skimpyclaw 0.3.14 → 0.4.0

package/dist/tools.js

@@ -4,39 +4,85 @@ import { join, resolve } from 'path';
 import { homedir } from 'os';
 import { TTLCache } from './cache.js';
 import { toErrorMessage } from './utils.js';
-import { fromClaudeCodeName, toClaudeCodeName, BUILTIN_TOOL_DEFINITIONS, BROWSER_TOOL_DEFINITION, FETCH_TOOL_DEFINITION, TOOL_DEFINITIONS, CODE_WITH_AGENT_TOOL, CODE_WITH_TEAM_TOOL, CHECK_CODE_AGENT_TOOL, } from './tools/definitions.js';
+import { fromClaudeCodeName, toClaudeCodeName, BUILTIN_TOOL_DEFINITIONS, FETCH_TOOL_DEFINITION, TOOL_DEFINITIONS, CODE_WITH_AGENT_TOOL, CHECK_CODE_AGENT_TOOL, DELEGATE_TO_AGENT_TOOL, } from './tools/definitions.js';
 import { executeReadFile, executeWriteFileLocked, executeListDirectory } from './tools/file-tools.js';
 import { executeBash } from './tools/bash-tool.js';
-import { executeBrowser, cleanupBrowser } from './tools/browser-tool.js';
 import { executeFetch } from './tools/fetch-tool.js';
-import { ensureContainer, SANDBOX_DEFAULTS, translatePath, validateMountPaths } from './sandbox/index.js';
-import { sandboxBash, sandboxReadFile, sandboxWriteFile, sandboxListDir, sandboxGlob } from './sandbox/index.js';
-import { isBashCommandSafe } from './security.js';
-import { classifyCommandRisk, requiresApproval } from './exec-approval.js';
 // Re-export from code-agents module for backward compatibility
 export { 
 // Registry functions
 getActiveCodeAgents, getRecentCodeAgents, getAllCodeAgents, getCodeAgent, cancelCodeAgent, restoreCodeAgentTasks, 
 // Config
 setCodeAgentConfig, 
-// Orchestrator functions
-computeWaves, decomposeTask, synthesizeResults, 
 // Executor functions
 runValidation, runCodeAgentBackground, 
 // Utilities
-buildCodeAgentArgs, readTeamState, 
+buildCodeAgentArgs, 
 // Parsers
 parseStreamJsonForLive, } from './code-agents/index.js';
 // Re-export from definitions
-export { fromClaudeCodeName, toClaudeCodeName, BUILTIN_TOOL_DEFINITIONS, BROWSER_TOOL_DEFINITION, FETCH_TOOL_DEFINITION, TOOL_DEFINITIONS, CODE_WITH_AGENT_TOOL, CODE_WITH_TEAM_TOOL, CHECK_CODE_AGENT_TOOL, cleanupBrowser, };
+export { fromClaudeCodeName, toClaudeCodeName, BUILTIN_TOOL_DEFINITIONS, FETCH_TOOL_DEFINITION, TOOL_DEFINITIONS, CODE_WITH_AGENT_TOOL, CHECK_CODE_AGENT_TOOL, DELEGATE_TO_AGENT_TOOL, };
 // --- MCP (mcporter) ---
 let mcpRuntime = null;
+let mcpHealthInterval = null;
+/** Last time MCP tools were successfully discovered (epoch ms) */
+let mcpLastDiscoveredAt = 0;
+/** How often to re-validate MCP tools (5 minutes) */
+const MCP_REDISCOVERY_INTERVAL_MS = 5 * 60 * 1000;
+/**
+ * MCP health check — periodically re-discovers tools to detect daemon restarts.
+ * Runs every 5 minutes. If the runtime is stale (daemon died), clears caches
+ * so the next getToolDefinitions() call triggers fresh discovery.
+ */
+function startMcpHealthCheck() {
+    if (mcpHealthInterval)
+        return;
+    mcpHealthInterval = setInterval(async () => {
+        try {
+            const runtime = await getMcpRuntime();
+            const servers = runtime.listServers();
+            if (servers.length === 0 && discoveredMcpTools && discoveredMcpTools.length > 0) {
+                // Runtime lost its servers — daemon likely died
+                console.warn('[mcp] Health check: runtime has no servers, triggering reconnect');
+                await reconnectMcp();
+                return;
+            }
+            // Verify we can actually list tools from at least one server
+            let healthy = false;
+            for (const server of servers) {
+                try {
+                    await runtime.listTools(server, { includeSchema: false });
+                    healthy = true;
+                    break;
+                }
+                catch {
+                    // This server is unhealthy
+                }
+            }
+            if (!healthy && servers.length > 0) {
+                console.warn('[mcp] Health check: all servers unhealthy, triggering reconnect');
+                await reconnectMcp();
+            }
+        }
+        catch {
+            // Runtime creation failed — trigger reconnect on next use
+            if (mcpRuntime) {
+                await mcpRuntime.close().catch(() => { });
+                mcpRuntime = null;
+            }
+            discoveredMcpTools = null;
+            mcpToolNameMap.clear();
+            toolDefsCache.clear();
+        }
+    }, MCP_REDISCOVERY_INTERVAL_MS);
+}
 async function getMcpRuntime() {
     if (!mcpRuntime) {
         const { createRuntime } = await import('mcporter');
         mcpRuntime = await createRuntime({
             configPath: join(homedir(), '.mcporter', 'mcporter.json'),
         });
+        startMcpHealthCheck();
     }
     return mcpRuntime;
 }
@@ -75,16 +121,20 @@ function getMcpFallbackTools(server) {
     return mcpFallbackCache[server] || [];
 }
 export async function discoverMcpTools() {
-    if (discoveredMcpTools !== null)
+    // Re-discover if cache is older than the rediscovery interval
+    const stale = mcpLastDiscoveredAt > 0 && (Date.now() - mcpLastDiscoveredAt) > MCP_REDISCOVERY_INTERVAL_MS;
+    if (discoveredMcpTools !== null && !stale)
         return discoveredMcpTools;
     const tools = [];
     mcpToolNameMap.clear();
     try {
         const runtime = await getMcpRuntime();
         const servers = runtime.listServers();
+        console.log(`[mcp] Servers found: ${servers.join(', ')}`);
         for (const server of servers) {
             try {
                 const serverTools = await runtime.listTools(server, { includeSchema: true });
+                console.log(`[mcp] Server "${server}" returned ${serverTools.length} tools: ${serverTools.map((t) => t.name).join(', ')}`);
                 const sanitizedServer = sanitizeToolName(server);
                 for (const tool of serverTools) {
                     const sanitizedTool = sanitizeToolName(tool.name);
@@ -119,10 +169,13 @@ export async function discoverMcpTools() {
         console.warn('[mcp] Failed to create runtime for tool discovery:', err instanceof Error ? err.message : err);
     }
     discoveredMcpTools = tools;
+    mcpLastDiscoveredAt = Date.now();
+    console.log(`[mcp] Discovered ${tools.length} tools: ${tools.map((t) => t.name).join(', ')}`);
     return tools;
 }
 export function clearMcpToolCache() {
     discoveredMcpTools = null;
+    mcpLastDiscoveredAt = 0;
 }
 const toolDefsCache = new TTLCache(60_000);
 /** Force-reconnect the MCP runtime (clears cached runtime and tool discovery). */
@@ -167,16 +220,15 @@ function injectProjects(tool, projects) {
     };
 }
 /**
- * Get all available tool definitions: built-ins + browser (if enabled) + MCP (auto-discovered) + agent tools.
+ * Get all available tool definitions: built-ins + fetch + MCP (auto-discovered) + agent tools.
  * This is the primary way to get tools — replaces the static TOOL_DEFINITIONS export.
- * Pass includeAgentTools: true to include code_with_agent, code_with_team, check_code_agent.
+ * Pass includeAgentTools: true to include code_with_agent and check_code_agent.
  * Results are cached for 60s to avoid rebuilding the array on every agent turn.
  */
 export async function getToolDefinitions(config, options) {
     const includeMcp = options?.includeMcp !== false; // default true for backwards compat
     const profile = config?.toolProfile ?? 'full';
     const cacheKey = JSON.stringify({
-        browser: config?.browser?.enabled,
         agentTools: options?.includeAgentTools,
         mcp: includeMcp,
         projects: options?.projects,
@@ -189,37 +241,33 @@ export async function getToolDefinitions(config, options) {
     // Fetch is always available (lightweight HTTP, no dependencies)
     tools.push(FETCH_TOOL_DEFINITION);
     // Minimal profile: built-in tools + fetch.
-    // Used by orchestrator decompose/synthesize calls.
     if (profile === 'minimal') {
         toolDefsCache.set(cacheKey, tools);
         return tools;
     }
-    // Include browser tool only when explicitly enabled
-    if (config?.browser?.enabled) {
-        tools.push(BROWSER_TOOL_DEFINITION);
-    }
-    // Coding profile: built-ins + browser + code_with_agent + check_code_agent.
-    // Skips MCP discovery and code_with_team.
+    // Coding profile: built-ins + fetch + code_with_agent + check_code_agent.
+    // Skips MCP discovery.
     if (profile === 'coding') {
         if (options?.includeAgentTools) {
             tools.push(injectProjects(CODE_WITH_AGENT_TOOL, options.projects));
             tools.push(CHECK_CODE_AGENT_TOOL);
+            tools.push(DELEGATE_TO_AGENT_TOOL);
         }
         toolDefsCache.set(cacheKey, tools);
         return tools;
     }
-    // Full profile (default): everything including MCP and code_with_team.
+    // Full profile (default): everything including MCP.
     // Auto-discover MCP tools from mcporter config (only for Anthropic models)
     if (includeMcp) {
         const mcpTools = await discoverMcpTools();
         tools.push(...mcpTools);
     }
-    // Include code_with_agent, code_with_team, and check_code_agent when requested
+    // Include code_with_agent and check_code_agent when requested
     if (options?.includeAgentTools) {
         const projects = options.projects;
         tools.push(injectProjects(CODE_WITH_AGENT_TOOL, projects));
-        tools.push(injectProjects(CODE_WITH_TEAM_TOOL, projects));
         tools.push(CHECK_CODE_AGENT_TOOL);
+        tools.push(DELEGATE_TO_AGENT_TOOL);
     }
     toolDefsCache.set(cacheKey, tools);
     return tools;
@@ -237,6 +285,32 @@ async function callMcpTool(server, tool, args) {
     }
     return JSON.stringify(result);
 }
+function isPlainObject(value) {
+    return Boolean(value) && typeof value === 'object' && !Array.isArray(value);
+}
+export function normalizeMcpToolArgsForExecution(server, tool, args) {
+    if (server !== 'context-a8c' || tool !== 'context-a8c-execute-tool' || isPlainObject(args.params)) {
+        return args;
+    }
+    const aliasedParams = ['parameters', 'input', 'arguments']
+        .map(key => args[key])
+        .find(isPlainObject);
+    if (aliasedParams) {
+        const { parameters: _parameters, input: _input, arguments: _arguments, ...rest } = args;
+        return { ...rest, params: aliasedParams };
+    }
+    if (typeof args.provider === 'string' && typeof args.tool === 'string') {
+        const params = Object.fromEntries(Object.entries(args).filter(([key]) => !['provider', 'tool', 'params'].includes(key)));
+        if (Object.keys(params).length > 0) {
+            return {
+                provider: args.provider,
+                tool: args.tool,
+                params,
+            };
+        }
+    }
+    return args;
+}
 async function executeMcpToolGeneric(fullName, args) {
     const mapping = mcpToolNameMap.get(fullName);
     let server;
@@ -252,21 +326,38 @@ async function executeMcpToolGeneric(fullName, args) {
         server = parts[1];
         toolName = parts.slice(2).join('__');
     }
-    try {
-        return await callMcpTool(server, toolName, args);
-    }
-    catch (err) {
-        const msg = err instanceof Error ? err.message : String(err);
-        // Retry once on connection/session errors
-        if (msg.includes('session') || msg.includes('Session') || msg.includes('ECONNR') || msg.includes('EPIPE') || msg.includes('closed') || msg.includes('disconnected')) {
-            console.warn(`[mcp] Tool call failed (${msg}), reconnecting and retrying...`);
-            await reconnectMcp();
-            return await callMcpTool(server, toolName, args);
+    const normalizedArgs = normalizeMcpToolArgsForExecution(server, toolName, args);
+    const isRetryableError = (msg) => msg.includes('session') || msg.includes('Session') || msg.includes('ECONNR') ||
+        msg.includes('EPIPE') || msg.includes('closed') || msg.includes('close') ||
+        msg.includes('disconnected') || msg.includes('fetch failed') ||
+        msg.includes('timed out') || msg.includes('Premature') ||
+        msg.includes('-32603') || msg.includes('-32001') || msg.includes('-32000');
+    const MAX_RETRIES = 2;
+    let lastErr;
+    for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
+        try {
+            return await callMcpTool(server, toolName, normalizedArgs);
+        }
+        catch (err) {
+            lastErr = err;
+            const msg = err instanceof Error ? err.message : String(err);
+            if (attempt < MAX_RETRIES && isRetryableError(msg)) {
+                const delay = (attempt + 1) * 2000; // 2s, 4s
+                console.warn(`[mcp] Tool call failed (${msg}), reconnecting (attempt ${attempt + 1}/${MAX_RETRIES})...`);
+                await new Promise(r => setTimeout(r, delay));
+                await reconnectMcp();
+                continue;
+            }
+            throw err;
         }
-        throw err;
     }
+    throw lastErr;
 }
 export async function cleanupMcp() {
+    if (mcpHealthInterval) {
+        clearInterval(mcpHealthInterval);
+        mcpHealthInterval = null;
+    }
     if (mcpRuntime) {
         await mcpRuntime.close().catch(() => { });
         mcpRuntime = null;
@@ -298,127 +389,20 @@ export async function executeTool(name, input, config, context) {
             const { executeCodeWithAgent } = await import('./code-agents/index.js');
             return await executeCodeWithAgent(input, config, context);
         }
-        // Route code_with_team - delegate to code-agents module
-        if (name === 'code_with_team') {
-            const { executeCodeWithTeam } = await import('./code-agents/index.js');
-            return await executeCodeWithTeam(input, config, context);
-        }
         // Route check_code_agent - delegate to code-agents module
         if (name === 'check_code_agent') {
             const { executeCheckCodeAgent } = await import('./code-agents/index.js');
             return executeCheckCodeAgent(input);
         }
+        if (name === 'delegate_to_agent') {
+            const { executeDelegateToAgent } = await import('./tools/agent-delegation.js');
+            if (!context?.fullConfig)
+                return 'Error: delegate_to_agent requires runtime config.';
+            return executeDelegateToAgent(input, context.fullConfig, context);
+        }
         // Map Claude Code names to internal names for built-in tools
         const normalized = fromClaudeCodeName(name).toLowerCase().replace(/-/g, '_');
-        // --- Sandbox routing ---
-        const sandboxCfg = context?.sandboxConfig;
-        if (sandboxCfg?.enabled) {
-            const SANDBOXED_TOOLS = new Set(['bash', 'read_file', 'write_file', 'list_directory', 'glob']);
-            // macOS-only commands that must run on the host (not available in Linux containers)
-            const MACOS_HOST_COMMANDS = new Set([
-                'osascript', 'open', 'say', 'pbcopy', 'pbpaste', 'defaults',
-                'icalBuddy', 'shortcuts', 'caffeinate', 'networksetup', 'launchctl',
-                'security', 'xattr', 'ditto', 'hdiutil', 'diskutil', 'sw_vers',
-            ]);
-            const needsHost = normalized === 'bash' && input.command &&
-                MACOS_HOST_COMMANDS.has(input.command.trim().split(/[\s;|&]/)[0]);
-            if (SANDBOXED_TOOLS.has(normalized) && !needsHost) {
-                const sessionId = context?.sessionId || context?.chatId?.toString() || 'default';
-                const merged = { ...SANDBOX_DEFAULTS, ...sandboxCfg };
-                const containerName = await ensureContainer(sessionId, merged, config.allowedPaths);
-                const mounts = validateMountPaths(config.allowedPaths);
-                const tp = (p) => translatePath(p, mounts);
-                // Translate host paths in bash commands so they resolve inside the container
-                const translateBashPaths = (cmd) => {
-                    let translated = cmd;
-                    // Sort mounts by host path length descending to match most specific first
-                    const sorted = [...mounts].sort((a, b) => b.host.length - a.host.length);
-                    for (const mount of sorted) {
-                        translated = translated.replaceAll(mount.host, mount.container);
-                    }
-                    // Also translate ~ and $HOME references to /workspace/config
-                    const home = homedir();
-                    const homeMounts = sorted.filter(m => m.host.startsWith(home));
-                    for (const mount of homeMounts) {
-                        const tildeForm = '~' + mount.host.slice(home.length);
-                        translated = translated.replaceAll(tildeForm, mount.container);
-                        const envForm = '$HOME' + mount.host.slice(home.length);
-                        translated = translated.replaceAll(envForm, mount.container);
-                    }
-                    return translated;
-                };
-                // Reverse-translate container paths back to host paths in file content.
-                // Prevents the agent from writing /workspace/... paths into config files.
-                const reverseTranslatePaths = (content) => {
-                    let reversed = content;
-                    const sorted = [...mounts].sort((a, b) => b.container.length - a.container.length);
-                    for (const mount of sorted) {
-                        reversed = reversed.replaceAll(mount.container, mount.host);
-                    }
-                    return reversed;
-                };
-                switch (normalized) {
-                    case 'bash': {
-                        const translatedCmd = translateBashPaths(input.command);
-                        // Apply hard safety blocks inside sandbox.
-                        // Sandbox provides filesystem isolation, so opaque script execution
-                        // (heredocs, -c, -e) is safe — only require approval for truly
-                        // destructive patterns (rm -rf, dd, mkfs, etc.).
-                        if (!isBashCommandSafe(translatedCmd)) {
-                            return 'Error: Command blocked by safety filter.';
-                        }
-                        const classification = classifyCommandRisk(translatedCmd);
-                        // Downgrade opaque-script classifications in sandbox — the isolation
-                        // already handles the risk that inline code poses on the host.
-                        if (classification.tier >= 2 && (classification.reason === 'Inline heredoc script execution' ||
-                            classification.reason === 'Inline interpreter code execution')) {
-                            classification.tier = 0;
-                            classification.reason = `${classification.reason} (sandboxed — auto-approved)`;
-                        }
-                        const approvalConfig = config.execApproval;
-                        if (requiresApproval(classification, approvalConfig)) {
-                            const isUnattended = context?.channel === 'subagent' ||
-                                context?.isCronJob === true ||
-                                (!context?.approverUserId && !context?.channelTargetId && !context?.chatId);
-                            if (isUnattended) {
-                                return `⛔ Command blocked — tier ${classification.tier} commands require approval but no approver is available in this context (${classification.reason}). Use safer alternatives or request approval via an interactive channel.`;
-                            }
-                            // Attended context — run full approval flow before executing in sandbox
-                            const { createApprovalRequest: sbxCreate, waitForApproval: sbxWait } = await import('./exec-approval.js');
-                            const ttlMs = approvalConfig?.ttlMs ?? 5 * 60 * 1000;
-                            const channelMeta = context?.channel ? {
-                                channel: context.channel,
-                                chatId: context.channelTargetId ?? context.chatId,
-                                userId: context.approverUserId,
-                                username: context.approverUsername,
-                            } : context?.chatId ? { channel: 'telegram', chatId: context.chatId } : undefined;
-                            const sbxReq = sbxCreate(translatedCmd, input.cwd, classification, approvalConfig, channelMeta);
-                            const sbxResolved = await sbxWait(sbxReq.id, ttlMs);
-                            if (sbxResolved.status !== 'approved') {
-                                return `⛔ Command not executed — approval ${sbxResolved.status} (tier ${classification.tier}: ${classification.reason}).`;
-                            }
-                        }
-                        return await sandboxBash(containerName, translatedCmd, input.cwd ? tp(input.cwd) : undefined, config.bashTimeout);
-                    }
-                    case 'read_file':
-                        return await sandboxReadFile(containerName, tp(input.file_path || input.path));
-                    case 'write_file':
-                        return await sandboxWriteFile(containerName, tp(input.file_path || input.path), reverseTranslatePaths(input.content));
-                    case 'list_directory':
-                        return await sandboxListDir(containerName, tp(input.path));
-                    case 'glob':
-                        return await sandboxGlob(containerName, tp(input.base || input.path || '/workspace'), input.pattern || '*');
-                    default:
-                        break; // fall through
-                }
-            }
-        }
         switch (normalized) {
-            case '$web_search':
-            case 'web_search':
-            case 'websearch':
-                // Legacy: redirect to Fetch with DuckDuckGo HTML search
-                return await executeFetch({ url: `https://duckduckgo.com/html/?q=${encodeURIComponent(input.query || input.q || input.text || '')}` }, config);
             case 'read_file':
                 return executeReadFile(input.file_path || input.path, config);
             case 'write_file':
@@ -426,9 +410,7 @@ export async function executeTool(name, input, config, context) {
             case 'list_directory':
                 return executeListDirectory(input.path, config);
             case 'bash':
-                return await executeBash(input.command, input.cwd, config, context);
-            case 'browser':
-                return await executeBrowser(input, config);
+                return await executeBash(input.command || input.cmd, input.cwd, config, context);
             case 'fetch':
                 return await executeFetch(input, config);
             default:

package/dist/types.d.ts

@@ -67,9 +67,13 @@ export interface Config {
         maxConcurrent?: number;
         defaultAgent?: string;
         timeoutMinutes?: number;
-        teamTimeoutMinutes?: number;
         maxTurns?: number;
-        skipPlaywright?: boolean;
+        worktrees?: {
+            enabled?: boolean;
+            mode?: 'off' | 'auto' | 'always';
+            root?: string;
+            cleanup?: boolean;
+        };
         /** Per-project validation commands. Keys match project names from `projects` config.
          *  Values are shell commands run in the project dir. Overrides auto-detected build+test. */
         validationCommands?: Record<string, string>;
@@ -88,7 +92,6 @@ export interface Config {
     /** Named project paths. Keys are short names (e.g. "skimpyclaw"), values are absolute paths.
      *  Project paths are automatically added to tool allowedPaths and available to code_with_agent by name. */
     projects?: Record<string, string>;
-    sandbox?: SandboxConfig;
 }
 export interface AgentConfig {
     identity: {
@@ -96,8 +99,9 @@ export interface AgentConfig {
         emoji: string;
     };
     model: string;
-    thinking?: 'none' | 'low' | 'medium' | 'high';
+    thinking?: ThinkingLevel;
 }
+export type ThinkingLevel = 'none' | 'low' | 'medium' | 'high' | 'xhigh';
 export type AllowlistEntry = string | number;
 export type ChannelId = 'telegram' | 'discord';
 export interface TelegramChannelConfig {
@@ -115,6 +119,8 @@ export interface DiscordChannelConfig {
     tools?: ToolConfig;
     defaultAllowedPaths?: string[];
     defaultChannelId?: string;
+    /** Route coding agent status updates to a thread on the triggering message (default: true) */
+    threadedReplies?: boolean;
 }
 export interface ChannelsConfig {
     active?: ChannelId;
@@ -143,16 +149,8 @@ export interface CronPayload {
     timeoutMs?: number;
     tools?: ToolConfig;
     sendAsVoice?: boolean;
-}
-export interface SandboxConfig {
-    enabled: boolean;
-    runtime?: 'container' | 'docker';
-    image?: string;
-    cpus?: number;
-    memory?: string;
-    network?: string;
-    idleTimeoutMs?: number;
-    env?: Record<string, string>;
+    /** Discord thread ID for routing notifications. Invalid/unavailable thread targets fall back to default channel delivery. */
+    discordThreadId?: string;
 }
 export interface ToolConfig {
     enabled: boolean;
@@ -166,20 +164,6 @@ export interface ToolConfig {
         maxContextTokens?: number;
         compactionModel?: string;
     };
-    browser?: {
-        enabled?: boolean;
-        type?: 'chromium' | 'firefox' | 'webkit';
-        headless?: boolean;
-        allowFile?: boolean;
-        slowMoMs?: number;
-        userAgent?: string;
-        viewport?: {
-            width: number;
-            height: number;
-        };
-        profileDir?: string;
-        executablePath?: string;
-    };
     execApproval?: {
         enabled?: boolean;
         ttlMs?: number;
@@ -199,11 +183,22 @@ export interface Session {
     createdAt: Date;
     updatedAt: Date;
 }
+export type InteractiveSessionStatus = 'active' | 'errored' | 'archived';
+export interface InteractiveSession {
+    discordThreadId: string;
+    cliSessionId: string;
+    cliAgent: 'claude' | 'codex';
+    status: InteractiveSessionStatus;
+    createdAt: string;
+    lastActivityAt: string;
+    initialTask: string;
+}
 export interface GatewayStatus {
     status: 'ok' | 'error';
     uptime: number;
     agent: string;
     model: string;
+    thinking?: ThinkingLevel;
     lastMessage?: Date;
     activeChannel?: ChannelId | null;
     cronJobs: {
@@ -233,11 +228,23 @@ export interface ChatMessage {
     role: 'system' | 'user' | 'assistant';
     content: string | ContentBlock[];
 }
+export interface FeedbackSignal {
+    type: 'correction' | 'acceptance';
+    reward: number;
+    confidence: number;
+    reason: string;
+    dimensions: Partial<Record<string, number>>;
+}
 export interface ChatOptions {
     model: string;
     maxTokens?: number;
     temperature?: number;
-    thinking?: 'none' | 'low' | 'medium' | 'high';
+    thinking?: ThinkingLevel;
+}
+export interface AbortSignalLike {
+    readonly aborted: boolean;
+    addEventListener?: (...args: any[]) => void;
+    removeEventListener?: (...args: any[]) => void;
 }
 export interface AgentRunContext {
     userId?: string;
@@ -245,7 +252,7 @@ export interface AgentRunContext {
     channel?: string;
     tags?: string[];
     metadata?: Record<string, unknown>;
-    abortSignal?: AbortSignal;
+    abortSignal?: AbortSignalLike;
     /** Audit trigger label (e.g. "telegram", "cron", "discord", "system") */
     trigger?: AuditTrace['trigger'];
 }

package/dist/utils.js

@@ -1,7 +1,7 @@
 // Shared utilities used across modules
 import { readFileSync, readdirSync, existsSync } from 'fs';
 import { join } from 'path';
-import { timingSafeEqual } from 'crypto';
+import { createHash, timingSafeEqual } from 'crypto';
 /**
  * Format a Date as YYYY-MM-DD string.
  */
@@ -63,9 +63,7 @@ export function validateBearerToken(expected, authHeader) {
     if (!authHeader || !authHeader.startsWith('Bearer '))
         return false;
     const provided = authHeader.slice(7);
-    const expectedBuf = Buffer.from(expected, 'utf8');
-    const providedBuf = Buffer.from(provided, 'utf8');
-    if (expectedBuf.length !== providedBuf.length)
-        return false;
-    return timingSafeEqual(expectedBuf, providedBuf);
+    const expectedDigest = createHash('sha256').update(expected, 'utf8').digest();
+    const providedDigest = createHash('sha256').update(provided, 'utf8').digest();
+    return timingSafeEqual(expectedDigest, providedDigest);
 }

package/dist/voice.d.ts

@@ -10,7 +10,7 @@ export interface TranscriptionResult {
  */
 export declare function transcribeAudio(audioPath: string, config: VoiceConfig): Promise<TranscriptionResult>;
 export interface SpeechResult {
-    buffer: Buffer;
+    buffer: Uint8Array;
     format: 'ogg' | 'mp3';
     provider: string;
 }

package/dist/voice.js

@@ -1,6 +1,6 @@
 // Voice transcription — local Whisper CLI (free) with API fallback
 import { existsSync, readFileSync, unlinkSync, readdirSync } from 'fs';
-import { execSync } from 'child_process';
+import { execSync, spawnSync } from 'child_process';
 import { basename, dirname, join } from 'path';
 import { tmpdir } from 'os';
 import { toErrorMessage } from './utils.js';
@@ -341,9 +341,22 @@ function synthesizeWithMacOS(text, voice = 'Zoe') {
     const aiffPath = join(tmpdir(), `skimpyclaw-tts-${id}.aiff`);
     const oggPath = join(tmpdir(), `skimpyclaw-tts-${id}.ogg`);
     try {
-        const safeText = text.replace(/'/g, "'\\''");
-        execSync(`say -v '${voice}' -o '${aiffPath}' '${safeText}'`, { stdio: ['ignore', 'pipe', 'pipe'] });
-        execSync(`ffmpeg -i '${aiffPath}' -c:a libopus '${oggPath}' -y`, { stdio: ['ignore', 'pipe', 'pipe'] });
+        const sayResult = spawnSync('say', ['-v', voice, '-o', aiffPath, text], {
+            encoding: 'utf-8',
+            stdio: ['ignore', 'pipe', 'pipe'],
+        });
+        if (sayResult.status !== 0) {
+            const msg = (sayResult.stderr || sayResult.stdout || '').trim() || 'unknown error';
+            throw new Error(`macOS say failed: ${msg}`);
+        }
+        const ffmpegResult = spawnSync('ffmpeg', ['-i', aiffPath, '-c:a', 'libopus', oggPath, '-y'], {
+            encoding: 'utf-8',
+            stdio: ['ignore', 'pipe', 'pipe'],
+        });
+        if (ffmpegResult.status !== 0) {
+            const msg = (ffmpegResult.stderr || ffmpegResult.stdout || '').trim() || 'unknown error';
+            throw new Error(`ffmpeg conversion failed: ${msg}`);
+        }
         const buffer = readFileSync(oggPath);
         return { buffer, format: 'ogg', provider: `macos (${voice})` };
     }