@botcord/daemon 0.2.4 → 0.2.6

package/dist/provision.js

@@ -3,16 +3,14 @@
  * to this module with the parsed {@link ControlFrame}; we execute the
  * side effects (register agent, write credentials, load route, add/remove
  * gateway channel) and return an ack payload.
- *
- * See `docs/daemon-control-plane-plan.md` §4.3, §5.3, §8.
  */
 import { existsSync, rmSync, unlinkSync } from "node:fs";
 import { homedir } from "node:os";
 import path from "node:path";
 import { BotCordClient, CONTROL_FRAME_TYPES, defaultCredentialsFile, derivePublicKey, loadStoredCredentials, writeCredentialsFile, } from "@botcord/protocol-core";
 import { loadConfig, resolveConfiguredAgentIds, saveConfig, } from "./config.js";
-import { BOTCORD_CHANNEL_TYPE, buildManagedRoutes } from "./daemon-config-map.js";
-import { agentHomeDir, agentStateDir, agentWorkspaceDir, ensureAgentWorkspace, } from "./agent-workspace.js";
+import { BOTCORD_CHANNEL_TYPE, buildManagedRoutes, prepareGatewayProfile, } from "./daemon-config-map.js";
+import { agentHomeDir, agentStateDir, agentWorkspaceDir, applyAgentIdentity, ensureAgentWorkspace, } from "./agent-workspace.js";
 import { detectRuntimes, getAdapterModule } from "./adapters/runtimes.js";
 import { log as daemonLog } from "./log.js";
 /**
@@ -23,11 +21,42 @@ import { log as daemonLog } from "./log.js";
 export function createProvisioner(opts) {
     const gateway = opts.gateway;
     const register = opts.register ?? BotCordClient.register;
+    const policyResolver = opts.policyResolver;
     return async (frame) => {
         daemonLog.debug("provision.dispatch", { type: frame.type, id: frame.id });
         switch (frame.type) {
             case CONTROL_FRAME_TYPES.PING:
                 return { ok: true, result: { pong: true, ts: Date.now() } };
+            case CONTROL_FRAME_TYPES.HELLO: {
+                const params = (frame.params ?? {});
+                const result = applyHelloIdentitySnapshot(params.agents);
+                daemonLog.debug("hello: identity snapshot applied", {
+                    frameId: frame.id,
+                    received: params.agents?.length ?? 0,
+                    updated: result.updated,
+                    skipped: result.skipped,
+                });
+                return { ok: true, result };
+            }
+            case CONTROL_FRAME_TYPES.UPDATE_AGENT: {
+                const params = (frame.params ?? {});
+                if (!params.agentId) {
+                    return {
+                        ok: false,
+                        error: { code: "bad_params", message: "update_agent requires params.agentId" },
+                    };
+                }
+                const result = applyAgentIdentity(params.agentId, {
+                    displayName: params.displayName,
+                    bio: params.bio,
+                });
+                daemonLog.info("update_agent applied", {
+                    agentId: params.agentId,
+                    changed: result.changed,
+                    skipped: result.skipped ?? null,
+                });
+                return { ok: true, result };
+            }
             case CONTROL_FRAME_TYPES.PROVISION_AGENT: {
                 const params = (frame.params ?? {});
                 daemonLog.info("provision_agent: start", {
@@ -37,6 +66,18 @@ export function createProvisioner(opts) {
                     name: params.name ?? null,
                 });
                 const agent = await provisionAgent(params, { gateway, register });
+                // Seed the policy resolver from the optional `defaultAttention` /
+                // `attentionKeywords` fields (PR3, control-frame.ts). Hub builds that
+                // don't yet emit these stay backwards-compatible — the resolver just
+                // falls back to `mode=always` until a `policy_updated` frame arrives.
+                if (policyResolver && params.defaultAttention) {
+                    policyResolver.put(agent.agentId, null, {
+                        mode: params.defaultAttention,
+                        keywords: Array.isArray(params.attentionKeywords)
+                            ? params.attentionKeywords.slice()
+                            : [],
+                    });
+                }
                 return {
                     ok: true,
                     result: {
@@ -71,8 +112,58 @@ export function createProvisioner(opts) {
                 const res = setRoute(frame.params ?? {});
                 return { ok: true, result: res };
             }
+            case CONTROL_FRAME_TYPES.POLICY_UPDATED: {
+                const params = (frame.params ?? {});
+                const agentId = params.agent_id;
+                if (typeof agentId !== "string" || !agentId) {
+                    return {
+                        ok: false,
+                        error: { code: "bad_params", message: "policy_updated requires agent_id" },
+                    };
+                }
+                if (!policyResolver) {
+                    // No resolver wired — quietly succeed; the daemon may be running
+                    // without the gateway-level attention gate (e.g. legacy boot path).
+                    daemonLog.debug("policy_updated: no resolver — noop", { agentId });
+                    return { ok: true, result: { agent_id: agentId, applied: false } };
+                }
+                const roomId = typeof params.room_id === "string" ? params.room_id : undefined;
+                if (params.policy) {
+                    // Embedded policy payload — install directly to avoid a refetch.
+                    policyResolver.put(agentId, roomId ?? null, {
+                        mode: params.policy.mode,
+                        keywords: Array.isArray(params.policy.keywords)
+                            ? params.policy.keywords.slice()
+                            : [],
+                        ...(typeof params.policy.muted_until === "number"
+                            ? { muted_until: params.policy.muted_until }
+                            : {}),
+                    });
+                }
+                else {
+                    policyResolver.invalidate(agentId, roomId);
+                }
+                daemonLog.info("policy_updated: applied", {
+                    agentId,
+                    roomId: roomId ?? null,
+                    embedded: !!params.policy,
+                });
+                return {
+                    ok: true,
+                    result: { agent_id: agentId, applied: true, embedded: !!params.policy },
+                };
+            }
             case CONTROL_FRAME_TYPES.LIST_RUNTIMES: {
-                const snapshot = collectRuntimeSnapshot();
+                // Async path so the openclaw-acp endpoints get probed inline; gateway
+                // / WS errors are swallowed inside `collectRuntimeSnapshotAsync`.
+                let cfgForProbe;
+                try {
+                    cfgForProbe = loadConfig();
+                }
+                catch {
+                    cfgForProbe = undefined;
+                }
+                const snapshot = await collectRuntimeSnapshotAsync({ cfg: cfgForProbe });
                 daemonLog.debug("list_runtimes", { count: snapshot.runtimes.length });
                 return { ok: true, result: snapshot };
             }
@@ -176,11 +267,35 @@ async function provisionAgent(params, ctx) {
     // Hot-add the synthesized per-agent managed route so the next turn picks
     // the agent's runtime + workspace cwd without waiting for reload_config.
     try {
-        ctx.gateway.upsertManagedRoute(credentials.agentId, {
+        const synthRoute = {
             match: { accountId: credentials.agentId },
             runtime: credentials.runtime ?? cfg.defaultRoute.adapter,
             cwd: credentials.cwd ?? agentWorkspaceDir(credentials.agentId),
-        });
+        };
+        if (synthRoute.runtime === "openclaw-acp") {
+            // Resolve gateway from the freshly written credentials + the live
+            // openclawGateways registry. A missing/unknown gateway here yields a
+            // disabled route (set_route style); next turn for this agent falls
+            // back to defaultRoute. Caller already validated via reload semantics.
+            const profile = (cfg.openclawGateways ?? []).find((g) => g.name === credentials.openclawGateway);
+            if (profile) {
+                // Run the same tokenFile-aware resolver `toGatewayConfig` uses so the
+                // first turn after provisioning doesn't auth-fail when the gateway
+                // ships its bearer via `tokenFile` instead of an inline `token`.
+                const prepared = prepareGatewayProfile(profile);
+                synthRoute.gateway = {
+                    name: prepared.name,
+                    url: prepared.url,
+                    ...(prepared.resolvedToken ? { token: prepared.resolvedToken } : {}),
+                    ...(credentials.openclawAgent
+                        ? { openclawAgent: credentials.openclawAgent }
+                        : prepared.defaultAgent
+                            ? { openclawAgent: prepared.defaultAgent }
+                            : {}),
+                };
+            }
+        }
+        ctx.gateway.upsertManagedRoute(credentials.agentId, synthRoute);
     }
     catch (err) {
         // Rollback the channel + config + credentials on managed-route failure
@@ -222,9 +337,9 @@ async function provisionAgent(params, ctx) {
     };
 }
 async function materializeCredentials(params, cfg, ctx, explicitCwd) {
-    // Runtime is an agent property (docs/agent-runtime-property-plan.md §4.1).
-    // Hub is authoritative; top-level `runtime` wins, `adapter` is a one-release
-    // alias, and `credentials.runtime` is the per-agent cached copy.
+    // Runtime is an agent property. Hub is authoritative; top-level `runtime`
+    // wins, `adapter` is a one-release alias, and `credentials.runtime` is the
+    // per-agent cached copy.
     const runtime = pickRuntime(params);
     if (runtime)
         assertKnownRuntime(runtime);
@@ -261,6 +376,11 @@ async function materializeCredentials(params, cfg, ctx, explicitCwd) {
         if (runtime)
             record.runtime = runtime;
         record.cwd = cwd;
+        const openclawSel = pickOpenclawSelection(params);
+        if (openclawSel.gateway)
+            record.openclawGateway = openclawSel.gateway;
+        if (openclawSel.agent)
+            record.openclawAgent = openclawSel.agent;
         return record;
     }
     // Slow path: daemon registers a fresh identity against Hub. We need a
@@ -288,8 +408,40 @@ async function materializeCredentials(params, cfg, ctx, explicitCwd) {
     if (runtime)
         record.runtime = runtime;
     record.cwd = cwd;
+    const openclawSel = pickOpenclawSelection(params);
+    if (openclawSel.gateway)
+        record.openclawGateway = openclawSel.gateway;
+    if (openclawSel.agent)
+        record.openclawAgent = openclawSel.agent;
     return record;
 }
+/**
+ * Resolve OpenClaw routing selection from a `provision_agent` frame. Top-level
+ * `params.openclaw` (nested) wins over the flat `credentials.openclaw*` mirror.
+ * Returning `{}` is fine — only meaningful when the agent's runtime is
+ * `openclaw-acp`, and `buildManagedRoutes` falls back to defaultRoute.gateway
+ * when both are missing.
+ */
+function pickOpenclawSelection(params) {
+    const out = {};
+    const top = params.openclaw;
+    if (top && typeof top.gateway === "string" && top.gateway.length > 0) {
+        out.gateway = top.gateway;
+        if (typeof top.agent === "string" && top.agent.length > 0)
+            out.agent = top.agent;
+        return out;
+    }
+    const flat = params.credentials;
+    if (flat) {
+        if (typeof flat.openclawGateway === "string" && flat.openclawGateway.length > 0) {
+            out.gateway = flat.openclawGateway;
+        }
+        if (typeof flat.openclawAgent === "string" && flat.openclawAgent.length > 0) {
+            out.agent = flat.openclawAgent;
+        }
+    }
+    return out;
+}
 async function revokeAgent(params, ctx) {
     if (!params.agentId) {
         throw new Error("revoke_agent requires params.agentId");
@@ -479,6 +631,201 @@ export function collectRuntimeSnapshot() {
     });
     return { runtimes, probedAt: Date.now() };
 }
+/** Maximum number of `endpoints[]` entries persisted per runtime (RFC §3.8.2). */
+export const RUNTIME_ENDPOINTS_CAP = 32;
+/**
+ * Default L2 + L3 probe — opens a WS handshake against the OpenClaw gateway
+ * and, when the connection is up, issues a JSON-RPC `agents.list` request to
+ * enumerate configured agent profiles. Best-effort: a successful WS open with
+ * a failed `agents.list` still reports `ok: true` (just without `agents`),
+ * matching the RFC's "agents populated only when listing succeeded" rule.
+ *
+ * Method name and result shape follow OpenClaw:
+ *   `~/claws/openclaw/src/gateway/server-methods/agents.ts:416` and
+ *   `~/claws/openclaw/src/gateway/session-utils.ts:783` —
+ *   `{ defaultId, mainKey, scope, agents: [{ id, name?, identity?, workspace, model? }] }`.
+ */
+async function defaultWsProbe(args) {
+    const { default: WebSocket } = await import("ws");
+    return new Promise((resolve) => {
+        let settled = false;
+        let ws;
+        let timer;
+        const settle = (v) => {
+            if (settled)
+                return;
+            settled = true;
+            if (timer)
+                clearTimeout(timer);
+            try {
+                ws?.terminate();
+            }
+            catch {
+                // ignore
+            }
+            resolve(v);
+        };
+        try {
+            const headers = {};
+            if (args.token)
+                headers["Authorization"] = `Bearer ${args.token}`;
+            ws = new WebSocket(args.url, { headers });
+        }
+        catch (err) {
+            resolve({ ok: false, error: err.message });
+            return;
+        }
+        timer = setTimeout(() => settle({ ok: false, error: "timeout" }), args.timeoutMs);
+        const requestId = "probe-agents-list";
+        ws.on("open", () => {
+            // L3: enumerate agent profiles. We don't fail the L2 result if this
+            // call fails — the gateway is reachable either way.
+            try {
+                ws.send(JSON.stringify({
+                    jsonrpc: "2.0",
+                    id: requestId,
+                    method: "agents.list",
+                    params: {},
+                }));
+            }
+            catch (err) {
+                settle({ ok: true, error: `agents.list send failed: ${err.message}` });
+            }
+        });
+        ws.on("message", (raw) => {
+            try {
+                const msg = JSON.parse(typeof raw === "string" ? raw : raw.toString("utf8"));
+                if (msg?.id !== requestId)
+                    return; // ignore unrelated frames
+                if (msg.error) {
+                    settle({ ok: true, error: String(msg.error?.message ?? "agents.list error") });
+                    return;
+                }
+                const list = Array.isArray(msg.result?.agents) ? msg.result.agents : [];
+                const agents = [];
+                for (const a of list) {
+                    if (!a || typeof a.id !== "string" || a.id.length === 0)
+                        continue;
+                    const row = { id: a.id };
+                    if (typeof a.name === "string")
+                        row.name = a.name;
+                    if (typeof a.workspace === "string")
+                        row.workspace = a.workspace;
+                    if (a.model && typeof a.model === "object") {
+                        const model = {};
+                        if (typeof a.model.name === "string")
+                            model.name = a.model.name;
+                        if (typeof a.model.provider === "string")
+                            model.provider = a.model.provider;
+                        if (model.name || model.provider)
+                            row.model = model;
+                    }
+                    agents.push(row);
+                }
+                settle({ ok: true, agents });
+            }
+            catch (err) {
+                settle({ ok: true, error: `agents.list parse failed: ${err.message}` });
+            }
+        });
+        ws.on("error", (err) => {
+            settle({ ok: false, error: err.message });
+        });
+        ws.on("close", () => {
+            // If the socket closes before `agents.list` resolved we still treat
+            // L2 as ok (open fired) and emit no agents.
+            settle({ ok: true });
+        });
+    });
+}
+/**
+ * Async variant that includes L2 (gateway reachability) and L3 (agent listing)
+ * probes for runtimes that talk to external services. Used by the production
+ * `list_runtimes` and first-connect snapshot paths.
+ *
+ * `cfg` is optional so existing callers without a loaded config (e.g. tests)
+ * can keep using the sync `collectRuntimeSnapshot()` — when absent, the result
+ * is identical to that function.
+ */
+export async function collectRuntimeSnapshotAsync(opts = {}) {
+    const base = collectRuntimeSnapshot();
+    const gateways = opts.cfg?.openclawGateways ?? [];
+    if (gateways.length === 0)
+        return base;
+    const probe = opts.wsProbe ?? defaultWsProbe;
+    // Default daemon-side budget is 3s — it must stay below the Hub's
+    // `list_runtimes` ack wait (5s, see backend/hub/routers/daemon_control.py)
+    // so a single slow gateway can't blow the whole snapshot to a 504.
+    const timeoutMs = opts.timeoutMs ?? 3000;
+    const capped = gateways.slice(0, RUNTIME_ENDPOINTS_CAP);
+    const endpoints = await Promise.all(capped.map(async (g) => {
+        // Resolve `tokenFile` here so token-file-only profiles probe with auth
+        // and aren't falsely marked unreachable in the dashboard.
+        const prepared = prepareGatewayProfile(g);
+        try {
+            const res = await probe({ url: g.url, token: prepared.resolvedToken, timeoutMs });
+            const entry = { name: g.name, url: g.url, reachable: res.ok };
+            if (res.version)
+                entry.version = res.version;
+            if (res.error)
+                entry.error = res.error;
+            if (res.agents)
+                entry.agents = res.agents;
+            return entry;
+        }
+        catch (err) {
+            return {
+                name: g.name,
+                url: g.url,
+                reachable: false,
+                error: err.message,
+            };
+        }
+    }));
+    const out = { ...base };
+    out.runtimes = base.runtimes.map((r) => r.id === "openclaw-acp" ? { ...r, endpoints } : r);
+    return out;
+}
+/**
+ * Reconcile every agent identity carried by the `hello.agents` snapshot
+ * against the on-disk `identity.md`. Best-effort: a malformed entry or a
+ * file-system error for one agent never aborts the rest.
+ *
+ * Identity-snapshot semantics intentionally only touch the metadata
+ * line + Bio body — Role/Boundaries paragraphs the user authored locally
+ * are preserved (see `applyAgentIdentity`). Missing identity.md files
+ * (agent provisioned on a different daemon, or workspace cleared) are
+ * silently skipped.
+ */
+export function applyHelloIdentitySnapshot(snapshot) {
+    const out = { updated: 0, skipped: 0 };
+    if (!Array.isArray(snapshot))
+        return out;
+    for (const entry of snapshot) {
+        if (!entry || typeof entry.agentId !== "string") {
+            out.skipped += 1;
+            continue;
+        }
+        try {
+            const result = applyAgentIdentity(entry.agentId, {
+                displayName: entry.displayName,
+                bio: entry.bio,
+            });
+            if (result.changed)
+                out.updated += 1;
+            else
+                out.skipped += 1;
+        }
+        catch (err) {
+            out.skipped += 1;
+            daemonLog.warn("hello.identity apply failed", {
+                agentId: entry.agentId,
+                error: err instanceof Error ? err.message : String(err),
+            });
+        }
+    }
+    return out;
+}
 /**
  * Re-read `config.json` and reconcile the running gateway against it. New
  * agents in config but not in gateway snapshot → `addChannel`; agents in
@@ -566,7 +913,11 @@ function readAgentRuntimesFromCredentials(agentIds) {
                 entry.runtime = creds.runtime;
             if (creds.cwd)
                 entry.cwd = creds.cwd;
-            if (entry.runtime || entry.cwd)
+            if (creds.openclawGateway)
+                entry.openclawGateway = creds.openclawGateway;
+            if (creds.openclawAgent)
+                entry.openclawAgent = creds.openclawAgent;
+            if (entry.runtime || entry.cwd || entry.openclawGateway || entry.openclawAgent)
                 out[id] = entry;
         }
         catch {
@@ -654,11 +1005,21 @@ export function setRoute(params) {
     if (p.pattern && typeof p.pattern === "string" && !match.conversationPrefix) {
         match.conversationPrefix = p.pattern;
     }
+    // Fall back to defaultRoute.extraArgs (mirrors adapter/cwd inheritance
+    // above) so dashboard-driven `set_route` calls that only carry agentId +
+    // pattern still pick up operator-wide flags like `--permission-mode
+    // bypassPermissions`. Without this, every newly provisioned agent lost
+    // those flags and Bash/MCP tool calls would deadlock on permission prompts.
+    const extraArgs = Array.isArray(route?.extraArgs)
+        ? route.extraArgs.slice()
+        : Array.isArray(cfg.defaultRoute.extraArgs)
+            ? cfg.defaultRoute.extraArgs.slice()
+            : undefined;
     const newRule = {
         match,
         adapter,
         cwd,
-        ...(Array.isArray(route?.extraArgs) ? { extraArgs: route.extraArgs.slice() } : {}),
+        ...(extraArgs ? { extraArgs } : {}),
     };
     const routes = Array.isArray(cfg.routes) ? cfg.routes.slice() : [];
     // Replace an existing matching rule. We use the canonical signature

package/dist/system-context.d.ts

@@ -6,10 +6,11 @@
  * `RuntimeRunOptions.systemContext`. This module composes the daemon's
  * system-context string from:
  *
- *   1. `[BotCord Scene: Owner Chat]` (owner-trust turns only)
- *   2. `[BotCord Working Memory]`
- *   3. `[BotCord Room Context]` (group rooms, via optional async fetcher)
- *   4. `[BotCord Cross-Room Awareness]` (optional activity tracker)
+ *   1. `[BotCord Identity]` (read fresh from workspace/identity.md each turn)
+ *   2. `[BotCord Scene: Owner Chat]` (owner-trust turns only)
+ *   3. `[BotCord Working Memory]`
+ *   4. `[BotCord Room Context]` (group rooms, via optional async fetcher)
+ *   5. `[BotCord Cross-Room Awareness]` (optional activity tracker)
  *
  * Behavior:
  *   - Working memory is loaded fresh per turn, so a `memory set` from another

package/dist/system-context.js

@@ -1,5 +1,6 @@
 import { buildCrossRoomDigest } from "./cross-room.js";
 import { buildWorkingMemoryPrompt, readWorkingMemory } from "./working-memory.js";
+import { readIdentity } from "./agent-workspace.js";
 import { classifyActivitySender } from "./sender-classify.js";
 import { log } from "./log.js";
 /**
@@ -25,6 +26,32 @@ function safeReadWorkingMemory(agentId) {
         return null;
     }
 }
+/**
+ * Read identity.md and wrap it as a system-context block. Placed before
+ * every other block so the agent answers "who are you" from this file
+ * rather than from the underlying CLI's default persona ("I am Claude
+ * Code"). Re-read every turn so dashboard reconcile (`applyAgentIdentity`)
+ * and self-edits take effect immediately, mirroring working-memory
+ * semantics.
+ */
+function buildIdentityPrompt(agentId) {
+    let raw = null;
+    try {
+        raw = readIdentity(agentId);
+    }
+    catch (err) {
+        log.warn("identity read failed", { agentId, err: String(err) });
+        return null;
+    }
+    if (!raw)
+        return null;
+    return [
+        "[BotCord Identity]",
+        "Your persistent identity card. The fields below are the source of truth — when asked who you are, what you do, or what you will / will not do, answer from this block, not from the underlying CLI's default persona.",
+        "",
+        raw.trim(),
+    ].join("\n");
+}
 /**
  * Build a {@link SystemContextBuilder} for the gateway dispatcher.
  *
@@ -34,6 +61,7 @@ function safeReadWorkingMemory(agentId) {
  */
 export function createDaemonSystemContextBuilder(deps) {
     const gatherSyncBlocks = (message) => {
+        const identity = buildIdentityPrompt(deps.agentId);
         const ownerScene = classifyActivitySender(message).kind === "owner"
             ? buildOwnerChatSceneContext()
             : null;
@@ -47,7 +75,7 @@ export function createDaemonSystemContextBuilder(deps) {
                 currentTopic: message.conversation.threadId ?? null,
             }) || null
             : null;
-        return { ownerScene, memory, digest };
+        return { identity, ownerScene, memory, digest };
     };
     const assemble = (parts) => {
         const filtered = parts.filter((p) => typeof p === "string" && p.length > 0);
@@ -70,11 +98,12 @@ export function createDaemonSystemContextBuilder(deps) {
     };
     if (!deps.roomContextBuilder) {
         const syncBuilder = (message) => {
-            const { ownerScene, memory, digest } = gatherSyncBlocks(message);
+            const { identity, ownerScene, memory, digest } = gatherSyncBlocks(message);
             // Loop-risk sits at the end so its "reply NO_REPLY unless…" guidance
             // is the last thing the model sees before the user turn body.
+            // Identity sits at the very front so it frames every other block.
             const loopRisk = runLoopRisk(message);
-            return assemble([ownerScene, memory, digest, loopRisk]);
+            return assemble([identity, ownerScene, memory, digest, loopRisk]);
         };
         // Compile-time witness that the narrower sync signature still satisfies
         // `SystemContextBuilder` (which allows async). Prevents the two contracts
@@ -85,11 +114,12 @@ export function createDaemonSystemContextBuilder(deps) {
     }
     const roomBuilder = deps.roomContextBuilder;
     const asyncBuilder = async (message) => {
-        const { ownerScene, memory, digest } = gatherSyncBlocks(message);
+        const { identity, ownerScene, memory, digest } = gatherSyncBlocks(message);
         // Room context landing order: after owner-scene / memory, before digest —
         // "what room am I in" belongs with the session's own identity, while the
         // cross-room digest deliberately describes OTHER rooms and should stay
         // last so it doesn't get confused with the current room.
+        // Identity stays at the very front; see syncBuilder for rationale.
         let roomBlock = null;
         try {
             roomBlock = await roomBuilder(message);
@@ -102,7 +132,7 @@ export function createDaemonSystemContextBuilder(deps) {
             });
         }
         const loopRisk = runLoopRisk(message);
-        return assemble([ownerScene, memory, roomBlock, digest, loopRisk]);
+        return assemble([identity, ownerScene, memory, roomBlock, digest, loopRisk]);
     };
     const _typecheck = asyncBuilder;
     void _typecheck;

package/dist/turn-text.js

@@ -4,6 +4,16 @@ const GROUP_HINT = '[In group chats, do NOT reply unless you are explicitly ment
     'If no response is needed, reply with exactly "NO_REPLY" and nothing else.]';
 const DIRECT_HINT = '[If the conversation has naturally concluded or no response is needed, ' +
     'reply with exactly "NO_REPLY" and nothing else.]';
+/**
+ * Reminder appended to every wrapped (non-owner-chat) inbound message. The
+ * dispatcher discards `result.text` for any room that is not `rm_oc_*`, so
+ * the agent must call the `botcord_send` tool (or the `botcord send` CLI
+ * via Bash) to actually deliver a reply. Plain assistant text in those
+ * rooms is logged and dropped.
+ */
+const NON_OWNER_REPLY_HINT = "[This room is NOT owner-chat. Plain text output WILL NOT be sent. " +
+    "To reply, call the `botcord_send` tool, or run " +
+    '`botcord send --room <room_id> --text "..."` via Bash.]';
 /**
  * Read the BotCord envelope type from a raw inbound message. Returns
  * `undefined` when the message didn't come from the BotCord channel or the
@@ -116,6 +126,8 @@ export function composeBotCordUserTurn(msg) {
         `</${tag}>`,
         "",
         hint,
+        "",
+        NON_OWNER_REPLY_HINT,
     ];
     if (contactRequestHint) {
         lines.push("", contactRequestHint);
@@ -160,7 +172,14 @@ function composeBatchedTurn(msg, batch) {
         }
     }
     const hint = isGroup ? GROUP_HINT : DIRECT_HINT;
-    const lines = [header.join(" | "), blocks.join("\n"), "", hint];
+    const lines = [
+        header.join(" | "),
+        blocks.join("\n"),
+        "",
+        hint,
+        "",
+        NON_OWNER_REPLY_HINT,
+    ];
     if (contactRequestSenders.length > 0) {
         // Dedup + list — multiple distinct senders show as "A, B".
         const unique = Array.from(new Set(contactRequestSenders));

package/dist/url-utils.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Append a `next` query param to a URL. Used by the device-code flow to
+ * encode a post-auth redirect target into the Hub-issued verification URL,
+ * so the dashboard knows where to send the user after they click Authorize.
+ *
+ * Falls back to returning the original URL string if parsing fails — the
+ * device-code flow keeps working, just without the redirect convenience.
+ */
+export declare function appendNextParam(url: string, next: string): string;

package/dist/url-utils.js

@@ -0,0 +1,18 @@
+/**
+ * Append a `next` query param to a URL. Used by the device-code flow to
+ * encode a post-auth redirect target into the Hub-issued verification URL,
+ * so the dashboard knows where to send the user after they click Authorize.
+ *
+ * Falls back to returning the original URL string if parsing fails — the
+ * device-code flow keeps working, just without the redirect convenience.
+ */
+export function appendNextParam(url, next) {
+    try {
+        const u = new URL(url);
+        u.searchParams.set("next", next);
+        return u.toString();
+    }
+    catch {
+        return url;
+    }
+}

package/dist/user-auth.js

@@ -5,8 +5,6 @@
  * `~/.botcord/credentials/*.json`), the user-auth record is singular —
  * the daemon only logs in as *one* user at a time. Stored at
  * `~/.botcord/daemon/user-auth.json` with `0600` permissions.
- *
- * See `docs/daemon-control-plane-plan.md` §6–§7.
  */
 import { chmodSync, existsSync, mkdirSync, readFileSync, renameSync, statSync, unlinkSync, writeFileSync, } from "node:fs";
 import path from "node:path";