June 24, 2026

Token hashing, Deno sandbox, provider timeouts, dock toast

Session tokens are now stored as sha256 hashes in SQLite, mirroring the wrapper-auth path

Session tokens are now stored as sha256 hashes in SQLite, mirroring the wrapper-auth path. Lookup and delete hash the raw token before querying, so a backup/snapshot leak yields hashes instead of live bearer tokens. MemoryStore still holds the raw token as its in-memory hot cache.

The code_eval sandbox was rebuilt as a lean Deno subprocess (~190 lines) replacing the old RestrictedPython + multiprocessing.spawn setup (~323 lines). Deno’s zero-permission-by-default model means no network, filesystem, or subprocess access from eval’d code. The result contract is preserved — exit 0/1 map cleanly — and the installer now downloads the Deno binary into ~/.local/bin automatically. Follow-up cleanup dropped an unused Mapping import and restored EOF newlines.

Provider calls are now bounded by a single PROVIDER_CALL_TIMEOUT_S enforced at each client’s HTTP boundary, since a Python thread blocked in a C-level syscall can’t be killed. Native timeouts surface as ProviderTimeoutError. Retry ownership moved up to MessageProcessor: providers make exactly one attempt, _send_with_retry resends the same request up to 3 times, respects the cancel event, fires a provider_retry WS notice before each autonomous resend, and raises ProviderRetriesExhaustedError on exhaustion. The old _call_bounded thread wrapper is gone; providers.send is now a thin router. A frontend provider_retry toast was added for dark + light themes.

All error surfaces — turn/provider failure, optimistic action-card failure, voice-recorder failure — collapse into a single closable themed dock toast above the compose box, sourced from session.errorMessage. The inline ErrorForm component, the ‘error’ conversation-form kind, replaceActWithError, the voice recError ref, and the .speech-form–error / .voice-rec-error styles are removed.

Compose drafts now restore from localStorage on reload/navigate/close, and a beforeunload warning fires when raw File attachments are pending upload (structurally non-persistable).

Contacts moved to their own data_graph kind=‘contact’ so contact retrieval no longer competes with general user_specific rows. The old unscoped top-N recall/fetch + post-filter approach could crowd a freshly-synced contact out of the top-5 window or truncate it behind alphabetically-earlier non-contact keys. Legacy rows self-heal on the next sync tick.

Schedule gains an update action implemented as cancel→create compose — no bespoke UPDATE path to maintain. The update policy was seeded to mirror create/cancel: allow in chat, deny in external_agent and subconscious.

Other: launcher’s run.sh resolves system python3 instead of requiring a project .venv, with core deps installed via pip install --user; the System nav group now expands sub-items via a shared template so Policies sub-contexts are reachable; README was refreshed for v1.0.0-beta with a dark-theme reasoning-loop hero, benchmark leaderboard card, website-funnel structure, and product-docs migration.

  • Session tokens now stored as sha256 hashes in auth_sessions; MemoryStore still holds the raw token as in-memory hot cache

  • code_eval rewritten as a Deno subprocess sandbox (~190 lines) with zero-permission defaults; installer downloads the Deno binary automatically

  • PROVIDER_CALL_TIMEOUT_S enforced at each client’s HTTP boundary; retry owned by MessageProcessor (up to 3 attempts, cancel-aware, provider_retry WS notice, ProviderRetriesExhaustedError on exhaustion)

  • All error surfaces collapsed into a single dock toast sourced from session.errorMessage; inline ErrorForm and .voice-rec-error styles removed

  • Compose text persisted to localStorage; beforeunload guard for unsent raw File attachments

  • Contacts moved to dedicated kind=‘contact’ in data_graph; legacy user_specific rows self-heal on next sync

  • Schedule update action = cancel→create compose; policy seeded (allow in chat, deny in external_agent/subconscious)

  • run.sh falls back to system python3 with pip install --user; System nav group expanded via shared template; README refreshed for v1.0.0-beta with dark-theme reasoning-loop hero and website-funnel structure