onbuzz 4.8.1 → 4.8.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "onbuzz",
-  "version": "4.8.1",
+  "version": "4.8.2",
   "description": "Loxia OnBuzz - Your AI Fleet",
   "type": "module",
   "main": "src/index.js",

package/src/core/__tests__/agentPool.test.js

@@ -420,6 +420,191 @@ describe('AgentPool', () => {
       expect(agent.delayEndTime).toBe(pastIso);
     });
 
+    // ── Auto-save user messages as plan/* memories ────────────────────
+    // Talisman case study: agents never voluntarily wrote memories
+    // and the user's literal asks vanished in compaction. The pool
+    // now auto-saves substantive user messages to the plan/* store
+    // as a system-level safety net (the agent itself can still write
+    // better-titled plans on top; these auto-saves are cleanup-safe).
+
+    describe('REGRESSION: auto-save substantive user messages as plan/*', () => {
+      test('calls _autoSaveUserMessageAsPlan for each user message (best-effort)', async () => {
+        const agent = await pool.createAgent(agentCfg());
+        const spy = jest.spyOn(pool, '_autoSaveUserMessageAsPlan').mockResolvedValue(undefined);
+        await pool.addUserMessage(agent.id, { content: 'please do a thing that is long enough to count as substantive content here, more than 120 chars total for the heuristic', role: 'user' });
+        expect(spy).toHaveBeenCalledTimes(1);
+        expect(spy.mock.calls[0][0]).toBe(agent.id);
+        expect(spy.mock.calls[0][1].content).toMatch(/please do a thing/);
+        spy.mockRestore();
+      });
+
+      test('a memory-service failure does NOT block the message-enqueue path', async () => {
+        // Auto-save is best-effort. If memoryService blows up, the
+        // user's message must still land on the queue.
+        const agent = await pool.createAgent(agentCfg());
+        jest.spyOn(pool, '_autoSaveUserMessageAsPlan').mockRejectedValue(new Error('memory store offline'));
+        await pool.addUserMessage(agent.id, { content: 'hello', role: 'user' });
+        expect(agent.messageQueues.userMessages).toHaveLength(1);
+      });
+    });
+
+    describe('_looksSubstantive heuristic — pollution audit', () => {
+      // ── TRUE POSITIVES — these SHOULD be saved ─────────────────────
+      test('TRUE POSITIVE: numbered request (Talisman literal case)', () => {
+        const msg = `Amazing! a few more things
+1. "choose your hero" page - lets put a nice fantasy image at the background.
+2. play screen - why is the board still round? plus, not all nodes have their own art.
+3. when we roll for combat - there is no dice animation visible`;
+        expect(pool._looksSubstantive(msg)).toBe(true);
+      });
+
+      test('TRUE POSITIVE: multi-paragraph feature request', () => {
+        const msg = 'Implement OAuth login. Replace the existing session-cookie flow with Google and Microsoft sign-in. Migrate existing users by linking their email to the new auth records on first sign-in. Update the docs.';
+        expect(pool._looksSubstantive(msg)).toBe(true);
+      });
+
+      test('TRUE POSITIVE: numbered bug list (descriptions, not paths)', () => {
+        const msg = `Fix these bugs:\n1. login button does nothing on Safari\n2. cart total wrong when discount applied\n3. 500 error on /api/orders/export`;
+        expect(pool._looksSubstantive(msg)).toBe(true);
+      });
+
+      test('TRUE POSITIVE: bulleted plan with imperative verbs', () => {
+        const msg = `fixes needed:\n- fix bug in login flow that breaks on slow networks\n- add retry logic to the cache layer\n- write a test for the missing error case`;
+        expect(pool._looksSubstantive(msg)).toBe(true);
+      });
+
+      // ── POLLUTION RISKS — these should NOT be saved ────────────────
+      test('POLLUTION: short ack is rejected', () => {
+        expect(pool._looksSubstantive('ok thanks')).toBe(false);
+        expect(pool._looksSubstantive('thanks!')).toBe(false);
+        expect(pool._looksSubstantive('yes please')).toBe(false);
+      });
+
+      test('POLLUTION: question with no imperative is rejected (user wants an answer, not a plan)', () => {
+        const msg = 'what does this function do? I see it referenced in three places but the docs do not explain its purpose at all.';
+        expect(pool._looksSubstantive(msg)).toBe(false);
+      });
+
+      test('POLLUTION: numbered list of QUESTIONS is rejected (not a plan)', () => {
+        const msg = `quick questions:\n1. why is the cache key the user id?\n2. is the rate limit per-user or per-ip?`;
+        expect(pool._looksSubstantive(msg)).toBe(false);
+      });
+
+      test('POLLUTION: list of file paths is rejected (just references)', () => {
+        const msg = `look at these:\n- src/auth/login.js\n- src/auth/session.js\n- src/middleware/auth.js\n- tests/auth.test.js`;
+        expect(pool._looksSubstantive(msg)).toBe(false);
+      });
+
+      test('POLLUTION: long pleasantry with no imperative is rejected', () => {
+        const msg = 'hey, hope you are well today, that was a good run earlier and I am happy with the progress so far!';
+        expect(pool._looksSubstantive(msg)).toBe(false);
+      });
+
+      test('POLLUTION: trivial numbered nonsense is rejected (too short under list rule)', () => {
+        expect(pool._looksSubstantive('1. yes 2. no 3. maybe')).toBe(false);
+      });
+
+      test('POLLUTION: reading-comprehension feedback is rejected', () => {
+        expect(pool._looksSubstantive('I do not understand what you wrote in your last message. Can you explain it differently?')).toBe(false);
+      });
+
+      test('POLLUTION: agreement / confirmation is rejected', () => {
+        expect(pool._looksSubstantive('yes, please proceed with that plan. it looks correct to me.')).toBe(false);
+      });
+
+      test('POLLUTION: simple one-shot instruction is rejected (too short)', () => {
+        expect(pool._looksSubstantive('run the tests again')).toBe(false);
+      });
+
+      // ── Defensive corner cases ─────────────────────────────────────
+      test('tool-result wrappers are rejected', () => {
+        expect(pool._looksSubstantive('[Tool Results — 1 result from 1 tool batch: filesystem] {...lots of content...}')).toBe(false);
+        expect(pool._looksSubstantive('[Previous Task — Final Tool Results] [jobdone] {...}')).toBe(false);
+      });
+
+      test('non-string content is rejected defensively', () => {
+        expect(pool._looksSubstantive(null)).toBe(false);
+        expect(pool._looksSubstantive(undefined)).toBe(false);
+        expect(pool._looksSubstantive({ obj: true })).toBe(false);
+      });
+    });
+
+    describe('helpers: question / reference / imperative detection', () => {
+      test('_dominatedByQuestions detects majority-question content', () => {
+        expect(pool._dominatedByQuestions('what does X do?')).toBe(true);
+        expect(pool._dominatedByQuestions('1. what?\n2. why?\n3. how?')).toBe(true);
+        expect(pool._dominatedByQuestions('fix the bug')).toBe(false);
+        // Mixed: 1 question + 2 commands → not dominated.
+        expect(pool._dominatedByQuestions('why is this slow?\nfix the cache\nadd metrics')).toBe(false);
+      });
+
+      test('_listItemsAreJustReferences detects path-only lists', () => {
+        const refList = `look:\n- src/a.js\n- src/b.js\n- src/c.js`;
+        expect(pool._listItemsAreJustReferences(refList)).toBe(true);
+      });
+
+      test('_listItemsAreJustReferences does NOT flag bug descriptions', () => {
+        const bugList = `bugs:\n- login breaks on Safari\n- cart total wrong with discount`;
+        expect(pool._listItemsAreJustReferences(bugList)).toBe(false);
+      });
+
+      test('_hasImperativeSignal matches common command verbs', () => {
+        expect(pool._hasImperativeSignal('fix the login bug')).toBe(true);
+        expect(pool._hasImperativeSignal('add a retry')).toBe(true);
+        expect(pool._hasImperativeSignal('refactor this module')).toBe(true);
+        expect(pool._hasImperativeSignal('what does this do')).toBe(false);
+        expect(pool._hasImperativeSignal('looks good')).toBe(false);
+      });
+    });
+
+    describe('dedup + cap (Jaccard similarity, AUTO_PLAN_CAP)', () => {
+      test('_tokenize lowercases + drops short words + strips punctuation', () => {
+        const tokens = pool._tokenize('Fix THE login button on iOS!');
+        // 'the', 'on' are <3 chars dropped; 'fix', 'login', 'button', 'ios' remain.
+        expect(tokens.has('fix')).toBe(true);
+        expect(tokens.has('login')).toBe(true);
+        expect(tokens.has('button')).toBe(true);
+        expect(tokens.has('ios')).toBe(true);
+        expect(tokens.has('the')).toBe(false);
+        expect(tokens.has('on')).toBe(false);
+      });
+
+      test('_jaccard returns 1 for identical text, 0 for disjoint, 1 for both empty', () => {
+        const a = pool._tokenize('fix the login button');
+        const b = pool._tokenize('fix the login button');
+        const c = pool._tokenize('build the cache layer');
+        expect(pool._jaccard(a, b)).toBe(1);
+        expect(pool._jaccard(a, c)).toBe(0);
+        expect(pool._jaccard(new Set(), new Set())).toBe(1);
+      });
+
+      test('_overlapCoefficient catches "I repeat my old message" near-duplicate (containment ≥0.85)', () => {
+        // Real Talisman case: user repeated themselves verbatim with
+        // an "I repeat my old message" preamble. Jaccard alone marks
+        // these as merely "similar" because the preamble adds new
+        // words; the overlap coefficient (intersection / smaller-set)
+        // correctly reports that the original is fully contained in
+        // the repeated version.
+        const original = pool._tokenize(
+          `1. "choose your hero" page - lets put a nice fantasy image at the background. also, lets create a character card art (general)`,
+        );
+        const repeated = pool._tokenize(
+          `Amazing! I repeat my old message - a few more things\n\n"choose your hero" page - lets put a nice fantasy image at the background. also, lets create a character card art (general)`,
+        );
+        expect(pool._overlapCoefficient(original, repeated)).toBeGreaterThanOrEqual(0.85);
+      });
+
+      test('_overlapCoefficient is 0 for disjoint sets, 1 for one fully contained in the other', () => {
+        const a = pool._tokenize('fix login button');
+        const b = pool._tokenize('fix login button additional extra words');
+        const c = pool._tokenize('build cache layer');
+        // 'a' fully contained in 'b' → 1.0
+        expect(pool._overlapCoefficient(a, b)).toBe(1);
+        // disjoint
+        expect(pool._overlapCoefficient(a, c)).toBe(0);
+      });
+    });
+
     test('no-ops when delayEndTime is null', async () => {
       const agent = await pool.createAgent(agentCfg());
       agent.delayEndTime = null;

package/src/core/__tests__/agentScheduler.taskListInjection.test.js

@@ -0,0 +1,94 @@
+/**
+ * Contract tests for the per-turn task-list injection in agentScheduler.
+ *
+ * Why this exists: the Talisman production failure was caused by
+ * post-compaction context loss — the agent forgot it already had a
+ * 9-task plan and called `taskmanager sync` with 4 unrelated tasks,
+ * silently destroying the in-flight work. The destructive-sync
+ * guardrail in taskManagerTool catches that AT THE SYNC POINT, but
+ * the cleaner fix is to never let the agent forget the task list in
+ * the first place — inject it into the system prompt every turn.
+ *
+ * This test pins the contract by source-grep (matches the existing
+ * pattern in agentScheduler.taskLifecycleInstruction.test.js): the
+ * scheduler's source must contain the injection block AND its key
+ * properties. Reading the file is cheaper than instantiating the
+ * full scheduler graph (websocket, compaction service, AI service,
+ * etc.) just to assert on prompt content.
+ */
+import { describe, test, expect } from '@jest/globals';
+import { readFileSync } from 'fs';
+import { fileURLToPath } from 'url';
+import { dirname, join } from 'path';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const SRC = readFileSync(join(__dirname, '../agentScheduler.js'), 'utf-8');
+
+describe('agentScheduler — per-turn task-list injection', () => {
+  test('injection block exists in agentScheduler.js source', () => {
+    expect(SRC).toContain('CURRENT TASK LIST');
+  });
+
+  test('emits the heading the agent will key off of', () => {
+    // The block heading must be specific and stable — the agent's
+    // system prompt is the only thing it sees, so the heading needs
+    // to be unambiguous.
+    expect(SRC).toMatch(/##\s*CURRENT TASK LIST/);
+  });
+
+  test('reads from durable agent state (agent.taskList.tasks), not from conversation history', () => {
+    // The whole point of this injection is to recover from a
+    // conversation-history loss (compaction). It MUST read the live,
+    // durable taskList — not derive from messages.
+    expect(SRC).toMatch(/agent\.taskList\??\.tasks/);
+  });
+
+  test('the block runs AFTER the plan/* injection (cache-friendly ordering)', () => {
+    // Stable cacheable system-prompt prefix is critical for the
+    // model-side prompt cache. Both injections are dynamic per turn,
+    // but ordering must be consistent so the prefix up to plan/*
+    // stays stable across turns when only the task list moves.
+    const planIdx = SRC.indexOf('AGENT WORKING PLAN');
+    const taskIdx = SRC.indexOf('CURRENT TASK LIST');
+    expect(planIdx).toBeGreaterThan(-1);
+    expect(taskIdx).toBeGreaterThan(-1);
+    expect(taskIdx).toBeGreaterThan(planIdx);
+  });
+
+  test('mentions compaction-resistance explicitly', () => {
+    // The agent reads the injected block. It must know that the
+    // injection is a deliberate signal — not just historical residue
+    // — so it gives appropriate weight to the listed tasks.
+    expect(SRC).toMatch(/(survives compaction|compaction summarized|compaction)/);
+  });
+
+  test('warns the agent about destructive sync inside the injected block', () => {
+    // The injection is the natural place to point the agent at the
+    // guardrail. Strong message: do not blindly sync past the
+    // existing tasks.
+    expect(SRC).toMatch(/(sync|drop).*existing|before issuing.*sync/i);
+  });
+
+  test('groups tasks by status (in_progress / pending / completed / cancelled)', () => {
+    // A flat list of 30 tasks is hard to scan. Status grouping puts
+    // in_progress first — what the agent needs to act on.
+    expect(SRC).toContain('in_progress');
+    expect(SRC).toContain('pending');
+    expect(SRC).toContain('completed');
+    expect(SRC).toContain('cancelled');
+  });
+
+  test('degrades gracefully — never throws on missing taskList', () => {
+    // If taskList is undefined or .tasks is missing/empty, the
+    // injection should silently skip — never break the turn.
+    expect(SRC).toMatch(/agent\.taskList\?\.tasks/);
+    // And the whole block is wrapped in try/catch with a logger warn.
+    const block = SRC.slice(
+      SRC.indexOf('Auto-inject CURRENT TASK LIST'),
+      SRC.indexOf('Check if streaming is enabled'),
+    );
+    expect(block).toMatch(/try\s*{/);
+    expect(block).toMatch(/catch\s*\(/);
+    expect(block).toMatch(/continuing without/);
+  });
+});

package/src/core/agentPool.js

@@ -23,6 +23,17 @@ import DirectoryAccessManager from '../utilities/directoryAccessManager.js';
 import { getVisualEditorBridge } from '../services/visualEditorBridge.js';
 
 class AgentPool {
+  // Stopwords for the _tokenize / _jaccard similarity check used by
+  // auto-save-as-plan dedup. Tight list — only words that appear in
+  // virtually every English sentence regardless of content, so that
+  // their presence in both messages doesn't inflate similarity.
+  static _STOPWORDS = new Set([
+    'the', 'and', 'for', 'but', 'are', 'was', 'were',
+    'has', 'have', 'had', 'this', 'that', 'with', 'will',
+    'you', 'your', 'our', 'their', 'them', 'they',
+    'can', 'could', 'should', 'would',
+  ]);
+
   constructor(config, logger, stateManager, contextManager, toolsRegistry = null) {
     this.config = config;
     this.logger = logger;
@@ -1437,6 +1448,23 @@ class AgentPool {
       this._autoCreateTaskForMessage(agent, queuedMessage, 'user', 'high');
     }
 
+    // ── Auto-save substantive user messages as plan/* memories ───────
+    // Observed in production: across 670-message agent sessions the
+    // agent NEVER wrote a memory voluntarily. Compaction then summarized
+    // away the user's literal asks, the agent paraphrased what was left,
+    // and ended up doing work the user never requested. Belt-and-
+    // suspenders alongside the OPERATING POSTURE prompt nudge: when a
+    // user message looks substantive (long, or contains a numbered/
+    // bulleted multi-part ask), the SYSTEM saves it as `plan/<auto>` so
+    // the system-prompt auto-injection makes the user's words visible
+    // every turn — even if the agent itself never thought to save.
+    // Best-effort: never block the message-enqueue path.
+    this._autoSaveUserMessageAsPlan(agentId, queuedMessage).catch(err => {
+      this.logger.debug?.('Auto-save of user message as plan/* failed (continuing)', {
+        agentId, error: err?.message,
+      });
+    });
+
     await this.persistAgentState(agentId);
 
     // If we cleared a delay, surface it on the WS so the delay chip in the
@@ -1556,6 +1584,285 @@ class AgentPool {
    * @param {string} priority - Task priority ('high', 'medium', 'low')
    * @private
    */
+  /**
+   * Save a substantive user message as a `plan/*` memory automatically.
+   *
+   * Rationale (Talisman case study, May 2026): agents observed in
+   * production never wrote a single memory across hundreds of
+   * messages, even when the OPERATING POSTURE prompt explicitly told
+   * them to. The user's literal ask then got lost in compaction and
+   * the agent went off-course. This system-level safety net puts the
+   * user's message into the durable plan/* store — which the system
+   * prompt auto-injects every turn — without depending on the model
+   * making the call.
+   *
+   * What counts as "substantive":
+   *   - Content length ≥ 60 chars (~12 words) — short acks/yes-no don't qualify
+   *   - AND any of:
+   *       • contains a numbered list ("1.", "2.", "3." …)
+   *       • contains a bullet list (-, *, • at line start)
+   *       • OR is ≥ 120 chars (longer than a one-line ack)
+   *
+   * What gets saved:
+   *   - title: `plan/user-<short-slug>-<timestamp>`
+   *   - description: "auto-saved from user message at <iso>"
+   *   - content: the verbatim user message
+   *
+   * The agent can rename, consolidate, or delete these later. They
+   * exist as a fail-safe — if the agent does its job and saves its
+   * own better-named plan, these auto-saves can be cleaned up. If
+   * the agent doesn't, at least the user's words survive compaction.
+   *
+   * @param {string} agentId
+   * @param {Object} message - The queued user message
+   * @private
+   */
+  async _autoSaveUserMessageAsPlan(agentId, message) {
+    const content = typeof message?.content === 'string' ? message.content : '';
+    if (!content) return;
+    if (!this._looksSubstantive(content)) return;
+
+    // Lazy-load to keep agentPool's load order light. The same import
+    // pattern as agentScheduler's plan injection.
+    let memoryService;
+    try {
+      const mod = await import('../services/memoryService.js');
+      memoryService = mod.getMemoryService(this.logger);
+      await memoryService.initialize();
+    } catch (e) {
+      this.logger.debug?.('Auto-save plan: memory service unavailable', { error: e.message });
+      return;
+    }
+
+    // ── Deduplication ────────────────────────────────────────────────
+    // Users repeat themselves ("I repeat my old message", "did you do
+    // it all?" + paste the same thing). Without dedup the auto-saver
+    // would create N copies of essentially the same plan. Load
+    // existing plan/user-* memories and skip when the new content is
+    // ≥70% similar to any of them (Jaccard over normalized word sets).
+    let existingPlans = [];
+    try {
+      const all = await memoryService.loadMemories(agentId);
+      existingPlans = (all || []).filter(m =>
+        typeof m?.title === 'string' && m.title.startsWith('plan/user-')
+      );
+    } catch (e) {
+      // Treat unreadable store as empty — we may still write a fresh entry.
+      this.logger.debug?.('Auto-save plan: existing memories unreadable', { agentId, error: e.message });
+    }
+
+    const newTokens = this._tokenize(content);
+    for (const existing of existingPlans) {
+      const existingTokens = this._tokenize(existing.content || '');
+      const sim = this._jaccard(newTokens, existingTokens);
+      const containment = this._overlapCoefficient(newTokens, existingTokens);
+      // Jaccard catches near-identical reformulations. Containment
+      // catches the "I repeat my old message — <same content>" case
+      // where the user re-pastes the original plus a preamble. Either
+      // signal is enough to suppress the duplicate.
+      if (sim >= 0.7 || containment >= 0.85) {
+        this.logger.info?.('Auto-save plan: skipping near-duplicate of existing plan', {
+          agentId, existingTitle: existing.title,
+          jaccard: sim.toFixed(2), containment: containment.toFixed(2),
+        });
+        return;
+      }
+    }
+
+    // ── Per-agent cap ────────────────────────────────────────────────
+    // Bound the total auto-saved plans so an active session doesn't
+    // bloat the agent's plan/* namespace indefinitely. Keep the K most
+    // recent; delete the oldest auto-saves beyond that.
+    const AUTO_PLAN_CAP = 8;
+    const existingAutoSaves = existingPlans
+      .filter(m => /^plan\/user-/.test(m.title))
+      .sort((a, b) => String(a.createdAt || '').localeCompare(String(b.createdAt || '')));
+    while (existingAutoSaves.length >= AUTO_PLAN_CAP) {
+      const oldest = existingAutoSaves.shift();
+      try {
+        await memoryService.deleteMemory(agentId, oldest.id);
+        this.logger.info?.('Auto-save plan: retired oldest auto-save to keep cap', {
+          agentId, retiredTitle: oldest.title, cap: AUTO_PLAN_CAP,
+        });
+      } catch (e) {
+        // Non-fatal — if we can't delete the oldest, just skip this entry
+        // and proceed with the write. Worst case the plan list grows
+        // by one beyond the cap — still bounded over time.
+        this.logger.debug?.('Auto-save plan: retire-oldest failed', { agentId, error: e.message });
+        break;
+      }
+    }
+
+    // ── Write the new memory ─────────────────────────────────────────
+    const firstLine = (content.match(/[^\n]+/) || [''])[0].trim();
+    const slug = firstLine
+      .toLowerCase()
+      .replace(/[^a-z0-9]+/g, '-')
+      .replace(/^-+|-+$/g, '')
+      .slice(0, 40) || 'request';
+    const ts = new Date().toISOString().slice(0, 19).replace(/[:T]/g, '-');
+    const title = `plan/user-${slug}-${ts}`;
+
+    try {
+      await memoryService.addMemory(agentId, {
+        title,
+        description: `Auto-saved from user message at ${message.timestamp || new Date().toISOString()}`,
+        content,
+      });
+      this.logger.info?.('Auto-saved user message as plan/* memory', {
+        agentId, title, contentLength: content.length,
+      });
+    } catch (e) {
+      this.logger.debug?.('Auto-save plan: write failed', { agentId, title, error: e.message });
+    }
+  }
+
+  /**
+   * Tokenize a string into a lowercased word set for similarity checks.
+   * Strips punctuation, drops short words (<3 chars), and drops a
+   * small stopword set so that common words like "the" / "and" don't
+   * inflate similarity scores between otherwise different messages.
+   * @private
+   */
+  _tokenize(s) {
+    if (typeof s !== 'string') return new Set();
+    return new Set(
+      s.toLowerCase()
+       .replace(/[^a-z0-9\s]+/g, ' ')
+       .split(/\s+/)
+       .filter(w => w.length >= 3 && !AgentPool._STOPWORDS.has(w))
+    );
+  }
+
+  /**
+   * Jaccard similarity over two word sets.
+   * @private
+   */
+  _jaccard(a, b) {
+    if (a.size === 0 && b.size === 0) return 1;
+    if (a.size === 0 || b.size === 0) return 0;
+    let intersection = 0;
+    for (const w of a) if (b.has(w)) intersection += 1;
+    return intersection / (a.size + b.size - intersection);
+  }
+
+  /**
+   * Overlap coefficient — intersection / size-of-smaller-set.
+   * Returns 1.0 when one set is fully contained in the other,
+   * regardless of how much the other set adds. Catches the "user
+   * re-pastes their request with a preamble" duplicate case where
+   * Jaccard would mark the messages as merely similar.
+   * @private
+   */
+  _overlapCoefficient(a, b) {
+    if (a.size === 0 || b.size === 0) return 0;
+    let intersection = 0;
+    for (const w of a) if (b.has(w)) intersection += 1;
+    return intersection / Math.min(a.size, b.size);
+  }
+
+  /**
+   * Heuristic — does this user message look like a real request worth
+   * preserving as a plan/*? Errs on the side of saving more (recall
+   * over precision) — a stray auto-save is cheap; a lost user request
+   * is catastrophic.
+   * @private
+   */
+  _looksSubstantive(text) {
+    if (typeof text !== 'string') return false;
+    const t = text.trim();
+    if (t.length < 30) return false;
+    // Tool-result wrappers and previous-task boundaries are not user voice.
+    if (t.startsWith('[Tool Results') || t.startsWith('[Previous Task')) return false;
+
+    // ── Pollution filter 1: dominated by questions ────────────────────
+    // A message that's mostly questions wants an ANSWER, not a plan.
+    // If the majority of non-empty lines end in '?' (or are
+    // question-shaped), this is a query, not a request.
+    if (this._dominatedByQuestions(t)) return false;
+
+    // ── Pollution filter 2: list items are just refs (paths, urls) ───
+    // A list of file paths / URLs / commit hashes is the user pointing
+    // the agent at things, not a multi-part plan. Save it only if the
+    // surrounding prose carries imperative intent — and even then the
+    // length gate handles that path.
+    const hasList = /^\s*(?:\d+[.)]|[-*•])\s/m.test(t);
+    if (hasList && this._listItemsAreJustReferences(t)) return false;
+
+    // ── Now apply the structural triggers ────────────────────────────
+    // Numbered list — "1." / "1)" at a line start. Multi-part intent.
+    // Require a minimum total length to avoid "1. yes 2. no" nonsense.
+    if (/^\s*\d+[.)]\s/m.test(t) && t.length >= 60) return true;
+    // Bullet list at line start. Same — strong intent signal + length.
+    if (/^\s*[-*•]\s/m.test(t) && t.length >= 60) return true;
+    // Free-form prose with no list markers must be substantial AND
+    // contain an imperative-like signal (a verb you'd give as an
+    // order). Raised from 120 → 150 to skip more pleasantries.
+    if (t.length >= 150 && this._hasImperativeSignal(t)) return true;
+    return false;
+  }
+
+  /**
+   * Heuristic: is this message mostly questions?
+   * @private
+   */
+  _dominatedByQuestions(t) {
+    // Split into non-empty lines.
+    const lines = t.split(/\r?\n/).map(l => l.trim()).filter(Boolean);
+    if (lines.length === 0) return false;
+    // Strip leading list markers so we can look at the line's intent.
+    const stripMarker = (l) => l.replace(/^(?:\d+[.)]|[-*•])\s+/, '');
+    let questionLines = 0;
+    for (const raw of lines) {
+      const line = stripMarker(raw);
+      // Ends in '?', OR starts with a question word at the line head.
+      if (/\?\s*$/.test(line) || /^(?:what|why|how|when|where|who|which|is\b|are\b|do\b|does\b|can\b|could\b|should\b|would\b)\b/i.test(line)) {
+        questionLines += 1;
+      }
+    }
+    // Strict-majority rule: more than half of lines are questions.
+    return questionLines * 2 > lines.length;
+  }
+
+  /**
+   * Heuristic: are the list items in this message just references
+   * (file paths, URLs, commit hashes) with no imperative verb of their own?
+   * @private
+   */
+  _listItemsAreJustReferences(t) {
+    const lines = t.split(/\r?\n/).map(l => l.trim()).filter(Boolean);
+    const listItems = lines.filter(l => /^(?:\d+[.)]|[-*•])\s/.test(l));
+    if (listItems.length === 0) return false;
+    let refLikeCount = 0;
+    for (const li of listItems) {
+      const body = li.replace(/^(?:\d+[.)]|[-*•])\s+/, '').trim();
+      // Only treat as a "reference" if the line IS the reference —
+      // i.e. a path/URL/hash with no surrounding English. A short bug
+      // description like "login button does nothing on Safari" still
+      // counts as content, not a reference.
+      //   Path: contains '/' or '\' OR starts with '.' AND has NO spaces
+      //   URL:  starts with http(s)://
+      //   Hash: 7-40 hex chars only, no spaces
+      const isPath = (/[/\\]/.test(body) || /^\./.test(body)) && !/\s/.test(body);
+      const isUrl  = /^https?:\/\//.test(body) && !/\s/.test(body);
+      const isHash = /^[0-9a-f]{7,40}$/i.test(body);
+      if (isPath || isUrl || isHash) refLikeCount += 1;
+    }
+    // Strict-majority of list items are reference-like → ignore.
+    return refLikeCount * 2 > listItems.length;
+  }
+
+  /**
+   * Heuristic: does the message contain a verb that signals "do this"?
+   * Conservative — favors recall over precision.
+   * @private
+   */
+  _hasImperativeSignal(t) {
+    // Word-boundary match against a set of common imperative verbs.
+    // Order matters only for readability — we check membership.
+    return /\b(?:fix|add|build|implement|create|change|remove|delete|update|refactor|rewrite|migrate|integrate|configure|setup|set\s+up|design|generate|make|write|test|verify|ensure|review|optimize|improve|replace|move|rename|extract|split|merge|deploy|publish|ship|release|debug|investigate|analyze|reproduce|escalate|prioritize|schedule)\b/i.test(t);
+  }
+
   _autoCreateTaskForMessage(agent, message, source, priority) {
     if (!agent.taskList) {
       agent.taskList = { tasks: [], lastUpdated: new Date().toISOString() };

package/src/core/agentScheduler.js

@@ -2105,6 +2105,48 @@ class AgentScheduler {
         });
       }
 
+      // ── Auto-inject CURRENT TASK LIST every turn ───────────────────
+      // The task list lives in `agent.taskList.tasks` — durable, never
+      // affected by compaction. But the conversation messages that
+      // CREATED those tasks ARE compacted, so an agent that lost its
+      // recent history may forget the task list exists. That's how
+      // the Talisman bug happened: the agent called sync with a fresh
+      // 4-task plan, silently wiping 9 in-flight tasks the user had
+      // implicitly requested. Surface the current task list to the
+      // agent every turn so it can never "forget" what's already on
+      // the plan. Cheap (a few hundred chars), invariant to
+      // compaction, and a natural deterrent against destructive sync.
+      try {
+        const tasks = agent.taskList?.tasks || [];
+        if (Array.isArray(tasks) && tasks.length > 0) {
+          const lines = ['\n\n## CURRENT TASK LIST (live from agent state — survives compaction)\n'];
+          lines.push('These tasks exist in your durable state RIGHT NOW. If the conversation history doesn\'t mention them, that\'s because compaction summarized that section away — the tasks are still there.\n');
+          lines.push('Before issuing `taskmanager sync`, READ this list. If you sync with a different plan, you will be dropping these.\n');
+          // Compact, scannable. Title + status + priority is enough.
+          const byStatus = { in_progress: [], pending: [], completed: [], cancelled: [] };
+          for (const t of tasks) {
+            const status = t.status || 'pending';
+            (byStatus[status] || (byStatus[status] = [])).push(t);
+          }
+          const order = ['in_progress', 'pending', 'completed', 'cancelled'];
+          for (const status of order) {
+            const group = byStatus[status] || [];
+            if (group.length === 0) continue;
+            lines.push(`\n**${status}** (${group.length}):`);
+            for (const t of group) {
+              const pri = t.priority ? ` [${t.priority}]` : '';
+              lines.push(`- ${t.title}${pri}`);
+            }
+          }
+          enhancedSystemPrompt = (enhancedSystemPrompt || '') + lines.join('\n');
+        }
+      } catch (taskInjectErr) {
+        // Best-effort — never block the turn on this.
+        this.logger.warn(`Task list injection failed for agent ${agentId} (continuing without)`, {
+          error: taskInjectErr?.message,
+        });
+      }
+
       // Check if streaming is enabled - consider both agent config and user message preference
       // Get the last user message to check for streaming preference
       const lastUserMsg = [...conversationHistory].reverse().find(m => m.role === 'user');