@wipcomputer/wip-ldm-os 0.4.73-alpha.30 → 0.4.73-alpha.32

package/lib/deploy.mjs

@@ -558,6 +558,55 @@ function updateToolsAllow(pluginName) {
   }
 }
 
+/**
+ * Reconcile tools.allow against plugins.entries in ~/.openclaw/openclaw.json.
+ *
+ * In OpenClaw 2026.4.8+, any plugin registered in plugins.entries but missing
+ * from tools.allow is silently blocked at runtime. Each blocked tool call
+ * spawns a root-key approval prompt to the user, flooding iMessage with
+ * approve-ids. This was observed on 2026-04-11 for model-provider plugins
+ * (anthropic, openai, xai) and imessage, which were enabled in plugins.entries
+ * but never added to tools.allow, because the per-plugin updateToolsAllow path
+ * only runs during new plugin deploys and the alpha.27/28 ReferenceError had
+ * silently dropped those entries anyway.
+ *
+ * This function is the self-healing step: at install time, walk plugins.entries,
+ * find any enabled plugin whose name is not already in tools.allow, and add it.
+ * Idempotent. Disabled plugins are skipped. Runs at both ends of installFromPath
+ * so a single `ldm install` repairs existing broken state without requiring a
+ * new plugin deploy.
+ *
+ * Background:
+ *   ai/product/bugs/code-fka-devopstoolkit/2026-04-11--cc-mini--update-tools-allow-reference-error.md
+ *
+ * This function MUST remain at module top level, same as updateToolsAllow.
+ */
+function reconcileToolsAllow() {
+  const ocConfigPath = join(OC_ROOT, 'openclaw.json');
+  if (!existsSync(ocConfigPath)) return;
+  try {
+    const raw = readFileSync(ocConfigPath, 'utf8');
+    const config = JSON.parse(raw);
+    if (!config.plugins?.entries || typeof config.plugins.entries !== 'object') return;
+    if (!config.tools?.allow || !Array.isArray(config.tools.allow)) return;
+
+    const enabledPlugins = Object.entries(config.plugins.entries)
+      .filter(([, entry]) => entry && entry.enabled !== false)
+      .map(([name]) => name);
+
+    const allow = config.tools.allow;
+    const missing = enabledPlugins.filter(name => !allow.includes(name));
+
+    if (missing.length === 0) return;
+
+    for (const name of missing) allow.push(name);
+    writeFileSync(ocConfigPath, JSON.stringify(config, null, 2) + '\n');
+    log(`Reconciled openclaw.json tools.allow: added ${missing.join(', ')}`);
+  } catch (e) {
+    log(`Warning: failed to reconcile tools.allow: ${e.message}`);
+  }
+}
+
 // ── OpenClaw plugin naming (fix #8) ──
 
 function resolveOcPluginName(repoPath, toolName) {
@@ -1199,10 +1248,19 @@ export function installToolbox(repoPath) {
 // ── Full install pipeline ──
 
 export async function installFromPath(repoPath) {
+  // Heal tools.allow before any install runs, so the current session picks up
+  // any drift left by earlier broken installs (alpha.27/28 ReferenceError).
+  // Idempotent: no-op if plugins.entries and tools.allow are already in sync.
+  reconcileToolsAllow();
+
   const subTools = detectToolbox(repoPath);
 
   if (subTools.length > 0) {
-    return installToolbox(repoPath);
+    const result = installToolbox(repoPath);
+    // Heal again after toolbox install in case any plugin was newly registered
+    // in plugins.entries but never added to tools.allow by its deploy path.
+    reconcileToolsAllow();
+    return result;
   }
 
   const installed = installSingleTool(repoPath);
@@ -1219,6 +1277,10 @@ export async function installFromPath(repoPath) {
     console.log('');
   }
 
+  // Final reconcile pass after single-tool install, for the same reason as
+  // the toolbox branch above.
+  reconcileToolsAllow();
+
   return { tools: 1, interfaces: installed };
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ldm-os",
-  "version": "0.4.73-alpha.30",
+  "version": "0.4.73-alpha.32",
   "type": "module",
   "description": "LDM OS: identity, memory, and sovereignty infrastructure for AI agents",
   "engines": {

package/src/hooks/inbox-check-hook.mjs

@@ -6,11 +6,23 @@
  * and surfaces them as additionalContext before CC responds.
  *
  * Follows guard.mjs pattern: stdin JSON in, stdout JSON out, exit 0 always.
- * Does NOT mark messages as read... that's what lesa_check_inbox does.
+ *
+ * As of alpha.31 this hook DOES mark messages as `read: true` after
+ * surfacing them. Previously we deferred draining to `lesa_check_inbox`,
+ * but that caused a dedup race with `inbox-rewake-hook.mjs`: if layer 2
+ * (this hook) surfaced a message without marking it read, then layer 1
+ * (the rewake Stop hook) would fire on the same unread message on the
+ * next Stop event and re-deliver it, costing another model turn. Marking
+ * read here makes the two layers cooperative ... each unread message
+ * surfaces exactly once regardless of which layer catches it first.
+ *
+ * See the dedup diagnosis in:
+ *   ai/product/plans-prds/bridge/2026-04-11--cc-mini--autonomous-push-architecture.md
+ *
  * Zero external dependencies beyond node:fs and node:path.
  */
 
-import { existsSync, readFileSync, readdirSync } from 'node:fs';
+import { existsSync, readFileSync, readdirSync, writeFileSync } from 'node:fs';
 import { join, basename } from 'node:path';
 import { homedir } from 'node:os';
 
@@ -29,6 +41,25 @@ function readJSON(path) {
   }
 }
 
+/**
+ * Mark a message file's `read` field to true so the rewake hook and
+ * future UserPromptSubmit invocations skip it. Idempotent and best
+ * effort; failures are swallowed because they are not fatal ... the
+ * worst case is that we re-surface the message once more, which is
+ * the old (pre-alpha.31) behavior.
+ */
+function markRead(filePath) {
+  try {
+    const data = readJSON(filePath);
+    if (!data) return;
+    if (data.read === true) return;
+    data.read = true;
+    writeFileSync(filePath, JSON.stringify(data, null, 2) + '\n');
+  } catch {
+    // Non-fatal.
+  }
+}
+
 function getAgentId() {
   // Try LDM config first
   const config = readJSON(LDM_CONFIG_PATH);
@@ -141,7 +172,8 @@ async function main() {
   const seen = new Set();
 
   for (const file of files) {
-    const data = readJSON(join(MESSAGES_DIR, file));
+    const fullPath = join(MESSAGES_DIR, file);
+    const data = readJSON(fullPath);
     if (!data) continue;
 
     // Skip already-read messages (if the field exists)
@@ -155,6 +187,12 @@ async function main() {
     if (data.id) seen.add(data.id);
 
     pending.push(data);
+
+    // Mark the message read on disk so the rewake hook (layer 1) does
+    // not re-deliver it on the next Stop event and cost another model
+    // turn. This was the dedup race observed and reported by the canary
+    // session during the alpha.30 autonomous-push test.
+    markRead(fullPath);
   }
 
   // Fast exit if nothing pending

package/src/hooks/inbox-rewake-hook.mjs

@@ -195,19 +195,62 @@ function markRead(filePath) {
   }
 }
 
-function fireMessage(msg, filePath, lockPath, agentId, sessionName) {
-  markRead(filePath);
+/**
+ * Batch fire: mark every matching pending file read, then write a
+ * single combined payload to stderr and exit code 2. One wake cycle
+ * surfaces every message that was pending at the moment we scanned,
+ * instead of one wake per message (which costs one model turn each
+ * and adds up quickly under load). Shipped in alpha.31 after the
+ * canary session reported "each message = one wake = one Opus turn"
+ * during the alpha.30 autonomous-push test.
+ *
+ * Messages are sorted oldest first before output so the reader sees
+ * them in the original arrival order.
+ *
+ * Marks are written before stderr output so that if the process dies
+ * mid-fire (SIGKILL, crash), the files are still flagged read and we
+ * do not re-deliver the same batch on the next wake.
+ */
+function fireBatch(matches, lockPath, agentId, sessionName) {
+  // Mark read first for atomicity against mid-fire death.
+  for (const { filePath } of matches) markRead(filePath);
+
+  matches.sort((a, b) => {
+    const ta = a.data.timestamp || '';
+    const tb = b.data.timestamp || '';
+    return ta.localeCompare(tb);
+  });
 
-  const body =
+  const plural = matches.length > 1 ? 's' : '';
+  const header =
     `== Bridge Push (autonomous) ==\n` +
-    `You have 1 new message delivered by the inbox-rewake hook while you were idle. ` +
-    `The message was addressed to ${agentId}:${sessionName} and is now marked read in the inbox.\n\n` +
-    `[${msg.type || 'chat'}] from ${msg.from || 'unknown'} (${msg.timestamp || 'no timestamp'}):\n` +
-    `${msg.body || '(empty)'}\n\n` +
-    `Acknowledge or respond as appropriate. Use lesa_check_inbox or ldm_send_message to continue the thread.`;
-
-  process.stderr.write(body);
-  process.stderr.write(`\n${TAG} fired for ${msg.id || '(no id)'} to ${agentId}:${sessionName}\n`);
+    `You have ${matches.length} new message${plural} delivered by the inbox-rewake ` +
+    `hook while you were idle. They are addressed to ${agentId}:${sessionName} and ` +
+    `are now marked read in the inbox.\n\n`;
+
+  const body = matches
+    .map(({ data: m }) => {
+      const h =
+        `[${m.type || 'chat'}] from ${m.from || 'unknown'} ` +
+        `(${m.timestamp || 'no timestamp'}):`;
+      return `${h}\n${m.body || '(empty)'}`;
+    })
+    .join('\n\n---\n\n');
+
+  const footer =
+    `\n\nAcknowledge or respond as appropriate. Use lesa_check_inbox or ` +
+    `ldm_send_message to continue the thread.`;
+
+  process.stderr.write(header + body + footer);
+
+  const idList = matches
+    .map((m) => m.data.id || '(no id)')
+    .slice(0, 5)
+    .join(', ');
+  const trailer = matches.length > 5 ? ` (+${matches.length - 5} more)` : '';
+  process.stderr.write(
+    `\n${TAG} fired for ${matches.length} message${plural} to ${agentId}:${sessionName}: ${idList}${trailer}\n`,
+  );
 
   releaseLock(lockPath);
   process.exit(2);
@@ -261,31 +304,38 @@ async function main() {
   // writing `read: true` to disk and the next scan picking it up.
   const seen = new Set();
 
-  function inspectFile(filePath) {
-    const data = readJSON(filePath);
-    if (!data) return false;
-    if (data.read === true) return false;
-    if (data.id && seen.has(data.id)) return false;
-    if (!messageMatchesAgent(data.to, agentId, sessionName)) return false;
-    if (data.id) seen.add(data.id);
-
-    fireMessage(data, filePath, lockPath, agentId, sessionName);
-    return true; // fireMessage exits, but be explicit.
-  }
-
-  function scanDir() {
+  function collectPending() {
+    const matches = [];
     try {
       const files = readdirSync(MESSAGES_DIR).filter((f) => f.endsWith('.json'));
       for (const file of files) {
-        if (inspectFile(join(MESSAGES_DIR, file))) return true;
+        const filePath = join(MESSAGES_DIR, file);
+        const data = readJSON(filePath);
+        if (!data) continue;
+        if (data.read === true) continue;
+        if (data.id && seen.has(data.id)) continue;
+        if (!messageMatchesAgent(data.to, agentId, sessionName)) continue;
+        if (data.id) seen.add(data.id);
+        matches.push({ data, filePath });
       }
     } catch {}
-    return false;
+    return matches;
+  }
+
+  function scanAndFire() {
+    const matches = collectPending();
+    if (matches.length > 0) {
+      // fireBatch marks read, writes stderr, releases lock, and exits
+      // the process. Control does not return.
+      fireBatch(matches, lockPath, agentId, sessionName);
+    }
   }
 
   // Initial scan: catch any messages that arrived between the previous
-  // hook instance exiting and this one starting up.
-  if (scanDir()) return;
+  // hook instance exiting and this one starting up. If any match, we
+  // fire immediately and exit; the caller never sees this function
+  // return.
+  scanAndFire();
 
   // Set up the fs.watch for new messages.
   let watcher;
@@ -295,7 +345,7 @@ async function main() {
       // Re-scan on every event. fs.watch can coalesce or miss events
       // under load, so scanning the directory is more reliable than
       // trusting the filename argument alone.
-      scanDir();
+      scanAndFire();
     });
   } catch (e) {
     process.stderr.write(`${TAG} fs.watch failed: ${e.message}\n`);