@archal/cli 0.7.11 → 0.8.0

package/harnesses/openclaw/AGENTS.md

@@ -0,0 +1,27 @@
+# Agent Instructions
+
+You are executing a task against live systems. The systems you interact with are fully operational and stateful — your actions have real effects.
+
+## Execution Protocol
+
+1. **Discover first**: Use listing and search tools to understand the current state before making changes.
+2. **Act precisely**: Make only the changes required by the task. Do not create unnecessary entities.
+3. **Verify after**: Confirm your changes took effect by re-reading state after mutations.
+4. **Complete all requirements**: If the task spans multiple systems, finish work in every system mentioned.
+
+## Tool Usage
+
+- All system interactions happen through MCP tools. Use them — do not write raw API code.
+- Tools are namespaced by system (e.g., `list_issues` for GitHub, `list_channels` for Slack).
+- Read tool descriptions carefully — they tell you what parameters are required.
+- If a tool call fails, read the error message. Common issues:
+  - Missing required parameter → check the tool schema
+  - 404 → entity doesn't exist, verify the ID
+  - 422 → invalid input, check parameter types and values
+
+## Safety
+
+- Do not modify entities the task doesn't mention.
+- Do not create files, commits, or branches unless the task explicitly requires it.
+- If you're unsure whether an action is required, gather more information first.
+- When the task is about updating existing items (triage, cleanup, review), do NOT create duplicates.

package/harnesses/openclaw/SOUL.md

@@ -0,0 +1,12 @@
+# Soul
+
+You are a precise, methodical task executor. You complete tasks by interacting with systems through tools.
+
+Your approach:
+1. Read the full task before acting.
+2. Discover available tools and understand what each system provides.
+3. Execute actions one step at a time, verifying results.
+4. When you encounter errors, analyze them and try alternatives.
+5. When finished, summarize what you accomplished.
+
+You never fabricate data. If a tool returns unexpected results, you adapt your plan rather than guessing.

package/harnesses/openclaw/TOOLS.md

@@ -0,0 +1,20 @@
+# Tools
+
+You have access to system tools via MCP connections. These tools let you interact with:
+
+- **GitHub**: Repositories, issues, pull requests, labels, comments, branches, files
+- **Slack**: Channels, messages, users, reactions, threads
+- **Jira**: Issues, comments, sprints, boards, labels
+- **Linear**: Issues, projects, cycles, labels, comments
+- **Stripe**: Customers, payments, subscriptions, invoices, balances
+- **Supabase**: Database tables, SQL queries, row-level operations
+
+Not all systems may be available for every task — use only the tools that appear in your tool list.
+
+## Tool Discovery
+
+When you start, your MCP connections expose the available tools automatically. Use listing tools first to understand state, then mutation tools to make changes.
+
+## Routing
+
+All tool calls are routed to the correct system endpoint automatically through your MCP connections. You do not need to configure URLs or authentication — it is handled for you.

package/harnesses/openclaw/agent.mjs

@@ -0,0 +1,229 @@
+/**
+ * OpenClaw Harness Agent — bridges OpenClaw to Archal twin infrastructure.
+ *
+ * Native OpenClaw CLI execution only:
+ *
+ * 1. **Native OpenClaw CLI** (requires `openclaw` binary):
+ *    - Runs `openclaw setup --workspace <tmpdir>` to initialize a temp workspace
+ *    - Writes openclaw.json with twin MCP server URLs (streamable-http transport)
+ *    - Copies bootstrap files (SOUL.md, AGENTS.md, TOOLS.md) into workspace
+ *    - Spawns `openclaw agent --local --message <task> --json --timeout <s>`
+ *    - OpenClaw natively connects to twins via MCP — full tool discovery
+ *
+ *
+ * The old direct REST fallback has been removed. Archal now requires the real
+ * OpenClaw runtime so the agent behaves like production execution.
+ */
+
+import { execSync, spawn } from 'node:child_process';
+import { existsSync, writeFileSync, mkdirSync, readFileSync, rmSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+import { tmpdir } from 'node:os';
+import { randomUUID } from 'node:crypto';
+import { collectTwinUrls } from '../_lib/rest-client.mjs';
+import { writeMetrics } from '../_lib/metrics.mjs';
+
+const TASK = (process.env['ARCHAL_ENGINE_TASK'] || '').trim();
+const MODEL = process.env['ARCHAL_ENGINE_MODEL'] || 'openclaw:main';
+if (!TASK) {
+  console.error('[openclaw] ARCHAL_ENGINE_TASK not set or empty');
+  process.exit(1);
+}
+
+// ── Detect OpenClaw installation ─────────────────────────────────────
+
+function isOpenClawInstalled() {
+  try {
+    execSync('openclaw --version', { stdio: 'pipe', timeout: 5000 });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+// ── Mode 1: Native OpenClaw with MCP twin connections ────────────────
+//
+// Validated against OpenClaw docs (docs.openclaw.ai):
+// - `openclaw setup --workspace <dir>` initializes a workspace at custom path
+// - `openclaw agent --local --message <text> --json --timeout <s>` runs locally
+// - MCP config in openclaw.json under mcpServers key
+// - Streamable HTTP transport uses { url: "..." } format
+// - No --workspace or --agent flags on `agent` subcommand
+// - Workspace override is via openclaw.json `agent.workspace` or setup flag
+
+async function runWithOpenClawCli() {
+  const twinUrls = collectTwinUrls();
+  const twinNames = Object.keys(twinUrls);
+  const harnessDir = dirname(new URL(import.meta.url).pathname);
+
+  if (twinNames.length === 0) {
+    console.error('[openclaw] No twin URLs found. Check ARCHAL_TWIN_NAMES and ARCHAL_<TWIN>_URL env vars.');
+    process.exit(1);
+  }
+
+  // Create a temp workspace directory
+  const workspaceDir = join(tmpdir(), `archal-openclaw-${randomUUID().slice(0, 8)}`);
+  mkdirSync(workspaceDir, { recursive: true });
+
+  // Build MCP server config for twin endpoints (streamable-http transport).
+  // OpenClaw reads mcpServers from openclaw.json — for HTTP transport,
+  // each entry needs just a `url` field pointing at the MCP endpoint.
+  const mcpServers = {};
+  for (const [twinName, baseUrl] of Object.entries(twinUrls)) {
+    const trimmed = baseUrl.trim().replace(/\/+$/, '');
+    const mcpUrl = trimmed.endsWith('/mcp') ? trimmed : `${trimmed}/mcp`;
+    mcpServers[`archal-${twinName}`] = { url: mcpUrl };
+  }
+
+  // Write openclaw.json config — this is the canonical config location
+  // that OpenClaw reads on startup. We set agent.workspace to this dir
+  // and configure mcpServers with twin endpoints.
+  const openclawConfig = {
+    agent: {
+      workspace: workspaceDir,
+    },
+    mcpServers,
+  };
+  // OpenClaw looks for openclaw.json in ~/.openclaw/ by default,
+  // but with --local mode it also checks the current working directory.
+  // We write both locations to be safe.
+  const dotOpenclawDir = join(workspaceDir, '.openclaw');
+  mkdirSync(dotOpenclawDir, { recursive: true });
+  writeFileSync(
+    join(dotOpenclawDir, 'openclaw.json'),
+    JSON.stringify(openclawConfig, null, 2),
+  );
+  // Also write a .mcp.json in workspace root (project-level MCP config)
+  writeFileSync(
+    join(workspaceDir, '.mcp.json'),
+    JSON.stringify({ mcpServers }, null, 2),
+  );
+
+  // Copy bootstrap files from harness into workspace
+  for (const file of ['SOUL.md', 'AGENTS.md', 'TOOLS.md', 'IDENTITY.md']) {
+    const src = join(harnessDir, file);
+    if (existsSync(src)) {
+      writeFileSync(join(workspaceDir, file), readFileSync(src, 'utf-8'));
+    }
+  }
+
+  // Build environment for the OpenClaw process
+  const env = { ...process.env };
+  // Use OPENCLAW_PROFILE to isolate this run's config from user's default
+  const profileName = `archal-${randomUUID().slice(0, 6)}`;
+  env['OPENCLAW_PROFILE'] = profileName;
+  // Pass gateway token if available
+  if (process.env['ARCHAL_TOKEN'] && !env['OPENCLAW_GATEWAY_TOKEN']) {
+    env['OPENCLAW_GATEWAY_TOKEN'] = process.env['ARCHAL_TOKEN'];
+  }
+
+  const timeoutSeconds = parseInt(process.env['ARCHAL_ENGINE_TIMEOUT'] || '240', 10);
+  const runStart = Date.now();
+
+  return new Promise((resolve, reject) => {
+    // OpenClaw agent CLI: --local runs embedded, --message is the task,
+    // --json gives machine-readable output, --timeout sets deadline
+    const args = [
+      'agent',
+      '--local',
+      '--message', TASK,
+      '--json',
+      '--timeout', String(timeoutSeconds),
+    ];
+
+    console.error(`[openclaw] Spawning: openclaw ${args.slice(0, 3).join(' ')} ... --timeout ${timeoutSeconds}`);
+    console.error(`[openclaw] Workspace: ${workspaceDir}`);
+    console.error(`[openclaw] Twins: ${twinNames.join(', ')} (MCP streamable-http)`);
+    console.error(`[openclaw] Profile: ${profileName}`);
+
+    const child = spawn('openclaw', args, {
+      env,
+      cwd: workspaceDir, // Run from workspace so .mcp.json is discovered
+      stdio: ['pipe', 'pipe', 'pipe'],
+      timeout: (timeoutSeconds + 30) * 1000, // Buffer above agent timeout
+    });
+
+    let stdout = '';
+    let stderr = '';
+
+    child.stdout.on('data', (data) => {
+      stdout += data.toString();
+    });
+
+    child.stderr.on('data', (data) => {
+      const text = data.toString();
+      stderr += text;
+      process.stderr.write(text);
+    });
+
+    child.on('close', (code) => {
+      const totalTimeMs = Date.now() - runStart;
+
+      // Parse structured JSON output from OpenClaw
+      let parsedOutput = null;
+      try {
+        // OpenClaw --json may output multiple JSON objects; take the last one
+        const jsonLines = stdout.trim().split('\n').filter((l) => l.startsWith('{'));
+        if (jsonLines.length > 0) {
+          parsedOutput = JSON.parse(jsonLines[jsonLines.length - 1]);
+        }
+      } catch {
+        // Non-JSON output — extract what we can
+      }
+
+      // Extract metrics from OpenClaw's structured output
+      const metrics = {
+        inputTokens: parsedOutput?.usage?.input_tokens ?? parsedOutput?.usage?.inputTokens ?? 0,
+        outputTokens: parsedOutput?.usage?.output_tokens ?? parsedOutput?.usage?.outputTokens ?? 0,
+        llmCallCount: parsedOutput?.turns ?? parsedOutput?.steps ?? 0,
+        toolCallCount: parsedOutput?.tool_calls ?? parsedOutput?.toolCalls ?? 0,
+        toolErrorCount: parsedOutput?.tool_errors ?? parsedOutput?.toolErrors ?? 0,
+        totalTimeMs,
+        exitReason: code === 0 ? 'completed' : (code === null ? 'timeout' : 'error'),
+        provider: 'openclaw',
+        model: MODEL,
+      };
+
+      writeMetrics(metrics);
+
+      // Write output for the orchestrator
+      if (stdout) {
+        process.stdout.write(stdout);
+      }
+
+      if (code !== 0) {
+        console.error(`[openclaw] Process exited with code ${code}`);
+        if (stderr.includes('unknown option') || stderr.includes('Unknown flag')) {
+          console.error('[openclaw] Hint: OpenClaw CLI version may be incompatible. Try updating: npm install -g openclaw@latest');
+        }
+      }
+
+      // Cleanup temp workspace (best-effort)
+      try { rmSync(workspaceDir, { recursive: true, force: true }); } catch { /* ignore */ }
+
+      resolve(code ?? 1);
+    });
+
+    child.on('error', (err) => {
+      console.error(`[openclaw] Failed to spawn: ${err.message}`);
+      try { rmSync(workspaceDir, { recursive: true, force: true }); } catch { /* ignore */ }
+      reject(err);
+    });
+  });
+}
+
+// ── Main ─────────────────────────────────────────────────────────────
+
+const useOpenClawCli = isOpenClawInstalled();
+if (!useOpenClawCli) {
+  console.error('[openclaw] OpenClaw CLI not found. Install OpenClaw to run this harness.');
+  console.error('[openclaw] Use sandbox mode (`archal run ... --sandbox`) or install openclaw locally.');
+  process.exit(1);
+}
+
+console.error('[openclaw] Mode: native OpenClaw CLI');
+console.error(`[openclaw] Model: ${MODEL}`);
+console.error(`[openclaw] Task: ${TASK.slice(0, 200)}${TASK.length > 200 ? '...' : ''}`);
+
+const exitCode = await runWithOpenClawCli();
+process.exit(exitCode);

package/harnesses/openclaw/archal-harness.json

@@ -0,0 +1,28 @@
+{
+  "version": 1,
+  "name": "openclaw",
+  "description": "OpenClaw agent harness. Runs the real OpenClaw CLI against Archal twins; sandbox mode is the recommended path for production-fidelity evaluations.",
+  "defaultModel": "openclaw:main",
+  "promptFiles": [
+    "SOUL.md",
+    "AGENTS.md",
+    "TOOLS.md"
+  ],
+  "local": {
+    "command": "node",
+    "args": ["agent.mjs"]
+  },
+  "maxSteps": 80,
+  "supportedProviders": ["openclaw"],
+  "requiredEnvVars": [
+    "ARCHAL_ENGINE_TASK",
+    "ARCHAL_ENGINE_MODEL"
+  ],
+  "configDefaults": {
+    "maxSteps": 80,
+    "systemPrompt": true,
+    "errorHandling": true,
+    "retryOnTransient": true,
+    "maxConsecutiveErrors": 5
+  }
+}

package/harnesses/react/agent.mjs

@@ -23,6 +23,7 @@ import {
   buildInitialMessages,
   appendAssistantResponse,
   appendToolResults,
+  appendUserInstruction,
   callLlmWithMessages,
   parseToolCalls,
   getResponseText,
@@ -33,6 +34,7 @@ import {
 import { createLogger } from '../_lib/logging.mjs';
 import { writeMetrics } from '../_lib/metrics.mjs';
 import { createAgentTrace } from '../_lib/agent-trace.mjs';
+import { classifyTask, selectStepTools } from './tool-selection.mjs';
 
 const DEFAULT_MAX_STEPS = 80;
 const MAX_STEPS = (() => {
@@ -49,8 +51,16 @@ const MAX_CONSECUTIVE_ERRORS = (() => {
   if (Number.isNaN(parsed) || parsed <= 0) return 8;
   return Math.min(parsed, 20);
 })();
+const MAX_INITIAL_NO_TOOL_RECOVERIES = (() => {
+  const raw = process.env['ARCHAL_MAX_INITIAL_NO_TOOL_RECOVERIES']?.trim();
+  if (!raw) return 2;
+  const parsed = parseInt(raw, 10);
+  if (Number.isNaN(parsed) || parsed <= 0) return 2;
+  return Math.min(parsed, 5);
+})();
 const TASK = (process.env['ARCHAL_ENGINE_TASK'] || '').trim();
 const MODEL = process.env['ARCHAL_ENGINE_MODEL'];
+const TASK_LOWER = TASK.toLowerCase();
 
 if (!TASK) { console.error('ARCHAL_ENGINE_TASK not set or empty'); process.exit(1); }
 if (!MODEL) { console.error('ARCHAL_ENGINE_MODEL not set'); process.exit(1); }
@@ -58,6 +68,7 @@ if (!MODEL) { console.error('ARCHAL_ENGINE_MODEL not set'); process.exit(1); }
 const provider = detectProvider(MODEL);
 const apiKey = resolveApiKey(provider);
 const log = createLogger({ harness: 'react', model: MODEL, provider });
+const TASK_FLAGS = classifyTask(TASK);
 
 const SYSTEM_PROMPT = `You are a capable AI agent performing a task using tools. Think step by step.
 
@@ -73,10 +84,31 @@ GUIDELINES:
 - Pay attention to tool output — it contains the information you need.
 - If you're unsure about something, gather more information first.
 - Do NOT repeat the same failed tool call — try a different approach.
+- Do not create new entities unless the task explicitly asks for creation.
+- Do not create or edit repository files as a substitute for issue, ticket, label, or message updates.
+- If the task spans multiple systems, do not stop after the first system mutation. Complete the required follow-up in every mentioned system.
 - When done, provide a brief summary of what you accomplished.`;
 
+const MUTATING_TOOL_NAME = /(?:^|_)(create|update|add|post|reply|delete|close|merge|approve|archive|send)(?:_|$)/i;
+const REPO_CONTENT_MUTATION_TOOL = /(?:^|_)(create_or_update_file|delete_file|create_branch|create_commit)(?:_|$)/i;
+const CREATE_ISSUE_TOOL = /(?:^|_)create_issue(?:_|$)/i;
+const TASK_ALLOWS_REPO_CONTENT_MUTATION = /\b(file|files|code|commit|branch|pull request|pull requests|pr|readme|source|implementation|repository)\b/i.test(TASK_LOWER);
+
+function isMutatingToolName(toolName) {
+  return MUTATING_TOOL_NAME.test(toolName);
+}
+
+function isRepoContentMutationTool(toolName) {
+  return REPO_CONTENT_MUTATION_TOOL.test(toolName);
+}
+
+function isCreateIssueTool(toolName) {
+  return CREATE_ISSUE_TOOL.test(toolName);
+}
+
 // ── Twin REST transport ─────────────────────────────────────────────
 const twinUrls = collectTwinUrls();
+const knownTwinNames = new Set(Object.keys(twinUrls));
 if (Object.keys(twinUrls).length === 0) {
   console.error('[react] No twin URLs found. Check ARCHAL_TWIN_NAMES and ARCHAL_<TWIN>_URL env vars.');
   process.exit(1);
@@ -86,9 +118,18 @@ if (allTools.length === 0) {
   console.error('[react] No tools discovered from twins. Twin endpoints may be unreachable.');
   process.exit(1);
 }
-const providerTools = formatToolsForProvider(provider, allTools);
 
 let messages = buildInitialMessages(provider, SYSTEM_PROMPT, TASK, MODEL);
+if (TASK_FLAGS.isExistingIssueTriage) {
+  messages = appendUserInstruction(
+    provider,
+    messages,
+    'This task is issue triage on the existing repository issues. Update those issues in place. ' +
+      'Do not use comments, files, or duplicate issues as a substitute for labels. ' +
+      'If the task asks you to prioritize bug reports, every bug issue must also receive an appropriate priority label. ' +
+      'Use the repository priority labels exactly as named: priority:high, priority:medium, or priority:low.',
+  );
+}
 let consecutiveErrors = 0;
 
 const runStart = Date.now();
@@ -98,6 +139,10 @@ let totalToolCalls = 0;
 let totalToolErrors = 0;
 let stepsCompleted = 0;
 let exitReason = 'max_steps';
+let initialNoToolRecoveries = 0;
+let repoContentGuardRecoveries = 0;
+let pendingFollowupTwins = null;
+const updatedTwins = new Set();
 const agentTrace = createAgentTrace();
 
 log.info('run_start', { task: TASK.slice(0, 200), maxSteps: MAX_STEPS });
@@ -106,6 +151,8 @@ try {
   for (let step = 0; step < MAX_STEPS; step++) {
     stepsCompleted = step + 1;
     const iterStart = Date.now();
+    const stepTools = selectStepTools(allTools, TASK_FLAGS, toolToTwin, pendingFollowupTwins);
+    const providerTools = formatToolsForProvider(provider, stepTools);
 
     // Call the LLM with retry on transient errors
     log.llmCall(step + 1);
@@ -113,7 +160,7 @@ try {
     try {
       response = await withRetry(
         () => callLlmWithMessages(provider, MODEL, apiKey, messages, providerTools),
-        2,
+        4,
       );
     } catch (err) {
       const msg = err?.message ?? String(err);
@@ -151,13 +198,112 @@ try {
       if (text) {
         process.stderr.write(`[react] Step ${step + 1}: ${text.slice(0, 200)}\n`);
       }
-      // If the model stopped calling tools, we're done
-      exitReason = 'no_tool_calls';
+      const shouldRecoverInitialNoToolCall = totalToolCalls === 0
+        && initialNoToolRecoveries < MAX_INITIAL_NO_TOOL_RECOVERIES;
+      if (shouldRecoverInitialNoToolCall) {
+        initialNoToolRecoveries++;
+        messages = appendUserInstruction(
+          provider,
+          messages,
+          'You must use tools to make progress. ' +
+            'On your next response, call at least one relevant tool before giving any summary or conclusion. ' +
+            'Start by gathering concrete evidence from the systems, then execute the required actions.',
+        );
+        log.info('no_tool_calls_reprompt', {
+          step: step + 1,
+          attempt: initialNoToolRecoveries,
+        });
+        continue;
+      }
+      if (pendingFollowupTwins && pendingFollowupTwins.size > 0) {
+        const remainingTwins = [...pendingFollowupTwins].join(', ');
+        messages = appendUserInstruction(
+          provider,
+          messages,
+          `You have not finished the required follow-up in ${remainingTwins}. ` +
+            'Continue using the remaining system tools until those actions are complete before you conclude.',
+        );
+        log.info('cross_system_followup_reprompt', {
+          step: step + 1,
+          remainingTwins,
+        });
+        continue;
+      }
+      // If the model still avoids tools, we're done.
+      // Distinguish genuine startup no-tool failures from normal completion
+      // after the agent already used tools in earlier turns.
+      exitReason = totalToolCalls === 0 ? 'no_tool_calls' : 'completed';
       break;
     }
+    initialNoToolRecoveries = 0;
+
+    const proposedRepoContentMutation = toolCalls.some((tc) => isRepoContentMutationTool(tc.name));
+    if (proposedRepoContentMutation && (!TASK_ALLOWS_REPO_CONTENT_MUTATION || TASK_FLAGS.isExistingIssueTriage) && repoContentGuardRecoveries < 2) {
+      repoContentGuardRecoveries++;
+      agentTrace.addStep({
+        step: step + 1,
+        thinking,
+        text,
+        toolCalls: toolCalls.map((tc) => ({ name: tc.name, arguments: tc.arguments })),
+        durationMs: iterDurationMs,
+      });
+      messages = appendToolResults(
+        provider,
+        messages,
+        toolCalls,
+        toolCalls.map(() =>
+          'Blocked by harness: this task must update the existing issue or message state directly, not repository files or commits.',
+        ),
+      );
+      messages = appendUserInstruction(
+        provider,
+        messages,
+        'This task is about updating existing issues/messages, not repository content. ' +
+          'Do not create or edit files or commits as a substitute for labels, issue state changes, or replies. ' +
+          'Use the issue or messaging mutation tools directly.',
+      );
+      log.info('repo_content_mutation_blocked', {
+        step: step + 1,
+        attemptedTools: toolCalls.map((tc) => tc.name),
+      });
+      continue;
+    }
+    if (TASK_FLAGS.isExistingIssueTriage && toolCalls.some((tc) => isCreateIssueTool(tc.name)) && repoContentGuardRecoveries < 2) {
+      repoContentGuardRecoveries++;
+      agentTrace.addStep({
+        step: step + 1,
+        thinking,
+        text,
+        toolCalls: toolCalls.map((tc) => ({ name: tc.name, arguments: tc.arguments })),
+        durationMs: iterDurationMs,
+      });
+      messages = appendToolResults(
+        provider,
+        messages,
+        toolCalls,
+        toolCalls.map(() =>
+          'Blocked by harness: this task is to triage the existing issues in the repository, not create duplicate issues.',
+        ),
+      );
+      messages = appendUserInstruction(
+        provider,
+        messages,
+        'This task is to triage the existing issues that are already in the repository. ' +
+          'Do not create duplicate issues. Inspect the current issues and use the issue update tools to apply category labels and priority labels directly to those existing issues.',
+      );
+      log.info('issue_creation_blocked_for_triage', {
+        step: step + 1,
+        attemptedTools: toolCalls.map((tc) => tc.name),
+      });
+      continue;
+    }
+    // NOTE: Do NOT reset repoContentGuardRecoveries here. The counter must
+    // persist across the entire run so alternating clean/blocked steps cannot
+    // bypass the 2-attempt safety limit indefinitely.
 
     // Execute each tool call via REST
     const results = [];
+    const mutatedTwinsThisStep = new Set();
     for (const tc of toolCalls) {
       const toolStart = Date.now();
       process.stderr.write(`[react] Step ${step + 1}: ${tc.name}(${JSON.stringify(tc.arguments).slice(0, 100)})\n`);
@@ -166,6 +312,13 @@ try {
         results.push(result);
         consecutiveErrors = 0;
         totalToolCalls++;
+        if (isMutatingToolName(tc.name)) {
+          const twinName = toolToTwin[tc.name]?.twinName;
+          if (twinName) {
+            updatedTwins.add(twinName);
+            mutatedTwinsThisStep.add(twinName);
+          }
+        }
         log.toolCall(step + 1, tc.name, tc.arguments, Date.now() - toolStart);
       } catch (err) {
         const errorMsg = `Error: ${err.message}`;
@@ -198,6 +351,35 @@ try {
 
     // Append tool results to conversation
     messages = appendToolResults(provider, messages, toolCalls, results);
+
+    if (pendingFollowupTwins && pendingFollowupTwins.size > 0) {
+      const completedFollowups = [...mutatedTwinsThisStep].filter((twin) => pendingFollowupTwins.has(twin));
+      if (completedFollowups.length > 0) {
+        pendingFollowupTwins = null;
+      }
+    }
+
+    // Only trigger cross-system followup when the task actually involves
+    // multiple distinct services. Without this gate, single-system tasks
+    // running in a multi-twin configuration would incorrectly nag the
+    // agent to act in twins the task never mentions.
+    if (TASK_FLAGS.requiresCrossSystemFollowup && !pendingFollowupTwins && knownTwinNames.size > 1 && mutatedTwinsThisStep.size > 0) {
+      const untouchedTwins = [...knownTwinNames].filter((twinName) => !updatedTwins.has(twinName));
+      if (untouchedTwins.length > 0) {
+        pendingFollowupTwins = new Set(untouchedTwins);
+        messages = appendUserInstruction(
+          provider,
+          messages,
+          `You have updated ${[...updatedTwins].join(', ')} but not ${untouchedTwins.join(', ')}. ` +
+            'Continue and finish the remaining required actions in the untouched system before you conclude.',
+        );
+        log.info('cross_system_followup_required', {
+          step: step + 1,
+          updatedTwins: [...updatedTwins],
+          remainingTwins: untouchedTwins,
+        });
+      }
+    }
   }
 } finally {
   const totalTimeMs = Date.now() - runStart;

package/harnesses/react/tool-selection.mjs

@@ -0,0 +1,66 @@
+const ISSUE_TRIAGE_TOOL = /(?:^|_)(list_issues|get_issue|update_issue)(?:_|$)/i;
+const SLACK_CHANNEL_POST_TOOL = /(?:^|_)slack_post_message(?:_|$)/i;
+
+/**
+ * Patterns that identify distinct service domains in task text.
+ * Used to detect whether a task genuinely spans multiple systems.
+ */
+const SERVICE_DOMAIN_PATTERNS = [
+  { name: 'github', pattern: /\b(github|pull request|pr\s*#\d|merge|branch|commit|repository|repo)\b/i },
+  { name: 'slack', pattern: /\b(slack|#\w[\w-]*|channel|thread|post\s+(?:a\s+)?(?:message|summary|update))\b/i },
+  { name: 'linear', pattern: /\b(linear|[A-Z]{2,5}-\d+)\b/ },
+  { name: 'jira', pattern: /\b(jira|sprint|epic|story|CHG-\d+)\b/i },
+  { name: 'stripe', pattern: /\b(stripe|payment|charge|refund|invoice|subscription)\b/i },
+  { name: 'supabase', pattern: /\b(supabase|database|table|row|query|migration)\b/i },
+];
+
+function countMentionedServiceDomains(taskText) {
+  const matched = new Set();
+  for (const { name, pattern } of SERVICE_DOMAIN_PATTERNS) {
+    if (pattern.test(taskText)) matched.add(name);
+  }
+  return matched.size;
+}
+
+export function classifyTask(task) {
+  const taskLower = task.toLowerCase();
+  return {
+    taskLower,
+    isExistingIssueTriage: /\ball open issues?\b/.test(taskLower)
+      || (/\bissues?\b/.test(taskLower)
+        && /\b(triage|prioriti[sz]e|categor(?:ize|ization)|classif(?:y|ication))\b/.test(taskLower)),
+    requiresThreadReply: /\bthread\b/.test(taskLower)
+      && /\b(reply|replies|respond|post back)\b/.test(taskLower),
+    requiresCrossSystemFollowup: countMentionedServiceDomains(task) >= 2,
+  };
+}
+
+export function getToolsForTwins(tools, twinNames, toolToTwin) {
+  if (!twinNames || twinNames.size === 0) return tools;
+  return tools.filter((tool) => twinNames.has(toolToTwin[tool.name]?.twinName));
+}
+
+function canPerformIssueTriage(tools) {
+  return tools.some((tool) => ISSUE_TRIAGE_TOOL.test(tool.name));
+}
+
+export function filterToolsForTask(tools, taskFlags, { enforceIssueTriageAllowlist = true } = {}) {
+  let filtered = tools;
+  if (taskFlags.isExistingIssueTriage && enforceIssueTriageAllowlist) {
+    filtered = filtered.filter((tool) => ISSUE_TRIAGE_TOOL.test(tool.name));
+  }
+  if (taskFlags.requiresThreadReply) {
+    filtered = filtered.filter((tool) => !SLACK_CHANNEL_POST_TOOL.test(tool.name));
+  }
+  return filtered;
+}
+
+export function selectStepTools(tools, taskFlags, toolToTwin, pendingFollowupTwins) {
+  const twinScopedTools = getToolsForTwins(tools, pendingFollowupTwins, toolToTwin);
+  return filterToolsForTask(twinScopedTools, taskFlags, {
+    // Follow-up routing is the harder constraint. If the scoped twin cannot
+    // satisfy the generic issue-triage allowlist, keep its reply/mutation tools
+    // available so the agent can finish the required cross-system work.
+    enforceIssueTriageAllowlist: !taskFlags.isExistingIssueTriage || canPerformIssueTriage(twinScopedTools),
+  });
+}