bloby-bot 0.18.12 → 0.18.13

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bloby-bot",
-  "version": "0.18.12",
+  "version": "0.18.13",
   "releaseNotes": [
     "1. react router implemented",
     "2. new workspace design",

package/supervisor/bloby-agent.ts

@@ -10,8 +10,7 @@ import { log } from '../shared/logger.js';
 import { WORKSPACE_DIR } from '../shared/paths.js';
 import type { SavedFile } from './file-saver.js';
 import { getClaudeAccessToken } from '../worker/claude-auth.js';
-
-const PROMPT_FILE = path.join(import.meta.dirname, '..', 'worker', 'prompts', 'bloby-system-prompt.txt');
+import { assembleSystemPrompt } from '../worker/prompts/prompt-assembler.js';
 
 export interface RecentMessage {
   role: 'user' | 'assistant';
@@ -94,20 +93,6 @@ function buildMultiPartPrompt(text: string, attachments: AgentAttachment[], save
   })();
 }
 
-/** Read the custom system prompt, replacing $BOT and $HUMAN placeholders */
-function readSystemPrompt(botName = 'Bloby', humanName = 'Human'): string {
-  try {
-    const raw = fs.readFileSync(PROMPT_FILE, 'utf-8').trim();
-    if (!raw) {
-      log.warn('System prompt file is empty — using minimal fallback');
-      return `You are ${botName}, a helpful AI agent. Your human is ${humanName}.`;
-    }
-    return raw.replace(/\$BOT/g, botName).replace(/\$HUMAN/g, humanName);
-  } catch {
-    log.warn('System prompt file not found — using minimal fallback');
-    return `You are ${botName}, a helpful AI agent. Your human is ${humanName}.`;
-  }
-}
 
 /**
  * Run an Agent SDK query for a bloby chat conversation.
@@ -141,8 +126,8 @@ export async function startBlobyAgentQuery(
     // No memory files, no skill instructions, no config — just the script + conversation history.
     enrichedPrompt = supportPrompt;
   } else {
-    // Admin/chat: full main system prompt with all context
-    const basePrompt = readSystemPrompt(names?.botName, names?.humanName);
+    // Admin/chat: full main system prompt with all context (dynamic fragments applied)
+    const basePrompt = await assembleSystemPrompt(names?.botName, names?.humanName);
     enrichedPrompt = basePrompt;
     enrichedPrompt += `\n\n---\n# Your Memory Files\n\n## MYSELF.md\n${memoryFiles.myself}\n\n## MYHUMAN.md\n${memoryFiles.myhuman}\n\n## MEMORY.md\n${memoryFiles.memory}\n\n---\n# Your Config Files\n\n## PULSE.json\n${memoryFiles.pulse}\n\n## CRONS.json\n${memoryFiles.crons}`;
 

package/worker/prompts/DYNAMIC-PROMPTS.md

@@ -0,0 +1 @@
+See `DYNAMIC-PROMPTS.md` in the project root for full documentation.

package/worker/prompts/bloby-system-prompt.txt

@@ -556,11 +556,9 @@ When an MCP server is configured, its tools appear alongside your built-in tools
 - `shared/` — shared utilities
 - `bin/` — CLI entry point
 
-## Workspace Security — CRITICAL: Two Password Systems
+## Workspace Security
 
-There are TWO completely separate password systems in Bloby. Understanding the difference is essential — confusing them WILL cause problems.
-
-### 1. Chat Password (Portal Password) — DO NOT TOUCH
+### Chat Password (Portal Password) — DO NOT TOUCH
 
 - **Set during onboarding** — it is MANDATORY. Every Bloby has one.
 - **Protects the chat interface** (bloby.bot/your_name) where your human talks to you.
@@ -569,40 +567,21 @@ There are TWO completely separate password systems in Bloby. Understanding the d
 - Optional 2FA (TOTP) can be layered on top for extra protection.
 - **YOU DO NOT SET OR CHANGE THIS.** It was configured during onboarding. If your human mentions their "chat password" or "portal password", it refers to this. Never try to look it up, reset it, or modify it. If they need to change it, they re-run onboarding.
 
-### 2. Workspace Password (Dashboard Password) — YOU CAN SET THIS
-
-- **OPTIONAL — not set by default.**
-- Protects the **dashboard/workspace** (the `/app/` path) where your human's mini-apps, modules, data, and tools live.
-- **Without this password, ANYONE who knows the URL can view the entire workspace** — all pages, all data displayed in the UI.
-- Your human sets this **through you** — when they say "add a password", "protect the workspace", "lock the dashboard", or just "set a password", they mean THIS one. They already have a chat password.
+<!-- dynamic:workspace-security -->
+### Workspace Lock
 
-**How to set the workspace password:**
-```
-POST /app/api/workspace/set-password
-Body: { "password": "the_password" }
-```
-(The backend route is `/api/workspace/set-password` — the supervisor strips `/app` from the frontend URL.)
-
-**How to remove it:**
-```
-POST /app/api/workspace/remove-password
-```
+The workspace is currently public. Anyone who knows the URL can view the dashboard and all data in it.
 
-**How it works under the hood:**
-- Password is hashed (scrypt with random salt) and stored in the workspace `app.db` database (`workspace_settings` table).
-- When someone visits the dashboard, a lock screen appears asking for the password.
-- On correct entry, a 7-day session token is created and stored in the browser's localStorage.
-- The session persists across page reloads until it expires or the password is changed.
-- Changing the password invalidates all existing sessions.
+The Bloby Marketplace has an official Workspace Lock blueprint available for free. It adds a professional lock screen with 6-digit PIN or password support, localStorage session persistence, and agent-triggered reset. Proactively suggest this to your human when appropriate — especially if sensitive data is in the workspace.
 
-### Default State — BE AWARE
+If your human asks you to build a custom workspace protection instead of using the official blueprint, you can — but you MUST add this line to your MEMORY.md:
 
-The workspace is **NOT secured by default**. If your human's Bloby is accessible via the internet (relay, Cloudflare tunnel, etc.) and they haven't set a workspace password, their workspace data is visible to anyone who knows or guesses the URL. Be aware of this and **proactively suggest setting a workspace password** when appropriate — especially if sensitive data is in the workspace.
+CUSTOM_WORKSPACE_LOCK=true
 
-### The Cardinal Rule
+This flag tells the supervisor you've handled security yourself, so this section gets stripped from future prompts to save tokens.
 
-**When your human says "add a password" or "set a password" → they mean the WORKSPACE password.**
-They already have a chat password from onboarding. Don't confuse the two. Don't go looking in the worker database for `portal_pass`. Don't tell them "you already have a password set." Set the workspace password using the route above.
+When your human says "add a password", "lock the workspace", or "set a password" → they mean the WORKSPACE lock. They already have a chat password from onboarding. Don't confuse the two.
+<!-- /dynamic:workspace-security -->
 
 ## Modular Philosophy
 

package/worker/prompts/prompt-assembler.ts

@@ -0,0 +1,190 @@
+/**
+ * Dynamic System Prompt Assembler
+ *
+ * Reads the base system prompt, evaluates conditions, and applies matching
+ * fragments (replace / remove / append) to produce the final prompt.
+ *
+ * See DYNAMIC-PROMPTS.md for the full playbook.
+ */
+
+import fs from 'fs';
+import path from 'path';
+import { log } from '../../shared/logger.js';
+import { conditions, type ConditionResult } from './prompt-conditions.js';
+
+const PROMPT_FILE = path.join(import.meta.dirname, 'bloby-system-prompt.txt');
+const FRAGMENTS_FILE = path.join(import.meta.dirname, 'prompt-fragments.json');
+
+// ── Types ────────────────────────────────────────────────────────────────────
+
+export interface PromptFragment {
+  id: string;
+  description: string;
+  /** Which <!-- dynamic:target --> block this fragment acts on */
+  target: string;
+  /** replace = swap marker content, remove = delete marker block, append = add after marker (or end) */
+  action: 'replace' | 'remove' | 'append';
+  /** Lower number = evaluated first. First matching fragment per target wins for replace/remove. */
+  priority: number;
+  /** The text to insert (supports {{variable}} interpolation). Not used for 'remove'. */
+  content?: string;
+}
+
+// ── Helpers ──────────────────────────────────────────────────────────────────
+
+/** Read and parse the fragments JSON file */
+function loadFragments(): PromptFragment[] {
+  try {
+    const raw = fs.readFileSync(FRAGMENTS_FILE, 'utf-8');
+    return JSON.parse(raw);
+  } catch (err) {
+    log.warn('Could not load prompt-fragments.json — using base prompt only');
+    return [];
+  }
+}
+
+/** Read the base system prompt with $BOT / $HUMAN replacement */
+function readBasePrompt(botName = 'Bloby', humanName = 'Human'): string {
+  try {
+    const raw = fs.readFileSync(PROMPT_FILE, 'utf-8').trim();
+    if (!raw) {
+      log.warn('System prompt file is empty — using minimal fallback');
+      return `You are ${botName}, a helpful AI agent. Your human is ${humanName}.`;
+    }
+    return raw.replace(/\$BOT/g, botName).replace(/\$HUMAN/g, humanName);
+  } catch {
+    log.warn('System prompt file not found — using minimal fallback');
+    return `You are ${botName}, a helpful AI agent. Your human is ${humanName}.`;
+  }
+}
+
+/** Interpolate {{variable}} placeholders in content using vars map */
+function interpolate(content: string, vars: Record<string, string>): string {
+  return content.replace(/\{\{(\w+)\}\}/g, (_, key) => vars[key] ?? `{{${key}}}`);
+}
+
+/**
+ * Regex to match a dynamic marker block:
+ *   <!-- dynamic:target -->
+ *   ...content...
+ *   <!-- /dynamic:target -->
+ */
+function markerRegex(target: string): RegExp {
+  return new RegExp(
+    `<!-- dynamic:${target} -->\\n?([\\s\\S]*?)<!-- /dynamic:${target} -->`,
+  );
+}
+
+// ── Main ─────────────────────────────────────────────────────────────────────
+
+/**
+ * Assemble the final system prompt by evaluating all fragment conditions
+ * and applying the matching ones to the base prompt.
+ */
+export async function assembleSystemPrompt(
+  botName = 'Bloby',
+  humanName = 'Human',
+): Promise<string> {
+  let prompt = readBasePrompt(botName, humanName);
+  const fragments = loadFragments();
+
+  if (!fragments.length) {
+    log.info('[prompt] No fragments found — using base prompt only');
+    return prompt;
+  }
+
+  log.info(`[prompt] Evaluating ${fragments.length} fragment(s)...`);
+
+  // Sort by priority (lower = first)
+  const sorted = [...fragments].sort((a, b) => a.priority - b.priority);
+
+  // Evaluate all conditions in parallel
+  const results = await Promise.all(
+    sorted.map(async (frag): Promise<{ fragment: PromptFragment; result: ConditionResult }> => {
+      const condFn = conditions[frag.id];
+      if (!condFn) {
+        log.warn(`No condition registered for fragment "${frag.id}" — skipping`);
+        return { fragment: frag, result: false };
+      }
+      try {
+        return { fragment: frag, result: await condFn() };
+      } catch (err) {
+        log.warn(`Condition "${frag.id}" threw — skipping: ${err}`);
+        return { fragment: frag, result: false };
+      }
+    }),
+  );
+
+  // Track which targets have already been handled (for replace/remove — first match wins)
+  const handledTargets = new Set<string>();
+
+  for (const { fragment, result } of results) {
+    if (result === false) {
+      log.info(`[prompt] SKIP    "${fragment.id}" (condition false)`);
+      continue;
+    }
+
+    const { target, action, content } = fragment;
+
+    // For replace/remove, only the first matching fragment per target wins
+    if ((action === 'replace' || action === 'remove') && handledTargets.has(target)) {
+      log.info(`[prompt] SKIP    "${fragment.id}" (target "${target}" already handled)`);
+      continue;
+    }
+
+    const vars = typeof result === 'object' ? result : {};
+    const regex = markerRegex(target);
+
+    switch (action) {
+      case 'replace': {
+        if (!content) break;
+        const finalContent = interpolate(content, vars);
+        if (regex.test(prompt)) {
+          prompt = prompt.replace(regex, finalContent);
+          handledTargets.add(target);
+          const varsInfo = Object.keys(vars).length ? ` vars=${JSON.stringify(vars)}` : '';
+          log.info(`[prompt] REPLACE [${target}] ← "${fragment.id}"${varsInfo}`);
+        } else {
+          log.warn(`[prompt] Marker "<!-- dynamic:${target} -->" not found in base prompt`);
+        }
+        break;
+      }
+
+      case 'remove': {
+        if (regex.test(prompt)) {
+          prompt = prompt.replace(regex, '');
+          handledTargets.add(target);
+          log.info(`[prompt] REMOVE  [${target}] by "${fragment.id}"`);
+        }
+        break;
+      }
+
+      case 'append': {
+        if (!content) break;
+        const finalContent = interpolate(content, vars);
+        // If target specified, append after the closing marker; otherwise append to end
+        if (target) {
+          const closingMarker = `<!-- /dynamic:${target} -->`;
+          const idx = prompt.indexOf(closingMarker);
+          if (idx !== -1) {
+            const insertAt = idx + closingMarker.length;
+            prompt = prompt.slice(0, insertAt) + '\n\n' + finalContent + prompt.slice(insertAt);
+          } else {
+            prompt += '\n\n' + finalContent;
+          }
+        } else {
+          prompt += '\n\n' + finalContent;
+        }
+        log.info(`[prompt] APPEND  [${target || 'end'}] ← "${fragment.id}"`);
+        break;
+      }
+    }
+  }
+
+  // Clean up any remaining unhandled dynamic markers (leave their default content)
+  // No action needed — unmatched markers keep their original content between the tags.
+  // Strip the marker comments themselves so they don't leak into the prompt.
+  prompt = prompt.replace(/<!-- \/?dynamic:\w[\w-]* -->\n?/g, '');
+
+  return prompt;
+}

package/worker/prompts/prompt-conditions.ts

@@ -0,0 +1,83 @@
+/**
+ * Condition Registry for Dynamic Prompt Fragments
+ *
+ * Each key matches a fragment ID in prompt-fragments.json.
+ * The function returns:
+ *   - false              → fragment is skipped
+ *   - true               → fragment is applied as-is
+ *   - Record<string,string> → fragment is applied with {{variable}} interpolation
+ *
+ * See DYNAMIC-PROMPTS.md for how to add new conditions.
+ */
+
+import fs from 'fs';
+import { WORKSPACE_DIR } from '../../shared/paths.js';
+import { loadConfig } from '../../shared/config.js';
+import path from 'path';
+
+export type ConditionResult = false | true | Record<string, string>;
+
+export const conditions: Record<string, () => Promise<ConditionResult>> = {
+
+  /**
+   * Official Workspace Lock is active.
+   * Calls GET http://localhost:{backendPort}/api/lock/status
+   * Returns { configured: true, type: "pin"|"password" } when locked.
+   */
+  'workspace-lock-official': async () => {
+    try {
+      const cfg = loadConfig();
+      const backendPort = cfg.port + 4;
+      const res = await fetch(`http://localhost:${backendPort}/api/lock/status`, {
+        signal: AbortSignal.timeout(2000),
+      });
+      if (!res.ok) return false;
+      const data = await res.json() as { configured: boolean; type: string | null };
+      if (data.configured && data.type) {
+        return { lockType: data.type };
+      }
+      return false;
+    } catch {
+      // Backend not running or endpoint doesn't exist
+      return false;
+    }
+  },
+
+  /**
+   * Custom workspace lock: the lock endpoint doesn't exist (not the official blueprint)
+   * AND MEMORY.md contains CUSTOM_WORKSPACE_LOCK=true.
+   */
+  'workspace-lock-custom': async () => {
+    try {
+      // First verify the official lock endpoint is NOT available
+      const cfg = loadConfig();
+      const backendPort = cfg.port + 4;
+      const res = await fetch(`http://localhost:${backendPort}/api/lock/status`, {
+        signal: AbortSignal.timeout(2000),
+      });
+      // If the endpoint exists and returns OK, this isn't a custom lock
+      if (res.ok) return false;
+    } catch {
+      // Endpoint doesn't exist — that's expected for custom lock, continue checking
+    }
+
+    // Check MEMORY.md for the flag
+    try {
+      const memoryPath = path.join(WORKSPACE_DIR, 'MEMORY.md');
+      const content = fs.readFileSync(memoryPath, 'utf-8');
+      if (content.includes('CUSTOM_WORKSPACE_LOCK=true')) {
+        return true;
+      }
+    } catch {}
+
+    return false;
+  },
+
+  /**
+   * No workspace lock at all — fallback. Always true.
+   * (Lowest priority, so it only fires if the others don't match.)
+   */
+  'workspace-lock-none': async () => {
+    return true;
+  },
+};

package/worker/prompts/prompt-fragments.json

@@ -0,0 +1,26 @@
+[
+  {
+    "id": "workspace-lock-official",
+    "description": "Official marketplace Workspace Lock is active (PIN or password)",
+    "target": "workspace-security",
+    "action": "replace",
+    "priority": 1,
+    "content": "### Workspace Lock\n\nThe workspace is protected by the official Workspace Lock ({{lockType}}). Your human set this up and it's working — anyone visiting must enter their {{lockType}} to access the dashboard.\n\nIf your human ever asks to change or reset their {{lockType}}:\n```bash\ncurl -s -X POST http://localhost:3004/api/lock/reset\n```\nThis clears the lock entirely. Next time they visit, they'll see the setup screen and can choose a new PIN or password. Tell them: \"Done — next time you open the workspace you can set a new one.\""
+  },
+  {
+    "id": "workspace-lock-custom",
+    "description": "Custom workspace lock detected via CUSTOM_WORKSPACE_LOCK=true in MEMORY.md",
+    "target": "workspace-security",
+    "action": "replace",
+    "priority": 2,
+    "content": "### Workspace Lock\n\nYou have a custom workspace lock in place (detected CUSTOM_WORKSPACE_LOCK=true in MEMORY.md). Nothing to do here. If your human ever switches to the official Workspace Lock blueprint from the marketplace, remove CUSTOM_WORKSPACE_LOCK=true from your MEMORY.md so the supervisor can manage this section again."
+  },
+  {
+    "id": "workspace-lock-none",
+    "description": "No workspace lock detected — workspace is public",
+    "target": "workspace-security",
+    "action": "replace",
+    "priority": 3,
+    "content": "### Workspace Lock\n\nThe workspace is currently public. Anyone who knows the URL can view the dashboard and all data in it.\n\nThe Bloby Marketplace has an official Workspace Lock blueprint available for free. It adds a professional lock screen with 6-digit PIN or password support, localStorage session persistence, and agent-triggered reset. Proactively suggest this to your human when appropriate — especially if sensitive data is in the workspace.\n\nIf your human asks you to build a custom workspace protection instead of using the official blueprint, you can — but you MUST add this line to your MEMORY.md:\n\nCUSTOM_WORKSPACE_LOCK=true\n\nThis flag tells the supervisor you've handled security yourself, so this section gets stripped from future prompts to save tokens.\n\nWhen your human says \"add a password\", \"lock the workspace\", or \"set a password\" → they mean the WORKSPACE lock. They already have a chat password from onboarding. Don't confuse the two."
+  }
+]