clementine-agent 1.18.183 → 1.18.185

package/dist/agent/assistant.js

@@ -1025,6 +1025,21 @@ export class PersonalAssistant {
         }
     }
     // ── System Prompt Builder ─────────────────────────────────────────
+    //
+    // 1.18.184 caveat: the canonical CHAT path no longer reaches this
+    // builder. Chat goes through runAgent (src/agent/run-agent.ts:679)
+    // with `systemPrompt: { type: 'preset', preset: 'claude_code',
+    // append: <buildChatSystemAppend(...)> }`. The recall + trust posture
+    // directives live in `run-agent-context.ts:BEHAVIORAL_POSTURE`.
+    //
+    // This buildSystemPrompt is now invoked only from:
+    //   - plan-step path (`processPlanStep` ~line 3396)
+    //   - auto-memory extraction Haiku passes (~line 3187)
+    //   - cron-reflection Haiku passes
+    //
+    // If you're adding chat-time behavioral guidance, add it to
+    // BEHAVIORAL_POSTURE in run-agent-context.ts. Adding it here will
+    // NOT affect real chat — only the legacy Haiku/plan-step paths.
     buildSystemPrompt(opts = {}) {
         const { isHeartbeat = false, cronTier = null, retrievalContext = '', profile = null, sessionKey = null, model = null, verboseLevel, intentClassification = null, contextTier = 'full', toolsAvailable = true, composioConnectedSlugs = [] } = opts;
         const isAutonomous = isHeartbeat || cronTier !== null;
@@ -1208,8 +1223,6 @@ Obsidian vault with YAML frontmatter, [[wikilinks]], #tags.
 **Remembering:** Durable facts → memory_write(action="update_memory"). Daily context → note_take / memory_write(action="append_daily"). New person → note_create. New task → task_add.
 Save important facts immediately; a background agent also extracts after each exchange.
 
-**Recalling — REQUIRED behavior:** When the user references past work you don't have in immediate context — a URL, a deployment, a file you created, a task or background job you ran, a person/project/domain name you don't have inline — call \`memory_search\` (or \`transcript_search\` for chat history) BEFORE asking the user to provide it and BEFORE replying that you have no record. Saying "I don't see any record of that" without having searched is a memory failure, not an honest answer. Background tasks, cron runs, deployments, and prior chat turns are all in the SQLite memory store with dense embeddings — semantic search will surface them even when the wording doesn't match exactly.
-
 ## Self-Configuration (never tell ${owner} to edit a config file)
 
 Clementine is self-configuring. Every credential, every integration, every tool permission can be set by calling a tool — no hand-editing.

package/dist/agent/chat-stop-hook.d.ts

@@ -0,0 +1,76 @@
+/**
+ * chat-stop-hook — Stop hook that keeps chat-initiated multi-step jobs
+ * running until they finish OR the user explicitly stops them.
+ *
+ * Why this exists (1.18.184)
+ * ──────────────────────────
+ * Before this hook, the SDK loop ended whenever the model produced
+ * a final assistant message — even when the model had clearly stated
+ * "next, I'll do X" but then stopped. From the user's POV: "I asked her
+ * to draft 3 emails and she only drafted 1, no explanation." The model
+ * was being prematurely terminated by the SDK's default Stop behavior.
+ *
+ * The canonical SDK pattern for long-running agentic loops is a Stop
+ * hook that:
+ *   1. Detects when the model said it would continue but didn't.
+ *   2. Returns `decision: 'block'` with a `reason` that re-prompts
+ *      the model to keep going.
+ *   3. NEVER blocks if Stop hooks have already fired this run
+ *      (`input.stop_hook_active === true`) — that's the SDK's
+ *      anti-infinite-loop guardrail and we honor it.
+ *   4. NEVER blocks if the user has aborted (abortSignal fired) —
+ *      user intent always wins.
+ *
+ * What this hook does NOT do
+ * ──────────────────────────
+ * It does NOT force every chat turn to keep going. The default path
+ * is to LET THE MODEL FINISH. The hook only intervenes when:
+ *   (a) the last assistant message contains a clear "more work to do"
+ *       signal (e.g., "next, I'll", "step 2:", "I'll continue with"), AND
+ *   (b) the user has NOT issued a stop / cancel, AND
+ *   (c) we haven't already re-blocked this run.
+ *
+ * Conservative by design: better to let one job finish slightly short
+ * than to spin forever. If a job needs to run long, the user can
+ * always re-ask.
+ *
+ * Aligned with Anthropic SDK best practices: Stop hooks fire even
+ * under `bypassPermissions`, which is the canonical lever for
+ * "agentic loop that keeps going." See `sdk.d.ts:5483-5492` for the
+ * `StopHookInput` shape including the `stop_hook_active` guard.
+ */
+import type { HookCallbackMatcher, HookEvent } from '@anthropic-ai/claude-agent-sdk';
+export interface StopHookOptions {
+    /** Stable run identifier for telemetry. */
+    runId: string;
+    /** Optional abort signal to honor — if it fires, the hook will
+     *  never re-block. User-initiated stops always win. */
+    abortSignal?: AbortSignal;
+    /** Optional callback fired on every decision. Useful for the
+     *  dashboard "What Clementine sees this turn" panel. */
+    onDecision?: (info: {
+        decision: 'pass' | 'continue';
+        reason?: string;
+        lastMessagePreview: string;
+        stopHookActive: boolean;
+    }) => void;
+}
+export interface StopHookStats {
+    /** Total Stop events inspected. */
+    inspected: number;
+    /** Stop events that passed through (model finished cleanly). */
+    passed: number;
+    /** Stop events where we re-prompted the model to continue. */
+    continued: number;
+}
+export interface StopHookHandles {
+    /** Hook map suitable for SDK `query({ options: { hooks } })`. */
+    hooks: Partial<Record<HookEvent, HookCallbackMatcher[]>>;
+    /** Aggregated telemetry — read after the run completes. */
+    stats: StopHookStats;
+}
+/**
+ * Build a Stop hook for a chat-initiated agentic run.
+ */
+export declare function buildChatStopHook(opts: StopHookOptions): StopHookHandles;
+//# sourceMappingURL=chat-stop-hook.d.ts.map

package/dist/agent/chat-stop-hook.js

@@ -0,0 +1,155 @@
+/**
+ * chat-stop-hook — Stop hook that keeps chat-initiated multi-step jobs
+ * running until they finish OR the user explicitly stops them.
+ *
+ * Why this exists (1.18.184)
+ * ──────────────────────────
+ * Before this hook, the SDK loop ended whenever the model produced
+ * a final assistant message — even when the model had clearly stated
+ * "next, I'll do X" but then stopped. From the user's POV: "I asked her
+ * to draft 3 emails and she only drafted 1, no explanation." The model
+ * was being prematurely terminated by the SDK's default Stop behavior.
+ *
+ * The canonical SDK pattern for long-running agentic loops is a Stop
+ * hook that:
+ *   1. Detects when the model said it would continue but didn't.
+ *   2. Returns `decision: 'block'` with a `reason` that re-prompts
+ *      the model to keep going.
+ *   3. NEVER blocks if Stop hooks have already fired this run
+ *      (`input.stop_hook_active === true`) — that's the SDK's
+ *      anti-infinite-loop guardrail and we honor it.
+ *   4. NEVER blocks if the user has aborted (abortSignal fired) —
+ *      user intent always wins.
+ *
+ * What this hook does NOT do
+ * ──────────────────────────
+ * It does NOT force every chat turn to keep going. The default path
+ * is to LET THE MODEL FINISH. The hook only intervenes when:
+ *   (a) the last assistant message contains a clear "more work to do"
+ *       signal (e.g., "next, I'll", "step 2:", "I'll continue with"), AND
+ *   (b) the user has NOT issued a stop / cancel, AND
+ *   (c) we haven't already re-blocked this run.
+ *
+ * Conservative by design: better to let one job finish slightly short
+ * than to spin forever. If a job needs to run long, the user can
+ * always re-ask.
+ *
+ * Aligned with Anthropic SDK best practices: Stop hooks fire even
+ * under `bypassPermissions`, which is the canonical lever for
+ * "agentic loop that keeps going." See `sdk.d.ts:5483-5492` for the
+ * `StopHookInput` shape including the `stop_hook_active` guard.
+ */
+import pino from 'pino';
+const logger = pino({ name: 'clementine.chat-stop-hook' });
+/**
+ * Phrases in the last assistant message that signal "more work to do."
+ * Conservative — we only continue when the model EXPLICITLY said it
+ * would. Vague endings ("Let me know if you need anything else.") do
+ * NOT trigger; those are clean completions.
+ */
+const CONTINUATION_SIGNALS = [
+    // Explicit "next step" / sequencing
+    /\bnext,?\s+(?:i'?ll|i\s+will|let'?s|i'?m\s+going\s+to)\b/i,
+    /\bstep\s+\d+:/i,
+    /\bphase\s+\d+:/i,
+    /\bi'?ll\s+(?:now|then|next)\b/i,
+    /\bi\s+will\s+(?:now|then|next)\b/i,
+    // "Continuing with" / "moving on"
+    /\bcontinuing\s+(?:with|to)\b/i,
+    /\bmoving\s+on\s+to\b/i,
+    /\bi'?ll\s+continue\s+(?:by|with)\b/i,
+    // Promised remainder of a list
+    /\b(?:second|third|fourth|fifth|remaining|rest)\s+(?:email|email\.?|draft|item|step)/i,
+    // "After this, I'll"
+    /\bafter\s+(?:this|that),?\s+i'?ll\b/i,
+];
+/**
+ * Build a Stop hook for a chat-initiated agentic run.
+ */
+export function buildChatStopHook(opts) {
+    const stats = { inspected: 0, passed: 0, continued: 0 };
+    const stopHook = async (input) => {
+        if (input.hook_event_name !== 'Stop')
+            return {};
+        const evt = input;
+        stats.inspected += 1;
+        const lastMsg = evt.last_assistant_message ?? '';
+        const lastMessagePreview = lastMsg.slice(0, 160).replace(/\s+/g, ' ').trim();
+        // ── Guard 1: anti-infinite-loop ───────────────────────────────
+        // stop_hook_active is true if Stop hooks have ALREADY fired this
+        // run. SDK uses this exact field to prevent us re-blocking
+        // forever. If it's set, we must pass through.
+        if (evt.stop_hook_active) {
+            stats.passed += 1;
+            logger.debug({
+                runId: opts.runId,
+                reason: 'stop_hook_active',
+                lastMessagePreview,
+            }, 'Stop hook passing — already active');
+            opts.onDecision?.({
+                decision: 'pass',
+                reason: 'stop_hook_active',
+                lastMessagePreview,
+                stopHookActive: true,
+            });
+            return {};
+        }
+        // ── Guard 2: user-initiated stop ──────────────────────────────
+        // If the abort signal has fired, the user wants out. Never
+        // re-block. User intent ALWAYS wins.
+        if (opts.abortSignal?.aborted) {
+            stats.passed += 1;
+            logger.debug({
+                runId: opts.runId,
+                reason: 'user_aborted',
+                lastMessagePreview,
+            }, 'Stop hook passing — user aborted');
+            opts.onDecision?.({
+                decision: 'pass',
+                reason: 'user_aborted',
+                lastMessagePreview,
+                stopHookActive: false,
+            });
+            return {};
+        }
+        // ── Detection: did the model say it would continue? ──────────
+        const continuationMatched = CONTINUATION_SIGNALS.some((rx) => rx.test(lastMsg));
+        if (!continuationMatched) {
+            // No continuation signal — let the model finish.
+            stats.passed += 1;
+            opts.onDecision?.({
+                decision: 'pass',
+                reason: 'clean_completion',
+                lastMessagePreview,
+                stopHookActive: false,
+            });
+            return {};
+        }
+        // ── Re-prompt: keep going ──────────────────────────────────────
+        stats.continued += 1;
+        const reason = 'You said you would continue with more work but the loop is about to end. ' +
+            'Keep going — finish the remaining steps you outlined. ' +
+            'If you genuinely cannot continue (waiting on external input, hit a hard error, etc.), say so explicitly in your next message so the owner knows where you stopped.';
+        logger.info({
+            runId: opts.runId,
+            lastMessagePreview,
+        }, 'Stop hook re-prompting model to continue work it announced');
+        opts.onDecision?.({
+            decision: 'continue',
+            reason,
+            lastMessagePreview,
+            stopHookActive: false,
+        });
+        return {
+            decision: 'block',
+            reason,
+        };
+    };
+    return {
+        hooks: {
+            Stop: [{ hooks: [stopHook] }],
+        },
+        stats,
+    };
+}
+//# sourceMappingURL=chat-stop-hook.js.map

package/dist/agent/clementine-turn-context.d.ts

@@ -0,0 +1,102 @@
+/**
+ * clementine-turn-context — the volatile per-turn context block that
+ * reconstitutes Clementine's live awareness on every chat turn.
+ *
+ * Why this exists (1.18.184)
+ * ──────────────────────────
+ * The modern chat path's system prompt is the SDK's `claude_code`
+ * preset + `buildChatSystemAppend()` (run-agent-context.ts). That gives
+ * Clementine her identity (SOUL) and her hand-curated long-term memory
+ * (MEMORY.md), but it is STATIC across turns by design — anything that
+ * varies per turn must NOT live there or it would invalidate the
+ * Anthropic prompt cache.
+ *
+ * Anything volatile — what's true right now, what just happened, what
+ * the SQLite memory store has relevant to the current message — lives
+ * here, in a block prepended to the user's message. The SDK treats
+ * that as turn input, not as system prompt, so it doesn't break cache
+ * and it gives the model fresh context every turn.
+ *
+ * What we put in the block
+ * ────────────────────────
+ * 1. Retrieved memory hits from the SQLite store (semantic + FTS),
+ *    scored against the user's current message. The single highest-
+ *    leverage section — this is how persistent memory of EVERYTHING
+ *    actually reaches the model.
+ * 2. Recent background-task headlines (last 24h, terminal status only)
+ *    so the model knows what work just completed without re-asking.
+ * 3. Live state — current date/time + channel/identity framing.
+ * 4. Extension points for the deeper learning subsystems (decision-
+ *    reflection, skill-quality, insight-engine, seed-user-model,
+ *    goal-evaluator) — each one is a labeled section that returns
+ *    empty today and can be wired in a follow-up ship without
+ *    re-architecting.
+ *
+ * Hard cap on total block size — see MAX_BLOCK_CHARS. Anthropic's prompt
+ * cache benefit dies if the volatile block is larger than the cacheable
+ * prefix, so keep this tight.
+ *
+ * Aligned with Anthropic SDK best practices: per-turn dynamic context
+ * in the USER message, NOT in the system prompt. See the SDK reference
+ * note on prompt caching boundaries.
+ */
+import type { BackgroundTask } from '../types.js';
+export interface BuildTurnContextOptions {
+    /** The user's current message — used as the query for retrieved memory. */
+    userMessage: string;
+    /** Session key for the active chat. Used for log breadcrumbs and to
+     *  scope future per-session reads (currently unused; searchContext
+     *  is intentionally cross-session for single-owner installs). */
+    sessionKey: string;
+    /** Where the user is reaching Clementine from. Surfaces in the
+     *  identity framing block. Examples: "discord-dm", "dashboard",
+     *  "slack-channel", "chat". */
+    channel?: string;
+    /** Owner-facing name (display name, not slug). When set, used in
+     *  the identity framing block. */
+    ownerName?: string | null;
+    /** Active hired-agent profile if running as one. Affects the
+     *  identity framing — "you are talking to Sasha right now," not
+     *  "you are Clementine". */
+    profileName?: string | null;
+    /** Read-only memory store handle. When absent, retrieved-memory
+     *  section is skipped — the rest still renders. */
+    memoryStore?: {
+        searchContext?: (query: string, opts?: {
+            limit?: number;
+        }) => Array<{
+            source_file?: string;
+            section?: string;
+            content: string;
+            score?: number;
+        }>;
+    } | null;
+    /** Optional override: synchronous read of recent terminal-state bg
+     *  tasks. Defaults to a one-time module-cached listBackgroundTasks
+     *  import (lazy, since not all callers have one). */
+    listBackgroundTasks?: (filter: {
+        status?: BackgroundTask['status'];
+    }) => BackgroundTask[];
+    /** Clock injection for tests. Defaults to Date.now(). */
+    now?: () => number;
+}
+export interface BuildTurnContextResult {
+    /** The full ready-to-prepend context block, INCLUDING outer
+     *  `[Context...]\n...\n[/Context]\n\n` fence. Empty string when no
+     *  sections produced output (e.g., builder sessions or completely
+     *  empty stores) — caller can treat empty as "no prefix needed". */
+    block: string;
+    /** Telemetry — which sections contributed, for the dashboard
+     *  "what Clementine sees this turn" panel. */
+    sections: {
+        retrievedMemory: number;
+        recentBgTasks: number;
+        liveState: boolean;
+        identityFrame: boolean;
+    };
+    /** Final character count of the block. Useful for logging + the
+     *  Anthropic prompt-cache-health analysis. */
+    totalChars: number;
+}
+export declare function buildClementineTurnContext(opts: BuildTurnContextOptions): BuildTurnContextResult;
+//# sourceMappingURL=clementine-turn-context.d.ts.map

package/dist/agent/clementine-turn-context.js

@@ -0,0 +1,210 @@
+/**
+ * clementine-turn-context — the volatile per-turn context block that
+ * reconstitutes Clementine's live awareness on every chat turn.
+ *
+ * Why this exists (1.18.184)
+ * ──────────────────────────
+ * The modern chat path's system prompt is the SDK's `claude_code`
+ * preset + `buildChatSystemAppend()` (run-agent-context.ts). That gives
+ * Clementine her identity (SOUL) and her hand-curated long-term memory
+ * (MEMORY.md), but it is STATIC across turns by design — anything that
+ * varies per turn must NOT live there or it would invalidate the
+ * Anthropic prompt cache.
+ *
+ * Anything volatile — what's true right now, what just happened, what
+ * the SQLite memory store has relevant to the current message — lives
+ * here, in a block prepended to the user's message. The SDK treats
+ * that as turn input, not as system prompt, so it doesn't break cache
+ * and it gives the model fresh context every turn.
+ *
+ * What we put in the block
+ * ────────────────────────
+ * 1. Retrieved memory hits from the SQLite store (semantic + FTS),
+ *    scored against the user's current message. The single highest-
+ *    leverage section — this is how persistent memory of EVERYTHING
+ *    actually reaches the model.
+ * 2. Recent background-task headlines (last 24h, terminal status only)
+ *    so the model knows what work just completed without re-asking.
+ * 3. Live state — current date/time + channel/identity framing.
+ * 4. Extension points for the deeper learning subsystems (decision-
+ *    reflection, skill-quality, insight-engine, seed-user-model,
+ *    goal-evaluator) — each one is a labeled section that returns
+ *    empty today and can be wired in a follow-up ship without
+ *    re-architecting.
+ *
+ * Hard cap on total block size — see MAX_BLOCK_CHARS. Anthropic's prompt
+ * cache benefit dies if the volatile block is larger than the cacheable
+ * prefix, so keep this tight.
+ *
+ * Aligned with Anthropic SDK best practices: per-turn dynamic context
+ * in the USER message, NOT in the system prompt. See the SDK reference
+ * note on prompt caching boundaries.
+ */
+import pino from 'pino';
+const logger = pino({ name: 'clementine.turn-context' });
+// ── Tunables ──────────────────────────────────────────────────────────
+/** Hard cap on the entire block. Keep volatile content small so the
+ *  cacheable prefix stays larger than the dynamic delta. */
+const MAX_BLOCK_CHARS = 4_000;
+/** Per-section caps so any one section can't crowd out the others. */
+const MAX_MEMORY_HITS = 6;
+const MAX_MEMORY_HIT_CHARS = 320;
+const MAX_BG_TASKS = 3;
+const MAX_BG_TASK_LINE_CHARS = 200;
+const RECENT_BG_WINDOW_MS = 24 * 60 * 60 * 1000;
+// ── The builder ───────────────────────────────────────────────────────
+export function buildClementineTurnContext(opts) {
+    const sections = {
+        retrievedMemory: 0,
+        recentBgTasks: 0,
+        liveState: false,
+        identityFrame: false,
+    };
+    const parts = [];
+    const nowMs = (opts.now ?? Date.now)();
+    const nowDate = new Date(nowMs);
+    // ── 1. Retrieved memory hits ──────────────────────────────────────
+    // The single most important section. Pulls the top semantic + FTS
+    // hits from the SQLite memory store, scored against the user's
+    // current message. Without this, Clementine has no automatic recall
+    // — she'd have to spontaneously call memory_search every turn.
+    if (opts.memoryStore?.searchContext && opts.userMessage.trim().length > 0) {
+        try {
+            const hits = opts.memoryStore.searchContext(opts.userMessage, {
+                limit: MAX_MEMORY_HITS,
+            });
+            if (hits && hits.length > 0) {
+                const lines = ['### Possibly relevant from persistent memory'];
+                for (const h of hits.slice(0, MAX_MEMORY_HITS)) {
+                    const label = h.section
+                        ? h.section
+                        : (h.source_file ? h.source_file.split('/').pop() ?? h.source_file : 'memory');
+                    const content = (h.content ?? '').slice(0, MAX_MEMORY_HIT_CHARS).trim();
+                    if (!content)
+                        continue;
+                    lines.push(`- **${label}**: ${content}`);
+                    sections.retrievedMemory += 1;
+                }
+                if (sections.retrievedMemory > 0) {
+                    parts.push(lines.join('\n'));
+                }
+            }
+        }
+        catch (err) {
+            // Never block on memory failure — log and continue.
+            logger.debug({ err, sessionKey: opts.sessionKey }, 'turn-context: searchContext failed (non-fatal)');
+        }
+    }
+    // ── 2. Recent background task headlines ───────────────────────────
+    // Last 24h of terminal-state bg tasks. So when the owner asks "what
+    // happened with that job?" she knows without re-asking.
+    if (opts.listBackgroundTasks) {
+        try {
+            const TERMINAL = ['done', 'failed', 'interrupted', 'aborted'];
+            const recent = [];
+            for (const status of TERMINAL) {
+                const tasks = opts.listBackgroundTasks({ status });
+                for (const task of tasks) {
+                    const stamp = task.completedAt ?? task.interruptedAt ?? task.startedAt ?? task.createdAt;
+                    if (!stamp)
+                        continue;
+                    if (nowMs - Date.parse(stamp) > RECENT_BG_WINDOW_MS)
+                        continue;
+                    recent.push(task);
+                }
+            }
+            // Newest first, capped.
+            recent.sort((a, b) => {
+                const aStamp = a.completedAt ?? a.startedAt ?? a.createdAt ?? '';
+                const bStamp = b.completedAt ?? b.startedAt ?? b.createdAt ?? '';
+                return bStamp.localeCompare(aStamp);
+            });
+            if (recent.length > 0) {
+                const lines = ['### Recently completed background work (last 24h)'];
+                for (const task of recent.slice(0, MAX_BG_TASKS)) {
+                    const promptPreview = (task.prompt ?? '').slice(0, 80).replace(/\s+/g, ' ').trim();
+                    const tail = task.status === 'done'
+                        ? (task.result ?? task.deliverableNote ?? 'done').slice(0, 100).replace(/\s+/g, ' ').trim()
+                        : (task.error ?? task.status).slice(0, 100).replace(/\s+/g, ' ').trim();
+                    const line = `- **${task.status}**: ${promptPreview} → ${tail}`;
+                    lines.push(line.slice(0, MAX_BG_TASK_LINE_CHARS));
+                    sections.recentBgTasks += 1;
+                }
+                if (sections.recentBgTasks > 0) {
+                    parts.push(lines.join('\n'));
+                }
+            }
+        }
+        catch (err) {
+            logger.debug({ err, sessionKey: opts.sessionKey }, 'turn-context: listBackgroundTasks failed (non-fatal)');
+        }
+    }
+    // ── 3. Identity framing ───────────────────────────────────────────
+    // "Who is the user, where are they reaching you, which agent are
+    // you running as." Anchors the model's voice + addressing.
+    const identityLine = buildIdentityLine(opts);
+    if (identityLine) {
+        parts.push(`### Right now\n${identityLine}`);
+        sections.identityFrame = true;
+    }
+    // ── 4. Live state ─────────────────────────────────────────────────
+    // Current date/time so the model never says "I don't know what
+    // today is." Cheap, high-signal.
+    const liveLine = `Current time: ${nowDate.toISOString()} (UTC)`;
+    if (sections.identityFrame) {
+        // Fold into the same "Right now" section to avoid an extra header.
+        parts[parts.length - 1] = `${parts[parts.length - 1]}\n${liveLine}`;
+    }
+    else {
+        parts.push(`### Right now\n${liveLine}`);
+    }
+    sections.liveState = true;
+    // ── 5. Extension points for deeper learning subsystems ───────────
+    // These are intentionally empty today. The architecture is set up
+    // so adding a new subsystem = adding a new builder function +
+    // calling it here. Each follow-up ship can wire one at a time
+    // without re-touching the rest of the module.
+    //
+    // TODO(1.18.185+): wire these in:
+    //   - decision-reflection: latest formatReflectionSummary() if <24h old
+    //   - skill-quality: skills flagged 'underperforming' or 'stale'
+    //   - insight-engine: most recent generated insights not yet ack'd
+    //   - seed-user-model: latest persisted snapshot of the owner profile
+    //   - goal-evaluator: active goals and last 3 goal-check results
+    //
+    // For each, the pattern is: read fast, cap output, log non-fatally on error.
+    if (parts.length === 0) {
+        return { block: '', sections, totalChars: 0 };
+    }
+    const body = parts.join('\n\n');
+    // Hard cap on the whole block to protect cache health.
+    const truncated = body.length > MAX_BLOCK_CHARS
+        ? body.slice(0, MAX_BLOCK_CHARS - 3) + '...'
+        : body;
+    // Mirror the existing securityAnnotation envelope shape so the chat
+    // path can concatenate cleanly.
+    const block = `[Context — read this for continuity, then respond to the user message below]\n${truncated}\n[/Context]\n\n`;
+    return {
+        block,
+        sections,
+        totalChars: block.length,
+    };
+}
+// ── Helpers ───────────────────────────────────────────────────────────
+function buildIdentityLine(opts) {
+    const parts = [];
+    if (opts.ownerName) {
+        parts.push(`You're talking to ${opts.ownerName}`);
+    }
+    if (opts.channel) {
+        parts.push(`via ${opts.channel}`);
+    }
+    if (opts.profileName) {
+        parts.push(`as ${opts.profileName}`);
+    }
+    else if (parts.length > 0) {
+        parts.push('as Clementine');
+    }
+    return parts.length > 0 ? parts.join(' ') + '.' : '';
+}
+//# sourceMappingURL=clementine-turn-context.js.map

package/dist/agent/run-agent-context.js

@@ -81,8 +81,43 @@ export function buildChatSystemAppend(opts = {}) {
     if (opts.profileAppend?.trim()) {
         blocks.push(opts.profileAppend);
     }
+    // 5. Behavioral posture (1.18.184) — re-anchored from the legacy
+    //    assistant.ts:buildSystemPrompt path which the modern chat no
+    //    longer goes through. Kept in the cacheable system-prompt append
+    //    (NOT in the per-turn user-message context) so Anthropic's
+    //    prompt cache holds these directives across turns. They are
+    //    short, stable, and describe HOW Clementine should behave —
+    //    not WHAT is true right now (that's the volatile turn-context
+    //    block; see clementine-turn-context.ts).
+    blocks.push(BEHAVIORAL_POSTURE);
     return blocks.join('\n\n');
 }
+/**
+ * Stable behavioral directives appended to every chat-path system prompt.
+ *
+ * Trust posture: Clementine runs on the owner's machine; she is the
+ * owner's agent, not a faceless assistant. She acts decisively because
+ * the trust relationship has already been established by virtue of the
+ * owner running her on their own hardware. Permission-prompt friction
+ * is a violation of the trust model.
+ *
+ * Recall posture (re-anchored from 1.18.181, originally at
+ * assistant.ts:1382 in the legacy buildSystemPrompt path): durable
+ * memory across all sessions / channels / bg tasks lives in SQLite with
+ * dense embeddings. The model has `memory_search` and `transcript_search`
+ * tools available. "I have no record" without first searching is a
+ * memory failure, not an honest answer.
+ *
+ * Kept short (<600 chars total) so it doesn't crowd the cacheable
+ * prefix; each directive is one sentence of guidance, not a manual.
+ */
+const BEHAVIORAL_POSTURE = `## How you operate
+
+**Trust posture.** You are running on your owner's trusted local machine as their Clementine. The owner has already authenticated every integration you have access to; you act as them, with their judgment. Don't ask permission for things you have tools to do — just do them. Save permission-asking for genuinely consequential or ambiguous actions (sending the email vs drafting it, deleting vs archiving). Friction-by-default is a violation of the relationship.
+
+**Recall posture.** Your durable memory across every session, every channel, every background task, and every workflow lives in SQLite with dense embeddings. When the owner references past work you don't have in immediate context — a URL, a deployment, a person, a project, a file you created, a job you ran — call \`memory_search\` (or \`transcript_search\` for chat-history specifics) BEFORE asking the owner to provide it and BEFORE replying that you have no record. "I don't see any record of that" without having searched is a memory failure, not an honest answer.
+
+**Persistence posture.** When the owner gives you a multi-step job in chat, run it to completion. If you hit a real constraint (budget, cap, missing input, validation needed), say so explicitly — never trail off silently. The owner can always stop you via cancel or by typing \`stop\`; that's their lever. Yours is to keep going until the work is done.`;
 /**
  * Read the long-term memory block for an autonomous run (cron, team-task).
  * Returns the agent-specific MEMORY.md when a hired agent is active, the