npm - zora-agent - Versions diffs - 0.9.4 → 0.9.6 - Mend

zora-agent 0.9.4 → 0.9.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (245) hide show

package/CHANGELOG.md +1 -1
package/README.md +103 -92
package/dist/cli/audit-commands.d.ts.map +1 -1
package/dist/cli/audit-commands.js +3 -1
package/dist/cli/audit-commands.js.map +1 -1
package/dist/cli/daemon.js +86 -28
package/dist/cli/daemon.js.map +1 -1
package/dist/cli/edit-commands.d.ts.map +1 -1
package/dist/cli/edit-commands.js +3 -1
package/dist/cli/edit-commands.js.map +1 -1
package/dist/cli/hook-commands.d.ts +9 -0
package/dist/cli/hook-commands.d.ts.map +1 -0
package/dist/cli/hook-commands.js +106 -0
package/dist/cli/hook-commands.js.map +1 -0
package/dist/cli/index.js +87 -35
package/dist/cli/index.js.map +1 -1
package/dist/cli/init-command.d.ts.map +1 -1
package/dist/cli/init-command.js +108 -9
package/dist/cli/init-command.js.map +1 -1
package/dist/cli/memory-commands.d.ts +1 -1
package/dist/cli/memory-commands.d.ts.map +1 -1
package/dist/cli/memory-commands.js +213 -1
package/dist/cli/memory-commands.js.map +1 -1
package/dist/cli/presets.d.ts.map +1 -1
package/dist/cli/presets.js +2 -1
package/dist/cli/presets.js.map +1 -1
package/dist/cli/skill-commands.d.ts.map +1 -1
package/dist/cli/skill-commands.js +4 -2
package/dist/cli/skill-commands.js.map +1 -1
package/dist/cli/steer-commands.d.ts.map +1 -1
package/dist/cli/steer-commands.js +6 -4
package/dist/cli/steer-commands.js.map +1 -1
package/dist/cli/team-commands.d.ts.map +1 -1
package/dist/cli/team-commands.js +3 -1
package/dist/cli/team-commands.js.map +1 -1
package/dist/config/defaults.d.ts.map +1 -1
package/dist/config/defaults.js +12 -2
package/dist/config/defaults.js.map +1 -1
package/dist/config/loader.d.ts +23 -0
package/dist/config/loader.d.ts.map +1 -1
package/dist/config/loader.js +64 -3
package/dist/config/loader.js.map +1 -1
package/dist/config/policy-loader.d.ts +14 -0
package/dist/config/policy-loader.d.ts.map +1 -1
package/dist/config/policy-loader.js +33 -0
package/dist/config/policy-loader.js.map +1 -1
package/dist/dashboard/frontend/dist/assets/index-BcOGj1EF.css +1 -0
package/dist/dashboard/frontend/dist/assets/index-BtiFO9YN.js +261 -0
package/dist/dashboard/frontend/dist/assets/index-Cfjy5acU.css +1 -0
package/dist/dashboard/frontend/dist/assets/index-D41hcjgc.js +253 -0
package/dist/dashboard/frontend/dist/assets/index-D83BawFd.css +1 -0
package/dist/dashboard/frontend/dist/assets/index-DAODjoxu.css +1 -0
package/dist/dashboard/frontend/dist/assets/index-DB-Eu5oV.js +253 -0
package/dist/dashboard/frontend/dist/assets/index-W0VVEDu6.js +253 -0
package/dist/dashboard/frontend/dist/index.html +17 -0
package/dist/dashboard/server.d.ts +19 -2
package/dist/dashboard/server.d.ts.map +1 -1
package/dist/dashboard/server.js +121 -20
package/dist/dashboard/server.js.map +1 -1
package/dist/hooks/hook-runner.d.ts +55 -0
package/dist/hooks/hook-runner.d.ts.map +1 -0
package/dist/hooks/hook-runner.js +120 -0
package/dist/hooks/hook-runner.js.map +1 -0
package/dist/hooks/hook-types.d.ts +82 -0
package/dist/hooks/hook-types.d.ts.map +1 -0
package/dist/hooks/hook-types.js +20 -0
package/dist/hooks/hook-types.js.map +1 -0
package/dist/hooks/index.d.ts +6 -0
package/dist/hooks/index.d.ts.map +1 -0
package/dist/hooks/index.js +6 -0
package/dist/hooks/index.js.map +1 -0
package/dist/memory/context-compressor.d.ts +108 -0
package/dist/memory/context-compressor.d.ts.map +1 -0
package/dist/memory/context-compressor.js +307 -0
package/dist/memory/context-compressor.js.map +1 -0
package/dist/memory/index.d.ts +1 -0
package/dist/memory/index.d.ts.map +1 -1
package/dist/memory/index.js +1 -0
package/dist/memory/index.js.map +1 -1
package/dist/memory/memory-manager.d.ts +88 -4
package/dist/memory/memory-manager.d.ts.map +1 -1
package/dist/memory/memory-manager.js +299 -7
package/dist/memory/memory-manager.js.map +1 -1
package/dist/memory/observation-store.d.ts +75 -0
package/dist/memory/observation-store.d.ts.map +1 -0
package/dist/memory/observation-store.js +162 -0
package/dist/memory/observation-store.js.map +1 -0
package/dist/memory/observer-worker.d.ts +34 -0
package/dist/memory/observer-worker.d.ts.map +1 -0
package/dist/memory/observer-worker.js +161 -0
package/dist/memory/observer-worker.js.map +1 -0
package/dist/memory/reflector-worker.d.ts +40 -0
package/dist/memory/reflector-worker.d.ts.map +1 -0
package/dist/memory/reflector-worker.js +185 -0
package/dist/memory/reflector-worker.js.map +1 -0
package/dist/memory/salience-scorer.d.ts +16 -6
package/dist/memory/salience-scorer.d.ts.map +1 -1
package/dist/memory/salience-scorer.js +42 -22
package/dist/memory/salience-scorer.js.map +1 -1
package/dist/memory/structured-memory.d.ts +36 -1
package/dist/memory/structured-memory.d.ts.map +1 -1
package/dist/memory/structured-memory.js +207 -8
package/dist/memory/structured-memory.js.map +1 -1
package/dist/memory/token-estimator.d.ts +31 -0
package/dist/memory/token-estimator.d.ts.map +1 -0
package/dist/memory/token-estimator.js +77 -0
package/dist/memory/token-estimator.js.map +1 -0
package/dist/memory/validation-pipeline.d.ts +37 -0
package/dist/memory/validation-pipeline.d.ts.map +1 -0
package/dist/memory/validation-pipeline.js +106 -0
package/dist/memory/validation-pipeline.js.map +1 -0
package/dist/orchestrator/auth-monitor.d.ts.map +1 -1
package/dist/orchestrator/auth-monitor.js +3 -1
package/dist/orchestrator/auth-monitor.js.map +1 -1
package/dist/orchestrator/execution-loop.d.ts +23 -0
package/dist/orchestrator/execution-loop.d.ts.map +1 -1
package/dist/orchestrator/execution-loop.js +60 -19
package/dist/orchestrator/execution-loop.js.map +1 -1
package/dist/orchestrator/failover-controller.d.ts +26 -2
package/dist/orchestrator/failover-controller.d.ts.map +1 -1
package/dist/orchestrator/failover-controller.js +143 -23
package/dist/orchestrator/failover-controller.js.map +1 -1
package/dist/orchestrator/orchestrator.d.ts +70 -7
package/dist/orchestrator/orchestrator.d.ts.map +1 -1
package/dist/orchestrator/orchestrator.js +416 -92
package/dist/orchestrator/orchestrator.js.map +1 -1
package/dist/orchestrator/retry-queue.d.ts.map +1 -1
package/dist/orchestrator/retry-queue.js +24 -9
package/dist/orchestrator/retry-queue.js.map +1 -1
package/dist/orchestrator/router.d.ts +16 -1
package/dist/orchestrator/router.d.ts.map +1 -1
package/dist/orchestrator/router.js +79 -20
package/dist/orchestrator/router.js.map +1 -1
package/dist/orchestrator/session-manager.d.ts +26 -1
package/dist/orchestrator/session-manager.d.ts.map +1 -1
package/dist/orchestrator/session-manager.js +88 -4
package/dist/orchestrator/session-manager.js.map +1 -1
package/dist/providers/circuit-breaker.d.ts +78 -0
package/dist/providers/circuit-breaker.d.ts.map +1 -0
package/dist/providers/circuit-breaker.js +129 -0
package/dist/providers/circuit-breaker.js.map +1 -0
package/dist/providers/claude-provider.d.ts +27 -11
package/dist/providers/claude-provider.d.ts.map +1 -1
package/dist/providers/claude-provider.js +161 -46
package/dist/providers/claude-provider.js.map +1 -1
package/dist/providers/gemini-provider.d.ts +9 -1
package/dist/providers/gemini-provider.d.ts.map +1 -1
package/dist/providers/gemini-provider.js +97 -48
package/dist/providers/gemini-provider.js.map +1 -1
package/dist/providers/index.d.ts +1 -0
package/dist/providers/index.d.ts.map +1 -1
package/dist/providers/index.js +1 -0
package/dist/providers/index.js.map +1 -1
package/dist/providers/ollama-provider.d.ts +7 -0
package/dist/providers/ollama-provider.d.ts.map +1 -1
package/dist/providers/ollama-provider.js +89 -18
package/dist/providers/ollama-provider.js.map +1 -1
package/dist/routines/heartbeat.d.ts +10 -2
package/dist/routines/heartbeat.d.ts.map +1 -1
package/dist/routines/heartbeat.js +42 -5
package/dist/routines/heartbeat.js.map +1 -1
package/dist/routines/routine-manager.d.ts.map +1 -1
package/dist/routines/routine-manager.js +22 -15
package/dist/routines/routine-manager.js.map +1 -1
package/dist/security/audit-logger.d.ts.map +1 -1
package/dist/security/audit-logger.js +5 -7
package/dist/security/audit-logger.js.map +1 -1
package/dist/security/policy-engine.d.ts +28 -17
package/dist/security/policy-engine.d.ts.map +1 -1
package/dist/security/policy-engine.js +42 -185
package/dist/security/policy-engine.js.map +1 -1
package/dist/security/policy-serializer.d.ts +19 -0
package/dist/security/policy-serializer.d.ts.map +1 -0
package/dist/security/policy-serializer.js +100 -0
package/dist/security/policy-serializer.js.map +1 -0
package/dist/security/shell-validator.d.ts +42 -0
package/dist/security/shell-validator.d.ts.map +1 -0
package/dist/security/shell-validator.js +231 -0
package/dist/security/shell-validator.js.map +1 -0
package/dist/skills/index.d.ts +1 -0
package/dist/skills/index.d.ts.map +1 -1
package/dist/skills/index.js +1 -0
package/dist/skills/index.js.map +1 -1
package/dist/skills/skill-loader.d.ts +38 -2
package/dist/skills/skill-loader.d.ts.map +1 -1
package/dist/skills/skill-loader.js +83 -2
package/dist/skills/skill-loader.js.map +1 -1
package/dist/skills/subagent-loader.d.ts +66 -0
package/dist/skills/subagent-loader.d.ts.map +1 -0
package/dist/skills/subagent-loader.js +143 -0
package/dist/skills/subagent-loader.js.map +1 -0
package/dist/steering/flag-manager.d.ts +20 -0
package/dist/steering/flag-manager.d.ts.map +1 -1
package/dist/steering/flag-manager.js +94 -11
package/dist/steering/flag-manager.js.map +1 -1
package/dist/steering/steering-manager.d.ts +11 -0
package/dist/steering/steering-manager.d.ts.map +1 -1
package/dist/steering/steering-manager.js +23 -0
package/dist/steering/steering-manager.js.map +1 -1
package/dist/steering/telegram-gateway.d.ts +4 -1
package/dist/steering/telegram-gateway.d.ts.map +1 -1
package/dist/steering/telegram-gateway.js +49 -10
package/dist/steering/telegram-gateway.js.map +1 -1
package/dist/teams/bridge-watchdog.d.ts.map +1 -1
package/dist/teams/bridge-watchdog.js +5 -3
package/dist/teams/bridge-watchdog.js.map +1 -1
package/dist/teams/gemini-bridge.d.ts.map +1 -1
package/dist/teams/gemini-bridge.js +9 -4
package/dist/teams/gemini-bridge.js.map +1 -1
package/dist/tools/index.d.ts +2 -0
package/dist/tools/index.d.ts.map +1 -1
package/dist/tools/index.js +2 -0
package/dist/tools/index.js.map +1 -1
package/dist/tools/memory-tools.d.ts +16 -0
package/dist/tools/memory-tools.d.ts.map +1 -0
package/dist/tools/memory-tools.js +207 -0
package/dist/tools/memory-tools.js.map +1 -0
package/dist/tools/notifications.d.ts.map +1 -1
package/dist/tools/notifications.js +3 -1
package/dist/tools/notifications.js.map +1 -1
package/dist/tools/tool-factory.d.ts +36 -0
package/dist/tools/tool-factory.d.ts.map +1 -0
package/dist/tools/tool-factory.js +55 -0
package/dist/tools/tool-factory.js.map +1 -0
package/dist/types.d.ts +205 -1
package/dist/types.d.ts.map +1 -1
package/dist/types.js +47 -1
package/dist/types.js.map +1 -1
package/dist/utils/errors.d.ts +21 -0
package/dist/utils/errors.d.ts.map +1 -0
package/dist/utils/errors.js +29 -0
package/dist/utils/errors.js.map +1 -0
package/dist/utils/event-filter.d.ts +25 -0
package/dist/utils/event-filter.d.ts.map +1 -0
package/dist/utils/event-filter.js +61 -0
package/dist/utils/event-filter.js.map +1 -0
package/dist/utils/logger.d.ts +33 -36
package/dist/utils/logger.d.ts.map +1 -1
package/dist/utils/logger.js +60 -130
package/dist/utils/logger.js.map +1 -1
package/dist/utils/validate-job-id.d.ts +6 -0
package/dist/utils/validate-job-id.d.ts.map +1 -0
package/dist/utils/validate-job-id.js +10 -0
package/dist/utils/validate-job-id.js.map +1 -0
package/package.json +12 -3

package/dist/orchestrator/orchestrator.js CHANGED Viewed

@@ -13,19 +13,29 @@ import crypto from 'node:crypto';
 import path from 'node:path';
 import os from 'node:os';
 import fs from 'node:fs';
+import { HookRunner } from '../hooks/hook-runner.js';
 import { Router } from './router.js';
 import { FailoverController } from './failover-controller.js';
 import { RetryQueue } from './retry-queue.js';
 import { AuthMonitor } from './auth-monitor.js';
-import { SessionManager } from './session-manager.js';
-import { ExecutionLoop } from './execution-loop.js';
+import { SessionManager, BufferedSessionWriter } from './session-manager.js';
+import { ExecutionLoop, defaultTransformContext } from './execution-loop.js';
 import { SteeringManager } from '../steering/steering-manager.js';
 import { MemoryManager } from '../memory/memory-manager.js';
+import { ExtractionPipeline } from '../memory/extraction-pipeline.js';
+import { createMemoryTools } from '../tools/memory-tools.js';
+import { ValidationPipeline } from '../memory/validation-pipeline.js';
+import { ContextCompressor } from '../memory/context-compressor.js';
+import { ObservationStore } from '../memory/observation-store.js';
 import { HeartbeatSystem } from '../routines/heartbeat.js';
 import { RoutineManager } from '../routines/routine-manager.js';
 import { NotificationTools } from '../tools/notifications.js';
 import { PolicyEngine } from '../security/policy-engine.js';
 import { IntentCapsuleManager } from '../security/intent-capsule.js';
+import { LeakDetector } from '../security/leak-detector.js';
+import { sanitizeInput } from '../security/prompt-defense.js';
+import { createLogger } from '../utils/logger.js';
+const log = createLogger('orchestrator');
 export class Orchestrator {
     _config;
     _policy;
@@ -43,12 +53,22 @@ export class Orchestrator {
     _notifications;
     // Security
     _intentCapsuleManager;
+    _leakDetector;
     // Background systems
     _heartbeatSystem = null;
     _routineManager = null;
+    // Memory tools
+    _validationPipeline;
+    // ORCH-12: Lifecycle hooks
+    _hookRunner = new HookRunner();
+    // ORCH-14: Context transform callback
+    _transformContext = defaultTransformContext;
+    // Context compression
+    _observationStore;
     // Background intervals
     _authCheckTimeout = null;
     _retryPollTimeout = null;
+    _consolidationTimeout = null;
     _booted = false;
     constructor(options) {
         this._config = options.config;
@@ -58,6 +78,20 @@ export class Orchestrator {
     }
     /**
      * Boots all subsystems and starts background loops.
+     *
+     * Initialization order:
+     *  1. PolicyEngine + IntentCapsuleManager (security layer).
+     *  2. SessionManager (event persistence).
+     *  3. SteeringManager (human-in-the-loop).
+     *  4. MemoryManager (context injection).
+     *  5. Router (provider selection).
+     *  6. FailoverController (error recovery).
+     *  7. RetryQueue (deferred retry).
+     *  8. AuthMonitor (periodic auth checks every 5 min).
+     *  9. HeartbeatSystem + RoutineManager (scheduled tasks).
+     *
+     * Background loops use self-rescheduling setTimeout (not setInterval)
+     * to avoid overlapping async executions.
      */
     async boot() {
         if (this._booted)
@@ -69,11 +103,17 @@ export class Orchestrator {
         // ASI01: Create IntentCapsuleManager with per-session signing key
         this._intentCapsuleManager = new IntentCapsuleManager(crypto.randomBytes(32).toString('hex'));
         this._policyEngine.setIntentCapsuleManager(this._intentCapsuleManager);
+        // SEC-03: Wire LeakDetector for scanning tool outputs
+        this._leakDetector = new LeakDetector();
         this._sessionManager = new SessionManager(this._baseDir);
         this._steeringManager = new SteeringManager(this._baseDir);
         await this._steeringManager.init();
         this._memoryManager = new MemoryManager(this._config.memory, this._baseDir);
         await this._memoryManager.init();
+        this._validationPipeline = new ValidationPipeline();
+        // Initialize observation store for context compression
+        this._observationStore = new ObservationStore(path.join(this._baseDir, 'memory', 'observations'));
+        await this._observationStore.init();
         // R2: Wire Router
         this._router = new Router({
             providers: this._providers,
@@ -99,7 +139,7 @@ export class Orchestrator {
                     await this._authMonitor.checkAll();
                 }
                 catch (err) {
-                    console.error('[Orchestrator] AuthMonitor check failed:', err);
+                    log.error({ err }, 'AuthMonitor check failed');
                 }
                 scheduleAuthCheck();
             }, 5 * 60 * 1000);
@@ -116,13 +156,13 @@ export class Orchestrator {
                             await this._retryQueue.remove(task.jobId);
                         }
                         catch (err) {
-                            console.error(`[Orchestrator] Retry failed for ${task.jobId}:`, err);
+                            log.error({ jobId: task.jobId, err }, 'Retry failed');
                             // Leave task in queue for next poll cycle
                         }
                     }
                 }
                 catch (err) {
-                    console.error('[Orchestrator] RetryQueue poll failed:', err);
+                    log.error({ err }, 'RetryQueue poll failed');
                 }
                 scheduleRetryPoll();
             }, 30 * 1000);
@@ -148,6 +188,31 @@ export class Orchestrator {
             maxCostTier: opts.maxCostTier,
         }), this._baseDir);
         await this._routineManager.init();
+        // Schedule daily note consolidation (check once per day)
+        const scheduleConsolidation = () => {
+            this._consolidationTimeout = setTimeout(async () => {
+                try {
+                    const count = await this._memoryManager.consolidateDailyNotes(7);
+                    if (count > 0) {
+                        log.info({ consolidated: count }, 'Daily notes consolidated');
+                    }
+                }
+                catch (err) {
+                    log.warn({ err }, 'Daily note consolidation failed');
+                }
+                scheduleConsolidation();
+            }, 24 * 60 * 60 * 1000); // 24 hours
+        };
+        // Run first check shortly after boot (30 seconds), then daily
+        this._consolidationTimeout = setTimeout(async () => {
+            try {
+                await this._memoryManager.consolidateDailyNotes(7);
+            }
+            catch (err) {
+                log.warn({ err }, 'Initial daily note consolidation failed');
+            }
+            scheduleConsolidation();
+        }, 30 * 1000);
         this._booted = true;
     }
     /**
@@ -165,6 +230,10 @@ export class Orchestrator {
             clearTimeout(this._retryPollTimeout);
             this._retryPollTimeout = null;
         }
+        if (this._consolidationTimeout) {
+            clearTimeout(this._consolidationTimeout);
+            this._consolidationTimeout = null;
+        }
         // Stop heartbeat and routines
         if (this._heartbeatSystem) {
             this._heartbeatSystem.stop();
@@ -177,16 +246,34 @@ export class Orchestrator {
         this._booted = false;
     }
     /**
-     * Submits a task through the full orchestration pipeline:
-     * 1. Load memory context (R6)
-     * 2. Classify and route to provider (R2)
-     * 3. Execute with event persistence (R8) and steering (R7)
-     * 4. Handle failures with failover (R3) and retry (R5)
+     * Submits a task through the full orchestration pipeline.
+     *
+     * Pipeline stages:
+     *  1. Load memory context from MemoryManager (daily notes, long-term items).
+     *  2. Load SOUL.md identity file and build the system prompt with policy awareness hints.
+     *  3. Create a signed intent capsule for goal drift detection (ASI01).
+     *  4. Classify the task by complexity and resource type for routing.
+     *  5. Route to the best available provider via the Router.
+     *  6. Execute via _executeWithProvider, which handles event persistence,
+     *     steering injection, failover, and retry queueing.
+     *
+     * @returns The final text result from the provider's 'done' event.
+     * @throws If no provider is available or all failover attempts fail.
      */
     async submitTask(options) {
         const jobId = options.jobId ?? `job_${Date.now()}_${Math.random().toString(36).slice(2, 9)}`;
-        // R6: Inject MemoryManager context systematically
-        const memoryContext = await this._memoryManager.loadContext();
+        // Reset per-task state: ValidationPipeline rate limit is per-session, not per-orchestrator-lifetime.
+        // Without this, after MAX_SAVES_PER_SESSION saves across all tasks, memory_save permanently blocks.
+        this._validationPipeline.resetSession();
+        // MEM-05 / ORCH-07: Progressive memory context — lightweight index, not full dump.
+        // The LLM uses memory_search / recall_context tools for on-demand retrieval.
+        let memoryContext = [];
+        try {
+            memoryContext = await this._memoryManager.loadContext();
+        }
+        catch (err) {
+            log.warn({ err, jobId }, 'Memory context injection failed, continuing without memory');
+        }
         // Load SOUL.md for agent identity (fixes bug: file was created but never read)
         const soulPath = this._config.agent.identity.soul_file.replace(/^~/, os.homedir());
         let soulContent = '';
@@ -198,25 +285,57 @@ export class Orchestrator {
         catch {
             // SOUL.md missing or unreadable — use default identity
         }
+        // Create per-task context compressor if compression is enabled
+        let compressor = null;
+        if (this._config.memory?.compression?.enabled) {
+            const compressFn = async (prompt) => {
+                const compressLoop = new ExecutionLoop({
+                    systemPrompt: 'You are a conversation observer. Compress messages into concise, dated observations. Respond with ONLY the observations.',
+                    permissionMode: 'default',
+                    cwd: process.cwd(),
+                    maxTurns: 1,
+                    model: this._config.memory.compression.model,
+                });
+                return compressLoop.run(prompt);
+            };
+            compressor = new ContextCompressor(this._config.memory.compression, this._observationStore, compressFn, jobId);
+            await compressor.loadExisting();
+        }
+        // Build cross-session context from observations
+        const crossSessionContext = compressor
+            ? compressor.buildContext().crossSessionContext
+            : '';
         // Build system prompt with policy awareness
-        const systemPrompt = [
+        const systemPromptParts = [
             soulContent || 'You are Zora, a helpful autonomous agent.',
             '[SECURITY] You operate under a permission policy. Before planning any task,',
             'use the check_permissions tool to verify you have access to the paths and',
             'commands you need. If access is denied, tell the user what you need and why.',
             'Do NOT attempt actions without checking first.',
             ...memoryContext,
-        ].join('\n\n');
+        ];
+        // Append cross-session observations if available
+        if (crossSessionContext) {
+            systemPromptParts.push(`[PRIOR SESSION CONTEXT]:\n${crossSessionContext}`);
+        }
+        const systemPrompt = systemPromptParts.join('\n\n');
+        // SEC-03: Scan user prompt for injection patterns (warn but don't block by default)
+        const sanitizedPrompt = sanitizeInput(options.prompt);
+        if (sanitizedPrompt !== options.prompt) {
+            log.warn({ jobId }, 'Prompt injection pattern detected in user input — sanitized');
+        }
         // ASI01: Create signed intent capsule for goal drift detection
         if (this._intentCapsuleManager) {
-            this._intentCapsuleManager.createCapsule(options.prompt);
+            this._intentCapsuleManager.createCapsule(sanitizedPrompt);
         }
         // Classify task for routing
-        const classification = this._router.classifyTask(options.prompt);
+        const classification = this._router.classifyTask(sanitizedPrompt);
+        // Build custom tools (permissions + memory tools + recall_context)
+        const customTools = this._createCustomTools();
         // Build task context
         const taskContext = {
             jobId,
-            task: options.prompt,
+            task: sanitizedPrompt,
             requiredCapabilities: [],
             complexity: classification.complexity,
             resourceType: classification.resourceType,
@@ -226,117 +345,286 @@ export class Orchestrator {
             modelPreference: options.model,
             maxCostTier: options.maxCostTier,
             maxTurns: options.maxTurns,
+            customTools,
             canUseTool: this._policyEngine.createCanUseTool(),
         };
+        // ORCH-12: Run onTaskStart hooks (can modify context before routing)
+        const hookedContext = await this._hookRunner.runOnTaskStart(taskContext);
         // R2: Route to provider
         let selectedProvider;
         try {
-            selectedProvider = await this._router.selectProvider(taskContext);
+            selectedProvider = await this._router.selectProvider(hookedContext);
         }
         catch (err) {
             throw new Error(`No provider available: ${err instanceof Error ? err.message : String(err)}`);
         }
-        // Execute with the selected provider
-        return this._executeWithProvider(selectedProvider, taskContext, options.onEvent);
+        // Execute with the selected provider (injectionDepth=0 for initial call)
+        return this._executeWithProvider(selectedProvider, hookedContext, options.onEvent, 0, 0, compressor);
     }
-    /** Symbol used to mark errors that have already been through the failover path */
-    static _FAILOVER_SENTINEL = Symbol.for('zora.failoverSentinel');
+    /** Tracks errors that have already been through the failover path */
+    static _failoverErrors = new WeakSet();
     /** Maximum depth of failover recursion to prevent unbounded re-execution */
     static MAX_FAILOVER_DEPTH = 3;
+    /** ORCH-16: Maximum depth of onTaskEnd follow-up injection loops */
+    static MAX_INJECTION_LOOPS = 3;
     /**
      * Executes a task with a specific provider, handling failover and event persistence.
+     *
+     * During execution, this method:
+     * - Persists every event to the SessionManager for crash recovery.
+     * - Polls SteeringManager after text/tool_result events, injecting any pending
+     *   human steering messages into the event stream.
+     * - On error events: attempts failover via FailoverController. If failover
+     *   succeeds, recurses with the new provider (incrementing failoverDepth).
+     *   If failover fails, enqueues the task in the RetryQueue.
+     * - failoverDepth is capped at MAX_FAILOVER_DEPTH (3) to prevent unbounded recursion.
+     * - The _failoverErrors WeakSet prevents double-failover: errors already processed
+     *   by the failover path are not re-triggered in the outer catch block.
      */
-    async _executeWithProvider(provider, taskContext, onEvent, failoverDepth = 0) {
+    async _executeWithProvider(provider, taskContext, onEvent, failoverDepth = 0, injectionDepth = 0, compressor) {
         let result = '';
+        let eventsSinceLastTick = 0;
+        const TICK_INTERVAL = 10; // Check compression thresholds every N events
+        // Event batching: buffer session writes, flush every 500ms or on done/error.
+        // Wrapped in try/finally to ensure close() runs on ALL exit paths including failover.
+        const bufferedWriter = new BufferedSessionWriter(this._sessionManager, taskContext.jobId, 500);
         try {
-            // Execute via the provider's async generator
-            for await (const event of provider.execute(taskContext)) {
-                // R8: Persist events to SessionManager
-                await this._sessionManager.appendEvent(taskContext.jobId, event);
-                // R7: Poll SteeringManager during execution
-                if (event.type === 'text' || event.type === 'tool_result') {
-                    const pendingMessages = await this._steeringManager.getPendingMessages(taskContext.jobId);
-                    for (const msg of pendingMessages) {
-                        // Inject steering as an event
-                        const steerEvent = {
-                            type: 'steering',
-                            timestamp: new Date(),
-                            content: { text: msg.message, source: msg.source, author: msg.author },
-                        };
-                        await this._sessionManager.appendEvent(taskContext.jobId, steerEvent);
-                        taskContext.history.push(steerEvent);
-                        if (onEvent)
-                            onEvent(steerEvent);
-                        // Archive the processed message
-                        await this._steeringManager.archiveMessage(taskContext.jobId, msg.id);
+            try {
+                // Execute via the provider's async generator
+                for await (const event of provider.execute(taskContext)) {
+                    // R8: Persist events via buffered writer (batched disk I/O)
+                    bufferedWriter.append(event);
+                    // Feed events to context compressor for rolling compression
+                    if (compressor) {
+                        compressor.ingest(event);
+                        eventsSinceLastTick++;
+                        if (eventsSinceLastTick >= TICK_INTERVAL) {
+                            eventsSinceLastTick = 0;
+                            // tick() is async but we don't await — compression runs in background
+                            compressor.tick().catch(err => {
+                                log.warn({ err, jobId: taskContext.jobId }, 'Context compressor tick failed');
+                            });
+                        }
                     }
-                }
-                // Notify caller
-                if (onEvent)
-                    onEvent(event);
-                // Track history for failover handoff
-                taskContext.history.push(event);
-                // Capture result text
-                if (event.type === 'done') {
-                    result = event.content.text ?? '';
-                }
-                // Handle errors — trigger failover (R3)
-                if (event.type === 'error') {
-                    const errorContent = event.content;
-                    const error = new Error(errorContent.message ?? 'Unknown provider error');
-                    // Guard: skip failover if depth exceeded
-                    if (failoverDepth >= Orchestrator.MAX_FAILOVER_DEPTH) {
+                    // SEC-03: Scan tool outputs for leaked secrets (warn, don't strip)
+                    if (event.type === 'tool_result') {
+                        const toolResultContent = event.content;
+                        const resultText = typeof toolResultContent.result === 'string'
+                            ? toolResultContent.result
+                            : JSON.stringify(toolResultContent.result ?? '');
+                        const leaks = this._leakDetector.scan(resultText);
+                        if (leaks.length > 0) {
+                            log.warn({ jobId: taskContext.jobId, toolCallId: toolResultContent.toolCallId, leaks: leaks.map(l => ({ pattern: l.pattern, severity: l.severity })) }, 'Potential secret leak detected in tool output');
+                        }
+                    }
+                    // SEC-03: Scan tool call arguments for leaked secrets
+                    if (event.type === 'tool_call') {
+                        const toolCallContent = event.content;
+                        const argsText = JSON.stringify(toolCallContent.arguments ?? {});
+                        const leaks = this._leakDetector.scan(argsText);
+                        if (leaks.length > 0) {
+                            log.warn({ jobId: taskContext.jobId, tool: toolCallContent.tool, leaks: leaks.map(l => ({ pattern: l.pattern, severity: l.severity })) }, 'Potential secret leak detected in tool call arguments');
+                        }
+                    }
+                    // R7: Poll SteeringManager with debouncing (max once per 2 seconds)
+                    if (event.type === 'text' || event.type === 'tool_result') {
+                        const pendingMessages = await this._steeringManager.cachedGetPendingMessages(taskContext.jobId, 2000);
+                        for (const msg of pendingMessages) {
+                            // Inject steering as an event
+                            const steerEvent = {
+                                type: 'steering',
+                                timestamp: new Date(),
+                                content: { text: msg.type === 'steer' ? msg.message : `[${msg.type}]`, source: msg.source, author: msg.author },
+                            };
+                            bufferedWriter.append(steerEvent);
+                            taskContext.history.push(steerEvent);
+                            if (onEvent)
+                                onEvent(steerEvent);
+                            // Archive the processed message and invalidate cache
+                            await this._steeringManager.archiveMessage(taskContext.jobId, msg.id);
+                            this._steeringManager.invalidatePendingCache(taskContext.jobId);
+                        }
+                    }
+                    // Notify caller
+                    if (onEvent)
+                        onEvent(event);
+                    // Track history for failover handoff
+                    taskContext.history.push(event);
+                    // Capture result text
+                    if (event.type === 'done') {
+                        result = event.content.text ?? '';
+                    }
+                    // Handle errors — trigger failover (R3)
+                    if (event.type === 'error') {
+                        const errorContent = event.content;
+                        const error = new Error(errorContent.message ?? 'Unknown provider error');
+                        // Guard: skip failover if depth exceeded
+                        if (failoverDepth >= Orchestrator.MAX_FAILOVER_DEPTH) {
+                            throw error;
+                        }
+                        // R3: Connect FailoverController to error path
+                        const failoverResult = await this._failoverController.handleFailure(taskContext, provider, error);
+                        if (failoverResult) {
+                            // Re-execute with the failover provider (increment depth)
+                            return this._executeWithProvider(failoverResult.nextProvider, taskContext, onEvent, failoverDepth + 1, injectionDepth, compressor);
+                        }
+                        // R5: Enqueue for retry if no failover available
+                        try {
+                            await this._retryQueue.enqueue(taskContext, error.message, this._config.failover.max_retries);
+                        }
+                        catch {
+                            // Max retries exceeded or enqueue failed
+                        }
+                        // Mark so the outer catch doesn't re-trigger failover
+                        Orchestrator._failoverErrors.add(error);
                         throw error;
                     }
-                    // R3: Connect FailoverController to error path
-                    const failoverResult = await this._failoverController.handleFailure(taskContext, provider, error);
+                }
+            }
+            catch (err) {
+                // Skip failover for errors already marked by the failover path
+                const isFailoverError = err instanceof Error && Orchestrator._failoverErrors.has(err);
+                if (!isFailoverError && err instanceof Error && failoverDepth < Orchestrator.MAX_FAILOVER_DEPTH) {
+                    // R3: Try failover on execution exceptions
+                    const failoverResult = await this._failoverController.handleFailure(taskContext, provider, err);
                     if (failoverResult) {
-                        // Re-execute with the failover provider (increment depth)
-                        return this._executeWithProvider(failoverResult.nextProvider, taskContext, onEvent, failoverDepth + 1);
+                        // Mark the error so downstream doesn't re-trigger failover
+                        Orchestrator._failoverErrors.add(err);
+                        return this._executeWithProvider(failoverResult.nextProvider, taskContext, onEvent, failoverDepth + 1, injectionDepth, compressor);
                     }
-                    // R5: Enqueue for retry if no failover available
+                    // R5: Enqueue for retry
                     try {
-                        await this._retryQueue.enqueue(taskContext, error.message, this._config.failover.max_retries);
+                        await this._retryQueue.enqueue(taskContext, err.message, this._config.failover.max_retries);
                     }
                     catch {
-                        // Max retries exceeded or enqueue failed
+                        // Max retries exceeded
                     }
-                    // Mark so the outer catch doesn't re-trigger failover
-                    error[Orchestrator._FAILOVER_SENTINEL] = true;
-                    throw error;
                 }
+                throw err;
             }
         }
-        catch (err) {
-            // Skip failover for errors already marked by the failover path
-            const isFailoverError = err instanceof Error && err[Orchestrator._FAILOVER_SENTINEL];
-            if (!isFailoverError && err instanceof Error && failoverDepth < Orchestrator.MAX_FAILOVER_DEPTH) {
-                // R3: Try failover on execution exceptions
-                const failoverResult = await this._failoverController.handleFailure(taskContext, provider, err);
-                if (failoverResult) {
-                    // Mark the error so downstream doesn't re-trigger failover
-                    err[Orchestrator._FAILOVER_SENTINEL] = true;
-                    return this._executeWithProvider(failoverResult.nextProvider, taskContext, onEvent, failoverDepth + 1);
-                }
-                // R5: Enqueue for retry
-                try {
-                    await this._retryQueue.enqueue(taskContext, err.message, this._config.failover.max_retries);
-                }
-                catch {
-                    // Max retries exceeded
-                }
+        finally {
+            // Always close the buffered writer — flushes remaining events and stops the timer.
+            // This runs on all exit paths: success, throw, and failover returns.
+            await bufferedWriter.close();
+            // Flush context compressor — persist any remaining observations
+            if (compressor) {
+                await compressor.flush().catch(err => {
+                    log.warn({ err, jobId: taskContext.jobId }, 'Context compressor flush failed');
+                });
             }
-            throw err;
         }
         // Record completion in daily notes
         await this._memoryManager.appendDailyNote(`Completed task: ${taskContext.task}`);
+        // MEM-09: Async memory extraction after successful job completion
+        if (this._config.memory.auto_extract) {
+            this._runExtractionAsync(taskContext).catch(err => {
+                log.warn({ err, jobId: taskContext.jobId }, 'Post-job memory extraction failed');
+            });
+        }
+        // ORCH-12: Run onTaskEnd hooks (can inspect result, optionally trigger follow-up)
+        // ORCH-16: Guard against infinite follow-up injection loops
+        const endResult = await this._hookRunner.runOnTaskEnd(taskContext, result);
+        if (endResult.followUp) {
+            if (injectionDepth >= Orchestrator.MAX_INJECTION_LOOPS) {
+                log.warn({ jobId: taskContext.jobId, depth: injectionDepth, maxDepth: Orchestrator.MAX_INJECTION_LOOPS }, 'onTaskEnd follow-up injection loop capped — skipping follow-up');
+            }
+            else {
+                log.info({ jobId: taskContext.jobId, depth: injectionDepth + 1 }, 'onTaskEnd hook triggered follow-up task');
+                // Route through _executeWithProvider directly to preserve injectionDepth tracking.
+                // Re-route through the full submitTask pipeline except use incremented injectionDepth.
+                const followUpJobId = `${taskContext.jobId}_followup_${injectionDepth + 1}`;
+                // ORCH-14: Apply transformContext to prune history before follow-up
+                const transformedHistory = this._transformContext(taskContext.history, injectionDepth + 1);
+                const followUpCtx = {
+                    ...taskContext,
+                    jobId: followUpJobId,
+                    task: endResult.followUp,
+                    history: transformedHistory,
+                };
+                const hookedFollowUp = await this._hookRunner.runOnTaskStart(followUpCtx);
+                const followUpProvider = await this._router.selectProvider(hookedFollowUp);
+                return this._executeWithProvider(followUpProvider, hookedFollowUp, onEvent, 0, injectionDepth + 1);
+            }
+        }
         return result;
     }
+    /**
+     * MEM-09: Runs memory extraction asynchronously after job completion.
+     *
+     * Collects text events from the job history, passes them through
+     * ExtractionPipeline, deduplicates against existing items, and
+     * persists new items via StructuredMemory. Appends a daily note
+     * summarizing what was extracted.
+     *
+     * Runs fire-and-forget — errors are caught by the caller.
+     */
+    async _runExtractionAsync(taskContext) {
+        // Collect conversation text from job history
+        const messages = taskContext.history
+            .filter(e => e.type === 'text' || e.type === 'done')
+            .map(e => {
+            const content = e.content;
+            return content.text;
+        })
+            .filter(Boolean);
+        if (messages.length === 0) {
+            return; // Nothing to extract from
+        }
+        // Get existing categories for context
+        const categories = await this._memoryManager.getCategories();
+        const categoryNames = categories.map(c => c.category);
+        // Create extraction pipeline using the first available provider as the LLM
+        const extractFn = async (prompt) => {
+            const extractLoop = new ExecutionLoop({
+                systemPrompt: 'You extract structured memory items from conversations. Respond with ONLY a JSON array.',
+                permissionMode: 'default',
+                cwd: process.cwd(),
+                maxTurns: 1,
+            });
+            return extractLoop.run(prompt);
+        };
+        const pipeline = new ExtractionPipeline(extractFn);
+        const result = await pipeline.extract(messages, categoryNames);
+        if (result.errors.length > 0) {
+            log.debug({ errors: result.errors, jobId: taskContext.jobId }, 'Extraction had errors');
+        }
+        if (result.items.length === 0) {
+            return;
+        }
+        // Deduplicate against existing items
+        const existingItems = await this._memoryManager.structuredMemory.listItems();
+        const uniqueItems = pipeline.deduplicateItems(result.items, existingItems);
+        // Persist each new item
+        let savedCount = 0;
+        for (const item of uniqueItems) {
+            try {
+                await this._memoryManager.structuredMemory.createItem({
+                    type: item.type,
+                    summary: item.summary,
+                    source: item.source || taskContext.jobId,
+                    source_type: item.source_type,
+                    tags: item.tags,
+                    category: item.category,
+                });
+                savedCount++;
+            }
+            catch (err) {
+                log.debug({ err, item: item.summary }, 'Failed to save extracted memory item');
+            }
+        }
+        // Append daily note summarizing extraction
+        if (savedCount > 0) {
+            await this._memoryManager.appendDailyNote(`Extracted ${savedCount} memory item(s) from job ${taskContext.jobId}`);
+        }
+        log.info({ jobId: taskContext.jobId, extracted: result.items.length, saved: savedCount }, 'Memory extraction complete');
+    }
     /**
      * Creates custom tools available to the agent during execution.
+     * Includes: permission tools, memory tools (search/save/forget), recall_context.
      */
     _createCustomTools() {
-        return [
+        const permissionTools = [
             {
                 name: 'check_permissions',
                 description: 'Check if you have access to specific paths or commands before executing. Use this during planning to verify your boundaries.',
@@ -383,9 +671,6 @@ export class Orchestrator {
                             }
                         }
                     }
-                    // The actual approval flow happens outside (CLI prompt, dashboard, etc.)
-                    // For now, return the request details so the caller can present them to the user.
-                    // In the CLI, this will be intercepted by the onEvent callback.
                     return {
                         granted: false,
                         pending: true,
@@ -395,6 +680,33 @@ export class Orchestrator {
                 },
             },
         ];
+        // Wire existing memory tools (memory_search, memory_save, memory_forget)
+        const memoryTools = createMemoryTools(this._memoryManager, this._validationPipeline);
+        // Add recall_context tool for daily notes retrieval
+        const recallContextTool = {
+            name: 'recall_context',
+            description: 'Retrieve recent daily notes (rolling conversation summaries). ' +
+                'Use this to get context from the past few days of agent activity.',
+            input_schema: {
+                type: 'object',
+                properties: {
+                    days: {
+                        type: 'number',
+                        description: 'Number of recent days to retrieve (default: 3, max: 14).',
+                        default: 3,
+                    },
+                },
+            },
+            handler: async (input) => {
+                const days = Math.min(Math.max(input.days ?? 3, 1), 14);
+                const notes = await this._memoryManager.recallDailyNotes(days);
+                if (notes.length === 0) {
+                    return { notes: [], message: 'No daily notes found for the requested period.' };
+                }
+                return { notes, count: notes.length, days };
+            },
+        };
+        return [...permissionTools, ...memoryTools, recallContextTool];
     }
     /**
      * Parse interval strings like "30m", "1h" to minutes.
@@ -447,6 +759,18 @@ export class Orchestrator {
         this._assertBooted();
         return this._policyEngine;
     }
+    /** ORCH-12: Access the hook runner for registering lifecycle hooks */
+    get hookRunner() {
+        return this._hookRunner;
+    }
+    /** ORCH-14: Set a custom context transform function */
+    set transformContext(fn) {
+        this._transformContext = fn;
+    }
+    /** ORCH-14: Get the current context transform function */
+    get transformContext() {
+        return this._transformContext;
+    }
     get config() {
         return this._config;
     }