zubo 0.1.21 → 0.1.23

package/src/channels/webchat.ts

@@ -18,22 +18,22 @@ function escapeHtml(s: string): string {
 }
 
 /** Convert raw error messages to user-friendly messages. Prevents leaking internal details. */
-function friendlyError(err: any): string {
-  const msg = err?.message ?? String(err);
-  if (msg.includes("401") || msg.includes("Unauthorized") || msg.includes("invalid"))
-    return "Authentication failed. Check your API key in Settings > API Keys.";
-  if (msg.includes("429") || msg.includes("rate limit"))
-    return "Too many messages too quickly. Wait a moment and try again.";
-  if (msg.includes("404") || msg.includes("not found"))
-    return "The AI model wasn't found. Check your model name in Settings > AI Model.";
-  if (msg.includes("ECONNREFUSED") || msg.includes("fetch failed") || msg.includes("Connection refused"))
-    return "Can't reach the AI service. Check your internet connection or try again.";
-  if (msg.includes("timed out") || msg.includes("timeout"))
-    return "The request took too long. The AI service may be busy — try again in a moment.";
-  if (msg.includes("context") || msg.includes("too long"))
-    return "Your message is too long. Try splitting it into shorter questions.";
-  return "Something went wrong. Try again, or check Settings if this keeps happening.";
-}
+function friendlyError(err: any): string {
+  const msg = err?.message ?? String(err);
+  if (msg.includes("401") || msg.includes("Unauthorized") || msg.includes("invalid"))
+    return "Authentication failed. Check your API key in Settings > API Keys.";
+  if (msg.includes("429") || msg.includes("rate limit"))
+    return "Too many messages too quickly. Wait a moment and try again.";
+  if (msg.includes("404") || msg.includes("not found"))
+    return "The AI model wasn't found. Check your model name in Settings > AI Model.";
+  if (msg.includes("ECONNREFUSED") || msg.includes("fetch failed") || msg.includes("Connection refused"))
+    return "Can't reach the AI service. Check your internet connection or try again.";
+  if (msg.includes("timed out") || msg.includes("timeout"))
+    return "The request took too long. The AI service may be busy — try again in a moment.";
+  if (msg.includes("context") || msg.includes("too long"))
+    return "Your message is too long. Try splitting it into shorter questions.";
+  return "Something went wrong. Try again, or check Settings if this keeps happening.";
+}
 
 /** Add security headers to all HTTP responses */
 function addSecurityHeaders(res: Response): Response {
@@ -331,6 +331,260 @@ async function handleDashboardApi(url: URL, req: Request): Promise<Response | nu
     return Response.json({ skills: getSkillsData() });
   }
 
+  // ── TODOS ──
+
+  // GET /api/dashboard/todos?filter=pending|done|all
+  if (path === "/todos" && req.method === "GET") {
+    const db = getDb();
+    const filter = url.searchParams.get("filter") || "pending";
+    let query = "SELECT * FROM todos";
+    if (filter === "pending") query += " WHERE status != 'done'";
+    else if (filter === "done") query += " WHERE status = 'done'";
+    query += " ORDER BY CASE priority WHEN 'urgent' THEN 0 WHEN 'high' THEN 1 WHEN 'medium' THEN 2 WHEN 'low' THEN 3 END, due_date ASC NULLS LAST";
+    return Response.json({ todos: db.query(query).all() });
+  }
+
+  // POST /api/dashboard/todos
+  if (path === "/todos" && req.method === "POST") {
+    return (async () => {
+      const body = (await req.json()) as any;
+      if (!body.title) return Response.json({ error: "title required" }, { status: 400 });
+      const db = getDb();
+      const tags = body.tags ? JSON.stringify(body.tags.split(",").map((t: string) => t.trim()).filter(Boolean)) : "[]";
+      const result = db.prepare(
+        "INSERT INTO todos (title, description, priority, due_date, tags) VALUES (?, ?, ?, ?, ?)"
+      ).run(body.title, body.description || null, body.priority || "medium", body.due_date || null, tags);
+      return Response.json({ ok: true, id: result.lastInsertRowid });
+    })() as any;
+  }
+
+  // PUT /api/dashboard/todos/:id
+  if (path.match(/^\/todos\/\d+$/) && req.method === "PUT") {
+    return (async () => {
+      const id = path.split("/").pop()!;
+      const body = (await req.json()) as any;
+      const db = getDb();
+      const sets: string[] = [];
+      const vals: any[] = [];
+      if (body.title !== undefined) { sets.push("title = ?"); vals.push(body.title); }
+      if (body.description !== undefined) { sets.push("description = ?"); vals.push(body.description || null); }
+      if (body.priority !== undefined) { sets.push("priority = ?"); vals.push(body.priority); }
+      if (body.due_date !== undefined) { sets.push("due_date = ?"); vals.push(body.due_date || null); }
+      if (body.status !== undefined) {
+        sets.push("status = ?"); vals.push(body.status);
+        if (body.status === "done") { sets.push("completed_at = datetime('now')"); }
+      }
+      if (body.tags !== undefined) {
+        sets.push("tags = ?");
+        vals.push(JSON.stringify(body.tags.split(",").map((t: string) => t.trim()).filter(Boolean)));
+      }
+      if (sets.length === 0) return Response.json({ error: "nothing to update" }, { status: 400 });
+      vals.push(id);
+      db.prepare("UPDATE todos SET " + sets.join(", ") + " WHERE id = ?").run(...vals);
+      return Response.json({ ok: true });
+    })() as any;
+  }
+
+  // DELETE /api/dashboard/todos/:id
+  if (path.match(/^\/todos\/\d+$/) && req.method === "DELETE") {
+    const id = path.split("/").pop()!;
+    const db = getDb();
+    db.prepare("DELETE FROM todos WHERE id = ?").run(id);
+    return Response.json({ ok: true });
+  }
+
+  // ── NOTES ──
+
+  // GET /api/dashboard/notes?q=search
+  if (path === "/notes" && req.method === "GET") {
+    const db = getDb();
+    const q = url.searchParams.get("q");
+    let rows;
+    if (q) {
+      try {
+        // Sanitize FTS5 special characters to prevent query syntax errors
+        const sanitized = q.replace(/["*(){}[\]:^~!@#$%&]/g, " ").trim();
+        if (sanitized) {
+          rows = db.prepare("SELECT n.* FROM notes n JOIN notes_fts f ON n.id = f.rowid WHERE notes_fts MATCH ? ORDER BY n.pinned DESC, rank").all(sanitized);
+        } else {
+          rows = db.query("SELECT * FROM notes ORDER BY pinned DESC, updated_at DESC").all();
+        }
+      } catch {
+        // Fall back to LIKE query if FTS fails
+        rows = db.prepare("SELECT * FROM notes WHERE title LIKE ? OR content LIKE ? ORDER BY pinned DESC, updated_at DESC").all(`%${q}%`, `%${q}%`);
+      }
+    } else {
+      rows = db.query("SELECT * FROM notes ORDER BY pinned DESC, updated_at DESC").all();
+    }
+    return Response.json({ notes: rows });
+  }
+
+  // POST /api/dashboard/notes
+  if (path === "/notes" && req.method === "POST") {
+    return (async () => {
+      const body = (await req.json()) as any;
+      if (!body.title || !body.content) return Response.json({ error: "title and content required" }, { status: 400 });
+      const db = getDb();
+      const tags = body.tags ? JSON.stringify(body.tags.split(",").map((t: string) => t.trim()).filter(Boolean)) : "[]";
+      const result = db.prepare("INSERT INTO notes (title, content, tags) VALUES (?, ?, ?)").run(body.title, body.content, tags);
+      return Response.json({ ok: true, id: result.lastInsertRowid });
+    })() as any;
+  }
+
+  // PUT /api/dashboard/notes/:id
+  if (path.match(/^\/notes\/\d+$/) && req.method === "PUT") {
+    return (async () => {
+      const id = path.split("/").pop()!;
+      const body = (await req.json()) as any;
+      const db = getDb();
+      const sets: string[] = [];
+      const vals: any[] = [];
+      if (body.title !== undefined) { sets.push("title = ?"); vals.push(body.title); }
+      if (body.content !== undefined) { sets.push("content = ?"); vals.push(body.content); }
+      if (body.pinned !== undefined) { sets.push("pinned = ?"); vals.push(body.pinned ? 1 : 0); }
+      if (body.tags !== undefined) {
+        sets.push("tags = ?");
+        vals.push(JSON.stringify(body.tags.split(",").map((t: string) => t.trim()).filter(Boolean)));
+      }
+      sets.push("updated_at = datetime('now')");
+      if (sets.length <= 1) return Response.json({ error: "nothing to update" }, { status: 400 });
+      vals.push(id);
+      db.prepare("UPDATE notes SET " + sets.join(", ") + " WHERE id = ?").run(...vals);
+      return Response.json({ ok: true });
+    })() as any;
+  }
+
+  // DELETE /api/dashboard/notes/:id
+  if (path.match(/^\/notes\/\d+$/) && req.method === "DELETE") {
+    const id = path.split("/").pop()!;
+    const db = getDb();
+    db.prepare("DELETE FROM notes WHERE id = ?").run(id);
+    return Response.json({ ok: true });
+  }
+
+  // ── PREFERENCES ──
+
+  // GET /api/dashboard/preferences
+  if (path === "/preferences" && req.method === "GET") {
+    const db = getDb();
+    const rows = db.query("SELECT * FROM user_preferences ORDER BY category, key").all();
+    return Response.json({ preferences: rows });
+  }
+
+  // POST /api/dashboard/preferences
+  if (path === "/preferences" && req.method === "POST") {
+    return (async () => {
+      const body = (await req.json()) as any;
+      if (!body.key || !body.value) return Response.json({ error: "key and value required" }, { status: 400 });
+      const db = getDb();
+      db.prepare(
+        "INSERT INTO user_preferences (category, key, value, source) VALUES (?, ?, ?, 'explicit') ON CONFLICT(category, key) DO UPDATE SET value = excluded.value, source = 'explicit', updated_at = datetime('now')"
+      ).run(body.category || "general", body.key, body.value);
+      return Response.json({ ok: true });
+    })() as any;
+  }
+
+  // DELETE /api/dashboard/preferences/:id
+  if (path.match(/^\/preferences\/\d+$/) && req.method === "DELETE") {
+    const id = path.split("/").pop()!;
+    const db = getDb();
+    db.prepare("DELETE FROM user_preferences WHERE id = ?").run(id);
+    return Response.json({ ok: true });
+  }
+
+  // ── TOPICS ──
+
+  // GET /api/dashboard/topics
+  if (path === "/topics" && req.method === "GET") {
+    const db = getDb();
+    const rows = db.query("SELECT * FROM conversation_topics ORDER BY last_message_at DESC").all();
+    return Response.json({ topics: rows });
+  }
+
+  // POST /api/dashboard/topics
+  if (path === "/topics" && req.method === "POST") {
+    return (async () => {
+      const body = (await req.json()) as any;
+      if (!body.name) return Response.json({ error: "name required" }, { status: 400 });
+      const db = getDb();
+      const result = db.prepare("INSERT INTO conversation_topics (name, description) VALUES (?, ?)").run(body.name, body.description || null);
+      return Response.json({ ok: true, id: result.lastInsertRowid });
+    })() as any;
+  }
+
+  // PUT /api/dashboard/topics/:id
+  if (path.match(/^\/topics\/\d+$/) && req.method === "PUT") {
+    return (async () => {
+      const id = path.split("/").pop()!;
+      const body = (await req.json()) as any;
+      const db = getDb();
+      const sets: string[] = [];
+      const vals: any[] = [];
+      if (body.status) { sets.push("status = ?"); vals.push(body.status); }
+      if (body.name) { sets.push("name = ?"); vals.push(body.name); }
+      if (body.description !== undefined) { sets.push("description = ?"); vals.push(body.description || null); }
+      if (sets.length > 0) {
+        sets.push("updated_at = datetime('now')");
+        vals.push(id);
+        db.prepare(`UPDATE conversation_topics SET ${sets.join(", ")} WHERE id = ?`).run(...vals);
+      }
+      return Response.json({ ok: true });
+    })() as any;
+  }
+
+  // DELETE /api/dashboard/topics/:id
+  if (path.match(/^\/topics\/\d+$/) && req.method === "DELETE") {
+    const id = path.split("/").pop()!;
+    const db = getDb();
+    db.prepare("DELETE FROM conversation_topics WHERE id = ?").run(id);
+    return Response.json({ ok: true });
+  }
+
+  // ── FOLLOW-UPS ──
+
+  // GET /api/dashboard/followups
+  if (path === "/followups" && req.method === "GET") {
+    const db = getDb();
+    const rows = db.query("SELECT * FROM follow_ups ORDER BY follow_up_at ASC").all();
+    return Response.json({ followups: rows });
+  }
+
+  // POST /api/dashboard/followups
+  if (path === "/followups" && req.method === "POST") {
+    return (async () => {
+      const body = (await req.json()) as any;
+      if (!body.context || !body.message || !body.follow_up_at) return Response.json({ error: "context, message, and follow_up_at required" }, { status: 400 });
+      const db = getDb();
+      const result = db.prepare("INSERT INTO follow_ups (context, message, follow_up_at) VALUES (?, ?, ?)").run(body.context, body.message, body.follow_up_at);
+      return Response.json({ ok: true, id: result.lastInsertRowid });
+    })() as any;
+  }
+
+  // PUT /api/dashboard/followups/:id
+  if (path.match(/^\/followups\/\d+$/) && req.method === "PUT") {
+    return (async () => {
+      const id = path.split("/").pop()!;
+      const body = (await req.json()) as any;
+      const db = getDb();
+      const sets: string[] = [];
+      const vals: any[] = [];
+      if (body.status) { sets.push("status = ?"); vals.push(body.status); }
+      if (sets.length > 0) {
+        vals.push(id);
+        db.prepare(`UPDATE follow_ups SET ${sets.join(", ")} WHERE id = ?`).run(...vals);
+      }
+      return Response.json({ ok: true });
+    })() as any;
+  }
+
+  // DELETE /api/dashboard/followups/:id
+  if (path.match(/^\/followups\/\d+$/) && req.method === "DELETE") {
+    const id = path.split("/").pop()!;
+    const db = getDb();
+    db.prepare("DELETE FROM follow_ups WHERE id = ?").run(id);
+    return Response.json({ ok: true });
+  }
+
   // GET /api/dashboard/config
   if (path === "/config" && req.method === "GET") {
     return Response.json(getConfigInfo());
@@ -1262,9 +1516,9 @@ async function handleDashboardApi(url: URL, req: Request): Promise<Response | nu
   }
 
   // PUT /api/dashboard/threads/:id — rename thread
-  if (path.match(/^\/threads\/[a-f0-9-]+$/) && req.method === "PUT") {
+  if (path.match(/^\/threads\/[^/]+$/) && req.method === "PUT") {
     return (async () => {
-      const threadId = path.split("/").pop()!;
+      const threadId = decodeURIComponent(path.split("/").pop()!);
       const { title } = await req.json();
       const db = getDb();
       db.prepare(
@@ -1275,8 +1529,8 @@ async function handleDashboardApi(url: URL, req: Request): Promise<Response | nu
   }
 
   // DELETE /api/dashboard/threads/:id — delete thread and session file
-  if (path.match(/^\/threads\/[a-f0-9-]+$/) && req.method === "DELETE") {
-    const threadId = path.split("/").pop()!;
+  if (path.match(/^\/threads\/[^/]+$/) && req.method === "DELETE") {
+    const threadId = decodeURIComponent(path.split("/").pop()!);
     try {
       const db = getDb();
       db.prepare("DELETE FROM threads WHERE id = ?").run(threadId);
@@ -1289,21 +1543,45 @@ async function handleDashboardApi(url: URL, req: Request): Promise<Response | nu
   }
 
   // GET /api/dashboard/threads/:id/messages — get thread messages
-  if (path.match(/^\/threads\/[a-f0-9-]+\/messages$/) && req.method === "GET") {
+  if (path.match(/^\/threads\/[^/]+\/messages$/) && req.method === "GET") {
     return (async () => {
-      const threadId = path.split("/")[2];
+      const threadId = decodeURIComponent(path.split("/")[2]);
       const { loadSession } = await import("../agent/session");
-      const messages = loadSession(threadId, 100);
+      let messages = loadSession(threadId, 100);
+
+      // Fallback: if no session file, load from conversation_messages DB
+      if (messages.length === 0) {
+        try {
+          const db = getDb();
+          const rows = db.query(
+            "SELECT role, content FROM conversation_messages WHERE thread_id = ? ORDER BY timestamp ASC LIMIT 100"
+          ).all(threadId) as Array<{ role: string; content: string }>;
+          messages = rows.map(r => ({ role: r.role as "user" | "assistant", content: r.content }));
+        } catch {}
+      }
+
       return Response.json({ messages });
     })() as any;
   }
 
   // GET /api/dashboard/threads/:id/export — export thread as markdown
-  if (path.match(/^\/threads\/[a-f0-9-]+\/export$/) && req.method === "GET") {
+  if (path.match(/^\/threads\/[^/]+\/export$/) && req.method === "GET") {
     return (async () => {
-      const threadId = path.split("/")[2];
+      const threadId = decodeURIComponent(path.split("/")[2]);
       const { loadSession } = await import("../agent/session");
-      const messages = loadSession(threadId, 1000);
+      let messages = loadSession(threadId, 1000);
+
+      // Fallback: if no session file, load from conversation_messages DB
+      if (messages.length === 0) {
+        try {
+          const db2 = getDb();
+          const rows = db2.query(
+            "SELECT role, content FROM conversation_messages WHERE thread_id = ? ORDER BY timestamp ASC LIMIT 1000"
+          ).all(threadId) as Array<{ role: string; content: string }>;
+          messages = rows.map(r => ({ role: r.role as "user" | "assistant", content: r.content }));
+        } catch {}
+      }
+
       const db = getDb();
       const thread = db.query(
         "SELECT title FROM threads WHERE id = ?"
@@ -2925,7 +3203,7 @@ async function handleRequest(
               }
 
               // Validate threadId format to prevent path traversal
-              if (body.threadId && !/^[a-f0-9-]{36}$/.test(body.threadId)) {
+              if (body.threadId && (/[\/\\\0]/.test(body.threadId) || body.threadId.includes(".."))) {
                 return Response.json({ error: "Invalid thread ID" }, { status: 400 });
               }
 

package/src/llm/claude-code.ts

@@ -2,6 +2,35 @@ import { randomUUID } from "crypto";
 import type { LlmProvider, LlmRequest, LlmResponse, LlmContentBlock } from "./provider";
 import { logger } from "../util/logger";
 
+/** Try to extract a tool_use JSON from the response, handling markdown fences and surrounding text. */
+function extractToolUse(text: string): { name: string; input: Record<string, unknown> } | null {
+  // 1. Try exact parse
+  try {
+    const parsed = JSON.parse(text);
+    if (parsed.tool_use?.name) return parsed.tool_use;
+  } catch {}
+
+  // 2. Try extracting from markdown code fences
+  const fenceMatch = text.match(/```(?:json)?\s*\n?([\s\S]*?)\n?```/);
+  if (fenceMatch) {
+    try {
+      const parsed = JSON.parse(fenceMatch[1].trim());
+      if (parsed.tool_use?.name) return parsed.tool_use;
+    } catch {}
+  }
+
+  // 3. Try finding a JSON object with "tool_use" anywhere in the text
+  const braceMatch = text.match(/\{[\s\S]*"tool_use"[\s\S]*\}/);
+  if (braceMatch) {
+    try {
+      const parsed = JSON.parse(braceMatch[0]);
+      if (parsed.tool_use?.name) return parsed.tool_use;
+    } catch {}
+  }
+
+  return null;
+}
+
 /**
  * LLM provider that uses Claude Code CLI as the backend.
  * Spawns `claude -p <prompt> --output-format json` for each request.
@@ -49,7 +78,21 @@ export class ClaudeCodeProvider implements LlmProvider {
       const toolHint = request.tools.map(t =>
         `Tool: ${t.name} - ${t.description}\nParameters: ${JSON.stringify(t.input_schema)}`
       ).join("\n\n");
-      parts.push(`\nAvailable tools:\n${toolHint}\n\nTo use a tool, respond with JSON: {"tool_use": {"name": "tool_name", "input": {...}}}`);
+      parts.push([
+        `\n## TOOLS`,
+        `You have the following tools available. When the user's request can be fulfilled by a tool, you MUST use it.`,
+        `Do NOT say you can't do something if a matching tool exists — call it instead.\n`,
+        toolHint,
+        `\n## HOW TO CALL A TOOL`,
+        `Respond with ONLY this JSON (no markdown, no explanation, no wrapping):`,
+        `{"tool_use": {"name": "TOOL_NAME", "input": {PARAMETERS}}}`,
+        ``,
+        `Example — user says "add buy milk to my todos":`,
+        `{"tool_use": {"name": "todos", "input": {"action": "add", "title": "Buy milk"}}}`,
+        ``,
+        `CRITICAL: Output raw JSON only. No \`\`\`json blocks. No text before or after. Just the JSON object.`,
+        `If you don't need a tool, respond normally with text.`,
+      ].join("\n"));
     }
 
     const prompt = parts.join("\n\n");
@@ -97,22 +140,20 @@ export class ClaudeCodeProvider implements LlmProvider {
 
       // Check if the response contains tool_use JSON
       const content: LlmContentBlock[] = [];
-      try {
-        const maybeToolUse = JSON.parse(responseText);
-        if (maybeToolUse.tool_use) {
-          content.push({
-            type: "tool_use",
-            id: `cc_${randomUUID()}`,
-            name: maybeToolUse.tool_use.name,
-            input: maybeToolUse.tool_use.input ?? {},
-          });
-          return {
-            content,
-            stopReason: "tool_use",
-            usage: { inputTokens: 0, outputTokens: 0 },
-          };
-        }
-      } catch {}
+      const toolUse = extractToolUse(responseText);
+      if (toolUse) {
+        content.push({
+          type: "tool_use",
+          id: `cc_${randomUUID()}`,
+          name: toolUse.name,
+          input: toolUse.input ?? {},
+        });
+        return {
+          content,
+          stopReason: "tool_use",
+          usage: { inputTokens: 0, outputTokens: 0 },
+        };
+      }
 
       content.push({ type: "text", text: responseText });
 

package/src/llm/codex.ts

@@ -2,6 +2,35 @@ import { randomUUID } from "crypto";
 import type { LlmProvider, LlmRequest, LlmResponse, LlmContentBlock } from "./provider";
 import { logger } from "../util/logger";
 
+/** Try to extract a tool_use JSON from the response, handling markdown fences and surrounding text. */
+function extractToolUse(text: string): { name: string; input: Record<string, unknown> } | null {
+  // 1. Try exact parse
+  try {
+    const parsed = JSON.parse(text);
+    if (parsed.tool_use?.name) return parsed.tool_use;
+  } catch {}
+
+  // 2. Try extracting from markdown code fences: ```json ... ``` or ``` ... ```
+  const fenceMatch = text.match(/```(?:json)?\s*\n?([\s\S]*?)\n?```/);
+  if (fenceMatch) {
+    try {
+      const parsed = JSON.parse(fenceMatch[1].trim());
+      if (parsed.tool_use?.name) return parsed.tool_use;
+    } catch {}
+  }
+
+  // 3. Try finding a JSON object with "tool_use" anywhere in the text
+  const braceMatch = text.match(/\{[\s\S]*"tool_use"[\s\S]*\}/);
+  if (braceMatch) {
+    try {
+      const parsed = JSON.parse(braceMatch[0]);
+      if (parsed.tool_use?.name) return parsed.tool_use;
+    } catch {}
+  }
+
+  return null;
+}
+
 /**
  * LLM provider that uses OpenAI Codex CLI as the backend.
  * Spawns `codex -q <prompt>` for each request.
@@ -46,7 +75,21 @@ export class CodexProvider implements LlmProvider {
       const toolHint = request.tools.map(t =>
         `Tool: ${t.name} - ${t.description}\nParameters: ${JSON.stringify(t.input_schema)}`
       ).join("\n\n");
-      parts.push(`\nAvailable tools:\n${toolHint}\n\nTo use a tool, respond with JSON: {"tool_use": {"name": "tool_name", "input": {...}}}`);
+      parts.push([
+        `\n## TOOLS`,
+        `You have the following tools available. When the user's request can be fulfilled by a tool, you MUST use it.`,
+        `Do NOT say you can't do something if a matching tool exists — call it instead.\n`,
+        toolHint,
+        `\n## HOW TO CALL A TOOL`,
+        `Respond with ONLY this JSON (no markdown, no explanation, no wrapping):`,
+        `{"tool_use": {"name": "TOOL_NAME", "input": {PARAMETERS}}}`,
+        ``,
+        `Example — user says "add buy milk to my todos":`,
+        `{"tool_use": {"name": "todos", "input": {"action": "add", "title": "Buy milk"}}}`,
+        ``,
+        `CRITICAL: Output raw JSON only. No \`\`\`json blocks. No text before or after. Just the JSON object.`,
+        `If you don't need a tool, respond normally with text.`,
+      ].join("\n"));
     }
 
     const prompt = parts.join("\n\n");
@@ -83,23 +126,21 @@ export class CodexProvider implements LlmProvider {
 
       const content: LlmContentBlock[] = [];
 
-      // Check for tool_use response
-      try {
-        const maybeToolUse = JSON.parse(responseText);
-        if (maybeToolUse.tool_use) {
-          content.push({
-            type: "tool_use",
-            id: `cx_${randomUUID()}`,
-            name: maybeToolUse.tool_use.name,
-            input: maybeToolUse.tool_use.input ?? {},
-          });
-          return {
-            content,
-            stopReason: "tool_use",
-            usage: { inputTokens: 0, outputTokens: 0 },
-          };
-        }
-      } catch {}
+      // Check for tool_use response — try exact JSON first, then extract from text
+      const toolUse = extractToolUse(responseText);
+      if (toolUse) {
+        content.push({
+          type: "tool_use",
+          id: `cx_${randomUUID()}`,
+          name: toolUse.name,
+          input: toolUse.input ?? {},
+        });
+        return {
+          content,
+          stopReason: "tool_use",
+          usage: { inputTokens: 0, outputTokens: 0 },
+        };
+      }
 
       content.push({ type: "text", text: responseText });
 

package/src/start.ts

@@ -26,6 +26,10 @@ import { createRouter, type MessageRouter } from "./channels/router";
 import { startHeartbeat } from "./scheduler/heartbeat";
 import { initCronScheduler } from "./scheduler/cron";
 import { initMemory } from "./memory/engine";
+import { registerTodosTool } from "./tools/builtin/todos";
+import { registerNotesTool } from "./tools/builtin/notes";
+import { registerPreferencesTool } from "./tools/builtin/preferences";
+import { registerTopicsTool } from "./tools/builtin/topics";
 import { logger, enableFileLogging } from "./util/logger";
 
 function openBrowser(url: string) {
@@ -227,6 +231,14 @@ export async function startZubo(isDaemon = false) {
   const { registerManageTriggersTool } = await import("./tools/builtin/manage-triggers");
   registerManageTriggersTool();
 
+  // Register personal agent tools
+  registerTodosTool();
+  registerNotesTool();
+  registerPreferencesTool();
+  registerTopicsTool();
+  const { registerFollowUpsTool } = await import("./tools/builtin/follow-ups");
+  registerFollowUpsTool(db, router, config, llm);
+
   // Register code interpreter tool
   if (config.codeInterpreter?.enabled !== false) {
     const codeInterpreterHandler = (await import("./tools/builtin-skills/code-interpreter/handler")).default;

package/src/tools/builtin/diagnose.ts

@@ -27,15 +27,29 @@ export function registerDiagnoseTool(): void {
         ? errors.filter((e) => e.source.includes(category))
         : errors;
 
-      if (filtered.length === 0) {
+      const parts: string[] = [];
+
+      // Check for failed MCP servers
+      try {
+        const { getFailedMcpServers } = await import("../mcp-client");
+        const failed = getFailedMcpServers();
+        if (failed.length > 0) {
+          parts.push(`MCP servers failed to start (${failed.length}):\n${failed.map(f => `  - ${f.name}: ${f.error}`).join("\n")}`);
+        }
+      } catch {}
+
+      if (filtered.length === 0 && parts.length === 0) {
         return "No recent errors found. System appears healthy.";
       }
 
-      const summary = filtered
-        .map((e) => `[${e.timestamp}] ${e.source}: ${e.message}`)
-        .join("\n");
+      if (filtered.length > 0) {
+        const summary = filtered
+          .map((e) => `[${e.timestamp}] ${e.source}: ${e.message}`)
+          .join("\n");
+        parts.push(`Recent errors (${filtered.length}):\n${summary}`);
+      }
 
-      return `Found ${filtered.length} recent error(s):\n${summary}`;
+      return parts.join("\n\n");
     },
   });
 }