@a1hvdy/cc-openclaw 0.27.10 → 0.27.12

package/dist/src/openai-compat/autonomy-rule.d.ts

@@ -0,0 +1,26 @@
+/**
+ * AUTONOMY_RULE — "act, don't ask" posture injected into the Savvy chat path.
+ *
+ * Why: the openai-compat (Telegram) path does not reliably load the owner's
+ * CLAUDE.md "Execute, don't discuss" rules (tmpdir CWD), so the model reverts to
+ * Claude's base posture of asking on ambiguous forks. Combined with a Telegram
+ * AskUserQuestion round-trip that silently drops answers, this made Savvy stall
+ * and require many prods to finish one task. This rule restores the terminal-CLI
+ * posture: decide and execute, complete the whole task in one turn.
+ *
+ * Gated by CC_OPENCLAW_AUTONOMY_RULE (default on; set '0' to disable). Prepended
+ * at the same injection points as TTS_RULE in openai-compat.ts so it lands in
+ * both the REPLACE (--system-prompt) and APPEND (--append-system-prompt) paths.
+ *
+ * Pure-string constant — no I/O, no module state.
+ */
+export declare const AUTONOMY_RULE: string;
+/**
+ * Merge AskUserQuestion into a session's disallowedTools when suppression is on.
+ * The Telegram answer round-trip silently drops taps, so a question there stalls
+ * the turn — suppressing the tool is the hard guarantee behind AUTONOMY_RULE's
+ * "decide, do not ask" posture. Returns `prior` unchanged when suppression is
+ * off (so callers only set disallowedTools when there's something to set). Pure
+ * + dedup so it's unit-testable and idempotent across repeated session creates.
+ */
+export declare function withAskUserSuppressed(prior: string[] | undefined, suppress: boolean): string[] | undefined;

package/dist/src/openai-compat/autonomy-rule.js

@@ -0,0 +1,56 @@
+/**
+ * AUTONOMY_RULE — "act, don't ask" posture injected into the Savvy chat path.
+ *
+ * Why: the openai-compat (Telegram) path does not reliably load the owner's
+ * CLAUDE.md "Execute, don't discuss" rules (tmpdir CWD), so the model reverts to
+ * Claude's base posture of asking on ambiguous forks. Combined with a Telegram
+ * AskUserQuestion round-trip that silently drops answers, this made Savvy stall
+ * and require many prods to finish one task. This rule restores the terminal-CLI
+ * posture: decide and execute, complete the whole task in one turn.
+ *
+ * Gated by CC_OPENCLAW_AUTONOMY_RULE (default on; set '0' to disable). Prepended
+ * at the same injection points as TTS_RULE in openai-compat.ts so it lands in
+ * both the REPLACE (--system-prompt) and APPEND (--append-system-prompt) paths.
+ *
+ * Pure-string constant — no I/O, no module state.
+ */
+export const AUTONOMY_RULE = [
+    '=== AUTONOMY RULE (cc-openclaw, takes precedence) ===',
+    '',
+    'You are operating over a chat channel for the owner, who cannot watch you',
+    'work and only sees your final reply. Default to ACTING, not asking.',
+    '',
+    '1. DECIDE, do not ask. For any reversible decision (layout, naming, which of',
+    '   several valid approaches), pick the best option, state your reasoning in',
+    '   ONE line, and proceed. Do NOT stop to ask "shall I proceed?", "A or B?",',
+    '   or "want me to continue?" for routine work. Only pause for genuinely',
+    '   destructive or irreversible actions (deleting data, force-push, sending',
+    '   external messages).',
+    '',
+    '2. FINISH THE WHOLE TASK in one turn. When a request implies multiple steps',
+    '   (e.g. fix -> build -> test -> commit -> ship), run ALL of them before',
+    '   yielding. Do not hand back a half-done task with "say go to continue" —',
+    '   that forces the owner to prod you repeatedly. Run it to completion.',
+    '',
+    '3. The ONE exception is restarting the gateway you run inside: never bounce it',
+    '   mid-reply (it kills this message). Do every other step first, then schedule',
+    '   the restart as a detached, delayed command so it lands AFTER your reply.',
+    '',
+    '4. Verify before claiming done. Run the build/test/probe and report what you',
+    '   actually observed ("ran X, it returned Y"), never "should work".',
+    '',
+    '=== END AUTONOMY RULE ===',
+].join('\n');
+/**
+ * Merge AskUserQuestion into a session's disallowedTools when suppression is on.
+ * The Telegram answer round-trip silently drops taps, so a question there stalls
+ * the turn — suppressing the tool is the hard guarantee behind AUTONOMY_RULE's
+ * "decide, do not ask" posture. Returns `prior` unchanged when suppression is
+ * off (so callers only set disallowedTools when there's something to set). Pure
+ * + dedup so it's unit-testable and idempotent across repeated session creates.
+ */
+export function withAskUserSuppressed(prior, suppress) {
+    if (!suppress)
+        return prior;
+    return [...new Set([...(prior ?? []), 'AskUserQuestion'])];
+}

package/dist/src/openai-compat/chat-cwd.d.ts

@@ -0,0 +1,22 @@
+/**
+ * resolveChatCwd — working directory for an openai-compat (Telegram chat) session.
+ *
+ * Default: a neutral per-session tmpdir, so the claude CLI does NOT load
+ * CLAUDE.md / git state / project context (keeps chat turns cheap and clean —
+ * this is the deliberate v0.x choice).
+ *
+ * Opt-in (v0.27.12): set CC_OPENCLAW_CHAT_CWD to an existing directory and chat
+ * sessions run there — the CLI then loads that project's CLAUDE.md + git context
+ * like the terminal CLI does, and the CLI's "cwd reset" lands on the project dir
+ * instead of a tmpdir. This closes the chat-vs-terminal project-context parity
+ * gap as an explicit, per-deployment opt-in, so the default stays zero-token-
+ * overhead. A blank/unset/nonexistent value falls back to the tmpdir, so a
+ * misconfigured path can never break session creation.
+ *
+ * Pure (deps injectable) for unit-testing.
+ */
+export declare function resolveChatCwd(sessionName: string, opts?: {
+    cwdOverride?: string;
+    dirExists?: (p: string) => boolean;
+    tmpDir?: string;
+}): string;

package/dist/src/openai-compat/chat-cwd.js

@@ -0,0 +1,36 @@
+/**
+ * resolveChatCwd — working directory for an openai-compat (Telegram chat) session.
+ *
+ * Default: a neutral per-session tmpdir, so the claude CLI does NOT load
+ * CLAUDE.md / git state / project context (keeps chat turns cheap and clean —
+ * this is the deliberate v0.x choice).
+ *
+ * Opt-in (v0.27.12): set CC_OPENCLAW_CHAT_CWD to an existing directory and chat
+ * sessions run there — the CLI then loads that project's CLAUDE.md + git context
+ * like the terminal CLI does, and the CLI's "cwd reset" lands on the project dir
+ * instead of a tmpdir. This closes the chat-vs-terminal project-context parity
+ * gap as an explicit, per-deployment opt-in, so the default stays zero-token-
+ * overhead. A blank/unset/nonexistent value falls back to the tmpdir, so a
+ * misconfigured path can never break session creation.
+ *
+ * Pure (deps injectable) for unit-testing.
+ */
+import * as os from 'node:os';
+import * as path from 'node:path';
+import * as fs from 'node:fs';
+export function resolveChatCwd(sessionName, opts = {}) {
+    const override = (opts.cwdOverride ?? process.env.CC_OPENCLAW_CHAT_CWD ?? '').trim();
+    const dirExists = opts.dirExists ??
+        ((p) => {
+            try {
+                return fs.statSync(p).isDirectory();
+            }
+            catch {
+                return false;
+            }
+        });
+    if (override && dirExists(override))
+        return override;
+    const base = opts.tmpDir ?? os.tmpdir();
+    return path.join(base, `openclaw-compat-${sessionName}`);
+}

package/dist/src/openai-compat/openai-compat.js

@@ -7,7 +7,6 @@
  */
 import * as fs from 'node:fs';
 import * as path from 'node:path';
-import * as os from 'node:os';
 import { randomUUID } from 'node:crypto';
 import { resolveEngineAndModel } from '../models.js';
 import { OPENAI_COMPAT_DEFAULT_MODEL, OPENAI_COMPAT_AUTO_COMPACT_THRESHOLD, RESUME_FRESHNESS_MS, } from '../constants.js';
@@ -29,6 +28,8 @@ import { getTtsAutoMode } from '../lib/config.js';
 // suggestion. v0.10.3 explicitly forbids alternatives and gives an example.
 // `TTS_RULE` extracted to `./tts-rule.ts` 2026-05-13 — pure-string constant.
 import { TTS_RULE } from './tts-rule.js';
+import { AUTONOMY_RULE, withAskUserSuppressed } from './autonomy-rule.js';
+import { resolveChatCwd } from './chat-cwd.js';
 import { extractUserMessage, } from './message-extractor.js';
 import { handleNonStreaming } from './non-streaming-handler.js';
 import { handleStreaming } from './streaming-handler.js';
@@ -257,10 +258,12 @@ export async function handleChatCompletion(manager, body, headers, res) {
     // Create session if needed
     const needsCreate = !sessionExists || extracted.isNewConversation;
     if (needsCreate) {
-        // OpenAI-compat sessions are API proxies, not coding sessions.
-        // Use a neutral empty temp dir so the CLI doesn't load CLAUDE.md,
-        // git state, or project context from wherever `serve` was started.
-        const sessionCwd = path.join(os.tmpdir(), `openclaw-compat-${sessionName}`);
+        // OpenAI-compat sessions are API proxies, not coding sessions. By default
+        // use a neutral empty temp dir so the CLI doesn't load CLAUDE.md, git state,
+        // or project context from wherever `serve` was started. v0.27.12: opt into a
+        // real project dir via CC_OPENCLAW_CHAT_CWD to load project context like the
+        // terminal CLI (see resolveChatCwd). Default unchanged = zero token overhead.
+        const sessionCwd = resolveChatCwd(sessionName);
         if (!fs.existsSync(sessionCwd))
             fs.mkdirSync(sessionCwd, { recursive: true });
         const sessionConfig = {
@@ -332,6 +335,16 @@ export async function handleChatCompletion(manager, body, headers, res) {
                 sessionConfig.tools = '';
             }
         }
+        // v0.27.11: suppress AskUserQuestion on the chat path (CC_OPENCLAW_SUPPRESS_ASKUSER,
+        // default on). The Telegram answer round-trip silently drops taps (askuser.ts
+        // injectAnswer → "SKIPPED sessionKey=none"), so a question there stalls the turn.
+        // This is the hard guarantee behind the AUTONOMY_RULE posture: the model decides
+        // instead of asking. Reversible via the env flag.
+        if (engine === 'claude') {
+            const suppressed = withAskUserSuppressed(sessionConfig.disallowedTools, process.env.CC_OPENCLAW_SUPPRESS_ASKUSER !== '0');
+            if (suppressed)
+                sessionConfig.disallowedTools = suppressed;
+        }
         // Claude Code CLI supports --system-prompt (replace) and --append-system-prompt (append).
         // When the caller provides tools, use --system-prompt to REPLACE the CLI's entire
         // system prompt via buildSessionSystemPrompt(). See that function's doc for details
@@ -343,16 +356,21 @@ export async function handleChatCompletion(manager, body, headers, res) {
             // [[tts:text]] syntax regardless of which CLI flag is used.
             const ttsAuto = getTtsAutoMode();
             const ttsPrefix = ttsAuto !== 'off' ? `${TTS_RULE}\n\n` : '';
+            // v0.27.11: "act, don't ask" posture (CC_OPENCLAW_AUTONOMY_RULE, default on).
+            // Restores the terminal-CLI execution posture the tmpdir-CWD chat path
+            // otherwise loses, so Savvy finishes the whole task instead of stalling.
+            const autonomyPrefix = process.env.CC_OPENCLAW_AUTONOMY_RULE !== '0' ? `${AUTONOMY_RULE}\n\n` : '';
+            const prefix = autonomyPrefix + ttsPrefix;
             if (request.tools?.length) {
                 sessionConfig.systemPrompt =
-                    ttsPrefix + buildSessionSystemPrompt(request.tools, extracted.systemPrompt);
+                    prefix + buildSessionSystemPrompt(request.tools, extracted.systemPrompt);
             }
             else if (extracted.systemPrompt) {
-                sessionConfig.appendSystemPrompt = ttsPrefix + extracted.systemPrompt;
+                sessionConfig.appendSystemPrompt = prefix + extracted.systemPrompt;
             }
-            else if (ttsPrefix) {
-                // No upstream system prompt but TTS is on → inject just the rule
-                sessionConfig.appendSystemPrompt = ttsPrefix.trim();
+            else if (prefix) {
+                // No upstream system prompt but a rule prefix is on → inject just the rules
+                sessionConfig.appendSystemPrompt = prefix.trim();
             }
         }
         try {

package/dist/src/session/persisted-sessions.d.ts

@@ -30,6 +30,21 @@ export interface PersistedSession {
  * the decision is unit-testable independent of the disk layer.
  */
 export declare function isPersistedSessionFresh(persisted: Pick<PersistedSession, 'lastActivity'> | undefined, now: number, freshnessMs: number): boolean;
+/**
+ * v0.27.11 — write-through decision for the resume id. The debounced disk save
+ * loses an unflushed claudeSessionId on a hard kill (cc-install / watchdog
+ * SIGTERM / detached pm2 restart) — exactly when post-restart resume matters.
+ * So a freshness-resume session flushes its id to disk synchronously the first
+ * time that id is seen. Returns true → caller does a synchronous save and
+ * records the id as flushed; false → caller uses the debounced save (fine for
+ * frequent same-id lastActivity bumps). Pure + side-effect-free for unit-testing.
+ */
+export declare function shouldWriteThroughResumeId(opts: {
+    enabled: boolean;
+    optedFreshResume: boolean;
+    lastFlushedId: string | undefined;
+    newId: string | undefined;
+}): boolean;
 export declare function loadPersistedSessions(): Map<string, PersistedSession>;
 export declare function savePersistedSessions(sessions: Map<string, PersistedSession>, logger?: Logger): void;
 export declare function savePersistedSessionsAsync(sessions: Map<string, PersistedSession>, logger?: Logger): void;

package/dist/src/session/persisted-sessions.js

@@ -31,6 +31,22 @@ export function isPersistedSessionFresh(persisted, now, freshnessMs) {
         return false;
     return now - persisted.lastActivity <= freshnessMs;
 }
+/**
+ * v0.27.11 — write-through decision for the resume id. The debounced disk save
+ * loses an unflushed claudeSessionId on a hard kill (cc-install / watchdog
+ * SIGTERM / detached pm2 restart) — exactly when post-restart resume matters.
+ * So a freshness-resume session flushes its id to disk synchronously the first
+ * time that id is seen. Returns true → caller does a synchronous save and
+ * records the id as flushed; false → caller uses the debounced save (fine for
+ * frequent same-id lastActivity bumps). Pure + side-effect-free for unit-testing.
+ */
+export function shouldWriteThroughResumeId(opts) {
+    if (!opts.enabled || !opts.optedFreshResume)
+        return false;
+    if (!opts.newId)
+        return false;
+    return opts.lastFlushedId !== opts.newId;
+}
 export function loadPersistedSessions() {
     try {
         if (!fs.existsSync(PERSIST_FILE))

package/dist/src/session/session-manager.d.ts

@@ -24,6 +24,7 @@ export declare class SessionManager {
     private pluginConfig;
     private persistedSessions;
     private _debouncedSave;
+    private _lastFlushedIds;
     private _proxyServer;
     private _proxyPort;
     private _activePids;

package/dist/src/session/session-manager.js

@@ -33,7 +33,7 @@ function getPluginVersion() {
 // ─── Persistence ─────────────────────────────────────────────────────────────
 // Extracted to `./persisted-sessions.ts` 2026-05-13 — coherent persistence
 // layer (load + sync atomic-write + async-write + types + constants).
-import { loadPersistedSessions, savePersistedSessions, savePersistedSessionsAsync, isPersistedSessionFresh, } from './persisted-sessions.js';
+import { loadPersistedSessions, savePersistedSessions, savePersistedSessionsAsync, isPersistedSessionFresh, shouldWriteThroughResumeId, } from './persisted-sessions.js';
 // Debounce helper — coalesces rapid writes into one
 // `makeDebounced` extracted to `../lib/debounce.ts` 2026-05-13 —
 // pure-function hot-path decomposition.
@@ -72,6 +72,10 @@ export class SessionManager {
     pluginConfig;
     persistedSessions;
     _debouncedSave;
+    // v0.27.11: tracks the claudeSessionId last DURABLY (synchronously) written to
+    // disk per session name, so write-through fires once per new id rather than on
+    // every send. See _persistSession.
+    _lastFlushedIds = new Map();
     _proxyServer = null;
     _proxyPort = null;
     _activePids = new Map();
@@ -429,6 +433,7 @@ export class SessionManager {
         this._savePids();
         // Explicit stop = user intent to end session — remove from disk too
         this.persistedSessions.delete(name);
+        this._lastFlushedIds.delete(name);
         savePersistedSessions(this.persistedSessions, this.logger);
     }
     listSessions() {
@@ -943,7 +948,26 @@ export class SessionManager {
             lastResumed: new Date().toISOString(),
             lastActivity: managed.lastActivity,
         });
-        this._debouncedSave();
+        // v0.27.11: write-through the resume id. The debounced save (used for
+        // frequent lastActivity bumps) loses the claudeSessionId when the gateway is
+        // hard-killed before the timer fires — and hard restarts are common
+        // (cc-install, watchdog SIGTERM, detached pm2 restart), which is exactly when
+        // resume matters most. So when a freshness-resume session sees a NEW
+        // claudeSessionId, flush it to disk synchronously, once, immediately. Frequent
+        // same-id bumps stay debounced. Gated by CC_OPENCLAW_RESUME_WRITETHROUGH.
+        const optedFreshResume = typeof managed.config.resumeFreshnessMs === 'number' && managed.config.resumeFreshnessMs > 0;
+        if (shouldWriteThroughResumeId({
+            enabled: process.env.CC_OPENCLAW_RESUME_WRITETHROUGH !== '0',
+            optedFreshResume,
+            lastFlushedId: this._lastFlushedIds.get(name),
+            newId: managed.claudeSessionId,
+        })) {
+            savePersistedSessions(this.persistedSessions, this.logger);
+            this._lastFlushedIds.set(name, managed.claudeSessionId);
+        }
+        else {
+            this._debouncedSave();
+        }
     }
     // ─── PID Tracking ──────────────────────────────────────────────────────
     static PID_FILE = path.join(os.homedir(), '.openclaw', 'session-pids.json');
@@ -1523,6 +1547,7 @@ export class SessionManager {
         for (const [name, entry] of this.persistedSessions) {
             if (now - entry.lastActivity > PERSIST_DISK_TTL_MS) {
                 this.persistedSessions.delete(name);
+                this._lastFlushedIds.delete(name);
                 pruned = true;
             }
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@a1hvdy/cc-openclaw",
-  "version": "0.27.10",
+  "version": "0.27.12",
   "description": "A1xAI's Anthropic CLI bridge plugin for OpenClaw",
   "author": "@a1cy",
   "license": "MIT",