remdb 0.3.171__py3-none-any.whl → 0.3.180__py3-none-any.whl

rem/agentic/mcp/tool_wrapper.py

@@ -161,6 +161,11 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
         param_desc = ", ".join(template_vars)
         description = f"{description}\n\nParameters: {param_desc}"
 
+    # Capture mcp_server reference at tool creation time (for closure)
+    # This ensures the correct server is used even if called later
+    _captured_mcp_server = mcp_server
+    _captured_uri = uri  # Also capture URI for consistent logging
+
     if template_vars:
         # Template URI -> create parameterized tool
         async def wrapper(**kwargs: Any) -> str:
@@ -168,13 +173,17 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
             import asyncio
             import inspect
 
+            logger.debug(f"Resource tool invoked: uri={_captured_uri}, kwargs={kwargs}, mcp_server={'set' if _captured_mcp_server else 'None'}")
+
             # Try to resolve from MCP server's resource templates first
-            if mcp_server is not None:
+            if _captured_mcp_server is not None:
                 try:
                     # Get resource templates from MCP server
-                    templates = await mcp_server.get_resource_templates()
-                    if uri in templates:
-                        template = templates[uri]
+                    templates = await _captured_mcp_server.get_resource_templates()
+                    logger.debug(f"MCP server templates: {list(templates.keys())}")
+                    if _captured_uri in templates:
+                        template = templates[_captured_uri]
+                        logger.debug(f"Found template for {_captured_uri}, calling fn with kwargs={kwargs}")
                         # Call the template's underlying function directly
                         # The fn expects the template variables as kwargs
                         fn_result = template.fn(**kwargs)
@@ -184,17 +193,22 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
                         if isinstance(fn_result, str):
                             return fn_result
                         return json.dumps(fn_result, indent=2)
+                    else:
+                        logger.warning(f"Template {_captured_uri} not found in MCP server templates: {list(templates.keys())}")
                 except Exception as e:
-                    logger.warning(f"Failed to resolve resource {uri} from MCP server: {e}")
+                    logger.warning(f"Failed to resolve resource {_captured_uri} from MCP server: {e}", exc_info=True)
+            else:
+                logger.warning(f"No MCP server provided for resource tool {_captured_uri}, using fallback")
 
             # Fallback: substitute template variables and use load_resource
-            resolved_uri = uri
+            resolved_uri = _captured_uri
             for var in template_vars:
                 if var in kwargs:
                     resolved_uri = resolved_uri.replace(f"{{{var}}}", str(kwargs[var]))
                 else:
                     return json.dumps({"error": f"Missing required parameter: {var}"})
 
+            logger.debug(f"Using fallback load_resource for resolved URI: {resolved_uri}")
             from rem.api.mcp_router.resources import load_resource
             result = await load_resource(resolved_uri)
             if isinstance(result, str):
@@ -208,7 +222,7 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
         wrapper.__annotations__ = {var: str for var in template_vars}
         wrapper.__annotations__['return'] = str
 
-        logger.info(f"Built parameterized resource tool: {func_name} (uri: {uri}, params: {template_vars})")
+        logger.info(f"Built parameterized resource tool: {func_name} (uri: {uri}, params: {template_vars}, mcp_server={'provided' if mcp_server else 'None'})")
     else:
         # Concrete URI -> no-param tool
         async def wrapper(**kwargs: Any) -> str:
@@ -219,12 +233,16 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
             if kwargs:
                 logger.warning(f"Resource tool {func_name} called with unexpected kwargs: {list(kwargs.keys())}")
 
+            logger.debug(f"Concrete resource tool invoked: uri={_captured_uri}, mcp_server={'set' if _captured_mcp_server else 'None'}")
+
             # Try to resolve from MCP server's resources first
-            if mcp_server is not None:
+            if _captured_mcp_server is not None:
                 try:
-                    resources = await mcp_server.get_resources()
-                    if uri in resources:
-                        resource = resources[uri]
+                    resources = await _captured_mcp_server.get_resources()
+                    logger.debug(f"MCP server resources: {list(resources.keys())}")
+                    if _captured_uri in resources:
+                        resource = resources[_captured_uri]
+                        logger.debug(f"Found resource for {_captured_uri}")
                         # Call the resource's underlying function
                         fn_result = resource.fn()
                         if inspect.iscoroutine(fn_result):
@@ -232,12 +250,17 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
                         if isinstance(fn_result, str):
                             return fn_result
                         return json.dumps(fn_result, indent=2)
+                    else:
+                        logger.warning(f"Resource {_captured_uri} not found in MCP server resources: {list(resources.keys())}")
                 except Exception as e:
-                    logger.warning(f"Failed to resolve resource {uri} from MCP server: {e}")
+                    logger.warning(f"Failed to resolve resource {_captured_uri} from MCP server: {e}", exc_info=True)
+            else:
+                logger.warning(f"No MCP server provided for resource tool {_captured_uri}, using fallback")
 
             # Fallback to load_resource
+            logger.debug(f"Using fallback load_resource for URI: {_captured_uri}")
             from rem.api.mcp_router.resources import load_resource
-            result = await load_resource(uri)
+            result = await load_resource(_captured_uri)
             if isinstance(result, str):
                 return result
             return json.dumps(result, indent=2)
@@ -245,6 +268,6 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
         wrapper.__name__ = func_name
         wrapper.__doc__ = description
 
-        logger.info(f"Built resource tool: {func_name} (uri: {uri})")
+        logger.info(f"Built resource tool: {func_name} (uri: {uri}, mcp_server={'provided' if mcp_server else 'None'})")
 
     return Tool(wrapper)

rem/agentic/providers/pydantic_ai.py

@@ -96,6 +96,35 @@ TODO:
 
     Priority: HIGH (blocks production scaling beyond 50 req/sec)
 
+    4. Response Format Control (structured_output enhancement):
+       - Current: structured_output is bool (True=strict schema, False=free-form text)
+       - Missing: OpenAI JSON mode (valid JSON without strict schema enforcement)
+       - Missing: Completions API support (some models only support completions, not chat)
+
+       Proposed schema field values for `structured_output`:
+         - True (default): Strict structured output using provider's native schema support
+         - False: Free-form text response (properties converted to prompt guidance)
+         - "json": JSON mode - ensures valid JSON but no schema enforcement
+                   (OpenAI: response_format={"type": "json_object"})
+         - "text": Explicit free-form text (alias for False)
+
+       Implementation:
+         a) Update AgentSchemaMetadata.structured_output type:
+            structured_output: bool | Literal["json", "text"] = True
+         b) In create_agent(), handle each mode:
+            - True: Use output_type with Pydantic model (current behavior)
+            - False/"text": Convert properties to prompt guidance (current behavior)
+            - "json": Use provider's JSON mode without strict schema
+         c) Provider-specific JSON mode:
+            - OpenAI: model_settings={"response_format": {"type": "json_object"}}
+            - Anthropic: Not supported natively, use prompt guidance
+            - Others: Fallback to prompt guidance with JSON instruction
+
+       Related: Some providers (Cerebras) have completions-only models where
+       structured output isn't available. Consider model capability detection.
+
+       Priority: MEDIUM (enables more flexible output control)
+
 Example Agent Schema:
 {
   "type": "object",
@@ -550,70 +579,73 @@ async def create_agent(
     # Extract schema fields using typed helpers
     from ..schema import get_system_prompt, get_metadata
 
-    # Track whether mcp_servers was explicitly configured (even if empty)
-    mcp_servers_explicitly_set = False
-
     if agent_schema:
         system_prompt = get_system_prompt(agent_schema)
         metadata = get_metadata(agent_schema)
-        # Check if mcp_servers was explicitly set (could be empty list to disable)
-        if hasattr(metadata, 'mcp_servers') and metadata.mcp_servers is not None:
-            mcp_server_configs = [s.model_dump() for s in metadata.mcp_servers]
-            mcp_servers_explicitly_set = True
-        else:
-            mcp_server_configs = []
         resource_configs = metadata.resources if hasattr(metadata, 'resources') else []
 
+        # DEPRECATED: mcp_servers in agent schemas is ignored
+        # MCP servers are now always auto-detected at the application level
+        if hasattr(metadata, 'mcp_servers') and metadata.mcp_servers:
+            logger.warning(
+                "DEPRECATED: mcp_servers in agent schema is ignored. "
+                "MCP servers are auto-detected from tools.mcp_server module. "
+                "Remove mcp_servers from your agent schema."
+            )
+
         if metadata.system_prompt:
             logger.debug("Using custom system_prompt from json_schema_extra")
     else:
         system_prompt = ""
         metadata = None
-        mcp_server_configs = []
         resource_configs = []
 
-    # Auto-detect local MCP server if not explicitly configured
-    # This makes mcp_servers config optional - agents get tools automatically
-    # But if mcp_servers: [] is explicitly set, respect that (no auto-detection)
-    if not mcp_server_configs and not mcp_servers_explicitly_set:
-        import importlib
-        import os
-        import sys
-
-        # Ensure current working directory is in sys.path for local imports
-        cwd = os.getcwd()
-        if cwd not in sys.path:
-            sys.path.insert(0, cwd)
-
-        # Try common local MCP server module paths first
-        auto_detect_modules = [
-            "tools.mcp_server",  # Convention: tools/mcp_server.py
-            "mcp_server",        # Alternative: mcp_server.py in root
-        ]
-        for module_path in auto_detect_modules:
-            try:
-                mcp_module = importlib.import_module(module_path)
-                if hasattr(mcp_module, "mcp"):
-                    logger.info(f"Auto-detected local MCP server: {module_path}")
-                    mcp_server_configs = [{"type": "local", "module": module_path, "id": "auto-detected"}]
-                    break
-            except ImportError:
-                continue
-
-        # Fall back to REM's default MCP server if no local server found
-        if not mcp_server_configs:
-            logger.debug("No local MCP server found, using REM default")
-            mcp_server_configs = [{"type": "local", "module": "rem.mcp_server", "id": "rem"}]
+    # Auto-detect MCP server at application level
+    # Convention: tools/mcp_server.py exports `mcp` FastMCP instance
+    # Falls back to REM's built-in MCP server if no local server found
+    import importlib
+    import os
+    import sys
+
+    # Ensure current working directory is in sys.path for local imports
+    cwd = os.getcwd()
+    if cwd not in sys.path:
+        sys.path.insert(0, cwd)
+
+    mcp_server_configs = []
+    auto_detect_modules = [
+        "tools.mcp_server",  # Convention: tools/mcp_server.py
+        "mcp_server",        # Alternative: mcp_server.py in root
+    ]
+    for module_path in auto_detect_modules:
+        try:
+            mcp_module = importlib.import_module(module_path)
+            if hasattr(mcp_module, "mcp"):
+                logger.info(f"Auto-detected local MCP server: {module_path}")
+                mcp_server_configs = [{"type": "local", "module": module_path, "id": "auto-detected"}]
+                break
+        except ImportError as e:
+            logger.debug(f"MCP server auto-detect: {module_path} not found ({e})")
+            continue
+        except Exception as e:
+            logger.warning(f"MCP server auto-detect: {module_path} failed to load: {e}")
+            continue
+
+    # Fall back to REM's default MCP server if no local server found
+    if not mcp_server_configs:
+        logger.info("No local MCP server found, using REM default (rem.mcp_server)")
+        mcp_server_configs = [{"type": "local", "module": "rem.mcp_server", "id": "rem"}]
 
     # Extract temperature and max_iterations from schema metadata (with fallback to settings defaults)
     if metadata:
         temperature = metadata.override_temperature if metadata.override_temperature is not None else settings.llm.default_temperature
         max_iterations = metadata.override_max_iterations if metadata.override_max_iterations is not None else settings.llm.default_max_iterations
-        use_structured_output = metadata.structured_output
+        # Use schema-level structured_output if set, otherwise fall back to global setting
+        use_structured_output = metadata.structured_output if metadata.structured_output is not None else settings.llm.default_structured_output
     else:
         temperature = settings.llm.default_temperature
         max_iterations = settings.llm.default_max_iterations
-        use_structured_output = True
+        use_structured_output = settings.llm.default_structured_output
 
     # Build list of tools - start with built-in tools
     tools = _get_builtin_tools()
@@ -736,6 +768,7 @@ async def create_agent(
 
     # Create tools from collected resource URIs
     # Pass the loaded MCP server so resources can be resolved from it
+    logger.info(f"Creating {len(resource_uris)} resource tools with mcp_server={'set' if loaded_mcp_server else 'None'}")
     for uri, usage in resource_uris:
         resource_tool = create_resource_tool(uri, usage, mcp_server=loaded_mcp_server)
         tools.append(resource_tool)

rem/agentic/schema.py

@@ -215,12 +215,13 @@ class AgentSchemaMetadata(BaseModel):
     )
 
     # Structured output toggle
-    structured_output: bool = Field(
-        default=True,
+    structured_output: bool | None = Field(
+        default=None,
         description=(
             "Whether to enforce structured JSON output. "
             "When False, the agent produces free-form text and schema properties "
-            "are converted to prompt guidance instead. Default: True (JSON output)."
+            "are converted to prompt guidance instead. "
+            "Default: None (uses LLM__DEFAULT_STRUCTURED_OUTPUT setting, which defaults to False)."
         ),
     )
 

rem/agentic/tools/rem_tools.py

@@ -3,6 +3,17 @@ REM tools for agent execution (CLI and API compatible).
 
 These tools work in both CLI and API contexts by initializing services on-demand.
 They wrap the service layer directly, not MCP tools.
+
+Core tables (always available):
+- resources: Documents, content chunks, artifacts
+- moments: Temporal narratives extracted from resources (usually user-specific)
+- ontologies: Domain entities with semantic links for further lookups (like a wiki)
+
+Other tables (may vary by deployment):
+- users, sessions, messages, files, schemas, feedbacks
+
+Note: Not all tables are populated in all systems. Use FUZZY or SEARCH
+to discover what data exists before assuming specific tables have content.
 """
 
 from typing import Any, Literal, cast

rem/api/mcp_router/resources.py

@@ -349,6 +349,53 @@ def register_agent_resources(mcp: FastMCP):
         except Exception as e:
             return f"# Available Agents\n\nError listing agents: {e}"
 
+    @mcp.resource("rem://agents/{agent_name}")
+    def get_agent_schema(agent_name: str) -> str:
+        """
+        Get a specific agent schema by name.
+
+        Args:
+            agent_name: Name of the agent (e.g., "ask_rem", "agent-builder")
+
+        Returns:
+            Full agent schema as YAML string, or error message if not found.
+        """
+        import importlib.resources
+        import yaml
+        from pathlib import Path
+
+        try:
+            # Find packaged agent schemas
+            agents_ref = importlib.resources.files("rem") / "schemas" / "agents"
+            agents_dir = Path(str(agents_ref))
+
+            if not agents_dir.exists():
+                return f"# Agent Not Found\n\nNo agent schemas directory found."
+
+            # Search for agent file (try multiple extensions)
+            for ext in [".yaml", ".yml", ".json"]:
+                # Try exact match first
+                agent_file = agents_dir / f"{agent_name}{ext}"
+                if agent_file.exists():
+                    with open(agent_file, "r") as f:
+                        content = f.read()
+                    return f"# Agent Schema: {agent_name}\n\n```yaml\n{content}\n```"
+
+                # Try recursive search
+                matches = list(agents_dir.rglob(f"{agent_name}{ext}"))
+                if matches:
+                    with open(matches[0], "r") as f:
+                        content = f.read()
+                    return f"# Agent Schema: {agent_name}\n\n```yaml\n{content}\n```"
+
+            # Not found - list available agents
+            available = [f.stem for f in agents_dir.rglob("*.yaml")] + \
+                       [f.stem for f in agents_dir.rglob("*.yml")]
+            return f"# Agent Not Found\n\nAgent '{agent_name}' not found.\n\nAvailable agents: {', '.join(sorted(set(available)))}"
+
+        except Exception as e:
+            return f"# Error\n\nError loading agent '{agent_name}': {e}"
+
 
 def register_file_resources(mcp: FastMCP):
     """
@@ -501,10 +548,11 @@ async def load_resource(uri: str) -> dict | str:
     Load an MCP resource by URI.
 
     This function is called by the read_resource tool to dispatch to
-    registered resource handlers.
+    registered resource handlers. Supports both regular resources and
+    parameterized resource templates (e.g., rem://agents/{agent_name}).
 
     Args:
-        uri: Resource URI (e.g., "rem://schemas", "rem://status")
+        uri: Resource URI (e.g., "rem://agents", "rem://agents/ask_rem", "rem://status")
 
     Returns:
         Resource data (dict or string)
@@ -512,9 +560,10 @@ async def load_resource(uri: str) -> dict | str:
     Raises:
         ValueError: If URI is invalid or resource not found
     """
-    # Create temporary MCP instance with resources
+    import inspect
     from fastmcp import FastMCP
 
+    # Create temporary MCP instance with resources
     mcp = FastMCP(name="temp")
 
     # Register all resources
@@ -523,14 +572,26 @@ async def load_resource(uri: str) -> dict | str:
     register_file_resources(mcp)
     register_status_resources(mcp)
 
-    # Get resource handlers from MCP internal registry
-    # FastMCP stores resources in a dict by URI
-    if hasattr(mcp, "_resources"):
-        if uri in mcp._resources:
-            handler = mcp._resources[uri]
-            if callable(handler):
-                result = handler()
-                return result if result else {"error": "Resource returned None"}
-
-    # If not found, raise error
-    raise ValueError(f"Resource not found: {uri}. Available resources: {list(mcp._resources.keys()) if hasattr(mcp, '_resources') else 'unknown'}")
+    # 1. Try exact match in regular resources
+    resources = await mcp.get_resources()
+    if uri in resources:
+        resource = resources[uri]
+        result = resource.fn()
+        if inspect.iscoroutine(result):
+            result = await result
+        return result if result else {"error": "Resource returned None"}
+
+    # 2. Try matching against parameterized resource templates
+    templates = await mcp.get_resource_templates()
+    for template_uri, template in templates.items():
+        params = template.matches(uri)
+        if params is not None:
+            # Template matched - call function with extracted parameters
+            result = template.fn(**params)
+            if inspect.iscoroutine(result):
+                result = await result
+            return result if result else {"error": "Resource returned None"}
+
+    # 3. Not found - include both resources and templates in error
+    available = list(resources.keys()) + list(templates.keys())
+    raise ValueError(f"Resource not found: {uri}. Available resources: {available}")

rem/api/mcp_router/server.py

@@ -1,7 +1,7 @@
 """
 MCP server creation and configuration for REM.
 
-Design Pattern 
+Design Pattern
 1. Create FastMCP server with tools and resources
 2. Register tools using @mcp.tool() decorator
 3. Register resources using resource registration functions
@@ -20,10 +20,30 @@ FastMCP Features:
 """
 
 import importlib.metadata
+from functools import wraps
 
 from fastmcp import FastMCP
+from loguru import logger
 
 from ...settings import settings
+from .prompts import register_prompts
+from .resources import (
+    register_agent_resources,
+    register_file_resources,
+    register_schema_resources,
+    register_status_resources,
+)
+from .tools import (
+    ask_rem_agent,
+    get_schema,
+    ingest_into_rem,
+    list_schema,
+    read_resource,
+    register_metadata,
+    save_agent,
+    search_rem,
+    test_error_handling,
+)
 
 # Get package version
 try:
@@ -174,18 +194,7 @@ def create_mcp_server(is_local: bool = False) -> FastMCP:
         ),
     )
 
-    # Register REM tools
-    from .tools import (
-        ask_rem_agent,
-        get_schema,
-        ingest_into_rem,
-        list_schema,
-        read_resource,
-        register_metadata,
-        save_agent,
-        search_rem,
-    )
-
+    # Register core REM tools
     mcp.tool()(search_rem)
     mcp.tool()(ask_rem_agent)
     mcp.tool()(read_resource)
@@ -194,10 +203,13 @@ def create_mcp_server(is_local: bool = False) -> FastMCP:
     mcp.tool()(get_schema)
     mcp.tool()(save_agent)
 
+    # Register test tool only in development environment (not staging/production)
+    if settings.environment not in ("staging", "production"):
+        mcp.tool()(test_error_handling)
+        logger.debug("Registered test_error_handling tool (dev environment only)")
+
     # File ingestion tool (with local path support for local servers)
     # Wrap to inject is_local parameter
-    from functools import wraps
-
     @wraps(ingest_into_rem)
     async def ingest_into_rem_wrapper(
         file_uri: str,
@@ -216,18 +228,9 @@ def create_mcp_server(is_local: bool = False) -> FastMCP:
     mcp.tool()(ingest_into_rem_wrapper)
 
     # Register prompts
-    from .prompts import register_prompts
-
     register_prompts(mcp)
 
     # Register schema resources
-    from .resources import (
-        register_agent_resources,
-        register_file_resources,
-        register_schema_resources,
-        register_status_resources,
-    )
-
     register_schema_resources(mcp)
     register_agent_resources(mcp)
     register_file_resources(mcp)

rem/api/mcp_router/tools.py

@@ -1132,3 +1132,82 @@ async def save_agent(
         result["message"] = f"Agent '{name}' saved. Use `/custom-agent {name}` to chat with it."
 
     return result
+
+
+# =============================================================================
+# Test/Debug Tools (for development only)
+# =============================================================================
+
+@mcp_tool_error_handler
+async def test_error_handling(
+    error_type: Literal["exception", "error_response", "timeout", "success"] = "success",
+    delay_seconds: float = 0,
+    error_message: str = "Test error occurred",
+) -> dict[str, Any]:
+    """
+    Test tool for simulating different error scenarios.
+
+    **FOR DEVELOPMENT/TESTING ONLY** - This tool helps verify that error
+    handling works correctly through the streaming layer.
+
+    Args:
+        error_type: Type of error to simulate:
+            - "success": Returns successful response (default)
+            - "exception": Raises an exception (tests @mcp_tool_error_handler)
+            - "error_response": Returns {"status": "error", ...} dict
+            - "timeout": Delays for 60 seconds (simulates timeout)
+        delay_seconds: Optional delay before responding (0-10 seconds)
+        error_message: Custom error message for error scenarios
+
+    Returns:
+        Dict with test results or error information
+
+    Examples:
+        # Test successful response
+        test_error_handling(error_type="success")
+
+        # Test exception handling
+        test_error_handling(error_type="exception", error_message="Database connection failed")
+
+        # Test error response format
+        test_error_handling(error_type="error_response", error_message="Resource not found")
+
+        # Test with delay
+        test_error_handling(error_type="success", delay_seconds=2)
+    """
+    import asyncio
+
+    logger.info(f"test_error_handling called: type={error_type}, delay={delay_seconds}")
+
+    # Apply delay (capped at 10 seconds for safety)
+    if delay_seconds > 0:
+        await asyncio.sleep(min(delay_seconds, 10))
+
+    if error_type == "exception":
+        # This tests the @mcp_tool_error_handler decorator
+        raise RuntimeError(f"TEST EXCEPTION: {error_message}")
+
+    elif error_type == "error_response":
+        # This tests how the streaming layer handles error status responses
+        return {
+            "status": "error",
+            "error": error_message,
+            "error_code": "TEST_ERROR",
+            "recoverable": True,
+        }
+
+    elif error_type == "timeout":
+        # Simulate a very long operation (for testing client-side timeouts)
+        await asyncio.sleep(60)
+        return {"status": "success", "message": "Timeout test completed (should not reach here)"}
+
+    else:  # success
+        return {
+            "status": "success",
+            "message": "Test completed successfully",
+            "test_data": {
+                "error_type": error_type,
+                "delay_applied": delay_seconds,
+                "timestamp": str(asyncio.get_event_loop().time()),
+            },
+        }

rem/api/routers/auth.py

@@ -30,14 +30,17 @@ Access Control Flow (send-code):
     │   ├── Yes → Check user.tier
     │   │   ├── tier == BLOCKED → Reject "Account is blocked"
     │   │   └── tier != BLOCKED → Allow (send code, existing users grandfathered)
-    │   └── No (new user) → Check EMAIL__TRUSTED_EMAIL_DOMAINS
-    │       ├── Setting configured → domain in trusted list?
-    │       │   ├── Yes → Create user & send code
-    │       │   └── No → Reject "Email domain not allowed for signup"
-    │       └── Not configured (empty) → Create user & send code (no restrictions)
+    │   └── No (new user) → Check subscriber list first
+    │       ├── Email in subscribers table? → Allow (create user & send code)
+    │       └── Not a subscriber → Check EMAIL__TRUSTED_EMAIL_DOMAINS
+    │           ├── Setting configured → domain in trusted list?
+    │           │   ├── Yes → Create user & send code
+    │           │   └── No → Reject "Email domain not allowed for signup"
+    │           └── Not configured (empty) → Create user & send code (no restrictions)
 
 Key Behaviors:
 - Existing users: Always allowed to login (unless tier=BLOCKED)
+- Subscribers: Always allowed to login (regardless of email domain)
 - New users: Must have email from trusted domain (if EMAIL__TRUSTED_EMAIL_DOMAINS is set)
 - No restrictions: Leave EMAIL__TRUSTED_EMAIL_DOMAINS empty to allow all domains
 

rem/cli/commands/ask.py

@@ -75,7 +75,7 @@ async def run_agent_streaming(
     """
     Run agent in streaming mode using agent.iter() with usage limits.
 
-    Design Pattern (from carrier):
+    Design Pattern:
     - Use agent.iter() for complete execution with tool call visibility
     - run_stream() stops after first output, missing tool calls
     - Stream tool call markers: [Calling: tool_name]