npm - patchwork-os - Versions diffs - 0.2.0-alpha.9 → 0.2.0-beta.1 - Mend

patchwork-os 0.2.0-alpha.9 → 0.2.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (618) hide show

package/README.bridge.md +6 -0
package/README.md +318 -35
package/deploy/bootstrap-new-vps.sh +12 -12
package/deploy/bootstrap-vps.sh +187 -0
package/deploy/deploy-dashboard.sh +174 -0
package/deploy/deploy-landing.sh +136 -0
package/dist/activationMetrics.d.ts +67 -0
package/dist/activationMetrics.js +255 -0
package/dist/activationMetrics.js.map +1 -0
package/dist/activityLog.d.ts +49 -0
package/dist/activityLog.js +78 -0
package/dist/activityLog.js.map +1 -1
package/dist/analyticsAggregator.d.ts +5 -1
package/dist/analyticsAggregator.js +15 -4
package/dist/analyticsAggregator.js.map +1 -1
package/dist/analyticsPrefs.d.ts +11 -0
package/dist/analyticsPrefs.js +33 -0
package/dist/analyticsPrefs.js.map +1 -1
package/dist/approvalHttp.d.ts +49 -2
package/dist/approvalHttp.js +217 -21
package/dist/approvalHttp.js.map +1 -1
package/dist/approvalInsights.d.ts +49 -0
package/dist/approvalInsights.js +97 -0
package/dist/approvalInsights.js.map +1 -0
package/dist/approvalQueue.d.ts +27 -1
package/dist/approvalQueue.js +123 -3
package/dist/approvalQueue.js.map +1 -1
package/dist/approvalSignals.d.ts +124 -0
package/dist/approvalSignals.js +512 -0
package/dist/approvalSignals.js.map +1 -0
package/dist/automation.d.ts +57 -0
package/dist/automation.js +156 -59
package/dist/automation.js.map +1 -1
package/dist/automationSuggestions.d.ts +79 -0
package/dist/automationSuggestions.js +150 -0
package/dist/automationSuggestions.js.map +1 -0
package/dist/bridge.d.ts +3 -0
package/dist/bridge.js +194 -153
package/dist/bridge.js.map +1 -1
package/dist/bridgeToken.js +57 -19
package/dist/bridgeToken.js.map +1 -1
package/dist/ccPermissions.d.ts +15 -0
package/dist/ccPermissions.js +21 -4
package/dist/ccPermissions.js.map +1 -1
package/dist/claudeDriver.d.ts +0 -16
package/dist/claudeDriver.js +93 -36
package/dist/claudeDriver.js.map +1 -1
package/dist/claudeMdPatch.d.ts +9 -3
package/dist/claudeMdPatch.js +79 -13
package/dist/claudeMdPatch.js.map +1 -1
package/dist/claudeOrchestrator.d.ts +13 -1
package/dist/claudeOrchestrator.js +16 -8
package/dist/claudeOrchestrator.js.map +1 -1
package/dist/commands/dashboard.js +1 -1
package/dist/commands/dashboard.js.map +1 -1
package/dist/commands/launchd.d.ts +2 -0
package/dist/commands/launchd.js +94 -0
package/dist/commands/launchd.js.map +1 -0
package/dist/commands/marketplace.d.ts +15 -10
package/dist/commands/marketplace.js +27 -115
package/dist/commands/marketplace.js.map +1 -1
package/dist/commands/patchworkInit.d.ts +8 -0
package/dist/commands/patchworkInit.js +77 -11
package/dist/commands/patchworkInit.js.map +1 -1
package/dist/commands/recipe.d.ts +289 -0
package/dist/commands/recipe.js +1359 -0
package/dist/commands/recipe.js.map +1 -0
package/dist/commands/recipeInstall.d.ts +150 -0
package/dist/commands/recipeInstall.js +647 -0
package/dist/commands/recipeInstall.js.map +1 -0
package/dist/commands/tracesExport.d.ts +83 -0
package/dist/commands/tracesExport.js +269 -0
package/dist/commands/tracesExport.js.map +1 -0
package/dist/commands/tracesImport.d.ts +56 -0
package/dist/commands/tracesImport.js +161 -0
package/dist/commands/tracesImport.js.map +1 -0
package/dist/commitIssueLinkLog.d.ts +8 -0
package/dist/commitIssueLinkLog.js +53 -1
package/dist/commitIssueLinkLog.js.map +1 -1
package/dist/config.d.ts +23 -2
package/dist/config.js +119 -9
package/dist/config.js.map +1 -1
package/dist/connectorRoutes.d.ts +43 -0
package/dist/connectorRoutes.js +1300 -0
package/dist/connectorRoutes.js.map +1 -0
package/dist/connectors/asana.d.ts +198 -0
package/dist/connectors/asana.js +679 -0
package/dist/connectors/asana.js.map +1 -0
package/dist/connectors/baseConnector.d.ts +153 -0
package/dist/connectors/baseConnector.js +336 -0
package/dist/connectors/baseConnector.js.map +1 -0
package/dist/connectors/confluence.d.ts +111 -0
package/dist/connectors/confluence.js +406 -0
package/dist/connectors/confluence.js.map +1 -0
package/dist/connectors/datadog.d.ts +116 -0
package/dist/connectors/datadog.js +385 -0
package/dist/connectors/datadog.js.map +1 -0
package/dist/connectors/discord.d.ts +150 -0
package/dist/connectors/discord.js +543 -0
package/dist/connectors/discord.js.map +1 -0
package/dist/connectors/fixtureLibrary.d.ts +21 -0
package/dist/connectors/fixtureLibrary.js +70 -0
package/dist/connectors/fixtureLibrary.js.map +1 -0
package/dist/connectors/fixtureRecorder.d.ts +1 -0
package/dist/connectors/fixtureRecorder.js +35 -0
package/dist/connectors/fixtureRecorder.js.map +1 -0
package/dist/connectors/github.js +17 -18
package/dist/connectors/github.js.map +1 -1
package/dist/connectors/gitlab.d.ts +180 -0
package/dist/connectors/gitlab.js +582 -0
package/dist/connectors/gitlab.js.map +1 -0
package/dist/connectors/gmail.d.ts +4 -1
package/dist/connectors/gmail.js +149 -27
package/dist/connectors/gmail.js.map +1 -1
package/dist/connectors/googleCalendar.d.ts +4 -1
package/dist/connectors/googleCalendar.js +88 -25
package/dist/connectors/googleCalendar.js.map +1 -1
package/dist/connectors/googleDrive.d.ts +34 -0
package/dist/connectors/googleDrive.js +321 -0
package/dist/connectors/googleDrive.js.map +1 -0
package/dist/connectors/htmlEscape.d.ts +5 -0
package/dist/connectors/htmlEscape.js +13 -0
package/dist/connectors/htmlEscape.js.map +1 -0
package/dist/connectors/hubspot.d.ts +112 -0
package/dist/connectors/hubspot.js +408 -0
package/dist/connectors/hubspot.js.map +1 -0
package/dist/connectors/intercom.d.ts +102 -0
package/dist/connectors/intercom.js +402 -0
package/dist/connectors/intercom.js.map +1 -0
package/dist/connectors/jira.d.ts +98 -0
package/dist/connectors/jira.js +396 -0
package/dist/connectors/jira.js.map +1 -0
package/dist/connectors/linear.js +30 -19
package/dist/connectors/linear.js.map +1 -1
package/dist/connectors/mcpOAuth.d.ts +3 -0
package/dist/connectors/mcpOAuth.js +64 -10
package/dist/connectors/mcpOAuth.js.map +1 -1
package/dist/connectors/mockConnector.d.ts +28 -0
package/dist/connectors/mockConnector.js +81 -0
package/dist/connectors/mockConnector.js.map +1 -0
package/dist/connectors/notion.d.ts +143 -0
package/dist/connectors/notion.js +424 -0
package/dist/connectors/notion.js.map +1 -0
package/dist/connectors/oauthStateStore.d.ts +31 -0
package/dist/connectors/oauthStateStore.js +52 -0
package/dist/connectors/oauthStateStore.js.map +1 -0
package/dist/connectors/pagerduty.d.ts +160 -0
package/dist/connectors/pagerduty.js +464 -0
package/dist/connectors/pagerduty.js.map +1 -0
package/dist/connectors/sentry.js +5 -13
package/dist/connectors/sentry.js.map +1 -1
package/dist/connectors/slack.d.ts +16 -1
package/dist/connectors/slack.js +155 -32
package/dist/connectors/slack.js.map +1 -1
package/dist/connectors/stripe.d.ts +116 -0
package/dist/connectors/stripe.js +379 -0
package/dist/connectors/stripe.js.map +1 -0
package/dist/connectors/tokenStorage.d.ts +35 -0
package/dist/connectors/tokenStorage.js +484 -0
package/dist/connectors/tokenStorage.js.map +1 -0
package/dist/connectors/zendesk.d.ts +104 -0
package/dist/connectors/zendesk.js +442 -0
package/dist/connectors/zendesk.js.map +1 -0
package/dist/cors.d.ts +10 -0
package/dist/cors.js +29 -0
package/dist/cors.js.map +1 -0
package/dist/decisionReplay.d.ts +72 -0
package/dist/decisionReplay.js +92 -0
package/dist/decisionReplay.js.map +1 -0
package/dist/decisionTraceLog.d.ts +6 -0
package/dist/decisionTraceLog.js +54 -2
package/dist/decisionTraceLog.js.map +1 -1
package/dist/drivers/claude/subprocess.d.ts +12 -2
package/dist/drivers/claude/subprocess.js +79 -6
package/dist/drivers/claude/subprocess.js.map +1 -1
package/dist/drivers/gemini/api.d.ts +18 -0
package/dist/drivers/gemini/api.js +29 -0
package/dist/drivers/gemini/api.js.map +1 -0
package/dist/drivers/gemini/index.d.ts +5 -1
package/dist/drivers/gemini/index.js +39 -5
package/dist/drivers/gemini/index.js.map +1 -1
package/dist/drivers/index.d.ts +8 -1
package/dist/drivers/index.js +10 -2
package/dist/drivers/index.js.map +1 -1
package/dist/drivers/local/index.d.ts +26 -0
package/dist/drivers/local/index.js +41 -0
package/dist/drivers/local/index.js.map +1 -0
package/dist/featureFlags.d.ts +79 -0
package/dist/featureFlags.js +208 -0
package/dist/featureFlags.js.map +1 -0
package/dist/fp/automationInterpreter.js +26 -21
package/dist/fp/automationInterpreter.js.map +1 -1
package/dist/fp/automationProgram.d.ts +1 -1
package/dist/fp/automationProgram.js.map +1 -1
package/dist/fp/automationState.js +4 -1
package/dist/fp/automationState.js.map +1 -1
package/dist/fp/policyParser.js +21 -1
package/dist/fp/policyParser.js.map +1 -1
package/dist/httpErrorResponse.d.ts +36 -0
package/dist/httpErrorResponse.js +46 -0
package/dist/httpErrorResponse.js.map +1 -0
package/dist/inboxRoutes.d.ts +22 -0
package/dist/inboxRoutes.js +193 -0
package/dist/inboxRoutes.js.map +1 -0
package/dist/index.d.ts +1 -1
package/dist/index.js +1403 -203
package/dist/index.js.map +1 -1
package/dist/installGuard.d.ts +25 -0
package/dist/installGuard.js +48 -0
package/dist/installGuard.js.map +1 -0
package/dist/mcpRoutes.d.ts +37 -0
package/dist/mcpRoutes.js +76 -0
package/dist/mcpRoutes.js.map +1 -0
package/dist/oauth.d.ts +20 -1
package/dist/oauth.js +214 -39
package/dist/oauth.js.map +1 -1
package/dist/oauthRoutes.d.ts +32 -0
package/dist/oauthRoutes.js +119 -0
package/dist/oauthRoutes.js.map +1 -0
package/dist/orchestrator/orchestratorBridge.js +2 -2
package/dist/orchestrator/orchestratorBridge.js.map +1 -1
package/dist/patchworkConfig.d.ts +29 -0
package/dist/patchworkConfig.js +100 -5
package/dist/patchworkConfig.js.map +1 -1
package/dist/pluginLoader.d.ts +28 -0
package/dist/pluginLoader.js +77 -11
package/dist/pluginLoader.js.map +1 -1
package/dist/pluginWatcher.js +8 -3
package/dist/pluginWatcher.js.map +1 -1
package/dist/preToolUseHook.d.ts +12 -0
package/dist/preToolUseHook.js +30 -1
package/dist/preToolUseHook.js.map +1 -1
package/dist/prompts.js +4 -0
package/dist/prompts.js.map +1 -1
package/dist/recipeOrchestration.d.ts +121 -0
package/dist/recipeOrchestration.js +965 -0
package/dist/recipeOrchestration.js.map +1 -0
package/dist/recipeRoutes.d.ts +185 -0
package/dist/recipeRoutes.js +1369 -0
package/dist/recipeRoutes.js.map +1 -0
package/dist/recipes/RecipeOrchestrator.d.ts +40 -0
package/dist/recipes/RecipeOrchestrator.js +51 -0
package/dist/recipes/RecipeOrchestrator.js.map +1 -0
package/dist/recipes/agentExecutor.d.ts +38 -0
package/dist/recipes/agentExecutor.js +50 -0
package/dist/recipes/agentExecutor.js.map +1 -0
package/dist/recipes/chainedRunner.d.ts +191 -0
package/dist/recipes/chainedRunner.js +759 -0
package/dist/recipes/chainedRunner.js.map +1 -0
package/dist/recipes/compiler.js +3 -3
package/dist/recipes/compiler.js.map +1 -1
package/dist/recipes/dependencyGraph.d.ts +39 -0
package/dist/recipes/dependencyGraph.js +199 -0
package/dist/recipes/dependencyGraph.js.map +1 -0
package/dist/recipes/disabledMarkers.d.ts +48 -0
package/dist/recipes/disabledMarkers.js +52 -0
package/dist/recipes/disabledMarkers.js.map +1 -0
package/dist/recipes/installer.js +3 -3
package/dist/recipes/installer.js.map +1 -1
package/dist/recipes/legacyRecipeCompat.d.ts +10 -0
package/dist/recipes/legacyRecipeCompat.js +131 -0
package/dist/recipes/legacyRecipeCompat.js.map +1 -0
package/dist/recipes/manifest.d.ts +47 -0
package/dist/recipes/manifest.js +156 -0
package/dist/recipes/manifest.js.map +1 -0
package/dist/recipes/migrationWarnings.d.ts +12 -0
package/dist/recipes/migrationWarnings.js +44 -0
package/dist/recipes/migrationWarnings.js.map +1 -0
package/dist/recipes/migrations/index.d.ts +24 -0
package/dist/recipes/migrations/index.js +55 -0
package/dist/recipes/migrations/index.js.map +1 -0
package/dist/recipes/migrations/types.d.ts +28 -0
package/dist/recipes/migrations/types.js +2 -0
package/dist/recipes/migrations/types.js.map +1 -0
package/dist/recipes/migrations/v1.d.ts +11 -0
package/dist/recipes/migrations/v1.js +18 -0
package/dist/recipes/migrations/v1.js.map +1 -0
package/dist/recipes/names.d.ts +40 -0
package/dist/recipes/names.js +66 -0
package/dist/recipes/names.js.map +1 -0
package/dist/recipes/nestedRecipeStep.d.ts +58 -0
package/dist/recipes/nestedRecipeStep.js +95 -0
package/dist/recipes/nestedRecipeStep.js.map +1 -0
package/dist/recipes/outputRegistry.d.ts +28 -0
package/dist/recipes/outputRegistry.js +52 -0
package/dist/recipes/outputRegistry.js.map +1 -0
package/dist/recipes/parser.js +4 -1
package/dist/recipes/parser.js.map +1 -1
package/dist/recipes/replayRun.d.ts +62 -0
package/dist/recipes/replayRun.js +97 -0
package/dist/recipes/replayRun.js.map +1 -0
package/dist/recipes/resolveRecipePath.d.ts +69 -0
package/dist/recipes/resolveRecipePath.js +202 -0
package/dist/recipes/resolveRecipePath.js.map +1 -0
package/dist/recipes/scheduler.d.ts +23 -7
package/dist/recipes/scheduler.js +225 -45
package/dist/recipes/scheduler.js.map +1 -1
package/dist/recipes/schema.d.ts +17 -2
package/dist/recipes/schemaGenerator.d.ts +28 -0
package/dist/recipes/schemaGenerator.js +565 -0
package/dist/recipes/schemaGenerator.js.map +1 -0
package/dist/recipes/stepObservation.d.ts +44 -0
package/dist/recipes/stepObservation.js +232 -0
package/dist/recipes/stepObservation.js.map +1 -0
package/dist/recipes/templateEngine.d.ts +62 -0
package/dist/recipes/templateEngine.js +201 -0
package/dist/recipes/templateEngine.js.map +1 -0
package/dist/recipes/toolRegistry.d.ts +186 -0
package/dist/recipes/toolRegistry.js +309 -0
package/dist/recipes/toolRegistry.js.map +1 -0
package/dist/recipes/tools/asana.d.ts +16 -0
package/dist/recipes/tools/asana.js +524 -0
package/dist/recipes/tools/asana.js.map +1 -0
package/dist/recipes/tools/calendar.d.ts +6 -0
package/dist/recipes/tools/calendar.js +61 -0
package/dist/recipes/tools/calendar.js.map +1 -0
package/dist/recipes/tools/confluence.d.ts +6 -0
package/dist/recipes/tools/confluence.js +254 -0
package/dist/recipes/tools/confluence.js.map +1 -0
package/dist/recipes/tools/datadog.d.ts +6 -0
package/dist/recipes/tools/datadog.js +239 -0
package/dist/recipes/tools/datadog.js.map +1 -0
package/dist/recipes/tools/diagnostics.d.ts +6 -0
package/dist/recipes/tools/diagnostics.js +36 -0
package/dist/recipes/tools/diagnostics.js.map +1 -0
package/dist/recipes/tools/discord.d.ts +18 -0
package/dist/recipes/tools/discord.js +254 -0
package/dist/recipes/tools/discord.js.map +1 -0
package/dist/recipes/tools/file.d.ts +12 -0
package/dist/recipes/tools/file.js +174 -0
package/dist/recipes/tools/file.js.map +1 -0
package/dist/recipes/tools/git.d.ts +6 -0
package/dist/recipes/tools/git.js +63 -0
package/dist/recipes/tools/git.js.map +1 -0
package/dist/recipes/tools/github.d.ts +6 -0
package/dist/recipes/tools/github.js +116 -0
package/dist/recipes/tools/github.js.map +1 -0
package/dist/recipes/tools/gitlab.d.ts +11 -0
package/dist/recipes/tools/gitlab.js +285 -0
package/dist/recipes/tools/gitlab.js.map +1 -0
package/dist/recipes/tools/gmail.d.ts +6 -0
package/dist/recipes/tools/gmail.js +451 -0
package/dist/recipes/tools/gmail.js.map +1 -0
package/dist/recipes/tools/googleDrive.d.ts +1 -0
package/dist/recipes/tools/googleDrive.js +55 -0
package/dist/recipes/tools/googleDrive.js.map +1 -0
package/dist/recipes/tools/hubspot.d.ts +6 -0
package/dist/recipes/tools/hubspot.js +232 -0
package/dist/recipes/tools/hubspot.js.map +1 -0
package/dist/recipes/tools/index.d.ts +30 -0
package/dist/recipes/tools/index.js +33 -0
package/dist/recipes/tools/index.js.map +1 -0
package/dist/recipes/tools/intercom.d.ts +6 -0
package/dist/recipes/tools/intercom.js +226 -0
package/dist/recipes/tools/intercom.js.map +1 -0
package/dist/recipes/tools/jira.d.ts +14 -0
package/dist/recipes/tools/jira.js +369 -0
package/dist/recipes/tools/jira.js.map +1 -0
package/dist/recipes/tools/linear.d.ts +7 -0
package/dist/recipes/tools/linear.js +307 -0
package/dist/recipes/tools/linear.js.map +1 -0
package/dist/recipes/tools/meetingNotes.d.ts +21 -0
package/dist/recipes/tools/meetingNotes.js +701 -0
package/dist/recipes/tools/meetingNotes.js.map +1 -0
package/dist/recipes/tools/notion.d.ts +6 -0
package/dist/recipes/tools/notion.js +278 -0
package/dist/recipes/tools/notion.js.map +1 -0
package/dist/recipes/tools/pagerduty.d.ts +15 -0
package/dist/recipes/tools/pagerduty.js +451 -0
package/dist/recipes/tools/pagerduty.js.map +1 -0
package/dist/recipes/tools/sentry.d.ts +12 -0
package/dist/recipes/tools/sentry.js +73 -0
package/dist/recipes/tools/sentry.js.map +1 -0
package/dist/recipes/tools/slack.d.ts +6 -0
package/dist/recipes/tools/slack.js +82 -0
package/dist/recipes/tools/slack.js.map +1 -0
package/dist/recipes/tools/stripe.d.ts +6 -0
package/dist/recipes/tools/stripe.js +265 -0
package/dist/recipes/tools/stripe.js.map +1 -0
package/dist/recipes/tools/zendesk.d.ts +6 -0
package/dist/recipes/tools/zendesk.js +245 -0
package/dist/recipes/tools/zendesk.js.map +1 -0
package/dist/recipes/validation.d.ts +13 -0
package/dist/recipes/validation.js +617 -0
package/dist/recipes/validation.js.map +1 -0
package/dist/recipes/yamlRunner.d.ts +130 -2
package/dist/recipes/yamlRunner.js +1009 -402
package/dist/recipes/yamlRunner.js.map +1 -1
package/dist/recipesHttp.d.ts +151 -6
package/dist/recipesHttp.js +999 -29
package/dist/recipesHttp.js.map +1 -1
package/dist/riskTier.js +7 -1
package/dist/riskTier.js.map +1 -1
package/dist/runLog.d.ts +100 -1
package/dist/runLog.js +258 -5
package/dist/runLog.js.map +1 -1
package/dist/schemas/dry-run-plan.v1.json +139 -0
package/dist/schemas/recipe.v1.json +684 -0
package/dist/server.d.ts +127 -8
package/dist/server.js +740 -933
package/dist/server.js.map +1 -1
package/dist/ssrfGuard.d.ts +54 -0
package/dist/ssrfGuard.js +122 -0
package/dist/ssrfGuard.js.map +1 -0
package/dist/streamableHttp.d.ts +39 -1
package/dist/streamableHttp.js +128 -17
package/dist/streamableHttp.js.map +1 -1
package/dist/tokenUsageTracker.d.ts +33 -0
package/dist/tokenUsageTracker.js +146 -0
package/dist/tokenUsageTracker.js.map +1 -0
package/dist/tools/activityLog.d.ts +2 -0
package/dist/tools/addLinearComment.d.ts +1 -0
package/dist/tools/addLinearComment.js +4 -2
package/dist/tools/addLinearComment.js.map +1 -1
package/dist/tools/batchLsp.d.ts +3 -0
package/dist/tools/bridgeDoctor.d.ts +1 -0
package/dist/tools/bridgeDoctor.js +2 -2
package/dist/tools/bridgeDoctor.js.map +1 -1
package/dist/tools/bridgeStatus.d.ts +1 -0
package/dist/tools/cancelClaudeTask.d.ts +2 -0
package/dist/tools/cancelClaudeTask.js +1 -0
package/dist/tools/cancelClaudeTask.js.map +1 -1
package/dist/tools/checkDocumentDirty.d.ts +1 -0
package/dist/tools/clipboard.d.ts +2 -0
package/dist/tools/closeTabs.d.ts +2 -0
package/dist/tools/codeLens.d.ts +1 -0
package/dist/tools/contextBundle.d.ts +1 -0
package/dist/tools/createIssueFromAIComment.d.ts +1 -0
package/dist/tools/createLinearIssue.d.ts +1 -0
package/dist/tools/ctxGetTaskContext.d.ts +1 -0
package/dist/tools/ctxQueryTraces.d.ts +1 -0
package/dist/tools/ctxSaveTrace.d.ts +1 -0
package/dist/tools/debug.d.ts +4 -0
package/dist/tools/decorations.d.ts +2 -0
package/dist/tools/documentLinks.d.ts +1 -0
package/dist/tools/editText.d.ts +1 -0
package/dist/tools/enrichCommit.d.ts +1 -0
package/dist/tools/enrichStackTrace.d.ts +1 -0
package/dist/tools/explainDiagnostic.d.ts +1 -0
package/dist/tools/explainSymbol.d.ts +1 -0
package/dist/tools/fetchCalendarEvents.d.ts +1 -0
package/dist/tools/fetchGithubIssue.d.ts +1 -0
package/dist/tools/fetchGithubPR.d.ts +1 -0
package/dist/tools/fetchLinearIssue.d.ts +1 -0
package/dist/tools/fetchSentryIssue.d.ts +1 -0
package/dist/tools/fetchSlackProfile.d.ts +1 -0
package/dist/tools/fetchSlackProfile.js +4 -1
package/dist/tools/fetchSlackProfile.js.map +1 -1
package/dist/tools/fileOperations.d.ts +3 -0
package/dist/tools/fileWatcher.d.ts +2 -0
package/dist/tools/findFiles.d.ts +1 -0
package/dist/tools/findRelatedTests.d.ts +1 -0
package/dist/tools/fixAllLintErrors.d.ts +1 -0
package/dist/tools/foldingRanges.d.ts +1 -0
package/dist/tools/formatDocument.d.ts +1 -0
package/dist/tools/generateTests.d.ts +1 -0
package/dist/tools/getAIComments.d.ts +1 -0
package/dist/tools/getAnalyticsReport.d.ts +1 -0
package/dist/tools/getArchitectureContext.d.ts +1 -0
package/dist/tools/getBufferContent.d.ts +1 -0
package/dist/tools/getChangeImpact.d.ts +1 -0
package/dist/tools/getClaudeTaskStatus.d.ts +2 -0
package/dist/tools/getClaudeTaskStatus.js +1 -0
package/dist/tools/getClaudeTaskStatus.js.map +1 -1
package/dist/tools/getCodeCoverage.d.ts +1 -0
package/dist/tools/getCommitsForIssue.d.ts +1 -0
package/dist/tools/getConnectorStatus.d.ts +1 -0
package/dist/tools/getCurrentSelection.d.ts +2 -0
package/dist/tools/getDebugState.d.ts +1 -0
package/dist/tools/getDependencyTree.d.ts +1 -0
package/dist/tools/getDiagnostics.d.ts +1 -0
package/dist/tools/getDiffFromHandoff.d.ts +1 -0
package/dist/tools/getDocumentSymbols.d.ts +25 -0
package/dist/tools/getDocumentSymbols.js +74 -8
package/dist/tools/getDocumentSymbols.js.map +1 -1
package/dist/tools/getFileTree.d.ts +1 -0
package/dist/tools/getGitDiff.d.ts +1 -0
package/dist/tools/getGitHotspots.d.ts +1 -0
package/dist/tools/getGitLog.d.ts +1 -0
package/dist/tools/getGitStatus.d.ts +1 -0
package/dist/tools/getImportTree.d.ts +1 -0
package/dist/tools/getImportedSignatures.d.ts +1 -0
package/dist/tools/getOpenEditors.d.ts +1 -0
package/dist/tools/getPRTemplate.d.ts +1 -0
package/dist/tools/getProjectContext.d.ts +1 -0
package/dist/tools/getProjectInfo.d.ts +1 -0
package/dist/tools/getSecurityAdvisories.d.ts +1 -0
package/dist/tools/getSecurityAdvisories.js +10 -1
package/dist/tools/getSecurityAdvisories.js.map +1 -1
package/dist/tools/getSessionUsage.d.ts +4 -0
package/dist/tools/getSessionUsage.js +3 -0
package/dist/tools/getSessionUsage.js.map +1 -1
package/dist/tools/getSymbolHistory.d.ts +1 -0
package/dist/tools/getToolCapabilities.d.ts +1 -0
package/dist/tools/getTypeSignature.d.ts +1 -0
package/dist/tools/getWorkspaceFolders.d.ts +1 -0
package/dist/tools/getWorkspaceSettings.d.ts +1 -0
package/dist/tools/gitHistory.d.ts +2 -0
package/dist/tools/gitWrite.d.ts +11 -0
package/dist/tools/github/actions.d.ts +2 -0
package/dist/tools/github/actions.js +4 -2
package/dist/tools/github/actions.js.map +1 -1
package/dist/tools/github/composite.d.ts +342 -0
package/dist/tools/github/composite.js +343 -0
package/dist/tools/github/composite.js.map +1 -0
package/dist/tools/github/index.d.ts +1 -0
package/dist/tools/github/index.js +1 -0
package/dist/tools/github/index.js.map +1 -1
package/dist/tools/github/issues.d.ts +4 -0
package/dist/tools/github/issues.js +8 -4
package/dist/tools/github/issues.js.map +1 -1
package/dist/tools/github/pr.d.ts +7 -0
package/dist/tools/github/pr.js +50 -12
package/dist/tools/github/pr.js.map +1 -1
package/dist/tools/handoffNote.d.ts +4 -0
package/dist/tools/handoffNote.js +2 -0
package/dist/tools/handoffNote.js.map +1 -1
package/dist/tools/hoverAtCursor.d.ts +1 -0
package/dist/tools/httpClient.d.ts +2 -0
package/dist/tools/index.d.ts +8 -0
package/dist/tools/index.js +47 -8
package/dist/tools/index.js.map +1 -1
package/dist/tools/inlayHints.d.ts +1 -0
package/dist/tools/launchQuickTask.d.ts +2 -0
package/dist/tools/launchQuickTask.js +1 -0
package/dist/tools/launchQuickTask.js.map +1 -1
package/dist/tools/listClaudeTasks.d.ts +2 -0
package/dist/tools/listClaudeTasks.js +1 -0
package/dist/tools/listClaudeTasks.js.map +1 -1
package/dist/tools/listTerminals.d.ts +1 -0
package/dist/tools/lsp.d.ts +14 -0
package/dist/tools/navigateToSymbolByName.d.ts +1 -0
package/dist/tools/openDiff.d.ts +1 -0
package/dist/tools/openFile.d.ts +1 -0
package/dist/tools/openInBrowser.d.ts +1 -0
package/dist/tools/organizeImports.d.ts +1 -0
package/dist/tools/performanceReport.d.ts +1 -0
package/dist/tools/planPersistence.d.ts +5 -0
package/dist/tools/previewEdit.d.ts +1 -0
package/dist/tools/refactorAnalyze.d.ts +1 -0
package/dist/tools/refactorPreview.d.ts +2 -0
package/dist/tools/refactorPreview.js +1 -0
package/dist/tools/refactorPreview.js.map +1 -1
package/dist/tools/replaceBlock.d.ts +1 -0
package/dist/tools/resumeClaudeTask.d.ts +2 -0
package/dist/tools/resumeClaudeTask.js +1 -0
package/dist/tools/resumeClaudeTask.js.map +1 -1
package/dist/tools/runClaudeTask.d.ts +2 -0
package/dist/tools/runClaudeTask.js +1 -0
package/dist/tools/runClaudeTask.js.map +1 -1
package/dist/tools/runCommand.d.ts +1 -0
package/dist/tools/runCommand.js +5 -0
package/dist/tools/runCommand.js.map +1 -1
package/dist/tools/runTests.d.ts +1 -0
package/dist/tools/saveDocument.d.ts +1 -0
package/dist/tools/screenshotAndAnnotate.d.ts +1 -0
package/dist/tools/searchAndReplace.d.ts +1 -0
package/dist/tools/searchTools.d.ts +1 -0
package/dist/tools/searchTools.js +1 -1
package/dist/tools/searchTools.js.map +1 -1
package/dist/tools/searchWorkspace.d.ts +1 -0
package/dist/tools/selectionRanges.d.ts +1 -0
package/dist/tools/semanticTokens.d.ts +1 -0
package/dist/tools/setActiveWorkspaceFolder.d.ts +1 -0
package/dist/tools/signatureHelp.d.ts +1 -0
package/dist/tools/slackListChannels.d.ts +1 -0
package/dist/tools/slackListChannels.js.map +1 -1
package/dist/tools/slackPostMessage.d.ts +1 -0
package/dist/tools/slackPostMessage.js +11 -6
package/dist/tools/slackPostMessage.js.map +1 -1
package/dist/tools/terminal.d.ts +6 -0
package/dist/tools/terminal.js +4 -0
package/dist/tools/terminal.js.map +1 -1
package/dist/tools/testTraceToSource.d.ts +1 -0
package/dist/tools/testTraceToSource.js +2 -2
package/dist/tools/testTraceToSource.js.map +1 -1
package/dist/tools/transaction.d.ts +23 -0
package/dist/tools/transaction.js +29 -0
package/dist/tools/transaction.js.map +1 -1
package/dist/tools/typeHierarchy.d.ts +1 -0
package/dist/tools/updateLinearIssue.d.ts +1 -0
package/dist/tools/updateLinearIssue.js +20 -6
package/dist/tools/updateLinearIssue.js.map +1 -1
package/dist/tools/utils.d.ts +6 -0
package/dist/tools/utils.js +59 -0
package/dist/tools/utils.js.map +1 -1
package/dist/tools/vscodeCommands.d.ts +2 -0
package/dist/tools/vscodeTasks.d.ts +2 -0
package/dist/tools/workspaceSettings.d.ts +1 -0
package/dist/traceEncryption.d.ts +46 -0
package/dist/traceEncryption.js +124 -0
package/dist/traceEncryption.js.map +1 -0
package/dist/transport.d.ts +46 -1
package/dist/transport.js +173 -19
package/dist/transport.js.map +1 -1
package/package.json +30 -8
package/scripts/mcp-stdio-shim.cjs +19 -3
package/scripts/start-all.sh +34 -3
package/templates/automation-policies/recipe-authoring.json +25 -0
package/templates/automation-policy.example.json +6 -0
package/templates/co.patchwork-os.bridge.plist +34 -0
package/templates/policies/README.md +72 -0
package/templates/policies/conservative.json +14 -0
package/templates/policies/developer.json +14 -0
package/templates/policies/headless-ci.json +24 -0
package/templates/policies/personal-assistant.json +15 -0
package/templates/policies/regulated-industry.json +18 -0
package/templates/recipes/approval-queue-ui-test.yaml +205 -0
package/templates/recipes/lint-on-save.yaml +1 -2
package/templates/recipes/morning-brief-slack.yaml +57 -0
package/templates/recipes/morning-brief.yaml +2 -2
package/templates/recipes/project-health-check.yaml +50 -0
package/templates/recipes/webhook/README.md +70 -0
package/templates/recipes/webhook/capture-thought.yaml +26 -0
package/templates/recipes/webhook/customer-escalation.yaml +49 -0
package/templates/recipes/webhook/incident-intake.yaml +46 -0
package/templates/recipes/webhook/meeting-prep.yaml +48 -0
package/templates/recipes/webhook/morning-brief.yaml +57 -0

package/dist/bridge.js CHANGED Viewed

@@ -5,33 +5,38 @@ import path from "node:path";
 import { WebSocket } from "ws";
 import { ActivityLog } from "./activityLog.js";
 import { buildSummary } from "./analyticsAggregator.js";
-import { getAnalyticsPref } from "./analyticsPrefs.js";
+import { getAnalyticsPref, getAnalyticsSalt } from "./analyticsPrefs.js";
 import { sendAnalytics } from "./analyticsSend.js";
 import { getApprovalQueue } from "./approvalQueue.js";
 import { AutomationHooks, loadPolicy } from "./automation.js";
 import { loadOrCreateBridgeToken } from "./bridgeToken.js";
 import { repairBridgeToolsRulesIfStale } from "./bridgeToolsRules.js";
-import { createDriver } from "./claudeDriver.js";
 import { ClaudeOrchestrator } from "./claudeOrchestrator.js";
 import { CommitIssueLinkLog } from "./commitIssueLinkLog.js";
 import { DecisionTraceLog } from "./decisionTraceLog.js";
+import { createDriver } from "./drivers/index.js";
 import { ExtensionClient } from "./extensionClient.js";
+import { lockKillSwitchEnv } from "./featureFlags.js";
 import { FileLock } from "./fileLock.js";
 import { buildEnforcementReminder } from "./instructionsUtils.js";
 import { LockFileManager } from "./lockfile.js";
 import { Logger } from "./logger.js";
 import { OAuthServerImpl } from "./oauth.js";
+import { defaultConfigPath, getApiKeysPresent, loadConfig as loadPatchworkConfig, } from "./patchworkConfig.js";
 import { loadPlugins, loadPluginsFull } from "./pluginLoader.js";
 import { PluginWatcher } from "./pluginWatcher.js";
+import { isPreToolUseHookRegistered } from "./preToolUseHook.js";
 import { probeAll } from "./probe.js";
-import { RecipeScheduler } from "./recipes/scheduler.js";
-import { findWebhookRecipe, listInstalledRecipes, loadRecipePrompt, renderWebhookPrompt, saveRecipe, } from "./recipesHttp.js";
+import { RecipeOrchestration } from "./recipeOrchestration.js";
+import { warnAboutLegacyPermissionsSidecars } from "./recipes/migrationWarnings.js";
+import { RecipeOrchestrator } from "./recipes/RecipeOrchestrator.js";
 import { classifyTool } from "./riskTier.js";
 import { RecipeRunLog } from "./runLog.js";
 import { Server } from "./server.js";
 import { SessionCheckpoint } from "./sessionCheckpoint.js";
 import { StreamableHttpHandler } from "./streamableHttp.js";
 import { initTelemetry, shutdownTelemetry } from "./telemetry.js";
+import { TokenUsageTracker } from "./tokenUsageTracker.js";
 import { createCtxQueryTracesTool } from "./tools/ctxQueryTraces.js";
 import { readNote, writeNote } from "./tools/handoffNote.js";
 import { registerAllTools } from "./tools/index.js";
@@ -112,8 +117,10 @@ export class Bridge {
     pluginTools = [];
     pluginWatcher = null;
     automationHooks = undefined;
+    recipeOrchestration = null;
     recipeScheduler = null;
     recipeRunLog = null;
+    recipeOrchestrator = null;
     commitIssueLinkLog = null;
     decisionTraceLog = null;
     /** Pre-computed digest of recent decisions, refreshed on each session connect. */
@@ -129,6 +136,7 @@ export class Bridge {
     /** ISO timestamp of last getProjectContext cache write — drives status-bar "context X min ago". */
     _lastContextCachedAt = null;
     wsHeartbeatInterval = null;
+    tokenUsageTracker;
     constructor(config) {
         this.config = config;
         this.logger = new Logger(config.verbose, config.jsonl);
@@ -136,6 +144,7 @@ export class Bridge {
         const configDir = process.env.CLAUDE_CONFIG_DIR ?? path.join(os.homedir(), ".claude");
         this.authToken = config.fixedToken ?? loadOrCreateBridgeToken(configDir);
         this.server = new Server(this.authToken, this.logger, config.corsOrigins);
+        this.server.bridgeConfigPath = config.configFilePath ?? undefined;
         if (config.issuerUrl) {
             this.oauthServer = new OAuthServerImpl(this.authToken, config.issuerUrl, {
                 configDir,
@@ -150,6 +159,10 @@ export class Bridge {
             this.logger.info(`Audit log: ${config.auditLogPath}`);
         }
         this.extensionClient = new ExtensionClient(this.logger);
+        this.tokenUsageTracker = new TokenUsageTracker({
+            workspace: config.workspace,
+            logger: { warn: (m) => this.logger.warn(m) },
+        });
         // Handle new Claude Code connections
         this.server.on("connection", async (ws) => {
             // Reject connections before probes are ready
@@ -181,6 +194,15 @@ export class Bridge {
                     existing.graceTimer = null;
                     existing.ws = ws;
                     existing.wsAlive = true;
+                    // Clean up old WS listener + reject stale pending elicitations
+                    // before attaching the new socket. Without this, the previous
+                    // listener accumulates and pending elicitations from the old
+                    // client can resolve against the new connection's `activeWs`,
+                    // surfacing prompts to a client that didn't request them.
+                    // Intentionally NOT calling `detach()` — that would abort
+                    // in-flight tool calls, but grace-period semantics preserve
+                    // those across the reconnect.
+                    existing.transport.detachSoft();
                     existing.transport.attach(ws);
                     ws.on("pong", () => {
                         existing.wsAlive = true;
@@ -239,8 +261,26 @@ export class Bridge {
             transport.sessionId = sessionId;
             transport.setActivityLog(this.activityLog);
             transport.setToolRateLimit(this.config.toolRateLimit);
+            if (this.config.lazyTools)
+                transport.setLazyTools(true);
             if (this.server.approvalGate !== "off") {
                 this.logger.info(`[patchwork] approval gate active: ${this.server.approvalGate} tier(s) require dashboard approval`);
+                // The approval gate only sees traffic if Claude Code's PreToolUse
+                // hook is registered to POST into /approvals. If it isn't, every
+                // CC tool call bypasses the bridge entirely — the queue stays
+                // empty, no `approval_decision` rows accumulate, and the entire
+                // personalSignals catalog has no input data. Silent foot-gun
+                // that wasted hours of investigation; surface it loudly.
+                try {
+                    const ccSettingsPath = path.join(process.env.CLAUDE_CONFIG_DIR ?? path.join(os.homedir(), ".claude"), "settings.json");
+                    if (!isPreToolUseHookRegistered(ccSettingsPath)) {
+                        this.logger.warn?.(`[patchwork] WARNING: approval gate is on but no PreToolUse hook found in ${ccSettingsPath}. ` +
+                            `Claude Code will bypass the approval queue. Run 'patchwork-init' to register the hook.`);
+                    }
+                }
+                catch {
+                    // Best-effort warning — never block startup on a hook check failure.
+                }
                 transport.setApprovalGate(async ({ toolName, params, sessionId }) => {
                     const tier = classifyTool(toolName);
                     if (this.server.approvalGate === "off")
@@ -677,7 +717,11 @@ export class Bridge {
     async start() {
         // 0. Initialize OpenTelemetry (no-op when OTEL_EXPORTER_OTLP_ENDPOINT is unset)
         initTelemetry();
-        // 0a. Auto-repair .claude/rules/bridge-tools.md if stale (present but missing the
+        // 0a. Snapshot env-derived kill-switch flags. After this, plugins or
+        // recipe steps mutating `process.env.PATCHWORK_FLAG_*` cannot disable an
+        // active emergency stop. Closes MED-2 from the 2026-04-28 audit.
+        lockKillSwitchEnv();
+        // 0b. Auto-repair .claude/rules/bridge-tools.md if stale (present but missing the
         // current version sentinel). Older package versions write stale files that may
         // lack new tool substitution rules. Repair is silent on success; falls back to
         // warn-only if the template is missing or the write fails.
@@ -685,6 +729,7 @@ export class Bridge {
         // 1. Probe available CLI tools (pass workspace so local node_modules/.bin is checked)
         this.probes = await probeAll(this.config.workspace);
         this.ready = true;
+        this.tokenUsageTracker.start();
         // 2. Load plugins (after probes, before accepting sessions)
         this.pluginTools = await loadPlugins(this.config.plugins, this.config, this.logger);
         if (this.config.pluginWatch && this.config.plugins.length > 0) {
@@ -703,8 +748,21 @@ export class Bridge {
         this.logger.info(`Available linters: ${probeList(["tsc", "eslint", "pyright", "ruff", "cargo", "go", "biome"])}`);
         this.logger.info(`Available test runners: ${probeList(["vitest", "jest", "pytest", "cargo", "go"])}`);
         // 2. Initialize Claude driver and orchestrator (if configured)
-        if (this.config.claudeDriver !== "none") {
-            const driver = createDriver(this.config.claudeDriver, this.config.claudeBinary, this.config.antBinary, (msg) => this.logger.info(msg));
+        if (this.config.driver !== "none") {
+            const driver = createDriver(this.config.driver, {
+                binary: this.config.claudeBinary,
+                antBinary: this.config.antBinary,
+                // Provided to all subprocess-style drivers (claude, gemini). The
+                // claude SubprocessDriver only injects --mcp-config when the spawned
+                // task sets providerOptions.mcpAccess=true (per-recipe-step opt-in).
+                // Gemini wires it unconditionally into ~/.gemini/settings.json.
+                bridgeMcp: () => this.port > 0
+                    ? {
+                        url: `http://127.0.0.1:${this.port}/mcp`,
+                        authToken: this.authToken,
+                    }
+                    : undefined,
+            }, (msg) => this.logger.info(msg));
             // Patchwork: enrichment link log is useful regardless of orchestrator.
             const patchworkDir = path.join(os.homedir(), ".patchwork");
             this.commitIssueLinkLog = new CommitIssueLinkLog({
@@ -764,17 +822,33 @@ export class Bridge {
                     },
                 });
                 this.logger.info(`[bridge] Claude driver: ${driver.name}`);
-                // Patchwork: start cron-trigger scheduler once the orchestrator exists.
+                // Recipe orchestrator — owns in-flight dedup across all entry paths.
+                this.recipeOrchestrator = new RecipeOrchestrator({
+                    workdir: this.config.workspace,
+                });
+                // Patchwork: wire recipe server fns + build cron scheduler.
                 const recipesDir = path.join(os.homedir(), ".patchwork", "recipes");
-                this.recipeScheduler = new RecipeScheduler({
+                // One-shot scan for legacy `<name>.permissions.json` sidecars (alpha.36+
+                // no longer generates them). Skipped under NODE_ENV=test.
+                warnAboutLegacyPermissionsSidecars(recipesDir);
+                this.recipeOrchestration = new RecipeOrchestration({
+                    server: this.server,
+                    getOrchestrator: () => this.orchestrator,
+                    recipeOrchestrator: this.recipeOrchestrator,
+                    recipeRunLog: this.recipeRunLog,
+                    activityLog: this.activityLog,
+                    workdir: this.config.workspace,
+                    logger: this.logger,
+                });
+                this.recipeOrchestration.wireServerFns();
+                this.recipeScheduler = RecipeOrchestration.buildScheduler({
                     recipesDir,
-                    enqueue: (opts) => this.orchestrator.enqueue(opts),
+                    runRecipeFn: async (name) => this.server.runRecipeFn?.(name),
+                    enqueue: (opts) => this.orchestrator?.enqueue(opts) ?? "",
                     logger: this.logger,
                 });
-                const scheduled = this.recipeScheduler.start();
-                if (scheduled.length > 0) {
-                    this.logger.info(`[patchwork] scheduled ${scheduled.length} cron recipe${scheduled.length === 1 ? "" : "s"}`);
-                }
+                // scheduler.start() deferred to after this.port is set (see below)
+                // so bridgeMcp callback has a valid port when first cron fires.
             }
         }
         if (this.config.automationEnabled) {
@@ -808,6 +882,7 @@ export class Bridge {
                 extensionCircuitBreaker: this.extensionClient.getCircuitBreakerState(),
                 extensionDisconnectCount: this.extensionDisconnectCount,
                 recentActivity: this.activityLog.query({ last: 10 }),
+                tokens: this.tokenUsageTracker.getTotals(),
             };
         };
         this.server.metricsFn = () => this.activityLog.toPrometheus({
@@ -974,6 +1049,37 @@ export class Bridge {
             };
         };
         this.server.streamFn = (listener) => this.activityLog.subscribe(listener);
+        this.server.cancelTaskFn = (id) => this.orchestrator?.cancel(id, "user") ?? false;
+        // Wire `/sessions` for the dashboard's Sessions page. The same Map is
+        // already iterated by `statusFn` for the bridge-status payload — exposing
+        // it as a list-only endpoint lets the dashboard render per-session cards
+        // without coupling to the rest of the status payload. Without this the
+        // page returns 404 forever (sessionsFn was declared but never assigned),
+        // even when sessions are connected.
+        this.server.sessionsFn = () => {
+            const approvals = getApprovalQueue().list();
+            const pendingBySession = new Map();
+            for (const a of approvals) {
+                if (!a.sessionId)
+                    continue;
+                // Match by 8-char prefix because the dashboard's session id is
+                // the same prefix shape (statusFn emits `s.id.slice(0, 8)`).
+                const prefix = a.sessionId.slice(0, 8);
+                pendingBySession.set(prefix, (pendingBySession.get(prefix) ?? 0) + 1);
+            }
+            const out = [];
+            for (const s of this.sessions.values()) {
+                const id = s.id.slice(0, 8);
+                out.push({
+                    id,
+                    connectedAt: new Date(s.connectedAt).toISOString(),
+                    openedFileCount: s.openedFiles.size,
+                    pendingApprovals: pendingBySession.get(id) ?? 0,
+                    ...(s.remoteAddr ? { remoteAddr: s.remoteAddr } : {}),
+                });
+            }
+            return out;
+        };
         this.server.tasksFn = () => ({
             tasks: (this.orchestrator?.list() ?? []).map((t) => ({
                 taskId: t.id,
@@ -1000,134 +1106,21 @@ export class Bridge {
         this.server.approvalWebhookUrl =
             this.config.approvalWebhookUrl ?? undefined;
         this.server.onApprovalDecision = (event, meta) => this.activityLog.recordEvent(event, meta);
-        this.server.recipesFn = () => {
-            const recipesDir = path.join(os.homedir(), ".patchwork", "recipes");
-            return listInstalledRecipes(recipesDir);
-        };
-        this.server.saveRecipeFn = (draft) => {
-            const recipesDir = path.join(os.homedir(), ".patchwork", "recipes");
-            return saveRecipe(recipesDir, draft);
-        };
-        this.server.runsFn = (q) => {
-            if (!this.recipeRunLog)
-                return [];
-            return this.recipeRunLog.query({
-                ...(q.limit !== undefined && { limit: q.limit }),
-                ...(q.trigger !== undefined && {
-                    trigger: q.trigger,
-                }),
-                ...(q.status !== undefined && {
-                    status: q.status,
-                }),
-                ...(q.recipe !== undefined && { recipe: q.recipe }),
-                ...(q.after !== undefined && { after: q.after }),
-            });
-        };
-        this.server.sessionsFn = () => [...this.sessions.values()].map((s) => {
-            const tools = this.activityLog.querySessionTools(s.id, 1);
-            return {
-                id: s.id,
-                connectedAt: new Date(s.connectedAt).toISOString(),
-                openedFileCount: s.openedFiles.size,
-                pendingApprovals: getApprovalQueue()
-                    .list()
-                    .filter((a) => a.sessionId === s.id).length,
-                firstTool: tools[0]?.tool,
-                remoteAddr: s.remoteAddr,
-            };
-        });
-        this.server.sessionDetailFn = (id) => {
-            const s = this.sessions.get(id);
-            const summary = s
-                ? {
-                    id: s.id,
-                    connectedAt: new Date(s.connectedAt).toISOString(),
-                    openedFileCount: s.openedFiles.size,
-                    pendingApprovals: getApprovalQueue()
-                        .list()
-                        .filter((a) => a.sessionId === s.id).length,
-                }
-                : null;
-            const lifecycle = this.activityLog.querySessionLifecycle(id, 100);
-            const tools = this.activityLog.querySessionTools(id, 100);
-            const decisions = this.decisionTraceLog?.query({ sessionId: id, limit: 50 }) ?? [];
-            const approvals = getApprovalQueue()
-                .list()
-                .filter((a) => a.sessionId === id);
-            return {
-                summary,
-                lifecycle: lifecycle,
-                tools: tools,
-                decisions: decisions,
-                approvals: approvals,
-            };
-        };
-        this.server.webhookFn = async (hookPath, payload) => {
-            if (!this.orchestrator) {
-                return {
-                    ok: false,
-                    error: "orchestrator_unavailable",
-                };
-            }
-            const recipesDir = path.join(os.homedir(), ".patchwork", "recipes");
-            const match = findWebhookRecipe(recipesDir, hookPath);
-            if (!match) {
-                return { ok: false, error: "not_found" };
-            }
-            const loaded = loadRecipePrompt(recipesDir, match.name);
-            if (!loaded) {
-                return { ok: false, error: "recipe_file_missing" };
-            }
-            try {
-                const taskId = this.orchestrator.enqueue({
-                    prompt: renderWebhookPrompt(loaded.prompt, payload),
-                    triggerSource: `webhook:${match.name}`,
-                });
-                return { ok: true, taskId, name: match.name };
-            }
-            catch (err) {
-                return {
-                    ok: false,
-                    error: err instanceof Error ? err.message : String(err),
-                };
-            }
-        };
-        this.server.runRecipeFn = async (name, vars) => {
-            if (!this.orchestrator) {
-                return {
-                    ok: false,
-                    error: "Orchestrator unavailable — start bridge with --claude-driver subprocess",
-                };
-            }
-            const recipesDir = path.join(os.homedir(), ".patchwork", "recipes");
-            const loaded = loadRecipePrompt(recipesDir, name);
-            if (!loaded) {
-                return {
-                    ok: false,
-                    error: `Recipe "${name}" not found in ${recipesDir}`,
-                };
-            }
-            try {
-                let prompt = loaded.prompt;
-                if (vars && Object.keys(vars).length > 0) {
-                    const varLines = Object.entries(vars)
-                        .map(([k, v]) => `${k}=${v}`)
-                        .join("\n");
-                    prompt = `Variables:\n${varLines}\n\n${prompt}`;
-                }
-                const taskId = this.orchestrator.enqueue({
-                    prompt,
-                    triggerSource: `recipe:${name}`,
-                });
-                return { ok: true, taskId };
-            }
-            catch (err) {
-                return {
-                    ok: false,
-                    error: err instanceof Error ? err.message : String(err),
-                };
-            }
-        };
+        // Wire activityLog into approvalHttp so passive risk personalization
+        // signals (src/approvalSignals.ts) actually compute against the
+        // user's history. Without this, the personalSignals catalog is
+        // defined but inert — every approval queue entry has
+        // personalSignals: undefined.
+        this.server.activityLog = this.activityLog;
+        // Same wire pattern for h6 (recipe-step trust). recipeRunLog may be
+        // undefined when no orchestrator is configured; that's fine — h6
+        // silently skips and the other 11 heuristics still compute.
+        this.server.recipeRunLog = this.recipeRunLog ?? undefined;
+        // Opt-in switch for personalSignals h10 (time-of-day anomaly).
+        // Default false; user enables via --enable-time-of-day-anomaly or
+        // ~/.patchwork/config.json's enableTimeOfDayAnomaly field.
+        this.server.enableTimeOfDayAnomaly =
+            this.config.enableTimeOfDayAnomaly ?? false;
         this.server.readyFn = () => {
             // Count tools from the first active session (all sessions share the same tool set)
             const anySession = [...this.sessions.values()][0];
@@ -1165,15 +1158,29 @@ export class Bridge {
                 extension: this.extensionClient.isConnected(),
                 extensionCircuitBreaker: this.extensionClient.getCircuitBreakerState(),
                 timeline: this.activityLog.queryTimeline({ last: 50 }),
-                patchwork: {
-                    workspace: this.config.workspace,
-                    approvalGate: this.server.approvalGate,
-                    fullMode: this.config.fullMode,
-                    claudeDriver: this.config.claudeDriver,
-                    automationEnabled: this.config.automationEnabled,
-                    port: this.port,
-                    webhookUrl: this.server.approvalWebhookUrl ?? null,
-                },
+                patchwork: (() => {
+                    const cfg = loadPatchworkConfig();
+                    return {
+                        workspace: this.config.workspace,
+                        approvalGate: this.server.approvalGate,
+                        enableTimeOfDayAnomaly: this.server.enableTimeOfDayAnomaly,
+                        fullMode: this.config.fullMode,
+                        driver: this.config.driver,
+                        model: cfg.model,
+                        localEndpoint: cfg.localEndpoint,
+                        localModel: cfg.localModel,
+                        automationEnabled: this.config.automationEnabled,
+                        port: this.port,
+                        httpPort: this.port,
+                        inboxDir: path.join(os.homedir(), ".patchwork", "inbox"),
+                        configPath: defaultConfigPath(),
+                        apiKeysPresent: getApiKeysPresent(),
+                        webhookUrl: this.server.approvalWebhookUrl ?? null,
+                        pushServiceUrl: this.server.pushServiceUrl ?? null,
+                        pushServiceToken: this.server.pushServiceToken ? "***" : null,
+                        pushServiceBaseUrl: this.server.pushServiceBaseUrl ?? null,
+                    };
+                })(),
             };
         };
         // 3b-notify. Wire CC hook notify endpoint
@@ -1259,6 +1266,31 @@ export class Bridge {
             : null, async () => {
             await this.refreshRecentTracesDigest();
             return this.buildInstructions();
+        },
+        // Tail-end deps so `registerAllTools` registers the same tool set
+        // on Streamable-HTTP sessions as on WebSocket. Without this object,
+        // `ctxSaveTrace`, `ctxQueryTraces`, and any tool gated on the
+        // remaining deps silently failed to register over Streamable HTTP
+        // (caught dogfooding `ctx-loop-test` from a remote MCP client).
+        {
+            automationHooks: this.automationHooks,
+            getDisconnectInfo: () => ({
+                at: this.lastDisconnectAt,
+                code: this.lastDisconnectCode,
+                reason: this.lastDisconnectReason,
+            }),
+            onContextCacheUpdated: (generatedAt) => {
+                this._lastContextCachedAt = generatedAt;
+                this._emitLiveState();
+            },
+            getExtensionDisconnectCount: () => this.extensionDisconnectCount,
+            ...(this.commitIssueLinkLog && {
+                commitIssueLinkLog: this.commitIssueLinkLog,
+            }),
+            ...(this.recipeRunLog && { recipeRunLog: this.recipeRunLog }),
+            ...(this.decisionTraceLog && {
+                decisionTraceLog: this.decisionTraceLog,
+            }),
         });
         this.server.httpMcpHandler = (req, res) => this.httpMcpHandler?.handle(req, res) ?? Promise.resolve();
         // 3. Check for stale lock files
@@ -1275,6 +1307,13 @@ export class Bridge {
             throw err;
         }
         this.port = port;
+        // 4a-deferred. Start recipe scheduler now that port is known (bridgeMcp needs a valid port).
+        if (this.recipeScheduler) {
+            const scheduled = this.recipeScheduler.start();
+            if (scheduled.length > 0) {
+                this.logger.info(`[patchwork] scheduled ${scheduled.length} cron recipe${scheduled.length === 1 ? "" : "s"}`);
+            }
+        }
         // 4b. Start WebSocket keepalive heartbeat (keeps MCP session alive during long idle periods)
         this._startWsHeartbeat();
         // 4c. Load persisted tasks from previous sessions (best-effort)
@@ -1438,6 +1477,7 @@ export class Bridge {
         this.stopped = true;
         this.logger.info("Shutting down...");
         this._stopPeriodicSnapshots();
+        this.tokenUsageTracker.stop();
         this.automationHooks?.destroy();
         this.recipeScheduler?.stop();
         this.recipeScheduler = null;
@@ -1471,7 +1511,7 @@ export class Bridge {
         if (this.checkpoint && this.port > 0) {
             try {
                 await Promise.race([
-                    Promise.resolve().then(() => this.checkpoint.write(this._buildCheckpoint(this.port))),
+                    Promise.resolve().then(() => this.checkpoint?.write(this._buildCheckpoint(this.port))),
                     new Promise((resolve) => setTimeout(resolve, 3000)),
                 ]);
             }
@@ -1495,7 +1535,8 @@ export class Bridge {
         if (analyticsOn === true && totalSessions > 0) {
             try {
                 const entries = this.activityLog.query({ last: 500 });
-                const summary = buildSummary(entries, maxDurationMs, PACKAGE_VERSION);
+                const salt = getAnalyticsSalt();
+                const summary = buildSummary(entries, maxDurationMs, PACKAGE_VERSION, salt);
                 await Promise.race([
                     sendAnalytics(summary),
                     new Promise((resolve) => setTimeout(resolve, 2000)),