@botcord/daemon 0.2.77 → 0.2.79

package/dist/agent-discovery.d.ts

@@ -22,6 +22,12 @@ export interface DiscoveredAgentCredential {
      * in that case.
      */
     runtime?: string;
+    /** Runtime model id/alias selected for this agent. */
+    runtimeModel?: string;
+    /** Runtime reasoning effort selected for this agent. */
+    reasoningEffort?: string;
+    /** Kimi-style thinking toggle selected for this agent. */
+    thinking?: boolean;
     /** Working directory cached alongside `runtime`. */
     cwd?: string;
     /** OpenClaw gateway profile name from credentials (only meaningful for openclaw-acp). */

package/dist/agent-discovery.js

@@ -96,6 +96,12 @@ export function discoverAgentCredentials(opts = {}) {
             entry.displayName = creds.displayName;
         if (creds.runtime)
             entry.runtime = creds.runtime;
+        if (creds.runtimeModel)
+            entry.runtimeModel = creds.runtimeModel;
+        if (creds.reasoningEffort)
+            entry.reasoningEffort = creds.reasoningEffort;
+        if (typeof creds.thinking === "boolean")
+            entry.thinking = creds.thinking;
         if (creds.cwd)
             entry.cwd = creds.cwd;
         if (creds.openclawGateway)

package/dist/attention-policy-fetcher.d.ts

@@ -0,0 +1,14 @@
+import type { DaemonAttentionPolicy } from "./gateway/policy-resolver.js";
+export interface AttentionPolicyFetcherOptions {
+    credentialPathByAgentId: Map<string, string>;
+    defaultCredentialsPath?: string;
+    hubBaseUrl?: string;
+    log?: {
+        warn: (msg: string, meta?: Record<string, unknown>) => void;
+    };
+}
+export type AttentionPolicyFetcher = (args: {
+    agentId: string;
+    roomId?: string | null;
+}) => Promise<DaemonAttentionPolicy | undefined>;
+export declare function createAttentionPolicyFetcher(opts: AttentionPolicyFetcherOptions): AttentionPolicyFetcher;

package/dist/attention-policy-fetcher.js

@@ -0,0 +1,59 @@
+import { BotCordClient, defaultCredentialsFile, loadStoredCredentials, updateCredentialsToken, } from "@botcord/protocol-core";
+export function createAttentionPolicyFetcher(opts) {
+    const clients = new Map();
+    function getClient(agentId) {
+        const existing = clients.get(agentId);
+        if (existing)
+            return existing.client;
+        const credentialsPath = opts.credentialPathByAgentId.get(agentId) ??
+            opts.defaultCredentialsPath ??
+            defaultCredentialsFile(agentId);
+        try {
+            const creds = loadStoredCredentials(credentialsPath);
+            const client = new BotCordClient({
+                hubUrl: opts.hubBaseUrl ?? creds.hubUrl,
+                agentId: creds.agentId,
+                keyId: creds.keyId,
+                privateKey: creds.privateKey,
+                ...(creds.token ? { token: creds.token } : {}),
+                ...(creds.tokenExpiresAt !== undefined
+                    ? { tokenExpiresAt: creds.tokenExpiresAt }
+                    : {}),
+            });
+            client.onTokenRefresh = (token, expiresAt) => {
+                try {
+                    updateCredentialsToken(credentialsPath, token, expiresAt);
+                }
+                catch {
+                    // Persistence failures are non-fatal; the next refresh retries.
+                }
+            };
+            clients.set(agentId, { client, credentialsPath });
+            return client;
+        }
+        catch (err) {
+            opts.log?.warn("daemon.attention-policy.client-init-failed", {
+                agentId,
+                credentialsPath,
+                error: err instanceof Error ? err.message : String(err),
+            });
+            return null;
+        }
+    }
+    return async ({ agentId, roomId }) => {
+        const client = getClient(agentId);
+        if (!client)
+            return undefined;
+        try {
+            return await client.getAttentionPolicy({ roomId });
+        }
+        catch (err) {
+            opts.log?.warn("daemon.attention-policy.fetch-failed", {
+                agentId,
+                roomId: roomId ?? null,
+                error: err instanceof Error ? err.message : String(err),
+            });
+            return undefined;
+        }
+    };
+}

package/dist/cloud-daemon.js

@@ -23,6 +23,7 @@ import { createDaemonSystemContextBuilder } from "./system-context.js";
 import { readWorkingMemorySnapshot } from "./working-memory.js";
 import { createRoomStaticContextBuilder } from "./room-context.js";
 import { createRoomContextFetcher } from "./room-context-fetcher.js";
+import { createRecentRoomMessagesRecoveryBuilder } from "./room-recovery-context.js";
 import { composeBotCordUserTurn } from "./turn-text.js";
 import { PolicyResolver } from "./gateway/policy-resolver.js";
 import { scanMention } from "./mention-scan.js";
@@ -92,6 +93,12 @@ export async function startCloudDaemon(opts) {
         fetchRoomInfo: roomContextFetcher,
         log: logger,
     });
+    const buildRuntimeRecoveryContext = createRecentRoomMessagesRecoveryBuilder({
+        credentialPathByAgentId,
+        hubBaseUrl: cloudCfg.hubUrl,
+        limit: 20,
+        log: logger,
+    });
     const scBuilders = new Map();
     const buildSystemContext = (message) => {
         const b = scBuilders.get(message.accountId);
@@ -180,6 +187,7 @@ export async function startCloudDaemon(opts) {
         turnTimeoutMs: DEFAULT_TURN_TIMEOUT_MS,
         buildSystemContext,
         buildMemoryContext,
+        buildRuntimeRecoveryContext,
         onInbound,
         onTurnComplete,
         composeUserTurn: composeBotCordUserTurn,

package/dist/cloud-gateway-runtime.d.ts

@@ -0,0 +1,29 @@
+import { type GatewayInboundFrame } from "@botcord/protocol-core";
+import type { Gateway, GatewayLogger } from "./gateway/index.js";
+export interface CloudGatewayRuntimeResult {
+    accepted: boolean;
+    eventId: string;
+    gatewayId: string;
+    agentId: string;
+    conversationId: string;
+    turnId: string;
+    outbound?: {
+        finalText: string;
+        providerMessageId?: string | null;
+    };
+    error?: {
+        code: string;
+        message: string;
+    };
+}
+/**
+ * Execute one ingress-originated runtime frame through the normal Gateway
+ * dispatcher while keeping provider I/O outside the cloud sandbox.
+ *
+ * The temporary channel is scoped to this call and implements only the
+ * dispatcher-facing send/status surface. Its send() method captures the
+ * final runtime reply; the Hub relay converts that into
+ * gateway_outbound_complete for gateway-ingress, which then calls the real
+ * provider API.
+ */
+export declare function handleCloudGatewayRuntimeInbound(gateway: Gateway, frame: GatewayInboundFrame, log?: GatewayLogger): Promise<CloudGatewayRuntimeResult>;

package/dist/cloud-gateway-runtime.js

@@ -0,0 +1,122 @@
+import { RUNTIME_FRAME_TYPES, } from "@botcord/protocol-core";
+/**
+ * Execute one ingress-originated runtime frame through the normal Gateway
+ * dispatcher while keeping provider I/O outside the cloud sandbox.
+ *
+ * The temporary channel is scoped to this call and implements only the
+ * dispatcher-facing send/status surface. Its send() method captures the
+ * final runtime reply; the Hub relay converts that into
+ * gateway_outbound_complete for gateway-ingress, which then calls the real
+ * provider API.
+ */
+export async function handleCloudGatewayRuntimeInbound(gateway, frame, log) {
+    if (frame.type !== RUNTIME_FRAME_TYPES.GATEWAY_INBOUND) {
+        return rejected(frame, "bad_frame_type", `unsupported frame type "${frame.type}"`);
+    }
+    if (!frame.gateway_id || !frame.agent_id || !frame.event_id) {
+        return rejected(frame, "bad_frame", "gateway_id, agent_id and event_id are required");
+    }
+    if (frame.message.accountId !== frame.agent_id) {
+        return rejected(frame, "account_mismatch", "message.accountId does not match frame.agent_id");
+    }
+    if (frame.message.channel !== frame.gateway_id) {
+        return rejected(frame, "channel_mismatch", "message.channel does not match frame.gateway_id");
+    }
+    let accepted = false;
+    let outboundText = null;
+    let providerMessageId;
+    const channel = createRuntimeRelayChannel({
+        id: frame.gateway_id,
+        provider: frame.provider,
+        accountId: frame.agent_id,
+        onSend: async (ctx) => {
+            outboundText = ctx.message.text ?? "";
+            providerMessageId = ctx.message.traceId ?? null;
+            return { providerMessageId };
+        },
+    });
+    const message = {
+        ...frame.message,
+        raw: {
+            source_type: "cloud_gateway_ingress",
+            provider: frame.provider,
+            event_id: frame.event_id,
+            gateway_id: frame.gateway_id,
+        },
+    };
+    try {
+        await gateway.injectInboundThrough(message, channel, {
+            accept: async () => {
+                accepted = true;
+            },
+        });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        log?.warn("cloud gateway runtime dispatch failed", {
+            eventId: frame.event_id,
+            gatewayId: frame.gateway_id,
+            agentId: frame.agent_id,
+            error: message,
+        });
+        return rejected(frame, "dispatch_failed", message);
+    }
+    return {
+        accepted,
+        eventId: frame.event_id,
+        gatewayId: frame.gateway_id,
+        agentId: frame.agent_id,
+        conversationId: frame.message.conversation.id,
+        turnId: `turn_${frame.event_id}`,
+        ...(outboundText !== null
+            ? {
+                outbound: {
+                    finalText: outboundText,
+                    providerMessageId: providerMessageId ?? null,
+                },
+            }
+            : {}),
+        ...(!accepted
+            ? { error: { code: "not_accepted", message: "dispatcher did not accept inbound" } }
+            : {}),
+    };
+}
+function createRuntimeRelayChannel(opts) {
+    let lastSendAt;
+    return {
+        id: opts.id,
+        type: opts.provider,
+        async start() {
+            return undefined;
+        },
+        async stop() {
+            return undefined;
+        },
+        async send(ctx) {
+            lastSendAt = Date.now();
+            return opts.onSend(ctx);
+        },
+        status() {
+            return {
+                channel: opts.id,
+                accountId: opts.accountId,
+                running: true,
+                connected: true,
+                authorized: true,
+                provider: opts.provider,
+                ...(lastSendAt ? { lastSendAt } : {}),
+            };
+        },
+    };
+}
+function rejected(frame, code, message) {
+    return {
+        accepted: false,
+        eventId: frame.event_id ?? "",
+        gatewayId: frame.gateway_id ?? "",
+        agentId: frame.agent_id ?? "",
+        conversationId: frame.message?.conversation.id ?? "",
+        turnId: frame.event_id ? `turn_${frame.event_id}` : "turn_unknown",
+        error: { code, message },
+    };
+}

package/dist/daemon-config-map.d.ts

@@ -3,6 +3,12 @@ import type { DaemonConfig, OpenclawGatewayProfile } from "./config.js";
 /** Per-agent metadata cached from credentials, used by `buildManagedRoutes`. */
 export interface AgentRuntimeMeta {
     runtime?: string;
+    /** Runtime model id/alias selected for this agent. */
+    runtimeModel?: string;
+    /** Runtime reasoning effort selected for this agent. */
+    reasoningEffort?: string;
+    /** Kimi-style thinking toggle selected for this agent. */
+    thinking?: boolean;
     cwd?: string;
     /** OpenClaw gateway profile name to lookup in the registry. */
     openclawGateway?: string;

package/dist/daemon-config-map.js

@@ -4,6 +4,7 @@ import path from "node:path";
 import { resolveAgentIds } from "./config.js";
 import { agentWorkspaceDir } from "./agent-workspace.js";
 import { log as daemonLog } from "./log.js";
+import { buildRuntimeSelectionExtraArgs, mergeRuntimeExtraArgs, } from "./runtime-route-options.js";
 function expandHome(p) {
     if (p === "~")
         return homedir();
@@ -259,10 +260,10 @@ export function buildManagedRoutes(agentIds, agentRuntimes, defaultRoute, opencl
             match: { accountId: agentId },
             runtime,
             cwd: meta.cwd || agentWorkspaceDir(agentId),
-            // Inherit defaultRoute's extraArgs so synthesized per-agent routes
-            // pick up operator-wide flags (e.g. `--permission-mode bypassPermissions`)
-            // that would otherwise apply only to agents listed in `cfg.routes[]`.
-            ...(defaultRoute.extraArgs ? { extraArgs: defaultRoute.extraArgs.slice() } : {}),
+            ...(() => {
+                const extraArgs = mergeRuntimeExtraArgs(defaultRoute.extraArgs, buildRuntimeSelectionExtraArgs(runtime, meta));
+                return extraArgs ? { extraArgs } : {};
+            })(),
         };
         if (runtime === "openclaw-acp") {
             // Per RFC §3.4: prefer credentials, fall back to defaultRoute.gateway.

package/dist/daemon.d.ts

@@ -121,6 +121,9 @@ export interface BootBackfillResult {
     credentialPathByAgentId: Map<string, string>;
     agentRuntimes: Record<string, {
         runtime?: string;
+        runtimeModel?: string;
+        reasoningEffort?: string;
+        thinking?: boolean;
         cwd?: string;
         openclawGateway?: string;
         openclawAgent?: string;

package/dist/daemon.js

@@ -14,12 +14,14 @@ import { createDaemonSystemContextBuilder } from "./system-context.js";
 import { readWorkingMemorySnapshot } from "./working-memory.js";
 import { createRoomStaticContextBuilder } from "./room-context.js";
 import { createRoomContextFetcher } from "./room-context-fetcher.js";
+import { createRecentRoomMessagesRecoveryBuilder } from "./room-recovery-context.js";
 import { buildLoopRiskPrompt, loopRiskSessionKey, recordInboundText as recordLoopRiskInbound, recordOutboundText as recordLoopRiskOutbound, } from "./loop-risk.js";
 import { composeBotCordUserTurn } from "./turn-text.js";
 import { UserAuthManager } from "./user-auth.js";
 import { PolicyResolver } from "./gateway/policy-resolver.js";
 import { scanMention } from "./mention-scan.js";
 import { createDiagnosticBundle, uploadDiagnosticBundle } from "./diagnostics.js";
+import { createAttentionPolicyFetcher } from "./attention-policy-fetcher.js";
 /**
  * Default hard cap for a single runtime turn. Long-running coding/research
  * tasks routinely exceed 10 minutes, so daemon-hosted agents get a larger
@@ -233,6 +235,13 @@ export async function startDaemon(opts) {
         fetchRoomInfo: roomContextFetcher,
         log: logger,
     });
+    const buildRuntimeRecoveryContext = createRecentRoomMessagesRecoveryBuilder({
+        credentialPathByAgentId,
+        ...(opts.credentialsPath ? { defaultCredentialsPath: opts.credentialsPath } : {}),
+        ...(opts.hubBaseUrl ? { hubBaseUrl: opts.hubBaseUrl } : {}),
+        limit: 20,
+        log: logger,
+    });
     const scBuilders = new Map();
     const loopRiskBuilder = (msg) => buildLoopRiskPrompt({
         sessionKey: loopRiskSessionKey({
@@ -296,13 +305,18 @@ export async function startDaemon(opts) {
             text: out.text,
         });
     };
-    // Per-agent attention policy cache (PR3, design §4.2 / §5). Seeded from
-    // the optional `defaultAttention` / `attentionKeywords` carried by
-    // `provision_agent`, refreshed in-place by the `policy_updated` control
-    // frame. PR2 will plug per-room overrides into `fetchEffective`; PR3
-    // leaves it absent so the resolver collapses to per-agent state.
+    // Per-agent attention policy cache (design §4.2 / §5). It is seeded from
+    // `provision_agent` / `policy_updated` frames when available and falls back
+    // to Hub on cold misses, so daemon restarts preserve dashboard policy.
+    const fetchAttentionPolicy = createAttentionPolicyFetcher({
+        credentialPathByAgentId,
+        defaultCredentialsPath: opts.credentialsPath,
+        hubBaseUrl: opts.hubBaseUrl,
+        log: logger,
+    });
     const policyResolver = new PolicyResolver({
-        fetchGlobal: async (_agentId) => undefined,
+        fetchGlobal: async (agentId) => fetchAttentionPolicy({ agentId, roomId: null }),
+        fetchEffective: async (agentId, roomId) => fetchAttentionPolicy({ agentId, roomId }),
     });
     // Display-name lookup for the mention text-fallback. Populated from boot
     // credentials; multi-agent daemons can reuse the same map via accountId.
@@ -374,6 +388,7 @@ export async function startDaemon(opts) {
         turnTimeoutMs: DEFAULT_TURN_TIMEOUT_MS,
         buildSystemContext,
         buildMemoryContext,
+        buildRuntimeRecoveryContext,
         onInbound,
         onOutbound,
         onRuntimeCircuitBreakerChange: pushLiveRuntimeSnapshot,
@@ -527,9 +542,19 @@ export function backfillBootAgents(agents, opts) {
     for (const a of agents) {
         if (a.credentialsFile)
             credentialPathByAgentId.set(a.agentId, a.credentialsFile);
-        if (a.runtime || a.cwd || a.openclawGateway || a.openclawAgent || a.hermesProfile) {
+        if (a.runtime ||
+            a.runtimeModel ||
+            a.reasoningEffort ||
+            typeof a.thinking === "boolean" ||
+            a.cwd ||
+            a.openclawGateway ||
+            a.openclawAgent ||
+            a.hermesProfile) {
             agentRuntimes[a.agentId] = {
                 ...(a.runtime ? { runtime: a.runtime } : {}),
+                ...(a.runtimeModel ? { runtimeModel: a.runtimeModel } : {}),
+                ...(a.reasoningEffort ? { reasoningEffort: a.reasoningEffort } : {}),
+                ...(typeof a.thinking === "boolean" ? { thinking: a.thinking } : {}),
                 ...(a.cwd ? { cwd: a.cwd } : {}),
                 ...(a.openclawGateway ? { openclawGateway: a.openclawGateway } : {}),
                 ...(a.openclawAgent ? { openclawAgent: a.openclawAgent } : {}),

package/dist/gateway/channels/botcord.js

@@ -842,7 +842,7 @@ function normalizeBlockForHub(block, seq) {
         // Claude Code: {type:"assistant", message:{content:[{type:"text",text}]}}
         // Codex:       {type:"item.completed", item:{type:"agent_message", text}}
         // DeepSeek:    {event:"message.delta", payload:{content}} or
-        //              {event:"item.delta", payload:{payload:{kind:"agent_message", delta}}}
+        //              {event:"item.delta", payload:{kind:"agent_message", delta}}
         let text = "";
         const contents = Array.isArray(raw?.message?.content) ? raw.message.content : [];
         for (const c of contents) {
@@ -856,9 +856,13 @@ function normalizeBlockForHub(block, seq) {
         }
         if (!text &&
             raw?.event === "item.delta" &&
-            raw?.payload?.payload?.kind === "agent_message" &&
-            typeof raw?.payload?.payload?.delta === "string") {
-            text = raw.payload.payload.delta;
+            (raw?.payload?.kind === "agent_message" || raw?.payload?.payload?.kind === "agent_message")) {
+            text =
+                typeof raw?.payload?.delta === "string"
+                    ? raw.payload.delta
+                    : typeof raw?.payload?.payload?.delta === "string"
+                        ? raw.payload.payload.delta
+                        : "";
         }
         return { kind: "assistant", seq, payload: { text } };
     }
@@ -1048,8 +1052,12 @@ function extractDeepseekToolCall(raw) {
             status: stringField(payload, "status") ?? stringField(tool, "status"),
         };
     }
-    if (payload.event === "item.started") {
-        const inner = payload.payload && typeof payload.payload === "object" ? payload.payload : {};
+    if (raw?.event === "item.started" || payload.event === "item.started") {
+        const inner = raw?.event === "item.started"
+            ? payload
+            : payload.payload && typeof payload.payload === "object"
+                ? payload.payload
+                : {};
         const item = inner.item && typeof inner.item === "object" ? inner.item : undefined;
         const tool = inner.tool && typeof inner.tool === "object" ? inner.tool : item?.tool;
         return {
@@ -1082,8 +1090,15 @@ function extractDeepseekToolResult(raw) {
             id: stringField(payload, "id"),
         };
     }
-    if (payload.event === "item.completed" || payload.event === "item.failed") {
-        const inner = payload.payload && typeof payload.payload === "object" ? payload.payload : {};
+    if (raw?.event === "item.completed" ||
+        raw?.event === "item.failed" ||
+        payload.event === "item.completed" ||
+        payload.event === "item.failed") {
+        const inner = raw?.event === "item.completed" || raw?.event === "item.failed"
+            ? payload
+            : payload.payload && typeof payload.payload === "object"
+                ? payload.payload
+                : {};
         const item = inner.item && typeof inner.item === "object" ? inner.item : undefined;
         const result = item?.output ??
             item?.result ??
@@ -1112,7 +1127,12 @@ function formatBlockDetails(raw) {
         : typeof r.message === "string" ? r.message
             : typeof r.summary === "string" ? r.summary
                 : typeof r.label === "string" ? r.label
-                    : "";
+                    : typeof r.payload?.delta === "string" ? r.payload.delta
+                        : typeof r.payload?.item?.detail === "string" ? r.payload.item.detail
+                            : typeof r.payload?.item?.summary === "string" ? r.payload.item.summary
+                                : typeof r.payload?.payload?.item?.detail === "string" ? r.payload.payload.item.detail
+                                    : typeof r.payload?.payload?.item?.summary === "string" ? r.payload.payload.item.summary
+                                        : "";
     if (direct)
         return direct;
     const contentText = extractContentText(r.content ?? r.message?.content ?? r.params?.update?.content);

package/dist/gateway/channels/login-session.d.ts

@@ -60,6 +60,18 @@ export declare class LoginSessionStore {
     create(input: Omit<LoginSession, "expiresAt"> & {
         expiresAt?: number;
     }): LoginSession;
+    /**
+     * Distinguish whether `loginId` is unknown to the store ("missing") vs
+     * known-but-past-TTL ("expired"). When the entry is expired this also
+     * evicts it from the internal map so callers do not need to follow up
+     * with a separate `delete`. Use this when the caller wants to surface
+     * a precise error code to the user; prefer `get` when a single nullable
+     * result is enough.
+     */
+    resolve(loginId: string): {
+        state: "live" | "expired" | "missing";
+        session?: LoginSession;
+    };
     /** Get a non-expired session by id, or `null` when missing/expired. */
     get(loginId: string): LoginSession | null;
     /**

package/dist/gateway/channels/login-session.js

@@ -35,10 +35,28 @@ export class LoginSessionStore {
         this.sessions.set(session.loginId, session);
         return session;
     }
+    /**
+     * Distinguish whether `loginId` is unknown to the store ("missing") vs
+     * known-but-past-TTL ("expired"). When the entry is expired this also
+     * evicts it from the internal map so callers do not need to follow up
+     * with a separate `delete`. Use this when the caller wants to surface
+     * a precise error code to the user; prefer `get` when a single nullable
+     * result is enough.
+     */
+    resolve(loginId) {
+        const s = this.sessions.get(loginId);
+        if (!s)
+            return { state: "missing" };
+        if (s.expiresAt <= this.now()) {
+            this.sessions.delete(loginId);
+            return { state: "expired" };
+        }
+        return { state: "live", session: s };
+    }
     /** Get a non-expired session by id, or `null` when missing/expired. */
     get(loginId) {
-        this.sweep();
-        return this.sessions.get(loginId) ?? null;
+        const { state, session } = this.resolve(loginId);
+        return state === "live" && session ? session : null;
     }
     /**
      * Apply a partial patch to the session in place. No-op when the session

package/dist/gateway/channels/sanitize.d.ts

@@ -1,20 +1,7 @@
 /**
- * Sanitize untrusted inbound content before handing it off to a local runtime.
- *
- * Copied from `packages/daemon/src/sanitize.ts` so the gateway channel adapter
- * does not depend back on the daemon package. Keep these two files in sync —
- * any new structural marker added in one place should be mirrored in the other.
- *
- * Neutralizes:
- *   - BotCord structural markers the channel itself emits (so peers can't forge them).
- *   - Common LLM prompt-injection patterns (<system>, [INST], <<SYS>>, <|im_start|>, etc.).
- *   - Wrapper XML tags the channel uses to frame inbound content
- *     (<agent-message>, <human-message>, <room-rule>).
+ * Thin re-export — `sanitizeUntrustedContent` / `sanitizeSenderName` live
+ * in `@botcord/protocol-core` so the daemon channel adapters and the
+ * `gateway-ingress` provider adapters use one canonical implementation.
+ * Existing imports of this module keep working unchanged.
  */
-export declare function sanitizeUntrustedContent(text: string): string;
-/**
- * Sanitize a sender label so it's safe to embed inside
- * `<agent-message sender="...">`. Must not contain newlines, structural
- * markers, or characters that could break the XML attribute boundary.
- */
-export declare function sanitizeSenderName(name: string): string;
+export { sanitizeUntrustedContent, sanitizeSenderName, } from "@botcord/protocol-core";

package/dist/gateway/channels/sanitize.js

@@ -1,56 +1,7 @@
 /**
- * Sanitize untrusted inbound content before handing it off to a local runtime.
- *
- * Copied from `packages/daemon/src/sanitize.ts` so the gateway channel adapter
- * does not depend back on the daemon package. Keep these two files in sync —
- * any new structural marker added in one place should be mirrored in the other.
- *
- * Neutralizes:
- *   - BotCord structural markers the channel itself emits (so peers can't forge them).
- *   - Common LLM prompt-injection patterns (<system>, [INST], <<SYS>>, <|im_start|>, etc.).
- *   - Wrapper XML tags the channel uses to frame inbound content
- *     (<agent-message>, <human-message>, <room-rule>).
+ * Thin re-export — `sanitizeUntrustedContent` / `sanitizeSenderName` live
+ * in `@botcord/protocol-core` so the daemon channel adapters and the
+ * `gateway-ingress` provider adapters use one canonical implementation.
+ * Existing imports of this module keep working unchanged.
  */
-export function sanitizeUntrustedContent(text) {
-    let s = text;
-    s = s.replace(/<\/?a[\s]*g[\s]*e[\s]*n[\s]*t[\s]*-[\s]*m[\s]*e[\s]*s[\s]*s[\s]*a[\s]*g[\s]*e[\s\S]*?>/gi, "[⚠ stripped: agent-message tag]");
-    s = s.replace(/<\/?h[\s]*u[\s]*m[\s]*a[\s]*n[\s]*-[\s]*m[\s]*e[\s]*s[\s]*s[\s]*a[\s]*g[\s]*e[\s\S]*?>/gi, "[⚠ stripped: human-message tag]");
-    s = s.replace(/<\/?r[\s]*o[\s]*o[\s]*m[\s]*-[\s]*r[\s]*u[\s]*l[\s]*e[\s\S]*?>/gi, "[⚠ stripped: room-rule tag]");
-    return s
-        .split(/\r?\n/)
-        .map((line) => {
-        let l = line;
-        l = l.replace(/^\[(BotCord (?:Message|Notification))\]/i, "[⚠ fake: $1]");
-        l = l.replace(/^\[Room Rule\]/i, "[⚠ fake: Room Rule]");
-        l = l.replace(/^\[房间规则\]/i, "[⚠ fake: 房间规则]");
-        l = l.replace(/^\[系统提示\]/i, "[⚠ fake: 系统提示]");
-        l = l.replace(/^\[BotCord\s+([^\]\r\n]+)\]/i, (_m, label) => {
-            const head = String(label).split(":")[0].trim() || String(label).trim();
-            return `[⚠ fake: BotCord ${head}]`;
-        });
-        l = l.replace(/^\[(System|SYSTEM|Assistant|ASSISTANT|User|USER)\]/, "[⚠ fake: $1]");
-        l = l.replace(/<\/?\s*system(?:-reminder)?\s*>/gi, "[⚠ stripped: system tag]");
-        l = l.replace(/<\|im_start\|>/gi, "[⚠ stripped: im_start]");
-        l = l.replace(/<\|im_end\|>/gi, "[⚠ stripped: im_end]");
-        l = l.replace(/\[\/?INST\]/gi, "[⚠ stripped: INST]");
-        l = l.replace(/<<\/?SYS>>/gi, "[⚠ stripped: SYS]");
-        l = l.replace(/<\s*\/?\|(?:system|user|assistant)\|?\s*>/gi, "[⚠ stripped: role tag]");
-        return l;
-    })
-        .join("\n");
-}
-/**
- * Sanitize a sender label so it's safe to embed inside
- * `<agent-message sender="...">`. Must not contain newlines, structural
- * markers, or characters that could break the XML attribute boundary.
- */
-export function sanitizeSenderName(name) {
-    return name
-        .replace(/[\n\r]/g, " ")
-        .replace(/\[/g, "⟦")
-        .replace(/\]/g, "⟧")
-        .replace(/"/g, "'")
-        .replace(/</g, "＜")
-        .replace(/>/g, "＞")
-        .slice(0, 100);
-}
+export { sanitizeUntrustedContent, sanitizeSenderName, } from "@botcord/protocol-core";

package/dist/gateway/channels/text-split.d.ts

@@ -1,13 +1,7 @@
 /**
- * Split a long message into chunks <= `limit` characters each. Prefers to cut
- * on newline boundaries so multi-paragraph replies don't fragment mid-line.
- *
- * Shared by third-party channel adapters (Telegram, WeChat) which both have a
- * per-message size cap from upstream and no native streaming. WeChat caller
- * passes a smaller `limit` (~1800), Telegram a larger one (~4000, since the
- * raw Telegram limit is 4096).
- *
- * Empty input returns `[""]` so callers can iterate uniformly without a length
- * check.
+ * Thin re-export — `splitText` lives in `@botcord/protocol-core` so the
+ * daemon channel adapters and the `gateway-ingress` provider adapters use
+ * one canonical implementation. Existing imports of this module keep
+ * working unchanged.
  */
-export declare function splitText(text: string, limit: number): string[];
+export { splitText } from "@botcord/protocol-core";