whale-code 6.5.3 → 6.5.5

package/dist/cli/services/agent-config.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Agent Config Loader — fetches agent settings from ai_agent_config (Supabase).
+ *
+ * Single source of truth: the DB record IS the config.
+ * Nothing is hardcoded — all behavioral knobs come from context_config JSONB.
+ * Cached for the session lifetime (5 min TTL) to avoid hammering the DB.
+ */
+import type { AgentContextConfig } from "../../shared/agent-core.js";
+export interface CLIAgentConfig {
+    id: string;
+    name: string;
+    model: string;
+    max_tokens: number;
+    max_tool_calls: number;
+    temperature: number;
+    context_config: AgentContextConfig | null;
+}
+/**
+ * Fetch the Whale Code agent's config from ai_agent_config.
+ * Uses the defaultAgentId from CLI config, or falls back to the known Whale Code UUID.
+ * Cached for 5 minutes — call freely from hot paths.
+ */
+export declare function loadCLIAgentConfig(): Promise<CLIAgentConfig | null>;
+/** Clear the cache (e.g., on /clear or session reset) */
+export declare function resetAgentConfigCache(): void;

package/dist/cli/services/agent-config.js

@@ -0,0 +1,61 @@
+/**
+ * Agent Config Loader — fetches agent settings from ai_agent_config (Supabase).
+ *
+ * Single source of truth: the DB record IS the config.
+ * Nothing is hardcoded — all behavioral knobs come from context_config JSONB.
+ * Cached for the session lifetime (5 min TTL) to avoid hammering the DB.
+ */
+import { createClient } from "@supabase/supabase-js";
+import { resolveConfig } from "./config-store.js";
+// ============================================================================
+// CACHE
+// ============================================================================
+let cachedConfig = null;
+let cacheTimestamp = 0;
+const CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
+/**
+ * Fetch the Whale Code agent's config from ai_agent_config.
+ * Uses the defaultAgentId from CLI config, or falls back to the known Whale Code UUID.
+ * Cached for 5 minutes — call freely from hot paths.
+ */
+export async function loadCLIAgentConfig() {
+    if (cachedConfig && Date.now() - cacheTimestamp < CACHE_TTL_MS) {
+        return cachedConfig;
+    }
+    try {
+        const { supabaseUrl, supabaseKey, defaultAgentId } = resolveConfig();
+        if (!supabaseUrl || !supabaseKey)
+            return cachedConfig;
+        const agentId = defaultAgentId || "72d7aaa8-2e8b-48a0-a38d-f332f69600bb";
+        const supabase = createClient(supabaseUrl, supabaseKey);
+        const { data, error } = await supabase
+            .from("ai_agent_config")
+            .select("id, name, model, max_tokens, max_tool_calls, temperature, context_config")
+            .eq("id", agentId)
+            .single();
+        if (error || !data) {
+            // Silently fall back to cached config on error — never block the CLI
+            return cachedConfig;
+        }
+        cachedConfig = {
+            id: data.id,
+            name: data.name,
+            model: data.model,
+            max_tokens: data.max_tokens,
+            max_tool_calls: data.max_tool_calls,
+            temperature: data.temperature,
+            context_config: data.context_config,
+        };
+        cacheTimestamp = Date.now();
+        return cachedConfig;
+    }
+    catch {
+        // Network failure, auth expired, etc. — never crash the CLI
+        return cachedConfig;
+    }
+}
+/** Clear the cache (e.g., on /clear or session reset) */
+export function resetAgentConfigCache() {
+    cachedConfig = null;
+    cacheTimestamp = 0;
+}

package/dist/cli/services/agent-loop.js

@@ -26,7 +26,8 @@ import { captureError, addBreadcrumb } from "./error-logger.js";
 import { setGlobalEmitter, clearGlobalEmitter, } from "./agent-events.js";
 import { mcpClientManager } from "./mcp-client.js";
 import { loadHooks, runBeforeToolHook, runAfterToolHook, runSessionHook } from "./hooks.js";
-import { LoopDetector, COMPACTION_TRIGGER_TOKENS, COMPACTION_TOTAL_BUDGET, getCompactionConfig, DEFAULT_SESSION_COST_BUDGET_USD, emitCostWarningIfNeeded } from "../../shared/agent-core.js";
+import { LoopDetector, COMPACTION_TOTAL_BUDGET, getCompactionConfig, getContextManagement, DEFAULT_SESSION_COST_BUDGET_USD, emitCostWarningIfNeeded, resolveAgentLoopConfig, AGENT_DEFAULTS } from "../../shared/agent-core.js";
+import { loadCLIAgentConfig, resetAgentConfigCache } from "./agent-config.js";
 import { parseSSEStream, processStreamWithCallbacks, collectStreamResult } from "../../shared/sse-parser.js";
 import { callServerProxy, callTranscribe, buildAPIRequest, buildSystemBlocks, prepareWithCaching, trimGeminiContext, trimOpenAIContext, requestProviderCompaction } from "../../shared/api-client.js";
 import { getProvider, MODELS } from "../../shared/constants.js";
@@ -88,10 +89,13 @@ export function resetSessionState() {
     resetGitContext();
     resetClaudeMdCache();
     clearReadCache();
+    resetAgentConfigCache();
 }
 /** CLI-only: loop detector — persists session error state across turns (reset by resetSessionState) */
 let sessionLoopDetector = null;
-const MAX_TURNS = 200; // Match Claude Code — effectively unlimited within a session
+// CLI max turns — high ceiling since user controls via Ctrl+C.
+// DB agent config maxTurns is used when available, this is the absolute safety cap.
+const CLI_MAX_TURNS_CAP = 200;
 // ============================================================================
 // SHELL OUTPUT SUMMARIZATION
 // ============================================================================
@@ -231,7 +235,8 @@ export async function runAgentLoop(opts) {
     if (emitter) {
         setGlobalEmitter(emitter);
     }
-    const effectiveMaxTurns = opts.maxTurns || MAX_TURNS;
+    // effectiveMaxTurns resolved after DB config fetch below
+    let effectiveMaxTurns = opts.maxTurns || CLI_MAX_TURNS_CAP;
     // Load hooks from project and user config
     const hooksCwd = opts.cwd || process.cwd();
     const hooks = loadHooks(hooksCwd);
@@ -308,8 +313,27 @@ export async function runAgentLoop(opts) {
     let sessionCostUsd = 0;
     let compactionCount = 0;
     const costWarningsEmitted = new Set();
-    const effectiveBudget = opts.maxBudgetUsd ?? DEFAULT_SESSION_COST_BUDGET_USD;
     const activeModel = getModel();
+    // Fetch agent config from DB — single source of truth, nothing hardcoded.
+    // Falls back to AGENT_DEFAULTS only if DB is unreachable (never blocks).
+    const dbAgent = await loadCLIAgentConfig();
+    const resolved = dbAgent
+        ? resolveAgentLoopConfig(dbAgent, "sse")
+        : null;
+    const effectiveBudget = opts.maxBudgetUsd
+        ?? resolved?.contextOverrides.session_cost_budget_usd
+        ?? DEFAULT_SESSION_COST_BUDGET_USD;
+    // Compaction settings from DB via getContextManagement — pass DB overrides so
+    // the trigger/budget values match what the Anthropic API actually uses.
+    const ctxOverrides = resolved?.contextOverrides;
+    const ctxMgmt = getContextManagement(activeModel, ctxOverrides);
+    const compactEdit = ctxMgmt.config.edits.find((e) => e.type === "compact_20260112");
+    const effectiveCompactionTrigger = compactEdit?.trigger?.value ?? AGENT_DEFAULTS.compactionTriggerTokens;
+    const effectiveCompactionBudget = ctxOverrides?.compaction_total_budget ?? COMPACTION_TOTAL_BUDGET;
+    // Override maxTurns from DB config (if not explicitly set by caller)
+    if (!opts.maxTurns && resolved) {
+        effectiveMaxTurns = resolved.maxTurns;
+    }
     // Tool executor — routes to interactive, local, server, or MCP tools.
     // Wraps execution with before/after hooks when hooks are loaded.
     const INTERACTIVE_TOOL_NAMES = new Set(INTERACTIVE_TOOL_DEFINITIONS.map(t => t.name));
@@ -375,9 +399,6 @@ export async function runAgentLoop(opts) {
         }
         return result;
     };
-    // Deprecated: Anthropic context_management handles limits via clear_tool_uses + compaction.
-    // tool-dispatch.ts uses SAFETY_MAX_CHARS (500K) — this value is ignored.
-    const maxResultChars = undefined;
     try {
         for (let iteration = 0; iteration < effectiveMaxTurns; iteration++) {
             if (abortSignal?.aborted) {
@@ -401,6 +422,7 @@ export async function runAgentLoop(opts) {
                 model: currentModel,
                 contextProfile: "main",
                 thinkingEnabled: opts.thinking,
+                contextOverrides: ctxOverrides,
             });
             // Prepare with prompt caching
             let { tools: cachedTools, messages: cachedMessages } = prepareWithCaching(tools, messages);
@@ -557,7 +579,7 @@ export async function runAgentLoop(opts) {
                 compactionCount++;
                 logSpan({ action: "chat.compaction_pause", durationMs: Date.now() - apiStart, context: turnCtx, storeId: storeId || undefined, details: { compaction_count: compactionCount, messages_before: messages.length } });
                 // Budget enforcement
-                if (compactionCount * COMPACTION_TRIGGER_TOKENS >= COMPACTION_TOTAL_BUDGET) {
+                if (compactionCount * effectiveCompactionTrigger >= effectiveCompactionBudget) {
                     const budgetMsg = "\n[Context budget reached — wrapping up.]";
                     if (emitter) {
                         emitter.emitText(budgetMsg);
@@ -605,7 +627,6 @@ export async function runAgentLoop(opts) {
             const { results: toolResults, bailOut, bailMessage } = await dispatchTools(result.toolUseBlocks, toolExecutor, {
                 loopDetector,
                 maxConcurrent: 7,
-                maxResultChars,
                 onStart: (name, input) => {
                     callbacks.onToolStart(name, input);
                 },

package/dist/cli/services/error-logger.d.ts

@@ -1,9 +1,8 @@
 /**
- * Error Logger — fire-and-forget error capture to error_events table
+ * Error Logger — fire-and-forget error capture to ClickHouse error_events table
  *
- * Sentry replacement built on our own Supabase infrastructure.
+ * Sentry replacement built on our own ClickHouse infrastructure.
  * Mirrors the Swift WhaleErrorLogger: same fingerprinting, same table, same schema.
- * Reuses the telemetry.ts Supabase client pattern.
  */
 export interface ErrorLoggerConfig {
     serviceName: string;

package/dist/cli/services/error-logger.js

@@ -1,16 +1,12 @@
 /**
- * Error Logger — fire-and-forget error capture to error_events table
+ * Error Logger — fire-and-forget error capture to ClickHouse error_events table
  *
- * Sentry replacement built on our own Supabase infrastructure.
+ * Sentry replacement built on our own ClickHouse infrastructure.
  * Mirrors the Swift WhaleErrorLogger: same fingerprinting, same table, same schema.
- * Reuses the telemetry.ts Supabase client pattern.
  */
-import { createClient } from "@supabase/supabase-js";
 import { createRequire } from "module";
 import { createHash } from "crypto";
 import os from "os";
-import { resolveConfig } from "./config-store.js";
-import { getValidToken, createAuthenticatedClient } from "./auth-service.js";
 const require = createRequire(import.meta.url);
 const PKG_VERSION = require("../../../package.json").version;
 // ============================================================================
@@ -24,7 +20,6 @@ let config = {
     maxBreadcrumbs: 25,
 };
 let breadcrumbs = [];
-let supabaseClient = null;
 // User context (set externally)
 let currentUserId;
 let currentUserEmail;
@@ -98,10 +93,12 @@ export function captureMessage(message, severity = "info", extra) {
 // INTERNAL
 // ============================================================================
 async function _captureError(opts) {
-    const client = await getClient();
-    if (!client) {
+    const host = process.env.CLICKHOUSE_HOST || "jmp0o2f6so.us-east-1.aws.clickhouse.cloud";
+    const user = process.env.CLICKHOUSE_USER || "default";
+    const password = process.env.CLICKHOUSE_PASSWORD;
+    if (!host || !password) {
         if (process.env.DEBUG_TELEMETRY) {
-            process.stderr.write(`[error-logger] no client available\n`);
+            process.stderr.write(`[error-logger] ClickHouse not configured\n`);
         }
         return;
     }
@@ -114,61 +111,55 @@ async function _captureError(opts) {
         ? `${opts.file}:${opts.function}`
         : extractSourceFromStack(stackTrace);
     const fingerprint = computeFingerprint(errorType, normalizedMessage, sourceLocation);
-    // Parse source from stack if not provided
     const parsedSource = parseSourceFromStack(stackTrace);
     const event = {
         fingerprint,
         severity: opts.severity || "error",
         error_type: errorType,
-        error_message: errorMessage,
-        error_code: opts.errorCode,
-        source_file: opts.file || parsedSource.file,
-        source_line: opts.line || parsedSource.line,
-        source_function: opts.function || parsedSource.function,
-        stack_trace: stackTrace,
-        stack_frames: stackTrace ? parseStackFrames(stackTrace) : undefined,
-        breadcrumbs: [...breadcrumbs],
+        error_message: errorMessage.slice(0, 4096),
+        error_code: opts.errorCode || "",
+        source_file: opts.file || parsedSource.file || "",
+        source_line: opts.line || parsedSource.line || 0,
+        source_function: opts.function || parsedSource.function || "",
+        stack_trace: stackTrace || "",
         platform: config.platform || "typescript",
         service_name: config.serviceName,
-        service_version: config.serviceVersion,
+        service_version: config.serviceVersion || "",
         environment: config.environment || "production",
-        device_info: collectDeviceInfo(),
-        runtime_info: collectRuntimeInfo(),
-        store_id: opts.storeId || currentStoreId,
-        user_id: opts.userId || currentUserId,
-        user_email: opts.userEmail || currentUserEmail,
-        trace_id: opts.traceId,
-        span_id: opts.spanId,
-        tags: opts.tags || {},
-        extra: opts.extra || {},
+        device_info: JSON.stringify(collectDeviceInfo()),
+        runtime_info: JSON.stringify(collectRuntimeInfo()),
+        store_id: opts.storeId || currentStoreId || "",
+        user_id: opts.userId || currentUserId || "",
+        user_email: opts.userEmail || currentUserEmail || "",
+        trace_id: opts.traceId || "",
+        span_id: opts.spanId || "",
+        request_id: "",
+        tags: JSON.stringify(opts.tags || {}),
+        extra: JSON.stringify(opts.extra || {}),
+        breadcrumbs: JSON.stringify(breadcrumbs),
         occurred_at: new Date().toISOString(),
     };
-    const { error: dbError } = await client.from("error_events").insert(event);
-    if (dbError && process.env.DEBUG_TELEMETRY) {
-        process.stderr.write(`[error-logger] db error: ${dbError.message}\n`);
-    }
-}
-// ============================================================================
-// SUPABASE CLIENT (lazy init, same pattern as telemetry.ts)
-// ============================================================================
-async function getClient() {
-    if (supabaseClient)
-        return supabaseClient;
-    const cfg = resolveConfig();
-    // Prefer service role key
-    if (cfg.supabaseUrl && cfg.supabaseKey) {
-        supabaseClient = createClient(cfg.supabaseUrl, cfg.supabaseKey, {
-            auth: { persistSession: false, autoRefreshToken: false },
+    try {
+        const credentials = Buffer.from(`${user}:${password}`).toString("base64");
+        const url = `https://${host}:8443/?query=${encodeURIComponent("INSERT INTO error_events FORMAT JSONEachRow")}`;
+        const response = await fetch(url, {
+            method: "POST",
+            headers: {
+                Authorization: `Basic ${credentials}`,
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify(event),
         });
-        return supabaseClient;
+        if (!response.ok && process.env.DEBUG_TELEMETRY) {
+            const text = await response.text();
+            process.stderr.write(`[error-logger] ClickHouse ${response.status}: ${text.slice(0, 200)}\n`);
+        }
     }
-    // Fallback: user JWT
-    const token = await getValidToken();
-    if (token) {
-        supabaseClient = createAuthenticatedClient(token);
-        return supabaseClient;
+    catch (err) {
+        if (process.env.DEBUG_TELEMETRY) {
+            process.stderr.write(`[error-logger] insert failed: ${err.message}\n`);
+        }
     }
-    return null;
 }
 // ============================================================================
 // FINGERPRINTING (identical algorithm to Swift)

package/dist/cli/services/subagent.js

@@ -11,7 +11,8 @@ import { readFileSync, existsSync, writeFileSync, mkdirSync, appendFileSync } fr
 import { join } from "path";
 import { homedir, tmpdir } from "os";
 import { LOCAL_TOOL_DEFINITIONS, } from "./local-tools.js";
-import { LoopDetector, estimateCostUsd, demoteSubagentModel } from "../../shared/agent-core.js";
+import { LoopDetector, estimateCostUsd, demoteSubagentModel, AGENT_DEFAULTS } from "../../shared/agent-core.js";
+import { loadCLIAgentConfig } from "./agent-config.js";
 import { MODEL_MAP } from "../../shared/constants.js";
 import { loadServerToolDefinitions, } from "./server-tools.js";
 import { logSpan, generateSpanId, generateTraceId } from "./telemetry.js";
@@ -23,10 +24,9 @@ import { callAgentAPI, executeToolBlocks, extractTextBlocks, extractToolUseBlock
 // CONSTANTS
 // ============================================================================
 const AGENTS_DIR = join(homedir(), ".swagmanager", "agents");
-// Claude Code pattern: subagents should be discrete tasks, not open-ended
-// Low turn limit prevents infinite loops and forces focused execution
-const MAX_TURNS = 8;
-const SUBAGENT_MAX_OUTPUT_TOKENS = 32_000; // Claude Code parity — subagents get 32K output
+// Subagent defaults — overridden by DB config (ai_agent_config.context_config) when available.
+// These are safety caps only; actual values come from AGENT_DEFAULTS or the resolved config.
+const SUBAGENT_MAX_TURNS_CAP = 50; // Absolute safety cap
 // ============================================================================
 // AGENT PROMPTS — specialized per type
 // ============================================================================
@@ -289,7 +289,11 @@ export async function runSubagent(options) {
     const cwd = process.cwd();
     const systemPrompt = buildAgentPrompt(subagent_type, cwd);
     const startTime = Date.now();
-    const effectiveMaxTurns = max_turns ? Math.max(1, Math.min(50, max_turns)) : MAX_TURNS;
+    // DB config → caller override → AGENT_DEFAULTS fallback
+    const dbAgent = await loadCLIAgentConfig();
+    const dbMaxTurns = dbAgent?.context_config?.subagent_max_turns ?? AGENT_DEFAULTS.subagentMaxTurns;
+    const dbMaxTokens = dbAgent?.context_config?.subagent_max_tokens ?? AGENT_DEFAULTS.subagentMaxTokens;
+    const effectiveMaxTurns = max_turns ? Math.max(1, Math.min(SUBAGENT_MAX_TURNS_CAP, max_turns)) : dbMaxTurns;
     // Extract short description from prompt (first sentence or 60 chars)
     const descMatch = prompt.match(/^[^.!?\n]+/);
     const shortDescription = name || (descMatch
@@ -369,7 +373,7 @@ export async function runSubagent(options) {
                         messages: state.messages,
                         tools,
                         thinkingEnabled: false,
-                        maxOutputTokens: SUBAGENT_MAX_OUTPUT_TOKENS,
+                        maxOutputTokens: dbMaxTokens,
                         cacheLastTool: true,
                     });
                     lastError = null;

package/dist/cli/services/teammate.js

@@ -10,7 +10,8 @@
 import { Worker, parentPort, workerData, isMainThread } from "worker_threads";
 import { fileURLToPath } from "url";
 import { loadTeam, claimTask, completeTask, failTask, getAvailableTasks, sendMessage, getUnreadMessages, markMessagesRead, updateTeammate, } from "./team-state.js";
-import { LoopDetector, estimateCostUsd } from "../../shared/agent-core.js";
+import { LoopDetector, estimateCostUsd, AGENT_DEFAULTS } from "../../shared/agent-core.js";
+import { loadCLIAgentConfig } from "./agent-config.js";
 import { MODEL_MAP } from "../../shared/constants.js";
 import { LOCAL_TOOL_DEFINITIONS, } from "./local-tools.js";
 import { loadServerToolDefinitions, } from "./server-tools.js";
@@ -20,12 +21,23 @@ import { callAgentAPI, executeToolBlocks, extractTextBlocks, extractToolUseBlock
 // ============================================================================
 // CONSTANTS
 // ============================================================================
-const MAX_TURNS_PER_TASK = 12; // More turns than subagent since tasks are larger
-const MAX_OUTPUT_TOKENS = 16384;
-const MAX_TEAMMATE_TURNS = 50; // Outer loop safety: max task claim cycles
-const MAX_TEAMMATE_DURATION_MS = 10 * 60 * 1000; // 10 minute hard timeout
-const API_TIMEOUT_MS = 90_000; // 90s timeout on proxy/API fetch calls
-const TOOL_TIMEOUT_MS = 60_000; // 60s timeout on individual tool execution
+// Teammate constants — behavioral defaults from DB, infrastructure timeouts hardcoded (acceptable)
+let TEAMMATE_MAX_TURNS_PER_TASK = 12;
+let TEAMMATE_MAX_OUTPUT_TOKENS = 16384;
+let TEAMMATE_MAX_TOTAL_TURNS = 50;
+let TEAMMATE_MAX_DURATION_MS = AGENT_DEFAULTS.maxDurationMs;
+const API_TIMEOUT_MS = 90_000; // 90s timeout on proxy/API fetch calls (infrastructure)
+const TOOL_TIMEOUT_MS = 60_000; // 60s timeout on individual tool execution (infrastructure)
+// Lazy init from DB — called once per teammate spawn
+async function resolveTeammateConfig() {
+    const dbAgent = await loadCLIAgentConfig();
+    if (!dbAgent?.context_config)
+        return;
+    const cc = dbAgent.context_config;
+    TEAMMATE_MAX_TURNS_PER_TASK = cc.subagent_max_turns ?? TEAMMATE_MAX_TURNS_PER_TASK;
+    TEAMMATE_MAX_OUTPUT_TOKENS = cc.subagent_max_tokens ?? TEAMMATE_MAX_OUTPUT_TOKENS;
+    TEAMMATE_MAX_DURATION_MS = cc.max_duration_ms ?? TEAMMATE_MAX_DURATION_MS;
+}
 // ============================================================================
 // TEAMMATE SYSTEM PROMPT
 // ============================================================================
@@ -221,7 +233,7 @@ async function callAPI(modelId, systemPrompt, messages, tools, thinkingEnabled =
         messages,
         tools,
         thinkingEnabled,
-        maxOutputTokens: MAX_OUTPUT_TOKENS,
+        maxOutputTokens: TEAMMATE_MAX_OUTPUT_TOKENS,
         timeoutMs: API_TIMEOUT_MS,
     });
 }
@@ -232,6 +244,8 @@ async function runTeammateLoop(data) {
     const { teamId, teammateId, teammateName, model, cwd, parentConversationId, teamName, authToken } = data;
     const modelId = MODEL_MAP[model] || MODEL_MAP.opus; // Inherit parent default
     const startTime = Date.now();
+    // Load behavioral config from DB — no hardcoded values
+    await resolveTeammateConfig();
     // Initialize telemetry client with auth token if provided
     if (authToken) {
         initializeTelemetryClient(authToken);
@@ -343,15 +357,15 @@ async function runTeammateLoop(data) {
     let outerTurn = 0;
     while (true) {
         // Safety: max turns guard
-        if (++outerTurn > MAX_TEAMMATE_TURNS) {
+        if (++outerTurn > TEAMMATE_MAX_TOTAL_TURNS) {
             logTeammateComplete("max_turns_reached");
-            report({ type: "done", teammateId, content: `${teammateName} reached max turns (${MAX_TEAMMATE_TURNS})`, tokensUsed: { input: totalIn, output: totalOut } });
+            report({ type: "done", teammateId, content: `${teammateName} reached max turns (${TEAMMATE_MAX_TOTAL_TURNS})`, tokensUsed: { input: totalIn, output: totalOut } });
             break;
         }
         // Safety: elapsed time guard
-        if (Date.now() - startTime > MAX_TEAMMATE_DURATION_MS) {
+        if (Date.now() - startTime > TEAMMATE_MAX_DURATION_MS) {
             logTeammateComplete("timeout");
-            report({ type: "done", teammateId, content: `${teammateName} timed out after ${Math.round(MAX_TEAMMATE_DURATION_MS / 60_000)}min`, tokensUsed: { input: totalIn, output: totalOut } });
+            report({ type: "done", teammateId, content: `${teammateName} timed out after ${Math.round(TEAMMATE_MAX_DURATION_MS / 60_000)}min`, tokensUsed: { input: totalIn, output: totalOut } });
             break;
         }
         const team = loadTeam(teamId);
@@ -389,7 +403,7 @@ async function runTeammateLoop(data) {
             // Resolve per-task model: task-level → team default
             const taskModel = claimed.model || model;
             currentTaskModelId = MODEL_MAP[taskModel] || MODEL_MAP[model] || MODEL_MAP.opus;
-            // Disable thinking for teammates — with MAX_OUTPUT_TOKENS=16K, adaptive thinking
+            // Disable thinking for teammates — with TEAMMATE_MAX_OUTPUT_TOKENS=16K, adaptive thinking
             // burns 8-12K tokens on reasoning per turn, leaving only 4-8K for actual code output.
             // This caused catastrophic token bloat (359K input tokens per task) and truncated responses.
             currentTaskThinking = false;
@@ -407,7 +421,7 @@ async function runTeammateLoop(data) {
         const systemPrompt = buildTeammatePrompt(teammateName, freshTeam, freshTask, cwd);
         // Agent loop for current task
         let apiError = null;
-        for (let turn = 0; turn < MAX_TURNS_PER_TASK; turn++) {
+        for (let turn = 0; turn < TEAMMATE_MAX_TURNS_PER_TASK; turn++) {
             const apiStart = Date.now();
             let response;
             try {

package/dist/index.js

@@ -19,7 +19,7 @@ import { createClient } from "@supabase/supabase-js";
 import { createRequire } from "module";
 import { startUpdateLoop } from "./updater.js";
 import { resolveConfig, loadConfig, updateConfig } from "./cli/services/config-store.js";
-import { getValidToken, getStoresForUser, selectStore } from "./cli/services/auth-service.js";
+import { getValidToken, getStoresForUser, selectStore, SUPABASE_ANON_KEY } from "./cli/services/auth-service.js";
 import { signInWithBrowser } from "./cli/services/browser-auth.js";
 import { LocalAgentConnection } from "./local-agent/connection.js";
 import { initErrorLogger, setErrorLoggerUser, captureError } from "./cli/services/error-logger.js";
@@ -68,10 +68,21 @@ if (!IS_SERVICE_ROLE && rawConfig.access_token && rawConfig.refresh_token) {
 let isAuthenticated = !!(SUPABASE_URL && INITIAL_SUPABASE_KEY);
 let supabase = null;
 if (isAuthenticated) {
-    supabase = createClient(SUPABASE_URL, INITIAL_SUPABASE_KEY);
-    if (IS_SERVICE_ROLE && !USER_ID) {
-        console.error("[MCP] WARNING: Using service role key without user login. Tools will work but store scoping is disabled.");
-        console.error("[MCP] For proper store-scoped access, use the whale_login tool or run `whale login` first.");
+    if (IS_SERVICE_ROLE) {
+        // Service role key — use directly as apiKey (full access)
+        supabase = createClient(SUPABASE_URL, INITIAL_SUPABASE_KEY, {
+            auth: { persistSession: false, autoRefreshToken: false },
+        });
+        if (!USER_ID) {
+            console.error("[MCP] WARNING: Using service role key without user login. Tools will work but store scoping is disabled.");
+        }
+    }
+    else {
+        // User JWT — use anon key as apiKey, pass JWT via Authorization header
+        supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
+            auth: { persistSession: false, autoRefreshToken: false },
+            global: { headers: { Authorization: `Bearer ${INITIAL_SUPABASE_KEY}` } },
+        });
     }
 }
 else {

package/dist/server/handlers/api-docs.d.ts

@@ -0,0 +1,6 @@
+import type { SupabaseClient } from "@supabase/supabase-js";
+export declare function handleApiDocs(_sb: SupabaseClient, args: Record<string, unknown>, _storeId?: string): Promise<{
+    success: boolean;
+    data?: unknown;
+    error?: string;
+}>;