feat: add send_file built-in tool to send files from sandbox to Telegram

.gitignore

@@ -7,4 +7,7 @@ rustfox.db*
 .worktrees/
 
 # Playwright config and cache
-.playwright/
+.playwright/
+
+# Opencode
+.opencode/package-lock.json

CLAUDE.md

@@ -191,7 +191,7 @@ tags: [tag1, tag2]     # optional: for organization
 2. The skill is auto-loaded at startup — no code changes needed
 3. Configure the skills directory in `config.toml`: `[skills] directory = "skills"`
 
-All skills are represented in the system prompt by **metadata only** (name + description). **Instruction skills** (no `model` in frontmatter) have their full content loaded by the agent via `read_skill_file(skill_name="...", relative_path="SKILL.md")` when relevant. **Subagent skills** (`model` set) are invoked via `invoke_subagent(skill="name", prompt="...")`. The orchestration skill teaches the agent when to call which subagent and when to override the model (e.g. `model="anthropic/claude-sonnet-4-6"` for thread-writer-hk).
+All skills are represented in the system prompt by **metadata only** (name + description). **Instruction skills** (no `model` in frontmatter) have their full content loaded by the agent via `read_skill_file(skill_name="...", relative_path="SKILL.md")` when relevant. **Subagent skills** (`model` set) are invoked via `invoke_agent(agent="name", prompt="...")`. The orchestration skill teaches the agent when to call which subagent and when to override the model (e.g. `model="anthropic/claude-sonnet-4-6"` for thread-writer-hk).
 
 **Subagent tool whitelist:** For subagent skills, the frontmatter `tools:` list must use the **exact** tool names as seen by the agent. MCP tools are named `mcp_{server_name}_{tool_name}` (e.g. `mcp_google-workspace_query_gmail_emails`). These names are logged at startup when MCP servers connect (`MCP server 'X' provides N tools`). A mismatch (e.g. declaring `search_gmail_messages` when the server exposes `query_gmail_emails`) causes the subagent to have no access to that tool.
 

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rustfox"
-version = "0.1.0"
+version = "1.0.1"
 edition = "2021"
 
 [dependencies]
@@ -55,9 +55,12 @@ pulldown-cmark = "0.12"
 # SQLite vector search extension
 sqlite-vec = "0.1"
 
-# Setup wizard web server (used only by src/bin/setup.rs)
+# Setup wizard web server (used by rustfox --setup)
 axum = "0.8"
 
+# Embed bundled skills/agents into the binary for cargo install
+include_dir = "0.7"
+
 # OCR (pure Rust, neural-network based)
 ocrs = "0.12"
 rten = { version = "0.24", features = ["rten_format"] }
@@ -75,7 +78,7 @@ infer = "0.19"
 # Base64 for vision API content parts and OAuth PKCE helpers
 base64 = "0.22"
 
-# OAuth 2.0 / PKCE helpers (used only by src/bin/setup.rs)
+# OAuth 2.0 / PKCE helpers (used by setup wizard)
 rand = "0.8"
 sha2 = "0.10"
 
@@ -84,5 +87,14 @@ regex = "1"
 
 # OS home-directory resolution for the persistent home dir (~/.rustfox)
 dirs = "5"
+
+[lib]
+name = "rustfox"
+path = "src/lib.rs"
+
+[[bin]]
+name = "rustfox"
+path = "src/main.rs"
+
 [dev-dependencies]
 tempfile = "3"

config.example.toml

@@ -11,7 +11,7 @@ allowed_user_ids = [123456789]
 # Get your API key from https://openrouter.ai/keys
 api_key = "YOUR_OPENROUTER_API_KEY"
 # Model to use (see https://openrouter.ai/models)
-model = "moonshotai/kimi-k2.5"
+model = "moonshotai/kimi-k2.6"
 # API base URL (usually no need to change)
 base_url = "https://openrouter.ai/api/v1"
 # Alternative using local ollama

docs/ARCHITECTURE.md

@@ -0,0 +1,103 @@
+# Architecture
+
+## Source Tree
+
+```
+src/
+├── main.rs           # Entry point, config loading, MCP setup, bot launch
+├── config.rs         # TOML config parsing (all sections)
+├── home.rs           # Persistent home directory resolution (~/.rustfox)
+├── agent.rs          # Agentic loop, tool dispatch, skills/agents layer
+├── agent_prompt.rs   # Prompt preparation, compaction, recovery nudges
+├── tools.rs          # Built-in tool definitions + sandbox path validation
+├── llm.rs            # OpenRouter API client with tool calling
+├── mcp.rs            # MCP client manager for external tool servers
+├── file_processor/   # File/attachment processing (OCR, vision, PDF, DOCX)
+├── memory/           # SQLite persistence, vector embeddings, RAG, summarizer
+├── scheduler/        # Cron/one-shot task scheduler with DB persistence
+├── skills/           # Skill loader, registry, embed/seeding, update engine
+├── learning.rs       # Post-task skill extraction, user model persistence
+├── langsmith.rs      # Optional LangSmith observability client
+├── supervisor/       # Autopilot v2 — autonomous task runner
+│   ├── mod.rs        # Facade (submit, execute_now, pause, resume, state)
+│   ├── task.rs       # Task, TaskType, RiskLevel enums
+│   ├── job.rs        # Job, JobType, JobStatus enums
+│   ├── state.rs      # Transition-allowed state machine
+│   ├── store.rs      # CRUD over sup_tasks / sup_jobs / sup_transitions
+│   ├── intake.rs     # Raw text → Task normalization
+│   ├── classifier.rs # Heuristic / LLM-backed / Skill-aware classifiers
+│   ├── policy.rs     # PolicyEngine — auto-execute, clarify, approve gates
+│   ├── planner.rs    # Task → Plan with parallel job groups
+│   ├── workflow.rs   # Fast / Standard / Rigorous workflow templates
+│   ├── orchestrator.rs  # Plan executor with fallback + parallel + subjobs
+│   ├── verification.rs  # Evidence-gated verification engine
+│   ├── artifact.rs   # ArtifactManager with secret redaction
+│   ├── workspace.rs  # Per-task git worktree management
+│   ├── reporter.rs   # Human-readable job summary
+│   ├── redact.rs     # Secret scrubber for api_key / password / token
+│   └── backend/      # Backends (reasoning, shell, MCP, claude-code, codex, script)
+├── platform/         # Telegram bot handler + tool notifier
+├── setup/            # Setup wizard (web + CLI) + service management
+└── utils/            # String utilities, markdown-to-entities conversion
+
+skills/               # Bundled skills (15+): code-interpreter, problem-solver,
+│                     #   soul, news-fetcher, sup-* workflow packs, etc.
+agents/               # Agent definitions (AGENT.md per agent)
+└── verifier/         # Zero-trust verifier (read-only sandbox)
+setup/                # Setup wizard HTML
+```
+
+## Data Flow
+
+```
+User ──Telegram──▶ bot.rs ──▶ Agent.process_message()
+                                   │
+                                   ▼
+                            LlmClient.chat()
+                            (OpenRouter API)
+                                   │
+                          ┌────────┴────────┐
+                          │                 │
+                     Tool call           Text reply
+                          │                 │
+                          ▼                 ▼
+                    execute_tool()     Telegram send
+                          │
+              ┌───────────┼───────────┐
+              ▼           ▼           ▼
+        Built-in      MCP tool   Skills/Agents
+        (tools.rs)   (mcp.rs)    (agent.rs)
+              │           │           │
+              └───────────┴───────────┘
+                          │
+                          ▼
+              Result appended to history
+                          │
+                          ▼
+                   Loop back to LLM
+                   (up to max_iterations)
+```
+
+## Key Components
+
+| Component | File | Role |
+|-----------|------|------|
+| **Agent** | `agent.rs` | Orchestrates the agentic loop: calls LLM, dispatches tools, manages conversation state |
+| **LlmClient** | `llm.rs` | Stateless HTTP client for OpenRouter `/chat/completions` with tool-calling support |
+| **McpManager** | `mcp.rs` | Manages stdio-based MCP child processes; tools namespaced `mcp_{server}_{tool}` |
+| **SkillRegistry** | `skills/mod.rs` | Loads and manages skills/agents from the home directory with compile-time embedded fallback |
+| **Memory** | `memory/` | SQLite-backed persistence, vector embeddings, hybrid search (FTS5 + vector), query rewriting, summarization |
+| **Scheduler** | `scheduler/` | Cron and one-shot task scheduler with DB persistence; supports add/remove/list at runtime |
+| **Supervisor** | `supervisor/` | Generic autonomous task runner: intake → classify → plan → execute → verify → report |
+| **FileProcessor** | `file_processor/` | Handles image OCR, vision API calls, PDF/DOCX text extraction |
+
+## Agentic Loop
+
+The core loop in `Agent::process_message()` (`agent.rs`):
+
+1. **Prepare** — Inject system prompt with skill/agent context, conversation history, and relevant RAG results
+2. **Call LLM** — Send to OpenRouter with available tool definitions
+3. **Check response type**:
+   - **Tool call(s)** → Execute each tool via `execute_tool()`, append results to conversation, check max iterations, goto step 2
+   - **Text response** → Send to user via Telegram, update conversation state, run post-task learning
+4. **Error recovery** — If LLM returns an error or malformed response, append recovery nudge and retry (up to max iterations)