sanook-cli 0.5.1 → 0.5.5

package/.env.example

@@ -8,12 +8,9 @@ GOOGLE_GENERATIVE_AI_API_KEY=AIzaxxx      # aistudio.google.com/apikey (restrict
 
 # ── Cloud BYOK ──
 OPENAI_API_KEY=sk-xxx                     # platform.openai.com (รวม Codex: model gpt-5-codex)
-DEEPSEEK_API_KEY=sk-xxx                   # platform.deepseek.com
 XAI_API_KEY=xai-xxx                       # console.x.ai
 MISTRAL_API_KEY=xxx                       # console.mistral.ai
 GROQ_API_KEY=gsk_xxx                      # console.groq.com
-MINIMAX_API_KEY=xxx                        # platform.minimax.io  (MINIMAX_BASE_URL สลับ region)
-ZHIPU_API_KEY=xxx                         # z.ai / open.bigmodel.cn (GLM — GLM_BASE_URL สลับ region)
 
 # ── Local (ไม่ต้อง key — ตั้ง baseURL ถ้าไม่ใช่ default) ──
 # OLLAMA_BASE_URL=http://localhost:11434/v1
@@ -40,3 +37,164 @@ SANOOK_MODEL=sonnet
 # SANOOK_DISABLE_PERSISTENCE=1        # ไม่บันทึก sessions/memory
 # SANOOK_DISABLE_WORKLOG=1            # ไม่เขียน worklog เข้า second-brain
 # SANOOK_TRUST_PROJECT=1              # trust project .sanook mcp/hooks/skills/commands ชั่วคราว
+
+# ── Messaging gateway (optional; ใช้กับ sanook gateway / sanook send) ──
+# Telegram
+# TELEGRAM_BOT_TOKEN=123:abc
+# TELEGRAM_ALLOWED_CHATS=5222385839
+
+# Discord
+# DISCORD_BOT_TOKEN=xxx
+# DISCORD_DEFAULT_CHANNEL=123456789012345678
+# DISCORD_ALLOWED_CHANNELS=123456789012345678
+
+# Slack
+# SLACK_BOT_TOKEN=xoxb-xxx
+# SLACK_APP_TOKEN=xapp-xxx              # ต้องมีถ้าจะรับข้อความผ่าน Socket Mode
+# SLACK_DEFAULT_CHANNEL=C01ABCDEF
+# SLACK_ALLOWED_CHANNELS=C01ABCDEF
+
+# Email
+# EMAIL_ADDRESS=bot@example.com
+# EMAIL_PASSWORD=app-password
+# EMAIL_IMAP_HOST=imap.example.com
+# EMAIL_SMTP_HOST=smtp.example.com
+# EMAIL_HOME_ADDRESS=you@example.com
+
+# LINE Messaging API (webhook inbound + Push/send + cron delivery)
+# LINE_CHANNEL_ACCESS_TOKEN=xxx
+# LINE_CHANNEL_SECRET=xxx              # ใช้ verify x-line-signature ของ webhook
+# LINE_HOME_CHANNEL=U1234567890abcdef  # U=user, C=group, R=room
+# LINE_ALLOWED_USERS=U1234567890abcdef
+# LINE_ALLOWED_GROUPS=C1234567890abcdef
+# LINE_ALLOWED_ROOMS=R1234567890abcdef
+# LINE_PUBLIC_URL=https://your-tunnel.example.com
+
+# SMS / Twilio (webhook inbound + REST send + cron delivery)
+# TWILIO_ACCOUNT_SID=ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+# TWILIO_AUTH_TOKEN=xxx                # ใช้ส่ง SMS และ verify x-twilio-signature
+# TWILIO_PHONE_NUMBER=+15550000000
+# SMS_HOME_CHANNEL=+15551234567
+# SMS_ALLOWED_USERS=+15551234567,+15557654321
+# SMS_WEBHOOK_URL=https://your-tunnel.example.com/sms/webhook
+# SMS_INSECURE_NO_SIGNATURE=false      # local dev only; production ควร false/ไม่ตั้ง
+
+# ntfy (HTTP push + JSON stream subscribe)
+# NTFY_TOPIC=sanook-yourname-2026
+# NTFY_SERVER_URL=https://ntfy.sh
+# NTFY_TOKEN=tk_xxx                    # optional; หรือ user:pass สำหรับ Basic auth
+# NTFY_PUBLISH_TOPIC=sanook-yourname-2026
+# NTFY_ALLOWED_USERS=sanook-yourname-2026
+# NTFY_HOME_CHANNEL=sanook-yourname-2026
+# NTFY_HOME_CHANNEL_NAME=Owner phone
+# NTFY_MARKDOWN=true
+
+# Mattermost REST API v4 + WebSocket inbound
+# MATTERMOST_URL=https://mm.example.com
+# MATTERMOST_TOKEN=xxx                         # token ของ bot/dedicated account
+# MATTERMOST_HOME_CHANNEL=chan_home_id
+# MATTERMOST_HOME_CHANNEL_NAME=Owner Mattermost
+# MATTERMOST_ALLOWED_USERS=user_id_1,user_id_2 # fail-closed; ใช้ Mattermost user IDs
+# MATTERMOST_ALLOWED_CHANNELS=chan_home_id,chan_ops_id
+# MATTERMOST_FREE_RESPONSE_CHANNELS=chan_dm_like_id
+# MATTERMOST_REQUIRE_MENTION=true              # public/private channels ต้อง @mention; DM ตอบทุกข้อความ
+# MATTERMOST_GROUP_SESSIONS_PER_USER=true
+# MATTERMOST_REPLY_MODE=thread                 # off|thread
+# MATTERMOST_ALLOW_ALL_USERS=false             # production ควร false/ไม่ตั้ง
+
+# Home Assistant (state_changed WebSocket inbound + persistent_notification send)
+# HASS_URL=http://homeassistant.local:8123
+# HASS_TOKEN=xxx                               # Long-Lived Access Token
+# HASS_HOME_CHANNEL=sanook_agent              # persistent_notification notification_id
+# HASS_HOME_CHANNEL_NAME=Owner Home Assistant
+# HASS_WATCH_DOMAINS=light,binary_sensor,climate
+# HASS_WATCH_ENTITIES=sensor.temp,alarm_control_panel.home
+# HASS_IGNORE_ENTITIES=sensor.noisy
+# HASS_WATCH_ALL=false                         # production ควร false/ไม่ตั้ง
+# HASS_COOLDOWN_SECONDS=30
+
+# Signal via signal-cli daemon --http (JSON-RPC send + SSE inbound)
+# SIGNAL_HTTP_URL=http://127.0.0.1:8080
+# SIGNAL_ACCOUNT=+15550000000
+# SIGNAL_HOME_CHANNEL=+15551234567
+# SIGNAL_HOME_CHANNEL_NAME=Owner Signal
+# SIGNAL_ALLOWED_USERS=+15551234567,+15557654321
+# SIGNAL_GROUP_ALLOWED_USERS=groupIdBase64       # หรือ * เพื่อเปิดทุกกลุ่มโดยตั้งใจ
+# SIGNAL_REQUIRE_MENTION=false                   # true = group ต้อง mention เบอร์ account
+
+# WhatsApp Cloud API (Meta webhook inbound + Graph Messages API send)
+# WHATSAPP_CLOUD_PHONE_NUMBER_ID=123456789012345
+# WHATSAPP_CLOUD_ACCESS_TOKEN=EAA...
+# WHATSAPP_CLOUD_APP_SECRET=xxx                  # ใช้ verify x-hub-signature-256 ของ webhook
+# WHATSAPP_CLOUD_VERIFY_TOKEN=choose-a-long-random-token
+# WHATSAPP_CLOUD_HOME_CHANNEL=15551234567        # wa_id digits, ไม่ต้องมี +
+# WHATSAPP_CLOUD_HOME_CHANNEL_NAME=Owner WhatsApp
+# WHATSAPP_CLOUD_ALLOWED_USERS=15551234567,15557654321
+# WHATSAPP_CLOUD_PUBLIC_URL=https://your-tunnel.example.com
+# WHATSAPP_CLOUD_API_VERSION=v20.0
+# WHATSAPP_CLOUD_ALLOW_ALL_USERS=false           # production ควร false/ไม่ตั้ง
+
+# Matrix Client-Server API (sync inbound + room send)
+# MATRIX_HOMESERVER=https://matrix.example.org
+# MATRIX_ACCESS_TOKEN=syt_xxx                    # แนะนำ: token ของ bot account
+# MATRIX_USER_ID=@sanook:matrix.example.org      # optional ถ้าใช้ access token; required ถ้าใช้ password login
+# MATRIX_PASSWORD=xxx                            # fallback แทน access token
+# MATRIX_HOME_ROOM=!abc123:matrix.example.org
+# MATRIX_HOME_ROOM_NAME=Owner Matrix
+# MATRIX_ALLOWED_USERS=@alice:matrix.org,@bob:matrix.org
+# MATRIX_ALLOWED_ROOMS=!abc123:matrix.example.org,!ops:matrix.example.org
+# MATRIX_FREE_RESPONSE_ROOMS=!free:matrix.example.org
+# MATRIX_REQUIRE_MENTION=true                    # shared rooms ต้อง mention bot; DM ตอบทุกข้อความ
+# MATRIX_GROUP_SESSIONS_PER_USER=true
+# MATRIX_AUTO_JOIN=true
+# MATRIX_POLL_TIMEOUT_MS=30000
+
+# Google Chat (Chat REST API outbound; Pub/Sub config saved for future inbound)
+# GOOGLE_CHAT_PROJECT_ID=my-chat-bot-123
+# GOOGLE_CHAT_SUBSCRIPTION_NAME=projects/my-chat-bot-123/subscriptions/sanook-chat-events-sub
+# GOOGLE_CHAT_SERVICE_ACCOUNT_JSON=/home/you/.sanook/google-chat-sa.json
+# GOOGLE_CHAT_API_BASE_URL=https://chat.googleapis.com
+# GOOGLE_CHAT_HOME_CHANNEL=spaces/AAAA                 # use googlechat:spaces/AAAA/threads/thread-id for thread replies
+# GOOGLE_CHAT_HOME_CHANNEL_NAME=Owner Google Chat
+# GOOGLE_CHAT_ALLOWED_USERS=you@yourdomain.com,coworker@yourdomain.com
+# GOOGLE_CHAT_ALLOWED_SPACES=spaces/AAAA,spaces/BBBB   # explicit proactive send targets; home channel is allowed by default
+# GOOGLE_CHAT_FREE_RESPONSE_SPACES=spaces/FREE
+# GOOGLE_CHAT_MAX_MESSAGES=1
+# GOOGLE_CHAT_MAX_BYTES=16777216
+# GOOGLE_CHAT_ALLOW_ALL_USERS=false
+# GOOGLE_CHAT_ALLOW_ALL_SPACES=false
+# GOOGLE_CHAT_INCOMING_WEBHOOK_URL=https://chat.googleapis.com/v1/spaces/AAAA/messages?key=xxx&token=xxx
+
+# BlueBubbles / iMessage (REST outbound now; webhook config saved for inbound parity)
+# BLUEBUBBLES_SERVER_URL=http://localhost:1234
+# BLUEBUBBLES_PASSWORD=xxx
+# BLUEBUBBLES_WEBHOOK_HOST=127.0.0.1
+# BLUEBUBBLES_WEBHOOK_PORT=8645
+# BLUEBUBBLES_WEBHOOK_PATH=/bluebubbles-webhook
+# BLUEBUBBLES_HOME_CHANNEL=user@example.com      # chat GUID, email, or +E.164 phone; raw GUID like iMessage;-;user@example.com also works
+# BLUEBUBBLES_HOME_CHANNEL_NAME=Owner iMessage
+# BLUEBUBBLES_ALLOWED_USERS=user@example.com,+15551234567
+# BLUEBUBBLES_ALLOW_ALL_USERS=false             # production ควร false/ไม่ตั้ง
+# BLUEBUBBLES_REQUIRE_MENTION=false             # group chat inbound gate for future gateway run parity
+# BLUEBUBBLES_MENTION_PATTERNS=["(?<![\\w@])@?sanook\\b[,:\\-]?"]
+
+# Microsoft Teams (Incoming Webhook delivery now; Graph delivery for chat/channel targets)
+# TEAMS_DELIVERY_MODE=incoming_webhook          # incoming_webhook|graph
+# TEAMS_INCOMING_WEBHOOK_URL=https://...
+# TEAMS_GRAPH_ACCESS_TOKEN=xxx                  # Graph mode: delegated/application token with ChatMessage.Send/ChannelMessage.Send
+# TEAMS_CHAT_ID=19:...
+# TEAMS_TEAM_ID=team-id
+# TEAMS_CHANNEL_ID=channel-id
+# TEAMS_HOME_CHANNEL=19:...                     # หรือ team/<team-id>/channel/<channel-id>
+# TEAMS_HOME_CHANNEL_NAME=Owner Teams
+# TEAMS_CLIENT_ID=app-client-id                 # สำหรับ future Bot Framework inbound parity
+# TEAMS_CLIENT_SECRET=xxx
+# TEAMS_TENANT_ID=tenant-id
+# TEAMS_ALLOWED_USERS=alice@example.com,bob@example.com
+# TEAMS_PORT=3978
+
+# Generic Webhooks (GitHub/GitLab/Jira/Stripe/etc. inbound events)
+# WEBHOOK_ENABLED=true
+# WEBHOOK_SECRET=xxx                   # global fallback HMAC secret
+# WEBHOOK_PUBLIC_URL=https://your-tunnel.example.com
+# WEBHOOK_RATE_LIMIT_PER_MINUTE=30

package/CHANGELOG.md

@@ -1,6 +1,131 @@
 # Changelog
 
-## Unreleased
+## 0.5.5
+
+### Hermes-style setup, dashboard, and terminal parity
+
+- **Localized setup wizard (EN/TH)** — language picker on first run; steps for provider, model, **agent** (permission mode), **tools**, **gateway**, second brain, and complete (~10 steps).
+- **`sanook dashboard`** — local web UI on port 9119 with pages: Home, **Chat**, Models, Sessions, **Files**, **Logs**, **Cron**, **Channels**, Config, MCP, Brain; REST APIs for status, config, files, logs, cron, and channels.
+- **Two-phase `/model` picker** — choose provider, then model (Hermes-style); `Esc` returns to provider list.
+- **New slash commands** — `/setup` (setup section hints), `/dashboard` (open web dashboard).
+- **Codex device-code login** — Hermes-style OAuth device flow in setup wizard (`src/providers/codex-login.ts`).
+- **i18n foundation** — `src/i18n/` with English and Thai strings; locale persisted in global config.
+
+## 0.5.4
+
+### Multi-project vault — project workspace auto-detect
+
+- **`Projects/<slug>/` workspace standard** — `overview.md`, `current-state.md`, `context.md`, `repo.md` with `repo_path` for machine-readable repo mapping.
+- **`sanook brain new project --title "..." --repo /path`** — scaffolds full `Projects/<slug>/` workspace from `Templates/project-workspace/` and links it from `Projects/_Index.md`.
+- **`sanook brain projects list`** — shows registered project workspaces and marks the active project for the current cwd.
+- **Project auto-detect in agent context** — when cwd is inside a project's `repo_path`, Sanook injects `<project_workspace>` hot context (current-state, context, overview) into `loadBrainContext()` and `sanook brain context`.
+- **`sanook brain context --project <slug>`** — force a project workspace without cwd matching.
+- **Scaffold policy** — `sanook brain init` no longer copies bundled `Projects/<slug>/` dogfood folders into new vaults (only `Projects/_Index.md`); add projects explicitly with `brain new project`.
+
+## 0.5.3
+
+### Second-brain CLI — pack, create, repair, consolidate, metrics
+
+- **`sanook brain pack list|show <name>`** — makes `Shared/Context-Packs/` first-class: list packs with descriptions and index status; show load order, done criteria, and wiki-link sources.
+- **`sanook brain new <type> [--title "..."]`** — template-backed note creation for `session`, `bug`, `handoff`, `project`, `golden-case`, and `checklist`; fills frontmatter, sets `parent`/`up::`, appends to destination `_Index.md`, and rejects wrong-folder output paths.
+- **`sanook brain repair [--dry-run]`** — safe one-line fixes after `doctor`/`review`: missing purpose blockquote, `parent`, `up::`, unlinked context packs, and missing scaffold folders.
+- **`sanook brain consolidate [--apply] [--apply --archive] [--memory]`** — sleep-time consolidation runner (inbox dedup, stale → archive, retrieval eval, optional auto-memory merge); dry-run by default.
+- **`sanook brain metrics [--no-retrieval]`** — vault counts, stale notes, index freshness, and retrieval coverage with non-zero exit on issues.
+- **Context pack auto-select** — `buildBrainContext({ taskQuery })` and per-turn retrieval now inject the best-matching context pack before broader vault context.
+
+### MCP trust & safety
+
+- **`sanook mcp enable|disable <name>`** — toggle MCP servers without removing config (`enabled` flag in `mcp.json`; disabled servers are skipped by the agent, web probes, and doctor).
+- **401 auth hints** — `mcp test` / `mcp doctor` print setup hints when hosted remotes return Unauthorized.
+- **Risk labels** — classify servers as `read-only`, `file-write`, `network-write`, `database-write`, or `infra/admin` in search/info/list/test and the MCP hub overlay.
+- **Registry cache** — official MCP registry responses are cached for 5 minutes to reduce repeated network fetches.
+
+### Agent loop — web fetch, plan handoff, background tasks
+
+- **`web_fetch` agent tool** — built-in ethical fetch ladder (direct HTML → reader → Tavily → Wayback); read-only, no approval gate; same policy as `sanook web fetch`.
+- **`sanook plan "<task>"`** — read-only plan mode with stderr execute handoff (`sanook --yes "…"`) after success.
+- **`/tasks` overlay + `bg N` status** — inspect running `task_spawn` background jobs from the REPL.
+
+### Gateway — doctor, richer status, mobile replies
+
+- **`sanook gateway doctor`** — validate configured channel tokens, webhooks, and allowlists with live probes where possible.
+- **`sanook gateway status` (enhanced)** — pending cron jobs, recent delivery failures, and config-based channel health summary.
+- **Mobile chat formatting** — truncate fenced code blocks and cap reply length before delivering to Telegram/Discord/Slack/LINE/WhatsApp and other chat platforms.
+
+### TUI — sessions, transcript, launchpad
+
+- **Session rename** — `/sessions` → `r` to rename inline.
+- **Cross-project sessions** — list sessions from all projects (`≠` marker); resume cross-project with `--continue-any`-style cwd note.
+- **Virtual transcript** — viewport windowing with PgUp/PgDn scroll instead of rendering full scrollback.
+- **Collapsible launchpad** — keys `1`/`2`/`3` toggle Tools/Skills/MCP startup sections.
+
+### Developer experience
+
+- **`sanook init [--trust]`** — scaffold `.sanook/commands/` starter templates and print brain/MCP/trust next-step hints.
+- **`sanook skill install <name|path>`** — install from bundled catalog or local path (shared resolver with `skill add`).
+
+## 0.5.2
+
+### TUI startup polish — SANOOK AI Launchpad
+
+- **Live startup cockpit signals** — the Sanook launchpad now shows real local readiness, not just brand copy: second-brain configured/missing, MCP server count, loaded skill count, and current git branch. This turns the first screen into a useful service cockpit for Code, Brain, Connect, and Ship workflows, while keeping medium/tiny terminal fallbacks readable.
+- **Big `SANOOK AI` startup banner** — the REPL now opens with a large gradient wordmark plus a compact launchpad for version, account mode, live model, automation mode, cwd, and high-signal slash-command hints. The banner now carries the Sanook identity directly (`งานหนักให้เบาลง · ไม่เบาความรับผิดชอบ · local-first memory`), a signature workflow (`plan -> patch -> prove -> remember`), and a service promise (`readable · recoverable · remembered`). It gives users four memorable service routes: Code (`@file`, tools, diff), Brain (`brain context`, skills, compression), Connect (`MCP`, gateway, webhooks), and Ship (`copy`, cost guard, undo). Hermes-style responsive tiers keep it usable across terminal widths: wide wordmark, compact panel, and tiny text-only fallback. It still renders only before conversation history exists, so command turns do not redraw it into terminal scrollback.
+- **Startup service routes panel** — the empty REPL now also shows a Hermes-style Sanook service-routes panel with Code, Brain, Connect, Ship, System, and Runtime lanes. It tells new users what the CLI can do immediately: edit/run/read tools, second-brain context and worklogs, reusable skills, MCP registry/install/doctor/serve, gateway/webhook work, `/copy` handoff, ask-mode approvals, queued follow-ups, and `/hotkeys`. The panel has compact copy for medium terminals and hides on tiny terminals so the prompt stays usable.
+- **Floating overlay foundation** — `/help` now opens a Hermes-style paged overlay with line/page navigation instead of dumping the full command reference into scrollback. Typing slash-command prefixes or path-like tokens such as `@src/foo`, `./src/`, `~/notes/`, or `/tmp/` now shows a Hermes-style completion float box with command/file metadata; ↑/↓ chooses a row and Tab/Enter completes before the command or prompt is submitted. `/tools` opens a Sanook Tools Hub overlay for built-in file/git/memory/schedule/sub-agent/diagnostics lanes, while `/mcp` opens a Sanook MCP Hub overlay, mapping Hermes' plugins hub idea onto Sanook's extension surface: configured MCP servers, stdio/http transport, target, secret summary, and lazy selected-server testing with `t` so users can see PASS/FAIL and browse the selected server's advertised tool catalog with ↑/↓ or j/k before leaving the REPL. `/hotkeys` opens a dismissible TUI overlay (`Esc`, `Enter`, or `q`). `/model` without args opens an interactive model picker overlay with ↑/↓ or j/k navigation and Enter-to-switch, while `/model <spec>` keeps the existing direct canonical switch behavior. `/skills` opens a read-only Skills Hub overlay for browsing loaded skills and inspecting description/path metadata. `/sessions` opens a Hermes-style Session Switcher for saved sessions in the current project, resumes the highlighted session with Enter, inspects session metadata with `i`, and deletes with a two-press `d` confirmation. This is the reusable Sanook overlay path for the remaining richer help/session surfaces.
+- **Hermes-inspired REPL affordances** — added `/hotkeys`, a bounded queued-message window (`queued (n)` + `…and N more`) with an active row plus `Ctrl+X` deletion while busy, a Sanook tool trail for `tool-call`/`tool-result` events that persists into the assistant transcript after the turn completes and can be toggled with `/trail [compact|expanded]` or `Ctrl+T`, and a Sanook status rule that prioritizes state/model/mode/context/queue over secondary hints, shows elapsed time while working, shows context-compression mode (`cmp sel/hdr/off`) on roomy terminals, shows cost plus cwd/branch on wider terminals, and lets the cwd/branch segment yield before it can wrap or crowd the important left side.
+- **Hermes-style details controls** — `/details thinking hidden|collapsed|expanded` now controls a capped Sanook thinking panel fed by provider reasoning deltas, and `/details tools hidden|collapsed|expanded` maps Hermes' tools section visibility onto Sanook's persisted tool trail (`hidden`, compact/collapsed, expanded). This gives users a cleaner way to tune how much live agent work is visible without losing the quick `/trail` toggle.
+- **Streaming markdown rendering** — assistant live output and saved assistant turns now render common Markdown blocks instead of raw text: headings, block quotes, bullet/numbered lists, fenced code blocks, inline code, and bold spans. The live renderer keeps a Hermes-inspired stable-prefix/unstable-tail split at blank-line boundaries outside code fences, so streaming fenced code and partially-written paragraphs stay readable without pulling in a heavyweight renderer.
+- **Grapheme-safe prompt editing** — the REPL editor now moves the cursor and backspaces by grapheme cluster instead of raw JavaScript code unit. Thai combining marks, emoji, and ZWJ emoji stay intact while editing, matching the direction of Hermes' custom TextInput correctness work without importing its runtime.
+- **Hermes-style paste collapse** — bracketed or multiline paste now normalizes CRLF/newlines and collapses long pasted text (5+ lines or 2k+ chars) into a readable `[[ paste ... ]]` token in the composer. On submit Sanook expands the token back to the original pasted text before running the agent, so the terminal stays readable while the model still receives the full context.
+- **Terminal clipboard bridge** — `/copy [last]` copies the latest assistant response from the REPL. Sanook first tries the native system clipboard (`pbcopy`, PowerShell, `wl-copy`, `xclip`, `xsel`) and falls back to OSC52 terminal clipboard sequences when native tools are unavailable, covering the practical core of Hermes' clipboard work while leaving full mouse-selection parity for later.
+- **Hermes TUI parity map** — added `second-brain/Research/2026-06-18-hermes-tui-parity-map.md` so the remaining rebrand/port work is explicit: overlays, model/session/skills hubs, status rule, virtual transcript, terminal clipboard/mouse support, streaming markdown/persistent tool trails, and skin/theme parity.
+
+### Token reduction — selective context compression for stale tool output
+
+- **`sanook prompt-size [--json]`** — Hermes-inspired offline prompt budget diagnostic. It reports the current system prompt, personality overlay, auto-memory, skills index, second-brain context, project memory, repo map, git context, built-in tool schemas, and total rough token/byte footprint without calling a model or spawning MCP servers, so users can tune large second-brain/skill setups before context cost becomes invisible.
+- **`contextCompression: "selective" | "headroom" | "off"`** (env `SANOOK_CONTEXT_COMPRESSION`) — default `"selective"` is a zero-LLM, per-step compressor inspired by Selective Context, LongLLMLingua-style query awareness, and Headroom-style context pruning. It keeps the latest tool results full, but compresses older huge tool outputs with recency-aware budgets and preserves anchors plus high-information lines (current-query matches, errors, paths, diffs, code structure, rare terms) before the next model request. `"headroom"` optionally wraps the Vercel AI SDK model with the `headroom-ai` GitHub/npm framework when a Headroom proxy/cloud setup is available; `"off"` disables compression.
+
+### Polyglot runtime foundation — Python/Rust without mandatory native deps
+
+- **`sanook runtimes [--json]`** — new runtime surface report for Sanook's language strategy. TypeScript remains the npm-distributed control plane; Python is the optional analysis/data/document/ML helper plane; Rust is the optional performance/safety/native-helper plane. The command detects Python, uv, rustc, Cargo, Pyright, and rust-analyzer, then prints install hints without making any of them required for basic Sanook usage.
+- **`run_python` / `run_rust` agent tools** — approval-gated, no-shell runtime tools. `run_python` runs a Python snippet or workspace `.py` file for JSON/CSV transforms, document/text parsing, OCR/ML glue, and research scripts. `run_rust` compiles and runs a single-file Rust snippet or workspace `.rs` file for fast parsers/checkers and type-safe native-helper prototypes. Missing runtimes degrade to clear install messages instead of breaking the agent loop.
+
+### Web grounding — true search readiness and source policy
+
+- **`sanook web status [--json]` / `sanook web doctor [--json]`** — new diagnostic surface for true web/search/fetch readiness. It clearly separates `sanook search` local retrieval (vault, memory, sessions, skills) from internet search through MCP servers, detects configured web/search/fetch candidates, and optionally probes advertised tools. The report also prints the recommended `research` MCP preset and Sanook's grounding policy.
+- **Agent web-use policy** — the system prompt now tells the agent to use configured web/search/fetch MCP tools for current or volatile external facts, prefer primary sources for technical work, cite source URLs/titles, and treat fetched/search content as untrusted data rather than instructions.
+
+### MCP registry UX — discover, install, and diagnose servers
+
+- **`sanook mcp search/info/install`** — browse the official MCP registry, inspect transports/packages/secret requirements, and write a ready-to-use stdio or Streamable-HTTP config into `~/.sanook/mcp.json` (or trusted project config with `--project`).
+- **`sanook mcp test` / `sanook mcp doctor` / `sanook mcp list --tools`** — probe configured MCP servers, show advertised tools, and fail clearly when a server is missing credentials, unreachable, or misconfigured.
+- **`sanook mcp preset`** — curated starter bundles (`dev`, `research`, `pm`, `ops`) for common Sanook workflows.
+
+### Second-brain CLI tooling — doctor, context, eval
+
+- **`sanook brain context [--task "..."]`** — shows the exact `<brain_vault>` context Sanook injects from `Shared/AI-Context-Index.md`, `current-state.md`, and Memory-Inbox, with source char counts and stale/missing index warnings. With `--task`, it also runs focused retrieval over vault/session/skill hits.
+- **`sanook brain eval`** — turns `Evals/second-brain-benchmarks.md` into a lightweight runner: static vault sanity checks, context-size/missing-source checks, index freshness, and retrieval probes for key rules/ledgers.
+- **`sanook brain review`** — curator-style vault review for Memory-Inbox duplicates/possible contradictions, stale or incomplete context packs, session notes missing from the search manifest, eval freshness after framework changes, and markdown routing hygiene.
+- **`sanook brain final [--task "..."] [--from-diff] [--lite]`** — creates an evidence-backed final gate note in `Sessions/`, optionally prefilled from the current git diff, and links it from `Sessions/_Index.md`. `brain review` now validates final gates for missing evidence/TODO placeholders, while `brain eval` keeps the full and lite templates covered.
+- **Context assembly is inspectable without drift**: `buildBrainContext()` now exposes typed source parts and renders from the same parts used by the agent prompt.
+- **Fresh scaffold discoverability**: generated `Shared/Context-Packs/_Index.md` now links the bundled context packs, so review/search can find them immediately.
+
+### Whole-codebase audit — confirmed bugs fixed across the CLI
+
+A multi-agent review swept every subsystem (agent loop, tools, providers, gateway, MCP, search, orchestration) and adversarially verified each finding. The ones fixed here:
+
+**High**
+- **`edit_file` silently stripped indentation.** The whitespace-flexible match tier matched an indented block by trimmed lines but spliced the (un-indented) replacement verbatim — de-indenting code and breaking Python/YAML, invisibly. It now re-applies the file's indentation to the replacement.
+- **Codex delegate could never edit files + ran in the wrong directory.** `sanook -m codex` ran with `--sandbox read-only` unconditionally (a "coding agent" that silently couldn't write) and ignored worktree `cwd`. It now uses `workspace-write` in auto mode (read-only under plan/ask), threads `cwd`, and passes prior conversation so REPL turns aren't contextless.
+- **Worktree rollback could lose a renamed file.** The pre-apply snapshot only captured destination paths, so a failed 3-way apply of a rename didn't restore the deleted source. Snapshots now cover both sides of renames/copies (and parse git-quoted paths).
+
+**Medium** — git tools now run in the sub-agent's worktree (`git_commit --addAll` no longer commits the main repo); LSP child process no longer leaks on init failure/timeout (+ init timeout, + Windows `.cmd` shell, + Windows-critical env); Codex no longer crashes the CLI on an EPIPE; the model-fallback path no longer duplicates streamed output; MCP server stderr is drained (was hanging when the pipe filled); an untrusted project can no longer disable the budget cap or spoof pricing; the Telegram bot skips its backlog on startup (no replaying old commands); hooks get Windows-critical env.
+
+**Low** — `replace_all` reports the real replacement count; the multi-match hint no longer suggests `replace_all` for flex matches (dead-end); a malformed trusted-project `hooks.json` no longer crashes the run; frontmatter-only notes with no trailing newline no longer leak the frontmatter into the indexed body; the gateway returns 400/413 (not 500) for bad/oversized request bodies.
+
+**Follow-up medium fixes** — `sanook index` now builds and saves the semantic vector sidecar, so `--mode semantic|hybrid` no longer silently degrades to BM25 after a reindex; subagent fan-out has a global process-wide concurrency cap; `budgetUsd` is shared across the whole agent tree instead of resetting per subagent; isolated write subagents no longer inherit the interactive approval loop inside their temp worktree after the parent approved `task_parallel`; `/v1/chat/completions` now supports OpenAI-style `stream:true` SSE chunks.
+
+**Follow-up low fixes** — protected path checks resolve symlink ancestors before allowing writes; search chunk ids use a stronger SHA-256-derived path hash; oversized MCP tool text is capped before entering model context; malformed search manifests are sanitized on load without discarding a valid index; a setup-wizard timing test now waits for the rendered validation frame instead of flaking under full-suite load.
 
 ### Fix: couldn't type in the REPL after first-run setup
 
@@ -21,13 +146,27 @@ A multi-agent review of the first-run + setup + REPL flow surfaced (and independ
 
 ### Fix: duplicate / empty model choices in the setup wizard
 
-`mergeModelOptions` only deduped *remote* model ids against the curated list — never the curated list against itself. So aliases pointing at the same id rendered as **two identical-looking choices** (e.g. `haiku — claude-haiku-4-5` and `fast — claude-haiku-4-5`; OpenAI's `smart`/`gpt` both → `gpt-5.5`), which also collided on React keys (`Encountered two children with the same key` → options could duplicate or vanish). It now groups by model id and merges the alias names into one option (`haiku / fast — claude-haiku-4-5`). Separately, the old code dropped the `default` alias entirely, which **emptied the model list for LM Studio** (`{ default: 'local-model' }`) and hid Ollama's `qwen3` — those models are now selectable again. Locked in with tests (every provider yields unique option values; LM Studio/Ollama are non-empty).
+`mergeModelOptions` only deduped *remote* model ids against the curated list — never the curated list against itself. So aliases pointing at the same id rendered as **two identical-looking choices** (e.g. `haiku — claude-haiku-4-5` and `fast — claude-haiku-4-5`; OpenAI's `smart`/`gpt` both → `gpt-5.5`), which also collided on React keys (`Encountered two children with the same key` → options could duplicate or vanish). It now groups by model id and merges the alias names into one option (`haiku / fast — claude-haiku-4-5`). Separately, the old code dropped the `default` alias entirely, which **emptied the model list for LM Studio** (`{ default: 'local-model' }`) and hid Ollama's default model — those models are now selectable again. Locked in with tests (every provider yields unique option values; LM Studio/Ollama are non-empty).
+
+### CLI audit follow-ups
+
+- **`--continue-any` actually works as a resume flag now.** The headless arg parser forgot to consume it, so `sanook --continue-any` became a literal prompt instead of opening the REPL with the latest cross-project session. The parser is now split into a tested module and consumes all resume/headless aliases.
+- **Search flags are validated.** `sanook search q --mode nope` used to silently fall back to FTS, and `--limit -5` could produce odd slice behavior. Search args now reject invalid modes, sources, missing queries, and non-positive limits with a clear usage line.
+- **`sanook serve --port` missing values now report a human-readable error.** Empty or missing port values now surface `ต้องระบุค่า` instead of leaking `"undefined"` into the validation message.
+- **`SANOOK_DISABLE_PERSISTENCE=1` now includes second-brain worklogs.** Sessions, auto-memory, prompt history, and worklogs all honor the global persistence kill switch; `SANOOK_DISABLE_WORKLOG=1` remains available for worklog-only opt-out.
+- **First-run Codex readiness is real.** `sanook -m codex` no longer skips setup just because Codex does not use an API key; it only skips when the official `codex` CLI is installed and logged in.
+- **Existing broken model config now reopens setup instead of entering a dead REPL.** If `~/.sanook/config.json` points at OpenAI without a usable key (or Codex without a logged-in CLI), interactive `sanook` brings back the setup wizard so the recovery hint is actually actionable.
+- **Provider menu env-key labels now use the same key policy as runtime.** Malformed/OAuth env keys show as unusable instead of a misleading ready checkmark.
+- **`/model gpt` no longer leaves the REPL in a raw alias state.** Slash-command model changes now store canonical `provider:model-id` specs (for example `openai:gpt-5.5`), and missing OpenAI-key messages point ChatGPT-plan users to `/model codex` + `codex login`.
+- **The REPL banner no longer redraws after every command on terminals that keep Ink frames in scrollback.** The welcome banner renders only before history exists; the live model stays visible in the footer.
+- **`config set embeddingModel ...` is now supported.** The README documented this semantic-search setting, but the config allowlist/schema did not accept it.
+- **Help/docs cleanup.** The CLI help no longer points at the deprecated OpenAI Codex model id, and the README test badge was refreshed.
 
 ### Setup wizard — better provider selection + working OpenAI Codex login
 
-- **Provider menu**: each option now shows a one-line hint — `✓ เจอ key ใน env`, `local · ไม่ต้อง key`, `login ChatGPT · ไม่ใช้ API key`, or `ต้องมี API key` — and the list is ordered (popular cloud → others → local → Codex). The API-key step shows the expected key format.
+- **Provider menu**: each option now shows a one-line hint — `✓ key ใน env ใช้ได้`, `key ใน env ใช้ไม่ได้`, `local · ไม่ต้อง key`, `login ChatGPT · ไม่ใช้ API key`, or `ต้องมี API key` — and the list is ordered (popular cloud → others → local → Codex). The API-key step shows the expected key format.
 - **OpenAI Codex (ChatGPT plan)**: picking Codex used to skip straight past auth. It now runs a dedicated step that detects whether the `codex` CLI is installed and logged in (reads `~/.codex/auth.json` — robust inside sandboxes where `codex login status` can panic), and guides you: `npm i -g @openai/codex` → `codex login` → re-check, then continues automatically once you're signed in. No API key required.
-- **Codex runs**: `codex exec` now passes `--ask-for-approval never` (no hang waiting on approvals; safe under the default read-only sandbox) and removes `OPENAI_API_KEY` from the child env so it can't fight the ChatGPT-plan login (codex #2733/#3286). Verified the exact CLI surface against the official OpenAI Codex docs.
+- **Codex runs**: `codex exec` now runs through the current non-interactive JSON CLI surface, uses the requested sandbox (`read-only` by default, `workspace-write` in auto mode), and removes `OPENAI_API_KEY` from the child env so it can't fight the ChatGPT-plan login (codex #2733/#3286). Verified against the installed Codex CLI surface.
 
 ## 0.5.0
 
@@ -120,8 +259,8 @@ A Node-native, zero-dependency Language Server Protocol client (`src/lsp/`) give
 The interactive REPL was input-locked while the agent worked, and Ctrl+C quit the whole app. Now a turn is steerable:
 
 - **Interrupt mid-turn**: the running turn gets a real `AbortController` (wired into `runAgent`'s `signal`). Press **Esc** (or Ctrl+C) to stop the stream/tool loop right away and return to the prompt — without exiting the app. Partial output is kept for reference, the turn is dropped from the model history, and any files a tool already changed are recoverable via `/rewind`.
-- **Type-ahead queue**: you can type while the agent is busy; pressing Enter **queues** the message (shown as `⏳ คิว …`) and it runs automatically as the next turn when the current one finishes. Interrupting clears the queue.
-- Covered by an Ink integration test (mocked agent) asserting the signal is passed, input queues while busy, and Esc both aborts and clears the queue.
+- **Type-ahead queue**: you can type while the agent is busy; pressing Enter **queues** the message and it runs automatically as the next turn when the current one finishes. The queue view now keeps an active row, ↑/↓ moves it while the draft is empty, and **Ctrl+X** deletes the selected queued prompt. Interrupting clears the queue.
+- Covered by Ink integration tests (mocked agent) asserting the signal is passed, input queues while busy, Ctrl+X deletes active queued prompts, and Esc both aborts and clears the queue.
 
 ### Worktree isolation — safe parallel WRITE subagents (`task_parallel isolate:true`)
 
@@ -173,20 +312,19 @@ A Node-native search subsystem (`src/search/`) over the second-brain vault **plu
 
 - Tests: remote-MCP, sandbox, repo map, prompt-caching/system-preservation, rate-limit classification, tool timeout, checkpoint restore, cost merge, custom commands (≈200 total).
 
-## 0.4.0 — second brain, GLM Coding Plan, Telegram, hardening
+## 0.4.0 — second brain, Telegram, hardening
 
 - **Second brain**: `sanook brain init` scaffolds a portable Obsidian "second-brain" workspace — full folder taxonomy (each with `_Index.md`), a central `Vault Structure Map.md`, seed memory files, and a portable AI operating constitution (`CLAUDE/GEMINI/AGENTS.md`). Research-backed rules: context-assembly (anti context-rot), intake quarantine + injection-scan, bi-temporal fact validity, provenance tracking, a verification-gated `Skills/` library, sleep-time consolidation. The agent now **loads the vault** into context, and `brain init` **auto-wires a filesystem MCP** to it. First-run wizard offers to create one (personalized).
-- **GLM Coding Plan**: GLM routes through the Anthropic-compatible endpoint (`/api/anthropic`), so Coding Plan keys work; curated ids `glm-4.6 / glm-5.1 / glm-4.5-air`.
 - **Telegram channel**: drive the agent from your phone (long-polling, fail-closed allowlist, private-only). Remote surface defaults to ask-mode (mutations denied) unless `TELEGRAM_ALLOW_WRITE=1`.
 - **Auto-compaction**: token-aware sliding window keeps long sessions under the limit.
 - **Interactive approval** (`ask` mode) + capability-based gating — any non-read-only tool (incl. MCP) is confirmed before running.
 - **REPL resume** (`sanook -c`), **stdin piping** (`git diff | sanook "review"`), gateway multi-turn history, and `sanook config` / `sanook mcp` management commands.
-- **Provider audit**: corrected stale model ids (OpenAI `gpt-5.3-codex`, DeepSeek `v4-flash/pro`, xAI `grok-4.3`).
+- **Provider audit**: corrected stale model ids (OpenAI `gpt-5.3-codex`, xAI `grok-4.3`).
 - **Hardening**: budget cap now actually fires on the default fast model; write paths confined (no `~/.sanook` / shell-rc / ssh backdoors); MCP child processes get a minimal env (no secret leakage); provider errors surface a clean one-line message; versions read from `package.json`. Added tests for the BYOK/redaction core and budget cap.
 
 ## 0.3.0 — providers, memory, gateway, MCP, git
 
-- **Providers**: data-driven registry, now 12 providers (added MiniMax, GLM, and OpenAI Codex via the official CLI). Per-provider model picker that fetches the live model list.
+- **Providers**: data-driven registry, now 9 providers (including OpenAI Codex via the official CLI). Per-provider model picker that fetches the live model list.
 - **Memory**: auto-memory (`remember` / `recall`), session resume (`--continue`), and in-session REPL conversation history.
 - **Gateway + cron**: `sanook serve` runs a loopback HTTP endpoint (OpenAI-compatible) plus a cron scheduler with natural-language scheduling, backed by a file-locked JSON task ledger.
 - **Skills**: load `SKILL.md` files on demand; the agent can author its own with `create_skill`.