@botcord/daemon 0.2.54 → 0.2.56

package/src/gateway/runtimes/codex.ts

@@ -15,6 +15,69 @@ import type { RuntimeProbeResult, RuntimeRunOptions, StreamBlock } from "../type
 const CODEX_DESKTOP_BUNDLE_PATH = "/Applications/Codex.app/Contents/Resources/codex";
 /** Codex UUIDv7 / v4 session ids are 36-char dashed hex; reject anything else to keep argv safe. */
 const CODEX_SESSION_ID_RE = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$/;
+const CODEX_FOREIGN_EXTRA_FLAGS_WITH_VALUE = new Set([
+  "--append-system-prompt",
+  "--permission-mode",
+]);
+const CODEX_SANDBOX_MODES = new Set(["read-only", "workspace-write", "danger-full-access"]);
+
+function extraFlagName(arg: string): string {
+  if (!arg.startsWith("-")) return arg;
+  const eq = arg.indexOf("=");
+  return eq === -1 ? arg : arg.slice(0, eq);
+}
+
+function nextExtraValue(args: string[], index: number): string | undefined {
+  const next = args[index + 1];
+  if (typeof next !== "string") return undefined;
+  if (!next.startsWith("-")) return next;
+  return /^-\d/.test(next) ? next : undefined;
+}
+
+function sanitizeCodexExtraArgs(extraArgs: string[] | undefined): string[] {
+  if (!extraArgs?.length) return [];
+  const out: string[] = [];
+  for (let i = 0; i < extraArgs.length; i += 1) {
+    const arg = extraArgs[i];
+    const name = extraFlagName(arg);
+    if (CODEX_FOREIGN_EXTRA_FLAGS_WITH_VALUE.has(name)) {
+      if (!arg.includes("=") && nextExtraValue(extraArgs, i) !== undefined) i += 1;
+      continue;
+    }
+    if (name === "-s" || name === "--sandbox") {
+      const value = arg.includes("=") ? arg.slice(arg.indexOf("=") + 1) : nextExtraValue(extraArgs, i);
+      if (!arg.includes("=") && value !== undefined) i += 1;
+      if (value && CODEX_SANDBOX_MODES.has(value)) {
+        out.push("-c", `sandbox_mode="${value}"`);
+      }
+      continue;
+    }
+    if (arg === "--full-auto") {
+      out.push("--dangerously-bypass-approvals-and-sandbox");
+      continue;
+    }
+    out.push(arg);
+  }
+  return out;
+}
+
+function hasCodexSandboxOverride(args: string[]): boolean {
+  for (let i = 0; i < args.length; i += 1) {
+    const arg = args[i];
+    if (
+      arg === "--dangerously-bypass-approvals-and-sandbox" ||
+      arg.startsWith("-c sandbox_mode=") ||
+      arg.startsWith("-csandbox_mode=") ||
+      arg.startsWith("--config=sandbox_mode=")
+    ) {
+      return true;
+    }
+    if ((arg === "-c" || arg === "--config") && args[i + 1]?.startsWith("sandbox_mode=")) {
+      return true;
+    }
+  }
+  return false;
+}
 
 /** Resolve the Codex CLI executable via PATH or macOS desktop bundle. */
 export function resolveCodexCommand(deps: ProbeDeps = {}): string | null {
@@ -167,6 +230,7 @@ export class CodexAdapter extends NdjsonStreamAdapter {
    */
   protected buildArgs(opts: RuntimeRunOptions): string[] {
     const tail: string[] = [];
+    const extraArgs = sanitizeCodexExtraArgs(opts.extraArgs);
 
     // Sandbox / approval policy. Expressed as `-c` overrides because
     // `codex exec resume` rejects `-s` / `--full-auto`. `-c` works on both
@@ -177,16 +241,7 @@ export class CodexAdapter extends NdjsonStreamAdapter {
     // relay back to the user yet. Default to bypassing both approvals and the
     // sandbox for every trust tier; operators who need a stricter posture can
     // still override with route/defaultRoute extraArgs.
-    const hasSandboxOverride =
-      opts.extraArgs?.some(
-        (a) =>
-          a === "-s" ||
-          a.startsWith("--sandbox") ||
-          a === "--full-auto" ||
-          a === "--dangerously-bypass-approvals-and-sandbox" ||
-          a.startsWith("-c sandbox_mode=") ||
-          a.startsWith("-csandbox_mode="),
-      ) ?? false;
+    const hasSandboxOverride = hasCodexSandboxOverride(extraArgs);
     if (!hasSandboxOverride) {
       tail.push(
         "-c",
@@ -196,7 +251,7 @@ export class CodexAdapter extends NdjsonStreamAdapter {
       );
     }
     tail.push("--skip-git-repo-check", "--json");
-    if (opts.extraArgs?.length) tail.push(...opts.extraArgs);
+    if (extraArgs.length) tail.push(...extraArgs);
 
     // `--` separates flags from positionals so a prompt starting with `-`
     // can never be parsed as an option. `systemContext` is NOT prepended to

package/src/index.ts

@@ -57,6 +57,7 @@ import {
   updateWorkingMemory,
   DEFAULT_SECTION,
 } from "./working-memory.js";
+import { createDiagnosticBundle } from "./diagnostics.js";
 import { resolveStartAuthAction } from "./start-auth.js";
 import {
   discoverLocalOpenclawGateways,
@@ -131,7 +132,9 @@ Commands:
   route list
   route remove --room <rm_xxx>|--prefix <rm_xxx>
   config                                  Print resolved config
-  doctor [--json]                         Scan local runtimes (${ADAPTER_LIST})
+  doctor [--json] [--bundle]              Scan local runtimes (${ADAPTER_LIST});
+                                          --bundle also writes a zip under
+                                          ~/.botcord/diagnostics/
   memory get [--agent <ag_xxx>] [--json]  Show current working memory
   memory set [--agent <ag_xxx>] --goal <text>
                                           Pin/update the agent's work goal
@@ -164,6 +167,7 @@ const BOOLEAN_FLAGS = new Set([
   "f",
   "follow",
   "json",
+  "bundle",
   "help",
   "h",
   "mentioned",
@@ -1342,6 +1346,18 @@ const fsFileReader: DoctorFileReader = {
 };
 
 async function cmdDoctor(args: ParsedArgs): Promise<void> {
+  if (args.flags.bundle === true) {
+    const bundle = await createDiagnosticBundle();
+    if (args.flags.json === true) {
+      console.log(JSON.stringify({ bundle }, null, 2));
+      return;
+    }
+    console.log(`diagnostic bundle written: ${bundle.path}`);
+    console.log(`size: ${bundle.sizeBytes} bytes`);
+    console.log("Send this zip file to the BotCord developer/support contact.");
+    return;
+  }
+
   const entries: import("./doctor.js").DoctorRuntimeEntry[] = detectRuntimes();
   // Doctor should not hard-fail when no config exists yet; channel probes
   // simply produce an empty list in that case.

package/src/provision.ts

@@ -28,6 +28,7 @@ import {
   type UpdateAgentParams,
 } from "@botcord/protocol-core";
 import type { Gateway } from "./gateway/index.js";
+import type { GatewayInboundMessage } from "./gateway/index.js";
 import type { PolicyResolverLike } from "./gateway/policy-resolver.js";
 import type { PolicyUpdatedParams } from "@botcord/protocol-core";
 import type {
@@ -398,6 +399,10 @@ export function createProvisioner(opts: ProvisionerOptions): (
         return { ok: true, result };
       }
 
+      case "wake_agent": {
+        return handleWakeAgent(gateway, frame.params);
+      }
+
       default:
         daemonLog.warn("provision.dispatch: unknown frame type", {
           type: frame.type,
@@ -411,6 +416,87 @@ export function createProvisioner(opts: ProvisionerOptions): (
   };
 }
 
+interface WakeAgentParams {
+  agent_id?: string;
+  agentId?: string;
+  message?: string;
+  run_id?: string;
+  runId?: string;
+  schedule_id?: string;
+  scheduleId?: string;
+  dedupe_key?: string;
+  dedupeKey?: string;
+}
+
+async function handleWakeAgent(gateway: Gateway, raw: unknown): Promise<AckBody> {
+  if (raw === null || typeof raw !== "object" || Array.isArray(raw)) {
+    return {
+      ok: false,
+      error: { code: "bad_params", message: "wake_agent params must be an object" },
+    };
+  }
+  const params = raw as WakeAgentParams;
+  const agentId = params.agent_id || params.agentId;
+  const message = params.message;
+  if (!agentId || typeof agentId !== "string") {
+    return {
+      ok: false,
+      error: { code: "bad_params", message: "wake_agent requires params.agent_id" },
+    };
+  }
+  if (!message || typeof message !== "string") {
+    return {
+      ok: false,
+      error: { code: "bad_params", message: "wake_agent requires params.message" },
+    };
+  }
+
+  const channels = gateway.snapshot().channels;
+  if (!channels[agentId]) {
+    return {
+      ok: false,
+      error: { code: "agent_not_loaded", message: `agent ${agentId} is not loaded in daemon gateway` },
+    };
+  }
+
+  const runId = params.run_id || params.runId || `wake-${Date.now()}`;
+  const scheduleId = params.schedule_id || params.scheduleId;
+  const dedupeKey = params.dedupe_key || params.dedupeKey;
+  const conversationId = `rm_schedule_${agentId}`;
+  const msg: GatewayInboundMessage = {
+    id: runId,
+    channel: agentId,
+    accountId: agentId,
+    conversation: {
+      id: conversationId,
+      kind: "direct",
+      title: "BotCord Scheduler",
+      threadId: scheduleId ?? null,
+    },
+    sender: {
+      id: "hub",
+      name: "BotCord Scheduler",
+      kind: "system",
+    },
+    text: message,
+    raw: {
+      source_type: "botcord_schedule",
+      schedule_id: scheduleId,
+      run_id: runId,
+      dedupe_key: dedupeKey,
+    },
+    mentioned: true,
+    receivedAt: Date.now(),
+    trace: {
+      id: runId,
+      streamable: false,
+    },
+  };
+
+  await gateway.injectInbound(msg);
+  return { ok: true, result: { agent_id: agentId } };
+}
+
 // W8: hand-written runtime validator for the third-party gateway frame
 // params. Rejects malformed payloads with a structured `bad_params` ack
 // before they hit the per-handler logic, so an attacker can't smuggle a

package/src/system-context.ts

@@ -57,6 +57,16 @@ function buildOwnerChatSceneContext(): string {
   ].join("\n");
 }
 
+function buildGroupRoomEnvironmentContext(message: GatewayInboundMessage): string | null {
+  if (message.conversation.kind !== "group") return null;
+  return [
+    "[BotCord Runtime Environment]",
+    "You are running as a local agent process connected to a remote BotCord group room.",
+    "Other room members can read your messages and any uploaded/attached files, but they cannot access this machine's local filesystem, container paths, or absolute paths such as /var/..., /tmp/..., or /Users/....",
+    "Do not present a local file path as a useful report link or deliverable in group chat. If an artifact needs to be shared, upload or attach it through the available BotCord file/attachment mechanism, then refer to the uploaded attachment or summarize the content in the message.",
+  ].join("\n");
+}
+
 /** Dependencies injected by the daemon bootstrap. */
 export interface SystemContextDeps {
   /** The owning daemon's agent id. Used to scope working-memory + activity lookups. */
@@ -133,6 +143,7 @@ export function createDaemonSystemContextBuilder(
   const gatherSyncBlocks = (message: GatewayInboundMessage): {
     identity: string | null;
     ownerScene: string | null;
+    environment: string | null;
     memory: string | null;
     digest: string | null;
   } => {
@@ -142,6 +153,7 @@ export function createDaemonSystemContextBuilder(
       classifyActivitySender(message).kind === "owner"
         ? buildOwnerChatSceneContext()
         : null;
+    const environment = ownerScene ? null : buildGroupRoomEnvironmentContext(message);
 
     const wm = safeReadWorkingMemory(deps.agentId);
     const memory = wm ? buildWorkingMemoryPrompt({ workingMemory: wm }) : null;
@@ -155,7 +167,7 @@ export function createDaemonSystemContextBuilder(
         }) || null
       : null;
 
-    return { identity, ownerScene, memory, digest };
+    return { identity, ownerScene, environment, memory, digest };
   };
 
   const assemble = (parts: Array<string | null | undefined>): string | undefined => {
@@ -195,13 +207,13 @@ export function createDaemonSystemContextBuilder(
 
   if (!deps.roomContextBuilder) {
     const syncBuilder = (message: GatewayInboundMessage): string | undefined => {
-      const { identity, ownerScene, memory, digest } = gatherSyncBlocks(message);
+      const { identity, ownerScene, environment, memory, digest } = gatherSyncBlocks(message);
       // Loop-risk sits at the end so its "reply NO_REPLY unless…" guidance
       // is the last thing the model sees before the user turn body.
       // Identity sits at the very front so it frames every other block.
       const skillIndex = buildSkillIndex(message);
       const loopRisk = runLoopRisk(message);
-      return assemble([identity, ownerScene, memory, digest, skillIndex, loopRisk]);
+      return assemble([identity, ownerScene, environment, memory, digest, skillIndex, loopRisk]);
     };
     // Compile-time witness that the narrower sync signature still satisfies
     // `SystemContextBuilder` (which allows async). Prevents the two contracts
@@ -215,7 +227,7 @@ export function createDaemonSystemContextBuilder(
   const asyncBuilder = async (
     message: GatewayInboundMessage,
   ): Promise<string | undefined> => {
-    const { identity, ownerScene, memory, digest } = gatherSyncBlocks(message);
+    const { identity, ownerScene, environment, memory, digest } = gatherSyncBlocks(message);
     // Room context landing order: after owner-scene / memory, before digest —
     // "what room am I in" belongs with the session's own identity, while the
     // cross-room digest deliberately describes OTHER rooms and should stay
@@ -233,7 +245,7 @@ export function createDaemonSystemContextBuilder(
     }
     const skillIndex = buildSkillIndex(message);
     const loopRisk = runLoopRisk(message);
-    return assemble([identity, ownerScene, memory, roomBlock, digest, skillIndex, loopRisk]);
+    return assemble([identity, ownerScene, environment, memory, roomBlock, digest, skillIndex, loopRisk]);
   };
   const _typecheck: SystemContextBuilder = asyncBuilder;
   void _typecheck;

package/src/working-memory.ts

@@ -307,6 +307,11 @@ export function buildWorkingMemoryPrompt(opts: {
     "- sections: named buckets (contacts, pending_tasks, preferences, etc.).",
     "- Updating one section never touches others. Empty content deletes a section.",
     "",
+    "For cross-room work, update memory before or immediately after delegating:",
+    "- If you accept a request in one room and continue it in another, record a `pending_tasks` entry with source room id/name, target room id/name, requested deliverable, current status, and where to report completion.",
+    "- When a delegated room replies or delivers an artifact, consult `pending_tasks` before deciding `NO_REPLY`; if it matches a pending handoff, acknowledge, update status, and send the promised follow-up to the source room when appropriate.",
+    "- Remove or mark the entry done once the source room has been updated.",
+    "",
     "Only update when something meaningful changes. Keep each section tight.",
   ];