forge-openclaw-plugin 0.2.43 → 0.2.45

package/dist/server/server/src/openapi.js

@@ -333,6 +333,18 @@ export function buildOpenApiDocument() {
             message: { type: "string" }
         }
     };
+    const validationExpectedShape = {
+        type: "object",
+        additionalProperties: true,
+        required: ["inputShape", "requiredFields", "notes"],
+        properties: {
+            toolName: { type: "string" },
+            inputShape: { type: "string" },
+            requiredFields: arrayOf({ type: "string" }),
+            example: { type: ["string", "null"] },
+            notes: arrayOf({ type: "string" })
+        }
+    };
     const errorResponse = {
         type: "object",
         additionalProperties: true,
@@ -341,7 +353,12 @@ export function buildOpenApiDocument() {
             code: { type: "string" },
             error: { type: "string" },
             statusCode: { type: "integer" },
-            details: arrayOf({ $ref: "#/components/schemas/ValidationIssue" })
+            route: { type: "string" },
+            validationSummary: { type: "string" },
+            details: arrayOf({ $ref: "#/components/schemas/ValidationIssue" }),
+            expectedShape: {
+                $ref: "#/components/schemas/ValidationExpectedShape"
+            }
         }
     };
     const tag = {
@@ -1808,6 +1825,43 @@ export function buildOpenApiDocument() {
             }
         }
     };
+    const agentBootstrapPolicy = {
+        type: "object",
+        additionalProperties: false,
+        required: [
+            "mode",
+            "goalsLimit",
+            "projectsLimit",
+            "tasksLimit",
+            "habitsLimit",
+            "strategiesLimit",
+            "peoplePageLimit",
+            "includePeoplePages"
+        ],
+        properties: {
+            mode: {
+                type: "string",
+                enum: ["disabled", "active_only", "scoped", "full"]
+            },
+            goalsLimit: { type: "integer", minimum: 0, maximum: 100 },
+            projectsLimit: { type: "integer", minimum: 0, maximum: 100 },
+            tasksLimit: { type: "integer", minimum: 0, maximum: 100 },
+            habitsLimit: { type: "integer", minimum: 0, maximum: 100 },
+            strategiesLimit: { type: "integer", minimum: 0, maximum: 100 },
+            peoplePageLimit: { type: "integer", minimum: 0, maximum: 50 },
+            includePeoplePages: { type: "boolean" }
+        }
+    };
+    const agentScopePolicy = {
+        type: "object",
+        additionalProperties: false,
+        required: ["userIds", "projectIds", "tagIds"],
+        properties: {
+            userIds: arrayOf({ type: "string" }),
+            projectIds: arrayOf({ type: "string" }),
+            tagIds: arrayOf({ type: "string" })
+        }
+    };
     const agentTokenSummary = {
         type: "object",
         additionalProperties: false,
@@ -1822,6 +1876,8 @@ export function buildOpenApiDocument() {
             "autonomyMode",
             "approvalMode",
             "description",
+            "bootstrapPolicy",
+            "scopePolicy",
             "lastUsedAt",
             "revokedAt",
             "createdAt",
@@ -1848,6 +1904,8 @@ export function buildOpenApiDocument() {
                 enum: ["approval_by_default", "high_impact_only", "none"]
             },
             description: { type: "string" },
+            bootstrapPolicy: { $ref: "#/components/schemas/AgentBootstrapPolicy" },
+            scopePolicy: { $ref: "#/components/schemas/AgentScopePolicy" },
             lastUsedAt: nullable({ type: "string", format: "date-time" }),
             revokedAt: nullable({ type: "string", format: "date-time" }),
             createdAt: { type: "string", format: "date-time" },
@@ -2762,6 +2820,10 @@ export function buildOpenApiDocument() {
             "recommendedTrustLevel",
             "recommendedAutonomyMode",
             "recommendedApprovalMode",
+            "defaultBootstrapPolicy",
+            "effectiveBootstrapPolicy",
+            "defaultScopePolicy",
+            "effectiveScopePolicy",
             "authModes",
             "tokenRecovery",
             "requiredHeaders",
@@ -2810,6 +2872,18 @@ export function buildOpenApiDocument() {
                 type: "string",
                 enum: ["approval_by_default", "high_impact_only", "none"]
             },
+            defaultBootstrapPolicy: {
+                $ref: "#/components/schemas/AgentBootstrapPolicy"
+            },
+            effectiveBootstrapPolicy: {
+                $ref: "#/components/schemas/AgentBootstrapPolicy"
+            },
+            defaultScopePolicy: {
+                $ref: "#/components/schemas/AgentScopePolicy"
+            },
+            effectiveScopePolicy: {
+                $ref: "#/components/schemas/AgentScopePolicy"
+            },
             authModes: {
                 type: "object",
                 additionalProperties: false,
@@ -4098,6 +4172,7 @@ export function buildOpenApiDocument() {
         components: {
             schemas: {
                 ValidationIssue: validationIssue,
+                ValidationExpectedShape: validationExpectedShape,
                 ErrorResponse: errorResponse,
                 Tag: tag,
                 Goal: goal,
@@ -4154,6 +4229,8 @@ export function buildOpenApiDocument() {
                 AgentRuntimeSessionEvent: agentRuntimeSessionEvent,
                 AgentRuntimeSession: agentRuntimeSession,
                 AgentRuntimeSessionHistory: agentRuntimeSessionHistory,
+                AgentBootstrapPolicy: agentBootstrapPolicy,
+                AgentScopePolicy: agentScopePolicy,
                 AgentTokenSummary: agentTokenSummary,
                 AgentTokenMutationResult: agentTokenMutationResult,
                 Domain: domain,

package/dist/server/server/src/repositories/settings.js

@@ -7,7 +7,7 @@ import { recordActivityEvent } from "./activity-events.js";
 import { recordEventLog } from "./event-log.js";
 import { resolveGoogleCalendarOauthPublicConfig } from "../services/google-calendar-oauth-config.js";
 import { buildConnectionAgentIdentity, FORGE_DEFAULT_AGENT_ID, listAiModelConnections, syncForgeManagedWikiProfile } from "./model-settings.js";
-import { createAgentTokenSchema, agentIdentitySchema, customThemeSchema, settingsPayloadSchema, updateSettingsSchema } from "../types.js";
+import { agentBootstrapPolicySchema, agentScopePolicySchema, createAgentTokenSchema, legacyAgentBootstrapPolicy, defaultAgentScopePolicy, agentIdentitySchema, customThemeSchema, settingsPayloadSchema, updateSettingsSchema } from "../types.js";
 const settingsFileSchema = settingsPayloadSchema.deepPartial();
 let settingsFileSyncDepth = 0;
 let lastSettingsFileStatus = {
@@ -319,6 +319,12 @@ function mapAgent(row) {
     });
 }
 function mapToken(row) {
+    const bootstrapPolicy = agentBootstrapPolicySchema.parse(row.bootstrap_policy_json
+        ? JSON.parse(row.bootstrap_policy_json)
+        : legacyAgentBootstrapPolicy);
+    const scopePolicy = agentScopePolicySchema.parse(row.scope_policy_json
+        ? JSON.parse(row.scope_policy_json)
+        : defaultAgentScopePolicy);
     return {
         id: row.id,
         label: row.label,
@@ -330,6 +336,8 @@ function mapToken(row) {
         autonomyMode: row.autonomy_mode,
         approvalMode: row.approval_mode,
         description: row.description,
+        bootstrapPolicy,
+        scopePolicy,
         lastUsedAt: row.last_used_at,
         revokedAt: row.revoked_at,
         createdAt: row.created_at,
@@ -409,6 +417,8 @@ export function listAgentTokens() {
          agent_tokens.label,
          agent_tokens.token_prefix,
          agent_tokens.scopes_json,
+         agent_tokens.bootstrap_policy_json,
+         agent_tokens.scope_policy_json,
          agent_tokens.agent_id,
          agent_identities.label AS agent_label,
          agent_tokens.trust_level,
@@ -807,9 +817,9 @@ export function createAgentToken(input, activity) {
         const tokenPrefix = `${token.slice(0, 10)}••••`;
         getDatabase()
             .prepare(`INSERT INTO agent_tokens (
-          id, label, token_hash, token_prefix, scopes_json, agent_id, trust_level, autonomy_mode, approval_mode, description, created_at, updated_at
-        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`)
-            .run(id, parsed.label, hashToken(token), tokenPrefix, JSON.stringify(parsed.scopes), agent.id, parsed.trustLevel, parsed.autonomyMode, parsed.approvalMode, parsed.description, now, now);
+          id, label, token_hash, token_prefix, scopes_json, bootstrap_policy_json, scope_policy_json, agent_id, trust_level, autonomy_mode, approval_mode, description, created_at, updated_at
+        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`)
+            .run(id, parsed.label, hashToken(token), tokenPrefix, JSON.stringify(parsed.scopes), JSON.stringify(parsed.bootstrapPolicy), JSON.stringify(parsed.scopePolicy), agent.id, parsed.trustLevel, parsed.autonomyMode, parsed.approvalMode, parsed.description, now, now);
         const tokenSummary = listAgentTokens().find((entry) => entry.id === id);
         if (activity) {
             recordActivityEvent({
@@ -823,7 +833,11 @@ export function createAgentToken(input, activity) {
                 metadata: {
                     agentId: agent.id,
                     agentLabel: agent.label,
-                    scopes: parsed.scopes.join(",")
+                    scopes: parsed.scopes.join(","),
+                    bootstrapMode: parsed.bootstrapPolicy.mode,
+                    scopedUserIds: parsed.scopePolicy.userIds.join(","),
+                    scopedProjectIds: parsed.scopePolicy.projectIds.join(","),
+                    scopedTagIds: parsed.scopePolicy.tagIds.join(",")
                 }
             });
             recordEventLog({
@@ -836,7 +850,11 @@ export function createAgentToken(input, activity) {
                     agentId: agent.id,
                     trustLevel: parsed.trustLevel,
                     autonomyMode: parsed.autonomyMode,
-                    approvalMode: parsed.approvalMode
+                    approvalMode: parsed.approvalMode,
+                    bootstrapMode: parsed.bootstrapPolicy.mode,
+                    scopeUserCount: parsed.scopePolicy.userIds.length,
+                    scopeProjectCount: parsed.scopePolicy.projectIds.length,
+                    scopeTagCount: parsed.scopePolicy.tagIds.length
                 }
             });
         }
@@ -929,6 +947,8 @@ export function verifyAgentToken(token) {
          agent_tokens.label,
          agent_tokens.token_prefix,
          agent_tokens.scopes_json,
+         agent_tokens.bootstrap_policy_json,
+         agent_tokens.scope_policy_json,
          agent_tokens.agent_id,
          agent_identities.label AS agent_label,
          agent_tokens.trust_level,

package/dist/server/server/src/types.js

@@ -213,6 +213,77 @@ export const approvalModeSchema = z.enum([
     "high_impact_only",
     "none"
 ]);
+export const agentBootstrapModeSchema = z.enum([
+    "disabled",
+    "active_only",
+    "scoped",
+    "full"
+]);
+export const defaultAgentBootstrapPolicy = {
+    mode: "active_only",
+    goalsLimit: 5,
+    projectsLimit: 8,
+    tasksLimit: 10,
+    habitsLimit: 6,
+    strategiesLimit: 4,
+    peoplePageLimit: 4,
+    includePeoplePages: true
+};
+export const legacyAgentBootstrapPolicy = {
+    mode: "full",
+    goalsLimit: 25,
+    projectsLimit: 25,
+    tasksLimit: 25,
+    habitsLimit: 20,
+    strategiesLimit: 20,
+    peoplePageLimit: 12,
+    includePeoplePages: true
+};
+export const agentBootstrapPolicySchema = z.object({
+    mode: agentBootstrapModeSchema.default(defaultAgentBootstrapPolicy.mode),
+    goalsLimit: z.coerce
+        .number()
+        .int()
+        .min(0)
+        .max(100)
+        .default(defaultAgentBootstrapPolicy.goalsLimit),
+    projectsLimit: z.coerce
+        .number()
+        .int()
+        .min(0)
+        .max(100)
+        .default(defaultAgentBootstrapPolicy.projectsLimit),
+    tasksLimit: z.coerce
+        .number()
+        .int()
+        .min(0)
+        .max(100)
+        .default(defaultAgentBootstrapPolicy.tasksLimit),
+    habitsLimit: z.coerce
+        .number()
+        .int()
+        .min(0)
+        .max(100)
+        .default(defaultAgentBootstrapPolicy.habitsLimit),
+    strategiesLimit: z.coerce
+        .number()
+        .int()
+        .min(0)
+        .max(100)
+        .default(defaultAgentBootstrapPolicy.strategiesLimit),
+    peoplePageLimit: z.coerce
+        .number()
+        .int()
+        .min(0)
+        .max(50)
+        .default(defaultAgentBootstrapPolicy.peoplePageLimit),
+    includePeoplePages: z.boolean().default(defaultAgentBootstrapPolicy.includePeoplePages)
+});
+export const defaultAgentScopePolicy = {
+    userIds: [],
+    projectIds: [],
+    tagIds: []
+};
 export const agentRuntimeProviderSchema = z.enum([
     "openclaw",
     "hermes",
@@ -393,6 +464,13 @@ const uniqueStringArraySchema = z
         seen.add(value);
     });
 });
+export const agentScopePolicySchema = z.object({
+    userIds: uniqueStringArraySchema.default(() => [...defaultAgentScopePolicy.userIds]),
+    projectIds: uniqueStringArraySchema.default(() => [
+        ...defaultAgentScopePolicy.projectIds
+    ]),
+    tagIds: uniqueStringArraySchema.default(() => [...defaultAgentScopePolicy.tagIds])
+});
 const integerMinuteSchema = z
     .number()
     .int()
@@ -2013,6 +2091,8 @@ export const agentTokenSummarySchema = z.object({
     autonomyMode: autonomyModeSchema,
     approvalMode: approvalModeSchema,
     description: z.string(),
+    bootstrapPolicy: agentBootstrapPolicySchema,
+    scopePolicy: agentScopePolicySchema,
     lastUsedAt: z.string().nullable(),
     revokedAt: z.string().nullable(),
     createdAt: z.string(),
@@ -3522,7 +3602,9 @@ export const createAgentTokenSchema = z.object({
     trustLevel: agentTrustLevelSchema.default("standard"),
     autonomyMode: autonomyModeSchema.default("approval_required"),
     approvalMode: approvalModeSchema.default("approval_by_default"),
-    scopes: uniqueStringArraySchema.default(["read", "write", "insights"])
+    scopes: uniqueStringArraySchema.default(["read", "write", "insights"]),
+    bootstrapPolicy: agentBootstrapPolicySchema.default(defaultAgentBootstrapPolicy),
+    scopePolicy: agentScopePolicySchema.default(defaultAgentScopePolicy)
 });
 export const activityArchiveQuerySchema = activityListQuerySchema.extend({
     groupBy: z.enum(["day", "entity"]).optional(),

package/dist/server/src/lib/schemas.js

@@ -138,7 +138,22 @@ export const createAgentTokenSchema = z.object({
     trustLevel: z.enum(["standard", "trusted", "autonomous"]),
     autonomyMode: z.enum(["approval_required", "scoped_write", "autonomous"]),
     approvalMode: z.enum(["approval_by_default", "high_impact_only", "none"]),
-    scopes: z.array(z.string().trim().min(1)).min(1)
+    scopes: z.array(z.string().trim().min(1)).min(1),
+    bootstrapPolicy: z.object({
+        mode: z.enum(["disabled", "active_only", "scoped", "full"]),
+        goalsLimit: z.coerce.number().int().min(0).max(100),
+        projectsLimit: z.coerce.number().int().min(0).max(100),
+        tasksLimit: z.coerce.number().int().min(0).max(100),
+        habitsLimit: z.coerce.number().int().min(0).max(100),
+        strategiesLimit: z.coerce.number().int().min(0).max(100),
+        peoplePageLimit: z.coerce.number().int().min(0).max(50),
+        includePeoplePages: z.boolean()
+    }),
+    scopePolicy: z.object({
+        userIds: z.array(z.string().trim().min(1)),
+        projectIds: z.array(z.string().trim().min(1)),
+        tagIds: z.array(z.string().trim().min(1))
+    })
 });
 export const createInsightSchema = z.object({
     originType: z.enum(["system", "user", "agent"]),

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "forge-openclaw-plugin",
   "name": "Forge",
   "description": "Curated OpenClaw adapter for the Forge collaboration API, UI entrypoint, and localhost auto-start runtime.",
-  "version": "0.2.43",
+  "version": "0.2.45",
   "skills": [
     "./skills"
   ],
@@ -34,6 +34,10 @@
       "help": "Optional acting user label for provenance. Leave blank to inherit the local operator session label, or set one when a child agent should announce itself under a specific user.",
       "placeholder": "Inherited from Forge operator session"
     },
+    "injectBootstrapContext": {
+      "label": "Inject Bootstrap Context",
+      "help": "Enabled by default. Turn this off when you want OpenClaw sessions to start without a preseeded Forge BOOTSTRAP.md context file to conserve token budget."
+    },
     "timeoutMs": {
       "label": "Request Timeout (ms)",
       "help": "Maximum time to wait before the plugin aborts an upstream Forge request.",
@@ -71,6 +75,11 @@
         "default": "",
         "description": "Optional acting user label recorded in Forge provenance headers. Leave blank to inherit the local operator session label automatically."
       },
+      "injectBootstrapContext": {
+        "type": "boolean",
+        "default": true,
+        "description": "Whether OpenClaw should inject a preseeded Forge BOOTSTRAP.md file into new agent sessions. Disable this to conserve context or model-token budget."
+      },
       "timeoutMs": {
         "type": "integer",
         "default": 15000,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "forge-openclaw-plugin",
-  "version": "0.2.43",
+  "version": "0.2.45",
   "description": "Curated OpenClaw adapter for the Forge collaboration API, UI entrypoint, and localhost auto-start runtime.",
   "type": "module",
   "license": "MIT",

package/server/migrations/050_agent_token_bootstrap_policy.sql

@@ -0,0 +1,2 @@
+ALTER TABLE agent_tokens
+  ADD COLUMN bootstrap_policy_json TEXT NOT NULL DEFAULT '{"mode":"full","goalsLimit":25,"projectsLimit":25,"tasksLimit":25,"habitsLimit":20,"strategiesLimit":20,"peoplePageLimit":12,"includePeoplePages":true}';

package/server/migrations/051_agent_token_scope_policy.sql

@@ -0,0 +1,2 @@
+ALTER TABLE agent_tokens
+  ADD COLUMN scope_policy_json TEXT NOT NULL DEFAULT '{"userIds":[],"projectIds":[],"tagIds":[]}';

package/skills/forge-openclaw/entity_conversation_playbooks.md

@@ -61,6 +61,9 @@ Forge correctly, and gather only the structure that still matters.
   and then act.
 - Once the route family is clear, say it plainly enough that another agent could follow
   the same path without guessing.
+- For meaning-bearing updates, especially in Psyche-adjacent work, briefly say what
+  feels newly true before you ask for the one structural detail that still changes the
+  save.
 - Do not read schema fields out loud unless the user explicitly wants a checklist.
 - One focused question is the default. Ask two only when both questions serve the same
   job and the user is steady enough for it.
@@ -780,6 +783,7 @@ Arc:
 2. Confirm the actor only if it is not already obvious.
 3. Ask whether the run should be planned or unlimited only if that changes the action.
 4. Start the run instead of turning it into intake.
+5. Use the dedicated task-run tool for start, heartbeat, focus, complete, and release work. Do not bounce to the Forge UI, a browser session, or a generic web route for those actions unless the user explicitly wants the visual surface.
 
 Ready to start when:
 
@@ -1011,9 +1015,11 @@ Arc:
 3. Ask whether the focus is a stay, a trip, a place, a timeline window, or a selected span.
 4. Ask for the time window, place, or movement item that makes the question concrete.
 5. Ask what they are trying to notice, preserve, or answer through that movement context.
-6. Skip the meta lane question when the user already named the exact correction or
+6. Choose the dedicated day, month, all-time, timeline, places, trip-detail, or
+   selection route once the question shape is clear.
+7. Skip the meta lane question when the user already named the exact correction or
    review target and only one ambiguity remains.
-7. Route to the dedicated movement read or write path once the surface is clear.
+8. Route to the dedicated movement read or write path once the surface is clear.
 
 Direct action rules:
 
@@ -1101,7 +1107,9 @@ Arc:
    when the lane is still blurred.
 6. If the user already named the life-force lane clearly, skip the meta lane question
    and ask only for the specific weekday, profile field, or signal that still matters.
-7. Route to the dedicated life-force path once the lane is clear.
+7. If the user wants to see what changed after a write, read the overview back instead
+   of leaving the result implicit.
+8. Route to the dedicated life-force path once the lane is clear.
 
 Helpful follow-up lanes:
 
@@ -1156,7 +1164,9 @@ Arc:
 4. Ask whether they need the flow contract, a run result, a published output, or a node result.
 5. If the user already named the flow and action clearly, skip the meta lane
    question and ask only for the missing run, node, or output scope.
-6. Route to the dedicated workbench route family once the execution lane is clear.
+6. If the user wants a stable public input contract or published output, prefer those
+   dedicated reads instead of detouring through run history first.
+7. Route to the dedicated workbench route family once the execution lane is clear.
 
 Helpful follow-up lanes: