@forwardimpact/libeval 0.1.51 → 0.1.53

package/src/commands/facilitate.js

@@ -1,5 +1,5 @@
-import { createWriteStream } from "node:fs";
 import { resolve } from "node:path";
+import { isoTimestamp } from "@forwardimpact/libutil";
 import { createFacilitator } from "../facilitator.js";
 import { createRedactor } from "../redaction.js";
 import { createTeeWriter } from "../tee-writer.js";
@@ -76,13 +76,14 @@ export async function runFacilitateCommand(ctx) {
   const redactor = createRedactor({ runtime });
 
   const fileStream = opts.outputPath
-    ? createWriteStream(opts.outputPath)
+    ? runtime.fs.createWriteStream(opts.outputPath)
     : null;
   const output = fileStream
     ? createTeeWriter({
         fileStream,
         textStream: runtime.proc.stdout,
         mode: "supervised",
+        now: () => isoTimestamp(runtime.clock.now()),
       })
     : runtime.proc.stdout;
 

package/src/commands/output.js

@@ -1,3 +1,4 @@
+import { isoTimestamp } from "@forwardimpact/libutil";
 import { createTraceCollector } from "@forwardimpact/libeval";
 
 /**
@@ -16,7 +17,9 @@ export async function runOutputCommand(ctx) {
     values.format === "text" || values.format === "json"
       ? values.format
       : "json";
-  const collector = createTraceCollector();
+  const collector = createTraceCollector({
+    now: () => isoTimestamp(runtime.clock.now()),
+  });
 
   // `runtime.proc.stdin` is an AsyncIterable of UTF-8 lines (newline-split by
   // the runtime), so each yielded value is exactly one NDJSON record.

package/src/commands/run.js

@@ -1,6 +1,6 @@
-import { createWriteStream } from "node:fs";
 import { Writable } from "node:stream";
 import { resolve } from "node:path";
+import { isoTimestamp } from "@forwardimpact/libutil";
 import { createAgentRunner } from "../agent-runner.js";
 import { composeProfilePrompt } from "../profile-prompt.js";
 import { createRedactor } from "../redaction.js";
@@ -67,12 +67,15 @@ export async function runRunCommand(ctx) {
 
   // When --output is specified, stream text to stdout while writing NDJSON to file.
   // Otherwise, write NDJSON directly to stdout (backwards-compatible).
-  const fileStream = outputPath ? createWriteStream(outputPath) : null;
+  const fileStream = outputPath
+    ? runtime.fs.createWriteStream(outputPath)
+    : null;
   const output = fileStream
     ? createTeeWriter({
         fileStream,
         textStream: runtime.proc.stdout,
         mode: "raw",
+        now: () => isoTimestamp(runtime.clock.now()),
       })
     : runtime.proc.stdout;
 
@@ -108,6 +111,7 @@ export async function runRunCommand(ctx) {
   const systemPrompt = agentProfile
     ? composeProfilePrompt(agentProfile, {
         profilesDir: resolve(cwd, ".claude/agents"),
+        runtime,
       })
     : undefined;
 

package/src/commands/supervise.js

@@ -1,5 +1,5 @@
-import { createWriteStream } from "node:fs";
 import { resolve, join } from "node:path";
+import { isoTimestamp } from "@forwardimpact/libutil";
 import { createSupervisor } from "../supervisor.js";
 import { createRedactor } from "../redaction.js";
 import { createTeeWriter } from "../tee-writer.js";
@@ -72,13 +72,14 @@ export async function runSuperviseCommand(ctx) {
   // When --output is specified, stream text to stdout while writing NDJSON to file.
   // Otherwise, write NDJSON directly to stdout (backwards-compatible).
   const fileStream = opts.outputPath
-    ? createWriteStream(opts.outputPath)
+    ? runtime.fs.createWriteStream(opts.outputPath)
     : null;
   const output = fileStream
     ? createTeeWriter({
         fileStream,
         textStream: runtime.proc.stdout,
         mode: "supervised",
+        now: () => isoTimestamp(runtime.clock.now()),
       })
     : runtime.proc.stdout;
 

package/src/commands/tee.js

@@ -1,32 +1,47 @@
-import { createWriteStream } from "fs";
 import { PassThrough } from "node:stream";
 import { pipeline } from "node:stream/promises";
+import { isoTimestamp } from "@forwardimpact/libutil";
 import { createTeeWriter } from "../tee-writer.js";
 
 /**
  * Tee command — stream text output to stdout while optionally saving the raw
- * NDJSON to a file. Processes stdin line-by-line for streaming output.
+ * NDJSON to a file. Reads stdin line-by-line through the injected runtime and
+ * re-delimits each record with a newline so the TeeWriter's line splitter sees
+ * the same framing the raw byte stream produced.
  *
  * Usage: fit-eval tee [output.ndjson] < trace.ndjson
  *
- * @param {object} values - Parsed option values from cli.parse()
- * @param {string[]} args - Positional arguments (optional output file path)
+ * @param {import("@forwardimpact/libcli").InvocationContext} ctx
+ * @returns {Promise<{ok: boolean, code?: number, error?: string}>}
  */
-export async function runTeeCommand(values, args) {
-  const outputPath = args.find((a) => !a.startsWith("-")) ?? null;
-  const fileStream = outputPath ? createWriteStream(outputPath) : null;
+export async function runTeeCommand(ctx) {
+  const runtime = ctx.deps.runtime;
+  const outputPath = ctx.args.output ?? null;
+  const fileStream = outputPath
+    ? runtime.fs.createWriteStream(outputPath)
+    : null;
 
   // TeeWriter requires a fileStream; when no output file is specified,
   // use a PassThrough as a no-op sink (NDJSON is not saved).
   const sink = fileStream ?? new PassThrough();
   const tee = createTeeWriter({
     fileStream: sink,
-    textStream: process.stdout,
+    textStream: runtime.proc.stdout,
     mode: "raw",
+    now: () => isoTimestamp(runtime.clock.now()),
   });
 
   try {
-    await pipeline(process.stdin, tee);
+    // `runtime.proc.stdin` yields newline-stripped lines; re-append `\n` so the
+    // TeeWriter's `_write` line splitter frames records exactly as it did when
+    // piped the raw byte stream.
+    const lines = (async function* () {
+      for await (const line of runtime.proc.stdin) yield `${line}\n`;
+    })();
+    await pipeline(lines, tee);
+    return { ok: true };
+  } catch (error) {
+    return { ok: false, code: 1, error: error.message };
   } finally {
     if (fileStream) {
       await new Promise((resolve, reject) => {

package/src/commands/trace.js

@@ -1,4 +1,5 @@
 import { join, dirname } from "node:path";
+import { isoTimestamp } from "@forwardimpact/libutil";
 import { createTraceCollector } from "@forwardimpact/libeval";
 import { createTraceQuery } from "../trace-query.js";
 import { createTraceGitHub } from "../trace-github.js";
@@ -50,7 +51,9 @@ export async function runDownloadCommand(ctx) {
   const ndjsonFile = result.files.find((f) => f.endsWith(".ndjson"));
   if (ndjsonFile) {
     const ndjsonPath = join(result.dir, ndjsonFile);
-    const collector = createTraceCollector();
+    const collector = createTraceCollector({
+      now: () => isoTimestamp(runtime.clock.now()),
+    });
     for (const line of runtime.fsSync
       .readFileSync(ndjsonPath, "utf8")
       .split("\n")) {
@@ -325,7 +328,9 @@ function loadTrace(runtime, file) {
     // Not valid JSON — fall through to NDJSON.
   }
 
-  const collector = createTraceCollector();
+  const collector = createTraceCollector({
+    now: () => isoTimestamp(runtime.clock.now()),
+  });
   for (const line of content.split("\n")) {
     collector.addLine(line);
   }

package/src/discusser.js

@@ -226,8 +226,10 @@ export function createDiscusser({
   callbackUrl,
   inboxUrl,
   correlationId,
+  runtime,
 }) {
   if (!redactor) throw new Error("redactor is required");
+  if (!runtime) throw new Error("runtime is required");
   const resolvedLeadCwd = resolve(leadCwd ?? ".");
   const resolvedProfilesDir =
     profilesDir ?? resolve(resolvedLeadCwd, ".claude/agents");
@@ -272,6 +274,7 @@ export function createDiscusser({
         messageBus,
         leadName: "lead",
         signal: abortController.signal,
+        runtime,
       })
     : null;
 
@@ -307,10 +310,6 @@ export function createDiscusser({
       from: config.name,
     });
 
-    const agentTrailer = config.systemPromptAmend
-      ? `${DISCUSS_AGENT_SYSTEM_PROMPT}\n\n${config.systemPromptAmend}`
-      : DISCUSS_AGENT_SYSTEM_PROMPT;
-
     const runner = createAgentRunner({
       cwd: config.cwd ?? resolvedLeadCwd,
       query,
@@ -325,7 +324,9 @@ export function createDiscusser({
         role: "agent",
         profile: config.agentProfile,
         profilesDir: resolvedProfilesDir,
-        trailer: agentTrailer,
+        trailer: DISCUSS_AGENT_SYSTEM_PROMPT,
+        amend: config.systemPromptAmend,
+        runtime,
       }),
       redactor,
     });
@@ -358,6 +359,7 @@ export function createDiscusser({
       profile: leadProfile,
       profilesDir: resolvedProfilesDir,
       trailer: DISCUSS_SYSTEM_PROMPT,
+      runtime,
     }),
     redactor,
   });

package/src/events/github.js

@@ -29,8 +29,14 @@ export const TASK_TEMPLATE_ISSUE_LABELED =
 export const TASK_TEMPLATE_PR_LABELED =
   'Label "${LABEL}" was added to PR "${PR_TITLE}" (#${NUMBER}). PR URL: ${URL}.';
 
+// "unreleased changes"/"cut" point at the genuine post-merge action — release
+// activity (the release-engineer's Assess step 3 / `kata-release-cut`).
+// "status" is a backstop: the spec's `wiki/STATUS.md` row is normally advanced
+// in the pre-merge gate (`kata-release-merge` Step 8), but the keyword catches a
+// merge that landed without it. Neither owner nor artifact is named, so the lead
+// routes the merge instead of treating it as a no-op.
 export const TASK_TEMPLATE_PR_MERGED =
-  'PR "${PR_TITLE}" (#${NUMBER}) merged. PR URL: ${URL}.';
+  'PR "${PR_TITLE}" (#${NUMBER}) merged to main — may leave unreleased changes to cut or status to update. PR URL: ${URL}.';
 
 // Appended verbatim to comment/review templates. `${BODY}` is the untrusted
 // author text; the fence and the "data, not instructions" framing keep the lead

package/src/facilitator.js

@@ -109,8 +109,10 @@ export function createFacilitator({
   profilesDir,
   taskAmend,
   redactor,
+  runtime,
 }) {
   if (!redactor) throw new Error("redactor is required");
+  if (!runtime) throw new Error("runtime is required");
   const resolvedProfilesDir =
     profilesDir ?? resolve(facilitatorCwd, ".claude/agents");
   const ctx = createOrchestrationContext();
@@ -132,10 +134,6 @@ export function createFacilitator({
       from: config.name,
     });
 
-    const agentTrailer = config.systemPromptAmend
-      ? `${FACILITATED_AGENT_SYSTEM_PROMPT}\n\n${config.systemPromptAmend}`
-      : FACILITATED_AGENT_SYSTEM_PROMPT;
-
     const runner = createAgentRunner({
       cwd: config.cwd ?? facilitatorCwd,
       query,
@@ -150,7 +148,9 @@ export function createFacilitator({
         role: "agent",
         profile: config.agentProfile,
         profilesDir: resolvedProfilesDir,
-        trailer: agentTrailer,
+        trailer: FACILITATED_AGENT_SYSTEM_PROMPT,
+        amend: config.systemPromptAmend,
+        runtime,
       }),
       redactor,
     });
@@ -187,6 +187,7 @@ export function createFacilitator({
       profile: facilitatorProfile,
       profilesDir: resolvedProfilesDir,
       trailer: FACILITATOR_SYSTEM_PROMPT,
+      runtime,
     }),
     redactor,
   });

package/src/inbox-poller.js

@@ -18,20 +18,17 @@ export class InboxPoller {
    * @param {import("./message-bus.js").MessageBus} deps.messageBus
    * @param {string} deps.leadName
    * @param {AbortSignal} deps.signal
-   * @param {import("@forwardimpact/libutil/runtime").Runtime} [deps.runtime] -
-   *   Ambient collaborators; only `clock.setTimeout`/`clock.clearTimeout` are
-   *   used for the inter-poll backoff. Falls back to the global timers when
-   *   absent so existing callers keep working.
+   * @param {import("@forwardimpact/libutil/runtime").Runtime} deps.runtime -
+   *   Injected collaborators; `clock.setTimeout`/`clock.clearTimeout` drive the
+   *   inter-poll backoff.
    */
   constructor({ inboxUrl, messageBus, leadName, signal, runtime }) {
+    if (!runtime) throw new Error("runtime is required");
     this.#inboxUrl = inboxUrl;
     this.#messageBus = messageBus;
     this.#leadName = leadName;
     this.#signal = signal;
-    this.#clock = runtime?.clock ?? {
-      setTimeout: (fn, ms) => globalThis.setTimeout(fn, ms),
-      clearTimeout: (h) => globalThis.clearTimeout(h),
-    };
+    this.#clock = runtime.clock;
   }
 
   /** Long-poll the inbox until the abort signal fires. */

package/src/judge.js

@@ -17,7 +17,7 @@ import { resolve } from "node:path";
 import { Writable } from "node:stream";
 
 import { createAgentRunner } from "./agent-runner.js";
-import { composeProfilePrompt } from "./profile-prompt.js";
+import { composeSystemPrompt } from "./profile-prompt.js";
 import { SequenceCounter } from "./sequence-counter.js";
 import {
   createJudgeToolServer,
@@ -140,7 +140,7 @@ export class Judge {
 /**
  * Factory function — wires the AgentRunner with the judge orchestration server
  * and the JUDGE_SYSTEM_PROMPT trailer. A `judgeProfile` (when supplied) layers
- * on top of the trailer via `composeProfilePrompt`, matching the
+ * on top of the trailer via `composeSystemPrompt`, matching the
  * supervisor/facilitator pattern.
  *
  * @param {object} deps
@@ -151,7 +151,7 @@ export class Judge {
  * @param {string} [deps.model]
  * @param {number} [deps.maxTurns] - Default 5 (the judge is expected to act in turn 1; 5 leaves headroom for tool inspection).
  * @param {string[]} [deps.allowedTools] - Default `["Read","Glob","Grep","Bash"]` — read-only inspection.
- * @param {string} [deps.judgeProfile] - Profile name; resolved into the system prompt via `composeProfilePrompt`.
+ * @param {string} [deps.judgeProfile] - Profile name; resolved into the system prompt via `composeSystemPrompt`.
  * @param {string} [deps.profilesDir] - Defaults to `<cwd>/.claude/agents`.
  * @param {string} [deps.taskAmend]
  * @returns {Judge}
@@ -167,23 +167,22 @@ export function createJudge({
   judgeProfile,
   profilesDir,
   taskAmend,
+  runtime,
 }) {
   if (!cwd) throw new Error("cwd is required");
   if (!query) throw new Error("query is required");
   if (!output) throw new Error("output is required");
   if (!redactor) throw new Error("redactor is required");
+  if (!runtime) throw new Error("runtime is required");
 
   const resolvedProfilesDir = profilesDir ?? resolve(cwd, ".claude/agents");
-  const systemPrompt = judgeProfile
-    ? composeProfilePrompt(judgeProfile, {
-        profilesDir: resolvedProfilesDir,
-        trailer: JUDGE_SYSTEM_PROMPT,
-      })
-    : {
-        type: "preset",
-        preset: "claude_code",
-        append: JUDGE_SYSTEM_PROMPT,
-      };
+  const systemPrompt = composeSystemPrompt({
+    role: "agent",
+    profile: judgeProfile,
+    profilesDir: resolvedProfilesDir,
+    trailer: JUDGE_SYSTEM_PROMPT,
+    runtime,
+  });
 
   const ctx = createOrchestrationContext();
   ctx.participants = [{ name: "judge", role: "judge" }];

package/src/profile-prompt.js

@@ -1,7 +1,25 @@
 /**
  * System prompt composition for agent runners.
  *
- * Two helpers:
+ * libeval assembles every agent system prompt from up to two parallel,
+ * sibling-tagged sections (see COALIGNED.md § L0):
+ *
+ *     <agent_profile>
+ *     …persona body…
+ *     </agent_profile>
+ *
+ *     <session_protocol>
+ *     …orchestration mechanics, then any amendment…
+ *     </session_protocol>
+ *
+ * The two tags are siblings joined by a blank line — neither nests inside
+ * the other. A section appears only when its content is present. A
+ * system-prompt amendment is folded into the protocol trailer before
+ * wrapping, so it lands transparently inside `<session_protocol>`. The tag
+ * convention lives entirely here: profile `.md` files and trailer constants
+ * carry no tags.
+ *
+ * Helpers:
  *
  * - `composeProfilePrompt(name, opts)` — profile + `claude_code` preset.
  *   Used by agent participants that need the full Claude Code tool surface.
@@ -10,66 +28,146 @@
  *   roles (supervisor, facilitator, discuss lead) that should only see
  *   the orchestration instructions and optionally a profile body.
  *
- * - `composeSystemPrompt(opts)` — unified entry point. Delegates to one
- *   of the above based on `opts.role`.
+ * - `composeSystemPrompt(opts)` — unified entry point. Folds `amend` into
+ *   the protocol section, then delegates to one of the above based on
+ *   `opts.role`.
  */
 
-import { readFileSync } from "node:fs";
 import { join } from "node:path";
 
+/** Sibling section tags. Neither nests inside the other. */
+const AGENT_PROFILE_TAG = "agent_profile";
+const SESSION_PROTOCOL_TAG = "session_protocol";
+
+/** Wrap content in a semantic section tag, each on its own line. */
+function wrapSection(tag, content) {
+  return `<${tag}>\n${content}\n</${tag}>`;
+}
+
+/**
+ * Assemble the parallel `<agent_profile>` / `<session_protocol>` sections.
+ * Each section is emitted only when its content is non-empty; the two tags
+ * are siblings joined by a blank line and never nest.
+ *
+ * @param {object} parts
+ * @param {string} [parts.body] - Profile body, already frontmatter-stripped.
+ * @param {string} [parts.protocol] - Session protocol trailer, with any
+ *   amendment already folded in.
+ * @returns {string}
+ */
+function assembleSections({ body, protocol }) {
+  const sections = [];
+  if (body) sections.push(wrapSection(AGENT_PROFILE_TAG, body));
+  if (protocol) sections.push(wrapSection(SESSION_PROTOCOL_TAG, protocol));
+  return sections.join("\n\n");
+}
+
+/**
+ * Read a profile `.md`, strip its frontmatter, and return the trimmed body.
+ * Reads synchronously off the injected `runtime.fsSync` surface — this
+ * composer runs inside the synchronous SDK-option builders of the
+ * supervisor / facilitator / discusser / judge factories, so it cannot go
+ * async without an unbounded cascade.
+ *
+ * @param {string} name - Profile basename (no `.md` suffix)
+ * @param {string} profilesDir - Directory containing `<name>.md`
+ * @param {import("@forwardimpact/libutil/runtime").Runtime} runtime
+ * @returns {string}
+ */
+function readProfileBody(name, profilesDir, runtime) {
+  const path = join(profilesDir, `${name}.md`);
+  const raw = runtime.fsSync.readFileSync(path, "utf8");
+  return stripFrontmatter(raw).trim();
+}
+
 /**
- * Compose a `claude_code`-preset system prompt from a profile file.
+ * Compose a `claude_code`-preset system prompt from a profile file. The
+ * profile body is wrapped in `<agent_profile>`; an optional protocol trailer
+ * is wrapped in a sibling `<session_protocol>`.
+ *
  * @param {string} name - Profile basename (no `.md` suffix)
  * @param {object} opts
  * @param {string} opts.profilesDir - Directory containing `<name>.md`
- * @param {string} [opts.trailer] - Mode-specific trailer appended after a blank line
+ * @param {string} [opts.trailer] - Session protocol, wrapped as a sibling
+ *   `<session_protocol>` section after a blank line
+ * @param {import("@forwardimpact/libutil/runtime").Runtime} opts.runtime - Ambient collaborators; uses `fsSync.readFileSync`.
  * @returns {{type: "preset", preset: "claude_code", append: string}}
  */
-export function composeProfilePrompt(name, { profilesDir, trailer }) {
-  const path = join(profilesDir, `${name}.md`);
-  const raw = readFileSync(path, "utf8");
-  const body = stripFrontmatter(raw).trim();
-  const append = trailer && trailer.length > 0 ? `${body}\n\n${trailer}` : body;
-  return { type: "preset", preset: "claude_code", append };
+export function composeProfilePrompt(name, { profilesDir, trailer, runtime }) {
+  const body = readProfileBody(name, profilesDir, runtime);
+  return {
+    type: "preset",
+    preset: "claude_code",
+    append: assembleSections({ body, protocol: trailer }),
+  };
 }
 
 /**
- * Compose a plain-string system prompt for a lead role (no Claude Code preset).
+ * Compose a plain-string system prompt for a lead role (no Claude Code
+ * preset). The protocol trailer is wrapped in `<session_protocol>`; an
+ * optional profile body is wrapped in a sibling `<agent_profile>` before it.
+ *
  * @param {object} opts
  * @param {string} [opts.profile] - Profile basename (no `.md` suffix)
  * @param {string} [opts.profilesDir] - Directory containing profile files
- * @param {string} opts.trailer - Mode-specific orchestration instructions
+ * @param {string} opts.trailer - Session protocol (orchestration instructions)
+ * @param {import("@forwardimpact/libutil/runtime").Runtime} opts.runtime - Ambient collaborators; uses `fsSync.readFileSync`.
  * @returns {string}
  */
-export function composeLeadPrompt({ profile, profilesDir, trailer }) {
+export function composeLeadPrompt({ profile, profilesDir, trailer, runtime }) {
   if (!trailer) throw new Error("trailer is required");
-  if (!profile) return trailer;
-  const path = join(profilesDir, `${profile}.md`);
-  const raw = readFileSync(path, "utf8");
-  const body = stripFrontmatter(raw).trim();
-  return `${body}\n\n${trailer}`;
+  const body = profile
+    ? readProfileBody(profile, profilesDir, runtime)
+    : undefined;
+  return assembleSections({ body, protocol: trailer });
 }
 
 /**
- * Unified entry point for composing system prompts.
+ * Unified entry point for composing system prompts. Folds an optional
+ * amendment into the protocol trailer — so it lands inside
+ * `<session_protocol>` — then delegates by role.
  *
  * @param {object} opts
  * @param {"lead"|"agent"} opts.role - `"lead"` produces a plain string;
  *   `"agent"` produces a `claude_code` preset object.
  * @param {string} [opts.profile] - Profile basename
  * @param {string} [opts.profilesDir]
- * @param {string} opts.trailer - Mode-specific instructions
+ * @param {string} opts.trailer - Session protocol (orchestration instructions)
+ * @param {string} [opts.amend] - Caller-supplied amendment, appended inside
+ *   `<session_protocol>` after the trailer with a blank-line separator.
+ * @param {import("@forwardimpact/libutil/runtime").Runtime} opts.runtime - Ambient collaborators; uses `fsSync.readFileSync`.
  * @returns {string | {type: "preset", preset: "claude_code", append: string}}
  */
-export function composeSystemPrompt({ role, profile, profilesDir, trailer }) {
+export function composeSystemPrompt({
+  role,
+  profile,
+  profilesDir,
+  trailer,
+  amend,
+  runtime,
+}) {
   if (!trailer) throw new Error("trailer is required");
+  const protocol = amend ? `${trailer}\n\n${amend}` : trailer;
   if (role === "lead") {
-    return composeLeadPrompt({ profile, profilesDir, trailer });
+    return composeLeadPrompt({
+      profile,
+      profilesDir,
+      trailer: protocol,
+      runtime,
+    });
   }
   if (profile) {
-    return composeProfilePrompt(profile, { profilesDir, trailer });
+    return composeProfilePrompt(profile, {
+      profilesDir,
+      trailer: protocol,
+      runtime,
+    });
   }
-  return { type: "preset", preset: "claude_code", append: trailer };
+  return {
+    type: "preset",
+    preset: "claude_code",
+    append: assembleSections({ protocol }),
+  };
 }
 
 /**

package/src/redaction.js

@@ -15,6 +15,7 @@ export const DEFAULT_ENV_ALLOWLIST = Object.freeze([
   "DATABASE_PASSWORD",
   "GH_TOKEN",
   "GITHUB_TOKEN",
+  "JWT_SECRET",
   "MCP_TOKEN",
   "MICROSOFT_APP_ID",
   "MICROSOFT_APP_PASSWORD",
@@ -22,7 +23,6 @@ export const DEFAULT_ENV_ALLOWLIST = Object.freeze([
   "PRODUCT_LANDMARK_TOKEN",
   "SERVICE_SECRET",
   "SUPABASE_ANON_KEY",
-  "SUPABASE_JWT_SECRET",
   "SUPABASE_SERVICE_ROLE_KEY",
 ]);
 
@@ -135,7 +135,8 @@ export function createRedactor({
   patterns = DEFAULT_PATTERNS,
   enabled,
 } = {}) {
-  const proc = runtime?.proc ?? defaultProc();
+  if (!runtime) throw new Error("runtime is required");
+  const proc = runtime.proc;
   const resolvedEnv = env ?? proc.env;
   const envDisabled = resolvedEnv.LIBEVAL_REDACTION_DISABLED === "1";
   const resolvedEnabled = enabled ?? !envDisabled;
@@ -151,20 +152,6 @@ export function createRedactor({
   return new Redactor({ envSnapshot, patterns, enabled: resolvedEnabled });
 }
 
-/**
- * Lazily build the production proc surface so callers that don't inject a
- * runtime keep working. Imported indirectly to avoid pulling the whole
- * runtime bag (and its `node:fs`/`node:child_process` imports) into modules
- * that only ever receive an injected runtime.
- * @returns {{env: Record<string, string|undefined>, stderr: {write: (s: string) => void}}}
- */
-function defaultProc() {
-  return {
-    env: globalThis.process?.env ?? {},
-    stderr: { write: (s) => globalThis.process?.stderr?.write(s) },
-  };
-}
-
 /**
  * Parse `LIBEVAL_REDACTION_ENV_VARS` into a trimmed, non-empty name list.
  * Falls back to `DEFAULT_ENV_ALLOWLIST` when unset or empty.

package/src/supervisor.js

@@ -122,6 +122,7 @@ const devNull = new Writable({
  * @param {string[]} [deps.supervisorDisallowedTools]
  * @param {string} [deps.supervisorProfile]
  * @param {string} [deps.agentProfile]
+ * @param {string} [deps.agentSystemPromptAmend] - Amendment folded into the agent's `<session_protocol>` section, after the protocol trailer.
  * @param {string} [deps.profilesDir]
  * @param {string} [deps.taskAmend]
  * @param {Record<string, object>} [deps.agentMcpServers]
@@ -141,12 +142,15 @@ export function createSupervisor({
   supervisorDisallowedTools,
   supervisorProfile,
   agentProfile,
+  agentSystemPromptAmend,
   profilesDir,
   taskAmend,
   agentMcpServers,
   redactor,
+  runtime,
 }) {
   if (!redactor) throw new Error("redactor is required");
+  if (!runtime) throw new Error("runtime is required");
   const resolvedProfilesDir =
     profilesDir ?? resolve(supervisorCwd, ".claude/agents");
 
@@ -180,6 +184,8 @@ export function createSupervisor({
       profile: agentProfile,
       profilesDir: resolvedProfilesDir,
       trailer: AGENT_SYSTEM_PROMPT,
+      amend: agentSystemPromptAmend,
+      runtime,
     }),
     mcpServers: { orchestration: agentServer, ...agentMcpServers },
     redactor,
@@ -213,6 +219,7 @@ export function createSupervisor({
       profile: supervisorProfile,
       profilesDir: resolvedProfilesDir,
       trailer: SUPERVISOR_SYSTEM_PROMPT,
+      runtime,
     }),
     mcpServers: { orchestration: supervisorServer },
     redactor,