@zeulewan/glueclaw-provider 1.4.0 → 2.0.0

package/README.md

@@ -8,7 +8,7 @@ Uses the official Claude CLI and scrubs out [Anthropic's detection triggers](doc
 
 ## Install
 
-Requires [OpenClaw](https://docs.openclaw.ai) 2026.4.10+, [Claude Code](https://claude.ai/claude-code) logged in with Max, and Node.js 22+. Non-destructive, won't touch your existing config or sessions.
+Requires [OpenClaw](https://docs.openclaw.ai) 2026.5.x+, [Claude Code](https://claude.ai/claude-code) logged in with Max, and Node.js 22+. Non-destructive, won't touch your existing config or sessions.
 
 ### npm (recommended)
 
@@ -66,7 +66,8 @@ export GLUECLAW_REQUEST_TIMEOUT_MS=600000
 
 - Tested with Telegram and OpenClaw TUI
 - Switching between GlueClaw and other backends (e.g. Codex) works seamlessly via `/model`
-- The installer patches one file in OpenClaw's dist to expose the MCP loopback token to plugins. A `.glueclaw-bak` backup is created.
+- The installer does not patch OpenClaw's dist. GlueClaw starts the MCP loopback in-process when available.
+- Multi-agent setups are isolated end-to-end: each agent gets its own Claude project storage and its own session-id cache, anchored at the agent's `workspaceDir`. See the [multi-agent guide](docs/multi-agent.md).
 
 ## Disclaimer
 

package/index.ts

@@ -1,11 +1,10 @@
-import { basename } from "node:path";
 import {
   definePluginEntry,
   type OpenClawPluginApi,
 } from "openclaw/plugin-sdk/plugin-entry";
 import { createClaudeCliStreamFn } from "./src/stream.js";
 import { MODEL_CATALOG } from "./src/catalog.js";
-import { resolveSessionKey } from "./src/session-key.js";
+import { resolveAgentId, resolveSessionKey } from "./src/session-key.js";
 
 const PROVIDER_ID = "glueclaw";
 const PROVIDER_LABEL = "GlueClaw";
@@ -33,13 +32,28 @@ function resolveRequestTimeoutMs(): number {
 
 export default definePluginEntry({
   register(api: OpenClawPluginApi): void {
-    const authProfile = () =>
+    const syntheticAuth = () =>
       ({
         apiKey: AUTH_KEY,
         source: AUTH_SOURCE,
         mode: "api-key" as const,
       }) as const;
 
+    const authResult = () =>
+      ({
+        profiles: [
+          {
+            profileId: `${PROVIDER_ID}:default`,
+            credential: {
+              type: "api_key" as const,
+              provider: PROVIDER_ID,
+              key: AUTH_KEY,
+            },
+          },
+        ],
+        notes: ["Uses local Claude CLI OAuth (Max subscription)."],
+      }) as const;
+
     api.registerProvider({
       id: PROVIDER_ID,
       label: PROVIDER_LABEL,
@@ -47,11 +61,11 @@ export default definePluginEntry({
       envVars: ["GLUECLAW_KEY"],
       auth: [
         {
-          method: "local",
+          id: "local",
           label: "Local Claude CLI",
           hint: "Uses your locally installed claude binary",
-          authenticate: async () => authProfile(),
-          authenticateNonInteractive: async () => authProfile(),
+          kind: "custom" as const,
+          run: async () => authResult(),
         },
       ],
       catalog: {
@@ -87,21 +101,25 @@ export default definePluginEntry({
         agentDir?: string;
         sessionId?: string;
         sessionKey?: string;
+        workspaceDir?: string;
       }) => {
+        if (!ctx.workspaceDir) {
+          throw new Error(
+            "GlueClaw requires ProviderCreateStreamFnContext.workspaceDir, " +
+              "available in OpenClaw 2026.5.x+. Upgrade OpenClaw to a release " +
+              "that surfaces workspaceDir to provider plugins.",
+          );
+        }
         const realModel = MODEL_MAP[ctx.modelId] ?? ctx.modelId;
-        const agentId = ctx.agentDir ? basename(ctx.agentDir) : undefined;
         return createClaudeCliStreamFn({
           sessionKey: resolveSessionKey(ctx),
-          agentId,
+          agentId: resolveAgentId(ctx),
+          workspaceDir: ctx.workspaceDir,
           modelOverride: realModel,
           requestTimeoutMs: resolveRequestTimeoutMs(),
         });
       },
-      resolveSyntheticAuth: () => ({
-        apiKey: AUTH_KEY,
-        source: AUTH_SOURCE,
-        mode: "api-key",
-      }),
+      resolveSyntheticAuth: () => syntheticAuth(),
       augmentModelCatalog: () => [...MODEL_CATALOG],
     });
   },

package/install.sh

@@ -29,14 +29,6 @@ oc_config() {
   }
 }
 
-sedi() {
-  if [[ "$(uname)" == "Darwin" ]]; then
-    sed -i '' "$@"
-  else
-    sed -i "$@"
-  fi
-}
-
 require_cmd() {
   command -v "$1" >/dev/null 2>&1 || die "$1 not found. $2"
 }
@@ -121,14 +113,6 @@ else
 fi
 echo ""
 
-# Find OpenClaw dist
-OPENCLAW_BIN="$(command -v openclaw)"
-OPENCLAW_ROOT="$(dirname "$OPENCLAW_BIN")/../lib/node_modules/openclaw"
-# Suppress not-found: fallback path may not exist
-[ ! -d "$OPENCLAW_ROOT/dist" ] && OPENCLAW_ROOT="$(npm root -g 2>/dev/null)/openclaw"
-[ ! -d "$OPENCLAW_ROOT/dist" ] && die "Cannot find OpenClaw dist"
-OPENCLAW_DIST="$OPENCLAW_ROOT/dist"
-
 # Detect shell config
 if [ -f "${HOME}/.zshrc" ]; then
   SHELL_RC="${HOME}/.zshrc"
@@ -142,17 +126,7 @@ fi
 
 GW_PID=""
 GW_LOG=""
-BACKUP_FILE=""
 cleanup() {
-  # Restore MCP patch backup if script failed mid-patch
-  if [ -n "$BACKUP_FILE" ] && [ -f "$BACKUP_FILE" ]; then
-    if [ -w "$(dirname "$BACKUP_FILE")" ]; then
-      mv "$BACKUP_FILE" "${BACKUP_FILE%.glueclaw-bak}" 2>/dev/null || true
-    else
-      sudo mv "$BACKUP_FILE" "${BACKUP_FILE%.glueclaw-bak}" 2>/dev/null || true
-    fi
-    echo "  Restored backup: $(basename "$BACKUP_FILE")" >&2
-  fi
   if [ -n "$GW_PID" ] && kill -0 "$GW_PID" 2>/dev/null; then
     kill "$GW_PID" 2>/dev/null || true
   fi
@@ -162,19 +136,19 @@ trap cleanup INT TERM
 
 # --- 1. Dependencies ---
 
-echo "[1/7] Installing dependencies..."
+echo "[1/6] Installing dependencies..."
 cd "$PLUGIN_DIR"
 npm install --silent || die "npm install failed"
 
 # --- 2. Environment ---
 
-echo "[2/7] Setting up environment..."
+echo "[2/6] Setting up environment..."
 ensure_line "$SHELL_RC" "GLUECLAW_KEY" "export GLUECLAW_KEY=local"
 export GLUECLAW_KEY=local
 
 # --- 3. Plugin registration ---
 
-echo "[3/7] Registering plugin..."
+echo "[3/6] Registering plugin..."
 # GlueClaw is on OpenClaw's official safe plugin list. Try standard install first,
 # fall back to --dangerously-force-unsafe-install for older OpenClaw versions,
 # then manual config as last resort.
@@ -188,7 +162,7 @@ fi
 
 # --- 4. Model config ---
 
-echo "[4/7] Configuring models..."
+echo "[4/6] Configuring models..."
 # These two are fatal — without them, nothing works
 oc_config models.providers.glueclaw \
   '{"baseUrl":"local://glueclaw","models":[{"id":"glueclaw-opus","name":"GlueClaw Opus","contextWindow":1000000},{"id":"glueclaw-sonnet","name":"GlueClaw Sonnet","contextWindow":1000000},{"id":"glueclaw-haiku","name":"GlueClaw Haiku","contextWindow":200000}]}' \
@@ -211,47 +185,20 @@ oc_config gateway.tools.allow \
 
 # --- 5. Auth profile ---
 
-echo "[5/7] Setting up auth..."
+echo "[5/6] Setting up auth..."
 AGENT_DIR="${HOME}/.openclaw/agents/main/agent"
 mkdir -p "$AGENT_DIR" || die "Cannot create $AGENT_DIR"
 AUTH_FILE="$AGENT_DIR/auth-profiles.json"
 write_auth_profile "$AUTH_FILE"
 
-# --- 6. Patch: MCP bridge ---
-
-echo "[6/7] Patching gateway for MCP bridge..."
-SERVER_FILE=$(grep -rl "mcp loopback listening" "$OPENCLAW_DIST"/*.js 2>/dev/null | head -n 1)
-[ -z "$SERVER_FILE" ] && die "Cannot find MCP loopback in OpenClaw dist — incompatible version?"
-
-# Use sudo for file operations if dist directory is not writable (global npm install)
-ELEVATE=""
-if [ ! -w "$OPENCLAW_DIST" ]; then
-  echo "  OpenClaw dist is root-owned, using sudo for patch..."
-  ELEVATE="sudo"
-fi
-
-if ! grep -q "__GLUECLAW_MCP" "$SERVER_FILE"; then
-  $ELEVATE cp "$SERVER_FILE" "${SERVER_FILE}.glueclaw-bak" || die "Cannot backup $SERVER_FILE"
-  BACKUP_FILE="${SERVER_FILE}.glueclaw-bak"
-  # shellcheck disable=SC2016
-  if [ -n "$ELEVATE" ]; then
-    $ELEVATE sed -i 's/logDebug(`mcp loopback listening/process.env.__GLUECLAW_MCP_PORT = String(address.port); process.env.__GLUECLAW_MCP_TOKEN = token; logDebug(`mcp loopback listening/' "$SERVER_FILE" ||
-      die "Failed to patch $SERVER_FILE"
-  else
-    sedi 's/logDebug(`mcp loopback listening/process.env.__GLUECLAW_MCP_PORT = String(address.port); process.env.__GLUECLAW_MCP_TOKEN = token; logDebug(`mcp loopback listening/' "$SERVER_FILE" ||
-      die "Failed to patch $SERVER_FILE"
-  fi
-  # Validate the patch actually applied
-  grep -q "__GLUECLAW_MCP_PORT" "$SERVER_FILE" || die "MCP patch did not apply — sed replacement failed"
-  BACKUP_FILE=""  # Patch succeeded, don't restore on cleanup
-  echo "  Patched $(basename "$SERVER_FILE")"
-else
-  echo "  Already patched"
-fi
-
-# --- 7. Restart gateway ---
+# --- 6. Restart gateway ---
+# Note: GlueClaw bootstraps OpenClaw's MCP loopback in-process from
+# src/stream.ts (see docs/RFC-001-sessions-send-native.md). No dist patching
+# is needed — GlueClaw shares OpenClaw's module cache as an in-process
+# provider, so calling ensureMcpLoopbackServer() and getActiveMcpLoopbackRuntime()
+# directly is sufficient.
 
-echo "[7/7] Starting gateway..."
+echo "[6/6] Starting gateway..."
 # Stop any existing gateway first
 pkill -f "openclaw.*gateway" 2>/dev/null || true
 openclaw gateway stop 2>/dev/null || true
@@ -312,4 +259,4 @@ echo "  Default: glueclaw/glueclaw-sonnet"
 echo ""
 echo "  Run: openclaw tui"
 echo ""
-echo "  Re-run after OpenClaw updates to re-apply patches."
+echo "  Re-run after OpenClaw updates to refresh plugin registration."

package/openclaw.plugin.json

@@ -5,6 +5,14 @@
   "providerAuthEnvVars": {
     "glueclaw": ["GLUECLAW_KEY"]
   },
+  "setup": {
+    "providers": [
+      {
+        "id": "glueclaw",
+        "envVars": ["GLUECLAW_KEY"]
+      }
+    ]
+  },
   "providerAuthChoices": [
     {
       "provider": "glueclaw",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zeulewan/glueclaw-provider",
-  "version": "1.4.0",
+  "version": "2.0.0",
   "description": "GlueClaw - Claude CLI subprocess provider for Max subscription",
   "type": "module",
   "engines": {

package/src/stream.ts

@@ -7,12 +7,14 @@ import {
   rmSync,
   renameSync,
 } from "node:fs";
-import { join } from "node:path";
+import { basename, delimiter, dirname, join, normalize } from "node:path";
 import { tmpdir } from "node:os";
 import { randomBytes } from "node:crypto";
+import { pathToFileURL } from "node:url";
 import { createAssistantMessageEventStream } from "@mariozechner/pi-ai";
 import type { StreamFn } from "@mariozechner/pi-agent-core";
 import type { AssistantMessage, Usage, TextContent } from "@mariozechner/pi-ai";
+import { deriveTurnSessionKey } from "./session-key.js";
 
 const PROCESS_TIMEOUT_MS = 5000;
 const REQUEST_TIMEOUT_MS = 120_000;
@@ -24,6 +26,8 @@ interface StreamEventData {
   subtype?: string;
   session_id?: string;
   result?: string;
+  is_error?: boolean;
+  errors?: string[];
   usage?: Record<string, number>;
   event?: {
     delta?: { type?: string; text?: string };
@@ -34,31 +38,53 @@ interface StreamEventData {
 }
 
 /** Track claude session IDs per session key for multi-turn resume.
- *  Persisted to disk so sessions survive gateway restarts. */
-const GC_HOME = join(process.env.HOME ?? tmpdir(), ".glueclaw");
-const SESSION_FILE = join(GC_HOME, "sessions.json");
-const sessionMap = new Map<string, string>();
-
-// Load persisted sessions on startup
-try {
-  const saved = JSON.parse(readFileSync(SESSION_FILE, "utf8"));
-  for (const [k, v] of Object.entries(saved)) {
-    if (typeof v === "string") sessionMap.set(k, v);
+ *  Persisted at `<workspaceDir>/.glueclaw/sessions.json`, so each OpenClaw
+ *  agent gets its own session cache. Requires OpenClaw 2026.5.x+ which
+ *  surfaces `ProviderCreateStreamFnContext.workspaceDir` to the plugin. */
+
+type SessionStore = { filePath: string; map: Map<string, string> };
+const sessionStores = new Map<string, SessionStore>();
+
+function sessionFilePath(workspaceDir: string): string {
+  return join(workspaceDir, ".glueclaw", "sessions.json");
+}
+
+function getSessionStore(workspaceDir: string): SessionStore {
+  const filePath = sessionFilePath(workspaceDir);
+  let store = sessionStores.get(filePath);
+  if (!store) {
+    const map = new Map<string, string>();
+    try {
+      const saved = JSON.parse(readFileSync(filePath, "utf8"));
+      for (const [k, v] of Object.entries(saved)) {
+        if (typeof v === "string") map.set(k, v);
+      }
+    } catch {
+      // Expected on first run when session file doesn't exist
+    }
+    store = { filePath, map };
+    sessionStores.set(filePath, store);
   }
-} catch {
-  // Expected on first run when session file doesn't exist
+  return store;
 }
 
-export function persistSessions(): void {
+function persistStore(store: SessionStore): void {
   try {
-    const tmp = SESSION_FILE + ".tmp";
-    writeFileSync(tmp, JSON.stringify(Object.fromEntries(sessionMap)));
-    renameSync(tmp, SESSION_FILE); // Atomic on most filesystems
+    mkdirSync(dirname(store.filePath), { recursive: true });
+    const tmp = store.filePath + ".tmp";
+    writeFileSync(tmp, JSON.stringify(Object.fromEntries(store.map)));
+    renameSync(tmp, store.filePath); // Atomic on most filesystems
   } catch {
     // Best-effort persistence — non-fatal if disk write fails
   }
 }
 
+/** Persist all known session stores to disk. Exported for tests and callers
+ *  that want to flush state explicitly. */
+export function persistSessions(): void {
+  for (const store of sessionStores.values()) persistStore(store);
+}
+
 export function buildUsage(raw?: Record<string, number>): Usage {
   return {
     input: raw?.input_tokens ?? 0,
@@ -91,12 +117,99 @@ export function buildMsg(
   };
 }
 
-/** Get the MCP loopback port and token from process.env.
- *  The gateway patches write these during MCP server startup. */
-export function getMcpLoopback(): { port: number; token: string } | undefined {
-  const port = process.env.__GLUECLAW_MCP_PORT;
+interface McpLoopbackRuntime {
+  port: number;
+  ownerToken: string;
+  nonOwnerToken?: string;
+}
+
+let _mcpLoopback: { port: number; token: string } | undefined;
+let _mcpBootstrapAttempted = false;
+
+function getEnvMcpLoopback(): { port: number; token: string } | undefined {
+  const portRaw = process.env.__GLUECLAW_MCP_PORT;
   const token = process.env.__GLUECLAW_MCP_TOKEN;
-  if (port && token) return { port: parseInt(port, 10), token };
+  if (!portRaw || !token) return undefined;
+
+  const port = Number.parseInt(portRaw, 10);
+  if (!Number.isFinite(port) || port <= 0) return undefined;
+  return { port, token };
+}
+
+function openClawDistFromNodePath(nodePath: string): string | undefined {
+  const normalized = normalize(nodePath);
+  if (!normalized.includes("openclaw")) return undefined;
+  if (basename(normalized) !== "node_modules") return undefined;
+  return join(dirname(normalized), "dist");
+}
+
+export function resetMcpLoopbackForTests(): void {
+  _mcpLoopback = undefined;
+  _mcpBootstrapAttempted = false;
+}
+
+/** Bootstrap OpenClaw's MCP loopback server in-process and return the
+ *  port + owner token. GlueClaw runs inside the gateway process, so we
+ *  share OpenClaw's module cache: importing the same `mcp-http-*.js`
+ *  the gateway loaded gives us the singleton, and a no-op when another
+ *  caller already started it.
+ *
+ *  Returns undefined if the OpenClaw dist cannot be located or its API
+ *  has changed — in that case the claude subprocess simply runs without
+ *  session tools, matching pre-RFC-001 behavior. */
+export async function getMcpLoopback(): Promise<
+  { port: number; token: string } | undefined
+> {
+  const envLoopback = getEnvMcpLoopback();
+  if (envLoopback) return envLoopback;
+
+  if (_mcpLoopback) return _mcpLoopback;
+  if (_mcpBootstrapAttempted) return undefined;
+  _mcpBootstrapAttempted = true;
+
+  try {
+    const { readdir } = await import("node:fs/promises");
+    const nodePaths = (process.env.NODE_PATH ?? "").split(delimiter);
+    const distDirs = nodePaths
+      .map(openClawDistFromNodePath)
+      .filter((p): p is string => Boolean(p));
+
+    for (const distDir of distDirs) {
+      try {
+        const files = await readdir(distDir);
+        const mcpFile = files.find(
+          (f) => f.startsWith("mcp-http-") && f.endsWith(".js"),
+        );
+        if (!mcpFile) continue;
+        const mod = (await import(
+          pathToFileURL(join(distDir, mcpFile)).href
+        )) as Record<string, unknown>;
+        // Minified aliases: n=ensureMcpLoopbackServer, i=getActiveMcpLoopbackRuntime
+        const ensureFn = (mod["n"] ?? mod["ensureMcpLoopbackServer"]) as
+          | (() => Promise<unknown>)
+          | undefined;
+        const getRuntime = (mod["i"] ?? mod["getActiveMcpLoopbackRuntime"]) as
+          | (() => McpLoopbackRuntime | undefined)
+          | undefined;
+        if (
+          typeof ensureFn !== "function" ||
+          typeof getRuntime !== "function"
+        ) {
+          continue;
+        }
+        await ensureFn();
+        const runtime = getRuntime();
+        if (runtime?.port && runtime.ownerToken) {
+          _mcpLoopback = { port: runtime.port, token: runtime.ownerToken };
+          return _mcpLoopback;
+        }
+      } catch {
+        continue;
+      }
+    }
+  } catch {
+    // Non-fatal: session tools simply won't be available
+  }
   return undefined;
 }
 
@@ -158,11 +271,50 @@ export function unscrubResponse(text: string): string {
     .replace(/\[\[reply:/g, "[[reply_to:");
 }
 
-/** Evict oldest sessions when map exceeds MAX_SESSIONS */
-function evictSessions(): void {
-  while (sessionMap.size > MAX_SESSIONS) {
-    const oldest = sessionMap.keys().next().value;
-    if (oldest !== undefined) sessionMap.delete(oldest);
+type MessageLike = { role: string; content: unknown };
+
+function extractTextContent(content: unknown): string {
+  if (typeof content === "string") return content;
+  if (!Array.isArray(content)) return "";
+  return content
+    .filter(
+      (b): b is TextContent =>
+        typeof b === "object" &&
+        b !== null &&
+        (b as { type?: unknown }).type === "text" &&
+        typeof (b as { text?: unknown }).text === "string",
+    )
+    .map((b) => b.text)
+    .join("\n");
+}
+
+function isOpenClawRuntimeMetadata(text: string): boolean {
+  // OpenClaw injects per-turn context blocks as user-role messages on
+  // channel inbound. Each one's first line is a labelled
+  // "<Section> (untrusted metadata):" header, e.g.:
+  //   - "Sender (untrusted metadata):"
+  //   - "Conversation info (untrusted metadata):"
+  // Match the suffix on the first non-empty line so we recognize current
+  // and future labels without churning this list. See zeulewan/glueclaw#39.
+  const firstLine = text.split(/\r?\n/, 1)[0]?.trim();
+  return /\(untrusted metadata\):$/.test(firstLine ?? "");
+}
+
+export function extractPromptText(messages: MessageLike[] | undefined): string {
+  for (let i = (messages?.length ?? 0) - 1; i >= 0; i--) {
+    const message = messages?.[i];
+    if (!message || message.role !== "user") continue;
+    const text = extractTextContent(message.content);
+    if (text && !isOpenClawRuntimeMetadata(text)) return text;
+  }
+  return "";
+}
+
+/** Evict oldest sessions when a workspace's map exceeds MAX_SESSIONS */
+function evictStore(store: SessionStore): void {
+  while (store.map.size > MAX_SESSIONS) {
+    const oldest = store.map.keys().next().value;
+    if (oldest !== undefined) store.map.delete(oldest);
     else break;
   }
 }
@@ -171,6 +323,7 @@ export function createClaudeCliStreamFn(opts: {
   claudeBin?: string;
   sessionKey?: string;
   agentId?: string;
+  workspaceDir: string;
   modelOverride?: string;
   requestTimeoutMs?: number;
 }): StreamFn {
@@ -184,6 +337,15 @@ export function createClaudeCliStreamFn(opts: {
       let mcpCleanup: (() => void) | undefined;
       let stderrBuf = "";
       try {
+        const turnSessionKey = deriveTurnSessionKey({
+          agentId: opts.agentId,
+          systemPrompt: context.systemPrompt,
+          messages: context.messages as
+            | Array<{ role: string; content: unknown }>
+            | undefined,
+        });
+        const effectiveSessionKey =
+          turnSessionKey ?? opts.sessionKey ?? "default";
         // Scrub Anthropic detection triggers (see docs/detection-patterns.md)
         const cleanPrompt = scrubPrompt(context.systemPrompt ?? "");
         const resolvedModel = opts.modelOverride ?? model.id;
@@ -200,29 +362,18 @@ export function createClaudeCliStreamFn(opts: {
         // otherwise stick to whatever identity was used on the first turn,
         // leaving no way for callers to reinforce or correct an agent's
         // identity across turns.
-        const sessionKey = `glueclaw:${opts.sessionKey ?? "default"}`;
-        const existingSessionId = sessionMap.get(sessionKey);
+        const sessionKey = `glueclaw:${effectiveSessionKey}`;
+        const sessionStore = getSessionStore(opts.workspaceDir);
+        const existingSessionId = sessionStore.map.get(sessionKey);
         if (existingSessionId) {
           args.push("--resume", existingSessionId);
         }
         if (cleanPrompt) args.push("--system-prompt", cleanPrompt);
         if (resolvedModel) args.push("--model", resolvedModel);
 
-        // Debug: log args for resume troubleshooting
-        // Extract user message and scrub it too
-        const lastUser = [...(context.messages ?? [])]
-          .reverse()
-          .find((m) => m.role === "user");
-        let prompt = "";
-        if (lastUser) {
-          const c = lastUser.content;
-          if (typeof c === "string") prompt = c;
-          else if (Array.isArray(c))
-            prompt = c
-              .filter((b): b is TextContent => b.type === "text")
-              .map((b) => b.text)
-              .join("\n");
-        }
+        const prompt = extractPromptText(
+          context.messages as MessageLike[] | undefined,
+        );
         if (prompt) args.push(prompt);
 
         const env = { ...process.env };
@@ -230,24 +381,35 @@ export function createClaudeCliStreamFn(opts: {
         delete env.ANTHROPIC_API_KEY_OLD;
 
         // Wire up MCP bridge for OpenClaw gateway tools
-        const loopback = getMcpLoopback();
+        const loopback = await getMcpLoopback();
         if (loopback) {
+          if (!opts.agentId) {
+            // Refuse to silently mis-stamp MCP loopback auth as a default
+            // agent — that's how zeulewan/glueclaw#36 hid behind a working
+            // setup whenever the active agent happened to be named "main".
+            throw new Error(
+              "GlueClaw cannot wire MCP loopback without a resolved agent id. " +
+                "OpenClaw did not propagate sessionKey or a parseable agentDir " +
+                "to the provider, so identity stamping would be ambiguous. " +
+                "See zeulewan/glueclaw#36.",
+            );
+          }
           const mcp = writeMcpConfig(loopback.port);
           mcpCleanup = mcp.cleanup;
           args.push("--strict-mcp-config", "--mcp-config", mcp.path);
           env.OPENCLAW_MCP_TOKEN = loopback.token;
-          env.OPENCLAW_MCP_SESSION_KEY = opts.sessionKey ?? "";
-          env.OPENCLAW_MCP_AGENT_ID = opts.agentId ?? "main";
+          env.OPENCLAW_MCP_SESSION_KEY = effectiveSessionKey;
+          env.OPENCLAW_MCP_AGENT_ID = opts.agentId;
           env.OPENCLAW_MCP_ACCOUNT_ID = "";
           env.OPENCLAW_MCP_MESSAGE_CHANNEL = "";
         }
 
-        // Use persistent dir so claude sessions survive restarts
-        const gcHome = join(process.env.HOME ?? "/tmp", ".glueclaw");
-        mkdirSync(gcHome, { recursive: true });
+        // Anchor Claude's project storage at the active OpenClaw agent
+        // workspace so per-agent state stays isolated.
+        mkdirSync(opts.workspaceDir, { recursive: true });
         const proc = spawn(claudeBin, args, {
           stdio: ["pipe", "pipe", "pipe"],
-          cwd: gcHome,
+          cwd: opts.workspaceDir,
           env,
         });
         if (options?.signal)
@@ -334,9 +496,9 @@ export function createClaudeCliStreamFn(opts: {
           if (type === "system" && data.subtype === "init") {
             const sid = data.session_id;
             if (sid) {
-              sessionMap.set(sessionKey, sid);
-              evictSessions();
-              persistSessions();
+              sessionStore.map.set(sessionKey, sid);
+              evictStore(sessionStore);
+              persistStore(sessionStore);
             }
             continue;
           }
@@ -418,11 +580,46 @@ export function createClaudeCliStreamFn(opts: {
 
           // Result event (final) - authoritative response
           if (type === "result") {
+            const isError =
+              data.is_error === true ||
+              data.subtype === "error_during_execution";
             const sid = data.session_id;
-            if (sid) {
-              sessionMap.set(sessionKey, sid);
-              evictSessions();
-              persistSessions();
+            if (sid && !isError) {
+              // Only persist the session id from a successful turn —
+              // claude emits a fresh session_id even on hard failures
+              // (e.g. stale --resume), and persisting that id would
+              // perpetuate the failure on every subsequent turn.
+              // See zeulewan/glueclaw#37.
+              sessionStore.map.set(sessionKey, sid);
+              evictStore(sessionStore);
+              persistStore(sessionStore);
+            }
+            if (isError) {
+              // The cached resume id is the most likely culprit (claude
+              // reports a missing conversation when the id has gone
+              // stale). Drop it so the next turn starts a fresh session.
+              if (existingSessionId) {
+                sessionStore.map.delete(sessionKey);
+                persistStore(sessionStore);
+              }
+              // Pick the most informative error string claude emitted:
+              //   - errors[] (e.g. "No conversation found with session ID: …")
+              //   - result   (e.g. "Failed to authenticate. API Error: 401 …")
+              //   - api_error_status alone (e.g. 401, 429)
+              // data.subtype is intentionally not used: even on real errors
+              // it can be the literal string "success" (it tags the result
+              // schema, not the outcome).
+              const apiStatus = (data as { api_error_status?: unknown })
+                .api_error_status;
+              const errText =
+                Array.isArray(data.errors) && data.errors.length > 0
+                  ? data.errors.join("; ")
+                  : typeof data.result === "string" && data.result.trim()
+                    ? data.result.trim()
+                    : typeof apiStatus === "number"
+                      ? `claude CLI failed with HTTP ${apiStatus}`
+                      : "claude CLI returned an error";
+              throw new Error(errText);
             }
             // Only use result text if nothing came through streaming or assistant
             if (!text) {