@teamclaws/teamclaw 2026.3.21

package/src/identity.ts

@@ -0,0 +1,149 @@
+import os from "node:os";
+import type { PluginLogger } from "../api.js";
+import type { PluginConfig, WorkerIdentity } from "./types.js";
+import { generateId, createRegistrationRequest } from "./protocol.js";
+import { getRole } from "./roles.js";
+import { loadWorkerIdentity, saveWorkerIdentity, clearWorkerIdentity } from "./state.js";
+import { MDnsBrowser } from "./discovery.js";
+
+function getLocalIp(targetHost?: string): string {
+  if (!targetHost || targetHost === "localhost" || targetHost === "127.0.0.1") {
+    return "localhost";
+  }
+
+  const interfaces = os.networkInterfaces();
+  for (const name of Object.keys(interfaces)) {
+    const addrs = interfaces[name];
+    if (!addrs) continue;
+    for (const addr of addrs) {
+      if (addr.family === "IPv4" && !addr.internal) {
+        return addr.address;
+      }
+    }
+  }
+
+  return "localhost";
+}
+
+export class IdentityManager {
+  private config: PluginConfig;
+  private logger: PluginLogger;
+  private identity: WorkerIdentity | null = null;
+  private browser: MDnsBrowser;
+
+  constructor(config: PluginConfig, logger: PluginLogger) {
+    this.config = config;
+    this.logger = logger;
+    this.browser = new MDnsBrowser(logger);
+  }
+
+  hasIdentity(): boolean {
+    return this.identity !== null;
+  }
+
+  getIdentity(): WorkerIdentity | null {
+    return this.identity;
+  }
+
+  async discoverControllerUrl(): Promise<string | null> {
+    if (this.config.controllerUrl) {
+      return this.config.controllerUrl;
+    }
+
+    const results = await this.browser.browse(this.config.teamName, 5000);
+    if (results.length > 0) {
+      const controller = results[0]!;
+      return `http://${controller.host}:${controller.port}`;
+    }
+
+    return null;
+  }
+
+  async register(): Promise<WorkerIdentity | null> {
+    const requestedWorkerId = process.env.TEAMCLAW_WORKER_ID?.trim() || undefined;
+    const launchToken = process.env.TEAMCLAW_LAUNCH_TOKEN?.trim() || undefined;
+
+    const existing = await loadWorkerIdentity();
+    if (existing) {
+      if (requestedWorkerId && existing.workerId !== requestedWorkerId) {
+        await clearWorkerIdentity();
+      } else {
+        this.identity = existing;
+        this.logger.info(`Identity: restored existing identity (workerId=${existing.workerId})`);
+        return existing;
+      }
+    }
+
+    const restored = await loadWorkerIdentity();
+    if (restored) {
+      this.identity = restored;
+      this.logger.info(`Identity: restored existing identity (workerId=${restored.workerId})`);
+      return restored;
+    }
+
+    const controllerUrl = await this.discoverControllerUrl();
+    if (!controllerUrl) {
+      this.logger.warn("Identity: no controller found via mDNS or manual URL");
+      return null;
+    }
+
+    const roleDef = getRole(this.config.role);
+    const workerId = requestedWorkerId ?? generateId();
+    const localIp = getLocalIp(new URL(controllerUrl).hostname);
+    const workerUrl = `http://${localIp}:${this.config.port}`;
+
+    const registration = createRegistrationRequest(
+      workerId,
+      this.config.role,
+      roleDef?.label ?? this.config.role,
+      workerUrl,
+      roleDef?.capabilities ?? [],
+      launchToken,
+    );
+
+    try {
+      const res = await fetch(`${controllerUrl}/api/v1/workers/register`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(registration),
+      });
+
+      if (!res.ok) {
+        const text = await res.text();
+        this.logger.error(`Identity: registration failed (${res.status}): ${text}`);
+        return null;
+      }
+
+      const identity: WorkerIdentity = {
+        workerId,
+        role: this.config.role,
+        controllerUrl,
+        registeredAt: Date.now(),
+      };
+
+      this.identity = identity;
+      await saveWorkerIdentity(identity);
+      this.logger.info(`Identity: registered as ${this.config.role} (workerId=${workerId}) at ${controllerUrl}`);
+      return identity;
+    } catch (err) {
+      this.logger.error(`Identity: registration error: ${err instanceof Error ? err.message : String(err)}`);
+      return null;
+    }
+  }
+
+  async clear(): Promise<void> {
+    if (this.identity) {
+      try {
+        await fetch(`${this.identity.controllerUrl}/api/v1/workers/${this.identity.workerId}`, {
+          method: "DELETE",
+        });
+      } catch {
+        // ignore
+      }
+    }
+
+    this.identity = null;
+    await clearWorkerIdentity();
+    this.logger.info("Identity: cleared");
+  }
+}

package/src/openclaw-workspace.ts

@@ -0,0 +1,101 @@
+import os from "node:os";
+import path from "node:path";
+import fs from "node:fs/promises";
+import type { PluginLogger } from "../api.js";
+
+const DEFAULT_AGENTS_MD = `# AGENTS.md
+
+This workspace is shared by TeamClaw controller and workers.
+
+Rules:
+- Treat task-provided file paths as hints; verify they exist before reading or editing.
+- Use the shared \`memory/\` directory for lightweight notes when useful.
+- Report meaningful progress during longer tasks.
+- If requirements or environment details are missing and work cannot continue safely, request clarification instead of guessing.
+`;
+
+const DEFAULT_BOOTSTRAP_MD = `# BOOTSTRAP.md
+
+This is a TeamClaw workspace bootstrap file.
+
+If the project files you expect are missing:
+1. Search the workspace before assuming the path is correct.
+2. Call out missing artifacts explicitly.
+3. Ask for clarification when the missing artifact blocks the task.
+`;
+
+const DEFAULT_HEARTBEAT_MD = `# HEARTBEAT.md
+
+# Keep this file empty (or with only comments) to skip heartbeat API calls.
+`;
+
+export function resolveDefaultOpenClawHomeDir(
+  env: NodeJS.ProcessEnv = process.env,
+  homedir: () => string = os.homedir,
+): string {
+  const baseHome = env.OPENCLAW_HOME?.trim() || env.HOME?.trim() || homedir();
+  return path.resolve(baseHome);
+}
+
+export function resolveDefaultOpenClawStateDir(
+  env: NodeJS.ProcessEnv = process.env,
+  homedir: () => string = os.homedir,
+): string {
+  const stateDirOverride = env.OPENCLAW_STATE_DIR?.trim();
+  if (stateDirOverride) {
+    return path.resolve(stateDirOverride);
+  }
+
+  return path.join(resolveDefaultOpenClawHomeDir(env, homedir), ".openclaw");
+}
+
+export function resolveDefaultOpenClawConfigPath(
+  env: NodeJS.ProcessEnv = process.env,
+  homedir: () => string = os.homedir,
+): string {
+  const configPathOverride = env.OPENCLAW_CONFIG_PATH?.trim();
+  if (configPathOverride) {
+    return path.resolve(configPathOverride);
+  }
+
+  return path.join(resolveDefaultOpenClawStateDir(env, homedir), "openclaw.json");
+}
+
+export function resolveDefaultOpenClawWorkspaceDir(
+  env: NodeJS.ProcessEnv = process.env,
+  homedir: () => string = os.homedir,
+): string {
+  const stateDir = resolveDefaultOpenClawStateDir(env, homedir);
+  const profile = env.OPENCLAW_PROFILE?.trim();
+  if (profile && profile.toLowerCase() !== "default") {
+    return path.join(stateDir, `workspace-${profile}`);
+  }
+  return path.join(stateDir, "workspace");
+}
+
+export async function ensureOpenClawWorkspaceMemoryDir(logger: PluginLogger): Promise<string> {
+  const workspaceDir = resolveDefaultOpenClawWorkspaceDir();
+  const memoryDir = path.join(workspaceDir, "memory");
+  try {
+    await fs.mkdir(workspaceDir, { recursive: true });
+    await fs.mkdir(memoryDir, { recursive: true });
+    await ensureFileIfMissing(path.join(workspaceDir, "AGENTS.md"), DEFAULT_AGENTS_MD);
+    await ensureFileIfMissing(path.join(workspaceDir, "BOOTSTRAP.md"), DEFAULT_BOOTSTRAP_MD);
+    await ensureFileIfMissing(path.join(workspaceDir, "HEARTBEAT.md"), DEFAULT_HEARTBEAT_MD);
+  } catch (err) {
+    logger.warn(
+      `TeamClaw: failed to ensure OpenClaw workspace memory dir at ${memoryDir}: ${
+        err instanceof Error ? err.message : String(err)
+      }`,
+    );
+  }
+  return memoryDir;
+}
+
+async function ensureFileIfMissing(filePath: string, content: string): Promise<void> {
+  try {
+    await fs.access(filePath);
+  } catch {
+    await fs.writeFile(filePath, content, "utf8");
+  }
+}

package/src/protocol.ts

@@ -0,0 +1,88 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+import type { HeartbeatPayload, RegistrationRequest, RoleId } from "./types.js";
+
+export const MDNS_TYPE = "_teamclaw._tcp";
+export const DEFAULT_PORT = 9527;
+export const HEARTBEAT_MS = 10000;
+export const WORKER_TIMEOUT_MS = 30000;
+export const API_PREFIX = "/api/v1";
+
+function generateId(): string {
+  const ts = Date.now().toString(36);
+  const rand = Math.random().toString(36).slice(2, 8);
+  return `${ts}-${rand}`;
+}
+
+async function parseJsonBody(req: IncomingMessage): Promise<Record<string, unknown>> {
+  const raw = await readRequestBody(req);
+  if (!raw.length) {
+    return {};
+  }
+
+  try {
+    return JSON.parse(raw.toString("utf8")) as Record<string, unknown>;
+  } catch (err) {
+    throw new Error(`Invalid JSON body: ${err instanceof Error ? err.message : String(err)}`);
+  }
+}
+
+async function readRequestBody(req: IncomingMessage): Promise<Buffer> {
+  return new Promise((resolve, reject) => {
+    const chunks: Buffer[] = [];
+    req.on("data", (chunk: Buffer) => chunks.push(chunk));
+    req.on("end", () => {
+      resolve(Buffer.concat(chunks));
+    });
+    req.on("error", reject);
+  });
+}
+
+function sendJson(res: ServerResponse, status: number, data: unknown): void {
+  const body = JSON.stringify(data);
+  res.writeHead(status, {
+    "Content-Type": "application/json",
+    "Content-Length": Buffer.byteLength(body),
+    "Access-Control-Allow-Origin": "*",
+    "Access-Control-Allow-Methods": "GET, POST, PATCH, DELETE, OPTIONS",
+    "Access-Control-Allow-Headers": "Content-Type",
+  });
+  res.end(body);
+}
+
+function sendError(res: ServerResponse, status: number, message: string): void {
+  sendJson(res, status, { error: message });
+}
+
+function createRegistrationRequest(
+  workerId: string,
+  role: RoleId,
+  label: string,
+  url: string,
+  capabilities: string[],
+  launchToken?: string,
+): RegistrationRequest {
+  return { workerId, role, label, url, capabilities, launchToken };
+}
+
+function createHeartbeatPayload(
+  workerId: string,
+  status: HeartbeatPayload["status"],
+  currentTaskId?: string,
+): HeartbeatPayload {
+  return {
+    workerId,
+    status,
+    currentTaskId,
+    timestamp: Date.now(),
+  };
+}
+
+export {
+  generateId,
+  parseJsonBody,
+  readRequestBody,
+  sendJson,
+  sendError,
+  createRegistrationRequest,
+  createHeartbeatPayload,
+};

package/src/roles.ts

@@ -0,0 +1,275 @@
+import type { RoleDefinition, RoleId } from "./types.js";
+
+const ROLES: RoleDefinition[] = [
+  {
+    id: "pm",
+    label: "Product Manager",
+    icon: "\uD83D\uDCCB",
+    description: "Product planning, requirements analysis, user stories",
+    capabilities: [
+      "requirements-analysis", "user-stories", "product-specification",
+      "priority-planning", "stakeholder-communication",
+    ],
+    systemPrompt: [
+      "You are a Product Manager in a virtual software team.",
+      "Your responsibilities include analyzing requirements, writing user stories,",
+      "defining product specifications, and prioritizing features.",
+      "When receiving tasks, turn them into clear requirements and acceptance criteria inside your deliverable.",
+      "Always consider user impact and business value.",
+    ].join("\n"),
+    suggestedNextRoles: ["architect", "designer"],
+  },
+  {
+    id: "architect",
+    label: "Software Architect",
+    icon: "\uD83D\uDEE0\uFE0F",
+    description: "System design, technical architecture, API design",
+    capabilities: [
+      "system-design", "api-design", "database-schema",
+      "technology-selection", "code-review-architecture",
+    ],
+    systemPrompt: [
+      "You are a Software Architect in a virtual software team.",
+      "Your responsibilities include system design, API design, database schema design,",
+      "and technology selection.",
+      "When receiving tasks, provide detailed technical designs with clear component boundaries.",
+      "Consider scalability, maintainability, and performance.",
+    ].join("\n"),
+    suggestedNextRoles: ["developer", "devops"],
+  },
+  {
+    id: "developer",
+    label: "Developer",
+    icon: "\uD83D\uDCBB",
+    description: "Code implementation, bug fixes, feature development",
+    capabilities: [
+      "coding", "debugging", "feature-implementation",
+      "code-refactoring", "unit-testing",
+    ],
+    systemPrompt: [
+      "You are a Developer in a virtual software team.",
+      "Your responsibilities include implementing features, fixing bugs, refactoring code,",
+      "and writing unit tests.",
+      "Follow the architecture and design specifications provided by the architect.",
+      "Write clean, maintainable code with proper error handling.",
+    ].join("\n"),
+    suggestedNextRoles: ["qa", "developer"],
+  },
+  {
+    id: "qa",
+    label: "QA Engineer",
+    icon: "\uD83D\uDD0D",
+    description: "Testing, quality assurance, bug reporting",
+    capabilities: [
+      "test-planning", "test-case-writing", "bug-reporting",
+      "regression-testing", "quality-assurance",
+    ],
+    systemPrompt: [
+      "You are a QA Engineer in a virtual software team.",
+      "Your responsibilities include test planning, writing test cases, reporting bugs,",
+      "and ensuring quality standards.",
+      "When reviewing work, check for edge cases, error handling, and adherence to specifications.",
+      "Provide detailed, reproducible bug reports.",
+    ].join("\n"),
+    suggestedNextRoles: ["developer", "release-engineer"],
+  },
+  {
+    id: "release-engineer",
+    label: "Release Engineer",
+    icon: "\uD83D\uDE82",
+    description: "Release management, deployment, version control",
+    capabilities: [
+      "release-management", "deployment", "version-control",
+      "ci-cd-pipeline", "release-notes",
+    ],
+    systemPrompt: [
+      "You are a Release Engineer in a virtual software team.",
+      "Your responsibilities include managing releases, deployment pipelines,",
+      "version control, and writing release notes.",
+      "Ensure smooth and reliable deployments with proper rollback strategies.",
+    ].join("\n"),
+    suggestedNextRoles: ["devops", "developer"],
+  },
+  {
+    id: "infra-engineer",
+    label: "Infrastructure Engineer",
+    icon: "\uD83D\uDEE2\uFE0F",
+    description: "Cloud infrastructure, networking, storage, compute resources",
+    capabilities: [
+      "cloud-infrastructure", "networking", "load-balancing",
+      "storage-design", "compute-provisioning", "cost-optimization",
+      "disaster-recovery", "capacity-planning", "iac-terraform",
+    ],
+    systemPrompt: [
+      "You are an Infrastructure Engineer in a virtual software team.",
+      "Your core responsibilities include designing, provisioning, and maintaining cloud infrastructure.",
+      "",
+      "Scope of expertise:",
+      "- Cloud platforms: AWS, Azure, GCP, and hybrid/multi-cloud architectures",
+      "- Networking: VPC/VNet design, DNS, CDN, VPN, firewall rules, subnets, NAT gateways",
+      "- Compute: VMs, containers, serverless (Lambda/Cloud Functions), auto-scaling groups",
+      "- Storage: block storage, object storage (S3/Blob), databases, caching layers (Redis/Memcached)",
+      "- Infrastructure as Code: Terraform, CloudFormation, Pulumi for reproducible environments",
+      "- High availability: multi-AZ, multi-region, failover strategies, RPO/RTO targets",
+      "- Cost management: right-sizing resources, reserved instances, spot/preemptible instances, tagging policies",
+      "",
+      "When receiving tasks:",
+      "1. Always produce concrete, actionable infrastructure specifications (not vague guidance).",
+      "2. Include resource estimates, topology diagrams (in ASCII/mermaid if helpful), and configuration snippets.",
+      "3. Consider cost implications and recommend the most cost-effective approach that meets requirements.",
+      "4. Design for failure: assume any component can fail at any time.",
+       "5. Follow the principle of least privilege for all IAM roles and access policies.",
+       "6. Ensure infrastructure is reproducible and version-controlled via IaC.",
+       "7. Collaborate closely with DevOps on CI/CD integration and with Security on compliance requirements.",
+       "8. Prefer open-source/free infrastructure building blocks first when they satisfy the requirement.",
+       "9. If the required infrastructure, credentials, or provisioning path are unavailable in the current environment, explicitly report the blocker and request clarification instead of inventing a nonexistent system.",
+       "",
+       "Output format: Provide structured specifications with clear sections for architecture, resources, networking, security boundaries, and cost estimates.",
+     ].join("\n"),
+    suggestedNextRoles: ["devops", "security-engineer", "architect"],
+  },
+  {
+    id: "devops",
+    label: "DevOps Engineer",
+    icon: "\u2699\uFE0F",
+    description: "Infrastructure, CI/CD, monitoring, deployment",
+    capabilities: [
+      "infrastructure", "ci-cd", "monitoring",
+      "docker-kubernetes", "automation",
+    ],
+     systemPrompt: [
+       "You are a DevOps Engineer in a virtual software team.",
+       "Your responsibilities include infrastructure management, CI/CD pipelines,",
+       "monitoring, and automation.",
+       "Ensure reliable and scalable infrastructure with proper monitoring.",
+       "Prefer open-source/free tooling first when it can satisfy the task.",
+       "If the environment does not expose the required provisioning access, credentials, or runtime tools, stop and request clarification instead of pretending the deployment exists.",
+     ].join("\n"),
+     suggestedNextRoles: ["developer", "release-engineer"],
+   },
+  {
+    id: "security-engineer",
+    label: "Security Engineer",
+    icon: "\uD83D\uDD12",
+    description: "Application security, threat modeling, compliance, vulnerability assessment",
+    capabilities: [
+      "threat-modeling", "vulnerability-assessment", "security-architecture",
+      "penetration-testing", "compliance-audit", "incident-response",
+      "code-security-review", "secrets-management", "auth-design",
+      "data-protection",
+    ],
+    systemPrompt: [
+      "You are a Security Engineer in a virtual software team.",
+      "Your core responsibility is ensuring the security posture of all software, infrastructure, and data.",
+      "",
+      "Scope of expertise:",
+      "- Application Security: OWASP Top 10 prevention, input validation, output encoding, authentication/authorization flaws, injection attacks (SQLi, XSS, SSRF, deserialization)",
+      "- Authentication & Authorization: JWT/OAuth2/OIDC design, RBAC/ABAC models, session management, MFA, password policies, token lifecycle",
+      "- API Security: rate limiting, input sanitization, CORS policies, API key management, request signing, response filtering",
+      "- Infrastructure Security: network segmentation, WAF rules, TLS configuration, container security, secrets rotation, least-privilege IAM",
+      "- Data Protection: encryption at rest and in transit, PII handling, data classification, GDPR/PCI-D959/SoX compliance, key management",
+      "- Threat Modeling: STRIDE/DREAD analysis, attack tree construction, risk assessment matrices, trust boundary definition",
+      "- Incident Response: detection strategies, containment procedures, forensic analysis, post-mortem reporting, vulnerability disclosure",
+      "",
+      "When receiving tasks:",
+      "1. Always think like an attacker first. Identify the threat surface before proposing mitigations.",
+      "2. Provide specific, actionable recommendations with code examples or configuration snippets.",
+      "3. Classify findings by severity (Critical / High / Medium / Low / Informational) using CVSS or a similar framework.",
+      "4. Consider the full attack chain, not just individual vulnerabilities in isolation.",
+      "5. Balance security with usability — reject only when risk genuinely outweighs convenience.",
+      "6. Reference established standards: OWASP ASVS, NIST CSF, CIS Benchmarks, ISO 27001.",
+      "7. For code reviews, check for: injection, broken authentication, sensitive data exposure, XML external entities, broken access control, security misconfiguration, XSS, insecure deserialization, using components with known vulnerabilities, insufficient logging.",
+      "",
+      "Output format: Provide structured findings with severity, description, impact analysis, remediation steps, and verification methods.",
+    ].join("\n"),
+    suggestedNextRoles: ["developer", "architect", "infra-engineer"],
+  },
+  {
+    id: "designer",
+    label: "UI/UX Designer",
+    icon: "\uD83C\uDFA8",
+    description: "User interface design, UX research, wireframing",
+    capabilities: [
+      "ui-design", "ux-research", "wireframing",
+      "prototyping", "design-systems",
+    ],
+    systemPrompt: [
+      "You are a UI/UX Designer in a virtual software team.",
+      "Your responsibilities include user interface design, UX research,",
+      "wireframing, and maintaining design systems.",
+      "Focus on user experience, accessibility, and visual consistency.",
+    ].join("\n"),
+    suggestedNextRoles: ["developer", "pm"],
+  },
+  {
+    id: "marketing",
+    label: "Marketing Specialist",
+    icon: "\uD83D\uDCE3\uFE0F",
+    description: "Product marketing, content, launch strategy",
+    capabilities: [
+      "product-marketing", "content-creation",
+      "launch-strategy", "user-acquisition", "analytics",
+    ],
+    systemPrompt: [
+      "You are a Marketing Specialist in a virtual software team.",
+      "Your responsibilities include product marketing, content creation,",
+      "launch strategy, and user analytics.",
+      "Focus on user acquisition, engagement, and product positioning.",
+    ].join("\n"),
+    suggestedNextRoles: ["pm", "designer"],
+  },
+];
+
+const TEAMCLAW_ROLE_IDS_TEXT = [
+  "pm",
+  "architect",
+  "developer",
+  "qa",
+  "release-engineer",
+  "infra-engineer",
+  "devops",
+  "security-engineer",
+  "designer",
+  "marketing",
+].join(", ");
+
+for (const role of ROLES) {
+  const suggestedRoles = role.suggestedNextRoles.length > 0 ? role.suggestedNextRoles.join(", ") : "none";
+  role.systemPrompt = [
+    role.systemPrompt,
+    "",
+     "## TeamClaw Operating Rules",
+     "- You are a team member, not the controller. Complete the current task yourself.",
+     "- Stay within your assigned role. Do not switch roles unless the task explicitly asks for cross-role analysis.",
+     "- Do not create new tasks, parallel workstreams, or extra backlog items on your own.",
+     "- Do not delegate the core work of your current task to another role.",
+     "- Respect the requested deliverable shape: if the task asks for a brief, plan, matrix, review, or design artifact, do that artifact instead of expanding it into full implementation work.",
+     "- If required information or a product/technical decision is missing, request clarification instead of guessing.",
+     "- Prefer open-source/free tools and services when they can satisfy the task.",
+     "- If required infrastructure, credentials, or tool access are unavailable in the current environment, report the blocker and request clarification instead of inventing a result.",
+     "- Treat file paths from plans, docs, and teammate messages as hints, not facts. Verify that a referenced file exists in the current workspace before reading or editing it; if it does not, search for the nearest real file and explicitly note the path drift.",
+     "- Treat other workers' OpenClaw sessions and session keys as unavailable; use the shared workspace, the current task context, and teammate messages instead of trying cross-session inspection.",
+     "- Do not mark a task completed or failed via progress updates. Finish by returning the deliverable or raising the blocking error so TeamClaw can close the task correctly.",
+     "- If only a commercial or proprietary option would unblock the task, ask the human for approval before assuming it is allowed.",
+     "- If follow-up work is needed, mention it in your result or use handoff/review tools for this current task only.",
+     `- Use exact TeamClaw role IDs when collaborating: ${TEAMCLAW_ROLE_IDS_TEXT}.`,
+     `- If a true follow-up is required after your deliverable, prefer these exact next roles: ${suggestedRoles}.`,
+    ].join("\n");
+}
+
+const ROLE_MAP = new Map<string, RoleDefinition>(ROLES.map((r) => [r.id, r]));
+const ROLE_IDS: RoleId[] = ROLES.map((r) => r.id);
+
+function getRole(id: RoleId): RoleDefinition | undefined {
+  return ROLE_MAP.get(id);
+}
+
+function buildRolePrompt(role: RoleDefinition, teamContext?: string): string {
+  const parts = [role.systemPrompt];
+  if (teamContext) {
+    parts.push(`\nTeam Context:\n${teamContext}`);
+  }
+  return parts.join("\n");
+}
+
+export { ROLES, ROLE_IDS, getRole, buildRolePrompt };