clementine-agent 1.18.183 → 1.18.184

package/dist/agent/assistant.js

@@ -1025,6 +1025,21 @@ export class PersonalAssistant {
         }
     }
     // ── System Prompt Builder ─────────────────────────────────────────
+    //
+    // 1.18.184 caveat: the canonical CHAT path no longer reaches this
+    // builder. Chat goes through runAgent (src/agent/run-agent.ts:679)
+    // with `systemPrompt: { type: 'preset', preset: 'claude_code',
+    // append: <buildChatSystemAppend(...)> }`. The recall + trust posture
+    // directives live in `run-agent-context.ts:BEHAVIORAL_POSTURE`.
+    //
+    // This buildSystemPrompt is now invoked only from:
+    //   - plan-step path (`processPlanStep` ~line 3396)
+    //   - auto-memory extraction Haiku passes (~line 3187)
+    //   - cron-reflection Haiku passes
+    //
+    // If you're adding chat-time behavioral guidance, add it to
+    // BEHAVIORAL_POSTURE in run-agent-context.ts. Adding it here will
+    // NOT affect real chat — only the legacy Haiku/plan-step paths.
     buildSystemPrompt(opts = {}) {
         const { isHeartbeat = false, cronTier = null, retrievalContext = '', profile = null, sessionKey = null, model = null, verboseLevel, intentClassification = null, contextTier = 'full', toolsAvailable = true, composioConnectedSlugs = [] } = opts;
         const isAutonomous = isHeartbeat || cronTier !== null;
@@ -1208,8 +1223,6 @@ Obsidian vault with YAML frontmatter, [[wikilinks]], #tags.
 **Remembering:** Durable facts → memory_write(action="update_memory"). Daily context → note_take / memory_write(action="append_daily"). New person → note_create. New task → task_add.
 Save important facts immediately; a background agent also extracts after each exchange.
 
-**Recalling — REQUIRED behavior:** When the user references past work you don't have in immediate context — a URL, a deployment, a file you created, a task or background job you ran, a person/project/domain name you don't have inline — call \`memory_search\` (or \`transcript_search\` for chat history) BEFORE asking the user to provide it and BEFORE replying that you have no record. Saying "I don't see any record of that" without having searched is a memory failure, not an honest answer. Background tasks, cron runs, deployments, and prior chat turns are all in the SQLite memory store with dense embeddings — semantic search will surface them even when the wording doesn't match exactly.
-
 ## Self-Configuration (never tell ${owner} to edit a config file)
 
 Clementine is self-configuring. Every credential, every integration, every tool permission can be set by calling a tool — no hand-editing.

package/dist/agent/chat-stop-hook.d.ts

@@ -0,0 +1,76 @@
+/**
+ * chat-stop-hook — Stop hook that keeps chat-initiated multi-step jobs
+ * running until they finish OR the user explicitly stops them.
+ *
+ * Why this exists (1.18.184)
+ * ──────────────────────────
+ * Before this hook, the SDK loop ended whenever the model produced
+ * a final assistant message — even when the model had clearly stated
+ * "next, I'll do X" but then stopped. From the user's POV: "I asked her
+ * to draft 3 emails and she only drafted 1, no explanation." The model
+ * was being prematurely terminated by the SDK's default Stop behavior.
+ *
+ * The canonical SDK pattern for long-running agentic loops is a Stop
+ * hook that:
+ *   1. Detects when the model said it would continue but didn't.
+ *   2. Returns `decision: 'block'` with a `reason` that re-prompts
+ *      the model to keep going.
+ *   3. NEVER blocks if Stop hooks have already fired this run
+ *      (`input.stop_hook_active === true`) — that's the SDK's
+ *      anti-infinite-loop guardrail and we honor it.
+ *   4. NEVER blocks if the user has aborted (abortSignal fired) —
+ *      user intent always wins.
+ *
+ * What this hook does NOT do
+ * ──────────────────────────
+ * It does NOT force every chat turn to keep going. The default path
+ * is to LET THE MODEL FINISH. The hook only intervenes when:
+ *   (a) the last assistant message contains a clear "more work to do"
+ *       signal (e.g., "next, I'll", "step 2:", "I'll continue with"), AND
+ *   (b) the user has NOT issued a stop / cancel, AND
+ *   (c) we haven't already re-blocked this run.
+ *
+ * Conservative by design: better to let one job finish slightly short
+ * than to spin forever. If a job needs to run long, the user can
+ * always re-ask.
+ *
+ * Aligned with Anthropic SDK best practices: Stop hooks fire even
+ * under `bypassPermissions`, which is the canonical lever for
+ * "agentic loop that keeps going." See `sdk.d.ts:5483-5492` for the
+ * `StopHookInput` shape including the `stop_hook_active` guard.
+ */
+import type { HookCallbackMatcher, HookEvent } from '@anthropic-ai/claude-agent-sdk';
+export interface StopHookOptions {
+    /** Stable run identifier for telemetry. */
+    runId: string;
+    /** Optional abort signal to honor — if it fires, the hook will
+     *  never re-block. User-initiated stops always win. */
+    abortSignal?: AbortSignal;
+    /** Optional callback fired on every decision. Useful for the
+     *  dashboard "What Clementine sees this turn" panel. */
+    onDecision?: (info: {
+        decision: 'pass' | 'continue';
+        reason?: string;
+        lastMessagePreview: string;
+        stopHookActive: boolean;
+    }) => void;
+}
+export interface StopHookStats {
+    /** Total Stop events inspected. */
+    inspected: number;
+    /** Stop events that passed through (model finished cleanly). */
+    passed: number;
+    /** Stop events where we re-prompted the model to continue. */
+    continued: number;
+}
+export interface StopHookHandles {
+    /** Hook map suitable for SDK `query({ options: { hooks } })`. */
+    hooks: Partial<Record<HookEvent, HookCallbackMatcher[]>>;
+    /** Aggregated telemetry — read after the run completes. */
+    stats: StopHookStats;
+}
+/**
+ * Build a Stop hook for a chat-initiated agentic run.
+ */
+export declare function buildChatStopHook(opts: StopHookOptions): StopHookHandles;
+//# sourceMappingURL=chat-stop-hook.d.ts.map

package/dist/agent/chat-stop-hook.js

@@ -0,0 +1,155 @@
+/**
+ * chat-stop-hook — Stop hook that keeps chat-initiated multi-step jobs
+ * running until they finish OR the user explicitly stops them.
+ *
+ * Why this exists (1.18.184)
+ * ──────────────────────────
+ * Before this hook, the SDK loop ended whenever the model produced
+ * a final assistant message — even when the model had clearly stated
+ * "next, I'll do X" but then stopped. From the user's POV: "I asked her
+ * to draft 3 emails and she only drafted 1, no explanation." The model
+ * was being prematurely terminated by the SDK's default Stop behavior.
+ *
+ * The canonical SDK pattern for long-running agentic loops is a Stop
+ * hook that:
+ *   1. Detects when the model said it would continue but didn't.
+ *   2. Returns `decision: 'block'` with a `reason` that re-prompts
+ *      the model to keep going.
+ *   3. NEVER blocks if Stop hooks have already fired this run
+ *      (`input.stop_hook_active === true`) — that's the SDK's
+ *      anti-infinite-loop guardrail and we honor it.
+ *   4. NEVER blocks if the user has aborted (abortSignal fired) —
+ *      user intent always wins.
+ *
+ * What this hook does NOT do
+ * ──────────────────────────
+ * It does NOT force every chat turn to keep going. The default path
+ * is to LET THE MODEL FINISH. The hook only intervenes when:
+ *   (a) the last assistant message contains a clear "more work to do"
+ *       signal (e.g., "next, I'll", "step 2:", "I'll continue with"), AND
+ *   (b) the user has NOT issued a stop / cancel, AND
+ *   (c) we haven't already re-blocked this run.
+ *
+ * Conservative by design: better to let one job finish slightly short
+ * than to spin forever. If a job needs to run long, the user can
+ * always re-ask.
+ *
+ * Aligned with Anthropic SDK best practices: Stop hooks fire even
+ * under `bypassPermissions`, which is the canonical lever for
+ * "agentic loop that keeps going." See `sdk.d.ts:5483-5492` for the
+ * `StopHookInput` shape including the `stop_hook_active` guard.
+ */
+import pino from 'pino';
+const logger = pino({ name: 'clementine.chat-stop-hook' });
+/**
+ * Phrases in the last assistant message that signal "more work to do."
+ * Conservative — we only continue when the model EXPLICITLY said it
+ * would. Vague endings ("Let me know if you need anything else.") do
+ * NOT trigger; those are clean completions.
+ */
+const CONTINUATION_SIGNALS = [
+    // Explicit "next step" / sequencing
+    /\bnext,?\s+(?:i'?ll|i\s+will|let'?s|i'?m\s+going\s+to)\b/i,
+    /\bstep\s+\d+:/i,
+    /\bphase\s+\d+:/i,
+    /\bi'?ll\s+(?:now|then|next)\b/i,
+    /\bi\s+will\s+(?:now|then|next)\b/i,
+    // "Continuing with" / "moving on"
+    /\bcontinuing\s+(?:with|to)\b/i,
+    /\bmoving\s+on\s+to\b/i,
+    /\bi'?ll\s+continue\s+(?:by|with)\b/i,
+    // Promised remainder of a list
+    /\b(?:second|third|fourth|fifth|remaining|rest)\s+(?:email|email\.?|draft|item|step)/i,
+    // "After this, I'll"
+    /\bafter\s+(?:this|that),?\s+i'?ll\b/i,
+];
+/**
+ * Build a Stop hook for a chat-initiated agentic run.
+ */
+export function buildChatStopHook(opts) {
+    const stats = { inspected: 0, passed: 0, continued: 0 };
+    const stopHook = async (input) => {
+        if (input.hook_event_name !== 'Stop')
+            return {};
+        const evt = input;
+        stats.inspected += 1;
+        const lastMsg = evt.last_assistant_message ?? '';
+        const lastMessagePreview = lastMsg.slice(0, 160).replace(/\s+/g, ' ').trim();
+        // ── Guard 1: anti-infinite-loop ───────────────────────────────
+        // stop_hook_active is true if Stop hooks have ALREADY fired this
+        // run. SDK uses this exact field to prevent us re-blocking
+        // forever. If it's set, we must pass through.
+        if (evt.stop_hook_active) {
+            stats.passed += 1;
+            logger.debug({
+                runId: opts.runId,
+                reason: 'stop_hook_active',
+                lastMessagePreview,
+            }, 'Stop hook passing — already active');
+            opts.onDecision?.({
+                decision: 'pass',
+                reason: 'stop_hook_active',
+                lastMessagePreview,
+                stopHookActive: true,
+            });
+            return {};
+        }
+        // ── Guard 2: user-initiated stop ──────────────────────────────
+        // If the abort signal has fired, the user wants out. Never
+        // re-block. User intent ALWAYS wins.
+        if (opts.abortSignal?.aborted) {
+            stats.passed += 1;
+            logger.debug({
+                runId: opts.runId,
+                reason: 'user_aborted',
+                lastMessagePreview,
+            }, 'Stop hook passing — user aborted');
+            opts.onDecision?.({
+                decision: 'pass',
+                reason: 'user_aborted',
+                lastMessagePreview,
+                stopHookActive: false,
+            });
+            return {};
+        }
+        // ── Detection: did the model say it would continue? ──────────
+        const continuationMatched = CONTINUATION_SIGNALS.some((rx) => rx.test(lastMsg));
+        if (!continuationMatched) {
+            // No continuation signal — let the model finish.
+            stats.passed += 1;
+            opts.onDecision?.({
+                decision: 'pass',
+                reason: 'clean_completion',
+                lastMessagePreview,
+                stopHookActive: false,
+            });
+            return {};
+        }
+        // ── Re-prompt: keep going ──────────────────────────────────────
+        stats.continued += 1;
+        const reason = 'You said you would continue with more work but the loop is about to end. ' +
+            'Keep going — finish the remaining steps you outlined. ' +
+            'If you genuinely cannot continue (waiting on external input, hit a hard error, etc.), say so explicitly in your next message so the owner knows where you stopped.';
+        logger.info({
+            runId: opts.runId,
+            lastMessagePreview,
+        }, 'Stop hook re-prompting model to continue work it announced');
+        opts.onDecision?.({
+            decision: 'continue',
+            reason,
+            lastMessagePreview,
+            stopHookActive: false,
+        });
+        return {
+            decision: 'block',
+            reason,
+        };
+    };
+    return {
+        hooks: {
+            Stop: [{ hooks: [stopHook] }],
+        },
+        stats,
+    };
+}
+//# sourceMappingURL=chat-stop-hook.js.map

package/dist/agent/clementine-turn-context.d.ts

@@ -0,0 +1,102 @@
+/**
+ * clementine-turn-context — the volatile per-turn context block that
+ * reconstitutes Clementine's live awareness on every chat turn.
+ *
+ * Why this exists (1.18.184)
+ * ──────────────────────────
+ * The modern chat path's system prompt is the SDK's `claude_code`
+ * preset + `buildChatSystemAppend()` (run-agent-context.ts). That gives
+ * Clementine her identity (SOUL) and her hand-curated long-term memory
+ * (MEMORY.md), but it is STATIC across turns by design — anything that
+ * varies per turn must NOT live there or it would invalidate the
+ * Anthropic prompt cache.
+ *
+ * Anything volatile — what's true right now, what just happened, what
+ * the SQLite memory store has relevant to the current message — lives
+ * here, in a block prepended to the user's message. The SDK treats
+ * that as turn input, not as system prompt, so it doesn't break cache
+ * and it gives the model fresh context every turn.
+ *
+ * What we put in the block
+ * ────────────────────────
+ * 1. Retrieved memory hits from the SQLite store (semantic + FTS),
+ *    scored against the user's current message. The single highest-
+ *    leverage section — this is how persistent memory of EVERYTHING
+ *    actually reaches the model.
+ * 2. Recent background-task headlines (last 24h, terminal status only)
+ *    so the model knows what work just completed without re-asking.
+ * 3. Live state — current date/time + channel/identity framing.
+ * 4. Extension points for the deeper learning subsystems (decision-
+ *    reflection, skill-quality, insight-engine, seed-user-model,
+ *    goal-evaluator) — each one is a labeled section that returns
+ *    empty today and can be wired in a follow-up ship without
+ *    re-architecting.
+ *
+ * Hard cap on total block size — see MAX_BLOCK_CHARS. Anthropic's prompt
+ * cache benefit dies if the volatile block is larger than the cacheable
+ * prefix, so keep this tight.
+ *
+ * Aligned with Anthropic SDK best practices: per-turn dynamic context
+ * in the USER message, NOT in the system prompt. See the SDK reference
+ * note on prompt caching boundaries.
+ */
+import type { BackgroundTask } from '../types.js';
+export interface BuildTurnContextOptions {
+    /** The user's current message — used as the query for retrieved memory. */
+    userMessage: string;
+    /** Session key for the active chat. Used for log breadcrumbs and to
+     *  scope future per-session reads (currently unused; searchContext
+     *  is intentionally cross-session for single-owner installs). */
+    sessionKey: string;
+    /** Where the user is reaching Clementine from. Surfaces in the
+     *  identity framing block. Examples: "discord-dm", "dashboard",
+     *  "slack-channel", "chat". */
+    channel?: string;
+    /** Owner-facing name (display name, not slug). When set, used in
+     *  the identity framing block. */
+    ownerName?: string | null;
+    /** Active hired-agent profile if running as one. Affects the
+     *  identity framing — "you are talking to Sasha right now," not
+     *  "you are Clementine". */
+    profileName?: string | null;
+    /** Read-only memory store handle. When absent, retrieved-memory
+     *  section is skipped — the rest still renders. */
+    memoryStore?: {
+        searchContext?: (query: string, opts?: {
+            limit?: number;
+        }) => Array<{
+            source_file?: string;
+            section?: string;
+            content: string;
+            score?: number;
+        }>;
+    } | null;
+    /** Optional override: synchronous read of recent terminal-state bg
+     *  tasks. Defaults to a one-time module-cached listBackgroundTasks
+     *  import (lazy, since not all callers have one). */
+    listBackgroundTasks?: (filter: {
+        status?: BackgroundTask['status'];
+    }) => BackgroundTask[];
+    /** Clock injection for tests. Defaults to Date.now(). */
+    now?: () => number;
+}
+export interface BuildTurnContextResult {
+    /** The full ready-to-prepend context block, INCLUDING outer
+     *  `[Context...]\n...\n[/Context]\n\n` fence. Empty string when no
+     *  sections produced output (e.g., builder sessions or completely
+     *  empty stores) — caller can treat empty as "no prefix needed". */
+    block: string;
+    /** Telemetry — which sections contributed, for the dashboard
+     *  "what Clementine sees this turn" panel. */
+    sections: {
+        retrievedMemory: number;
+        recentBgTasks: number;
+        liveState: boolean;
+        identityFrame: boolean;
+    };
+    /** Final character count of the block. Useful for logging + the
+     *  Anthropic prompt-cache-health analysis. */
+    totalChars: number;
+}
+export declare function buildClementineTurnContext(opts: BuildTurnContextOptions): BuildTurnContextResult;
+//# sourceMappingURL=clementine-turn-context.d.ts.map

package/dist/agent/clementine-turn-context.js

@@ -0,0 +1,210 @@
+/**
+ * clementine-turn-context — the volatile per-turn context block that
+ * reconstitutes Clementine's live awareness on every chat turn.
+ *
+ * Why this exists (1.18.184)
+ * ──────────────────────────
+ * The modern chat path's system prompt is the SDK's `claude_code`
+ * preset + `buildChatSystemAppend()` (run-agent-context.ts). That gives
+ * Clementine her identity (SOUL) and her hand-curated long-term memory
+ * (MEMORY.md), but it is STATIC across turns by design — anything that
+ * varies per turn must NOT live there or it would invalidate the
+ * Anthropic prompt cache.
+ *
+ * Anything volatile — what's true right now, what just happened, what
+ * the SQLite memory store has relevant to the current message — lives
+ * here, in a block prepended to the user's message. The SDK treats
+ * that as turn input, not as system prompt, so it doesn't break cache
+ * and it gives the model fresh context every turn.
+ *
+ * What we put in the block
+ * ────────────────────────
+ * 1. Retrieved memory hits from the SQLite store (semantic + FTS),
+ *    scored against the user's current message. The single highest-
+ *    leverage section — this is how persistent memory of EVERYTHING
+ *    actually reaches the model.
+ * 2. Recent background-task headlines (last 24h, terminal status only)
+ *    so the model knows what work just completed without re-asking.
+ * 3. Live state — current date/time + channel/identity framing.
+ * 4. Extension points for the deeper learning subsystems (decision-
+ *    reflection, skill-quality, insight-engine, seed-user-model,
+ *    goal-evaluator) — each one is a labeled section that returns
+ *    empty today and can be wired in a follow-up ship without
+ *    re-architecting.
+ *
+ * Hard cap on total block size — see MAX_BLOCK_CHARS. Anthropic's prompt
+ * cache benefit dies if the volatile block is larger than the cacheable
+ * prefix, so keep this tight.
+ *
+ * Aligned with Anthropic SDK best practices: per-turn dynamic context
+ * in the USER message, NOT in the system prompt. See the SDK reference
+ * note on prompt caching boundaries.
+ */
+import pino from 'pino';
+const logger = pino({ name: 'clementine.turn-context' });
+// ── Tunables ──────────────────────────────────────────────────────────
+/** Hard cap on the entire block. Keep volatile content small so the
+ *  cacheable prefix stays larger than the dynamic delta. */
+const MAX_BLOCK_CHARS = 4_000;
+/** Per-section caps so any one section can't crowd out the others. */
+const MAX_MEMORY_HITS = 6;
+const MAX_MEMORY_HIT_CHARS = 320;
+const MAX_BG_TASKS = 3;
+const MAX_BG_TASK_LINE_CHARS = 200;
+const RECENT_BG_WINDOW_MS = 24 * 60 * 60 * 1000;
+// ── The builder ───────────────────────────────────────────────────────
+export function buildClementineTurnContext(opts) {
+    const sections = {
+        retrievedMemory: 0,
+        recentBgTasks: 0,
+        liveState: false,
+        identityFrame: false,
+    };
+    const parts = [];
+    const nowMs = (opts.now ?? Date.now)();
+    const nowDate = new Date(nowMs);
+    // ── 1. Retrieved memory hits ──────────────────────────────────────
+    // The single most important section. Pulls the top semantic + FTS
+    // hits from the SQLite memory store, scored against the user's
+    // current message. Without this, Clementine has no automatic recall
+    // — she'd have to spontaneously call memory_search every turn.
+    if (opts.memoryStore?.searchContext && opts.userMessage.trim().length > 0) {
+        try {
+            const hits = opts.memoryStore.searchContext(opts.userMessage, {
+                limit: MAX_MEMORY_HITS,
+            });
+            if (hits && hits.length > 0) {
+                const lines = ['### Possibly relevant from persistent memory'];
+                for (const h of hits.slice(0, MAX_MEMORY_HITS)) {
+                    const label = h.section
+                        ? h.section
+                        : (h.source_file ? h.source_file.split('/').pop() ?? h.source_file : 'memory');
+                    const content = (h.content ?? '').slice(0, MAX_MEMORY_HIT_CHARS).trim();
+                    if (!content)
+                        continue;
+                    lines.push(`- **${label}**: ${content}`);
+                    sections.retrievedMemory += 1;
+                }
+                if (sections.retrievedMemory > 0) {
+                    parts.push(lines.join('\n'));
+                }
+            }
+        }
+        catch (err) {
+            // Never block on memory failure — log and continue.
+            logger.debug({ err, sessionKey: opts.sessionKey }, 'turn-context: searchContext failed (non-fatal)');
+        }
+    }
+    // ── 2. Recent background task headlines ───────────────────────────
+    // Last 24h of terminal-state bg tasks. So when the owner asks "what
+    // happened with that job?" she knows without re-asking.
+    if (opts.listBackgroundTasks) {
+        try {
+            const TERMINAL = ['done', 'failed', 'interrupted', 'aborted'];
+            const recent = [];
+            for (const status of TERMINAL) {
+                const tasks = opts.listBackgroundTasks({ status });
+                for (const task of tasks) {
+                    const stamp = task.completedAt ?? task.interruptedAt ?? task.startedAt ?? task.createdAt;
+                    if (!stamp)
+                        continue;
+                    if (nowMs - Date.parse(stamp) > RECENT_BG_WINDOW_MS)
+                        continue;
+                    recent.push(task);
+                }
+            }
+            // Newest first, capped.
+            recent.sort((a, b) => {
+                const aStamp = a.completedAt ?? a.startedAt ?? a.createdAt ?? '';
+                const bStamp = b.completedAt ?? b.startedAt ?? b.createdAt ?? '';
+                return bStamp.localeCompare(aStamp);
+            });
+            if (recent.length > 0) {
+                const lines = ['### Recently completed background work (last 24h)'];
+                for (const task of recent.slice(0, MAX_BG_TASKS)) {
+                    const promptPreview = (task.prompt ?? '').slice(0, 80).replace(/\s+/g, ' ').trim();
+                    const tail = task.status === 'done'
+                        ? (task.result ?? task.deliverableNote ?? 'done').slice(0, 100).replace(/\s+/g, ' ').trim()
+                        : (task.error ?? task.status).slice(0, 100).replace(/\s+/g, ' ').trim();
+                    const line = `- **${task.status}**: ${promptPreview} → ${tail}`;
+                    lines.push(line.slice(0, MAX_BG_TASK_LINE_CHARS));
+                    sections.recentBgTasks += 1;
+                }
+                if (sections.recentBgTasks > 0) {
+                    parts.push(lines.join('\n'));
+                }
+            }
+        }
+        catch (err) {
+            logger.debug({ err, sessionKey: opts.sessionKey }, 'turn-context: listBackgroundTasks failed (non-fatal)');
+        }
+    }
+    // ── 3. Identity framing ───────────────────────────────────────────
+    // "Who is the user, where are they reaching you, which agent are
+    // you running as." Anchors the model's voice + addressing.
+    const identityLine = buildIdentityLine(opts);
+    if (identityLine) {
+        parts.push(`### Right now\n${identityLine}`);
+        sections.identityFrame = true;
+    }
+    // ── 4. Live state ─────────────────────────────────────────────────
+    // Current date/time so the model never says "I don't know what
+    // today is." Cheap, high-signal.
+    const liveLine = `Current time: ${nowDate.toISOString()} (UTC)`;
+    if (sections.identityFrame) {
+        // Fold into the same "Right now" section to avoid an extra header.
+        parts[parts.length - 1] = `${parts[parts.length - 1]}\n${liveLine}`;
+    }
+    else {
+        parts.push(`### Right now\n${liveLine}`);
+    }
+    sections.liveState = true;
+    // ── 5. Extension points for deeper learning subsystems ───────────
+    // These are intentionally empty today. The architecture is set up
+    // so adding a new subsystem = adding a new builder function +
+    // calling it here. Each follow-up ship can wire one at a time
+    // without re-touching the rest of the module.
+    //
+    // TODO(1.18.185+): wire these in:
+    //   - decision-reflection: latest formatReflectionSummary() if <24h old
+    //   - skill-quality: skills flagged 'underperforming' or 'stale'
+    //   - insight-engine: most recent generated insights not yet ack'd
+    //   - seed-user-model: latest persisted snapshot of the owner profile
+    //   - goal-evaluator: active goals and last 3 goal-check results
+    //
+    // For each, the pattern is: read fast, cap output, log non-fatally on error.
+    if (parts.length === 0) {
+        return { block: '', sections, totalChars: 0 };
+    }
+    const body = parts.join('\n\n');
+    // Hard cap on the whole block to protect cache health.
+    const truncated = body.length > MAX_BLOCK_CHARS
+        ? body.slice(0, MAX_BLOCK_CHARS - 3) + '...'
+        : body;
+    // Mirror the existing securityAnnotation envelope shape so the chat
+    // path can concatenate cleanly.
+    const block = `[Context — read this for continuity, then respond to the user message below]\n${truncated}\n[/Context]\n\n`;
+    return {
+        block,
+        sections,
+        totalChars: block.length,
+    };
+}
+// ── Helpers ───────────────────────────────────────────────────────────
+function buildIdentityLine(opts) {
+    const parts = [];
+    if (opts.ownerName) {
+        parts.push(`You're talking to ${opts.ownerName}`);
+    }
+    if (opts.channel) {
+        parts.push(`via ${opts.channel}`);
+    }
+    if (opts.profileName) {
+        parts.push(`as ${opts.profileName}`);
+    }
+    else if (parts.length > 0) {
+        parts.push('as Clementine');
+    }
+    return parts.length > 0 ? parts.join(' ') + '.' : '';
+}
+//# sourceMappingURL=clementine-turn-context.js.map

package/dist/agent/run-agent-context.js

@@ -81,8 +81,43 @@ export function buildChatSystemAppend(opts = {}) {
     if (opts.profileAppend?.trim()) {
         blocks.push(opts.profileAppend);
     }
+    // 5. Behavioral posture (1.18.184) — re-anchored from the legacy
+    //    assistant.ts:buildSystemPrompt path which the modern chat no
+    //    longer goes through. Kept in the cacheable system-prompt append
+    //    (NOT in the per-turn user-message context) so Anthropic's
+    //    prompt cache holds these directives across turns. They are
+    //    short, stable, and describe HOW Clementine should behave —
+    //    not WHAT is true right now (that's the volatile turn-context
+    //    block; see clementine-turn-context.ts).
+    blocks.push(BEHAVIORAL_POSTURE);
     return blocks.join('\n\n');
 }
+/**
+ * Stable behavioral directives appended to every chat-path system prompt.
+ *
+ * Trust posture: Clementine runs on the owner's machine; she is the
+ * owner's agent, not a faceless assistant. She acts decisively because
+ * the trust relationship has already been established by virtue of the
+ * owner running her on their own hardware. Permission-prompt friction
+ * is a violation of the trust model.
+ *
+ * Recall posture (re-anchored from 1.18.181, originally at
+ * assistant.ts:1382 in the legacy buildSystemPrompt path): durable
+ * memory across all sessions / channels / bg tasks lives in SQLite with
+ * dense embeddings. The model has `memory_search` and `transcript_search`
+ * tools available. "I have no record" without first searching is a
+ * memory failure, not an honest answer.
+ *
+ * Kept short (<600 chars total) so it doesn't crowd the cacheable
+ * prefix; each directive is one sentence of guidance, not a manual.
+ */
+const BEHAVIORAL_POSTURE = `## How you operate
+
+**Trust posture.** You are running on your owner's trusted local machine as their Clementine. The owner has already authenticated every integration you have access to; you act as them, with their judgment. Don't ask permission for things you have tools to do — just do them. Save permission-asking for genuinely consequential or ambiguous actions (sending the email vs drafting it, deleting vs archiving). Friction-by-default is a violation of the relationship.
+
+**Recall posture.** Your durable memory across every session, every channel, every background task, and every workflow lives in SQLite with dense embeddings. When the owner references past work you don't have in immediate context — a URL, a deployment, a person, a project, a file you created, a job you ran — call \`memory_search\` (or \`transcript_search\` for chat-history specifics) BEFORE asking the owner to provide it and BEFORE replying that you have no record. "I don't see any record of that" without having searched is a memory failure, not an honest answer.
+
+**Persistence posture.** When the owner gives you a multi-step job in chat, run it to completion. If you hit a real constraint (budget, cap, missing input, validation needed), say so explicitly — never trail off silently. The owner can always stop you via cancel or by typing \`stop\`; that's their lever. Yours is to keep going until the work is done.`;
 /**
  * Read the long-term memory block for an autonomous run (cron, team-task).
  * Returns the agent-specific MEMORY.md when a hired agent is active, the

package/dist/agent/run-agent.js

@@ -97,6 +97,7 @@ export function invalidateMcpStatusEntry(name) {
 import { BASE_DIR, PKG_DIR, CLAUDE_CODE_OAUTH_TOKEN, ANTHROPIC_API_KEY as CONFIG_ANTHROPIC_API_KEY, normalizeClaudeSdkOptionsForOneMillionContext, TOOL_OUTPUT_GUARD, } from '../config.js';
 import { buildGuardHooks } from './tool-output-guard.js';
 import { buildDedupHook } from './tool-call-dedup.js';
+import { buildChatStopHook } from './chat-stop-hook.js';
 import { buildAgentMap } from './agent-definitions.js';
 import { buildExecutionToolPolicy, } from './execution-policy.js';
 const MCP_SERVER_SCRIPT = path.join(PKG_DIR, 'dist', 'tools', 'mcp-server.js');
@@ -189,6 +190,20 @@ const CORE_TOOLS_FOR_AGENT_PARENT = [
     'WebSearch',
     'WebFetch',
     'TodoWrite',
+    // 1.18.184 — Clementine's identity tools. Memory + capture are not
+    // optional skills; they are part of who she is. Surfacing them in
+    // the canonical SDK tools channel (NOT in the system prompt) means
+    // the model always sees them as available — no dependency on
+    // skill-match score thresholds widening the surface mid-turn.
+    // The MCP wildcard at execution-policy.ts:233 also exposes them, but
+    // when the MCP server hiccups during init the wildcard goes empty;
+    // explicit listing here guarantees the surface.
+    'mcp__clementine-tools__memory_search',
+    'mcp__clementine-tools__transcript_search',
+    'mcp__clementine-tools__memory_write',
+    'mcp__clementine-tools__note_take',
+    'mcp__clementine-tools__note_create',
+    'mcp__clementine-tools__task_add',
 ];
 /**
  * Run a single agent invocation via the canonical SDK pattern.
@@ -416,13 +431,47 @@ export async function runAgent(prompt, opts) {
             });
         },
     });
-    // Merge hook maps from the two modules. SDK accepts arrays of
+    // ── Chat persistence Stop hook (1.18.184, source='chat' only) ─────
+    // Keeps chat-initiated multi-step jobs running until they finish.
+    // Inspects the model's last assistant message for continuation
+    // signals ("next, I'll...", "step 2:", etc.) and re-prompts the
+    // model when it would otherwise stop mid-job. Honors
+    // stop_hook_active (anti-infinite-loop) and abortSignal
+    // (user-initiated stop always wins). Autonomous paths
+    // (cron / scheduled-skill / heartbeat / team-task) intentionally
+    // skip this — they have their own completion semantics and a
+    // continue-on-stop hook would fight them.
+    const isChatPath = source === 'chat';
+    const stopHook = isChatPath
+        ? buildChatStopHook({
+            runId,
+            ...(opts.abortSignal ? { abortSignal: opts.abortSignal } : {}),
+            onDecision: (info) => {
+                if (info.decision !== 'continue')
+                    return;
+                writeEvent({
+                    kind: 'hook',
+                    ts: new Date().toISOString(),
+                    sessionId,
+                    hookEventName: 'Stop',
+                    text: `clementine_stop_hook:continue last="${info.lastMessagePreview}"`,
+                });
+            },
+        })
+        : null;
+    // Merge hook maps from the modules. SDK accepts arrays of
     // HookCallbackMatcher per event; we concatenate.
     const mergedHooks = { ...guard.hooks };
     for (const [evt, matchers] of Object.entries(dedup.hooks)) {
         const existing = mergedHooks[evt] ?? [];
         mergedHooks[evt] = [...existing, ...matchers];
     }
+    if (stopHook) {
+        for (const [evt, matchers] of Object.entries(stopHook.hooks)) {
+            const existing = mergedHooks[evt] ?? [];
+            mergedHooks[evt] = [...existing, ...matchers];
+        }
+    }
     // Apply 1M-context env normalization (existing infra)
     const sdkOptionsRaw = {
         systemPrompt: profileAppend

package/dist/agent/tool-call-dedup.js

@@ -47,11 +47,24 @@ import { createHash } from 'node:crypto';
 import pino from 'pino';
 const logger = pino({ name: 'clementine.tool-call-dedup' });
 // ── Tunables ──────────────────────────────────────────────────────────
-/** Within this window (ms), identical calls are considered "the same". */
+/** Entry lifetime — how long we remember a call to compare against. */
 const DEFAULT_TTL_MS = 60_000;
+/**
+ * Tight-burst window for HARD blocks (1.18.184 refinement). Hard-block
+ * fires only when ≥ HARD_BLOCK_AT identical calls happen within this
+ * window of the FIRST call. The classic refetch-after-compact failure
+ * pattern (which is what this hook exists to prevent — see the
+ * imessage-triage diagnosis comment up top) reliably completes 4
+ * identical calls in <2 minutes; the tight-burst signature is more
+ * like ~3 calls in <10 seconds. Polling-with-delay (e.g., "wait 30s
+ * and check again") legitimately produces identical calls spread out
+ * over the entry lifetime; the wider TTL still warns the model in
+ * that case but does not block. User intent for retry > our caution.
+ */
+const HARD_BLOCK_BURST_WINDOW_MS = 8_000;
 /** Second identical call within TTL → soft warn (let it through with a hint). */
 const SOFT_WARN_AT = 2;
-/** Third+ identical call within TTL → hard block (deny). */
+/** Third+ identical call within HARD_BLOCK_BURST_WINDOW_MS → hard block (deny). */
 const HARD_BLOCK_AT = 3;
 // ── Hashing ───────────────────────────────────────────────────────────
 /**
@@ -115,24 +128,29 @@ export function buildDedupHook(opts) {
         entry.count += 1;
         entry.lastSeen = now;
         const sinceFirstMs = now - entry.firstSeen;
-        if (entry.count >= hardAt) {
+        // 1.18.184: hard-block ONLY on tight bursts (≤ HARD_BLOCK_BURST_WINDOW_MS
+        // from first call). This is the refetch-after-compact failure signature.
+        // Calls spread out across the wider TTL get a warning but not a block —
+        // legitimate polling ("wait 30s, retry") is preserved.
+        if (entry.count >= hardAt && sinceFirstMs <= HARD_BLOCK_BURST_WINDOW_MS) {
             stats.blocked += 1;
             logger.warn({
                 toolName,
                 inputHash,
                 callCount: entry.count,
                 sinceFirstMs,
+                burstWindowMs: HARD_BLOCK_BURST_WINDOW_MS,
                 runId: opts.runId,
-            }, 'tool-call-dedup: hard-blocking identical call');
+            }, 'tool-call-dedup: hard-blocking tight-burst identical call');
             opts.onDecision?.({ toolName, inputHash, callCount: entry.count, decision: 'block', sinceFirstMs });
             return {
                 hookSpecificOutput: {
                     hookEventName: 'PreToolUse',
                     permissionDecision: 'deny',
-                    permissionDecisionReason: `Tool \`${toolName}\` was already called with these exact arguments ${entry.count - 1} time(s) in the last ${Math.floor(sinceFirstMs / 1000)}s. ` +
-                        `The result has not changed. STOP re-calling — use the result from your earlier context, ` +
+                    permissionDecisionReason: `Tool \`${toolName}\` was just called with these exact arguments ${entry.count - 1} time(s) within the last ${Math.floor(sinceFirstMs / 1000)}s — a tight-burst refetch pattern that almost always indicates a refetch-after-compaction loop. ` +
+                        `STOP re-calling — use the result from your earlier context, ` +
                         `change the arguments to fetch different data, or finish the task with what you already know. ` +
-                        `If you genuinely need fresh data, wait at least ${Math.ceil(ttl / 1000)}s and try again.`,
+                        `If you genuinely need fresh data (polling), wait at least ${Math.ceil(HARD_BLOCK_BURST_WINDOW_MS / 1000)}s before the next identical call.`,
                 },
             };
         }

package/dist/gateway/router.d.ts

@@ -18,6 +18,17 @@ export declare function buildContextOverflowRetryPrompt(opts: {
     turnContextPrefix?: string;
     project?: ProjectMeta | null;
 }): string;
+/**
+ * Map a SDK TerminalReason to a brief, honest note for the user when
+ * a chat-initiated job stopped due to a cap rather than clean
+ * completion. Returns null for reasons that don't need user
+ * messaging (clean completion, user-initiated abort, etc.).
+ *
+ * 1.18.184 — silent trail-off is the bug class we're killing. When
+ * Clementine stops mid-job because of maxTurns / budget / etc., the
+ * owner needs to know so they can choose to continue.
+ */
+export declare function buildCapHitNote(terminalReason: string | undefined): string | null;
 export declare function runAgentResultIndicatesContextOverflow(result: {
     subtype?: string;
     terminalReason?: string;

package/dist/gateway/router.js

@@ -96,6 +96,45 @@ export function buildContextOverflowRetryPrompt(opts) {
     parts.push(opts.chatPrompt);
     return parts.filter(Boolean).join('\n\n');
 }
+/**
+ * Map a SDK TerminalReason to a brief, honest note for the user when
+ * a chat-initiated job stopped due to a cap rather than clean
+ * completion. Returns null for reasons that don't need user
+ * messaging (clean completion, user-initiated abort, etc.).
+ *
+ * 1.18.184 — silent trail-off is the bug class we're killing. When
+ * Clementine stops mid-job because of maxTurns / budget / etc., the
+ * owner needs to know so they can choose to continue.
+ */
+export function buildCapHitNote(terminalReason) {
+    if (!terminalReason)
+        return null;
+    switch (terminalReason) {
+        case 'max_turns':
+            return '_(Note: I hit my turn cap before finishing. Say "continue" if you want me to keep going from where I left off.)_';
+        case 'blocking_limit':
+            return '_(Note: I hit a budget cap before finishing. Say "continue" if you want me to keep going — or raise the per-chat budget in the dashboard.)_';
+        case 'rapid_refill_breaker':
+            // Context-overflow path has its own recovery flow earlier; if
+            // we're seeing this terminal reason at the success path, the
+            // retry didn't fully recover. Surface it honestly.
+            return '_(Note: my context got refilled too aggressively mid-task. Some work above may be partial. Say "continue" and I\'ll pick up with a fresh context.)_';
+        case 'prompt_too_long':
+            return '_(Note: the working context grew too large mid-task. Some work above may be partial. Say "continue" with a fresh focus and I\'ll keep going.)_';
+        case 'hook_stopped':
+        case 'stop_hook_prevented':
+            // A user-supplied stop/validation hook fired. Not a "silent
+            // trail-off" — the owner asked for the pause. Don't add noise.
+            return null;
+        case 'completed':
+        case undefined:
+            return null;
+        default:
+            // Anything else: don't second-guess the SDK; let the message
+            // text speak for itself.
+            return null;
+    }
+}
 export function runAgentResultIndicatesContextOverflow(result) {
     const terminalReason = (result.terminalReason ?? '').trim();
     if (terminalReason && classifyChatError(terminalReason) === 'context_overflow')
@@ -2118,6 +2157,8 @@ export class Gateway {
                     const { buildExtraMcpForRunAgent } = await import('../agent/run-agent-mcp.js');
                     const { buildChatSystemAppend } = await import('../agent/run-agent-context.js');
                     const { resolveSkillsForChat } = await import('../agent/chat-skill-resolver.js');
+                    const { buildClementineTurnContext } = await import('../agent/clementine-turn-context.js');
+                    const { listBackgroundTasks } = await import('../agent/background-tasks.js');
                     // Builder sessions (dashboard trick/skill/cron/agent builder)
                     // are conversational JSON-drafting flows, not real chat. They
                     // don't need vault context, MCP tools, recall, or auto-memory
@@ -2173,9 +2214,51 @@ export class Gateway {
                     // Per-turn context (recall + persistent learnings + silent
                     // blocks + security/toolset directives) — real chat only.
                     // Builder doesn't need recall of unrelated transcripts.
-                    const turnContextPrefix = !isBuilderSession && securityAnnotation.trim()
+                    //
+                    // 1.18.184: the volatile turn-context block is now the
+                    // single integration point for everything dynamic about
+                    // Clementine — retrieved SQLite memory, recent bg-task
+                    // headlines, live state, and (soon) outputs from the
+                    // self-improvement subsystems. Prepended ahead of the
+                    // existing securityAnnotation envelope.
+                    // See `src/agent/clementine-turn-context.ts` for the
+                    // architecture rationale and the labeled extension points.
+                    let clementineContextBlock = '';
+                    if (!isBuilderSession) {
+                        try {
+                            const memStore = this.assistant.getMemoryStore?.() ?? null;
+                            const turnCtx = buildClementineTurnContext({
+                                userMessage: originalText,
+                                sessionKey: effectiveSessionKey,
+                                channel: effectiveSessionKey.split(':')[0] ?? 'chat',
+                                ownerName: resolvedProfile?.name ?? null,
+                                profileName: resolvedProfile && resolvedProfile.slug !== 'clementine'
+                                    ? (resolvedProfile.name ?? resolvedProfile.slug)
+                                    : null,
+                                memoryStore: memStore,
+                                listBackgroundTasks,
+                            });
+                            clementineContextBlock = turnCtx.block;
+                            logger.debug({
+                                sessionKey: effectiveSessionKey,
+                                turnContextChars: turnCtx.totalChars,
+                                sections: turnCtx.sections,
+                            }, 'Built Clementine turn-context block');
+                        }
+                        catch (err) {
+                            // Never block chat on context-builder failure — log and skip.
+                            logger.warn({ err, sessionKey: effectiveSessionKey }, 'Clementine turn-context builder failed (non-fatal)');
+                        }
+                    }
+                    const securityContextPrefix = !isBuilderSession && securityAnnotation.trim()
                         ? `[Context — read this for continuity, then respond to the user message below]\n${securityAnnotation}\n[/Context]\n\n`
                         : '';
+                    // Order: Clementine context first (durable memory + live
+                    // state), then security annotation (per-turn signal), then
+                    // the user's actual chat prompt. The model sees memory and
+                    // identity framing BEFORE per-turn warnings, which matches
+                    // how a human assistant would orient themselves.
+                    const turnContextPrefix = clementineContextBlock + securityContextPrefix;
                     const finalPrompt = turnContextPrefix + chatPrompt;
                     // Resume the prior SDK session when one exists for this
                     // sessionKey. The SDK persists session JSONLs to disk, so
@@ -2215,7 +2298,28 @@ export class Gateway {
                         profile: resolvedProfile,
                         agentManager: this.getAgentManager(),
                         memoryStore: this.assistant.getMemoryStore?.() ?? null,
+                        // 1.18.184 — Chat runs on a trusted local machine for the
+                        // owner. The canonical SDK posture for that case is
+                        // `bypassPermissions` (requires allowDangerouslySkipPermissions,
+                        // which execution-policy.ts:266 wires automatically when this
+                        // mode is selected). Builder sessions still inherit the
+                        // default 'dontAsk' since they have no tools and run on
+                        // Haiku — bypass would be a no-op there anyway. Autonomous
+                        // paths (cron, scheduled-skill, heartbeat) intentionally
+                        // stay on 'dontAsk' so they remain strict-allowlist for
+                        // safety; only the owner's direct chat gets full bypass.
+                        ...(isBuilderSession ? {} : { permissionMode: 'bypassPermissions' }),
                         ...(builderModel ? { model: builderModel } : {}),
+                        // 1.18.184 — right-size maxTurns for chat-initiated work.
+                        // Chat jobs are often multi-step ("draft 3 emails and send
+                        // them") and the SDK's default (low single digits) was
+                        // forcing premature trail-off. We give chat a generous
+                        // 60-turn ceiling; the real cost stopper is `BUDGET.chat`
+                        // (default $5.00 / invocation, see config/effective-config.ts).
+                        // Caller-supplied maxTurns still wins. Builder sessions
+                        // skip this — they're tight Haiku JSON drafting and don't
+                        // need the runway.
+                        ...((!isBuilderSession && !maxTurns) ? { maxTurns: 60 } : {}),
                         ...(maxTurns ? { maxTurns } : {}),
                         ...(chatBudget !== undefined ? { maxBudgetUsd: chatBudget } : {}),
                         ...(builderAllowedTools ? { allowedTools: builderAllowedTools } : {}),
@@ -2350,8 +2454,16 @@ export class Gateway {
                         numTurns: runAgentResult.numTurns,
                         cost: Number(runAgentResult.totalCostUsd.toFixed(4)),
                         responseLen: runAgentResult.text.length,
+                        terminalReason: runAgentResult.terminalReason,
                     }, 'chat:latency');
-                    return runAgentResult.text || '*(no response)*';
+                    // 1.18.184 — Honest cap-hit messaging. If the run stopped
+                    // because of a cap (not a clean completion or a user abort),
+                    // append a brief, factual note so the owner knows where the
+                    // job actually stopped. Silent trail-off is the bug class
+                    // we're killing.
+                    const baseText = runAgentResult.text || '*(no response)*';
+                    const capNote = buildCapHitNote(runAgentResult.terminalReason);
+                    return capNote ? `${baseText}\n\n${capNote}` : baseText;
                 }
                 catch (err) {
                     clearTimeout(chatTimer);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clementine-agent",
-  "version": "1.18.183",
+  "version": "1.18.184",
   "description": "Clementine — Personal AI Assistant (TypeScript)",
   "type": "module",
   "main": "dist/index.js",