feat: add built-in exec tool, compact skill prompts, and channel tool policy

- Add BuiltinExecTool for sandboxed shell execution with timeout and
  PATH augmentation
- Switch skill prompt format to compact entries (name + description +
  location) with on-demand SKILL.md reading
- Enforce tool policy per channel, filtering tools before LLM sees them
- Add location field to skills for compact prompt references
- Add db migration v18 for skill location column

Author: coopbri

src/agent/runner.rs

@@ -102,12 +102,14 @@ pub async fn run_agent_turn(state: &ApiState, config: AgentRunConfig) -> crate::
     ));
 
     // Fetch available tools
+    let exec_tool = Arc::new(crate::tools::BuiltinExecTool::default());
     let tools = {
         let executor = crate::tools::executor::ToolExecutor::new(
             Arc::clone(&synapse),
             state.plugin_manager.clone(),
         )
-        .with_memory_tools(Arc::clone(&memory_tools));
+        .with_memory_tools(Arc::clone(&memory_tools))
+        .with_exec_tool(Arc::clone(&exec_tool));
         executor.list_tools().await.ok()
     };
 
@@ -222,7 +224,8 @@ pub async fn run_agent_turn(state: &ApiState, config: AgentRunConfig) -> crate::
                     Arc::clone(&synapse),
                     state.plugin_manager.clone(),
                 )
-                .with_memory_tools(Arc::clone(&memory_tools)),
+                .with_memory_tools(Arc::clone(&memory_tools))
+                .with_exec_tool(Arc::clone(&exec_tool)),
             );
 
             // Headless: skip interactive tools, run the rest

src/api/skills.rs

@@ -389,6 +389,7 @@ async fn install_local(
         },
         content: req.content,
         source: SkillSource::Local,
+        location: None,
     };
 
     let priority = req.priority.unwrap_or_default();

src/api/webhooks/telegram/process.rs

@@ -464,11 +464,13 @@ pub async fn process_telegram_message(
 
     let response = {
         // Fetch available tools from Synapse MCP and plugins
+        let exec_tool = Arc::new(crate::tools::BuiltinExecTool::default());
         let tools = {
             let mut executor = crate::tools::executor::ToolExecutor::new(
                 Arc::clone(synapse),
                 state.plugin_manager.clone(),
-            );
+            )
+            .with_exec_tool(Arc::clone(&exec_tool));
             if let Some(ref ct) = state.cron_tools {
                 executor = executor.with_cron_tools(Arc::clone(ct));
             }
@@ -484,7 +486,8 @@ pub async fn process_telegram_message(
         let mut executor = crate::tools::executor::ToolExecutor::new(
             Arc::clone(synapse),
             state.plugin_manager.clone(),
-        );
+        )
+        .with_exec_tool(exec_tool);
         if let Some(ref ct) = state.cron_tools {
             executor = executor.with_cron_tools(Arc::clone(ct));
         }

src/api/websocket.rs

@@ -572,7 +572,8 @@ async fn handle_chat_message(
         let executor = crate::tools::executor::ToolExecutor::new(
             Arc::clone(&synapse),
             state.plugin_manager.clone(),
-        );
+        )
+        .with_exec_tool(Arc::new(crate::tools::BuiltinExecTool::default()));
         let result = executor
             .execute(tool_name, arguments)
             .await

src/daemon.rs

@@ -1213,7 +1213,7 @@ impl Daemon {
         shutdown_rx: &mut mpsc::Receiver<()>,
         plugin_manager: crate::api::plugins::SharedPluginManager,
     ) -> Result<()> {
-        // Available for future tool filtering by channel policy
+        // Voice uses Full profile — tool_policy checked at handler level
         let _ = &tool_policy;
 
         let wake_word =
@@ -1539,8 +1539,7 @@ async fn handle_channel_messages<C: Channel + Send + 'static>(
     plugin_manager: crate::api::plugins::SharedPluginManager,
     telegram_config: Option<crate::config::TelegramConfig>,
 ) {
-    // Available for future tool filtering by channel policy
-    let _ = &tool_policy;
+    let exec_tool = Arc::new(crate::tools::BuiltinExecTool::default());
 
     tracing::info!(channel = channel_name, "channel handler started");
 
@@ -1789,13 +1788,25 @@ async fn handle_channel_messages<C: Channel + Send + 'static>(
             }
         }
 
-        // Fetch available tools from Synapse MCP and plugins
+        // Fetch available tools from Synapse MCP and plugins, filtered by policy
         let tools = {
             let executor = crate::tools::executor::ToolExecutor::new(
                 Arc::clone(&synapse),
                 plugin_manager.clone(),
-            );
-            executor.list_tools().await.ok()
+            )
+            .with_exec_tool(Arc::clone(&exec_tool));
+            executor.list_tools().await.ok().map(|tools| {
+                let filtered: Vec<_> = tools
+                    .into_iter()
+                    .filter(|t| {
+                        tool_policy
+                            .is_allowed(channel_name, &normalize_tool_name(&t.function.name))
+                    })
+                    .collect();
+                let names: Vec<&str> = filtered.iter().map(|t| t.function.name.as_str()).collect();
+                tracing::info!(channel = channel_name, tools = ?names, "tools available for LLM");
+                filtered
+            })
         };
 
         let use_streaming = channel
@@ -1827,7 +1838,8 @@ async fn handle_channel_messages<C: Channel + Send + 'static>(
             let executor = crate::tools::executor::ToolExecutor::new(
                 Arc::clone(&synapse),
                 plugin_manager.clone(),
-            );
+            )
+            .with_exec_tool(Arc::clone(&exec_tool));
             let mut loop_detector = crate::tools::loop_detection::LoopDetector::default();
 
             for _turn in 0..10 {
@@ -1941,6 +1953,11 @@ async fn handle_channel_messages<C: Channel + Send + 'static>(
 
                                 let mut should_break = false;
                                 for tc in &tool_calls {
+                                    tracing::info!(
+                                        tool = %tc.function.name,
+                                        args_len = tc.function.arguments.len(),
+                                        "executing tool call"
+                                    );
                                     let result = executor
                                         .execute(&tc.function.name, &tc.function.arguments)
                                         .await
@@ -2220,9 +2237,11 @@ async fn handle_voice_command(
     };
 
     // Fetch available tools from Synapse MCP and plugins
+    let exec_tool = Arc::new(crate::tools::BuiltinExecTool::default());
     let tools = {
         let executor =
-            crate::tools::executor::ToolExecutor::new(Arc::clone(synapse), plugin_manager.clone());
+            crate::tools::executor::ToolExecutor::new(Arc::clone(synapse), plugin_manager.clone())
+                .with_exec_tool(Arc::clone(&exec_tool));
         executor.list_tools().await.ok()
     };
 
@@ -2232,7 +2251,8 @@ async fn handle_voice_command(
     ];
     let mut final_text = String::new();
     let executor =
-        crate::tools::executor::ToolExecutor::new(Arc::clone(synapse), plugin_manager.clone());
+        crate::tools::executor::ToolExecutor::new(Arc::clone(synapse), plugin_manager.clone())
+            .with_exec_tool(exec_tool);
 
     for _turn in 0..10 {
         let request = synapse_client::ChatRequest {
@@ -2345,6 +2365,17 @@ fn extract_command(transcript: &str, wake_word: &str) -> String {
     )
 }
 
+/// Map LLM tool names to policy category names
+fn normalize_tool_name(name: &str) -> String {
+    match name {
+        "Bash" => "shell".to_string(),
+        "Read" | "Glob" | "Grep" | "WebFetch" | "ListDir" => "read_file".to_string(),
+        "Write" | "Edit" => "write_file".to_string(),
+        "WebSearch" => "web_search".to_string(),
+        other => other.to_string(),
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -2357,4 +2388,20 @@ mod tests {
         );
         assert_eq!(extract_command("Hey Orin", "hey orin"), "");
     }
+
+    #[test]
+    fn test_normalize_tool_name() {
+        assert_eq!(normalize_tool_name("Bash"), "shell");
+        assert_eq!(normalize_tool_name("Read"), "read_file");
+        assert_eq!(normalize_tool_name("Write"), "write_file");
+        assert_eq!(normalize_tool_name("Edit"), "write_file");
+        assert_eq!(normalize_tool_name("WebSearch"), "web_search");
+        assert_eq!(normalize_tool_name("WebFetch"), "read_file");
+        assert_eq!(normalize_tool_name("Glob"), "read_file");
+        assert_eq!(normalize_tool_name("Grep"), "read_file");
+        assert_eq!(normalize_tool_name("ListDir"), "read_file");
+        // Unknown tools pass through
+        assert_eq!(normalize_tool_name("memory_store"), "memory_store");
+        assert_eq!(normalize_tool_name("cron_list"), "cron_list");
+    }
 }

src/db/schema.rs

@@ -5,7 +5,7 @@ use rusqlite::Connection;
 use crate::Result;
 
 /// Current schema version
-pub const SCHEMA_VERSION: i32 = 17;
+pub const SCHEMA_VERSION: i32 = 18;
 
 /// Initialize the database schema
 ///
@@ -68,6 +68,9 @@ pub fn init(conn: &Connection) -> Result<()> {
     if version < 17 {
         migrate_v17(conn)?;
     }
+    if version < 18 {
+        migrate_v18(conn)?;
+    }
 
     Ok(())
 }
@@ -590,6 +593,20 @@ fn migrate_v17(conn: &Connection) -> Result<()> {
     Ok(())
 }
 
+fn migrate_v18(conn: &Connection) -> Result<()> {
+    conn.execute_batch(
+        r"
+        -- Skill file location for compact prompt mode
+        ALTER TABLE installed_skills ADD COLUMN location TEXT;
+
+        PRAGMA user_version = 18;
+        ",
+    )?;
+
+    tracing::info!("migrated to schema v18 (skill location)");
+    Ok(())
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

src/db/skill.rs

@@ -98,11 +98,11 @@ impl SkillRepo {
                 disable_model_invocation, emoji, requires_env, command_name, user_id,
                 os, requires_bins, requires_any_bins, primary_env,
                 command_dispatch_tool, api_key, skill_env,
-                install_specs, requires_config
+                install_specs, requires_config, location
             ) VALUES (
                 ?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, 1, ?12, ?13, ?14, ?15, ?16, ?17, ?18, ?19,
                 ?20, ?21, ?22, ?23, ?24, NULL, '{}',
-                ?25, ?26
+                ?25, ?26, ?27
             )
             ",
             rusqlite::params![
@@ -132,6 +132,7 @@ impl SkillRepo {
                 command_dispatch_tool,
                 install_specs_json,
                 requires_config_json,
+                skill.location,
             ],
         )?;
 
@@ -194,7 +195,7 @@ impl SkillRepo {
         emoji, requires_env, command_name, user_id,
         os, requires_bins, requires_any_bins, primary_env,
         command_dispatch_tool, api_key, skill_env,
-        install_specs, requires_config
+        install_specs, requires_config, location
     ";
 
     /// Get an installed skill by ID
@@ -432,8 +433,9 @@ impl SkillRepo {
                         os = ?8, requires_bins = ?9, requires_any_bins = ?10,
                         primary_env = ?11, command_dispatch_tool = ?12,
                         install_specs = ?13, requires_config = ?14,
+                        location = ?15,
                         updated_at = datetime('now')
-                    WHERE id = ?15
+                    WHERE id = ?16
                     ",
                 rusqlite::params![
                     skill.content,
@@ -450,6 +452,7 @@ impl SkillRepo {
                     command_dispatch_tool,
                     install_specs_json,
                     requires_config_json,
+                    skill.location,
                     existing.skill.id,
                 ],
             )?;
@@ -463,6 +466,7 @@ impl SkillRepo {
                     metadata: skill.metadata.clone(),
                     content: skill.content.clone(),
                     source: SkillSource::Bundled,
+                    location: skill.location.clone(),
                 },
                 installed_at: existing.installed_at,
                 enabled: existing.enabled,
@@ -651,6 +655,8 @@ impl SkillRepo {
         let requires_config_json: String = row
             .get::<_, Option<String>>(29)?
             .unwrap_or_else(|| "[]".to_string());
+        // v18 column
+        let location: Option<String> = row.get(30).unwrap_or(None);
 
         let skill_env: HashMap<String, String> =
             serde_json::from_str(&skill_env_json).unwrap_or_default();
@@ -698,6 +704,7 @@ impl SkillRepo {
                 },
                 content,
                 source,
+                location,
             },
             installed_at,
             enabled,
@@ -742,6 +749,7 @@ mod tests {
             },
             content: "# Test Skill\n\nThis is a test.".to_string(),
             source: SkillSource::Local,
+            location: None,
         }
     }