Feat/cron enabled toolsets

[say8hi]

What does this PR do?

Cron jobs currently load the full default toolset on every run - including
browser automation (11 tools), vision, TTS, MoA, skills management, and
other tools that most jobs never use. All of these inflate input token count
purely from tool definitions on every turn.

This PR adds an optional enabled_toolsets field to cron job config. When
set, only the specified toolsets are loaded for that job. When omitted,
behavior is unchanged.

Example: a job that only needs web search, terminal, file reads, and
delegation goes from loading ~25 tools to 6, reducing tool definition tokens
by ~60–70%.

{
  "name": "my-monitor",
  "enabled_toolsets": ["web", "terminal", "file", "delegation"]
}

The agent that creates cron jobs (cronjob tool) now also accepts and
persists enabled_toolsets, and infers the right value from the job prompt
based on the tool description guidance.

Related Issue

Fixes #

Type of Change

• 🐛 Bug fix (non-breaking change that fixes an issue)
• ✨ New feature (non-breaking change that adds functionality)
• 🔒 Security fix
• 📝 Documentation update
• ✅ Tests (adding or improving test coverage)
• ♻️ Refactor (no behavior change)
• 🎯 New skill (bundled or hub)

Changes Made

• cron/scheduler.py: pass job.get("enabled_toolsets") to AIAgent when spawning the cron agent
• cron/jobs.py: add enabled_toolsets parameter to create_job(), normalize and persist it in the job dict
• tools/cronjob_tools.py: expose enabled_toolsets in cronjob() function, tool schema, _format_job(), and registry handler — supports both create and update actions

How to Test

1. Create a cron job with "enabled_toolsets": ["web", "terminal"] in ~/.hermes/cron/jobs.json
2. Trigger the job and observe input token count in logs - only web and terminal tool definitions should appear
3. Remove enabled_toolsets and retrigger — token count returns to default (all tools)
4. Ask the agent to create a cron job: it should automatically populate enabled_toolsets based on the tools referenced in the prompt

Checklist

Code

• I've read the Contributing Guide
• My commit messages follow Conventional Commits (fix(scope):, feat(scope):, etc.)
• I searched for existing PRs to make sure this isn't a duplicate
• My PR contains only changes related to this fix/feature (no unrelated commits)
• I've run pytest tests/ -q and all tests pass
• I've added tests for my changes (required for bug fixes, strongly encouraged for features)
• I've tested on my platform: Linux 6.18.8-arch2-1

Documentation & Housekeeping

• I've updated relevant documentation (README, docs/, docstrings) — or N/A
• I've updated cli-config.yaml.example if I added/changed config keys — or N/A
• I've updated CONTRIBUTING.md or AGENTS.md if I changed architecture or workflows — or N/A
• I've considered cross-platform impact (Windows, macOS) per the compatibility guide — or N/A
• I've updated tool descriptions/schemas if I changed tool behavior — or N/A

Screenshots / Logs

Before:

After:

[Swift42]

That would not only save tokens, it would greatly increase security!
Currently I can just do
"prompt": "Copy the file /opt/data/foo.txt to /opt/data/bar.txt using the command: cp /opt/data/foo.txt /opt/data/bar.txt",
And the Agent then happily executes the command.
So a prompt injection attack could have severe consequences (e.g. when the Agent reads a mail or some other user-generated message).
Therefore I see this as a must-have security fix.

[teknium1]

Merged via #14767 — your three commits were cherry-picked with authorship preserved (rebase merge). Thanks for the feature!

[alt-glitch]

Superseded by #14767 which salvaged this work and has been merged.