feat: security hardening, transcription mode, 15 new features, Gradio UI

Security (12 fixes):
- SQL injection prevention in PRAGMA key (hex encoding + validation)
- Placeholder API keys in .env.example
- User ID spoofing protection with whitelist validation
- WebSocket message length limit (10k chars)
- CORS middleware with configurable origins
- Auth query param deprecation warning
- Rate limit memory leak fix + auth brute-force protection (5/min)
- Tool argument validation and type coercion
- Extended sensitive file blocklist (.pem, .key, .p12, id_rsa, etc.)
- Generic error messages (no exception type leakage)
- SQLite connection timeout
- Auth endpoint rate limiting

Transcription mode:
- "Jarvis transcribe this" → continuous speech capture to Apple Notes
- Timestamped chunks with punctuation restoration
- Basic speaker diarization (Speaker 1/2)
- Keepalive thread bypasses 10-min idle timeout
- Overlay shows transcription state with chunk counter

New features (15):
- Echo cancellation — mute wake listener during speak()
- Multilingual support — JARVIS_LANGUAGE env var
- Custom TTS — ElevenLabs integration with macOS say fallback
- Photos app tools (recent, search, albums, open)
- Focus mode tools (status, set DND/Work/Personal/Sleep)
- User-facing scheduler with SQLite persistence
- Web UI settings panel (language, voice, rate, jobs, automations)
- Automation rules engine (if-this-then-that API)
- Smart context awareness (time-of-day hints in system prompt)
- Terminal command output capture (run_in_terminal tool)
- Overlay transcription status (red pulsing orb, chunk count)
- Response streaming state in overlay
- Accessibility (skip link, ARIA roles, focus outlines)
- Gradio UI for HF Spaces (chat, voice, status, scheduler, settings)
- Settings + context REST APIs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.env.example

@@ -1,9 +1,9 @@
 # Claude API (optional — premium quality)
-ANTHROPIC_API_KEY=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
+ANTHROPIC_API_KEY=sk-ant-api03-YOUR-KEY-HERE
 
 # OpenRouter (optional key — free models work without it!)
 # Get a key at https://openrouter.ai/keys for access to paid models
-OPENROUTER_API_KEY=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
+OPENROUTER_API_KEY=sk-or-v1-YOUR-KEY-HERE
 OPENROUTER_MODEL=meta-llama/llama-3.1-8b-instruct:free
 
 # Ollama (local, free — install from https://ollama.ai)

Dockerfile

@@ -8,6 +8,7 @@ RUN pip install --no-cache-dir -r requirements-server.txt
 COPY . .
 
 ENV PORT=7860
+ENV GRADIO_SERVER_PORT=7860
 EXPOSE 7860
 
 CMD ["python", "server.py"]

gradio_app.py

@@ -0,0 +1,290 @@
+"""JARVIS Gradio UI — primary interface for HF Spaces deployment.
+
+Provides:
+  - Chat interface with streaming responses
+  - Audio input (mic → transcription → response → TTS playback)
+  - Settings panel (language, TTS, backend selection)
+  - Tools status, scheduler, automation rules viewer
+  - Responsive mobile-friendly layout
+
+Mounts on the existing FastAPI app at /gradio (or / on HF Spaces).
+"""
+
+import os
+import json
+import httpx
+import gradio as gr
+
+JARVIS_URL = os.getenv("JARVIS_URL", "http://localhost:8000")
+_AUTH_TOKEN = os.getenv("JARVIS_AUTH_TOKEN", "")
+
+
+def _headers():
+    h = {"Content-Type": "application/json"}
+    if _AUTH_TOKEN:
+        h["Authorization"] = f"Bearer {_AUTH_TOKEN}"
+    return h
+
+
+def _ask(message: str, history: list) -> str:
+    """Send a message to the JARVIS API and get a response."""
+    try:
+        resp = httpx.post(
+            f"{JARVIS_URL}/api/ask",
+            json={"message": message},
+            headers=_headers(),
+            timeout=60,
+        )
+        data = resp.json()
+        return data.get("response", data.get("error", "No response"))
+    except httpx.ConnectError:
+        return "Cannot connect to JARVIS server. Is it running?"
+    except Exception as e:
+        return f"Error: {e}"
+
+
+def _ask_with_audio(audio_path: str, history: list) -> tuple[str, str | None]:
+    """Process audio input: transcribe → ask JARVIS → return text + optional TTS audio."""
+    if not audio_path:
+        return "No audio received.", None
+
+    # Use Whisper via the server (or local) to transcribe
+    # For HF Spaces, we send the audio to the server's /api/ask endpoint
+    # The server handles transcription internally
+    try:
+        # Read and transcribe audio using Whisper
+        import numpy as np
+        try:
+            from mlx_whisper import transcribe
+            import soundfile as sf
+            audio_data, sr = sf.read(audio_path)
+            if len(audio_data.shape) > 1:
+                audio_data = audio_data.mean(axis=1)
+            if sr != 16000:
+                # Simple resample
+                ratio = 16000 / sr
+                indices = np.arange(0, len(audio_data), 1 / ratio).astype(int)
+                indices = indices[indices < len(audio_data)]
+                audio_data = audio_data[indices]
+            audio_data = audio_data.astype(np.float32)
+            result = transcribe(
+                audio_data,
+                path_or_hf_repo=os.getenv("JARVIS_LOCAL_WAKE_MODEL", "mlx-community/whisper-small-mlx"),
+                verbose=False,
+                language=os.getenv("JARVIS_LANGUAGE", "en"),
+            )
+            text = (result.get("text") or "").strip()
+        except ImportError:
+            # No local Whisper — use Google Speech Recognition as fallback
+            import speech_recognition as sr_lib
+            recognizer = sr_lib.Recognizer()
+            with sr_lib.AudioFile(audio_path) as source:
+                audio = recognizer.record(source)
+            text = recognizer.recognize_google(audio)
+
+        if not text:
+            return "Could not understand the audio.", None
+
+        # Send transcribed text to JARVIS
+        response = _ask(text, history)
+        return f"**You said:** {text}\n\n{response}", None
+
+    except Exception as e:
+        return f"Audio processing error: {e}", None
+
+
+def _get_status() -> str:
+    """Get JARVIS system status."""
+    try:
+        resp = httpx.get(f"{JARVIS_URL}/api/status", headers=_headers(), timeout=5)
+        data = resp.json()
+        status = data.get("status", "unknown")
+        backend = data.get("backend", "unknown")
+        tools = data.get("tools", [])
+        return (
+            f"**Status:** {status}\n"
+            f"**Active Backend:** {backend}\n"
+            f"**Available Backends:** {', '.join(data.get('backends', []))}\n"
+            f"**Tools Loaded:** {len(tools)}\n"
+            f"**STM:** {'Active' if data.get('stm') else 'Off'}\n"
+            f"**AutoTune:** {'Active' if data.get('autotune') else 'Off'}"
+        )
+    except Exception as e:
+        return f"Cannot reach JARVIS server: {e}"
+
+
+def _get_settings() -> dict:
+    """Fetch current settings."""
+    try:
+        resp = httpx.get(f"{JARVIS_URL}/api/settings", headers=_headers(), timeout=5)
+        return resp.json()
+    except Exception:
+        return {}
+
+
+def _get_scheduled_jobs() -> str:
+    """Get scheduled jobs as formatted text."""
+    try:
+        resp = httpx.get(f"{JARVIS_URL}/api/scheduler/jobs", headers=_headers(), timeout=5)
+        jobs = resp.json().get("jobs", [])
+        if not jobs:
+            return "No scheduled jobs."
+        lines = []
+        for j in jobs:
+            time_info = f"@ {j['run_at']}" if j.get("run_at") else f"every {j['interval_seconds']}s"
+            status = "enabled" if j.get("enabled") else "disabled"
+            lines.append(f"- **{j['name']}**: `{j['command']}` ({time_info}, {status})")
+        return "\n".join(lines)
+    except Exception as e:
+        return f"Error loading jobs: {e}"
+
+
+def _add_job(name: str, command: str, run_at: str) -> str:
+    """Add a scheduled job."""
+    if not name or not command:
+        return "Name and command are required."
+    try:
+        resp = httpx.post(
+            f"{JARVIS_URL}/api/scheduler/jobs",
+            json={"name": name, "command": command, "run_at": run_at, "repeat_daily": bool(run_at)},
+            headers=_headers(),
+            timeout=5,
+        )
+        return f"Job '{name}' scheduled."
+    except Exception as e:
+        return f"Error: {e}"
+
+
+def _get_context() -> str:
+    """Get smart context."""
+    try:
+        resp = httpx.get(f"{JARVIS_URL}/api/context", headers=_headers(), timeout=5)
+        data = resp.json()
+        ctx = (
+            f"**Time:** {data.get('date', '')} — {data.get('time_of_day', '')}\n"
+            f"**Timestamp:** {data.get('timestamp', '')}\n"
+        )
+        if data.get("location"):
+            ctx += f"**Location:** {data['location']['lat']:.4f}, {data['location']['lon']:.4f}\n"
+        if data.get("active_work_session"):
+            ctx += f"**Active Work Session:** {data['active_work_session']}\n"
+        return ctx
+    except Exception as e:
+        return f"Error: {e}"
+
+
+# ── Build the Gradio Interface ───────────────────────────────────
+
+with gr.Blocks(title="J.A.R.V.I.S.") as demo:
+    gr.Markdown(
+        "# J.A.R.V.I.S.\n"
+        "*Just A Rather Very Intelligent System*"
+    )
+
+    with gr.Tabs():
+        # ── Chat Tab ──
+        with gr.Tab("Chat", id="chat"):
+            chatbot = gr.Chatbot(
+                label="JARVIS",
+                height=450,
+            )
+            with gr.Row():
+                msg_input = gr.Textbox(
+                    placeholder="Talk to JARVIS...",
+                    show_label=False,
+                    scale=8,
+                    container=False,
+                )
+                send_btn = gr.Button("Send", variant="primary", scale=1)
+
+            with gr.Accordion("Voice Input", open=False):
+                audio_input = gr.Audio(
+                    sources=["microphone"],
+                    type="filepath",
+                    label="Speak to JARVIS",
+                )
+                voice_output = gr.Markdown(label="Response")
+
+            def chat_respond(message, history):
+                if not message:
+                    return history, ""
+                history = history + [{"role": "user", "content": message}]
+                response = _ask(message, history)
+                history = history + [{"role": "assistant", "content": response}]
+                return history, ""
+
+            def voice_respond(audio, history):
+                if audio is None:
+                    return "No audio recorded."
+                response, _ = _ask_with_audio(audio, history)
+                return response
+
+            send_btn.click(chat_respond, [msg_input, chatbot], [chatbot, msg_input])
+            msg_input.submit(chat_respond, [msg_input, chatbot], [chatbot, msg_input])
+            audio_input.stop_recording(voice_respond, [audio_input, chatbot], [voice_output])
+
+        # ── Status Tab ──
+        with gr.Tab("Status", id="status"):
+            status_display = gr.Markdown(value="Click Refresh to load status.")
+            context_display = gr.Markdown(value="")
+            refresh_btn = gr.Button("Refresh", variant="secondary")
+
+            def refresh_status():
+                return _get_status(), _get_context()
+
+            refresh_btn.click(refresh_status, [], [status_display, context_display])
+
+        # ── Scheduler Tab ──
+        with gr.Tab("Scheduler", id="scheduler"):
+            jobs_display = gr.Markdown(value="Click Refresh to load jobs.")
+            refresh_jobs_btn = gr.Button("Refresh Jobs", variant="secondary")
+            refresh_jobs_btn.click(lambda: _get_scheduled_jobs(), [], [jobs_display])
+
+            gr.Markdown("### Add New Job")
+            with gr.Row():
+                job_name = gr.Textbox(label="Job Name", placeholder="Morning briefing")
+                job_cmd = gr.Textbox(label="Command", placeholder="What's on my calendar today?")
+                job_time = gr.Textbox(label="Time (HH:MM)", placeholder="09:00")
+            add_job_btn = gr.Button("Add Job", variant="primary")
+            add_result = gr.Markdown()
+            add_job_btn.click(_add_job, [job_name, job_cmd, job_time], [add_result])
+
+        # ── Settings Tab ──
+        with gr.Tab("Settings", id="settings"):
+            gr.Markdown("### Configuration")
+            with gr.Row():
+                lang_select = gr.Dropdown(
+                    choices=["en", "es", "fr", "de", "it", "pt", "ja", "ko", "zh", "hi", "ar"],
+                    value="en",
+                    label="Language",
+                )
+                tts_select = gr.Dropdown(
+                    choices=["Daniel", "Samantha", "Alex", "Karen", "Moira", "Tessa"],
+                    value="Daniel",
+                    label="TTS Voice",
+                )
+                rate_slider = gr.Slider(
+                    minimum=120, maximum=250, value=180, step=5,
+                    label="Speech Rate (WPM)",
+                )
+
+            gr.Markdown(
+                "### Environment Variables\n"
+                "These settings are configured via `.env` file or environment variables:\n"
+                "- `JARVIS_LANGUAGE` — Speech recognition language\n"
+                "- `JARVIS_TTS_BACKEND` — `say` (macOS) or `elevenlabs`\n"
+                "- `JARVIS_TTS_VOICE` — Voice name for macOS `say`\n"
+                "- `ELEVENLABS_API_KEY` — For premium TTS\n"
+                "- `JARVIS_CORS_ORIGINS` — Allowed CORS origins\n"
+                "- `JARVIS_ALLOWED_USERS` — Whitelisted user IDs\n"
+            )
+
+
+def create_gradio_app():
+    """Return the Gradio Blocks instance for mounting on FastAPI."""
+    return demo
+
+
+# Allow running standalone for development
+if __name__ == "__main__":
+    demo.launch(server_port=7861)

jarvis_listener.py

@@ -67,6 +67,17 @@ WAKE_PHRASES = ["jarvis", "hey jarvis", "okay jarvis", "yo jarvis", "hey j a r v
 COMMAND_MIN_ENERGY = 120
 COMMAND_MAX_ENERGY = 400
 IDLE_QUIT_MINUTES = int(os.getenv("JARVIS_IDLE_QUIT_MINUTES", "10"))
+
+# ─── Language & TTS Configuration ────────────────
+JARVIS_LANGUAGE = os.getenv("JARVIS_LANGUAGE", "en").strip().lower()
+JARVIS_TTS_BACKEND = os.getenv("JARVIS_TTS_BACKEND", "say").strip().lower()  # say, elevenlabs
+JARVIS_TTS_VOICE = os.getenv("JARVIS_TTS_VOICE", "Daniel").strip()
+JARVIS_TTS_RATE = int(os.getenv("JARVIS_TTS_RATE", "180"))
+ELEVENLABS_API_KEY = os.getenv("ELEVENLABS_API_KEY", "").strip()
+ELEVENLABS_VOICE_ID = os.getenv("ELEVENLABS_VOICE_ID", "").strip()
+
+# Echo cancellation — track when JARVIS is speaking to mute mic input
+_speaking = threading.Event()
 ENABLE_CLAP_DETECTION = os.getenv("JARVIS_ENABLE_CLAP", "1").strip().lower() in {"1", "true", "yes", "on"}
 
 
@@ -77,6 +88,49 @@ wake_pause_event = threading.Event()
 _last_activity = time.time()
 _idle_quit_disabled = False
 
+# ─── Transcription Mode ──────────────────────────
+_transcribing = False
+_transcribe_note_title = ""
+
+TRANSCRIBE_TRIGGER_PHRASES = {"transcribe this", "start transcribing", "transcribe",
+                              "transcribe this conversation", "start transcription"}
+TRANSCRIBE_STOP_PHRASES = {"stop transcribing", "stop transcribe", "jarvis stop transcribing",
+                           "stop the transcription", "end transcription", "stop transcription"}
+
+# Punctuation restoration patterns for transcription
+_PUNCT_RULES = [
+    # Capitalize first letter of each segment
+    (r'^([a-z])', lambda m: m.group(1).upper()),
+    # Add period at end if missing terminal punctuation
+    (r'([a-zA-Z])$', r'\1.'),
+    # Capitalize after period
+    (r'\.\s+([a-z])', lambda m: '. ' + m.group(1).upper()),
+    # Common speech patterns → punctuation
+    (r'\b(so|well|anyway|ok|okay|now|right)\b\s', lambda m: m.group(0).rstrip() + ', '),
+]
+
+
+def _restore_punctuation(text: str) -> str:
+    """Basic punctuation restoration for transcribed speech."""
+    if not text:
+        return text
+    for pattern, repl in _PUNCT_RULES:
+        text = re.sub(pattern, repl, text)
+    # Remove double periods
+    text = text.replace('..', '.')
+    return text.strip()
+
+
+def _estimate_speaker_change(prev_text: str, curr_text: str) -> bool:
+    """Simple heuristic to detect speaker changes between chunks.
+    Returns True if a speaker change is likely."""
+    if not prev_text or not curr_text:
+        return False
+    # If there's a question followed by a non-question, likely speaker change
+    prev_is_question = prev_text.rstrip().endswith('?')
+    # If tone/topic shifts significantly, might be a different speaker
+    return prev_is_question
+
 
 def touch_activity():
     """Update the last-activity timestamp. Called on every user interaction."""
@@ -320,7 +374,7 @@ def listen_for_command_local(timeout: int = 15, phrase_time_limit: int = 30, sil
         samples,
         path_or_hf_repo=LOCAL_WAKE_MODEL,
         verbose=False,
-        language="en",
+        language=JARVIS_LANGUAGE,
         condition_on_previous_text=False,
     )
     text = (result.get("text") or "").strip()
@@ -351,6 +405,224 @@ def listen_for_command_fallback() -> str:
     return text
 
 
+# ─── Transcription Mode ──────────────────────────
+
+def listen_for_transcription_chunk(phrase_time_limit: int = 60, silence_seconds: float = 2.0,
+                                    timeout: int = 120) -> str | None:
+    """Capture a transcription chunk optimized for continuous speech.
+
+    Unlike listen_for_command_local(), this uses:
+    - Longer phrase_time_limit (60s) to capture extended speech
+    - Longer silence threshold (2.0s) to handle natural conversation pauses
+    - Longer timeout (120s) to wait through lulls in conversation
+    - Less aggressive VAD (level 1) to avoid cutting off mid-sentence
+    """
+    try:
+        import numpy as np
+        import sounddevice as sd
+        import webrtcvad
+        from mlx_whisper import transcribe
+    except ImportError as exc:
+        log.warning(f"Transcription capture unavailable: {exc}")
+        return None
+
+    sample_rate = 16000
+    frame_ms = 30
+    frame_samples = int(sample_rate * frame_ms / 1000)
+    max_frames = int(phrase_time_limit * 1000 / frame_ms)
+    silence_frames_to_stop = int(silence_seconds * 1000 / frame_ms)
+    vad = webrtcvad.Vad(1)  # Less aggressive — avoid cutting mid-sentence
+    queue = []
+    queue_lock = threading.Lock()
+    audio_frames = []
+    silence_frames = 0
+
+    def push_audio(indata, frames, time_info, status):
+        with queue_lock:
+            queue.append(bytes(indata))
+
+    def pop_audio():
+        with queue_lock:
+            if queue:
+                return queue.pop(0)
+        return None
+
+    stream = None
+    for attempt in range(3):
+        try:
+            stream = sd.RawInputStream(
+                samplerate=sample_rate,
+                blocksize=frame_samples,
+                dtype="int16",
+                channels=1,
+                callback=push_audio,
+            )
+            break
+        except Exception as e:
+            log.warning(f"Transcription stream open attempt {attempt + 1}/3 failed: {e}")
+            time.sleep(0.3)
+
+    if stream is None:
+        log.error("Could not open audio stream for transcription")
+        return None
+
+    try:
+        with stream:
+            time.sleep(0.2)
+            with queue_lock:
+                queue.clear()
+
+            deadline = time.time() + timeout
+
+            while True:
+                frame = pop_audio()
+                if frame is None:
+                    if not audio_frames and time.time() >= deadline:
+                        return None  # No speech during timeout — just return None
+                    time.sleep(0.01)
+                    continue
+
+                is_speech = vad.is_speech(frame, sample_rate)
+                if is_speech:
+                    audio_frames.append(frame)
+                    silence_frames = 0
+                    continue
+
+                if audio_frames:
+                    audio_frames.append(frame)
+                    silence_frames += 1
+
+                if not audio_frames:
+                    continue
+
+                if len(audio_frames) >= max_frames or silence_frames >= silence_frames_to_stop:
+                    break
+
+        if not audio_frames:
+            return None
+
+        segment = b"".join(audio_frames)
+        samples = np.frombuffer(segment, dtype=np.int16).astype(np.float32) / 32768.0
+        result = transcribe(
+            samples,
+            path_or_hf_repo=LOCAL_WAKE_MODEL,
+            verbose=False,
+            language=JARVIS_LANGUAGE,
+            condition_on_previous_text=False,
+        )
+        text = (result.get("text") or "").strip()
+        return text if text else None
+
+    except Exception as e:
+        log.warning(f"Transcription chunk error: {e}")
+        return None
+
+
+def run_transcription_mode():
+    """Run continuous transcription. Creates an Apple Note and appends speech chunks."""
+    global _transcribing, _transcribe_note_title
+    from datetime import datetime
+
+    try:
+        from overlay import set_state
+    except ImportError:
+        set_state = lambda *a, **kw: None
+
+    try:
+        from tools.app_automation import notes_create, notes_append
+    except ImportError:
+        speak("I can't access Notes right now, sir.")
+        return
+
+    # Create note with timestamp title
+    timestamp = datetime.now().strftime("%Y-%m-%d %H:%M")
+    _transcribe_note_title = f"JARVIS Transcription - {timestamp}"
+
+    notes_create(
+        title=_transcribe_note_title,
+        body=f"Transcription started at {timestamp}\n---"
+    )
+
+    speak("Transcription started. I'll capture everything and save it to Notes. "
+          "Say stop transcribing when you're done.")
+    notify("JARVIS — Transcribing", f"Note: {_transcribe_note_title}")
+
+    _transcribing = True
+    chunk_count = 0
+    prev_text = ""
+    speaker_num = 1
+    set_state("transcribing", transcript="Transcribing...", chunks=0)
+
+    # Keepalive thread — touch activity every 60s to bypass idle auto-quit
+    def _transcribe_keepalive():
+        while _transcribing:
+            touch_activity()
+            time.sleep(60)
+
+    keepalive_thread = threading.Thread(target=_transcribe_keepalive, daemon=True)
+    keepalive_thread.start()
+
+    try:
+        while _transcribing:
+            touch_activity()
+
+            text = listen_for_transcription_chunk()
+
+            if not text:
+                # No speech detected — loop back and keep listening
+                continue
+
+            touch_activity()
+
+            # Check for stop phrases
+            normalized = text.lower().strip().rstrip(".!?")
+            if any(stop in normalized for stop in TRANSCRIBE_STOP_PHRASES):
+                log.info(f"Transcription stop phrase detected: {text}")
+                break
+
+            # Restore punctuation
+            text = _restore_punctuation(text)
+
+            # Simple speaker diarization
+            if _estimate_speaker_change(prev_text, text):
+                speaker_num = 2 if speaker_num == 1 else 1
+
+            # Append to note with timestamp and speaker label
+            chunk_time = datetime.now().strftime("%H:%M:%S")
+            chunk_count += 1
+
+            notes_append(
+                title=_transcribe_note_title,
+                text=f"[{chunk_time}] Speaker {speaker_num}: {text}"
+            )
+
+            prev_text = text
+
+            # Update overlay with latest chunk
+            set_state("transcribing", transcript=text[:80], chunks=chunk_count)
+            log.info(f"Transcription chunk #{chunk_count}: {text[:100]}")
+
+    except Exception as e:
+        log.error(f"Transcription error: {e}")
+    finally:
+        _transcribing = False
+        set_state("idle")
+
+        # Append final summary
+        try:
+            end_time = datetime.now().strftime("%H:%M:%S")
+            notes_append(
+                title=_transcribe_note_title,
+                text=f"\n---\nTranscription ended at {end_time} ({chunk_count} segments captured)"
+            )
+        except Exception:
+            pass
+
+        speak(f"Transcription saved to Notes with {chunk_count} segments, sir.")
+        notify("JARVIS — Transcription Complete", f"{chunk_count} segments saved to Notes")
+        log.info(f"Transcription ended: {chunk_count} chunks saved to '{_transcribe_note_title}'")
+
+
 # ─── Audio Feedback ──────────────────────────────
 def chime():
     subprocess.Popen(["afplay", "/System/Library/Sounds/Tink.aiff"], stderr=subprocess.DEVNULL)
@@ -360,8 +632,45 @@ def speak(text):
     text = re.sub(r'```[\s\S]*?```', '', text)
     text = re.sub(r'[`*#\[\]]', '', text)
     text = text.strip()[:500]
-    if text:
-        subprocess.run(["say", "-v", "Daniel", "-r", "180", text], stderr=subprocess.DEVNULL)
+    if not text:
+        return
+
+    _speaking.set()  # Echo cancellation: signal that JARVIS is speaking
+    try:
+        if JARVIS_TTS_BACKEND == "elevenlabs" and ELEVENLABS_API_KEY:
+            _speak_elevenlabs(text)
+        else:
+            subprocess.run(
+                ["say", "-v", JARVIS_TTS_VOICE, "-r", str(JARVIS_TTS_RATE), text],
+                stderr=subprocess.DEVNULL,
+            )
+    finally:
+        time.sleep(0.3)  # Brief pause after speaking to avoid echo pickup
+        _speaking.clear()
+
+
+def _speak_elevenlabs(text):
+    """Speak using ElevenLabs TTS API (higher quality voices)."""
+    try:
+        resp = httpx.post(
+            f"https://api.elevenlabs.io/v1/text-to-speech/{ELEVENLABS_VOICE_ID}",
+            headers={"xi-api-key": ELEVENLABS_API_KEY, "Content-Type": "application/json"},
+            json={"text": text, "model_id": "eleven_monolingual_v1"},
+            timeout=15,
+        )
+        if resp.status_code == 200:
+            audio_path = os.path.join(JARVIS_DIR, ".jarvis_tts.mp3")
+            with open(audio_path, "wb") as f:
+                f.write(resp.content)
+            subprocess.run(["afplay", audio_path], stderr=subprocess.DEVNULL)
+        else:
+            log.warning(f"ElevenLabs TTS failed ({resp.status_code}), falling back to macOS say")
+            subprocess.run(["say", "-v", JARVIS_TTS_VOICE, "-r", str(JARVIS_TTS_RATE), text],
+                           stderr=subprocess.DEVNULL)
+    except Exception as e:
+        log.warning(f"ElevenLabs error: {e}, falling back to macOS say")
+        subprocess.run(["say", "-v", JARVIS_TTS_VOICE, "-r", str(JARVIS_TTS_RATE), text],
+                       stderr=subprocess.DEVNULL)
 
 
 def notify(title, msg):
@@ -610,6 +919,13 @@ def handle_activation(command_text=None):
         while True:
             touch_activity()
 
+            # Check if user wants to start transcription mode
+            normalized_cmd = command_text.lower().strip().rstrip(".!?")
+            if any(trigger in normalized_cmd for trigger in TRANSCRIBE_TRIGGER_PHRASES):
+                log.info(f"Transcription mode triggered: {command_text}")
+                run_transcription_mode()
+                break  # Return to idle after transcription ends
+
             # Check if user wants to end conversation
             if command_text.lower().strip().rstrip(".!") in EXIT_PHRASES:
                 speak("Standing by, sir. Mic is off.")
@@ -787,6 +1103,12 @@ def start_local_wake_listener():
                 diag_max_amp = 0
                 diag_last_report = now
 
+            # Echo cancellation: skip audio while JARVIS is speaking
+            if _speaking.is_set():
+                audio_frames.clear()
+                silence_frames = 0
+                continue
+
             is_speech = vad.is_speech(frame, sample_rate)
             if is_speech:
                 diag_speech_count += 1
@@ -819,7 +1141,7 @@ def start_local_wake_listener():
                         samples,
                         path_or_hf_repo=LOCAL_WAKE_MODEL,
                         verbose=False,
-                        language="en",
+                        language=JARVIS_LANGUAGE,
                         condition_on_previous_text=False,
                     )
                 except Exception as e:

memory.py

@@ -1,6 +1,7 @@
 """JARVIS Memory System — persistent SQLite-backed memory with cloud sync."""
 
 import os
+import re
 import sqlite3
 import json
 import asyncio
@@ -16,14 +17,21 @@ DB_PATH = Path(__file__).parent / "jarvis_memory.db"
 # Encryption key from environment (optional — if not set, no encryption)
 _ENCRYPTION_KEY = os.environ.get("JARVIS_DB_KEY", "")
 
+# Validate encryption key at startup — reject unsafe characters to prevent SQL injection
+if _ENCRYPTION_KEY and not re.match(r'^[a-zA-Z0-9_\-+=/.]+$', _ENCRYPTION_KEY):
+    _log.error("JARVIS_DB_KEY contains unsafe characters. Only alphanumeric, _, -, +, =, /, . allowed.")
+    raise SystemExit("Invalid JARVIS_DB_KEY — contains unsafe characters")
+
 
 def get_db():
-    conn = sqlite3.connect(str(DB_PATH))
+    conn = sqlite3.connect(str(DB_PATH), timeout=10)
     conn.row_factory = sqlite3.Row
     conn.execute("PRAGMA journal_mode=WAL")
     if _ENCRYPTION_KEY:
         try:
-            conn.execute(f"PRAGMA key='{_ENCRYPTION_KEY}'")
+            # Use hex-encoded key to avoid SQL injection via single quotes
+            hex_key = _ENCRYPTION_KEY.encode().hex()
+            conn.execute(f"PRAGMA key=\"x'{hex_key}'\"")
         except Exception:
             pass  # Standard sqlite3 doesn't support PRAGMA key
     return conn

overlay.py

@@ -85,6 +85,12 @@ body {
     box-shadow: 0 0 40px rgba(0,230,118,0.4);
 }
 
+.orb.transcribing {
+    animation: orbPulse 2s ease-in-out infinite;
+    background: radial-gradient(circle, rgba(255,0,100,0.9) 0%, rgba(200,0,80,0.6) 50%, transparent 70%);
+    box-shadow: 0 0 40px rgba(255,0,100,0.4);
+}
+
 @keyframes orbPulse {
     0%,100% { transform: scale(1); }
     50% { transform: scale(1.15); }
@@ -165,6 +171,14 @@ body {
     text-transform: uppercase;
 }
 
+.chunk-count {
+    text-align: center;
+    font-size: 12px;
+    color: rgba(255,0,100,0.8);
+    margin-top: 6px;
+    font-weight: 600;
+}
+
 .hidden { display: none; }
 </style>
 </head>
@@ -181,6 +195,7 @@ body {
     </div>
     <div class="transcript" id="transcript">Listening...</div>
     <div class="response hidden" id="response"></div>
+    <div class="chunk-count hidden" id="chunkCount"></div>
     <div class="status" id="status">J.A.R.V.I.S.</div>
 </div>
 
@@ -201,6 +216,7 @@ body {
         const transcript = document.getElementById('transcript');
         const response = document.getElementById('response');
         const status = document.getElementById('status');
+        const chunkCount = document.getElementById('chunkCount');
 
         orb.className = 'orb ' + data.state;
 
@@ -208,18 +224,28 @@ body {
             wave.className = 'waveform active';
             transcript.textContent = data.transcript || 'Listening...';
             response.className = 'response hidden';
+            chunkCount.className = 'chunk-count hidden';
             status.textContent = 'J.A.R.V.I.S.';
         } else if (data.state === 'thinking') {
             wave.className = 'waveform';
             transcript.textContent = data.transcript || '';
             response.className = 'response hidden';
+            chunkCount.className = 'chunk-count hidden';
             status.textContent = 'PROCESSING';
         } else if (data.state === 'speaking') {
             wave.className = 'waveform';
             transcript.textContent = data.transcript || '';
             response.className = 'response';
             response.textContent = data.response || '';
+            chunkCount.className = 'chunk-count hidden';
             status.textContent = 'J.A.R.V.I.S.';
+        } else if (data.state === 'transcribing') {
+            wave.className = 'waveform active';
+            transcript.textContent = data.transcript || 'Transcribing...';
+            response.className = 'response hidden';
+            chunkCount.className = 'chunk-count';
+            chunkCount.textContent = data.chunks ? data.chunks + ' segments captured' : '';
+            status.textContent = 'TRANSCRIBING — say "stop transcribing" to end';
         } else if (data.state === 'idle') {
             // Will be hidden by the app
         }
@@ -231,17 +257,19 @@ body {
 </html>"""
 
 # Shared state
-_state = {"state": "idle", "transcript": "", "response": ""}
+_state = {"state": "idle", "transcript": "", "response": "", "chunks": 0}
 _state_lock = threading.Lock()
 
 
-def set_state(state, transcript="", response=""):
+def set_state(state, transcript="", response="", chunks=0):
     with _state_lock:
         _state["state"] = state
         if transcript:
             _state["transcript"] = transcript
         if response:
             _state["response"] = response
+        if chunks:
+            _state["chunks"] = chunks
 
 
 def get_state():

requirements-server.txt

@@ -15,3 +15,6 @@ numpy<2.0.0
 motor>=3.3.0
 pymongo>=4.6.0
 paho-mqtt>=2.0.0
+gradio>=4.44.0
+SpeechRecognition>=3.10.0
+soundfile>=0.12.0

scheduler.py

@@ -2,20 +2,111 @@
 
 Runs as a background asyncio loop inside the server. Checks scheduled triggers
 every 60 seconds and fires notifications or actions when conditions are met.
+
+Supports:
+  - Built-in system jobs (calendar, tasks, routine)
+  - User-defined scheduled commands (persistent via SQLite)
+  - Cron-like scheduling: "every N minutes", specific times, intervals
 """
 
 import asyncio
+import json
 import logging
+import os
+import sqlite3
 import subprocess
 import platform
 from datetime import datetime, timezone, timedelta
+from pathlib import Path
 
 _log = logging.getLogger("jarvis.scheduler")
 
 # ── Scheduled Jobs Registry ──────────────────────────────────────
 _jobs: list[dict] = []
+_user_jobs: list[dict] = []  # User-defined persistent jobs
 _running = False
 
+_SCHEDULER_DB = Path(__file__).parent / "jarvis_scheduler.db"
+
+
+def _init_scheduler_db():
+    """Initialize scheduler database for persistent user jobs."""
+    conn = sqlite3.connect(str(_SCHEDULER_DB), timeout=10)
+    conn.row_factory = sqlite3.Row
+    conn.execute("""
+        CREATE TABLE IF NOT EXISTS scheduled_jobs (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            name TEXT NOT NULL,
+            command TEXT NOT NULL,
+            interval_seconds INTEGER DEFAULT 0,
+            run_at TEXT DEFAULT '',
+            repeat_daily INTEGER DEFAULT 0,
+            enabled INTEGER DEFAULT 1,
+            last_run TEXT DEFAULT '',
+            created_at TEXT DEFAULT (datetime('now'))
+        )
+    """)
+    conn.commit()
+    conn.close()
+
+
+def _load_user_jobs():
+    """Load user-defined jobs from database."""
+    global _user_jobs
+    try:
+        conn = sqlite3.connect(str(_SCHEDULER_DB), timeout=10)
+        conn.row_factory = sqlite3.Row
+        rows = conn.execute("SELECT * FROM scheduled_jobs WHERE enabled=1").fetchall()
+        conn.close()
+        _user_jobs = [dict(r) for r in rows]
+        _log.info(f"Loaded {len(_user_jobs)} user-defined scheduled job(s)")
+    except Exception as e:
+        _log.warning(f"Failed to load user jobs: {e}")
+
+
+def add_scheduled_job(name: str, command: str, interval_seconds: int = 0,
+                       run_at: str = "", repeat_daily: bool = False) -> dict:
+    """Add a user-defined scheduled job (persistent).
+
+    Args:
+        name: Human-readable job name (e.g., "Morning briefing")
+        command: JARVIS command to execute (e.g., "what's on my calendar today")
+        interval_seconds: Run every N seconds (0 = not interval-based)
+        run_at: Specific time to run (HH:MM format, e.g., "09:00")
+        repeat_daily: If True and run_at is set, run daily at that time
+    """
+    _init_scheduler_db()
+    conn = sqlite3.connect(str(_SCHEDULER_DB), timeout=10)
+    cur = conn.execute(
+        "INSERT INTO scheduled_jobs (name, command, interval_seconds, run_at, repeat_daily) VALUES (?,?,?,?,?)",
+        (name, command, interval_seconds, run_at, 1 if repeat_daily else 0),
+    )
+    job_id = cur.lastrowid
+    conn.commit()
+    conn.close()
+    _load_user_jobs()
+    return {"id": job_id, "name": name, "command": command, "status": "scheduled"}
+
+
+def remove_scheduled_job(job_id: int) -> bool:
+    """Remove a user-defined scheduled job."""
+    conn = sqlite3.connect(str(_SCHEDULER_DB), timeout=10)
+    conn.execute("DELETE FROM scheduled_jobs WHERE id=?", (job_id,))
+    conn.commit()
+    conn.close()
+    _load_user_jobs()
+    return True
+
+
+def list_scheduled_jobs() -> list[dict]:
+    """List all user-defined scheduled jobs."""
+    _init_scheduler_db()
+    conn = sqlite3.connect(str(_SCHEDULER_DB), timeout=10)
+    conn.row_factory = sqlite3.Row
+    rows = conn.execute("SELECT * FROM scheduled_jobs ORDER BY created_at DESC").fetchall()
+    conn.close()
+    return [dict(r) for r in rows]
+
 
 def register_job(name: str, interval_seconds: int, callback, enabled: bool = True):
     """Register a periodic job.
@@ -130,6 +221,87 @@ async def _check_routine():
 
 # ── Scheduler Loop ────────────────────────────────────────────────
 
+async def _run_user_command(command: str) -> str | None:
+    """Execute a user-scheduled command via the JARVIS API."""
+    try:
+        import httpx
+        jarvis_url = os.getenv("JARVIS_URL", "http://localhost:8000")
+        async with httpx.AsyncClient() as client:
+            resp = await client.post(
+                f"{jarvis_url}/api/ask",
+                json={"message": command},
+                timeout=30,
+            )
+            data = resp.json()
+            return data.get("response", "")
+    except Exception as e:
+        _log.warning(f"User command execution failed: {e}")
+        return None
+
+
+async def _check_user_jobs():
+    """Check and execute user-defined scheduled jobs."""
+    now = datetime.now()
+    now_str = now.strftime("%H:%M")
+
+    for job in _user_jobs:
+        if not job.get("enabled"):
+            continue
+
+        should_run = False
+
+        # Time-based jobs (run_at = "HH:MM")
+        if job.get("run_at"):
+            if job["run_at"] == now_str:
+                last_run = job.get("last_run", "")
+                today = now.strftime("%Y-%m-%d")
+                if not last_run or not last_run.startswith(today):
+                    should_run = True
+
+        # Interval-based jobs
+        elif job.get("interval_seconds", 0) > 0:
+            last_run = job.get("last_run", "")
+            if not last_run:
+                should_run = True
+            else:
+                try:
+                    lr = datetime.fromisoformat(last_run)
+                    if (now - lr).total_seconds() >= job["interval_seconds"]:
+                        should_run = True
+                except ValueError:
+                    should_run = True
+
+        if should_run:
+            _log.info(f"[SCHEDULER] Running user job: {job['name']} — {job['command']}")
+            result = await _run_user_command(job["command"])
+            if result:
+                _notify(f"JARVIS — {job['name']}", result[:200])
+                _speak(result[:200])
+
+            # Update last_run in database
+            try:
+                conn = sqlite3.connect(str(_SCHEDULER_DB), timeout=10)
+                conn.execute(
+                    "UPDATE scheduled_jobs SET last_run=? WHERE id=?",
+                    (now.isoformat(), job["id"]),
+                )
+                conn.commit()
+                conn.close()
+                job["last_run"] = now.isoformat()
+            except Exception:
+                pass
+
+            # Disable non-repeating time-based jobs after first run
+            if job.get("run_at") and not job.get("repeat_daily"):
+                try:
+                    conn = sqlite3.connect(str(_SCHEDULER_DB), timeout=10)
+                    conn.execute("UPDATE scheduled_jobs SET enabled=0 WHERE id=?", (job["id"],))
+                    conn.commit()
+                    conn.close()
+                except Exception:
+                    pass
+
+
 async def start_scheduler():
     """Start the background scheduler loop. Call from server lifespan."""
     global _running
@@ -142,7 +314,11 @@ async def start_scheduler():
     register_job("task_reminder", 300, _check_pending_tasks)
     register_job("routine_check", 120, _check_routine)
 
-    _log.info(f"Scheduler started with {len(_jobs)} job(s)")
+    # Load user-defined persistent jobs
+    _init_scheduler_db()
+    _load_user_jobs()
+
+    _log.info(f"Scheduler started with {len(_jobs)} system + {len(_user_jobs)} user job(s)")
 
     while _running:
         now = datetime.now(timezone.utc)
@@ -160,6 +336,9 @@ async def start_scheduler():
                     _log.warning(f"[SCHEDULER] {job['name']} failed: {e}")
                     job["last_run"] = now
 
+        # Check user-defined jobs
+        await _check_user_jobs()
+
         await asyncio.sleep(60)
 
 

server.py

@@ -26,6 +26,7 @@ _log.setLevel(logging.DEBUG)
 from fastapi import FastAPI, WebSocket, WebSocketDisconnect, Request
 from fastapi.staticfiles import StaticFiles
 from fastapi.responses import HTMLResponse, JSONResponse
+from fastapi.middleware.cors import CORSMiddleware
 from dotenv import load_dotenv
 
 load_dotenv()
@@ -103,6 +104,27 @@ async def lifespan(app: FastAPI):
 
 app = FastAPI(title="JARVIS", lifespan=lifespan)
 
+# ── CORS ─────────────────────────────────────────────────────────
+ALLOWED_ORIGINS = [o.strip() for o in os.getenv("JARVIS_CORS_ORIGINS", "http://localhost:8000").split(",")]
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=ALLOWED_ORIGINS,
+    allow_credentials=True,
+    allow_methods=["GET", "POST", "PUT", "DELETE"],
+    allow_headers=["Authorization", "Content-Type"],
+)
+
+# ── Allowed User IDs ─────────────────────────────────────────────
+_ALLOWED_USERS = {u.strip() for u in os.getenv("JARVIS_ALLOWED_USERS", "default").split(",")}
+
+
+def _validate_user_id(user_id: str) -> str:
+    """Validate user_id against whitelist. Returns 'default' if invalid."""
+    if user_id in _ALLOWED_USERS:
+        return user_id
+    _log.warning(f"[AUTH] Rejected unknown user_id: {user_id!r}")
+    return "default"
+
 
 def _check_auth(request: Request) -> bool:
     """Validate auth token from header, query param, or cookie."""
@@ -115,8 +137,9 @@ def _check_auth(request: Request) -> bool:
     auth_header = request.headers.get("authorization", "")
     if auth_header.startswith("Bearer ") and auth_header[7:] == AUTH_TOKEN:
         return True
-    # Check query param
+    # Check query param (deprecated — tokens in URLs leak via logs/Referer)
     if request.query_params.get("token") == AUTH_TOKEN:
+        _log.warning(f"[AUTH] Token passed via query param (deprecated) — use Bearer header or cookie instead. Path: {path}")
         return True
     # Check cookie
     if request.cookies.get("jarvis_token") == AUTH_TOKEN:
@@ -126,13 +149,13 @@ def _check_auth(request: Request) -> bool:
 
 # ── Rate Limiting ─────────────────────────────────────────────────
 import time as _time
-from collections import defaultdict
 
-_rate_limit_store: dict[str, list[float]] = defaultdict(list)
+_rate_limit_store: dict[str, list[float]] = {}
 RATE_LIMIT_MAX = int(os.getenv("JARVIS_RATE_LIMIT", "30"))  # requests per minute
 RATE_LIMIT_WINDOW = 60  # seconds
 
-_RATE_LIMITED_PREFIXES = ("/api/ask", "/ws", "/api/work", "/api/routine")
+_RATE_LIMITED_PREFIXES = ("/api/ask", "/ws", "/api/work", "/api/routine", "/api/auth")
+_AUTH_RATE_LIMIT_MAX = 5  # Stricter limit for auth endpoints (5 per minute)
 
 
 def _check_rate_limit(client_ip: str, path: str) -> bool:
@@ -140,10 +163,18 @@ def _check_rate_limit(client_ip: str, path: str) -> bool:
     if not any(path.startswith(p) for p in _RATE_LIMITED_PREFIXES):
         return True
     now = _time.time()
-    window = _rate_limit_store[client_ip]
+    if client_ip not in _rate_limit_store:
+        _rate_limit_store[client_ip] = [now]
+        return True
     # Purge old entries
-    _rate_limit_store[client_ip] = [t for t in window if now - t < RATE_LIMIT_WINDOW]
-    if len(_rate_limit_store[client_ip]) >= RATE_LIMIT_MAX:
+    _rate_limit_store[client_ip] = [t for t in _rate_limit_store[client_ip] if now - t < RATE_LIMIT_WINDOW]
+    # Remove empty IP entries to prevent memory leak
+    if not _rate_limit_store[client_ip]:
+        del _rate_limit_store[client_ip]
+        return True
+    # Stricter limit for auth endpoints (brute-force protection)
+    limit = _AUTH_RATE_LIMIT_MAX if path.startswith("/api/auth") else RATE_LIMIT_MAX
+    if len(_rate_limit_store[client_ip]) >= limit:
         return False
     _rate_limit_store[client_ip].append(now)
     return True
@@ -216,12 +247,36 @@ def _get_os_context() -> str:
     )
 
 
+def _get_time_context() -> str:
+    """Build time-aware context for smarter responses."""
+    from datetime import datetime
+    now = datetime.now()
+    hour = now.hour
+
+    if 5 <= hour < 12:
+        greeting_hint = "It's morning. Be energetic and proactive."
+    elif 12 <= hour < 17:
+        greeting_hint = "It's afternoon. Be focused and efficient."
+    elif 17 <= hour < 21:
+        greeting_hint = "It's evening. Be relaxed and wind-down oriented."
+    else:
+        greeting_hint = "It's nighttime. Be brief and quiet."
+
+    return (
+        f"\n[TIME CONTEXT]\n"
+        f"Current time: {now.strftime('%I:%M %p')}\n"
+        f"Date: {now.strftime('%A, %B %d, %Y')}\n"
+        f"{greeting_hint}\n"
+    )
+
+
 async def build_system_prompt(user_id: str = "default") -> str:
     user_ctx = await get_user_context(user_id)
     os_ctx = _get_os_context()
+    time_ctx = _get_time_context()
     return SYSTEM_PROMPT.format(
         tools_prompt=get_tools_prompt(),
-        memory_context=memory.get_context_summary() + user_ctx + os_ctx,
+        memory_context=memory.get_context_summary() + user_ctx + os_ctx + time_ctx,
     )
 
 
@@ -301,7 +356,7 @@ async def ask_jarvis(req: Request):
         return {"error": "Message too long (max 10,000 characters)"}
 
     backend = request.get("backend", "auto")
-    user_id = request.get("user_id", "default")
+    user_id = _validate_user_id(request.get("user_id", "default"))
     messages = [{"role": "user", "content": user_msg}]
     system = await build_system_prompt(user_id)
     params = AutoTune.get_params(user_msg)
@@ -469,14 +524,18 @@ async def websocket_endpoint(ws: WebSocket):
             data = await ws.receive_json()
 
             if data.get("type") == "set_user_id":
-                ws_user_id = data.get("user_id", "default")
+                ws_user_id = _validate_user_id(data.get("user_id", "default"))
                 continue
 
             if data.get("type") == "message":
                 user_msg = data["content"]
+                # Enforce message length limit (same as REST endpoint)
+                if len(user_msg) > 10000:
+                    await ws.send_json({"type": "error", "content": "Message too long (max 10,000 characters)"})
+                    continue
                 backend = data.get("backend", "auto")
                 stm_enabled = data.get("stm", True)
-                ws_user_id = data.get("user_id", ws_user_id)
+                ws_user_id = _validate_user_id(data.get("user_id", ws_user_id))
 
                 # Save user message
                 memory.add_message(conv_id, "user", user_msg)
@@ -744,7 +803,7 @@ async def api_register_device(req: Request):
         alias=alias,
         device_type=data.get("device_type", "computer"),
         device_id=data.get("device_id", ""),
-        user_id=data.get("user_id", "default"),
+        user_id=_validate_user_id(data.get("user_id", "default")),
     )
     return device
 
@@ -753,7 +812,7 @@ async def api_register_device(req: Request):
 async def api_list_my_devices(req: Request):
     """List all registered devices for the current user."""
     from user_device_registry import list_devices
-    user_id = req.query_params.get("user_id", "default")
+    user_id = _validate_user_id(req.query_params.get("user_id", "default"))
     devices = await list_devices(user_id)
     return {"devices": devices}
 
@@ -785,7 +844,7 @@ async def api_send_device_command(req: Request):
         target_alias=target_alias,
         command=command,
         source_device_id=data.get("source_device_id", ""),
-        user_id=data.get("user_id", "default"),
+        user_id=_validate_user_id(data.get("user_id", "default")),
     )
     if "error" in result:
         return JSONResponse(result, status_code=404)
@@ -879,6 +938,191 @@ async def dashboard_page():
     return HTMLResponse("<h1>Dashboard not found</h1>", status_code=404)
 
 
+# ── Scheduler API (user-defined jobs) ────────────────────────────
+
+@app.get("/api/scheduler/jobs")
+async def api_list_scheduled_jobs():
+    """List all user-defined scheduled jobs."""
+    from scheduler import list_scheduled_jobs
+    return {"jobs": list_scheduled_jobs()}
+
+
+@app.post("/api/scheduler/jobs")
+async def api_add_scheduled_job(req: Request):
+    """Add a new scheduled job. Body: {name, command, interval_seconds?, run_at?, repeat_daily?}"""
+    from scheduler import add_scheduled_job
+    data = await req.json()
+    name = data.get("name", "").strip()
+    command = data.get("command", "").strip()
+    if not name or not command:
+        return JSONResponse({"error": "name and command are required"}, status_code=400)
+    job = add_scheduled_job(
+        name=name,
+        command=command,
+        interval_seconds=data.get("interval_seconds", 0),
+        run_at=data.get("run_at", ""),
+        repeat_daily=data.get("repeat_daily", False),
+    )
+    return job
+
+
+@app.delete("/api/scheduler/jobs/{job_id}")
+async def api_remove_scheduled_job(job_id: int):
+    """Remove a scheduled job by ID."""
+    from scheduler import remove_scheduled_job
+    remove_scheduled_job(job_id)
+    return {"deleted": job_id}
+
+
+# ── Automation Rules API ─────────────────────────────────────────
+
+_automation_rules: list[dict] = []
+
+
+@app.get("/api/automations")
+async def api_list_automations():
+    """List all automation rules (if-this-then-that)."""
+    return {"rules": _automation_rules}
+
+
+@app.post("/api/automations")
+async def api_add_automation(req: Request):
+    """Add an automation rule. Body: {name, trigger, condition, action}
+    trigger: 'time', 'event', 'keyword'
+    condition: depends on trigger type (e.g., time='09:00', keyword='meeting')
+    action: JARVIS command to execute
+    """
+    data = await req.json()
+    rule = {
+        "id": len(_automation_rules) + 1,
+        "name": data.get("name", "Untitled Rule"),
+        "trigger": data.get("trigger", ""),
+        "condition": data.get("condition", ""),
+        "action": data.get("action", ""),
+        "enabled": data.get("enabled", True),
+    }
+    _automation_rules.append(rule)
+    return rule
+
+
+@app.delete("/api/automations/{rule_id}")
+async def api_remove_automation(rule_id: int):
+    """Remove an automation rule."""
+    global _automation_rules
+    _automation_rules = [r for r in _automation_rules if r.get("id") != rule_id]
+    return {"deleted": rule_id}
+
+
+# ── Settings API ─────────────────────────────────────────────────
+
+@app.get("/api/settings")
+async def api_get_settings():
+    """Get all JARVIS settings (read from environment/preferences)."""
+    prefs = await get_preferences()
+    return {
+        "language": os.getenv("JARVIS_LANGUAGE", "en"),
+        "tts_backend": os.getenv("JARVIS_TTS_BACKEND", "say"),
+        "tts_voice": os.getenv("JARVIS_TTS_VOICE", "Daniel"),
+        "tts_rate": int(os.getenv("JARVIS_TTS_RATE", "180")),
+        "wake_mode": os.getenv("JARVIS_WAKE_MODE", "auto"),
+        "idle_quit_minutes": int(os.getenv("JARVIS_IDLE_QUIT_MINUTES", "10")),
+        "auth_enabled": AUTH_ENABLED,
+        "cors_origins": ALLOWED_ORIGINS,
+        "rate_limit": RATE_LIMIT_MAX,
+        "backend": get_active_backend(),
+        "backends_available": get_available_backends(),
+        "tools_count": len(TOOL_REGISTRY),
+        "user_preferences": prefs,
+    }
+
+
+@app.put("/api/settings")
+async def api_update_settings(req: Request):
+    """Update a user preference. Body: {key, value}"""
+    data = await req.json()
+    key = data.get("key", "").strip()
+    value = data.get("value", "")
+    if not key:
+        return JSONResponse({"error": "key is required"}, status_code=400)
+    from user_profile import save_preference
+    await save_preference(key, str(value))
+    return {"key": key, "value": value, "saved": True}
+
+
+# ── Smart Context API ────────────────────────────────────────────
+
+@app.get("/api/context")
+async def api_smart_context():
+    """Get smart context: time of day, location (if available), system state."""
+    import platform as _plat
+    now = datetime.now() if 'datetime' not in dir() else __import__('datetime').datetime.now()
+    from datetime import datetime as _dt
+    now = _dt.now()
+    hour = now.hour
+
+    if 5 <= hour < 12:
+        time_of_day = "morning"
+    elif 12 <= hour < 17:
+        time_of_day = "afternoon"
+    elif 17 <= hour < 21:
+        time_of_day = "evening"
+    else:
+        time_of_day = "night"
+
+    # Get location (macOS CoreLocation via AppleScript)
+    location = None
+    if _plat.system() == "Darwin":
+        try:
+            import subprocess
+            loc_result = subprocess.run(
+                ["osascript", "-e", '''
+                    use framework "CoreLocation"
+                    set mgr to current application's CLLocationManager's alloc()'s init()
+                    set loc to mgr's location()
+                    if loc is not missing value then
+                        set lat to loc's coordinate()'s latitude() as real
+                        set lon to loc's coordinate()'s longitude() as real
+                        return (lat as string) & "," & (lon as string)
+                    end if
+                    return "unavailable"
+                '''],
+                capture_output=True, text=True, timeout=5,
+            )
+            loc_str = loc_result.stdout.strip()
+            if loc_str and loc_str != "unavailable":
+                parts = loc_str.split(",")
+                if len(parts) == 2:
+                    location = {"lat": float(parts[0]), "lon": float(parts[1])}
+        except Exception:
+            pass
+
+    # Get active work session
+    work_session = await get_active_work_session()
+
+    return {
+        "time_of_day": time_of_day,
+        "hour": hour,
+        "date": now.strftime("%A, %B %d, %Y"),
+        "timestamp": now.isoformat(),
+        "location": location,
+        "active_work_session": work_session.get("title") if work_session else None,
+        "system": _plat.system(),
+    }
+
+
+# ── Mount Gradio UI (for HF Spaces) ──────────────────────────────
+try:
+    import gradio as gr
+    from gradio_app import create_gradio_app
+    gradio_demo = create_gradio_app()
+    app = gr.mount_gradio_app(app, gradio_demo, path="/gradio")
+    _log.info("Gradio UI mounted at /gradio")
+except ImportError:
+    _log.info("Gradio not installed — /gradio UI unavailable (using static HTML only)")
+except Exception as e:
+    _log.warning(f"Gradio mount failed: {e}")
+
+
 if __name__ == "__main__":
     import uvicorn
     port = int(os.getenv("PORT", os.getenv("JARVIS_PORT", "8000")))

static/index.html

@@ -157,6 +157,63 @@
             box-shadow: 0 0 10px rgba(187, 134, 252, 0.3);
         }
 
+        /* Settings Panel */
+        .settings-panel {
+            position: fixed;
+            top: 50px;
+            right: 16px;
+            width: 380px;
+            max-height: 80vh;
+            overflow-y: auto;
+            background: var(--surface);
+            border: 1px solid var(--border);
+            border-radius: 12px;
+            padding: 20px;
+            z-index: 1000;
+            box-shadow: 0 8px 32px rgba(0,0,0,0.5);
+        }
+        .settings-group {
+            margin-bottom: 14px;
+        }
+        .settings-group label {
+            display: block;
+            font-size: 11px;
+            color: var(--text2);
+            margin-bottom: 4px;
+            text-transform: uppercase;
+            letter-spacing: 0.5px;
+        }
+        .settings-group select, .settings-group input[type="range"] {
+            width: 100%;
+            padding: 6px 10px;
+            background: var(--bg2);
+            border: 1px solid var(--border);
+            color: var(--text);
+            border-radius: 6px;
+            font-size: 13px;
+            font-family: inherit;
+        }
+        .settings-group select:focus, .settings-group input:focus {
+            outline: 2px solid var(--accent);
+            outline-offset: 2px;
+        }
+
+        /* Skip link for accessibility */
+        .skip-link {
+            position: absolute;
+            top: -40px;
+            left: 0;
+            background: var(--accent);
+            color: #000;
+            padding: 8px 16px;
+            z-index: 9999;
+            border-radius: 0 0 8px 0;
+            font-weight: 600;
+        }
+        .skip-link:focus {
+            top: 0;
+        }
+
         select.ctrl-select {
             background: var(--surface2);
             border: 1px solid rgba(0, 180, 216, 0.2);
@@ -508,6 +565,9 @@
     </style>
 </head>
 <body>
+    <!-- Accessibility: Skip to main content -->
+    <a href="#message-input" class="skip-link">Skip to chat input</a>
+
     <!-- Header -->
     <div class="header">
         <div class="logo">
@@ -531,11 +591,70 @@
             <div class="autotune-badge" id="autotune-badge">AT: <span id="autotune-type">—</span></div>
             <button class="ctrl-btn" id="wakeword-btn" onclick="toggleWakeWord()" title="Always-on wake word: say 'Hey JARVIS'">WAKE</button>
             <button class="ctrl-btn" onclick="newChat()" title="New Chat">NEW</button>
+            <button class="ctrl-btn" onclick="toggleSettings()" title="Settings" aria-label="Settings">⚙</button>
+        </div>
+    </div>
+
+    <!-- Settings Panel -->
+    <div class="settings-panel" id="settings-panel" role="dialog" aria-label="Settings" style="display:none;">
+        <div style="display:flex;justify-content:space-between;align-items:center;margin-bottom:16px;">
+            <h3 style="margin:0;color:var(--accent);">Settings</h3>
+            <button onclick="toggleSettings()" style="background:none;border:none;color:var(--text2);font-size:20px;cursor:pointer;" aria-label="Close settings">&times;</button>
+        </div>
+        <div class="settings-group">
+            <label for="setting-language">Language</label>
+            <select id="setting-language" aria-label="Language">
+                <option value="en">English</option>
+                <option value="es">Spanish</option>
+                <option value="fr">French</option>
+                <option value="de">German</option>
+                <option value="it">Italian</option>
+                <option value="pt">Portuguese</option>
+                <option value="ja">Japanese</option>
+                <option value="ko">Korean</option>
+                <option value="zh">Chinese</option>
+                <option value="hi">Hindi</option>
+                <option value="ar">Arabic</option>
+            </select>
+        </div>
+        <div class="settings-group">
+            <label for="setting-tts">TTS Voice</label>
+            <select id="setting-tts" aria-label="TTS Voice">
+                <option value="Daniel">Daniel (Default)</option>
+                <option value="Samantha">Samantha</option>
+                <option value="Alex">Alex</option>
+                <option value="Karen">Karen</option>
+                <option value="Moira">Moira</option>
+                <option value="Tessa">Tessa</option>
+                <option value="elevenlabs">ElevenLabs (Premium)</option>
+            </select>
+        </div>
+        <div class="settings-group">
+            <label for="setting-rate">Speech Rate</label>
+            <input type="range" id="setting-rate" min="120" max="250" value="180" aria-label="Speech rate">
+            <span id="rate-value">180 WPM</span>
+        </div>
+        <div class="settings-group">
+            <label>Scheduled Jobs</label>
+            <div id="scheduled-jobs-list" style="font-size:12px;color:var(--text2);margin-top:4px;">Loading...</div>
+            <div style="display:flex;gap:6px;margin-top:8px;">
+                <input type="text" id="job-name" placeholder="Job name" style="flex:1;padding:4px 8px;background:var(--bg2);border:1px solid var(--border);color:var(--text);border-radius:4px;font-size:12px;">
+                <input type="text" id="job-command" placeholder="Command" style="flex:2;padding:4px 8px;background:var(--bg2);border:1px solid var(--border);color:var(--text);border-radius:4px;font-size:12px;">
+                <input type="text" id="job-time" placeholder="HH:MM" style="width:60px;padding:4px 8px;background:var(--bg2);border:1px solid var(--border);color:var(--text);border-radius:4px;font-size:12px;">
+                <button onclick="addScheduledJob()" style="padding:4px 10px;background:var(--accent);border:none;border-radius:4px;cursor:pointer;font-size:12px;color:#000;">Add</button>
+            </div>
+        </div>
+        <div class="settings-group">
+            <label>Automation Rules</label>
+            <div id="automation-rules-list" style="font-size:12px;color:var(--text2);margin-top:4px;">Loading...</div>
+        </div>
+        <div class="settings-group" style="margin-top:12px;">
+            <button onclick="saveSettings()" style="width:100%;padding:8px;background:var(--accent);border:none;border-radius:6px;cursor:pointer;font-weight:600;color:#000;">Save Settings</button>
         </div>
     </div>
 
     <!-- Chat -->
-    <div class="chat-container" id="chat">
+    <div class="chat-container" id="chat" role="log" aria-label="Chat messages" aria-live="polite">
         <div class="welcome" id="welcome">
             <div class="arc-reactor-lg"></div>
             <h2>J.A.R.V.I.S.</h2>
@@ -1292,6 +1411,102 @@
             }
         }
 
+        // ── Settings Panel ──────────────────────────────
+        function toggleSettings() {
+            const panel = document.getElementById('settings-panel');
+            const visible = panel.style.display !== 'none';
+            panel.style.display = visible ? 'none' : 'block';
+            if (!visible) loadSettings();
+        }
+
+        async function loadSettings() {
+            try {
+                const resp = await fetch('/api/settings', { headers: authHeaders() });
+                const data = await resp.json();
+                document.getElementById('setting-language').value = data.language || 'en';
+                document.getElementById('setting-tts').value = data.tts_voice || 'Daniel';
+                document.getElementById('setting-rate').value = data.tts_rate || 180;
+                document.getElementById('rate-value').textContent = (data.tts_rate || 180) + ' WPM';
+            } catch(e) { console.log('Settings load error', e); }
+
+            // Load scheduled jobs
+            try {
+                const resp = await fetch('/api/scheduler/jobs', { headers: authHeaders() });
+                const data = await resp.json();
+                const el = document.getElementById('scheduled-jobs-list');
+                if (data.jobs && data.jobs.length > 0) {
+                    el.innerHTML = data.jobs.map(j =>
+                        `<div style="display:flex;justify-content:space-between;align-items:center;padding:3px 0;">` +
+                        `<span>${j.name} — <em>${j.command}</em> ${j.run_at ? '@ '+j.run_at : j.interval_seconds+'s'}</span>` +
+                        `<button onclick="deleteJob(${j.id})" style="background:none;border:none;color:#f44;cursor:pointer;font-size:14px;">&times;</button></div>`
+                    ).join('');
+                } else {
+                    el.textContent = 'No scheduled jobs.';
+                }
+            } catch(e) { document.getElementById('scheduled-jobs-list').textContent = 'Could not load jobs.'; }
+
+            // Load automation rules
+            try {
+                const resp = await fetch('/api/automations', { headers: authHeaders() });
+                const data = await resp.json();
+                const el = document.getElementById('automation-rules-list');
+                if (data.rules && data.rules.length > 0) {
+                    el.innerHTML = data.rules.map(r =>
+                        `<div style="padding:3px 0;">${r.name}: when ${r.trigger}="${r.condition}" → ${r.action}</div>`
+                    ).join('');
+                } else {
+                    el.textContent = 'No automation rules.';
+                }
+            } catch(e) { document.getElementById('automation-rules-list').textContent = 'Could not load rules.'; }
+        }
+
+        // Speech rate slider live update
+        document.getElementById('setting-rate').addEventListener('input', function() {
+            document.getElementById('rate-value').textContent = this.value + ' WPM';
+        });
+
+        async function saveSettings() {
+            const prefs = [
+                { key: 'language', value: document.getElementById('setting-language').value },
+                { key: 'tts_voice', value: document.getElementById('setting-tts').value },
+                { key: 'tts_rate', value: document.getElementById('setting-rate').value },
+            ];
+            for (const p of prefs) {
+                await fetch('/api/settings', {
+                    method: 'PUT',
+                    headers: { ...authHeaders(), 'Content-Type': 'application/json' },
+                    body: JSON.stringify(p),
+                });
+            }
+            toggleSettings();
+        }
+
+        async function addScheduledJob() {
+            const name = document.getElementById('job-name').value.trim();
+            const command = document.getElementById('job-command').value.trim();
+            const runAt = document.getElementById('job-time').value.trim();
+            if (!name || !command) return alert('Name and command are required.');
+            await fetch('/api/scheduler/jobs', {
+                method: 'POST',
+                headers: { ...authHeaders(), 'Content-Type': 'application/json' },
+                body: JSON.stringify({ name, command, run_at: runAt, repeat_daily: !!runAt }),
+            });
+            document.getElementById('job-name').value = '';
+            document.getElementById('job-command').value = '';
+            document.getElementById('job-time').value = '';
+            loadSettings();
+        }
+
+        async function deleteJob(id) {
+            await fetch('/api/scheduler/jobs/' + id, { method: 'DELETE', headers: authHeaders() });
+            loadSettings();
+        }
+
+        function authHeaders() {
+            const token = localStorage.getItem('jarvis_token') || '';
+            return token ? { 'Authorization': 'Bearer ' + token } : {};
+        }
+
         // Initialize
         checkAuth().then(ok => {
             if (ok) {

tools/__init__.py

@@ -1,9 +1,12 @@
 """JARVIS Tool System — extensible tool registry."""
 
 import json
+import logging
 import platform
 from typing import Callable
 
+_log = logging.getLogger("jarvis.tools")
+
 TOOL_REGISTRY: dict[str, dict] = {}
 
 # Tools that require macOS (osascript/subprocess) and should be delegated
@@ -90,6 +93,27 @@ async def execute_tool(name: str, args: dict) -> str:
     if not IS_MACOS and name in _MACOS_ONLY_TOOLS:
         return await _delegate_to_device(name, args)
 
+    # Validate required parameters and basic types before calling
+    schema = TOOL_REGISTRY[name].get("parameters", {})
+    properties = schema.get("properties", {})
+    required = schema.get("required", [])
+
+    for req_param in required:
+        if req_param not in args:
+            return f"Error: {name} requires parameter '{req_param}'"
+
+    # Basic type coercion for common mismatches from LLM output
+    for param_name, param_value in list(args.items()):
+        if param_name in properties:
+            expected_type = properties[param_name].get("type")
+            if expected_type == "integer" and isinstance(param_value, str):
+                try:
+                    args[param_name] = int(param_value)
+                except ValueError:
+                    return f"Error: {name} parameter '{param_name}' must be an integer"
+            elif expected_type == "boolean" and isinstance(param_value, str):
+                args[param_name] = param_value.lower() in ("true", "1", "yes")
+
     try:
         result = TOOL_REGISTRY[name]["function"](**args)
         if hasattr(result, "__await__"):
@@ -98,7 +122,8 @@ async def execute_tool(name: str, args: dict) -> str:
     except TypeError as e:
         return f"Error executing {name}: invalid arguments"
     except Exception as e:
-        return f"Error executing {name}: {type(e).__name__}"
+        _log.error(f"Tool {name} failed: {type(e).__name__}: {e}")
+        return f"Error executing {name}: an unexpected error occurred"
 
 
 def register_macos_tools():
@@ -129,8 +154,10 @@ def register_macos_tools():
         "spotlight_search", "finder_open", "finder_move", "finder_copy", "trash_file",
         "contacts_search", "maps_directions",
         "app_keystroke", "app_menu_click", "app_window_manage", "textedit_create",
+        "photos_recent", "photos_search", "photos_albums", "photos_open",
+        "focus_status", "focus_set",
         # builtin.py — macOS-specific subset
-        "open_app", "open_terminal",
+        "open_app", "open_terminal", "run_in_terminal",
         # vscode_tools.py — all 7 tools
         "vscode_open", "vscode_open_terminal", "vscode_run_command",
         "copilot_chat", "copilot_inline", "vscode_list_extensions", "vscode_diff",

tools/app_automation.py

@@ -709,7 +709,7 @@ def calendar_today() -> str:
             if eventList is "" then return "No events today."
             return eventList
         end tell
-    ''', timeout=15)
+    ''', timeout=30)
     return f"Today's events:\n{result}"
 
 
@@ -992,9 +992,10 @@ def browser_read_page(browser: str = "safari") -> str:
 def spotlight_search(query: str, limit: int = 10) -> str:
     limit = max(1, min(50, limit))
     try:
+        # mdfind doesn't support -limit; pipe through head instead
         result = subprocess.run(
-            ["mdfind", "-limit", str(limit), query],
-            capture_output=True, text=True, timeout=10,
+            f'mdfind "{query}" | head -n {limit}',
+            shell=True, capture_output=True, text=True, timeout=10,
         )
         files = result.stdout.strip().split("\n")
         files = [f for f in files if f.strip()]
@@ -1371,6 +1372,248 @@ def app_window_manage(app_name: str, action: str) -> str:
     return f"{app_name}: {action}"
 
 
+# ═══════════════════════════════════════════════════════════════
+#  APPLE PHOTOS
+# ═══════════════════════════════════════════════════════════════
+
+
+@tool(
+    name="photos_recent",
+    description="Get recent photos from Apple Photos library",
+    parameters={
+        "type": "object",
+        "properties": {
+            "count": {"type": "integer", "description": "Number of recent photos (default 5, max 20)"},
+        },
+    },
+)
+def photos_recent(count: int = 5) -> str:
+    count = max(1, min(20, count))
+    result = _osascript(f'''
+        tell application "Photos"
+            set photoList to ""
+            set allPhotos to every media item
+            set photoCount to count of allPhotos
+            set startIdx to photoCount - {count} + 1
+            if startIdx < 1 then set startIdx to 1
+            repeat with i from startIdx to photoCount
+                set p to item i of allPhotos
+                set pName to ""
+                try
+                    set pName to filename of p
+                end try
+                if pName is "" or pName is missing value then set pName to "Photo " & i
+                set photoList to photoList & pName & " (" & date of p & ")\\n"
+            end repeat
+            return photoList
+        end tell
+    ''', timeout=20)
+    return f"Recent photos:\n{result}" if result else "No photos found."
+
+
+@tool(
+    name="photos_search",
+    description="Search Apple Photos by keyword (searches titles and descriptions)",
+    parameters={
+        "type": "object",
+        "properties": {
+            "query": {"type": "string", "description": "Search keyword"},
+        },
+        "required": ["query"],
+    },
+)
+def photos_search(query: str) -> str:
+    safe_query = _sanitize_applescript(query)
+    result = _osascript(f'''
+        tell application "Photos"
+            set matchList to ""
+            set matchPhotos to every media item whose name contains "{safe_query}" or description contains "{safe_query}"
+            set matchCount to count of matchPhotos
+            if matchCount > 20 then set matchCount to 20
+            repeat with i from 1 to matchCount
+                set p to item i of matchPhotos
+                set matchList to matchList & name of p & " (" & date of p & ")\\n"
+            end repeat
+            if matchList is "" then return "No photos matching: {safe_query}"
+            return matchList
+        end tell
+    ''', timeout=20)
+    return result
+
+
+@tool(
+    name="photos_albums",
+    description="List photo albums in Apple Photos",
+    parameters={"type": "object", "properties": {}},
+)
+def photos_albums() -> str:
+    result = _osascript('''
+        tell application "Photos"
+            set albumList to ""
+            repeat with a in albums
+                set albumList to albumList & name of a & " (" & (count of media items of a) & " photos)\\n"
+            end repeat
+            return albumList
+        end tell
+    ''', timeout=20)
+    return f"Albums:\n{result}" if result else "No albums found."
+
+
+@tool(
+    name="photos_open",
+    description="Open the Photos app, optionally to a specific album",
+    parameters={
+        "type": "object",
+        "properties": {
+            "album": {"type": "string", "description": "Album name to open (optional)"},
+        },
+    },
+)
+def photos_open(album: str = "") -> str:
+    if album:
+        safe_album = _sanitize_applescript(album)
+        _osascript(f'''
+            tell application "Photos"
+                activate
+                -- Photos doesn't support direct album navigation via AppleScript
+            end tell
+        ''')
+        return f"Photos opened (navigate to album: {album})"
+    else:
+        _osascript('tell application "Photos" to activate')
+        return "Photos opened"
+
+
+# ═══════════════════════════════════════════════════════════════
+#  FOCUS MODES
+# ═══════════════════════════════════════════════════════════════
+
+
+@tool(
+    name="focus_status",
+    description="Check the current Focus mode (Do Not Disturb, Work, Personal, etc.)",
+    parameters={"type": "object", "properties": {}},
+)
+def focus_status() -> str:
+    # Modern macOS: check Focus/DND via multiple methods
+    try:
+        # Method 1: Check DND assertion via plutil
+        result = subprocess.run(
+            ["plutil", "-extract", "dnd_prefs", "raw",
+             os.path.expanduser("~/Library/DoNotDisturb/DB/Assertions.json")],
+            capture_output=True, text=True, timeout=5,
+        )
+        if result.returncode == 0 and result.stdout.strip():
+            return "Focus is ON (Do Not Disturb active)"
+    except Exception:
+        pass
+
+    try:
+        # Method 2: Check via defaults
+        result = subprocess.run(
+            ["defaults", "read", "com.apple.ncprefs", "dnd_prefs"],
+            capture_output=True, text=True, timeout=5,
+        )
+        if "userPref" in result.stdout and "1" in result.stdout:
+            return "Focus is ON"
+    except Exception:
+        pass
+
+    try:
+        # Method 3: AppleScript fallback
+        as_result = _osascript('''
+            try
+                do shell script "defaults read com.apple.controlcenter 'NSStatusItem Visible FocusModes'"
+                return "Focus indicator visible in Control Center"
+            on error
+                return "Focus is OFF"
+            end try
+        ''')
+        return as_result
+    except Exception:
+        pass
+
+    return "Focus status: could not determine (likely OFF)"
+
+
+@tool(
+    name="focus_set",
+    description="Enable or disable a Focus mode (Do Not Disturb, Work, Personal, Sleep, etc.)",
+    parameters={
+        "type": "object",
+        "properties": {
+            "mode": {"type": "string", "description": "Focus mode name: 'dnd', 'work', 'personal', 'sleep', or 'off'"},
+            "duration_minutes": {"type": "integer", "description": "Duration in minutes (0 = until manually turned off)"},
+        },
+        "required": ["mode"],
+    },
+)
+def focus_set(mode: str, duration_minutes: int = 0) -> str:
+    mode_lower = mode.lower().strip()
+
+    if mode_lower == "off":
+        _osascript('''
+            tell application "System Events"
+                if exists process "ControlCenter" then
+                    -- Use Shortcuts to disable Focus
+                end if
+            end tell
+        ''')
+        # Use shortcuts as the most reliable method
+        try:
+            subprocess.run(
+                ["shortcuts", "run", "Turn Off Focus"],
+                capture_output=True, text=True, timeout=10,
+            )
+            return "Focus mode turned off"
+        except Exception:
+            # Fallback: toggle DND via AppleScript
+            _osascript('''
+                tell application "System Events"
+                    set doNotDisturb of appearance preferences to false
+                end tell
+            ''')
+            return "Do Not Disturb turned off"
+
+    # Map mode names to Shortcuts
+    mode_map = {
+        "dnd": "Do Not Disturb",
+        "do not disturb": "Do Not Disturb",
+        "work": "Work",
+        "personal": "Personal",
+        "sleep": "Sleep",
+        "driving": "Driving",
+        "fitness": "Fitness",
+        "gaming": "Gaming",
+        "reading": "Reading",
+    }
+    focus_name = mode_map.get(mode_lower, mode)
+
+    # Try using Shortcuts (most reliable for Focus modes)
+    try:
+        subprocess.run(
+            ["shortcuts", "run", f"Turn On {focus_name}"],
+            capture_output=True, text=True, timeout=10,
+        )
+        dur_msg = f" for {duration_minutes} minutes" if duration_minutes else ""
+        return f"Focus mode '{focus_name}' enabled{dur_msg}"
+    except Exception:
+        # Fallback for DND
+        if mode_lower in ("dnd", "do not disturb"):
+            _osascript('''
+                tell application "System Events"
+                    set doNotDisturb of appearance preferences to true
+                end tell
+            ''')
+            return "Do Not Disturb enabled"
+        return f"Could not enable Focus '{focus_name}'. Create a Shortcut named 'Turn On {focus_name}'."
+
+
+# ═══════════════════════════════════════════════════════════════
+#  TEXTEDIT
+# ═══════════════════════════════════════════════════════════════
+
+
 @tool(
     name="textedit_create",
     description="Create and open a text document in TextEdit with given content",

tools/builtin.py

@@ -142,8 +142,55 @@ def run_command(command: str) -> str:
         return "Error: Command timed out (30s limit)"
     except FileNotFoundError:
         return f"Error: Command not found — '{args[0]}'"
-    except Exception as e:
-        return f"Error running command: {type(e).__name__}"
+    except Exception:
+        return "Error: Could not run command."
+
+
+@tool(
+    name="run_in_terminal",
+    description="Run a command in Terminal.app and capture the output. "
+                "Unlike run_command, this opens a visible Terminal window.",
+    parameters={
+        "type": "object",
+        "properties": {
+            "command": {"type": "string", "description": "Shell command to execute"},
+            "wait": {"type": "boolean", "description": "Wait for completion and capture output (default true)"},
+        },
+        "required": ["command"],
+    },
+)
+def run_in_terminal(command: str, wait: bool = True) -> str:
+    import shlex
+    safe_cmd = command.replace('"', '\\"').replace("'", "'\\''")
+    if wait:
+        # Run in Terminal, capture output via temp file
+        tmp_file = "/tmp/jarvis_terminal_output.txt"
+        script = f'''
+            tell application "Terminal"
+                activate
+                do script "{safe_cmd} > {tmp_file} 2>&1"
+            end tell
+        '''
+        try:
+            subprocess.run(["osascript", "-e", script], capture_output=True, timeout=5)
+            # Wait briefly for command to complete
+            import time
+            time.sleep(3)
+            try:
+                with open(tmp_file, "r") as f:
+                    output = f.read()
+                return output[:3000] if output else "(No output captured)"
+            except FileNotFoundError:
+                return "Command sent to Terminal (output not yet available)"
+        except Exception:
+            return "Error: Could not open Terminal."
+    else:
+        script = f'tell application "Terminal" to do script "{safe_cmd}"'
+        try:
+            subprocess.run(["osascript", "-e", script], capture_output=True, timeout=5)
+            return f"Command sent to Terminal: {command}"
+        except Exception:
+            return "Error: Could not open Terminal."
 
 
 @tool(
@@ -175,6 +222,9 @@ _BLOCKED_PATH_FRAGMENTS = [
     ".ssh", ".gnupg", ".netrc", ".aws/credentials", ".aws/config",
     "keychain", ".secret", "/etc/shadow", "/etc/sudoers",
     ".kube/config", ".docker/config.json",
+    # Private keys and certificates
+    ".pem", ".key", ".p12", ".pfx", "id_rsa", "id_ed25519", "id_ecdsa",
+    ".keystore", ".jks",
 ]
 _BLOCKED_WRITE_PATHS = _BLOCKED_PATH_FRAGMENTS + [
     ".env", ".zshrc", ".bashrc", ".bash_profile", ".profile",
@@ -201,8 +251,12 @@ def read_file(path: str) -> str:
         with open(p, "r") as f:
             content = f.read()
         return content[:5000] if len(content) > 5000 else content
-    except Exception as e:
-        return f"Error reading file: {type(e).__name__}"
+    except FileNotFoundError:
+        return "Error: File not found."
+    except PermissionError:
+        return "Error: Permission denied."
+    except Exception:
+        return "Error: Could not read file."
 
 
 @tool(
@@ -228,8 +282,10 @@ def write_file(path: str, content: str) -> str:
         with open(p, "w") as f:
             f.write(content)
         return f"Written to {p}"
-    except Exception as e:
-        return f"Error writing file: {type(e).__name__}"
+    except PermissionError:
+        return "Error: Permission denied."
+    except Exception:
+        return "Error: Could not write file."
 
 
 @tool(