@botcord/daemon 0.2.55 → 0.2.56

package/src/gateway/__tests__/codex-adapter.test.ts

@@ -371,7 +371,7 @@ process.stdout.write(JSON.stringify({type:"item.completed", item:{id:"i0", type:
       expect(argv).toContain('approval_policy="never"');
     });
 
-    it("extraArgs `-s read-only` suppresses the default sandbox `-c`s", async () => {
+    it("extraArgs `-s read-only` is converted to resume-compatible sandbox config", async () => {
       const adapter = new CodexAdapter({ binary: echoScript() });
       const ctrl = new AbortController();
       const res = await adapter.run({
@@ -384,11 +384,87 @@ process.stdout.write(JSON.stringify({type:"item.completed", item:{id:"i0", type:
         extraArgs: ["-s", "read-only"],
       });
       const argv = JSON.parse(res.text) as string[];
-      // Only the operator-supplied `-s` appears; our defaults are suppressed.
-      expect(argv.filter((a) => a === "-s").length).toBe(1);
-      expect(argv[argv.indexOf("-s") + 1]).toBe("read-only");
+      expect(argv).not.toContain("-s");
+      expect(argv).toContain('sandbox_mode="read-only"');
       expect(argv).not.toContain('sandbox_mode="workspace-write"');
       expect(argv).not.toContain('sandbox_mode="danger-full-access"');
     });
+
+    it("extraArgs `--sandbox=value` is converted on resume too", async () => {
+      const adapter = new CodexAdapter({ binary: echoScript() });
+      const ctrl = new AbortController();
+      const res = await adapter.run({
+        text: "x",
+        sessionId: "01234567-89ab-7def-8123-456789abcdef",
+        accountId: "ag_test",
+        cwd: tmpRoot,
+        signal: ctrl.signal,
+        trustLevel: "public",
+        extraArgs: ["--sandbox=workspace-write"],
+      });
+      const argv = JSON.parse(res.text) as string[];
+      expect(argv[0]).toBe("exec");
+      expect(argv[1]).toBe("resume");
+      expect(argv).not.toContain("--sandbox=workspace-write");
+      expect(argv).toContain('sandbox_mode="workspace-write"');
+      expect(argv).not.toContain('sandbox_mode="danger-full-access"');
+    });
+
+    it("maps legacy Codex --full-auto to the current bypass flag", async () => {
+      const adapter = new CodexAdapter({ binary: echoScript() });
+      const ctrl = new AbortController();
+      const res = await adapter.run({
+        text: "x",
+        sessionId: null,
+        accountId: "ag_test",
+        cwd: tmpRoot,
+        signal: ctrl.signal,
+        trustLevel: "public",
+        extraArgs: ["--full-auto"],
+      });
+      const argv = JSON.parse(res.text) as string[];
+      expect(argv).not.toContain("--full-auto");
+      expect(argv).toContain("--dangerously-bypass-approvals-and-sandbox");
+      expect(argv).not.toContain('sandbox_mode="danger-full-access"');
+    });
+
+    it("drops inherited Claude --permission-mode extraArgs and their values", async () => {
+      const adapter = new CodexAdapter({ binary: echoScript() });
+      const ctrl = new AbortController();
+      const res = await adapter.run({
+        text: "x",
+        sessionId: null,
+        accountId: "ag_test",
+        cwd: tmpRoot,
+        signal: ctrl.signal,
+        trustLevel: "public",
+        extraArgs: ["--permission-mode", "bypassPermissions", "--model", "gpt-5.2"],
+      });
+      const argv = JSON.parse(res.text) as string[];
+      expect(argv).not.toContain("--permission-mode");
+      expect(argv).not.toContain("bypassPermissions");
+      expect(argv).toContain("--model");
+      expect(argv[argv.indexOf("--model") + 1]).toBe("gpt-5.2");
+      expect(argv).toContain('sandbox_mode="danger-full-access"');
+      expect(argv).toContain('approval_policy="never"');
+    });
+
+    it("drops inherited Claude --permission-mode=value extraArgs", async () => {
+      const adapter = new CodexAdapter({ binary: echoScript() });
+      const ctrl = new AbortController();
+      const res = await adapter.run({
+        text: "x",
+        sessionId: null,
+        accountId: "ag_test",
+        cwd: tmpRoot,
+        signal: ctrl.signal,
+        trustLevel: "public",
+        extraArgs: ["--permission-mode=bypassPermissions"],
+      });
+      const argv = JSON.parse(res.text) as string[];
+      expect(argv).not.toContain("--permission-mode=bypassPermissions");
+      expect(argv).toContain('sandbox_mode="danger-full-access"');
+      expect(argv).toContain('approval_policy="never"');
+    });
   });
 });

package/src/gateway/gateway.ts

@@ -261,4 +261,13 @@ export class Gateway {
     const idx = this.config.channels.findIndex((c) => c.id === id);
     if (idx >= 0) this.config.channels.splice(idx, 1);
   }
+
+  /**
+   * Inject a daemon-internal inbound message into the normal dispatcher.
+   * Control-plane wakeups use this path so scheduled turns share the same
+   * routing, queueing, transcript, and runtime behavior as channel messages.
+   */
+  async injectInbound(message: GatewayInboundMessage): Promise<void> {
+    await this.dispatcher.handle({ message });
+  }
 }

package/src/gateway/runtimes/claude-code.ts

@@ -32,6 +32,77 @@ function invalidClaudeSessionIdError(): string {
   return "claude-code: invalid sessionId (expected non-control text not starting with '-')";
 }
 
+const CLAUDE_FOREIGN_FLAGS_WITH_VALUE = new Set([
+  "--color",
+  "--config",
+  "--disable",
+  "--enable",
+  "--image",
+  "--local-provider",
+  "--output-last-message",
+  "--output-schema",
+  "--profile",
+  "--sandbox",
+  "-i",
+  "-o",
+  "-p",
+  "-s",
+]);
+const CLAUDE_FOREIGN_BOOLEAN_FLAGS = new Set([
+  "--all",
+  "--dangerously-bypass-approvals-and-sandbox",
+  "--ephemeral",
+  "--full-auto",
+  "--ignore-rules",
+  "--ignore-user-config",
+  "--json",
+  "--last",
+  "--oss",
+  "--print",
+  "--skip-git-repo-check",
+]);
+
+function extraFlagName(arg: string): string {
+  if (!arg.startsWith("-")) return arg;
+  const eq = arg.indexOf("=");
+  return eq === -1 ? arg : arg.slice(0, eq);
+}
+
+function nextExtraValue(args: string[], index: number): string | undefined {
+  const next = args[index + 1];
+  if (typeof next !== "string") return undefined;
+  if (!next.startsWith("-")) return next;
+  return /^-\d/.test(next) ? next : undefined;
+}
+
+function sanitizeClaudeExtraArgs(extraArgs: string[] | undefined): string[] {
+  if (!extraArgs?.length) return [];
+  const out: string[] = [];
+  for (let i = 0; i < extraArgs.length; i += 1) {
+    const arg = extraArgs[i];
+    const name = extraFlagName(arg);
+
+    if (arg === "-c") {
+      const value = nextExtraValue(extraArgs, i);
+      if (value !== undefined) i += 1;
+      continue;
+    }
+    if (name === "--config" || name === "--sandbox") {
+      if (!arg.includes("=") && nextExtraValue(extraArgs, i) !== undefined) i += 1;
+      continue;
+    }
+    if (CLAUDE_FOREIGN_FLAGS_WITH_VALUE.has(name)) {
+      if (!arg.includes("=") && nextExtraValue(extraArgs, i) !== undefined) i += 1;
+      continue;
+    }
+    if (CLAUDE_FOREIGN_BOOLEAN_FLAGS.has(name)) {
+      continue;
+    }
+    out.push(arg);
+  }
+  return out;
+}
+
 /** Resolve the Claude Code CLI path on PATH or the macOS desktop bundle fallback. */
 export function resolveClaudeCommand(deps: ProbeDeps = {}): string | null {
   const onPath = resolveCommandOnPath("claude", deps);
@@ -95,11 +166,12 @@ export class ClaudeCodeAdapter extends NdjsonStreamAdapter {
   }
 
   protected buildArgs(opts: RuntimeRunOptions): string[] {
+    const extraArgs = sanitizeClaudeExtraArgs(opts.extraArgs);
     const args = ["-p", opts.text, "--output-format", "stream-json", "--verbose"];
     // Headless `-p` mode does not load project `.claude/` by default, so
     // per-agent skills seeded at `<workspace>/.claude/skills/` are invisible
     // unless we opt in. `extraArgs` wins so operators can still override.
-    if (!opts.extraArgs?.some((a) => a.startsWith("--setting-sources"))) {
+    if (!extraArgs.some((a) => a.startsWith("--setting-sources"))) {
       args.push("--setting-sources", "project");
     }
     if (opts.sessionId) {
@@ -112,16 +184,16 @@ export class ClaudeCodeAdapter extends NdjsonStreamAdapter {
     // MCP) because there is no prompt relay back to the user yet. Default to
     // bypassPermissions for every trust tier; operators who need a stricter
     // posture can still override with route/defaultRoute extraArgs.
-    if (!opts.extraArgs?.some((a) => a.startsWith("--permission-mode"))) {
+    if (!extraArgs.some((a) => a.startsWith("--permission-mode"))) {
       args.push("--permission-mode", "bypassPermissions");
     }
     // Claude Code's `--append-system-prompt` is applied per invocation and NOT
     // persisted in the resumed session transcript — ideal for memory / digest
     // content that should re-evaluate every turn.
-    if (opts.systemContext && !opts.extraArgs?.includes("--append-system-prompt")) {
+    if (opts.systemContext && !extraArgs.includes("--append-system-prompt")) {
       args.push("--append-system-prompt", opts.systemContext);
     }
-    if (opts.extraArgs?.length) args.push(...opts.extraArgs);
+    if (extraArgs.length) args.push(...extraArgs);
     return args;
   }
 

package/src/gateway/runtimes/codex.ts

@@ -15,6 +15,69 @@ import type { RuntimeProbeResult, RuntimeRunOptions, StreamBlock } from "../type
 const CODEX_DESKTOP_BUNDLE_PATH = "/Applications/Codex.app/Contents/Resources/codex";
 /** Codex UUIDv7 / v4 session ids are 36-char dashed hex; reject anything else to keep argv safe. */
 const CODEX_SESSION_ID_RE = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$/;
+const CODEX_FOREIGN_EXTRA_FLAGS_WITH_VALUE = new Set([
+  "--append-system-prompt",
+  "--permission-mode",
+]);
+const CODEX_SANDBOX_MODES = new Set(["read-only", "workspace-write", "danger-full-access"]);
+
+function extraFlagName(arg: string): string {
+  if (!arg.startsWith("-")) return arg;
+  const eq = arg.indexOf("=");
+  return eq === -1 ? arg : arg.slice(0, eq);
+}
+
+function nextExtraValue(args: string[], index: number): string | undefined {
+  const next = args[index + 1];
+  if (typeof next !== "string") return undefined;
+  if (!next.startsWith("-")) return next;
+  return /^-\d/.test(next) ? next : undefined;
+}
+
+function sanitizeCodexExtraArgs(extraArgs: string[] | undefined): string[] {
+  if (!extraArgs?.length) return [];
+  const out: string[] = [];
+  for (let i = 0; i < extraArgs.length; i += 1) {
+    const arg = extraArgs[i];
+    const name = extraFlagName(arg);
+    if (CODEX_FOREIGN_EXTRA_FLAGS_WITH_VALUE.has(name)) {
+      if (!arg.includes("=") && nextExtraValue(extraArgs, i) !== undefined) i += 1;
+      continue;
+    }
+    if (name === "-s" || name === "--sandbox") {
+      const value = arg.includes("=") ? arg.slice(arg.indexOf("=") + 1) : nextExtraValue(extraArgs, i);
+      if (!arg.includes("=") && value !== undefined) i += 1;
+      if (value && CODEX_SANDBOX_MODES.has(value)) {
+        out.push("-c", `sandbox_mode="${value}"`);
+      }
+      continue;
+    }
+    if (arg === "--full-auto") {
+      out.push("--dangerously-bypass-approvals-and-sandbox");
+      continue;
+    }
+    out.push(arg);
+  }
+  return out;
+}
+
+function hasCodexSandboxOverride(args: string[]): boolean {
+  for (let i = 0; i < args.length; i += 1) {
+    const arg = args[i];
+    if (
+      arg === "--dangerously-bypass-approvals-and-sandbox" ||
+      arg.startsWith("-c sandbox_mode=") ||
+      arg.startsWith("-csandbox_mode=") ||
+      arg.startsWith("--config=sandbox_mode=")
+    ) {
+      return true;
+    }
+    if ((arg === "-c" || arg === "--config") && args[i + 1]?.startsWith("sandbox_mode=")) {
+      return true;
+    }
+  }
+  return false;
+}
 
 /** Resolve the Codex CLI executable via PATH or macOS desktop bundle. */
 export function resolveCodexCommand(deps: ProbeDeps = {}): string | null {
@@ -167,6 +230,7 @@ export class CodexAdapter extends NdjsonStreamAdapter {
    */
   protected buildArgs(opts: RuntimeRunOptions): string[] {
     const tail: string[] = [];
+    const extraArgs = sanitizeCodexExtraArgs(opts.extraArgs);
 
     // Sandbox / approval policy. Expressed as `-c` overrides because
     // `codex exec resume` rejects `-s` / `--full-auto`. `-c` works on both
@@ -177,16 +241,7 @@ export class CodexAdapter extends NdjsonStreamAdapter {
     // relay back to the user yet. Default to bypassing both approvals and the
     // sandbox for every trust tier; operators who need a stricter posture can
     // still override with route/defaultRoute extraArgs.
-    const hasSandboxOverride =
-      opts.extraArgs?.some(
-        (a) =>
-          a === "-s" ||
-          a.startsWith("--sandbox") ||
-          a === "--full-auto" ||
-          a === "--dangerously-bypass-approvals-and-sandbox" ||
-          a.startsWith("-c sandbox_mode=") ||
-          a.startsWith("-csandbox_mode="),
-      ) ?? false;
+    const hasSandboxOverride = hasCodexSandboxOverride(extraArgs);
     if (!hasSandboxOverride) {
       tail.push(
         "-c",
@@ -196,7 +251,7 @@ export class CodexAdapter extends NdjsonStreamAdapter {
       );
     }
     tail.push("--skip-git-repo-check", "--json");
-    if (opts.extraArgs?.length) tail.push(...opts.extraArgs);
+    if (extraArgs.length) tail.push(...extraArgs);
 
     // `--` separates flags from positionals so a prompt starting with `-`
     // can never be parsed as an option. `systemContext` is NOT prepended to

package/src/index.ts

@@ -57,6 +57,7 @@ import {
   updateWorkingMemory,
   DEFAULT_SECTION,
 } from "./working-memory.js";
+import { createDiagnosticBundle } from "./diagnostics.js";
 import { resolveStartAuthAction } from "./start-auth.js";
 import {
   discoverLocalOpenclawGateways,
@@ -131,7 +132,9 @@ Commands:
   route list
   route remove --room <rm_xxx>|--prefix <rm_xxx>
   config                                  Print resolved config
-  doctor [--json]                         Scan local runtimes (${ADAPTER_LIST})
+  doctor [--json] [--bundle]              Scan local runtimes (${ADAPTER_LIST});
+                                          --bundle also writes a zip under
+                                          ~/.botcord/diagnostics/
   memory get [--agent <ag_xxx>] [--json]  Show current working memory
   memory set [--agent <ag_xxx>] --goal <text>
                                           Pin/update the agent's work goal
@@ -164,6 +167,7 @@ const BOOLEAN_FLAGS = new Set([
   "f",
   "follow",
   "json",
+  "bundle",
   "help",
   "h",
   "mentioned",
@@ -1342,6 +1346,18 @@ const fsFileReader: DoctorFileReader = {
 };
 
 async function cmdDoctor(args: ParsedArgs): Promise<void> {
+  if (args.flags.bundle === true) {
+    const bundle = await createDiagnosticBundle();
+    if (args.flags.json === true) {
+      console.log(JSON.stringify({ bundle }, null, 2));
+      return;
+    }
+    console.log(`diagnostic bundle written: ${bundle.path}`);
+    console.log(`size: ${bundle.sizeBytes} bytes`);
+    console.log("Send this zip file to the BotCord developer/support contact.");
+    return;
+  }
+
   const entries: import("./doctor.js").DoctorRuntimeEntry[] = detectRuntimes();
   // Doctor should not hard-fail when no config exists yet; channel probes
   // simply produce an empty list in that case.

package/src/provision.ts

@@ -28,6 +28,7 @@ import {
   type UpdateAgentParams,
 } from "@botcord/protocol-core";
 import type { Gateway } from "./gateway/index.js";
+import type { GatewayInboundMessage } from "./gateway/index.js";
 import type { PolicyResolverLike } from "./gateway/policy-resolver.js";
 import type { PolicyUpdatedParams } from "@botcord/protocol-core";
 import type {
@@ -398,6 +399,10 @@ export function createProvisioner(opts: ProvisionerOptions): (
         return { ok: true, result };
       }
 
+      case "wake_agent": {
+        return handleWakeAgent(gateway, frame.params);
+      }
+
       default:
         daemonLog.warn("provision.dispatch: unknown frame type", {
           type: frame.type,
@@ -411,6 +416,87 @@ export function createProvisioner(opts: ProvisionerOptions): (
   };
 }
 
+interface WakeAgentParams {
+  agent_id?: string;
+  agentId?: string;
+  message?: string;
+  run_id?: string;
+  runId?: string;
+  schedule_id?: string;
+  scheduleId?: string;
+  dedupe_key?: string;
+  dedupeKey?: string;
+}
+
+async function handleWakeAgent(gateway: Gateway, raw: unknown): Promise<AckBody> {
+  if (raw === null || typeof raw !== "object" || Array.isArray(raw)) {
+    return {
+      ok: false,
+      error: { code: "bad_params", message: "wake_agent params must be an object" },
+    };
+  }
+  const params = raw as WakeAgentParams;
+  const agentId = params.agent_id || params.agentId;
+  const message = params.message;
+  if (!agentId || typeof agentId !== "string") {
+    return {
+      ok: false,
+      error: { code: "bad_params", message: "wake_agent requires params.agent_id" },
+    };
+  }
+  if (!message || typeof message !== "string") {
+    return {
+      ok: false,
+      error: { code: "bad_params", message: "wake_agent requires params.message" },
+    };
+  }
+
+  const channels = gateway.snapshot().channels;
+  if (!channels[agentId]) {
+    return {
+      ok: false,
+      error: { code: "agent_not_loaded", message: `agent ${agentId} is not loaded in daemon gateway` },
+    };
+  }
+
+  const runId = params.run_id || params.runId || `wake-${Date.now()}`;
+  const scheduleId = params.schedule_id || params.scheduleId;
+  const dedupeKey = params.dedupe_key || params.dedupeKey;
+  const conversationId = `rm_schedule_${agentId}`;
+  const msg: GatewayInboundMessage = {
+    id: runId,
+    channel: agentId,
+    accountId: agentId,
+    conversation: {
+      id: conversationId,
+      kind: "direct",
+      title: "BotCord Scheduler",
+      threadId: scheduleId ?? null,
+    },
+    sender: {
+      id: "hub",
+      name: "BotCord Scheduler",
+      kind: "system",
+    },
+    text: message,
+    raw: {
+      source_type: "botcord_schedule",
+      schedule_id: scheduleId,
+      run_id: runId,
+      dedupe_key: dedupeKey,
+    },
+    mentioned: true,
+    receivedAt: Date.now(),
+    trace: {
+      id: runId,
+      streamable: false,
+    },
+  };
+
+  await gateway.injectInbound(msg);
+  return { ok: true, result: { agent_id: agentId } };
+}
+
 // W8: hand-written runtime validator for the third-party gateway frame
 // params. Rejects malformed payloads with a structured `bad_params` ack
 // before they hit the per-handler logic, so an attacker can't smuggle a

package/src/working-memory.ts

@@ -307,6 +307,11 @@ export function buildWorkingMemoryPrompt(opts: {
     "- sections: named buckets (contacts, pending_tasks, preferences, etc.).",
     "- Updating one section never touches others. Empty content deletes a section.",
     "",
+    "For cross-room work, update memory before or immediately after delegating:",
+    "- If you accept a request in one room and continue it in another, record a `pending_tasks` entry with source room id/name, target room id/name, requested deliverable, current status, and where to report completion.",
+    "- When a delegated room replies or delivers an artifact, consult `pending_tasks` before deciding `NO_REPLY`; if it matches a pending handoff, acknowledge, update status, and send the promised follow-up to the source room when appropriate.",
+    "- Remove or mark the entry done once the source room has been updated.",
+    "",
     "Only update when something meaningful changes. Keep each section tight.",
   ];