zubo 0.1.9 → 0.1.11

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "zubo",
-  "version": "0.1.9",
+  "version": "0.1.11",
   "description": "Your AI agent that never forgets. Persistent memory, 25+ tools, 7 channels, 11+ LLM providers — runs entirely on your machine.",
   "license": "MIT",
   "author": "thomaskanze",

package/src/agent/prompts.ts

@@ -5,7 +5,7 @@ const DEFAULT_PERSONALITY = `You are Zubo, a personal AI agent. You are friendly
 
 ## How you behave
 
-**Act first.** When the user asks you to do something, do it. Don't describe what you could do — use your tools and make it happen. If you need something from the user (an API key, a preference, a clarification), ask for it directly, and once you get it, act on it immediately.
+**Act first.** When the user asks you to do something, do it immediately. Don't describe what you could do — use your tools and make it happen. Don't ask for permission to do what the user just asked you to do (e.g. if they say "check my mails", just call the gmail tool — don't ask "do you approve me reading your emails?"). If you need something from the user (an API key, a preference, a clarification), ask for it directly, and once you get it, act on it immediately.
 
 **Be concise.** Answer in the fewest words that fully address the question. No filler, no preamble. Long explanations only when explicitly asked.
 
@@ -47,9 +47,15 @@ const DEFAULT_PERSONALITY = `You are Zubo, a personal AI agent. You are friendly
 - Delegate tasks using the delegate tool. Sub-agents share your memory but have scoped tools.
 - Keep the main conversation lightweight. Offload complex, self-contained tasks.
 
-## Connecting services
+## Connecting services (integrations)
 
-- **Google** (Gmail, Calendar, Drive): Requires OAuth 2.0. Need both client_id (ends with .apps.googleusercontent.com) and client_secret (starts with GOCSPX-) from Google Cloud Console. Use google_oauth to start the flow.
+Service integrations and LLM providers are COMPLETELY SEPARATE concepts. Never confuse them:
+- **Integrations** = external services like Gmail, GitHub, Notion (connected via OAuth or API tokens)
+- **LLM providers** = the AI model you use for thinking (Anthropic, OpenAI, etc.)
+- If Gmail access is broken, the fix is to re-authenticate Google OAuth — NOT to change the LLM provider. Never suggest changing LLM providers as a fix for integration issues.
+
+How to connect services:
+- **Google** (Gmail, Calendar, Drive): Requires OAuth 2.0. Need both client_id (ends with .apps.googleusercontent.com) and client_secret (starts with GOCSPX-) from Google Cloud Console. The OAuth app type should be "Desktop app" (NOT "Web application"). Use google_oauth tool to manage the full flow.
 - **GitHub**: Personal Access Token. Store as github_token via secret_set.
 - **Notion**: Internal Integration Token from notion.so/my-integrations. Store as notion_token.
 - **Linear**: Personal API Key from Linear > Settings > API. Store as linear_token.
@@ -58,6 +64,13 @@ const DEFAULT_PERSONALITY = `You are Zubo, a personal AI agent. You are friendly
 - **Twitter/X**: Bearer token for reading, full OAuth keys for posting. Store as twitter_bearer_token.
 - When the user says "connect my GitHub" or similar, ask for the credentials, store them with secret_set, then call connect_service.
 
+When Google OAuth expires or a Google tool returns an auth error:
+- Call google_oauth with action "start" (with NO parameters). It will automatically use the stored client_id and client_secret from secrets. Do NOT ask the user to re-provide credentials that are already saved.
+- Only ask the user for credentials if google_oauth returns an error saying credentials are missing.
+- For non-Google services, ask the user to provide a new token and store it with secret_set.
+- NEVER suggest unrelated solutions like changing the LLM provider.
+- NEVER try to guide the user through OAuth setup manually — always use the google_oauth tool.
+
 ## LLM providers
 
 You support 12+ LLM providers. The user can switch at any time using config_update.

package/src/channels/webchat.ts

@@ -1109,29 +1109,32 @@ function handleDashboardApi(url: URL, req: Request): Response | null {
     }
   }
 
-  // GET /api/dashboard/secrets/:name — check if a secret exists (NEVER reveals values)
+  // GET /api/dashboard/secrets/:name — reveal a secret value (dashboard is localhost-only + session-authenticated)
   if (path.startsWith("/secrets/") && req.method === "GET") {
     const secretName = decodeURIComponent(path.replace("/secrets/", ""));
     if (!secretName || !/^[a-z0-9_]+$/.test(secretName)) {
       return Response.json({ error: "Invalid secret name" }, { status: 400 });
     }
     try {
+      const { maskToken } = require("../util/mask") as { maskToken: (s: string) => string };
       // Check config provider keys first
       if (secretName.endsWith("_api_key")) {
         const provider = secretName.replace(/_api_key$/, "");
         try {
           const cfg = JSON.parse(readFileSync(paths.config, "utf-8"));
           if (cfg.providers?.[provider]?.apiKey) {
-            return Response.json({ name: secretName, exists: true, source: "config" });
+            const key = cfg.providers[provider].apiKey;
+            return Response.json({ name: secretName, value: maskToken(key), source: "config" });
           }
         } catch (err: any) {
           logger.warn("Failed to read provider secret from config", { error: (err as Error).message });
         }
       }
       const db = getDb();
-      const row = db.query("SELECT name FROM secrets WHERE name = ?").get(secretName) as { name: string } | null;
-      if (!row) return Response.json({ error: "Not found" }, { status: 404 });
-      return Response.json({ name: secretName, exists: true, source: "secrets" });
+      const { getSecret } = require("../secrets/store") as { getSecret: (name: string) => string | null };
+      const value = getSecret(secretName);
+      if (!value) return Response.json({ error: "Not found" }, { status: 404 });
+      return Response.json({ name: secretName, value: maskToken(value), source: "secrets" });
     } catch (err: any) {
       return Response.json({ error: err.message }, { status: 500 });
     }

package/src/tools/builtin/google-oauth.ts

@@ -80,6 +80,10 @@ async function handleStart(
   clientId?: string,
   clientSecret?: string
 ): Promise<string> {
+  // If credentials not provided as parameters, check stored secrets
+  if (!clientId) clientId = getSecret("google_client_id") ?? undefined;
+  if (!clientSecret) clientSecret = getSecret("google_client_secret") ?? undefined;
+
   if (!clientId || !clientSecret) {
     return JSON.stringify({
       error:

package/src/tools/permissions.ts

@@ -39,6 +39,20 @@ const DEFAULT_PERMISSIONS: Record<string, ToolPermission> = {
   image_generate: "auto",
   google_oauth: "auto",
 
+  // Integration skills — auto because user explicitly requests these actions
+  gmail: "auto",
+  google_calendar: "auto",
+  google_sheets: "auto",
+  google_docs: "auto",
+  google_drive: "auto",
+  github_issues: "auto",
+  github_repos: "auto",
+  github_prs: "auto",
+  notion_pages: "auto",
+  linear_issues: "auto",
+  jira_issues: "auto",
+  slack_messages: "auto",
+
   // Built-in skills — require confirmation (network writes, code execution, system access)
   http_request: "confirm",
   code_interpreter: "confirm",

package/tests/executor.test.ts

@@ -22,11 +22,18 @@ describe("Tool Executor", () => {
     unregisterTool("error_tool");
   });
 
-  it("should execute a registered tool", async () => {
-    const result = await executeTool("test_tool", "t1", { msg: "hello" });
+  it("should execute a registered tool (with confirmation)", async () => {
+    // Unknown tools default to "confirm" — first call returns confirmation token
+    const confirmResult = await executeTool("test_tool", "t1", { msg: "hello" });
+    expect(confirmResult.content).toContain("Confirmation Token:");
+    const tokenMatch = confirmResult.content.match(/Confirmation Token: ([a-f0-9-]+)/);
+    expect(tokenMatch).toBeTruthy();
+
+    // Second call with token executes the tool
+    const result = await executeTool("test_tool", "t1b", { msg: "hello", _confirmToken: tokenMatch![1] });
     expect(result.content).toBe("echo: hello");
     expect(result.is_error).toBe(false);
-    expect(result.tool_use_id).toBe("t1");
+    expect(result.tool_use_id).toBe("t1b");
   });
 
   it("should return error for unknown tool", async () => {
@@ -53,7 +60,14 @@ describe("Tool Executor", () => {
       },
     });
 
-    const result = await executeTool("error_tool", "t4", {});
+    // Unknown tools default to "confirm" — first call returns confirmation token
+    const confirmResult = await executeTool("error_tool", "t4", {});
+    expect(confirmResult.content).toContain("Confirmation Token:");
+    const tokenMatch = confirmResult.content.match(/Confirmation Token: ([a-f0-9-]+)/);
+    expect(tokenMatch).toBeTruthy();
+
+    // Second call with token — tool throws
+    const result = await executeTool("error_tool", "t4b", { _confirmToken: tokenMatch![1] });
     expect(result.is_error).toBe(true);
     expect(result.content).toContain("intentional failure");
   });

package/tests/permissions.test.ts

@@ -14,8 +14,8 @@ describe("getToolPermission", () => {
     expect(getToolPermission("file_write")).toBe("confirm");
   });
 
-  it("returns 'auto' for unknown tools (user-installed skills)", () => {
-    expect(getToolPermission("my_custom_skill")).toBe("auto");
-    expect(getToolPermission("weather")).toBe("auto");
+  it("returns 'confirm' for unknown tools (user-installed skills, MCP)", () => {
+    expect(getToolPermission("my_custom_skill")).toBe("confirm");
+    expect(getToolPermission("weather")).toBe("confirm");
   });
 });

package/tests/tools/executor.test.ts

@@ -41,13 +41,24 @@ describe("executeTool", () => {
     });
 
     try {
-      const result = await executeTool(
+      // Unknown tools default to "confirm" — first call returns confirmation token
+      const confirmResult = await executeTool(
         testToolName,
         "call-789",
         {},
         [testToolName]
       );
+      expect(confirmResult.content).toContain("Confirmation Token:");
+      const tokenMatch = confirmResult.content.match(/Confirmation Token: ([a-f0-9-]+)/);
+      expect(tokenMatch).toBeTruthy();
 
+      // Second call with token executes the tool
+      const result = await executeTool(
+        testToolName,
+        "call-789b",
+        { _confirmToken: tokenMatch![1] },
+        [testToolName]
+      );
       expect(result.is_error).toBe(false);
       expect(result.content).toBe("success");
     } finally {
@@ -56,15 +67,6 @@ describe("executeTool", () => {
   });
 
   test("returns a denied error for tools with deny permission", async () => {
-    // Register a tool and give it the "deny" permission by temporarily
-    // adding it to the permissions map. Since getToolPermission defaults
-    // to "auto" for unknown tools, we test with the "shell" tool which
-    // has "confirm" permission instead. Let's test the confirm flow.
-    // We'll test denied tools by checking the mechanism works correctly.
-
-    // The "shell" tool has "confirm" permission in the default map.
-    // For a truly denied tool, we'd need to modify the permissions map.
-    // Instead, let's verify that when allowedTools blocks a tool, it works.
     const result = await executeTool(
       "shell",
       "call-deny",
@@ -92,13 +94,23 @@ describe("executeTool", () => {
     });
 
     try {
-      const result = await executeTool(testToolName, "call-exec", {
+      // First call: get confirmation token (unknown tools default to "confirm")
+      const confirmResult = await executeTool(testToolName, "call-exec", {
         message: "hello",
       });
+      expect(confirmResult.content).toContain("Confirmation Token:");
+      const tokenMatch = confirmResult.content.match(/Confirmation Token: ([a-f0-9-]+)/);
+      expect(tokenMatch).toBeTruthy();
+
+      // Second call with token: actually execute
+      const result = await executeTool(testToolName, "call-exec2", {
+        message: "hello",
+        _confirmToken: tokenMatch![1],
+      });
 
       expect(result.is_error).toBe(false);
       expect(result.content).toBe("echo: hello");
-      expect(result.tool_use_id).toBe("call-exec");
+      expect(result.tool_use_id).toBe("call-exec2");
     } finally {
       unregisterTool(testToolName);
     }
@@ -119,7 +131,15 @@ describe("executeTool", () => {
     });
 
     try {
-      const result = await executeTool(testToolName, "call-throw", {});
+      // First call: get confirmation token
+      const confirmResult = await executeTool(testToolName, "call-throw", {});
+      const tokenMatch = confirmResult.content.match(/Confirmation Token: ([a-f0-9-]+)/);
+      expect(tokenMatch).toBeTruthy();
+
+      // Second call with token: tool throws
+      const result = await executeTool(testToolName, "call-throw2", {
+        _confirmToken: tokenMatch![1],
+      });
 
       expect(result.is_error).toBe(true);
       expect(result.content).toContain("Something went wrong");