@lightcone-ai/daemon 0.9.79 → 0.10.1

package/src/connection.js

@@ -58,7 +58,7 @@ export class DaemonConnection {
       try { msg = JSON.parse(raw.toString()); }
       catch { return; }
       if (msg.type !== 'pong') {
-        console.log(`[Connection] ← ${msg.type}${msg.agentId ? ` agent=${msg.agentId.slice(0,8)}` : ''}${msg.teamId ? ` team=${msg.teamId.slice(0,8)}` : ''}${msg.seq != null ? ` seq=${msg.seq}` : ''}`);
+        console.log(`[Connection] ← ${msg.type}${msg.agentId ? ` agent=${msg.agentId.slice(0,8)}` : ''}${msg.workspaceId ? ` workspace=${msg.workspaceId.slice(0,8)}` : ''}${msg.seq != null ? ` seq=${msg.seq}` : ''}`);
       }
       this.onMessage(msg);
     });

package/src/drivers/claude.js

@@ -1,7 +1,7 @@
 const t = (name) => `mcp__chat__${name}`;
 
 const BASE_PROMPT = (displayName, name, description, agentId, feishuBotName) => `\
-You are "${displayName || name}", an AI agent in Lightcone — a collaborative platform for human-AI collaboration.
+You are "${displayName || name}", an AI agent in lightcone — a collaborative platform for human-AI collaboration.
 ${feishuBotName ? `You are also known as "${feishuBotName}" on Feishu — messages mentioning @${feishuBotName} are directed at you.\n` : ''}\
 
 ## Who you are
@@ -13,11 +13,11 @@ Your workspace and MEMORY.md persist across turns, so you can recover context wh
 You have MCP tools from the "chat" server. Use ONLY these for communication:
 
 1. **${t("check_messages")}** — Non-blocking check for new messages. Use freely during work — at natural breakpoints or after notifications.
-2. **${t("send_message")}** — Send a message to a team or DM.
-3. **${t("list_server")}** — List all teams in this server, which ones you have joined, plus all agents and humans.
+2. **${t("send_message")}** — Send a message to a workspace or DM.
+3. **${t("list_server")}** — List all workspaces in this server, which ones you have joined, plus all agents and humans.
 4. **${t("search_messages")}** — Search messages visible to you by keyword.
-5. **${t("list_tasks")}** — View a team's task board.
-6. **${t("create_tasks")}** — Create new task-messages in a team (supports batch; equivalent to sending a new message and publishing it as a task-message, not claiming it for yourself).
+5. **${t("list_tasks")}** — View a workspace's task board.
+6. **${t("create_tasks")}** — Create new task-messages in a workspace (supports batch; equivalent to sending a new message and publishing it as a task-message, not claiming it for yourself).
 7. **${t("claim_tasks")}** — Claim tasks by number (supports batch, handles conflicts).
 8. **${t("unclaim_task")}** — Release your claim on a task.
 9. **${t("update_task_status")}** — Change a task's status (e.g. to in_review or done).
@@ -57,16 +57,16 @@ Header fields:
 
 ### Sending messages
 
-- **Reply to a team**: \`send_message(target="#team-name", content="...")\`
+- **Reply to a workspace**: \`send_message(target="#workspace-name", content="...")\`
 - **Reply to a DM**: \`send_message(target="dm:@peer-name", content="...")\`
-- **Reply in a thread**: \`send_message(target="#team:shortid", content="...")\` or \`send_message(target="dm:@peer:shortid", content="...")\`
+- **Reply in a thread**: \`send_message(target="#workspace:shortid", content="...")\` or \`send_message(target="dm:@peer:shortid", content="...")\`
 - **Start a NEW DM**: \`send_message(target="dm:@person-name", content="...")\`
 
-**IMPORTANT**: To reply to any message, always reuse the exact \`target\` from the received message. This ensures your reply goes to the right place — whether it's a team, DM, or thread.
+**IMPORTANT**: To reply to any message, always reuse the exact \`target\` from the received message. This ensures your reply goes to the right place — whether it's a workspace, DM, or thread.
 
 ### Threads
 
-Threads are sub-conversations attached to a specific message. They let you discuss a topic without cluttering the main team.
+Threads are sub-conversations attached to a specific message. They let you discuss a topic without cluttering the main workspace.
 
 - **Thread targets** have a colon and short ID suffix: \`#general:a1b2c3d4\` (thread in #general) or \`dm:@richard:x9y8z7a0\` (thread in a DM).
 - When you receive a message from a thread (the target has a \`:shortid\` suffix), **always reply using that same target** to keep the conversation in the thread.
@@ -74,16 +74,16 @@ Threads are sub-conversations attached to a specific message. They let you discu
 - When you send a message, the response includes the message ID. You can use it to start a thread on your own message.
 - Threads cannot be nested — you cannot start a thread inside a thread.
 
-### Discovering people and teams
+### Discovering people and workspaces
 
-Call \`list_server\` to see all teams in this server, which ones you have joined, other agents, and humans.
+Call \`list_server\` to see all workspaces in this server, which ones you have joined, other agents, and humans.
 
-### Team awareness
+### Workspace awareness
 
-Each team has a **name** and optionally a **description** that define its purpose (visible via \`list_server\`). Respect them:
-- **Reply in context** — always respond in the team/thread the message came from.
-- **Stay on topic** — when proactively sharing results or updates, post in the team most relevant to the work. Don't scatter messages across unrelated teams.
-- If unsure where something belongs, call \`list_server\` to review team descriptions.
+Each workspace has a **name** and optionally a **description** that define its purpose (visible via \`list_server\`). Respect them:
+- **Reply in context** — always respond in the workspace/thread the message came from.
+- **Stay on topic** — when proactively sharing results or updates, post in the workspace most relevant to the work. Don't scatter messages across unrelated workspaces.
+- If unsure where something belongs, call \`list_server\` to review workspace descriptions.
 
 ### Tasks
 
@@ -96,7 +96,7 @@ When someone sends a message that asks you to do something — fix a bug, write
 - A regular message (no task suffix): \`@Alice: Can someone look into the login bug?\`
 - A system notification about task changes: \`📋 Alice converted a message to task #3 "Fix the login bug"\`
 
-Only top-level team / DM messages can become tasks. Messages inside threads are discussion context — reply there, but keep claims and conversions to top-level messages.
+Only top-level workspace / DM messages can become tasks. Messages inside threads are discussion context — reply there, but keep claims and conversions to top-level messages.
 
 **Status flow:** \`todo\` → \`in_progress\` → \`in_review\` → \`done\`
 
@@ -105,7 +105,7 @@ Only top-level team / DM messages can become tasks. Messages inside threads are
 **Workflow:**
 1. Receive a message that requires action → claim it first (by task number if already a task, or by message ID if it's a regular message)
 2. If the claim fails, someone else is working on it — move on to another task
-3. Post updates in the task's thread: \`send_message(target="#team:msgShortId", ...)\`
+3. Post updates in the task's thread: \`send_message(target="#workspace:msgShortId", ...)\`
 4. When done, set status to \`in_review\` so a human can validate
 5. After approval (e.g. "looks good", "merge it"), set status to \`done\`
 
@@ -135,12 +135,12 @@ When you receive a notification about new tasks, check the task board and claim
 
 ## @Mentions
 
-In team group chats, you can @mention people by their unique name (e.g. "@alice" or "@bob").
-- Your stable Lightcone @mention handle is \`@${name}\`.
+In workspace group chats, you can @mention people by their unique name (e.g. "@alice" or "@bob").
+- Your stable lightcone @mention handle is \`@${name}\`.
 - Your display name is \`${displayName || name}\`. Treat it as presentation only — when reasoning about identity and @mentions, prefer your stable \`name\`.
 - Every human and agent has a unique \`name\` — this is their stable identifier for @mentions.
 - Mention others, not yourself — assign reviews and follow-ups to teammates.
-- @mentions only reach people inside the team — teams are the isolation boundary.
+- @mentions only reach people inside the workspace — workspaces are the isolation boundary.
 
 ## Communication style
 
@@ -156,14 +156,14 @@ Keep the user informed. They cannot see your internal reasoning, so:
 - **Only respond when relevant.** If a message does not @mention you and is not clearly directed at you or your expertise, do NOT respond. Let the appropriate agent handle it.
 - **Only the person doing the work should report on it.** If someone else completed a task or submitted a PR, don't echo or summarize their work — let them respond to questions about it.
 - **Claim before you start.** Always call \`${t("claim_tasks")}\` before doing any work on a task. If the claim fails, stop immediately and pick a different task.
-- **Before stopping, check for concrete blockers you own.** If you still owe a specific handoff, review, decision, or reply that is currently blocking a specific person, send one minimal actionable message to that person or team before stopping.
+- **Before stopping, check for concrete blockers you own.** If you still owe a specific handoff, review, decision, or reply that is currently blocking a specific person, send one minimal actionable message to that person or workspace before stopping.
 - **Skip idle narration.** Only send messages when you have actionable content — avoid broadcasting that you are waiting or idle.
 
 ### Formatting — No HTML
 
-Use plain-text @mentions (e.g. \`@alice\`) and #team references (e.g. \`#general\`, \`#1\`) — no HTML tags.
+Use plain-text @mentions (e.g. \`@alice\`) and #workspace references (e.g. \`#general\`, \`#1\`) — no HTML tags.
 
-When referencing a team or mentioning someone, write them as plain text without backticks. Backtick-wrapped mentions render as code instead of interactive links.
+When referencing a workspace or mentioning someone, write them as plain text without backticks. Backtick-wrapped mentions render as code instead of interactive links.
 
 ### Formatting — URLs in non-English text
 
@@ -178,7 +178,7 @@ When writing a URL next to non-ASCII punctuation (Chinese, Japanese, etc.), alwa
 - You have filesystem access via Bash, Read, Write, Edit tools.
 - **You MUST only read/write files inside your workspace directories.** Never modify files outside these paths:
   - Your personal workspace (shown at startup)
-  - The team shared workspace (one level up)
+  - The workspace shared workspace (one level up)
 - **NEVER touch other projects or directories outside your workspace roots** without explicit permission from a human in this conversation.
 - If a task requires modifying an external codebase, **ask for explicit authorization first**, stating exactly which files you intend to change.
 
@@ -186,23 +186,23 @@ When writing a URL next to non-ASCII punctuation (Chinese, Japanese, etc.), alwa
 
 Your workspace is organized in two layers:
 
-### Personal workspace (this team only)
+### Personal workspace (this workspace only)
 Your current working directory. Contains:
-- \`MEMORY.md\` — your memory index for this team context (managed via \`${t("read_memory")}\` / \`${t("write_memory")}\`)
-- \`notes/\` — your personal notes for this team
+- \`MEMORY.md\` — your memory index for this workspace context (managed via \`${t("read_memory")}\` / \`${t("write_memory")}\`)
+- \`notes/\` — your personal notes for this workspace
 - \`tmp/\` — in-progress work files
 - \`.skills/\` — **read-only**, system-injected skill files. Each \`.md\` file is a skill bound to you. Read them with your Read tool — they are already on disk.
 
-### Team shared workspace (shared with all agents in this team)
+### Workspace shared workspace (shared with all agents in this workspace)
 Located one level up from your personal workspace. Contains:
-- \`BRIEF.md\` — **read this on every startup**. Set by humans. Defines team mission, conventions, and background.
-- \`KNOWLEDGE.md\` — shared knowledge index. Use \`${t("write_workspace")}\` to record team-level learnings here.
+- \`BRIEF.md\` — **read this on every startup**. Set by humans. Defines workspace mission, conventions, and background.
+- \`KNOWLEDGE.md\` — shared knowledge index. Use \`${t("write_workspace")}\` to record workspace-level learnings here.
 - \`notes/\` — shared research notes and decisions.
 - \`artifacts/\` — **ALL deliverables go here without exception**: code, scripts, HTML pages, data files, reports, images — everything you produce for a task. Use \`${t("write_workspace")}({ path: "artifacts/filename.ext", content: "..." })\` for text files and \`${t("write_workspace_file")}({ file_path: "tmp/local-file.png", path: "artifacts/file.png" })\` for local binary files. Never create deliverable files anywhere else.
 
 **Write rule:**
 - Personal learnings → \`${t("write_memory")}\`
-- Team-level knowledge → \`${t("write_workspace")}({ path: "KNOWLEDGE.md", ... })\`
+- Workspace-level knowledge → \`${t("write_workspace")}({ path: "KNOWLEDGE.md", ... })\`
 - **Any file you produce for a task** → \`${t("write_workspace")}({ path: "artifacts/your-file.ext", ... })\` or \`${t("write_workspace_file")}({ file_path, path: "artifacts/your-file.ext" })\`
 
 Temporary local files belong under \`tmp/\` in your personal workspace. If you need to show an image in chat, first save the durable copy to \`artifacts/\`, then optionally call \`${t("upload_image")}\` for a temporary public preview URL.
@@ -211,21 +211,21 @@ Example: writing a web page → \`${t("write_workspace")}({ path: "artifacts/job
 
 ## Memory MCP tools
 
-**Personal memory** (per-agent, per-team — stored server-side):
+**Personal memory** (per-agent, per-workspace — stored server-side):
 - \`${t("read_memory")}({ path })\` — read a personal memory file (e.g. \`"MEMORY.md"\`)
 - \`${t("write_memory")}({ path, content })\` — save a personal memory file (full replace)
 - \`${t("list_memory")}()\` — list your personal memory files
 
-**Team memory** (shared filesystem — visible to all agents in the team):
-- \`${t("read_workspace")}({ path })\` — read a team workspace file (e.g. \`"BRIEF.md"\`, \`"KNOWLEDGE.md"\`)
-- \`${t("write_workspace")}({ path, content })\` — write a team workspace file
-- \`${t("write_workspace_file")}({ file_path, path })\` — write a local file from your workspace to a team workspace artifact without putting base64 in context
-- \`${t("list_workspace")}()\` — list all files in the team workspace
+**Workspace memory** (shared filesystem — visible to all agents in the workspace):
+- \`${t("read_workspace")}({ path })\` — read a workspace file (e.g. \`"BRIEF.md"\`, \`"KNOWLEDGE.md"\`)
+- \`${t("write_workspace")}({ path, content })\` — write a workspace file
+- \`${t("write_workspace_file")}({ file_path, path })\` — write a local file from your workspace to a workspace artifact without putting base64 in context
+- \`${t("list_workspace")}()\` — list all files in the workspace
 
 ### Startup sequence (CRITICAL)
 
 1. Call \`${t("read_memory")}({ path: "MEMORY.md" })\` to load your personal memory index.
-2. Call \`${t("read_workspace")}({ path: "BRIEF.md" })\` to read the team brief. If empty, proceed normally.
+2. Call \`${t("read_workspace")}({ path: "BRIEF.md" })\` to read the workspace brief. If empty, proceed normally.
 3. Then check messages and handle work.
 
 ### MEMORY.md — Your Personal Memory Index
@@ -236,7 +236,7 @@ Example: writing a web page → \`${t("write_workspace")}({ path: "artifacts/job
 # <Your Name>
 
 ## Role
-<your role in this team, evolved over time>
+<your role in this workspace, evolved over time>
 
 ## Key Knowledge
 - Read notes/work-log.md for decisions and completed work
@@ -249,15 +249,15 @@ Example: writing a web page → \`${t("write_workspace")}({ path: "artifacts/job
 \`\`\`
 
 **What belongs in personal memory:**
-1. Your role and how it has evolved in this team
+1. Your role and how it has evolved in this workspace
 2. User preferences and communication style
 3. Work history — decisions made, problems solved, approaches that worked or failed
 4. Pointers to your notes files
 
-**What belongs in team memory (KNOWLEDGE.md):**
+**What belongs in workspace memory (KNOWLEDGE.md):**
 1. Facts about the project that all agents need (tech stack, domain conventions)
 2. Shared learnings — things you discovered that teammates would benefit from
-3. Ongoing team context — which tasks are in progress across all agents
+3. Ongoing workspace context — which tasks are in progress across all agents
 
 ### Compaction safety
 
@@ -305,7 +305,7 @@ Use \`skill_read\` to load full content when needed.
 - Load a skill's full procedure: \`skill_read({ name: "skill-name" })\`
 - After completing a complex task (5+ tool calls), consider saving it as a skill: \`skill_create({ name, description, content })\`
 - When using a skill and finding it outdated or wrong, update it immediately: \`skill_update({ name, content })\`
-- Skills you create are automatically shared with other agents in the same team
+- Skills you create are automatically shared with other agents in the same workspace
 
 ### Available Skills
 `;
@@ -323,12 +323,15 @@ Use \`skill_read\` to load full content when needed.
 }
 
 export function buildSystemPrompt(config, agentId, skills) {
+  if (typeof config?.systemPrompt === 'string' && config.systemPrompt.trim()) {
+    return config.systemPrompt;
+  }
   const { name, displayName, description, feishuBotName, rolePrompt } = config;
 
   const base = BASE_PROMPT(displayName, name, description, agentId, feishuBotName);
 
   const roleSection = rolePrompt
-    ? `\n\n## Your role in this team\n\n${rolePrompt}`
+    ? `\n\n## Your role in this workspace\n\n${rolePrompt}`
     : '';
 
   const skillsPrompt = buildSkillsPrompt(skills);

package/src/drivers/codex.js

@@ -4,7 +4,14 @@ import path from 'path';
 import { buildSystemPrompt as buildClaudeSystemPrompt } from './claude.js';
 import { buildSkillMcpServers } from '../mcp-config.js';
 
-function buildChatBridgeArgs(chatBridgePath, { agentId, teamId, serverUrl, authToken, workspaceDir }) {
+function buildChatBridgeArgs(chatBridgePath, {
+  agentId,
+  workspaceId,
+  serverUrl,
+  authToken,
+  workspaceDir,
+  governanceEnv = {},
+}) {
   const args = [
     chatBridgePath,
     '--agent-id', agentId,
@@ -12,7 +19,19 @@ function buildChatBridgeArgs(chatBridgePath, { agentId, teamId, serverUrl, authT
     '--auth-token', authToken,
     '--workspace-dir', workspaceDir,
   ];
-  if (teamId) args.push('--team-id', teamId);
+  if (workspaceId) args.push('--workspace-id', workspaceId);
+  if (governanceEnv.GOVERNANCE_SPAWN_BUNDLE_ID) {
+    args.push('--spawn-bundle-id', governanceEnv.GOVERNANCE_SPAWN_BUNDLE_ID);
+  }
+  if (governanceEnv.GOVERNANCE_POLICY_VERSION) {
+    args.push('--policy-version', governanceEnv.GOVERNANCE_POLICY_VERSION);
+  }
+  if (governanceEnv.GOVERNANCE_POLICY_LEASE) {
+    args.push('--policy-lease', governanceEnv.GOVERNANCE_POLICY_LEASE);
+  }
+  if (governanceEnv.GOVERNANCE_MCP_CLASSIFICATION) {
+    args.push('--mcp-classification', governanceEnv.GOVERNANCE_MCP_CLASSIFICATION);
+  }
   return args;
 }
 
@@ -47,8 +66,11 @@ function ensureGitRepo(workspaceDir) {
   });
 }
 
-export function buildCodexSystemPrompt(config, agentId) {
-  let prompt = buildClaudeSystemPrompt(config, agentId)
+export function adaptCodexSystemPrompt(sourcePrompt) {
+  const basePrompt = typeof sourcePrompt === 'string' ? sourcePrompt : '';
+  if (!basePrompt.trim()) return '';
+
+  let prompt = basePrompt
     .replaceAll('mcp__chat__', '')
     .replace(
       '3. If there is no concrete incoming message to handle, stop and wait. New messages will be delivered to you automatically via stdin.',
@@ -59,15 +81,94 @@ export function buildCodexSystemPrompt(config, agentId) {
       '5. **Complete ALL your work before stopping.** If a task requires multi-step work (research, code changes, testing), finish everything, report results, then stop. Your process exits after each turn and will be restarted automatically for new work.'
     );
 
-  prompt += '\n\nIMPORTANT: Do not wait for stdin notifications. Finish the current turn completely, then stop.';
+  const codexStopRule = 'IMPORTANT: Do not wait for stdin notifications. Finish the current turn completely, then stop.';
+  if (!prompt.includes(codexStopRule)) {
+    prompt += `\n\n${codexStopRule}`;
+  }
   return prompt;
 }
 
+export function buildCodexSystemPrompt(config, agentId) {
+  const sourcePrompt = typeof config?.systemPrompt === 'string' && config.systemPrompt.trim()
+    ? config.systemPrompt
+    : buildClaudeSystemPrompt(config, agentId);
+  return adaptCodexSystemPrompt(sourcePrompt);
+}
+
+function normalizeDirectiveMcpServers(value) {
+  if (!value || typeof value !== 'object' || Array.isArray(value)) return {};
+  const normalized = {};
+  for (const [serverKey, rawServer] of Object.entries(value)) {
+    if (!rawServer || typeof rawServer !== 'object' || Array.isArray(rawServer)) continue;
+    const command = typeof rawServer.command === 'string' ? rawServer.command.trim() : '';
+    if (!command) continue;
+    normalized[serverKey] = {
+      command,
+      args: Array.isArray(rawServer.args) ? rawServer.args.map(item => String(item)) : [],
+      env: rawServer.env && typeof rawServer.env === 'object' && !Array.isArray(rawServer.env)
+        ? Object.fromEntries(Object.entries(rawServer.env).map(([k, v]) => [k, String(v ?? '')]))
+        : {},
+      required: rawServer.required === true,
+    };
+  }
+  return normalized;
+}
+
+function buildDirectiveMcpFlags(mcpServers) {
+  const args = [];
+  for (const [serverKey, mc] of Object.entries(mcpServers)) {
+    const envPairs = Object.entries(mc.env ?? {}).map(([k, v]) => `${k}=${v ?? ''}`);
+    if (envPairs.length > 0) {
+      args.push(
+        '-c', `mcp_servers.${quote(serverKey)}.command=${quote('env')}`,
+        '-c', `mcp_servers.${quote(serverKey)}.args=${quote([...envPairs, mc.command, ...(mc.args ?? [])])}`,
+        '-c', `mcp_servers.${quote(serverKey)}.enabled=true`
+      );
+    } else {
+      args.push(
+        '-c', `mcp_servers.${quote(serverKey)}.command=${quote(mc.command)}`,
+        '-c', `mcp_servers.${quote(serverKey)}.args=${quote(mc.args ?? [])}`,
+        '-c', `mcp_servers.${quote(serverKey)}.enabled=true`
+      );
+    }
+    if (mc.required) {
+      args.push('-c', `mcp_servers.${quote(serverKey)}.required=true`);
+    }
+  }
+  return args;
+}
+
 export function buildCodexSpawn({
-  config, agentId, teamId, workspaceDir, chatBridgePath, serverUrl, machineApiKey, prompt, skills, credentialGrants,
+  config, agentId, workspaceId, workspaceDir, chatBridgePath, serverUrl, machineApiKey, prompt, skills, credentialGrants, directive = null,
 }) {
   ensureGitRepo(workspaceDir);
 
+  if (directive && typeof directive === 'object') {
+    const baseArgs = Array.isArray(directive.spawn_args) && directive.spawn_args.length > 0
+      ? directive.spawn_args.map(item => String(item))
+      : ['exec', '--dangerously-bypass-approvals-and-sandbox', '--json'];
+    const promptText = (typeof directive.system_prompt === 'string' && directive.system_prompt.trim())
+      ? directive.system_prompt
+      : (prompt || buildCodexSystemPrompt(config, agentId));
+    const mcpServers = normalizeDirectiveMcpServers(directive.mcp_servers);
+    if (!baseArgs.some(arg => String(arg).includes('mcp_servers.')) && Object.keys(mcpServers).length > 0) {
+      baseArgs.push(...buildDirectiveMcpFlags(mcpServers));
+    }
+    const args = baseArgs.map(arg => String(arg).replaceAll('__SYSTEM_PROMPT__', promptText));
+    const hasPromptPlaceholder = baseArgs.some(arg => String(arg).includes('__SYSTEM_PROMPT__'));
+    if (!hasPromptPlaceholder) {
+      args.push(promptText);
+    }
+    const env = {
+      ...process.env,
+      FORCE_COLOR: '0',
+      NO_COLOR: '1',
+      ...(config.envVars ?? {}),
+      ...(directive.env_vars ?? {}),
+    };
+    return { args, env };
+  }
+
   const args = ['exec'];
   if (config.sessionId) {
     args.push('resume', config.sessionId);
@@ -75,10 +176,11 @@ export function buildCodexSpawn({
 
   const bridgeArgs = buildChatBridgeArgs(chatBridgePath, {
     agentId,
-    teamId,
+    workspaceId,
     serverUrl,
     authToken: config.authToken || machineApiKey,
     workspaceDir,
+    governanceEnv: config.envVars ?? {},
   });
 
   args.push(
@@ -97,7 +199,7 @@ export function buildCodexSpawn({
     credentialGrants,
     config,
     agentId,
-    teamId,
+    workspaceId,
     workspaceDir,
     serverUrl,
     authToken: config.authToken || machineApiKey,

package/src/drivers/kimi.js

@@ -9,11 +9,30 @@ const KIMI_SYSTEM_PROMPT_FILE = '.lightcone-kimi-system.md';
 const KIMI_AGENT_FILE = '.lightcone-kimi-agent.yaml';
 const KIMI_MCP_FILE = '.lightcone-kimi-mcp.json';
 
+function normalizeDirectiveMcpServers(value) {
+  if (!value || typeof value !== 'object' || Array.isArray(value)) return {};
+  const normalized = {};
+  for (const [serverKey, rawServer] of Object.entries(value)) {
+    if (!rawServer || typeof rawServer !== 'object' || Array.isArray(rawServer)) continue;
+    const command = typeof rawServer.command === 'string' ? rawServer.command.trim() : '';
+    if (!command) continue;
+    normalized[serverKey] = {
+      command,
+      args: Array.isArray(rawServer.args) ? rawServer.args.map(item => String(item)) : [],
+      env: rawServer.env && typeof rawServer.env === 'object' && !Array.isArray(rawServer.env)
+        ? Object.fromEntries(Object.entries(rawServer.env).map(([k, v]) => [k, String(v ?? '')]))
+        : {},
+      required: rawServer.required === true,
+    };
+  }
+  return normalized;
+}
+
 /**
  * Build Kimi CLI spawn args and config files.
  * Returns { args, env, setupFiles() } ready for spawn('kimi', args, { env }).
  */
-export function buildKimiSpawn({ config, agentId, teamId, workspaceDir, chatBridgePath, serverUrl, machineApiKey, skills, credentialGrants }) {
+export function buildKimiSpawn({ config, agentId, workspaceId, workspaceDir, chatBridgePath, serverUrl, machineApiKey, skills, credentialGrants, directive = null }) {
   const isResume = !!config.sessionId;
   const sessionId = config.sessionId || randomUUID();
 
@@ -22,7 +41,11 @@ export function buildKimiSpawn({ config, agentId, teamId, workspaceDir, chatBrid
   const mcpConfigPath = path.join(workspaceDir, KIMI_MCP_FILE);
 
   // Build system prompt (reuse claude's prompt builder)
-  const prompt = buildClaudeSystemPrompt(config, agentId);
+  const prompt = (directive && typeof directive.system_prompt === 'string' && directive.system_prompt.trim())
+    ? directive.system_prompt
+    : (typeof config?.systemPrompt === 'string' && config.systemPrompt.trim())
+      ? config.systemPrompt
+    : buildClaudeSystemPrompt(config, agentId);
 
   // Write system prompt file (skip if resuming and file exists)
   if (!isResume || !existsSync(systemPromptPath)) {
@@ -39,47 +62,69 @@ export function buildKimiSpawn({ config, agentId, teamId, workspaceDir, chatBrid
   ].join('\n'), 'utf8');
 
   // Build MCP config
-  const mcpServers = {
-    chat: {
-      command: 'node',
-      args: [chatBridgePath],
-      env: {
-        SERVER_URL: serverUrl,
-        MACHINE_API_KEY: config.authToken,
-        AGENT_ID: agentId,
-        TEAM_ID: teamId ?? '',
-        WORKSPACE_DIR: workspaceDir,
+  let mcpServers = normalizeDirectiveMcpServers(directive?.mcp_servers);
+  if (Object.keys(mcpServers).length === 0) {
+    mcpServers = {
+      chat: {
+        command: 'node',
+        args: [chatBridgePath],
+        env: {
+          SERVER_URL: serverUrl,
+          MACHINE_API_KEY: config.authToken || machineApiKey,
+          AGENT_ID: agentId,
+          WORKSPACE_ID: workspaceId ?? '',
+          WORKSPACE_DIR: workspaceDir,
+          GOVERNANCE_SPAWN_BUNDLE_ID: config.envVars?.GOVERNANCE_SPAWN_BUNDLE_ID ?? '',
+          GOVERNANCE_POLICY_VERSION: config.envVars?.GOVERNANCE_POLICY_VERSION ?? '',
+          GOVERNANCE_POLICY_LEASE: config.envVars?.GOVERNANCE_POLICY_LEASE ?? '',
+          GOVERNANCE_MCP_CLASSIFICATION: config.envVars?.GOVERNANCE_MCP_CLASSIFICATION ?? '',
+        },
       },
-    },
-  };
-
-  Object.assign(mcpServers, buildSkillMcpServers({
-    skills,
-    credentialGrants,
-    config,
-    agentId,
-    teamId,
-    workspaceDir,
-    serverUrl,
-    authToken: config.authToken || machineApiKey,
-  }));
+    };
+
+    Object.assign(mcpServers, buildSkillMcpServers({
+      skills,
+      credentialGrants,
+      config,
+      agentId,
+      workspaceId,
+      workspaceDir,
+      serverUrl,
+      authToken: config.authToken || machineApiKey,
+    }));
+  }
 
   writeFileSync(mcpConfigPath, JSON.stringify({ mcpServers }), 'utf8');
 
   // Build CLI args
-  const args = [
-    '--wire',
-    '--yolo',
-    '--agent-file', agentFilePath,
-    '--mcp-config-file', mcpConfigPath,
-    '--session', sessionId,
-  ];
-
-  if (config.model && config.model !== 'default') {
+  const args = Array.isArray(directive?.spawn_args) && directive.spawn_args.length > 0
+    ? directive.spawn_args.map(item => String(item))
+    : [
+        '--wire',
+        '--yolo',
+      ];
+
+  if (!args.includes('--agent-file')) {
+    args.push('--agent-file', agentFilePath);
+  }
+  if (!args.includes('--mcp-config-file')) {
+    args.push('--mcp-config-file', mcpConfigPath);
+  }
+  if (!args.includes('--session')) {
+    args.push('--session', sessionId);
+  }
+
+  if (!directive && config.model && config.model !== 'default') {
     args.push('--model', config.model);
   }
 
-  const spawnEnv = { ...process.env, FORCE_COLOR: '0', NO_COLOR: '1', ...(config.envVars ?? {}) };
+  const spawnEnv = {
+    ...process.env,
+    FORCE_COLOR: '0',
+    NO_COLOR: '1',
+    ...(config.envVars ?? {}),
+    ...(directive?.env_vars ?? {}),
+  };
 
   return { args, env: spawnEnv, sessionId, isResume, prompt };
 }

package/src/governance-state.js

@@ -0,0 +1,89 @@
+import { mkdirSync, readFileSync, writeFileSync } from 'fs';
+import { homedir } from 'os';
+import path from 'path';
+
+const STATE_DIR = path.join(homedir(), '.lightcone', 'governance');
+const DEFAULT_STATE_FILE = path.join(STATE_DIR, 'state.json');
+const MAX_RETENTION_MS = 24 * 60 * 60 * 1000;
+
+function stateFilePath() {
+  return process.env.GOVERNANCE_STATE_FILE || DEFAULT_STATE_FILE;
+}
+
+function emptyState() {
+  return {
+    invalidated_leases: {},
+    updated_at: new Date().toISOString(),
+  };
+}
+
+function readState() {
+  try {
+    const parsed = JSON.parse(readFileSync(stateFilePath(), 'utf8'));
+    if (!parsed || typeof parsed !== 'object') return emptyState();
+    return {
+      invalidated_leases: parsed.invalidated_leases && typeof parsed.invalidated_leases === 'object'
+        ? parsed.invalidated_leases
+        : {},
+      updated_at: parsed.updated_at ?? new Date().toISOString(),
+    };
+  } catch {
+    return emptyState();
+  }
+}
+
+function writeState(nextState) {
+  mkdirSync(path.dirname(stateFilePath()), { recursive: true });
+  writeFileSync(stateFilePath(), JSON.stringify(nextState, null, 2), 'utf8');
+}
+
+function pruneExpired(state, nowMs = Date.now()) {
+  const trimmed = { ...state.invalidated_leases };
+  for (const [leaseId, payload] of Object.entries(trimmed)) {
+    const invalidatedAt = Date.parse(payload?.invalidated_at ?? '');
+    if (!Number.isFinite(invalidatedAt) || (nowMs - invalidatedAt) > MAX_RETENTION_MS) {
+      delete trimmed[leaseId];
+    }
+  }
+  return {
+    invalidated_leases: trimmed,
+    updated_at: new Date(nowMs).toISOString(),
+  };
+}
+
+export function markInvalidatedLeases(leaseIds, {
+  reason = 'policy_updated',
+  newPolicyHash = null,
+} = {}) {
+  const ids = Array.isArray(leaseIds) ? leaseIds.filter(Boolean) : [];
+  if (ids.length === 0) return 0;
+  const now = new Date().toISOString();
+  const current = pruneExpired(readState());
+  for (const leaseId of ids) {
+    current.invalidated_leases[leaseId] = {
+      reason,
+      new_policy_hash: newPolicyHash,
+      invalidated_at: now,
+    };
+  }
+  current.updated_at = now;
+  writeState(current);
+  return ids.length;
+}
+
+export const markLeasesInvalidated = markInvalidatedLeases;
+
+export function isLeaseInvalidated(leaseId) {
+  if (!leaseId) return false;
+  const current = pruneExpired(readState());
+  return Boolean(current.invalidated_leases[leaseId]);
+}
+
+export function clearInvalidatedLease(leaseId) {
+  if (!leaseId) return;
+  const current = pruneExpired(readState());
+  if (!current.invalidated_leases[leaseId]) return;
+  delete current.invalidated_leases[leaseId];
+  current.updated_at = new Date().toISOString();
+  writeState(current);
+}