bryanjonas
diff --git a/‎.gitignore‎
Lines changed: 2 additions & 1 deletion b/‎.gitignore‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.gitleaks.toml‎
Lines changed: 12 additions & 0 deletions b/‎.gitleaks.toml‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎CLAUDE.md‎
Lines changed: 94 additions & 25 deletions b/‎CLAUDE.md‎
Lines changed: 94 additions & 25 deletions
@@ -25,7 +25,8 @@ memories/*.yaml
 superpowers/*.yaml
 !superpowers/example.yaml
 secrets/*.yaml
-!secrets/example.yaml
+secrets/*.env
+!secrets/example.env
 
 # Projects — only example.yaml is committed
 projects/*.yaml
 
@@ -11,3 +11,15 @@ commits = [
   "0dafcb4028f8c81cd4fa8bef9cb0f41d9f9430a5",
   "02a28b0c9fc2df3973a8951e082b684fbd73b726",
 ]
+
+[[rules]]
+id = "non-example-yaml-file"
+description = "Flag YAML files that are not named example.yaml"
+path = '''(?i)\.yaml$'''
+regex = '''(?s).+'''
+
+  [rules.allowlist]
+  description = "Allowlist example.yaml files"
+  paths = [
+    '''(^|/)example\.yaml$''',
+  ]
@@ -1,6 +1,6 @@
 # Bareclaw — CLAUDE.md
 
-Self-hosted AI agent platform. Local Ollama LLM (optional OpenAI) exposed via web UI, Telegram, webhooks, and cron jobs. Single asyncio event loop runs all subsystems concurrently.
+Self-hosted AI agent platform. Local Ollama LLM (optional OpenAI) exposed via web UI, Telegram, webhooks, and deterministic scheduled jobs. Single asyncio event loop runs all subsystems concurrently.
 
 ## Running
 
@@ -13,7 +13,28 @@ python main.py
 
 No test suite. Verify changes by running the app and exercising the affected interface.
 
-## Docker
+## Deployment
+
+### Systemd (bare-metal)
+
+Runs as a systemd user service — agents have direct access to the host filesystem within their configured workspace.
+
+```bash
+mkdir -p ~/.config/systemd/user
+cp bareclaw.service ~/.config/systemd/user/
+systemctl --user daemon-reload
+systemctl --user enable --now bareclaw
+journalctl --user -u bareclaw -f
+```
+
+To keep running at boot without a login session, a sudoer must run once:
+```bash
+sudo loginctl enable-linger bareclaw
+```
+
+### Docker
+
+Agent file access is limited to volumes explicitly mounted into the container. To expose additional host paths, add volume mounts to `docker-compose.yml` and update the agent's `workspace:`.
 
 ```bash
 mkdir -p workspace          # agent CLI sandbox (host-side)
@@ -44,13 +65,13 @@ main.py
   └── db.init_db()               # SQLite at data/bareclaw.db
   └── build clients from config.providers  # OllamaClient or OpenAIClient per provider
   └── build_app(config, clients) # FastAPI + WebSocket chat + dynamic webhook routes
-  └── scheduler (APScheduler)    # cron jobs → agent runs → optional Telegram notify
+  └── scheduler (APScheduler)    # cron jobs → project tasks or commands → optional Telegram notify
   └── telegram bot (optional)
 ```
 
 **Agentic loop** (`bareclaw/core/agent.py`): system prompt + messages → LLM → if tool_calls → dispatch → loop; capped by `max_iterations`.
 
-**Multi-provider LLM** (`bareclaw/core/llm.py`): `OllamaClient` and `OpenAIClient` both normalise to the same canonical message dict. `config.providers` is a named map; `main.py` builds one client per provider at startup. `agent.py` is provider-agnostic — it looks up `clients[agent.provider]` by id. Any number of Ollama instances, OpenAI-compatible servers (LM Studio, vLLM, llama.cpp), or the real OpenAI API can be configured simultaneously.
+**Multi-provider LLM** (`bareclaw/core/llm.py`): `OllamaClient` and `OpenAIClient` both normalise to the same canonical message dict. `config.providers` is a named map; `main.py` builds one client per provider at startup. `agent.py` is provider-agnostic — it looks up `clients[agent.provider]` by id. Any number of Ollama instances, OpenAI-compatible servers (LM Studio, vLLM, llama.cpp, OpenRouter.ai), or the real OpenAI API can be configured simultaneously.
 
 ## Key Files
 
@@ -61,13 +82,17 @@ main.py
 | `bareclaw/config.py` | Dataclass config loader |
 | `bareclaw/db.py` | SQLite schema + log helpers |
 | `bareclaw/core/llm.py` | OllamaClient + OpenAIClient |
-| `bareclaw/core/agent.py` | Agentic loop (`run_agent`, `run_agent_stream`) |
+| `bareclaw/core/agent.py` | Agentic loop (`run_agent`, `run_agent_stream`), system prompt building with auto-injection |
+| `bareclaw/core/task_runner.py` | Project task execution with auto-injection of project memories |
 | `bareclaw/core/tools.py` | Tool registry + schemas |
+| `bareclaw/core/memory.py` | Memory loading, keyword matching, read/write tools |
+| `bareclaw/core/superpowers.py` | Superpower loading, keyword matching, bootstrap interpolation |
+| `bareclaw/core/projects.py` | Project loading, keyword matching, task resolution, bootstrap interpolation |
 | `bareclaw/executor/cli.py` | `run_command` / `read_file` (workspace-sandboxed) |
 | `bareclaw/scheduler/jobs.py` | APScheduler cron dispatch |
 | `bareclaw/webhooks/handler.py` | Dynamic webhook route registration |
 | `bareclaw/telegram/bot.py` | Telegram bot + per-chat agent sessions |
-| `bareclaw/web/routes.py` | FastAPI routes + WebSocket chat |
+| `bareclaw/web/routes.py` | FastAPI routes + WebSocket chat + bootstrap endpoints |
 | `bareclaw/web/auth.py` | API key middleware (Bearer / cookie / WS query param) |
 
 ## Config-Driven Entities
@@ -94,12 +119,27 @@ max_iterations: 10
 ```yaml
 id: my-cron
 schedule: "0 * * * *"    # 5-field cron expression
-agent: my-agent
-command: "df -h"          # optional; output prepended to prompt
-prompt: "Analyse the above and alert if ..."
+project: my-project
+task: check-system
 notify_telegram: false
 ```
 
+Exactly one target must be defined per cron job:
+- `project` + `task` for a scheduled project task
+- `command` for an explicit shell command, optionally with `workspace` and `timeout`
+
+Command example:
+```yaml
+id: disk-check
+schedule: "0 * * * *"
+command: "df -h"
+workspace: ~/workspace
+timeout: 30
+notify_telegram: true
+```
+
+Project-task crons resolve the referenced task directly in Python and run that task prompt using `task.agent → project.agent → config.default_agent`. Command crons execute the configured shell command directly. Cron jobs do not self-call the HTTP API.
+
 ### Webhook (`webhooks_config/<id>.yaml`)
 ```yaml
 id: my-webhook
@@ -139,7 +179,7 @@ content: |
 
 Core module: `bareclaw/core/memory.py` — `load_all()`, `load_one()`, `find_relevant()`, `save()`
 
-## Superpowers (`superpowers/<id>.yaml` + `secrets/<id>.yaml`)
+## Superpowers (`superpowers/<id>.yaml` + `secrets/<id>.env`)
 
 Named external service capabilities bundling config, secrets, and an optional bootstrap prompt. Loaded fresh on each agent call.
 
@@ -160,27 +200,33 @@ bootstrap_prompt: |
 bootstrap_agent: default  # optional; defaults to app's default_agent
 ```
 
-**`secrets/<id>.yaml`** (always gitignored — flat key/value):
-```yaml
-token: "your-token-here"
+**`secrets/<id>.env`** (always gitignored — KEY=VALUE format):
+```dotenv
+token=your-token-here
 ```
-The filename must match the superpower `id`. Consider `chmod 600 secrets/<id>.yaml`.
+The filename must match the superpower `id`. Consider `chmod 600 secrets/<id>.env`.
 
-**Auto-injection**: `_build_system_content()` in `bareclaw/core/agent.py` keyword-matches user messages against all superpowers and appends matching ones (including secrets) to the system prompt under `## Available superpowers`.
+**Auto-injection**: `_build_system_content()` in `bareclaw/core/agent.py` keyword-matches user messages against all superpowers and appends matching ones to the system prompt under `## Available superpowers`. Config values are shown; secrets are represented as the file path + variable names only (values never enter LLM context). Example injection:
+```
+Credentials: source /path/to/secrets/homeassistant.env  # exports: token
+```
+The agent uses `run_command` to source the file: `source /path/to/secrets/homeassistant.env && curl -H "Authorization: Bearer $token" ...`
+
+**Bootstrap**: clicking "Bootstrap Memory" in the `/superpowers` UI POSTs to `/api/superpowers/{id}/bootstrap`. The server interpolates `{key}` placeholders in `bootstrap_prompt` with merged config+secrets values, then runs the bootstrap agent. The agent typically uses `run_command` (curl) + `write_memory` to document findings.
 
-**Bootstrap**: clicking Bootstrap in the `/superpowers` UI POSTs to `/api/superpowers/{id}/bootstrap`. The server interpolates `{key}` placeholders in `bootstrap_prompt` with merged config+secrets values, then runs the bootstrap agent. The agent typically uses `run_command` (curl) + `write_memory` to document findings.
+**Provider API keys** also use `.env` format — `secrets/<provider-id>.env` with `api_key=sk-...`. Loaded by Python at startup; the LLM never sees them.
 
 **Tools** (always available to all agents — no YAML config needed):
 - `list_superpowers` — returns id, name, description, keywords for all superpowers
-- `read_superpower(id)` — returns full config + secrets so the agent can use them
+- `read_superpower(id)` — returns config values + credentials file path and variable names
 
-`superpowers/example.yaml` and `secrets/example.yaml` are committed to git; all other files in both dirs are gitignored. Both dirs are mounted as volumes in Docker.
+`superpowers/example.yaml` and `secrets/example.env` are committed to git; all other files in both dirs are gitignored. Both dirs are mounted as volumes in Docker.
 
 Core module: `bareclaw/core/superpowers.py` — `load_all()`, `load_one()`, `find_relevant()`, `_load_secrets()`, `interpolate()`
 
 ## Projects (`projects/<id>.yaml`)
 
-Multi-component workflows the agent has explored and can execute. Each project defines named **tasks** — runnable prompts triggerable from the `/projects` UI or by agents via tools. Loaded fresh on each agent call (no restart needed). Safe to commit (no secrets).
+Multi-component workflows the agent has explored and can execute. Each project defines named **tasks** — runnable prompts triggerable from the `/projects` UI, by cron schedules, or by agents via tools. Loaded fresh on each agent call (no restart needed). Safe to commit (no secrets).
 
 ```yaml
 id: home-network-security
@@ -191,9 +237,9 @@ keywords:
   - pcap
   - network security
 agent: default              # default agent for tasks; falls back to config.default_agent
-memories:                   # related memory IDs shown in UI and injected into system prompt
-  - home-network-architecture
-  - pcap-pipeline-process
+memories:                   # auto-injected into task context when tasks execute
+  - home-network-security-runbook
+  - home-network-troubleshooting
 tasks:
   - id: run-pipeline
     name: "Run Pipeline"
@@ -206,19 +252,42 @@ tasks:
     prompt: |
       Check the security dashboard for anomalies in the last 24 hours.
     agent: ""               # optional per-task agent override
+bootstrap_prompt: |
+  You are bootstrapping the project "{name}" (ID: {id}).
+
+  Description: {description}
+
+  Available tasks: {tasks}
+
+  Your goal is to RUN these tasks and document practical operational knowledge.
+  Create a memory called '{id}-runbook' using write_memory with execution flow,
+  file locations, dependencies, timing, and troubleshooting tips.
+bootstrap_agent: ""         # optional; defaults to project.agent or config.default_agent
 ```
 
-**Auto-injection**: `_build_system_content()` keyword-matches user messages against all projects and appends matching ones under `## Relevant projects`, including task summaries and referenced memory IDs.
+**Auto-injection (chat context)**: `_build_system_content()` keyword-matches user messages against all projects and appends matching ones under `## Relevant projects`, including task summaries and referenced memory IDs.
+
+**Auto-injection (task execution)**: When a task runs via `run_project_task()` in `bareclaw/core/task_runner.py`, all memories listed in the project's `memories:` field are automatically loaded and injected into the task's user prompt under `## Project Knowledge`. This means:
+- Tasks always have access to the project's operational knowledge (runbooks, troubleshooting guides)
+- No need for agents to explicitly call `read_memory()`
+- Cron jobs get the same context as manual runs
+
+**Task execution**: clicking Run in the `/projects` UI POSTs to `/api/projects/{id}/tasks/{task_id}/run`. Cron jobs also resolve tasks by `project` + `task` and run the same prompt path. Agent resolved as `task.agent → project.agent → config.default_agent`.
+
+**Bootstrap**: clicking "Bootstrap Runbook" in the `/projects` UI POSTs to `/api/projects/{id}/bootstrap`. The server interpolates `{key}` placeholders in `bootstrap_prompt` (available: `{id}`, `{name}`, `{description}`, `{agent}`, `{memories}`, `{tasks}`) using `proj_mod.interpolate()`, then runs the bootstrap agent. The agent typically executes tasks using available tools and uses `write_memory` to create a `{id}-runbook` memory.
 
-**Task execution**: clicking Run in the `/projects` UI POSTs to `/api/projects/{id}/tasks/{task_id}/run`. Agent resolved as `task.agent → project.agent → config.default_agent`.
+The Bootstrap Runbook button:
+- Only appears if `bootstrap_prompt` is defined
+- Hides automatically once `memories/{id}-runbook.yaml` exists (checked via `proj_mod.has_runbook()`)
+- Reappears if the runbook memory is deleted
 
 **Tools** (always available to all agents — no YAML config needed):
 - `list_projects` — returns id, name, description for all projects
 - `read_project(id)` — returns full project details including tasks and prompts
 
 `projects/example.yaml` is the only project file committed to git; all others are gitignored.
 
-Core module: `bareclaw/core/projects.py` — `load_all()`, `load_one()`, `find_relevant()`
+Core module: `bareclaw/core/projects.py` — `load_all()`, `load_one()`, `load_task()`, `find_relevant()`, `interpolate()`, `has_runbook()`
 
 ## Adding a New Tool