context-mode 1.0.21 → 1.0.23

package/build/adapters/openclaw/session-db.js

@@ -0,0 +1,88 @@
+/**
+ * OpenClawSessionDB — OpenClaw-specific extension of SessionDB.
+ *
+ * Adds session_key mapping (openclaw_session_map table) and session
+ * rename support needed for OpenClaw's gateway restart re-keying.
+ *
+ * The shared SessionDB remains unaware of session_key; all OpenClaw-specific
+ * session mapping lives here.
+ */
+import { SessionDB } from "../../session/db.js";
+// ─────────────────────────────────────────────────────────
+// OpenClawSessionDB
+// ─────────────────────────────────────────────────────────
+export class OpenClawSessionDB extends SessionDB {
+    // ── Schema ──
+    initSchema() {
+        super.initSchema();
+        this.db.exec(`
+      CREATE TABLE IF NOT EXISTS openclaw_session_map (
+        session_key TEXT PRIMARY KEY,
+        session_id TEXT NOT NULL,
+        created_at TEXT NOT NULL DEFAULT (datetime('now'))
+      );
+    `);
+    }
+    prepareStatements() {
+        super.prepareStatements();
+        this.ocStmts = new Map();
+        const p = (key, sql) => {
+            this.ocStmts.set(key, this.db.prepare(sql));
+        };
+        p("getMostRecentSession", `SELECT session_id FROM openclaw_session_map WHERE session_key = ?`);
+        p("upsertSessionMap", `INSERT INTO openclaw_session_map (session_key, session_id)
+       VALUES (?, ?)
+       ON CONFLICT(session_key) DO UPDATE SET
+         session_id = excluded.session_id`);
+        p("deleteSessionMap", `DELETE FROM openclaw_session_map WHERE session_key = ?`);
+        p("renameSessionMeta", `UPDATE session_meta SET session_id = ? WHERE session_id = ?`);
+        p("renameSessionEvents", `UPDATE session_events SET session_id = ? WHERE session_id = ?`);
+        p("renameSessionResume", `UPDATE session_resume SET session_id = ? WHERE session_id = ?`);
+        p("renameSessionMap", `UPDATE openclaw_session_map SET session_id = ? WHERE session_id = ?`);
+    }
+    /** Shorthand to retrieve an OpenClaw-specific cached statement. */
+    oc(key) {
+        return this.ocStmts.get(key);
+    }
+    // ═══════════════════════════════════════════
+    // Session key mapping
+    // ═══════════════════════════════════════════
+    /**
+     * Ensure a session metadata entry exists with an associated session_key.
+     * Calls the parent's 2-param ensureSession and also records the mapping
+     * in openclaw_session_map.
+     */
+    ensureSessionWithKey(sessionId, projectDir, sessionKey) {
+        this.ensureSession(sessionId, projectDir);
+        this.oc("upsertSessionMap").run(sessionKey, sessionId);
+    }
+    /**
+     * Get the session_id of the most recently mapped session for a given sessionKey.
+     * Returns null if no sessions exist for that key.
+     */
+    getMostRecentSession(sessionKey) {
+        const row = this.oc("getMostRecentSession").get(sessionKey);
+        return row?.session_id ?? null;
+    }
+    /**
+     * Rename a session ID in-place across all tables (session_meta, session_events,
+     * session_resume, openclaw_session_map), preserving all events, metadata,
+     * and resume snapshots. Used when OpenClaw re-keys session IDs on gateway
+     * restart so accumulated events survive the re-key.
+     */
+    renameSession(oldId, newId) {
+        this.db.transaction(() => {
+            this.oc("renameSessionMeta").run(newId, oldId);
+            this.oc("renameSessionEvents").run(newId, oldId);
+            this.oc("renameSessionResume").run(newId, oldId);
+            this.oc("renameSessionMap").run(newId, oldId);
+        })();
+    }
+    /**
+     * Remove a session_key mapping from openclaw_session_map.
+     * Called on command:stop to clean up agent session tracking.
+     */
+    removeSessionKey(sessionKey) {
+        this.oc("deleteSessionMap").run(sessionKey);
+    }
+}

package/build/adapters/types.d.ts

@@ -206,7 +206,7 @@ export interface DiagnosticResult {
     fix?: string;
 }
 /** Supported platform identifiers. */
-export type PlatformId = "claude-code" | "gemini-cli" | "opencode" | "codex" | "vscode-copilot" | "cursor" | "unknown";
+export type PlatformId = "claude-code" | "gemini-cli" | "opencode" | "openclaw" | "codex" | "vscode-copilot" | "cursor" | "antigravity" | "kiro" | "unknown";
 /** Detection signal used to identify which platform is running. */
 export interface DetectionSignal {
     /** Platform identifier. */

package/build/cli.js

@@ -97,8 +97,9 @@ export function toUnixPath(p) {
 function getPluginRoot() {
     const __filename = fileURLToPath(import.meta.url);
     const __dirname = dirname(__filename);
-    // build/cli.js → go up one level; cli.bundle.mjs at project root → stay here
-    if (__dirname.endsWith("/build") || __dirname.endsWith("\\build")) {
+    // build/cli.js or src/cli.ts → go up one level; cli.bundle.mjs at project root → stay here
+    if (__dirname.endsWith("/build") || __dirname.endsWith("\\build") ||
+        __dirname.endsWith("/src") || __dirname.endsWith("\\src")) {
         return resolve(__dirname, "..");
     }
     return __dirname;
@@ -202,7 +203,8 @@ async function doctor() {
         }
         else {
             criticalFails++;
-            p.log.error(color.red("Server test: FAIL") + ` — exit ${result.exitCode}`);
+            const detail = result.stderr?.trim() ? ` (${result.stderr.trim().slice(0, 200)})` : "";
+            p.log.error(color.red("Server test: FAIL") + ` — exit ${result.exitCode}${detail}`);
         }
     }
     catch (err) {

package/build/executor.js

@@ -129,7 +129,7 @@ export class PolyglotExecutor {
         try {
             execSync(`rustc ${srcPath} -o ${binPath}`, {
                 cwd,
-                timeout: Math.min(timeout, 30_000),
+                timeout: Math.min(timeout, 60_000),
                 encoding: "utf-8",
                 stdio: ["pipe", "pipe", "pipe"],
             });
@@ -262,126 +262,113 @@ export class PolyglotExecutor {
     }
     #buildSafeEnv(tmpDir) {
         const realHome = process.env.HOME ?? process.env.USERPROFILE ?? tmpDir;
-        // Pass through auth-related env vars so CLI tools (gh, aws, gcloud, etc.) work
-        const passthrough = [
-            // GitHub
-            "GH_TOKEN",
-            "GITHUB_TOKEN",
-            "GH_HOST",
-            // AWS
-            "AWS_ACCESS_KEY_ID",
-            "AWS_SECRET_ACCESS_KEY",
-            "AWS_SESSION_TOKEN",
-            "AWS_REGION",
-            "AWS_DEFAULT_REGION",
-            "AWS_PROFILE",
-            // Google Cloud
-            "GOOGLE_APPLICATION_CREDENTIALS",
-            "CLOUDSDK_CONFIG",
-            // Docker / K8s
-            "DOCKER_HOST",
-            "KUBECONFIG",
-            // Node / npm
-            "NPM_TOKEN",
-            "NODE_AUTH_TOKEN",
-            "npm_config_registry",
-            // General
-            "HTTP_PROXY",
-            "HTTPS_PROXY",
-            "NO_PROXY",
-            "SSL_CERT_FILE",
-            "CURL_CA_BUNDLE",
-            "NODE_EXTRA_CA_CERTS",
-            "REQUESTS_CA_BUNDLE",
-            // XDG (config paths for gh, gcloud, etc.)
-            "XDG_CONFIG_HOME",
-            "XDG_DATA_HOME",
-            // SSH agent socket — required for git/jj operations that use SSH remotes.
-            // Without this, subprocesses cannot reach the agent and fall back to
-            // prompting for the key passphrase directly on the TTY, which corrupts
-            // Claude Code's PTY ownership.
-            "SSH_AUTH_SOCK",
-            "SSH_AGENT_PID",
-            // Virtual environments (direnv, nix devshells, asdf, mise, etc.)
-            "DIRENV_DIR",
-            "DIRENV_FILE",
-            "DIRENV_DIFF",
-            "DIRENV_WATCHES",
-            "DIRENV_LAYOUT_DIR",
-            "NIX_PATH",
-            "NIX_PROFILES",
-            "NIX_SSL_CERT_FILE",
-            "NIX_CC",
-            "NIX_STORE",
-            "NIX_BUILD_CORES",
-            "IN_NIX_SHELL",
-            "LOCALE_ARCHIVE",
-            "LD_LIBRARY_PATH",
-            "DYLD_LIBRARY_PATH",
-            "LIBRARY_PATH",
-            "C_INCLUDE_PATH",
-            "CPLUS_INCLUDE_PATH",
-            "PKG_CONFIG_PATH",
-            "CMAKE_PREFIX_PATH",
-            "GOPATH",
-            "GOROOT",
-            "CARGO_HOME",
-            "RUSTUP_HOME",
-            "ASDF_DIR",
-            "ASDF_DATA_DIR",
-            "MISE_DATA_DIR",
-            "VIRTUAL_ENV",
-            "CONDA_PREFIX",
-            "CONDA_DEFAULT_ENV",
-            "PYTHONPATH",
-            "GEM_HOME",
-            "GEM_PATH",
-            "BUNDLE_PATH",
-            "RBENV_ROOT",
-            "JAVA_HOME",
-            "SDKMAN_DIR",
-        ];
-        const env = {
-            PATH: process.env.PATH ?? (isWin ? "" : "/usr/local/bin:/usr/bin:/bin"),
-            HOME: realHome,
-            TMPDIR: tmpDir,
-            LANG: "en_US.UTF-8",
-            PYTHONDONTWRITEBYTECODE: "1",
-            PYTHONUNBUFFERED: "1",
-            PYTHONUTF8: "1",
-            NO_COLOR: "1",
-        };
-        // Windows-critical env vars
-        if (isWin) {
-            const winVars = [
-                "SYSTEMROOT", "SystemRoot", "COMSPEC", "PATHEXT",
-                "USERPROFILE", "APPDATA", "LOCALAPPDATA", "TEMP", "TMP",
-            ];
-            for (const key of winVars) {
-                if (process.env[key])
-                    env[key] = process.env[key];
+        // Denylist: env vars that corrupt sandbox stdout, inject code, or break
+        // language runtimes. Each entry is backed by CVE, MITRE, or live testing.
+        // See: https://www.elttam.com/blog/env/, MITRE T1574.006
+        const DENIED = new Set([
+            // Shell — auto-execute scripts, override builtins
+            "BASH_ENV", // sourced by non-interactive bash
+            "ENV", // sourced by sh/dash
+            "PROMPT_COMMAND", // runs before each prompt
+            "PS4", // $(cmd) expansion in xtrace
+            "SHELLOPTS", // enables xtrace/verbose, dumps to stdout
+            "BASHOPTS", // bash-specific shell options
+            "CDPATH", // makes cd print to stdout
+            "INPUTRC", // readline key rebinding
+            "BASH_XTRACEFD", // redirects debug output to stdout
+            // Node.js — require injection, inspector
+            "NODE_OPTIONS", // --require, --loader, --inspect
+            "NODE_PATH", // module search path injection
+            // Python — stdlib override, startup injection
+            "PYTHONSTARTUP", // auto-executes in interactive mode
+            "PYTHONHOME", // overrides stdlib location (breaks Python)
+            "PYTHONWARNINGS", // triggers module import chain → RCE
+            "PYTHONBREAKPOINT", // arbitrary callable
+            "PYTHONINSPECT", // enters interactive mode after script
+            // Ruby — option/module injection
+            "RUBYOPT", // injects CLI options (-r loads files)
+            "RUBYLIB", // module search path injection
+            // Perl — option/module injection
+            "PERL5OPT", // injects CLI options (-M runs code)
+            "PERL5LIB", // module search path injection
+            "PERLLIB", // legacy module search path
+            "PERL5DB", // debugger command injection
+            // Elixir/Erlang — eval injection
+            "ERL_AFLAGS", // prepends erl flags (-eval runs code)
+            "ERL_FLAGS", // appends erl flags
+            "ELIXIR_ERL_OPTIONS", // Elixir-specific erl flags
+            "ERL_LIBS", // beam file loading
+            // Go — compiler/linker injection
+            "GOFLAGS", // injects go command flags
+            "CGO_CFLAGS", // C compiler flag injection
+            "CGO_LDFLAGS", // linker flag injection
+            // Rust — compiler substitution
+            "RUSTC", // arbitrary compiler binary
+            "RUSTC_WRAPPER", // compiler wrapper injection
+            "RUSTC_WORKSPACE_WRAPPER",
+            "CARGO_BUILD_RUSTC",
+            "CARGO_BUILD_RUSTC_WRAPPER",
+            "RUSTFLAGS", // compiler flag injection
+            // PHP — config injection
+            "PHPRC", // auto_prepend_file → RCE
+            "PHP_INI_SCAN_DIR", // additional .ini loading
+            // R — startup script injection
+            "R_PROFILE", // site-wide R profile
+            "R_PROFILE_USER", // user R profile
+            "R_HOME", // R installation override
+            // Dynamic linker — shared library injection
+            "LD_PRELOAD", // loads .so before all others (Linux)
+            "DYLD_INSERT_LIBRARIES", // macOS equivalent of LD_PRELOAD
+            // OpenSSL — engine loading
+            "OPENSSL_CONF", // loads engine modules → .so exec
+            "OPENSSL_ENGINES", // engine directory override
+            // Compiler — binary substitution
+            "CC", // C compiler override
+            "CXX", // C++ compiler override
+            "AR", // archiver override
+            // Git — command injection via hooks/config
+            "GIT_TEMPLATE_DIR", // hook injection on git init
+            "GIT_CONFIG_GLOBAL", // core.pager/editor runs commands
+            "GIT_CONFIG_SYSTEM", // system-level config injection
+            "GIT_EXEC_PATH", // substitute git subcommands
+            "GIT_SSH", // arbitrary command instead of ssh
+            "GIT_SSH_COMMAND", // arbitrary ssh command
+            "GIT_ASKPASS", // arbitrary credential command
+        ]);
+        // Start with parent env, then strip dangerous vars and apply overrides
+        const env = {};
+        for (const [key, val] of Object.entries(process.env)) {
+            if (val !== undefined && !DENIED.has(key) && !key.startsWith("BASH_FUNC_")) {
+                env[key] = val;
             }
-            // Prevent MSYS2/Git Bash from converting non-ASCII Windows paths
-            // (e.g. Chinese characters in project paths) to POSIX paths.
+        }
+        // Sandbox overrides — forced values for correct sandbox behavior
+        env["TMPDIR"] = tmpDir;
+        env["HOME"] = realHome;
+        env["LANG"] = "en_US.UTF-8";
+        env["PYTHONDONTWRITEBYTECODE"] = "1";
+        env["PYTHONUNBUFFERED"] = "1";
+        env["PYTHONUTF8"] = "1";
+        env["NO_COLOR"] = "1";
+        // Windows uses "Path" (not "PATH") — normalize to "PATH" for consistency
+        if (isWin && !env["PATH"] && env["Path"]) {
+            env["PATH"] = env["Path"];
+            delete env["Path"];
+        }
+        if (!env["PATH"]) {
+            env["PATH"] = isWin ? "" : "/usr/local/bin:/usr/bin:/bin";
+        }
+        // Windows-critical env vars and path fixes
+        if (isWin) {
             env["MSYS_NO_PATHCONV"] = "1";
             env["MSYS2_ARG_CONV_EXCL"] = "*";
-            // Ensure Git Bash unix tools (cat, ls, head, etc.) are on PATH.
-            // The MCP server process may not inherit the full user PATH that
-            // includes Git's usr/bin directory.
             const gitUsrBin = "C:\\Program Files\\Git\\usr\\bin";
             const gitBin = "C:\\Program Files\\Git\\bin";
             if (!env["PATH"].includes(gitUsrBin)) {
                 env["PATH"] = `${gitUsrBin};${gitBin};${env["PATH"]}`;
             }
         }
-        for (const key of passthrough) {
-            if (process.env[key]) {
-                env[key] = process.env[key];
-            }
-        }
         // Ensure SSL_CERT_FILE is set so Python/Ruby HTTPS works in sandbox.
-        // On macOS, it's typically unset (Python uses its own bundle or none),
-        // causing urllib/requests to fail with SSL cert verification errors.
         if (!env["SSL_CERT_FILE"]) {
             const certPaths = isWin ? [] : [
                 "/etc/ssl/cert.pem", // macOS, some Linux
@@ -416,7 +403,7 @@ export class PolyglotExecutor {
             case "go":
                 return `package main\n\nimport (\n\t"fmt"\n\t"os"\n)\n\nvar FILE_CONTENT_PATH = ${escaped}\nvar file_path = FILE_CONTENT_PATH\n\nfunc main() {\n\tb, _ := os.ReadFile(FILE_CONTENT_PATH)\n\tFILE_CONTENT := string(b)\n\t_ = FILE_CONTENT\n\t_ = fmt.Sprint()\n${code}\n}\n`;
             case "rust":
-                return `use std::fs;\n\nfn main() {\n    let file_content_path = ${escaped};\n    let file_path = file_content_path;\n    let file_content = fs::read_to_string(file_content_path).unwrap();\n${code}\n}\n`;
+                return `#![allow(unused_variables)]\nuse std::fs;\n\nfn main() {\n    let file_content_path = ${escaped};\n    let file_path = file_content_path;\n    let file_content = fs::read_to_string(file_content_path).unwrap();\n${code}\n}\n`;
             case "php":
                 return `<?php\n$FILE_CONTENT_PATH = ${escaped};\n$file_path = $FILE_CONTENT_PATH;\n$FILE_CONTENT = file_get_contents($FILE_CONTENT_PATH);\n${code}`;
             case "perl":

package/build/openclaw/workspace-router.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Extract the agent workspace path from tool call params.
+ * Looks for /openclaw/workspace-<name> patterns in cwd, file_path, and command.
+ * Returns the workspace root (e.g. "/openclaw/workspace-trainer") or null.
+ */
+export declare function extractWorkspace(params: Record<string, unknown>): string | null;
+/**
+ * Maps agent workspaces to sessionIds using sessionKey convention.
+ * sessionKey pattern: "agent:<name>:main" → workspace "/openclaw/workspace-<name>"
+ *
+ * Why this exists alongside per-session closures:
+ * Each register() call creates its own closure with its own sessionId, which
+ * naturally isolates sessions. The WorkspaceRouter acts as a safety net for
+ * after_tool_call events where OpenClaw may deliver the event to the wrong
+ * closure (e.g. tool calls interleaving across agents). It resolves the correct
+ * sessionId from workspace paths in tool params, falling back to the closure
+ * sessionId when no workspace is detected.
+ */
+export declare class WorkspaceRouter {
+    private map;
+    /** Register a session from session_start event. */
+    registerSession(sessionKey: string, sessionId: string): void;
+    /** Remove a session (e.g. on command:stop). */
+    removeSession(sessionKey: string): void;
+    /** Resolve sessionId from tool call params. Returns null if no match. */
+    resolveSessionId(params: Record<string, unknown>): string | null;
+    /** Derive workspace path from sessionKey. */
+    private workspaceFromKey;
+}

package/build/openclaw/workspace-router.js

@@ -0,0 +1,64 @@
+/**
+ * Extract the agent workspace path from tool call params.
+ * Looks for /openclaw/workspace-<name> patterns in cwd, file_path, and command.
+ * Returns the workspace root (e.g. "/openclaw/workspace-trainer") or null.
+ */
+export function extractWorkspace(params) {
+    // Priority: cwd > file_path > command (most specific first)
+    const sources = [
+        params.cwd,
+        params.file_path,
+        params.command,
+    ].filter((v) => typeof v === "string");
+    for (const src of sources) {
+        const match = src.match(/\/openclaw\/workspace-[a-zA-Z0-9_-]+/);
+        if (match)
+            return match[0];
+    }
+    return null;
+}
+/**
+ * Maps agent workspaces to sessionIds using sessionKey convention.
+ * sessionKey pattern: "agent:<name>:main" → workspace "/openclaw/workspace-<name>"
+ *
+ * Why this exists alongside per-session closures:
+ * Each register() call creates its own closure with its own sessionId, which
+ * naturally isolates sessions. The WorkspaceRouter acts as a safety net for
+ * after_tool_call events where OpenClaw may deliver the event to the wrong
+ * closure (e.g. tool calls interleaving across agents). It resolves the correct
+ * sessionId from workspace paths in tool params, falling back to the closure
+ * sessionId when no workspace is detected.
+ */
+export class WorkspaceRouter {
+    // workspace path → sessionId
+    map = new Map();
+    /** Register a session from session_start event. */
+    registerSession(sessionKey, sessionId) {
+        const workspace = this.workspaceFromKey(sessionKey);
+        if (workspace) {
+            this.map.set(workspace, sessionId);
+        }
+    }
+    /** Remove a session (e.g. on command:stop). */
+    removeSession(sessionKey) {
+        const workspace = this.workspaceFromKey(sessionKey);
+        if (workspace) {
+            this.map.delete(workspace);
+        }
+    }
+    /** Resolve sessionId from tool call params. Returns null if no match. */
+    resolveSessionId(params) {
+        const workspace = extractWorkspace(params);
+        if (!workspace)
+            return null;
+        return this.map.get(workspace) ?? null;
+    }
+    /** Derive workspace path from sessionKey. */
+    workspaceFromKey(key) {
+        // Pattern: "agent:<name>:main" or "agent:<name>:<channel>"
+        const match = key.match(/^agent:([^:]+):/);
+        if (!match)
+            return null;
+        return `/openclaw/workspace-${match[1]}`;
+    }
+}

package/build/openclaw-plugin.d.ts

@@ -0,0 +1,121 @@
+/**
+ * OpenClaw TypeScript plugin entry point for context-mode.
+ *
+ * Exports an object with { id, name, configSchema, register(api) } for
+ * declarative metadata and config validation before code execution.
+ *
+ * register(api) registers:
+ *   - before_tool_call hook   — Routing enforcement (deny/modify/passthrough)
+ *   - after_tool_call hook    — Session event capture
+ *   - command:new hook         — Session initialization and cleanup
+ *   - session_start hook             — Re-key DB session to OpenClaw's session ID
+ *   - before_compaction hook         — Flush events to resume snapshot
+ *   - after_compaction hook          — Increment compact count
+ *   - before_prompt_build (p=10)  — Resume snapshot injection into system context
+ *   - before_prompt_build (p=5)   — Routing instruction injection into system context
+ *   - context-mode engine      — Context engine with compaction management
+ *   - /ctx-stats command       — Auto-reply command for session statistics
+ *   - /ctx-doctor command      — Auto-reply command for diagnostics
+ *   - /ctx-upgrade command     — Auto-reply command for upgrade
+ *
+ * Loaded by OpenClaw via: openclaw.extensions entry in package.json
+ *
+ * OpenClaw plugin paradigm:
+ *   - Plugins export { id, name, configSchema, register(api) } for metadata
+ *   - api.registerHook() for event-driven hooks
+ *   - api.on() for typed lifecycle hooks
+ *   - api.registerContextEngine() for compaction ownership
+ *   - api.registerCommand() for auto-reply slash commands
+ *   - Plugins run in-process with the Gateway (trusted code)
+ */
+/** Context for auto-reply command handlers. */
+interface CommandContext {
+    senderId?: string;
+    channel?: string;
+    isAuthorizedSender?: boolean;
+    args?: string;
+    commandBody?: string;
+    config?: Record<string, unknown>;
+}
+/** OpenClaw plugin API provided to the register function. */
+interface OpenClawPluginApi {
+    registerHook(event: string, handler: (...args: unknown[]) => unknown, meta: {
+        name: string;
+        description: string;
+    }): void;
+    /**
+     * Register a typed lifecycle hook.
+     * Supported names: "session_start", "before_compaction", "after_compaction",
+     * "before_prompt_build"
+     */
+    on(event: string, handler: (...args: unknown[]) => unknown, opts?: {
+        priority?: number;
+    }): void;
+    registerContextEngine(id: string, factory: () => ContextEngineInstance): void;
+    registerCommand?(cmd: {
+        name: string;
+        description: string;
+        acceptsArgs?: boolean;
+        requireAuth?: boolean;
+        handler: (ctx: CommandContext) => {
+            text: string;
+        } | Promise<{
+            text: string;
+        }>;
+    }): void;
+    registerCli?(factory: (ctx: {
+        program: unknown;
+    }) => void, meta: {
+        commands: string[];
+    }): void;
+    logger?: {
+        info: (...args: unknown[]) => void;
+        error: (...args: unknown[]) => void;
+        debug?: (...args: unknown[]) => void;
+        warn?: (...args: unknown[]) => void;
+    };
+}
+/** Context engine instance returned by the factory. */
+interface ContextEngineInstance {
+    info: {
+        id: string;
+        name: string;
+        ownsCompaction: boolean;
+    };
+    ingest(data: unknown): Promise<{
+        ingested: boolean;
+    }>;
+    assemble(ctx: {
+        messages: unknown[];
+    }): Promise<{
+        messages: unknown[];
+        estimatedTokens: number;
+    }>;
+    compact(): Promise<{
+        ok: boolean;
+        compacted: boolean;
+    }>;
+}
+/**
+ * OpenClaw plugin definition. The object form provides declarative metadata
+ * (id, name, configSchema) that OpenClaw can read without executing code.
+ * register() is called once per agent session with a fresh api object.
+ * Each call creates isolated closures (db, sessionId, hooks) — no shared state.
+ */
+declare const _default: {
+    id: string;
+    name: string;
+    configSchema: {
+        type: "object";
+        properties: {
+            enabled: {
+                type: "boolean";
+                default: boolean;
+                description: string;
+            };
+        };
+        additionalProperties: boolean;
+    };
+    register(api: OpenClawPluginApi): void;
+};
+export default _default;