-
Chat Model
+
+
{title}
+ {description && (
+
{description}
+ )}
+
{requiresApiKey && (
@@ -254,14 +269,14 @@ export function ChatModelWizard({
value={provider}
onChange={(event) => {
const nextProvider = event.target.value;
- updateSettings("chatModel.provider", nextProvider);
- updateSettings("chatModel.model", "");
+ updateSettings(`${settingsKey}.provider`, nextProvider);
+ updateSettings(`${settingsKey}.model`, "");
if (nextProvider === "ollama") {
- updateSettings("chatModel.baseUrl", "http://localhost:11434/v1");
- updateSettings("chatModel.apiKey", "");
+ updateSettings(`${settingsKey}.baseUrl`, "http://localhost:11434/v1");
+ updateSettings(`${settingsKey}.apiKey`, "");
} else {
- updateSettings("chatModel.baseUrl", "");
+ updateSettings(`${settingsKey}.baseUrl`, "");
}
}}
className="w-full rounded-md border bg-background px-3 py-2 text-sm"
@@ -287,7 +302,7 @@ export function ChatModelWizard({
updateSettings("chatModel.apiKey", event.target.value)}
+ onChange={(event) => updateSettings(`${settingsKey}.apiKey`, event.target.value)}
placeholder={
providerConfig?.envKey
? `Enter key or set ${providerConfig.envKey} in .env`
@@ -323,8 +338,8 @@ export function ChatModelWizard({
Base URL
updateSettings("chatModel.baseUrl", event.target.value)}
+ value={modelConfig.baseUrl || ""}
+ onChange={(event) => updateSettings(`${settingsKey}.baseUrl`, event.target.value)}
placeholder={
provider === "ollama"
? "http://localhost:11434/v1"
@@ -349,7 +364,7 @@ export function ChatModelWizard({
loading={loading}
error={error}
disabled={!hasApiKey}
- onChange={(value) => updateSettings("chatModel.model", value)}
+ onChange={(value) => updateSettings(`${settingsKey}.model`, value)}
placeholder="Select model..."
/>
@@ -367,9 +382,9 @@ export function ChatModelWizard({
step="0.1"
min="0"
max="2"
- value={settings.chatModel.temperature || 0.7}
+ value={modelConfig.temperature || 0.7}
onChange={(event) =>
- updateSettings("chatModel.temperature", parseFloat(event.target.value))
+ updateSettings(`${settingsKey}.temperature`, parseFloat(event.target.value))
}
disabled={!model}
className="max-w-[120px]"
@@ -379,6 +394,64 @@ export function ChatModelWizard({
);
}
+// ---------------------------------------------------------------------------
+// Exported wizards
+// ---------------------------------------------------------------------------
+
+export function ChatModelWizard({
+ settings,
+ updateSettings,
+}: {
+ settings: AppSettings;
+ updateSettings: UpdateSettingsFn;
+}) {
+ return (
+
+ );
+}
+
+export function UtilityModelWizard({
+ settings,
+ updateSettings,
+}: {
+ settings: AppSettings;
+ updateSettings: UpdateSettingsFn;
+}) {
+ return (
+
+ );
+}
+
+export function MultimediaModelWizard({
+ settings,
+ updateSettings,
+}: {
+ settings: AppSettings;
+ updateSettings: UpdateSettingsFn;
+}) {
+ return (
+
+ );
+}
+
export function EmbeddingsModelWizard({
settings,
updateSettings,
@@ -453,12 +526,19 @@ export function EmbeddingsModelWizard({
"gte-large": 1024,
"gte-base": 768,
"mpnet-base": 768,
+ "qwen3-embedding-8b": 4096,
+ "qwen3-embedding-4b": 2048,
+ "qwen3-embedding-0.6b": 1024,
+ "gemini-embedding": 3072,
};
return (
-
Embeddings Model
+
+
Embeddings Model
+
Model for vector embeddings (memory & RAG)
+
{requiresApiKey && (
diff --git a/src/lib/agent/agent.ts b/src/lib/agent/agent.ts
index 41af8fd..598787b 100644
--- a/src/lib/agent/agent.ts
+++ b/src/lib/agent/agent.ts
@@ -3,6 +3,7 @@ import {
generateText,
stepCountIs,
type ModelMessage,
+ type UserContent,
type ToolExecutionOptions,
type ToolSet,
} from "ai";
@@ -13,8 +14,9 @@ import { getChat, saveChat } from "@/lib/storage/chat-store";
import { createAgentTools } from "@/lib/tools/tool";
import { getProjectMcpTools } from "@/lib/mcp/client";
import type { AgentContext } from "@/lib/agent/types";
-import type { ChatMessage } from "@/lib/types";
+import type { Attachment, ChatMessage } from "@/lib/types";
import { publishUiSyncEvent } from "@/lib/realtime/event-bus";
+import fs from "fs/promises";
const LLM_LOG_BORDER = "═".repeat(60);
@@ -107,7 +109,7 @@ function applyGlobalToolLoopGuard(tools: ToolSet): ToolSet {
const wrappedTools: ToolSet = {};
for (const [toolName, toolDef] of Object.entries(tools)) {
- if (toolName === "response" || typeof toolDef.execute !== "function") {
+ if (typeof toolDef.execute !== "function") {
wrappedTools[toolName] = toolDef;
continue;
}
@@ -283,6 +285,41 @@ function convertModelMessageToChatMessages(msg: ModelMessage, now: string): Chat
}];
}
+/**
+ * Check whether the given attachments include any images.
+ */
+function hasImages(attachments?: Attachment[]): boolean {
+ return !!attachments?.some((a) => a.type.startsWith("image/"));
+}
+
+/**
+ * Build a multimodal user message content array from text + image attachments.
+ * Falls back to a plain string when there are no image attachments.
+ */
+async function buildUserContent(
+ text: string,
+ attachments?: Attachment[]
+): Promise
{
+ if (!hasImages(attachments)) {
+ return text;
+ }
+
+ const parts: UserContent = [{ type: "text", text }];
+
+ for (const att of attachments!) {
+ if (att.type.startsWith("image/") && att.path) {
+ const imageData = await fs.readFile(att.path);
+ parts.push({
+ type: "image",
+ image: imageData,
+ mediaType: att.type,
+ });
+ }
+ }
+
+ return parts;
+}
+
function logLLMRequest(options: {
model: string;
system: string;
@@ -325,9 +362,13 @@ export async function runAgent(options: {
projectId?: string;
currentPath?: string;
agentNumber?: number;
+ attachments?: Attachment[];
}) {
const settings = await getSettings();
- const model = createModel(settings.chatModel);
+ const modelConfig = hasImages(options.attachments)
+ ? settings.multimediaModel
+ : settings.chatModel;
+ const model = createModel(modelConfig);
// Build context
const context: AgentContext = {
@@ -376,19 +417,20 @@ export async function runAgent(options: {
tools: toolNames,
});
- // Append user message to history
+ // Append user message to history (multimodal if image attachments present)
+ const userContent = await buildUserContent(options.userMessage, options.attachments);
const messages: ModelMessage[] = [
...context.history,
- { role: "user", content: options.userMessage },
+ { role: "user", content: userContent },
];
logLLMRequest({
- model: `${settings.chatModel.provider}/${settings.chatModel.model}`,
+ model: `${modelConfig.provider}/${modelConfig.model}`,
system: systemPrompt,
messages,
toolNames,
- temperature: settings.chatModel.temperature,
- maxTokens: settings.chatModel.maxTokens,
+ temperature: modelConfig.temperature,
+ maxTokens: modelConfig.maxTokens,
label: "LLM Request (stream)",
});
@@ -398,9 +440,9 @@ export async function runAgent(options: {
system: systemPrompt,
messages,
tools,
- stopWhen: stepCountIs(15), // Allow up to 15 tool call rounds
- temperature: settings.chatModel.temperature ?? 0.7,
- maxOutputTokens: settings.chatModel.maxTokens ?? 4096,
+ stopWhen: stepCountIs(6), // Allow up to 6 tool call rounds (reduced from 15 to prevent runaway loops)
+ temperature: modelConfig.temperature ?? 0.7,
+ maxOutputTokens: modelConfig.maxTokens ?? 4096,
onFinish: async (event) => {
if (mcpCleanup) {
try {
@@ -423,10 +465,28 @@ export async function runAgent(options: {
createdAt: now,
});
- // Add all response messages (assistant + tool calls + tool results)
+ // Add all response messages (assistant + tool calls + tool results).
+ // Merge consecutive assistant-only (no tool calls) messages so that
+ // multi-step agent turns don't produce duplicate text in the history.
const responseMessages = event.response.messages;
for (const msg of responseMessages) {
- chat.messages.push(...convertModelMessageToChatMessages(msg, now));
+ const converted = convertModelMessageToChatMessages(msg, now);
+ for (const cm of converted) {
+ // If the new message is a text-only assistant message and the
+ // previous stored message is also a text-only assistant message,
+ // merge them to avoid duplicate bubbles in the UI.
+ const prev = chat.messages.length > 0 ? chat.messages[chat.messages.length - 1] : null;
+ if (
+ cm.role === "assistant" &&
+ prev?.role === "assistant" &&
+ !cm.toolCalls?.length &&
+ !prev.toolCalls?.length
+ ) {
+ prev.content = cm.content || prev.content;
+ } else {
+ chat.messages.push(cm);
+ }
+ }
}
chat.updatedAt = now;
@@ -464,9 +524,13 @@ export async function runAgentText(options: {
currentPath?: string;
agentNumber?: number;
runtimeData?: Record;
+ attachments?: Attachment[];
}): Promise {
const settings = await getSettings();
- const model = createModel(settings.chatModel);
+ const modelConfig = hasImages(options.attachments)
+ ? settings.multimediaModel
+ : settings.chatModel;
+ const model = createModel(modelConfig);
const context: AgentContext = {
chatId: options.chatId,
@@ -507,18 +571,19 @@ export async function runAgentText(options: {
tools: toolNames,
});
+ const userContent = await buildUserContent(options.userMessage, options.attachments);
const messages: ModelMessage[] = [
...context.history,
- { role: "user", content: options.userMessage },
+ { role: "user", content: userContent },
];
logLLMRequest({
- model: `${settings.chatModel.provider}/${settings.chatModel.model}`,
+ model: `${modelConfig.provider}/${modelConfig.model}`,
system: systemPrompt,
messages,
toolNames,
- temperature: settings.chatModel.temperature,
- maxTokens: settings.chatModel.maxTokens,
+ temperature: modelConfig.temperature,
+ maxTokens: modelConfig.maxTokens,
label: "LLM Request (non-stream)",
});
@@ -528,9 +593,9 @@ export async function runAgentText(options: {
system: systemPrompt,
messages,
tools,
- stopWhen: stepCountIs(15),
- temperature: settings.chatModel.temperature ?? 0.7,
- maxOutputTokens: settings.chatModel.maxTokens ?? 4096,
+ stopWhen: stepCountIs(6), // Reduced from 15 to prevent runaway loops
+ temperature: modelConfig.temperature ?? 0.7,
+ maxOutputTokens: modelConfig.maxTokens ?? 4096,
});
const text = generated.text ?? "";
@@ -552,7 +617,20 @@ export async function runAgentText(options: {
if (Array.isArray(responseMessages) && responseMessages.length > 0) {
for (const msg of responseMessages) {
- latest.messages.push(...convertModelMessageToChatMessages(msg, now));
+ const converted = convertModelMessageToChatMessages(msg, now);
+ for (const cm of converted) {
+ const prev = latest.messages.length > 0 ? latest.messages[latest.messages.length - 1] : null;
+ if (
+ cm.role === "assistant" &&
+ prev?.role === "assistant" &&
+ !cm.toolCalls?.length &&
+ !prev.toolCalls?.length
+ ) {
+ prev.content = cm.content || prev.content;
+ } else {
+ latest.messages.push(cm);
+ }
+ }
}
} else {
latest.messages.push({
@@ -598,7 +676,7 @@ export async function runSubordinateAgent(options: {
parentHistory: ModelMessage[];
}): Promise {
const settings = await getSettings();
- const model = createModel(settings.chatModel);
+ const model = createModel(settings.utilityModel);
const context: AgentContext = {
chatId: `subordinate-${Date.now()}`,
@@ -644,12 +722,12 @@ export async function runSubordinateAgent(options: {
];
logLLMRequest({
- model: `${settings.chatModel.provider}/${settings.chatModel.model}`,
+ model: `${settings.utilityModel.provider}/${settings.utilityModel.model}`,
system: systemPrompt,
messages,
toolNames,
- temperature: settings.chatModel.temperature,
- maxTokens: settings.chatModel.maxTokens,
+ temperature: settings.utilityModel.temperature,
+ maxTokens: settings.utilityModel.maxTokens,
label: "LLM Request (subordinate)",
});
@@ -659,9 +737,9 @@ export async function runSubordinateAgent(options: {
system: systemPrompt,
messages,
tools,
- stopWhen: stepCountIs(10),
- temperature: settings.chatModel.temperature ?? 0.7,
- maxOutputTokens: settings.chatModel.maxTokens ?? 4096,
+ stopWhen: stepCountIs(5), // Reduced from 10 to prevent runaway loops
+ temperature: settings.utilityModel.temperature ?? 0.7,
+ maxOutputTokens: settings.utilityModel.maxTokens ?? 4096,
});
return text;
} finally {
diff --git a/src/lib/agent/prompts.ts b/src/lib/agent/prompts.ts
index 228de6c..7589272 100644
--- a/src/lib/agent/prompts.ts
+++ b/src/lib/agent/prompts.ts
@@ -10,14 +10,6 @@ import { getChatFiles } from "@/lib/storage/chat-files-store";
const PROMPTS_DIR = path.join(process.cwd(), "src", "prompts");
-function escapeXml(s: string): string {
- return s
- .replace(/&/g, "&")
- .replace(//g, ">")
- .replace(/"/g, """);
-}
-
/**
* Load a prompt template from the prompts directory
*/
@@ -89,33 +81,21 @@ export async function buildSystemPrompt(options: {
: `You are a subordinate agent (level ${agentNum}), delegated a task by Agent ${agentNum - 1}.`)
);
- // 3. Tool prompts
+ // 3. Compact tool usage rules (detailed descriptions are already in tool schemas)
if (options.tools && options.tools.length > 0) {
const mcpToolNames = options.tools.filter((t) => t.startsWith("mcp_"));
- for (const toolName of options.tools) {
- const toolPrompt = await loadPrompt(`tool-${toolName}`);
- if (toolPrompt) {
- parts.push(`\n## Tool: ${toolName}\n${toolPrompt}`);
- }
- }
if (mcpToolNames.length > 0) {
parts.push(
- `\n## MCP (Model Context Protocol) tools\n` +
- `This project has ${mcpToolNames.length} tool(s) from connected MCP servers. ` +
- `Tool names are prefixed with \`mcp__\`. Use them when the task matches their description.\n\n` +
- `MCP execution rules:\n` +
- `- After an error, do not repeat the same MCP tool call with identical arguments.\n` +
- `- Read error details and change the payload before retrying.\n` +
- `- For n8n workflow updates, use a real workflow id from a successful tool response; never guess ids.`
+ `\n## MCP Tools\n` +
+ `${mcpToolNames.length} MCP tool(s) available (prefixed \`mcp__\`). ` +
+ `After an error, change the payload before retrying.`
);
}
parts.push(
- `\n## Tool Loop Safety\n` +
- `- After a failed tool call, do not repeat the same tool with identical arguments.\n` +
- `- Use the tool's error details to change parameters before retrying.\n` +
- `- For skill tools (load_skill/load_skill_resource/create_skill/update_skill/delete_skill/write_skill_file), use exact skill names and valid paths.\n` +
- `- If two corrected attempts still fail, report the blocker to the user instead of retrying endlessly.`
+ `\n## Tool Rules\n` +
+ `- Never repeat a failed tool call with identical arguments; read the error and adjust.\n` +
+ `- After two corrected attempts still fail, report the blocker to the user.`
);
}
@@ -131,73 +111,41 @@ export async function buildSystemPrompt(options: {
: "")
);
- // 4b. Project Skills — metadata only at startup; full instructions via load_skill tool (integrate-skills)
+ // 4b. Project Skills — compact list; full instructions loaded via load_skill tool
const skillsMeta = await loadProjectSkillsMetadata(options.projectId);
if (skillsMeta.length > 0) {
+ const list = skillsMeta.map((s) => `- **${s.name}**: ${s.description}`).join("\n");
parts.push(
- `\n## Project Skills (available)\n` +
- `This project has ${skillsMeta.length} skill(s). Match the user's task to a skill by description. When a task matches a skill, call the **load_skill** tool with that skill's name to load its full instructions, then follow them. Use only skills that apply.\n` +
- `\n` +
- skillsMeta
- .map(
- (s) =>
- ` \n ${escapeXml(s.name)}\n ${escapeXml(s.description)}\n `
- )
- .join("\n") +
- `\n`
+ `\n## Skills\nOnly use **load_skill** when the task requires the skill's specialized multi-step workflow. ` +
+ `Do NOT load a skill if a single tool call (e.g. search_web) can answer the question.\n${list}`
);
}
}
}
- // 5. Available Files (Project Directory + Chat Uploaded)
+ // 5. Available Files — compact list (paths only)
if (options.projectId || options.chatId) {
- const filesSections: string[] = [];
+ const filePaths: string[] = [];
- // 5a. Project directory files
if (options.projectId) {
try {
const projectFiles = await getAllProjectFilesRecursive(options.projectId);
- if (projectFiles.length > 0) {
- const rows = projectFiles
- .slice(0, 50) // Limit to 50 files to avoid huge prompts
- .map((f) => `| ${f.name} | ${f.path} | ${formatFileSize(f.size)} |`)
- .join("\n");
- filesSections.push(
- `### Project Directory Files\n` +
- `| File | Path | Size |\n|------|------|------|\n${rows}` +
- (projectFiles.length > 50 ? `\n\n*...and ${projectFiles.length - 50} more files*` : "")
- );
+ filePaths.push(...projectFiles.slice(0, 30).map((f) => f.path));
+ if (projectFiles.length > 30) {
+ filePaths.push(`... and ${projectFiles.length - 30} more`);
}
- } catch {
- // Ignore errors when getting project files
- }
+ } catch { /* ignore */ }
}
- // 5b. Chat uploaded files
if (options.chatId) {
try {
const chatFiles = await getChatFiles(options.chatId);
- if (chatFiles.length > 0) {
- const rows = chatFiles
- .map((f) => `| ${f.name} | ${f.path} | ${formatFileSize(f.size)} |`)
- .join("\n");
- filesSections.push(
- `### Chat Uploaded Files\n` +
- `| File | Path | Size |\n|------|------|------|\n${rows}`
- );
- }
- } catch {
- // Ignore errors when getting chat files
- }
+ filePaths.push(...chatFiles.map((f) => f.path));
+ } catch { /* ignore */ }
}
- if (filesSections.length > 0) {
- parts.push(
- `\n## Available Files\n` +
- `These files are available in this context. You can read them using the code_execution tool.\n\n` +
- filesSections.join("\n\n")
- );
+ if (filePaths.length > 0) {
+ parts.push(`\n## Files\n${filePaths.join("\n")}`);
}
}
@@ -209,39 +157,15 @@ export async function buildSystemPrompt(options: {
return parts.join("\n\n");
}
-/**
- * Format file size in human-readable format
- */
-function formatFileSize(bytes: number): string {
- if (bytes < 1024) return `${bytes} B`;
- if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
- return `${(bytes / (1024 * 1024)).toFixed(1)} MB`;
-}
-
function getDefaultSystemPrompt(): string {
return `# Eggent Agent
-You are a helpful AI assistant with access to tools that allow you to:
-- Execute code (Python, Node.js, Shell commands)
-- Save and retrieve information from persistent memory
-- Search the internet for current information
-- Query a knowledge base of documents
-- Delegate complex subtasks to subordinate agents
-
-## Guidelines
-
-1. **Be helpful and direct.** Answer the user's question or complete their task.
-2. **Use tools when needed.** If a task requires running code, searching, or remembering information, use the appropriate tool.
-3. **Think step by step.** For complex tasks, break them down and use tools iteratively.
-4. **Memory management.** Save important facts, preferences, and solutions to memory for future reference.
-5. **Code execution.** When writing code, prefer Python for data processing and Node.js for web tasks. Always handle errors.
-6. **Respond clearly.** Use markdown formatting for readability. Include code blocks with language tags.
-
-## Important Rules
-
-- Always use the response tool to provide your final answer to the user.
-- If you need to execute code, use the code_execution tool.
-- If the user asks you to remember something, save it to memory.
-- If you need current information, use the search tool.
-- Never make up information. If you don't know something, say so or search for it.`;
+You are a helpful AI assistant with tool access (code execution, memory, web search, file I/O, cron, multi-agent delegation).
+
+## Rules
+- Answer simple questions directly with text — no tool calls needed.
+- Use tools only when the task genuinely requires them.
+- Do NOT use code_execution for questions you can answer from knowledge.
+- Never fabricate information — search or say you don't know.
+- Be direct, concise, use markdown formatting.`;
}
diff --git a/src/lib/auth/get-current-user.ts b/src/lib/auth/get-current-user.ts
new file mode 100644
index 0000000..d26297f
--- /dev/null
+++ b/src/lib/auth/get-current-user.ts
@@ -0,0 +1,19 @@
+import { cookies } from "next/headers";
+import { AUTH_COOKIE_NAME, verifySessionToken } from "@/lib/auth/session";
+import { getUserByUsername, type User } from "@/lib/storage/users-store";
+
+/**
+ * Extract the current authenticated user from the session cookie.
+ * Returns null if no valid session or user not found.
+ * Intended for use inside API routes / server components.
+ */
+export async function getCurrentUser(): Promise {
+ const cookieStore = await cookies();
+ const token = cookieStore.get(AUTH_COOKIE_NAME)?.value;
+ if (!token) return null;
+
+ const session = await verifySessionToken(token);
+ if (!session) return null;
+
+ return getUserByUsername(session.username);
+}
diff --git a/src/lib/external/handle-external-message.ts b/src/lib/external/handle-external-message.ts
index 158c89a..f68b0c0 100644
--- a/src/lib/external/handle-external-message.ts
+++ b/src/lib/external/handle-external-message.ts
@@ -7,7 +7,7 @@ import {
saveExternalSession,
type ExternalSession,
} from "@/lib/storage/external-session-store";
-import type { ChatMessage } from "@/lib/types";
+import type { Attachment, ChatMessage } from "@/lib/types";
export interface HandleExternalMessageInput {
sessionId: string;
@@ -16,6 +16,7 @@ export interface HandleExternalMessageInput {
chatId?: string;
currentPath?: string;
runtimeData?: Record;
+ attachments?: Attachment[];
}
interface SwitchProjectSignal {
@@ -192,16 +193,7 @@ export async function handleExternalMessage(
let resolvedProjectId: string | undefined;
- if (explicitProjectId) {
- if (!projectById.has(explicitProjectId)) {
- throw new ExternalMessageError(404, {
- error: `Project "${explicitProjectId}" not found`,
- availableProjects: projects.map((project) => ({
- id: project.id,
- name: project.name,
- })),
- });
- }
+ if (explicitProjectId && projectById.has(explicitProjectId)) {
resolvedProjectId = explicitProjectId;
session.activeProjectId = explicitProjectId;
} else if (session.activeProjectId && projectById.has(session.activeProjectId)) {
@@ -258,6 +250,7 @@ export async function handleExternalMessage(
projectId: resolvedProjectId,
currentPath: currentPath || undefined,
runtimeData: input.runtimeData,
+ attachments: input.attachments,
});
const afterChat = await getChat(resolvedChatId);
diff --git a/src/lib/storage/chat-store.ts b/src/lib/storage/chat-store.ts
index 767ed0a..90146aa 100644
--- a/src/lib/storage/chat-store.ts
+++ b/src/lib/storage/chat-store.ts
@@ -10,7 +10,7 @@ async function ensureDir(dir: string) {
await fs.mkdir(dir, { recursive: true });
}
-export async function getAllChats(): Promise {
+export async function getAllChats(filterUserId?: string): Promise {
await ensureDir(CHATS_DIR);
const files = await fs.readdir(CHATS_DIR);
const chats: ChatListItem[] = [];
@@ -20,10 +20,14 @@ export async function getAllChats(): Promise {
try {
const content = await fs.readFile(path.join(CHATS_DIR, file), "utf-8");
const chat: Chat = JSON.parse(content);
+ // Per-user isolation: skip chats owned by other users.
+ // Chats without userId (legacy) are visible to everyone.
+ if (filterUserId && chat.userId && chat.userId !== filterUserId) continue;
chats.push({
id: chat.id,
title: chat.title,
projectId: chat.projectId,
+ userId: chat.userId,
createdAt: chat.createdAt,
updatedAt: chat.updatedAt,
messageCount: chat.messages.length,
@@ -109,13 +113,15 @@ export async function deleteChatsByProjectId(projectId: string): Promise
export async function createChat(
id: string,
title: string,
- projectId?: string
+ projectId?: string,
+ userId?: string
): Promise {
const now = new Date().toISOString();
const chat: Chat = {
id,
title,
projectId,
+ userId,
messages: [],
createdAt: now,
updatedAt: now,
diff --git a/src/lib/storage/project-store.ts b/src/lib/storage/project-store.ts
index 01717f1..eee6891 100644
--- a/src/lib/storage/project-store.ts
+++ b/src/lib/storage/project-store.ts
@@ -671,7 +671,12 @@ export async function loadProjectSkills(
return skills;
}
-export async function getAllProjects(): Promise {
+/**
+ * Return all projects. When filterUserId is provided, only return projects
+ * that belong to that user OR are shared. Legacy projects without ownerId
+ * are visible to everyone.
+ */
+export async function getAllProjects(filterUserId?: string): Promise {
await ensureDir(PROJECTS_DIR);
const entries = await fs.readdir(PROJECTS_DIR, { withFileTypes: true });
const projects: Project[] = [];
@@ -681,7 +686,11 @@ export async function getAllProjects(): Promise {
try {
const metaFile = projectMetaFile(entry.name);
const content = await fs.readFile(metaFile, "utf-8");
- projects.push(JSON.parse(content));
+ const project: Project = JSON.parse(content);
+ if (filterUserId && project.ownerId && project.ownerId !== filterUserId && !project.isShared) {
+ continue;
+ }
+ projects.push(project);
} catch {
// skip projects without metadata
}
diff --git a/src/lib/storage/settings-store.ts b/src/lib/storage/settings-store.ts
index 5866489..417a210 100644
--- a/src/lib/storage/settings-store.ts
+++ b/src/lib/storage/settings-store.ts
@@ -16,20 +16,26 @@ async function ensureDir(dir: string) {
export const DEFAULT_SETTINGS: AppSettings = {
chatModel: {
- provider: "openai",
- model: "gpt-4o",
+ provider: "openrouter",
+ model: "anthropic/claude-sonnet-4-6",
temperature: 0.7,
maxTokens: 4096,
},
utilityModel: {
- provider: "openai",
- model: "gpt-4o-mini",
+ provider: "openrouter",
+ model: "anthropic/claude-opus-4-6",
temperature: 0.3,
- maxTokens: 2048,
+ maxTokens: 8192,
+ },
+ multimediaModel: {
+ provider: "openrouter",
+ model: "google/gemini-3.1-flash-image-preview",
+ temperature: 0.5,
+ maxTokens: 4096,
},
embeddingsModel: {
- provider: "openai",
- model: "text-embedding-3-small",
+ provider: "openrouter",
+ model: "qwen/qwen3-embedding-8b",
dimensions: 1536,
},
codeExecution: {
diff --git a/src/lib/storage/telegram-integration-store.ts b/src/lib/storage/telegram-integration-store.ts
index 041e2a0..439034e 100644
--- a/src/lib/storage/telegram-integration-store.ts
+++ b/src/lib/storage/telegram-integration-store.ts
@@ -305,7 +305,12 @@ export async function getTelegramIntegrationRuntimeConfig(): Promise;
+ /** Lifetime totals */
+ totalMessages: number;
+ totalEstimatedTokens: number;
+ updatedAt: string;
+}
+
+interface UsageStatsFile {
+ users: Record;
+}
+
+// ---------------------------------------------------------------------------
+// Paths
+// ---------------------------------------------------------------------------
+
+const DATA_DIR = path.join(process.cwd(), "data");
+const STATS_FILE = path.join(DATA_DIR, "settings", "usage-stats.json");
+
+// ---------------------------------------------------------------------------
+// Persistence
+// ---------------------------------------------------------------------------
+
+async function ensureDir() {
+ await fs.mkdir(path.dirname(STATS_FILE), { recursive: true });
+}
+
+async function readStatsFile(): Promise {
+ try {
+ const content = await fs.readFile(STATS_FILE, "utf-8");
+ const parsed = JSON.parse(content) as unknown;
+ if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+ const file = parsed as UsageStatsFile;
+ if (file.users && typeof file.users === "object") return file;
+ }
+ } catch {
+ // file missing or corrupt
+ }
+ return { users: {} };
+}
+
+async function writeStatsFile(data: UsageStatsFile): Promise {
+ await ensureDir();
+ await fs.writeFile(STATS_FILE, JSON.stringify(data, null, 2), "utf-8");
+}
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function todayKey(): string {
+ return new Date().toISOString().slice(0, 10);
+}
+
+function estimateTokens(text: string): number {
+ // Rough estimate: ~4 characters per token
+ return Math.ceil(text.length / 4);
+}
+
+/** Remove daily entries older than 90 days to keep the file compact. */
+function pruneOldEntries(stats: UserUsageStats): void {
+ const cutoff = new Date();
+ cutoff.setDate(cutoff.getDate() - 90);
+ const cutoffStr = cutoff.toISOString().slice(0, 10);
+ for (const dateKey of Object.keys(stats.daily)) {
+ if (dateKey < cutoffStr) {
+ delete stats.daily[dateKey];
+ }
+ }
+}
+
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+
+/**
+ * Record a message exchange for a user. Call this after a successful
+ * chat message + agent response cycle.
+ */
+export async function recordMessageUsage(params: {
+ userId: string;
+ userMessageLength: number;
+ assistantMessageLength: number;
+}): Promise {
+ const { userId, userMessageLength, assistantMessageLength } = params;
+ const data = await readStatsFile();
+
+ if (!data.users[userId]) {
+ data.users[userId] = {
+ userId,
+ daily: {},
+ totalMessages: 0,
+ totalEstimatedTokens: 0,
+ updatedAt: new Date().toISOString(),
+ };
+ }
+
+ const stats = data.users[userId];
+ const today = todayKey();
+
+ if (!stats.daily[today]) {
+ stats.daily[today] = {
+ date: today,
+ messageCount: 0,
+ estimatedTokens: 0,
+ };
+ }
+
+ const tokens = estimateTokens(
+ " ".repeat(userMessageLength) + " ".repeat(assistantMessageLength)
+ );
+
+ stats.daily[today].messageCount += 1;
+ stats.daily[today].estimatedTokens += tokens;
+ stats.totalMessages += 1;
+ stats.totalEstimatedTokens += tokens;
+ stats.updatedAt = new Date().toISOString();
+
+ pruneOldEntries(stats);
+ data.users[userId] = stats;
+ await writeStatsFile(data);
+}
+
+/**
+ * Get usage stats for a specific user.
+ */
+export async function getUserUsageStats(
+ userId: string
+): Promise {
+ const data = await readStatsFile();
+ return data.users[userId] ?? null;
+}
+
+/**
+ * Get usage stats for all users (admin view).
+ */
+export async function getAllUsageStats(): Promise {
+ const data = await readStatsFile();
+ return Object.values(data.users);
+}
+
+/**
+ * Get today's message count for a user (for quota checking).
+ */
+export async function getTodayMessageCount(userId: string): Promise {
+ const data = await readStatsFile();
+ const stats = data.users[userId];
+ if (!stats) return 0;
+ const today = todayKey();
+ return stats.daily[today]?.messageCount ?? 0;
+}
+
+/**
+ * Get current month's estimated token usage for a user (for quota checking).
+ */
+export async function getCurrentMonthTokens(userId: string): Promise {
+ const data = await readStatsFile();
+ const stats = data.users[userId];
+ if (!stats) return 0;
+
+ const now = new Date();
+ const monthPrefix = `${now.getFullYear()}-${String(now.getMonth() + 1).padStart(2, "0")}`;
+ let total = 0;
+ for (const [dateKey, daily] of Object.entries(stats.daily)) {
+ if (dateKey.startsWith(monthPrefix)) {
+ total += daily.estimatedTokens;
+ }
+ }
+ return total;
+}
+
+/**
+ * Check if a user has exceeded their daily message quota.
+ * Returns true if the user CAN send a message (under quota or unlimited).
+ */
+export async function checkDailyQuota(
+ userId: string,
+ dailyLimit: number
+): Promise {
+ if (dailyLimit <= 0) return true; // 0 = unlimited
+ const count = await getTodayMessageCount(userId);
+ return count < dailyLimit;
+}
+
+/**
+ * Check if a user has exceeded their monthly token quota.
+ * Returns true if the user CAN send a message (under quota or unlimited).
+ */
+export async function checkMonthlyTokenQuota(
+ userId: string,
+ monthlyLimit: number
+): Promise {
+ if (monthlyLimit <= 0) return true; // 0 = unlimited
+ const tokens = await getCurrentMonthTokens(userId);
+ return tokens < monthlyLimit;
+}
diff --git a/src/lib/storage/users-store.ts b/src/lib/storage/users-store.ts
new file mode 100644
index 0000000..3c0a00a
--- /dev/null
+++ b/src/lib/storage/users-store.ts
@@ -0,0 +1,383 @@
+import fs from "fs/promises";
+import path from "path";
+import { randomBytes } from "node:crypto";
+import { hashPassword } from "@/lib/auth/password";
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+export type UserRole = "admin" | "user";
+
+export interface UserPermissions {
+ chat: boolean;
+ projects: boolean;
+ knowledge: boolean;
+ codeExecution: boolean;
+ webSearch: boolean;
+ fileUpload: boolean;
+ imageGeneration: boolean;
+ telegram: boolean;
+}
+
+export interface UserQuotas {
+ /** 0 = unlimited */
+ dailyMessageLimit: number;
+ /** 0 = unlimited */
+ monthlyTokenLimit: number;
+}
+
+export interface User {
+ id: string;
+ username: string;
+ displayName: string;
+ passwordHash: string;
+ role: UserRole;
+ mustChangePassword: boolean;
+ permissions: UserPermissions;
+ quotas: UserQuotas;
+ telegramUserId: string | null;
+ createdAt: string;
+ lastLoginAt: string | null;
+}
+
+/** User object without the password hash — safe for API responses. */
+export type SafeUser = Omit;
+
+interface UsersFile {
+ users: User[];
+}
+
+// ---------------------------------------------------------------------------
+// Paths
+// ---------------------------------------------------------------------------
+
+const DATA_DIR = path.join(process.cwd(), "data");
+const SETTINGS_DIR = path.join(DATA_DIR, "settings");
+const USERS_FILE = path.join(SETTINGS_DIR, "users.json");
+
+// ---------------------------------------------------------------------------
+// Defaults
+// ---------------------------------------------------------------------------
+
+export const DEFAULT_PERMISSIONS: UserPermissions = {
+ chat: true,
+ projects: true,
+ knowledge: true,
+ codeExecution: true,
+ webSearch: true,
+ fileUpload: true,
+ imageGeneration: true,
+ telegram: true,
+};
+
+const DEFAULT_QUOTAS: UserQuotas = {
+ dailyMessageLimit: 0,
+ monthlyTokenLimit: 0,
+};
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function generateUserId(): string {
+ return `usr_${randomBytes(8).toString("hex")}`;
+}
+
+async function ensureDir(dir: string) {
+ await fs.mkdir(dir, { recursive: true });
+}
+
+function stripPasswordHash(user: User): SafeUser {
+ const { passwordHash: _, ...safe } = user;
+ return safe;
+}
+
+// ---------------------------------------------------------------------------
+// Persistence (read / write)
+// ---------------------------------------------------------------------------
+
+async function readUsersFile(): Promise {
+ await ensureDir(SETTINGS_DIR);
+ try {
+ const content = await fs.readFile(USERS_FILE, "utf-8");
+ const parsed = JSON.parse(content) as unknown;
+ if (
+ parsed &&
+ typeof parsed === "object" &&
+ !Array.isArray(parsed) &&
+ Array.isArray((parsed as UsersFile).users)
+ ) {
+ return parsed as UsersFile;
+ }
+ } catch {
+ // file missing or corrupt — fall through
+ }
+ return { users: [] };
+}
+
+async function writeUsersFile(data: UsersFile): Promise {
+ await ensureDir(SETTINGS_DIR);
+ await fs.writeFile(USERS_FILE, JSON.stringify(data, null, 2), "utf-8");
+}
+
+// ---------------------------------------------------------------------------
+// Migration: bootstrap initial admin from legacy settings.auth
+// ---------------------------------------------------------------------------
+
+let migrationDone = false;
+
+/**
+ * Ensures at least one admin user exists. On the very first call it reads
+ * the legacy `settings.json → auth` block and creates a matching admin user
+ * in the users store, preserving the existing passwordHash and
+ * mustChangeCredentials flag.
+ */
+async function ensureInitialized(): Promise {
+ if (migrationDone) return;
+
+ const data = await readUsersFile();
+ if (data.users.length > 0) {
+ migrationDone = true;
+ return;
+ }
+
+ // Read legacy settings to migrate from
+ let legacyUsername = "admin";
+ let legacyPasswordHash: string | undefined;
+ let legacyMustChange = true;
+
+ try {
+ const settingsPath = path.join(SETTINGS_DIR, "settings.json");
+ const raw = await fs.readFile(settingsPath, "utf-8");
+ const settings = JSON.parse(raw) as {
+ auth?: {
+ username?: string;
+ passwordHash?: string;
+ mustChangeCredentials?: boolean;
+ };
+ };
+
+ if (settings.auth) {
+ if (settings.auth.username) legacyUsername = settings.auth.username;
+ if (settings.auth.passwordHash)
+ legacyPasswordHash = settings.auth.passwordHash;
+ if (typeof settings.auth.mustChangeCredentials === "boolean")
+ legacyMustChange = settings.auth.mustChangeCredentials;
+ }
+ } catch {
+ // No settings file — use defaults
+ }
+
+ const now = new Date().toISOString();
+ const adminUser: User = {
+ id: generateUserId(),
+ username: legacyUsername,
+ displayName: legacyUsername.charAt(0).toUpperCase() + legacyUsername.slice(1),
+ passwordHash: legacyPasswordHash || hashPassword("admin"),
+ role: "admin",
+ mustChangePassword: legacyMustChange,
+ permissions: { ...DEFAULT_PERMISSIONS },
+ quotas: { ...DEFAULT_QUOTAS },
+ telegramUserId: null,
+ createdAt: now,
+ lastLoginAt: null,
+ };
+
+ data.users.push(adminUser);
+ await writeUsersFile(data);
+ migrationDone = true;
+}
+
+// ---------------------------------------------------------------------------
+// Public API — Read
+// ---------------------------------------------------------------------------
+
+export async function getAllUsers(): Promise {
+ await ensureInitialized();
+ const data = await readUsersFile();
+ return data.users.map(stripPasswordHash);
+}
+
+export async function getUserById(id: string): Promise {
+ await ensureInitialized();
+ const data = await readUsersFile();
+ return data.users.find((u) => u.id === id) ?? null;
+}
+
+export async function getUserByUsername(
+ username: string
+): Promise {
+ await ensureInitialized();
+ const data = await readUsersFile();
+ const lower = username.toLowerCase();
+ return data.users.find((u) => u.username.toLowerCase() === lower) ?? null;
+}
+
+export async function getUserByTelegramId(
+ telegramUserId: string
+): Promise {
+ await ensureInitialized();
+ const data = await readUsersFile();
+ return (
+ data.users.find((u) => u.telegramUserId === telegramUserId) ?? null
+ );
+}
+
+export async function getSafeUserById(id: string): Promise {
+ const user = await getUserById(id);
+ return user ? stripPasswordHash(user) : null;
+}
+
+// ---------------------------------------------------------------------------
+// Public API — Write
+// ---------------------------------------------------------------------------
+
+export interface CreateUserInput {
+ username: string;
+ displayName?: string;
+ password: string;
+ role?: UserRole;
+ permissions?: Partial;
+ quotas?: Partial;
+}
+
+export async function createUser(input: CreateUserInput): Promise {
+ await ensureInitialized();
+
+ const username = input.username.trim().toLowerCase();
+ if (!username || username.length < 3 || username.length > 64) {
+ throw new Error("Username must be 3-64 characters");
+ }
+ if (!/^[a-z0-9._-]+$/.test(username)) {
+ throw new Error(
+ "Username may only contain lowercase letters, numbers, dots, hyphens and underscores"
+ );
+ }
+
+ const password = input.password.trim();
+ if (password.length < 8 || password.length > 128) {
+ throw new Error("Password must be 8-128 characters");
+ }
+
+ const data = await readUsersFile();
+ if (data.users.some((u) => u.username.toLowerCase() === username)) {
+ throw new Error("Username already exists");
+ }
+
+ const now = new Date().toISOString();
+ const user: User = {
+ id: generateUserId(),
+ username,
+ displayName:
+ input.displayName?.trim() ||
+ username.charAt(0).toUpperCase() + username.slice(1),
+ passwordHash: hashPassword(password),
+ role: input.role ?? "user",
+ mustChangePassword: true,
+ permissions: { ...DEFAULT_PERMISSIONS, ...(input.permissions ?? {}) },
+ quotas: { ...DEFAULT_QUOTAS, ...(input.quotas ?? {}) },
+ telegramUserId: null,
+ createdAt: now,
+ lastLoginAt: null,
+ };
+
+ data.users.push(user);
+ await writeUsersFile(data);
+ return stripPasswordHash(user);
+}
+
+export interface UpdateUserInput {
+ displayName?: string;
+ role?: UserRole;
+ permissions?: Partial;
+ quotas?: Partial;
+ mustChangePassword?: boolean;
+ telegramUserId?: string | null;
+}
+
+export async function updateUser(
+ id: string,
+ input: UpdateUserInput
+): Promise {
+ await ensureInitialized();
+ const data = await readUsersFile();
+ const idx = data.users.findIndex((u) => u.id === id);
+ if (idx === -1) return null;
+
+ const user = data.users[idx];
+
+ if (input.displayName !== undefined)
+ user.displayName = input.displayName.trim();
+ if (input.role !== undefined) user.role = input.role;
+ if (input.mustChangePassword !== undefined)
+ user.mustChangePassword = input.mustChangePassword;
+ if (input.telegramUserId !== undefined)
+ user.telegramUserId = input.telegramUserId;
+ if (input.permissions)
+ user.permissions = { ...user.permissions, ...input.permissions };
+ if (input.quotas) user.quotas = { ...user.quotas, ...input.quotas };
+
+ data.users[idx] = user;
+ await writeUsersFile(data);
+ return stripPasswordHash(user);
+}
+
+export async function updateUserPassword(
+ id: string,
+ newPassword: string
+): Promise {
+ const password = newPassword.trim();
+ if (password.length < 8 || password.length > 128) {
+ throw new Error("Password must be 8-128 characters");
+ }
+
+ const data = await readUsersFile();
+ const idx = data.users.findIndex((u) => u.id === id);
+ if (idx === -1) return false;
+
+ data.users[idx].passwordHash = hashPassword(password);
+ data.users[idx].mustChangePassword = false;
+ await writeUsersFile(data);
+ return true;
+}
+
+export async function updateLastLogin(id: string): Promise {
+ const data = await readUsersFile();
+ const idx = data.users.findIndex((u) => u.id === id);
+ if (idx === -1) return;
+
+ data.users[idx].lastLoginAt = new Date().toISOString();
+ await writeUsersFile(data);
+}
+
+export async function deleteUser(id: string): Promise {
+ await ensureInitialized();
+ const data = await readUsersFile();
+ const idx = data.users.findIndex((u) => u.id === id);
+ if (idx === -1) return false;
+
+ const user = data.users[idx];
+
+ // Prevent deleting the last admin
+ if (user.role === "admin") {
+ const adminCount = data.users.filter((u) => u.role === "admin").length;
+ if (adminCount <= 1) {
+ throw new Error("Cannot delete the last admin user");
+ }
+ }
+
+ data.users.splice(idx, 1);
+ await writeUsersFile(data);
+ return true;
+}
+
+// ---------------------------------------------------------------------------
+// Utility
+// ---------------------------------------------------------------------------
+
+export async function countAdmins(): Promise {
+ await ensureInitialized();
+ const data = await readUsersFile();
+ return data.users.filter((u) => u.role === "admin").length;
+}
diff --git a/src/lib/tools/cron-tool.ts b/src/lib/tools/cron-tool.ts
index 7f4da48..87b8ed8 100644
--- a/src/lib/tools/cron-tool.ts
+++ b/src/lib/tools/cron-tool.ts
@@ -66,8 +66,7 @@ function json(value: unknown): string {
export function createCronTool(context: AgentContext) {
return tool({
- description:
- "Manage scheduled cron jobs for a project: status, list, add, update, remove, run, and run history.",
+ description: "Manage cron jobs (status/list/add/update/remove/run/runs).",
inputSchema: cronInputSchema,
execute: async (input) => {
try {
diff --git a/src/lib/tools/tool.ts b/src/lib/tools/tool.ts
index 7a0c2c5..f5ae6d7 100644
--- a/src/lib/tools/tool.ts
+++ b/src/lib/tools/tool.ts
@@ -372,24 +372,9 @@ export function createAgentTools(
): ToolSet {
const tools: ToolSet = {};
- // Response tool -- always present
- tools.response = tool({
- description:
- "Provide your final response to the user. Use this tool when you have the answer or have completed the task. The message will be displayed to the user as your response.",
- inputSchema: z.object({
- message: z
- .string()
- .describe("Your final response message to the user in markdown format"),
- }),
- execute: async ({ message }) => {
- return message;
- },
- });
-
// Project navigation tools
tools.list_projects = tool({
- description:
- "List all available projects. Use this when the user asks what projects exist, to browse projects, or before switching projects.",
+ description: "List all projects.",
inputSchema: z.object({}),
execute: async () => {
const projects = await getAllProjects();
@@ -411,8 +396,7 @@ export function createAgentTools(
});
tools.get_current_project = tool({
- description:
- "Get the currently active project context for this chat, including current folder path and work directory.",
+ description: "Get current project context (name, path, workDir).",
inputSchema: z.object({}),
execute: async () => {
if (!context.projectId) {
@@ -440,18 +424,17 @@ export function createAgentTools(
});
tools.switch_project = tool({
- description:
- "Switch chat context to another project by project ID or name. Use this when the user asks to move to another project.",
+ description: "Switch to another project by ID or name.",
inputSchema: z
.object({
project_id: z
.string()
.optional()
- .describe("Exact project ID to switch to"),
+ .describe("Project ID"),
project_name: z
.string()
.optional()
- .describe("Project name (exact or partial, case-insensitive)"),
+ .describe("Project name"),
})
.refine(
(value) => Boolean(value.project_id?.trim() || value.project_name?.trim()),
@@ -544,26 +527,13 @@ export function createAgentTools(
});
tools.create_project = tool({
- description:
- "Create a new project workspace. Use this when the user asks to create/add a new project, especially if no project exists yet.",
+ description: "Create a new project.",
inputSchema: z.object({
- name: z.string().describe("Project name (human-readable)"),
- description: z
- .string()
- .optional()
- .describe("Optional project description"),
- instructions: z
- .string()
- .optional()
- .describe("Optional default instructions for the agent in this project"),
- memory_mode: z
- .enum(["global", "isolated"])
- .optional()
- .describe("Project memory mode; default is isolated"),
- project_id: z
- .string()
- .optional()
- .describe("Optional custom project id; if taken, a unique suffix is added"),
+ name: z.string().describe("Project name"),
+ description: z.string().optional(),
+ instructions: z.string().optional(),
+ memory_mode: z.enum(["global", "isolated"]).optional(),
+ project_id: z.string().optional(),
}),
execute: async ({
name,
@@ -617,23 +587,17 @@ export function createAgentTools(
// Code execution tool
if (settings.codeExecution.enabled) {
tools.code_execution = tool({
- description:
- "Execute code in Python, Node.js, or Shell terminal. Use this to run scripts, install packages, manipulate files, perform calculations, or any task that requires code execution. The code runs in a persistent shell session.",
+ description: "Execute code in a persistent shell session.",
inputSchema: z.object({
runtime: z
- .enum(["python", "nodejs", "terminal"])
- .describe(
- "The runtime to use: 'python' for Python code, 'nodejs' for JavaScript/Node.js code, 'terminal' for shell commands"
- ),
+ .enum(["python", "nodejs", "terminal"]),
code: z
.string()
- .describe("The code to execute"),
+ .describe("Code to execute"),
session: z
.number()
.default(0)
- .describe(
- "Session ID (0-9). Use different sessions for parallel tasks. Default is 0."
- ),
+ .describe("Session ID (0-9), default 0"),
}),
execute: async ({ runtime, code, session }) => {
const normalizedCode = code.replace(/\r\n/g, "\n");
@@ -655,32 +619,12 @@ export function createAgentTools(
}
tools.read_text_file = tool({
- description:
- "Read a local UTF-8 text file (for example .txt, .md, .json, .csv, source code). Use this for file reading tasks instead of code_execution.",
+ description: "Read a local UTF-8 text file.",
inputSchema: z.object({
- file_path: z
- .string()
- .describe("Absolute path, or path relative to current project cwd."),
- start_line: z
- .number()
- .int()
- .min(1)
- .default(1)
- .describe("1-based line number to start reading from."),
- max_lines: z
- .number()
- .int()
- .min(1)
- .max(2000)
- .default(300)
- .describe("Maximum number of lines to return."),
- max_chars: z
- .number()
- .int()
- .min(200)
- .max(TEXT_FILE_READ_MAX_CHARS)
- .default(12000)
- .describe("Maximum number of characters to return."),
+ file_path: z.string().describe("File path (absolute or relative)"),
+ start_line: z.number().int().min(1).default(1),
+ max_lines: z.number().int().min(1).max(2000).default(300),
+ max_chars: z.number().int().min(200).max(TEXT_FILE_READ_MAX_CHARS).default(12000),
}),
execute: async ({ file_path, start_line, max_lines, max_chars }) => {
try {
@@ -737,18 +681,12 @@ export function createAgentTools(
tools.read_pdf_file = tool({
description:
- "Extract text from a local PDF file. Use this for reading PDF contents without Python.",
+ "Read text from a local PDF file.",
inputSchema: z.object({
file_path: z
.string()
- .describe("Absolute path, or path relative to current project cwd."),
- max_chars: z
- .number()
- .int()
- .min(200)
- .max(PDF_FILE_READ_MAX_CHARS)
- .default(15000)
- .describe("Maximum number of extracted text characters to return."),
+ .describe("File path"),
+ max_chars: z.number().int().min(200).max(PDF_FILE_READ_MAX_CHARS).default(15000),
}),
execute: async ({ file_path, max_chars }) => {
try {
@@ -791,18 +729,11 @@ export function createAgentTools(
tools.write_text_file = tool({
description:
- "Create or update a local UTF-8 text file. Use this for writing .md/.txt/.json/code files instead of code_execution.",
+ "Write or overwrite a local UTF-8 text file.",
inputSchema: z.object({
- file_path: z
- .string()
- .describe("Absolute path, or path relative to current project cwd."),
- content: z
- .string()
- .describe("Full UTF-8 text content to write."),
- overwrite: z
- .boolean()
- .default(true)
- .describe("Whether to overwrite existing file if it already exists."),
+ file_path: z.string().describe("File path"),
+ content: z.string().describe("File content"),
+ overwrite: z.boolean().default(true),
}),
execute: async ({ file_path, content, overwrite }) => {
try {
@@ -861,18 +792,13 @@ export function createAgentTools(
tools.copy_file = tool({
description:
- "Copy (duplicate) a local file from source_path to destination_path.",
+ "Copy a file.",
inputSchema: z.object({
source_path: z
.string()
- .describe("Source file path (absolute or relative to current project cwd)."),
- destination_path: z
- .string()
- .describe("Destination file path (absolute or relative to current project cwd)."),
- overwrite: z
- .boolean()
- .default(false)
- .describe("Whether to overwrite destination if it already exists."),
+ .describe("Source path"),
+ destination_path: z.string().describe("Destination path"),
+ overwrite: z.boolean().default(false),
}),
execute: async ({ source_path, destination_path, overwrite }) => {
try {
@@ -924,18 +850,14 @@ export function createAgentTools(
// Memory tools
if (settings.memory.enabled) {
tools.memory_save = tool({
- description:
- "Save important information to persistent memory. Use this to remember facts, user preferences, successful solutions, or any information that should persist across conversations.",
+ description: "Save information to persistent memory.",
inputSchema: z.object({
text: z
.string()
- .describe("The information to save to memory"),
+ .describe("Text to save"),
area: z
.enum(["main", "fragments", "solutions", "instruments"])
- .default("main")
- .describe(
- "Memory area: 'main' for general facts, 'fragments' for conversation snippets, 'solutions' for successful solutions, 'instruments' for tool descriptions"
- ),
+ .default("main"),
}),
execute: async ({ text, area }) => {
return memorySave(text, area, context.memorySubdir, settings);
@@ -943,16 +865,10 @@ export function createAgentTools(
});
tools.memory_load = tool({
- description:
- "Search persistent memory for relevant information. Use this to recall previously saved facts, solutions, or conversation context.",
+ description: "Search persistent memory.",
inputSchema: z.object({
- query: z
- .string()
- .describe("Search query to find relevant memories"),
- limit: z
- .number()
- .default(5)
- .describe("Maximum number of results to return"),
+ query: z.string(),
+ limit: z.number().default(5),
}),
execute: async ({ query, limit }) => {
return memoryLoad(query, limit, context.memorySubdir, settings);
@@ -960,12 +876,9 @@ export function createAgentTools(
});
tools.memory_delete = tool({
- description:
- "Delete specific entries from persistent memory.",
+ description: "Delete entries from persistent memory.",
inputSchema: z.object({
- query: z
- .string()
- .describe("Search query to find memories to delete"),
+ query: z.string(),
}),
execute: async ({ query }) => {
return memoryDelete(query, context.memorySubdir, settings);
@@ -975,16 +888,10 @@ export function createAgentTools(
// Knowledge query tool
tools.knowledge_query = tool({
- description:
- "Search the knowledge base (uploaded documents) for relevant information using semantic search. Use this when you need information from the project's documents.",
+ description: "Search uploaded documents (knowledge base).",
inputSchema: z.object({
- query: z
- .string()
- .describe("The search query to find relevant documents"),
- limit: z
- .number()
- .default(5)
- .describe("Maximum number of document chunks to return"),
+ query: z.string(),
+ limit: z.number().default(5),
}),
execute: async ({ query, limit }) => {
return knowledgeQuery(query, limit, context.knowledgeSubdirs, settings);
@@ -994,16 +901,10 @@ export function createAgentTools(
// Search engine tool
if (settings.search.enabled && settings.search.provider !== "none") {
tools.search_web = tool({
- description:
- "Search the internet for current information. Use this when you need up-to-date information, facts you're unsure about, or any web-based research.",
+ description: "Search the internet.",
inputSchema: z.object({
- query: z
- .string()
- .describe("The search query"),
- limit: z
- .number()
- .default(5)
- .describe("Maximum number of search results"),
+ query: z.string(),
+ limit: z.number().default(5),
}),
execute: async ({ query, limit }) => {
return searchWeb(query, limit, settings.search);
@@ -1014,16 +915,12 @@ export function createAgentTools(
const telegramRuntime = getTelegramRuntimeData(context);
if (telegramRuntime) {
tools.telegram_send_file = tool({
- description:
- "Send a local file to the current Telegram chat as a document. Use this when the user asks to send/download a file in Telegram.",
+ description: "Send a file to the current Telegram chat.",
inputSchema: z.object({
file_path: z
.string()
- .describe("Absolute path to the file, or path relative to current project cwd."),
- caption: z
- .string()
- .optional()
- .describe("Optional caption to include with the file."),
+ .describe("File path"),
+ caption: z.string().optional(),
}),
execute: async ({ file_path, caption }) => {
try {
@@ -1109,14 +1006,9 @@ export function createAgentTools(
// Load skill tool — load full instructions when model activates a project skill (Agent Skills integrate-skills)
if (context.projectId) {
tools.load_skill = tool({
- description:
- "Load the full instructions for a project skill. Call this when the user's task matches one of the available skills (see in context). Use the skill name exactly as listed. This returns SKILL.md plus a manifest of additional skill resource files; load specific files with load_skill_resource when needed.",
+ description: "Load full instructions for a project skill by name.",
inputSchema: z.object({
- skill_name: z
- .string()
- .describe(
- "Exact name of the skill to load (from , e.g. pdf-processing)"
- ),
+ skill_name: z.string().describe("Skill name"),
}),
execute: async ({ skill_name }) => {
const skill = await loadSkillInstructions(
@@ -1157,17 +1049,10 @@ export function createAgentTools(
});
tools.load_skill_resource = tool({
- description:
- "Load a single additional file from a project skill (for example from references/, scripts/, assets/, or another path listed by load_skill). Use this only after loading the skill and only for files relevant to the current task.",
+ description: "Load a resource file from a project skill.",
inputSchema: z.object({
- skill_name: z
- .string()
- .describe("Exact skill name (same value used for load_skill)."),
- relative_path: z
- .string()
- .describe(
- "Relative path inside the skill directory, e.g. references/examples.md or scripts/generate.py"
- ),
+ skill_name: z.string().describe("Skill name"),
+ relative_path: z.string().describe("Path relative to skill dir"),
}),
execute: async ({ skill_name, relative_path }) => {
const skill = await loadSkillInstructions(
@@ -1213,34 +1098,13 @@ export function createAgentTools(
});
tools.create_skill = tool({
- description:
- "Create a new skill in the current project. Use when the user asks to create, add, or write a skill. The skill will be saved in .meta/skills//SKILL.md following the Agent Skills specification. Skill name must be lowercase with hyphens (e.g. pdf-processing, code-review).",
+ description: "Create a new project skill (lowercase-hyphen name).",
inputSchema: z.object({
- skill_name: z
- .string()
- .describe(
- "Name of the skill: only lowercase letters, numbers, and hyphens; 1-64 chars; e.g. pdf-processing, api-conventions"
- ),
- description: z
- .string()
- .describe(
- "What the skill does and when to use it (1-1024 chars). Include keywords that help match user tasks."
- ),
- body: z
- .string()
- .describe(
- "Markdown instructions: steps, examples, edge cases. This is the content the agent will follow when the skill is activated."
- ),
- compatibility: z
- .string()
- .optional()
- .describe(
- "Optional. Environment requirements (e.g. 'Requires Python 3.10+', 'Designed for Node.js projects'). Max 500 chars."
- ),
- license: z
- .string()
- .optional()
- .describe("Optional. License name or reference (e.g. MIT, Apache-2.0)."),
+ skill_name: z.string().describe("lowercase-hyphen name"),
+ description: z.string().describe("What the skill does"),
+ body: z.string().describe("Markdown instructions"),
+ compatibility: z.string().optional(),
+ license: z.string().optional(),
}),
execute: async ({ skill_name, description, body, compatibility, license }) => {
const result = await createSkill(context.projectId!, {
@@ -1258,34 +1122,13 @@ export function createAgentTools(
});
tools.update_skill = tool({
- description:
- "Update an existing project's skill SKILL.md (frontmatter and/or body). Use this when the user asks to edit or revise an existing skill.",
+ description: "Update an existing project skill.",
inputSchema: z.object({
- skill_name: z
- .string()
- .describe("Exact name of the existing skill to update."),
- description: z
- .string()
- .optional()
- .describe(
- "Optional new skill description (what the skill does and when to use it)."
- ),
- body: z
- .string()
- .optional()
- .describe("Optional new markdown body/instructions for SKILL.md."),
- compatibility: z
- .string()
- .nullable()
- .optional()
- .describe(
- "Optional compatibility value. Use null to remove compatibility from frontmatter."
- ),
- license: z
- .string()
- .nullable()
- .optional()
- .describe("Optional license value. Use null to remove license from frontmatter."),
+ skill_name: z.string().describe("Skill name"),
+ description: z.string().optional(),
+ body: z.string().optional(),
+ compatibility: z.string().nullable().optional(),
+ license: z.string().nullable().optional(),
}),
execute: async ({ skill_name, description, body, compatibility, license }) => {
const payload: {
@@ -1309,8 +1152,7 @@ export function createAgentTools(
});
tools.delete_skill = tool({
- description:
- "Delete an existing skill directory from the current project. This permanently removes SKILL.md and all optional resources in that skill.",
+ description: "Delete a project skill.",
inputSchema: z.object({
skill_name: z.string().describe("Exact skill name to delete."),
confirm: z
@@ -1331,18 +1173,11 @@ export function createAgentTools(
});
tools.write_skill_file = tool({
- description:
- "Add an optional file to a project skill: scripts (e.g. scripts/extract.py), references (e.g. references/REFERENCE.md), or assets. Use when the user asks to add a script, reference doc, or asset to a skill. Only SKILL.md is required; everything else is optional and added with this tool when needed.",
+ description: "Write a file into a project skill directory (scripts/, references/, assets/).",
inputSchema: z.object({
- skill_name: z
- .string()
- .describe("Exact name of the skill (from or one you just created)"),
- relative_path: z
- .string()
- .describe(
- "Path relative to the skill directory, e.g. scripts/extract.py, references/REFERENCE.md, assets/template.json"
- ),
- content: z.string().describe("Full file content (code, markdown, or text)"),
+ skill_name: z.string().describe("Skill name"),
+ relative_path: z.string().describe("Path relative to skill dir"),
+ content: z.string().describe("File content"),
}),
execute: async ({ skill_name, relative_path, content }) => {
const result = await writeSkillFile(
@@ -1360,46 +1195,17 @@ export function createAgentTools(
});
tools.upsert_mcp_server = tool({
- description:
- "Create or update one MCP server entry in this project's .meta/mcp/servers.json. Use this when the user asks to add/edit MCP server settings.",
+ description: "Create or update an MCP server entry for this project.",
inputSchema: z
.object({
- id: z
- .string()
- .describe("MCP server id (for example firecrawl-mcp or my-http-server)."),
- transport: z
- .enum(["stdio", "http"])
- .describe("Transport type: stdio or http."),
- command: z
- .string()
- .nullable()
- .optional()
- .describe("Required for stdio transport: executable command."),
- args: z
- .array(z.string())
- .nullable()
- .optional()
- .describe("Optional command arguments for stdio transport."),
- env: z
- .record(z.string(), z.string())
- .nullable()
- .optional()
- .describe("Optional environment variables for stdio transport."),
- cwd: z
- .string()
- .nullable()
- .optional()
- .describe("Optional working directory for stdio transport."),
- url: z
- .string()
- .nullable()
- .optional()
- .describe("Required for http transport: MCP endpoint URL."),
- headers: z
- .record(z.string(), z.string())
- .nullable()
- .optional()
- .describe("Optional HTTP headers for http transport."),
+ id: z.string().describe("Server id"),
+ transport: z.enum(["stdio", "http"]),
+ command: z.string().nullable().optional().describe("stdio: executable"),
+ args: z.array(z.string()).nullable().optional(),
+ env: z.record(z.string(), z.string()).nullable().optional(),
+ cwd: z.string().nullable().optional(),
+ url: z.string().nullable().optional().describe("http: endpoint URL"),
+ headers: z.record(z.string(), z.string()).nullable().optional(),
})
.superRefine((value, ctx) => {
if (value.transport === "stdio" && !(value.command ?? "").trim()) {
@@ -1446,10 +1252,9 @@ export function createAgentTools(
});
tools.delete_mcp_server = tool({
- description:
- "Delete one MCP server entry from this project's .meta/mcp/servers.json.",
+ description: "Delete an MCP server entry from this project.",
inputSchema: z.object({
- server_id: z.string().describe("Exact MCP server id to delete."),
+ server_id: z.string().describe("Server id"),
}),
execute: async ({ server_id }) => {
const result = await deleteProjectMcpServer(context.projectId!, server_id);
@@ -1464,14 +1269,9 @@ export function createAgentTools(
// Call subordinate tool (only for agents below max depth)
if ((context.agentNumber ?? 0) < 3) {
tools.call_subordinate = tool({
- description:
- "Delegate a complex subtask to a subordinate agent. The subordinate has access to all tools and will complete the task independently. Use this for complex multi-step tasks that would benefit from focused attention.",
+ description: "Delegate a subtask to a subordinate agent.",
inputSchema: z.object({
- task: z
- .string()
- .describe(
- "Detailed description of the task to delegate. Include all necessary context."
- ),
+ task: z.string().describe("Task description with context"),
}),
execute: async ({ task }) => {
return callSubordinate(
diff --git a/src/lib/types.ts b/src/lib/types.ts
index 2c1b0ba..69c8d67 100644
--- a/src/lib/types.ts
+++ b/src/lib/types.ts
@@ -16,6 +16,7 @@ export interface ModelConfig {
export interface AppSettings {
chatModel: ModelConfig;
utilityModel: ModelConfig;
+ multimediaModel: ModelConfig;
embeddingsModel: {
provider: "openai" | "openrouter" | "google" | "ollama" | "custom" | "mock";
model: string;
@@ -83,6 +84,8 @@ export interface Chat {
id: string;
title: string;
projectId?: string;
+ /** Owner user ID — set on creation for per-user data isolation. */
+ userId?: string;
messages: ChatMessage[];
createdAt: string;
updatedAt: string;
@@ -92,6 +95,7 @@ export interface ChatListItem {
id: string;
title: string;
projectId?: string;
+ userId?: string;
createdAt: string;
updatedAt: string;
messageCount: number;
@@ -114,6 +118,10 @@ export interface Project {
description: string;
instructions: string;
memoryMode: "global" | "isolated";
+ /** Owner user ID — set on creation for per-user data isolation. */
+ ownerId?: string;
+ /** When true, all users can see this project (admin-created shared projects). */
+ isShared?: boolean;
createdAt: string;
updatedAt: string;
}
@@ -185,6 +193,7 @@ export interface KnowledgeFile {
export interface AgentConfig {
chatModel: ModelConfig;
utilityModel: ModelConfig;
+ multimediaModel: ModelConfig;
embeddingsModel: AppSettings["embeddingsModel"];
memorySubdir: string;
knowledgeSubdirs: string[];
diff --git a/src/prompts/system.md b/src/prompts/system.md
index 3a60efb..fd2d795 100644
--- a/src/prompts/system.md
+++ b/src/prompts/system.md
@@ -1,60 +1,16 @@
# Eggent Agent
-You are a powerful AI agent with access to tools that allow you to interact with the user's computer and the internet. You operate as an autonomous assistant capable of completing complex multi-step tasks.
-
-## Core Capabilities
-
-1. **Code Execution** - Execute Python, Node.js, and Shell commands in persistent terminal sessions
-2. **Persistent Memory** - Save and retrieve information across conversations using vector-based semantic memory
-3. **Knowledge Base** - Query uploaded documents using semantic search (RAG)
-4. **Web Search** - Search the internet for current information
-5. **Multi-Agent Delegation** - Delegate complex subtasks to subordinate agents
-6. **Cron Scheduling** - Create, update, run, and inspect scheduled jobs
-
-## Guidelines
-
-### Communication
-- Be direct, helpful, and concise
-- Use markdown formatting for readability
-- Include code blocks with language tags when sharing code
-- Explain your reasoning when performing complex tasks
-- Always use the **response** tool to provide your final answer
-
-### Code Execution
-- Use the **code_execution** tool to run code
-- Choose the appropriate runtime: `python` for data processing and scripting, `nodejs` for web/JS tasks, `terminal` for shell commands
-- Always handle errors and edge cases in your code
-- If Python fails with `ModuleNotFoundError`, install the missing dependency with `python3 -m pip install ` using `terminal`, then retry
-- For OS-level packages, use `sudo apt-get update && sudo apt-get install -y `
-- For file operations, prefer dedicated file tools (`read_text_file`, `read_pdf_file`, `write_text_file`, `copy_file`) over code execution
-- Use `code_execution` for file operations only as a fallback when dedicated tools cannot complete the task
-- Break complex tasks into smaller executable steps
-- Check output after each execution before proceeding
-- Do not use `sleep`, `at`, or background shell loops as a substitute for scheduled reminders/tasks; use the **cron** tool for scheduling
-
-### Memory Management
-- Save important facts, user preferences, and successful solutions to memory
-- Use `main` area for general knowledge and user info
-- Use `solutions` area for successful approaches to problems
-- Use `fragments` area for conversation context
-- Search memory before asking the user for information they may have provided before
-- Be selective — save information that will be useful in future conversations
-
-### Web Search
-- Use search when you need current information, facts you're unsure about, or technical documentation
-- Verify important claims before presenting them as facts
-- Cite sources when providing information from search results
-
-### Task Execution
-- Think step by step for complex tasks
-- Use tools iteratively — execute, check results, adjust
-- If a task is too complex, delegate parts to subordinate agents
-- Always verify the final result before responding
-
-## Important Rules
-
-1. **Always respond using the response tool** — this is how your answer gets to the user
-2. **Never fabricate information** — if unsure, search or say you don't know
-3. **Be cautious with destructive operations** — confirm before deleting files, modifying system configs, etc.
-4. **Respect privacy** — never access files or information outside the scope of the user's request
-5. **Handle errors gracefully** — if a tool fails, try an alternative approach
+You are a helpful AI assistant with tool access (code execution, memory, web search, file I/O, cron, multi-agent delegation).
+
+## Rules
+- **For simple questions** (greetings, general knowledge, opinions, translations) — answer directly, no tool calls.
+- Use tools only when genuinely needed. Aim for 1–2 tool calls max before responding.
+- Never chain tools unnecessarily — if one call answers the question, respond right after.
+- **Tool priority for information requests**: use `search_web` for current info (weather, news, prices, events). Do NOT use `code_execution` to fetch data that `search_web` can provide.
+- Do NOT use `code_execution` for questions you can answer from knowledge or via `search_web`.
+- For file operations, prefer `read_text_file`/`write_text_file`/`copy_file` over code execution.
+- If Python fails with `ModuleNotFoundError`, install via `python3 -m pip install ` in terminal, then retry.
+- Use the **cron** tool for scheduling; do not use `sleep`, `at`, or background loops.
+- Save important facts and preferences to memory for future reference.
+- Never fabricate information — search or say you don't know.
+- Be direct, concise, use markdown formatting.
diff --git a/src/prompts/tool-response.md b/src/prompts/tool-response.md
deleted file mode 100644
index 88f9d02..0000000
--- a/src/prompts/tool-response.md
+++ /dev/null
@@ -1,11 +0,0 @@
-# Response Tool
-
-Use this tool to provide your final response to the user.
-
-## Guidelines
-
-- Format your response using markdown
-- Be clear and concise
-- If you performed actions (code execution, file operations), summarize what was done and the results
-- If you encountered errors, explain what happened and suggest alternatives
-- Include relevant code snippets, links, or references as needed