bloby-bot 0.53.9 → 0.54.10

package/worker/prompts/prompt-assembler.ts

@@ -12,9 +12,30 @@ import path from 'path';
 import { log } from '../../shared/logger.js';
 import { conditions, type ConditionResult } from './prompt-conditions.js';
 
-const PROMPT_FILE = path.join(import.meta.dirname, 'bloby-system-prompt.txt');
 const FRAGMENTS_FILE = path.join(import.meta.dirname, 'prompt-fragments.json');
 
+/**
+ * One base system prompt per harness. The dynamic-fragment machinery
+ * (markers + prompt-fragments.json + prompt-conditions.ts) is shared across
+ * all three — each file carries the same `<!-- dynamic:* -->` markers, so a
+ * fragment applies regardless of which harness is active. Copy the markers
+ * into every file when adding a new dynamic section (see DYNAMIC-PROMPTS.md).
+ */
+export type Harness = 'claude' | 'codex' | 'pi';
+
+const DEFAULT_PROMPT_FILENAME = 'bloby-system-prompt.txt';
+const PROMPT_FILENAMES: Record<Harness, string> = {
+  claude: 'bloby-system-prompt.txt',
+  codex: 'bloby-system-prompt-codex.txt',
+  pi: 'bloby-system-prompt-pi.txt',
+};
+
+/** Absolute path to the base prompt file for a given harness. */
+function promptFilePath(harness: Harness): string {
+  const filename = PROMPT_FILENAMES[harness] ?? DEFAULT_PROMPT_FILENAME;
+  return path.join(import.meta.dirname, filename);
+}
+
 // ── Types ────────────────────────────────────────────────────────────────────
 
 export interface PromptFragment {
@@ -43,19 +64,32 @@ function loadFragments(): PromptFragment[] {
   }
 }
 
-/** Read the base system prompt with $BOT / $HUMAN replacement */
-function readBasePrompt(botName = 'Bloby', humanName = 'Human'): string {
-  try {
-    const raw = fs.readFileSync(PROMPT_FILE, 'utf-8').trim();
-    if (!raw) {
-      log.warn('System prompt file is empty — using minimal fallback');
-      return `You are ${botName}, a helpful AI agent. Your human is ${humanName}.`;
+/**
+ * Read the base system prompt for `harness` with $BOT / $HUMAN replacement.
+ * If the harness-specific file is missing or empty, fall back to the Claude
+ * prompt (`bloby-system-prompt.txt`) so a not-yet-created codex/pi file never
+ * collapses the agent to the minimal stub.
+ */
+function readBasePrompt(botName = 'Bloby', humanName = 'Human', harness: Harness = 'claude'): string {
+  const primary = promptFilePath(harness);
+  const fallback = path.join(import.meta.dirname, DEFAULT_PROMPT_FILENAME);
+  const candidates = primary === fallback ? [primary] : [primary, fallback];
+
+  for (const file of candidates) {
+    try {
+      const raw = fs.readFileSync(file, 'utf-8').trim();
+      if (!raw) continue;
+      if (file === fallback && primary !== fallback) {
+        log.warn(`[prompt] "${harness}" prompt (${path.basename(primary)}) missing/empty — falling back to ${DEFAULT_PROMPT_FILENAME}`);
+      }
+      return raw.replace(/\$BOT/g, botName).replace(/\$HUMAN/g, humanName);
+    } catch {
+      // try next candidate
     }
-    return raw.replace(/\$BOT/g, botName).replace(/\$HUMAN/g, humanName);
-  } catch {
-    log.warn('System prompt file not found — using minimal fallback');
-    return `You are ${botName}, a helpful AI agent. Your human is ${humanName}.`;
   }
+
+  log.warn('System prompt file not found — using minimal fallback');
+  return `You are ${botName}, a helpful AI agent. Your human is ${humanName}.`;
 }
 
 /** Interpolate {{variable}} placeholders in content using vars map */
@@ -84,8 +118,9 @@ function markerRegex(target: string): RegExp {
 export async function assembleSystemPrompt(
   botName = 'Bloby',
   humanName = 'Human',
+  harness: Harness = 'claude',
 ): Promise<string> {
-  let prompt = readBasePrompt(botName, humanName);
+  let prompt = readBasePrompt(botName, humanName, harness);
   const fragments = loadFragments();
 
   if (!fragments.length) {
@@ -93,7 +128,7 @@ export async function assembleSystemPrompt(
     return prompt;
   }
 
-  log.info(`[prompt] Evaluating ${fragments.length} fragment(s)...`);
+  log.info(`[prompt] Harness "${harness}" (${PROMPT_FILENAMES[harness] ?? DEFAULT_PROMPT_FILENAME}) — evaluating ${fragments.length} fragment(s)...`);
 
   // Sort by priority (lower = first)
   const sorted = [...fragments].sort((a, b) => a.priority - b.priority);

package/workspace/skills/whatsapp/SKILL.md

@@ -57,7 +57,7 @@ The mode determines the routing/security policy for inbound messages. The core (
 
 **Business Mode**: Bloby has its own dedicated WhatsApp number. Numbers in the `admins` array get admin access (main system prompt). Everyone else is a customer and gets the support prompt from the active skill's SCRIPT.md.
 
-**Assistant Mode**: Your personal assistant inside your own conversations. Self-chat works as a normal admin channel. When other people message you, their messages are silently stored for context. When YOU type `@botname:` followed by a command in someone's chat, the agent activates with full conversation context and responds in that chat. The trigger uses the bot's configured name (from `config.json` `username` field) and is case-insensitive. Nobody else can trigger the agent — only you (the account owner). Uses the active skill's SCRIPT.md for the system prompt and `customer_data/` for per-contact memory.
+**Assistant Mode**: Your personal assistant inside your own conversations. Self-chat works as a normal admin channel. When other people message you, their messages are silently stored for context. When YOU type `@botname:` followed by a command in someone's chat, the agent activates with full conversation context and responds in that chat. The trigger uses the bot's configured name (from `config.json` `username` field) and is case-insensitive. By default nobody else can trigger the agent — only you (the account owner). (This can be opened up with the dangerous `allowOthersToTrigger` flag — see the disclaimer under Setup.) Uses the active skill's SCRIPT.md for the system prompt and `customer_data/` for per-contact memory.
 
 ### Group chats (`allowGroups`)
 
@@ -131,10 +131,33 @@ curl -s -X POST http://localhost:7400/api/channels/whatsapp/configure \
   -d '{"mode":"assistant","skill":"SKILL_FOLDER_NAME"}'
 ```
 
-The trigger uses the bot's name from `config.json` `username` field (e.g. if username is "bloby", trigger is `@bloby:`). Only the account owner can trigger — other people's messages are context only.
+The trigger uses the bot's name from `config.json` `username` field (e.g. if username is "bloby", trigger is `@bloby:`). By default **only the account owner can trigger** — other people's messages are context only.
 
 To also let assistant mode operate in group chats your human is in, add `"allowGroups":true` to the configure call (see "Group chats" above).
 
+### ⚠️ Shared control — `allowOthersToTrigger` (DANGEROUS)
+
+By default, **only your human** (the account owner) can drive the agent with `@botname:`. Everyone else's messages are stored as context but cannot trigger anything.
+
+Setting `allowOthersToTrigger: true` changes that: **anyone** who tags `@botname:` — in a 1:1 chat or in any group your human is in — can drive the agent.
+
+```bash
+curl -s -X POST http://localhost:7400/api/channels/whatsapp/configure \
+  -H "Content-Type: application/json" \
+  -d '{"mode":"assistant","allowOthersToTrigger":true}'
+```
+
+**Before enabling this, you MUST warn your human, in your own words, that this is dangerous:** anyone who can tag the bot gains control of an agent that can run Bash, read and write files, send messages, spend money, and act with your human's full permissions. A stranger added to a group — or anyone who learns the bot's name — could issue commands. There is no per-command confirmation.
+
+It exists for genuinely trusted shared use — e.g. sharing one assistant with a partner. Do not enable it on a whim. Confirm explicitly with your human first, and remind them it can be turned off at any time:
+
+```bash
+curl -s -X POST http://localhost:7400/api/channels/whatsapp/configure \
+  -H "Content-Type: application/json" -d '{"allowOthersToTrigger":false}'
+```
+
+Default is `false`. Leave it off unless your human clearly understands the risk and asks for it.
+
 ### 3. Verify
 
 ```bash