------------------------
+// Cron: run every 6 hours across all subscriptions
+// ---------------------------------------------------------------------------
+function startGroupingCronJob() {
+    const SIX_HOURS_MS = 6 * 60 * 60 * 1000;
+    const tick = async () => {
+        try {
+            const subscriptions = await subscription_1.Subscription.findAll({ attributes: ['id'] });
+            logger_1.logger.info('Running session grouping cron', {
+                subscriptionCount: subscriptions.length,
+            });
+            for (const sub of subscriptions) {
+                await refreshAllSessionGroups(sub.id);
+            }
+        }
+        catch (err) {
+            logger_1.logger.error('Session grouping cron failed', { error: err });
+        }
+    };
+    setInterval(() => void tick(), SIX_HOURS_MS);
+    logger_1.logger.info('Session grouping cron started (6h interval)');
+    // If no session has a group yet (e.g. first startup after the feature was
+    // added, or a fresh self-hosted install with existing sessions), run the
+    // full backfill immediately rather than waiting 6 hours.
+    void (async () => {
+        try {
+            const ungrouped = await agentSession_1.AgentSession.count({ where: { groupName: null } });
+            const grouped = await agentSession_1.AgentSession.count({ where: { groupName: { [sequelize_1.Op.not]: null } } });
+            if (ungrouped > 0 && grouped === 0) {
+                logger_1.logger.info('No sessions have a group yet — running initial grouping backfill', {
+                    sessionCount: ungrouped,
+                });
+                await tick();
+            }
+        }
+        catch (err) {
+            logger_1.logger.error('Initial grouping backfill check failed', { error: err });
+        }
+    })();
+}

package/backend-dist/agent/utils.js

@@ -113,7 +113,13 @@ function pushToSessionHistory(logger, session, message) {
         limitHit = true;
     }
     // 2. Total history length limit.
-    const currentTotal = session.history.reduce((acc, msg) => acc + (typeof msg.content === 'string' ? msg.content.length : 0), 0);
+    const currentTotal = session.history.reduce((acc, msg) => {
+        if (typeof msg.content === 'string')
+            return acc + msg.content.length;
+        if (msg.content != null)
+            return acc + JSON.stringify(msg.content).length;
+        return acc;
+    }, 0);
     const remaining = exports.MAX_HISTORY_TOTAL - currentTotal;
     if (content.length > remaining) {
         content = content.slice(0, Math.max(0, remaining - FINAL_ANSWER_REQUEST.content.length));

package/backend-dist/ai-client.js

@@ -7,6 +7,7 @@ exports.aiClient = exports.AIClient = void 0;
 exports.getDefaultModel = getDefaultModel;
 exports.getMaxMessageContentLength = getMaxMessageContentLength;
 exports.getMaxHistoryLength = getMaxHistoryLength;
+exports.getContextWindowSize = getContextWindowSize;
 const openai_1 = __importDefault(require("openai"));
 const sdk_1 = __importDefault(require("@anthropic-ai/sdk"));
 const genai_1 = require("@google/genai");
@@ -40,20 +41,29 @@ const MAX_MESSAGE_CONTENT_LENGTH_BY_PROVIDER = {
 };
 /**
  * Maximum total character length across all messages in the conversation
- * history, derived from each provider's context-window size minus headroom
- * for the system prompt and max output tokens.
+ * history. Uses 2 chars/token (conservative) instead of 4 to account for
+ * content with low chars-per-token ratios (JSON, code, tool results).
  *
- * - anthropic: Claude Opus 4.7 — 1M token ctx, 64K max output
- *              ≈ (1,000,000 - 64,000 - 10,000) tokens × 4 chars ≈ 3.7M chars
- * - openai:    GPT-5.5 — ~272K token ctx, ~32K max output
- *              ≈ (272,000 - 32,000 - 5,000) tokens × 4 chars ≈ 940K chars
- * - gemini:    Gemini 2.5 Pro — 1M token ctx, ~32K max output
- *              ≈ (1,000,000 - 32,000 - 10,000) tokens × 4 chars ≈ 3.8M chars
+ * - anthropic: 1M token ctx, reserve 100K for output + system prompt
+ *              → 900K target tokens × 2 chars ≈ 1.8M chars
+ * - openai:    ~272K token ctx, reserve 40K
+ *              → 230K target tokens × 2 chars ≈ 460K chars
+ * - gemini:    1M token ctx, reserve 100K
+ *              → 900K target tokens × 2 chars ≈ 1.8M chars
  */
 const MAX_HISTORY_LENGTH_BY_PROVIDER = {
-    anthropic: 3500000,
-    openai: 800000,
-    gemini: 3500000,
+    anthropic: 1800000,
+    openai: 460000,
+    gemini: 1800000,
+};
+/**
+ * Hard token limit of the context window for each provider/model tier.
+ * Used to compute the accurate "tokens remaining" value shown in the UI.
+ */
+const CONTEXT_WINDOW_BY_PROVIDER = {
+    anthropic: 1000000,
+    openai: 272000,
+    gemini: 1000000,
 };
 function getMaxMessageContentLength(provider) {
     return MAX_MESSAGE_CONTENT_LENGTH_BY_PROVIDER[provider];
@@ -61,6 +71,9 @@ function getMaxMessageContentLength(provider) {
 function getMaxHistoryLength(provider) {
     return MAX_HISTORY_LENGTH_BY_PROVIDER[provider];
 }
+function getContextWindowSize(provider) {
+    return CONTEXT_WINDOW_BY_PROVIDER[provider];
+}
 // ---------------------------------------------------------------------------
 // OpenAI adapter
 // ---------------------------------------------------------------------------

package/backend-dist/db.js

@@ -28,13 +28,34 @@ else if (config_1.config.databaseUrl) {
         logging: config_1.config.dbLogging ? console.log : false,
     });
 }
+const COLUMN_MIGRATIONS = [
+    // Added: context-window tracking (prompt token count of last API call)
+    { table: 'agent_sessions', column: 'last_prompt_tokens', definition: 'INTEGER NOT NULL DEFAULT 0' },
+    // Added: project grouping
+    { table: 'agent_sessions', column: 'group_name', definition: 'VARCHAR(255)' },
+    { table: 'agent_sessions', column: 'group_description', definition: 'TEXT' },
+];
+async function runSQLiteMigrations(logger) {
+    for (const { table, column, definition } of COLUMN_MIGRATIONS) {
+        const rows = (await sequelize.query(`PRAGMA table_info(${table})`))[0];
+        const exists = rows.some((r) => r.name === column);
+        if (!exists) {
+            await sequelize.query(`ALTER TABLE ${table} ADD COLUMN ${column} ${definition}`);
+            logger.info(`SQLite migration: added column ${table}.${column}`);
+        }
+    }
+}
 async function initDatabase(logger) {
     try {
         await sequelize.authenticate();
-        // Use `alter: true` only for Postgres, not for SQLite
+        // Use `alter: true` only for Postgres, not for SQLite.
+        // On SQLite, sync() creates any missing tables from scratch (safe for new
+        // installs) and then runSQLiteMigrations() adds any columns that were
+        // introduced after the table was first created (safe for upgrades).
         if (sequelize.getDialect() === 'sqlite') {
             await sequelize.sync();
-            logger.info('Database connection established and models synchronized (SQLite, no alter).');
+            await runSQLiteMigrations(logger);
+            logger.info('Database connection established and models synchronized (SQLite).');
         }
         else {
             await sequelize.sync({ alter: true });

package/backend-dist/index.js

@@ -16,6 +16,7 @@ const taskInstructionRoutes_1 = require("./taskInstructionRoutes");
 const scheduledJobRoutes_1 = require("./scheduledJobRoutes");
 const mcpServerRoutes_1 = require("./mcpServerRoutes");
 const scheduledJobExecutor_1 = require("./scheduledJobExecutor");
+const sessionGrouping_1 = require("./agent/sessionGrouping");
 const config_1 = require("./config");
 const agentServer_1 = require("./agent/agentServer");
 // Importing AgentSession and ScheduledJob ensures the models are registered with Sequelize before initDatabase().
@@ -77,8 +78,8 @@ app.get('/macos/appcast', (req, res) => {
     const appcastUrl = `${baseUrl}/macos/appcast`;
     // These should match the values embedded into the macOS app
     // Info.plist in macOS/build_release_dmg.sh.
-    const bundleVersion = '31';
-    const shortVersion = '1.0.30';
+    const bundleVersion = '36';
+    const shortVersion = '1.0.35';
     const xml = `<?xml version="1.0" encoding="utf-8"?>
 <rss version="2.0"
      xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle"
@@ -106,7 +107,7 @@ app.get('/macos/appcast', (req, res) => {
 // ── Windows distribution endpoints ───────────────────────────────────────────
 // These should match the values in windows/OmniKey.Windows.csproj
 // <Version> and windows/build_release_zip.ps1 $APP_VERSION.
-const WIN_VERSION = '1.11';
+const WIN_VERSION = '1.12';
 const WIN_ZIP_FILENAME = 'OmniKeyAI-windows-win-x64.zip';
 const WIN_ZIP_PATH = path_1.default.join(process.cwd(), 'windows', WIN_ZIP_FILENAME);
 // Serves the pre-built ZIP produced by windows/build_release_zip.ps1.
@@ -148,7 +149,19 @@ app.get('/windows/update', (req, res) => {
         version: WIN_VERSION,
         downloadUrl: `${baseUrl}/windows/download`,
         fileSize,
-        releaseNotes: `What's new in ${WIN_VERSION}\n\n• OmniAgent flow improvements\n• Bug fixes and performance enhancements\n\n Support for MCP servers now you can add any custom MCP server to OmniKeyAI using CLI or Windows app.`,
+        releaseNotes: [
+            `What's new in ${WIN_VERSION}`,
+            ``,
+            `• Brand-new WPF shell — Agent Chat, OmniAgent Session, Task Instructions, Scheduled Jobs, Job Run History, MCP Servers, Manual, Subscription, and Check Updates all reachable from a unified sidebar.`,
+            `• Agent Chat with session sidebar, search, hover-to-delete, context-window indicator, default task-instruction picker (with a built-in "No task instructions" option).`,
+            `• OmniAgent Session replaces the old thinking window — sticky session picker, streaming collapsible timeline (web search, MCP, reasoning, terminal) and a copyable final-answer card. Selecting an existing session previews its last turn in-place.`,
+            `• Scheduled Jobs redesigned: clearer labels, self-contained Active toggle, restructured Save / Run now / Reset / Delete action bar, tooltips throughout.`,
+            `• Theme reworked to match the app icon — cyan + light purple. The Windows system-accent leak (orange/red buttons) is gone everywhere.`,
+            `• Modern typography (Aptos / Inter / Segoe UI Variable Display).`,
+            `• Mouse-wheel scroll fixed across Chat and OmniAgent pages.`,
+            `• Production-default backend URL: shipping binary defaults to https://omnikeyai.ca.`,
+            `• Internals: removed ~5,200 lines of unwired WinForms code; build is warning-free.`,
+        ].join('\n'),
     });
 });
 app.get('/downloads/stats', async (_req, res) => {
@@ -185,6 +198,7 @@ async function start() {
         }
         if (config_1.config.isSelfHosted) {
             (0, scheduledJobExecutor_1.startScheduledJobExecutor)();
+            (0, sessionGrouping_1.startGroupingCronJob)();
         }
     }
     catch (err) {

package/backend-dist/models/agentSession.js

@@ -67,6 +67,22 @@ AgentSession.init({
         defaultValue: 0,
         field: 'total_tokens_used',
     },
+    lastPromptTokens: {
+        type: sequelize_1.DataTypes.INTEGER,
+        allowNull: false,
+        defaultValue: 0,
+        field: 'last_prompt_tokens',
+    },
+    groupName: {
+        type: sequelize_1.DataTypes.STRING,
+        allowNull: true,
+        field: 'group_name',
+    },
+    groupDescription: {
+        type: sequelize_1.DataTypes.TEXT,
+        allowNull: true,
+        field: 'group_description',
+    },
     lastActiveAt: {
         type: sequelize_1.DataTypes.DATE,
         allowNull: false,

package/package.json

@@ -4,7 +4,7 @@
     "access": "public",
     "registry": "https://registry.npmjs.org/"
   },
-  "version": "1.0.42",
+  "version": "1.1.0",
   "description": "CLI for onboarding users to Omnikey AI and configuring OPENAI_API_KEY. Use Yarn for install/build.",
   "engines": {
     "node": ">=14.0.0",