palmier 0.4.5 → 0.4.7

package/dist/transports/http-transport.js

@@ -1,7 +1,13 @@
 import * as http from "node:http";
 import * as os from "os";
+import { StringCodec } from "nats";
 import { validateSession, addSession } from "../session-store.js";
+import { registerPending } from "../pending-requests.js";
+import { getTaskDir, parseTaskFile, appendRunMessage } from "../task.js";
 const PWA_ORIGIN = "https://app.palmier.me";
+const assetCache = new Map();
+/** Paths currently being fetched (dedup concurrent requests). */
+const assetInflight = new Map();
 const CONTENT_TYPES = {
     ".html": "text/html; charset=utf-8",
     ".js": "application/javascript",
@@ -14,6 +20,8 @@ const CONTENT_TYPES = {
     ".svg": "image/svg+xml",
 };
 function guessContentType(urlPath) {
+    if (urlPath === "/")
+        return "text/html; charset=utf-8";
     const ext = urlPath.match(/\.[^.]+$/)?.[0] ?? "";
     return CONTENT_TYPES[ext] ?? "application/octet-stream";
 }
@@ -24,55 +32,39 @@ async function fetchBuffer(url) {
     return Buffer.from(await res.arrayBuffer());
 }
 /**
- * Download the PWA from palmier.me into memory.
- * Parses index.html for asset references, then fetches each one.
+ * Fetch a PWA asset on-the-fly, caching in memory.
+ * Returns null if the asset cannot be fetched.
  */
-async function downloadPwaAssets() {
-    const assets = new Map();
-    // 1. Fetch index.html
-    const html = await fetchBuffer(`${PWA_ORIGIN}/`);
-    assets.set("/", { data: html, contentType: "text/html; charset=utf-8" });
-    const htmlStr = html.toString("utf-8");
-    // 2. Extract references from HTML (src="..." and href="...")
-    // Skip service worker and manifest — they require HTTPS which LAN mode doesn't use
-    const SKIP = new Set(["/registerSW.js", "/service-worker.js", "/manifest.webmanifest"]);
-    const refRegex = /(?:src|href)="([^"]+)"/g;
-    const htmlRefs = new Set();
-    let match;
-    while ((match = refRegex.exec(htmlStr)) !== null) {
-        const ref = match[1];
-        if (ref.startsWith("/") && !ref.startsWith("//") && !SKIP.has(ref)) {
-            htmlRefs.add(ref);
-        }
-    }
-    // 3. Fetch all HTML-referenced assets
-    for (const ref of htmlRefs) {
+async function getAsset(urlPath) {
+    const cached = assetCache.get(urlPath);
+    if (cached)
+        return cached;
+    // Dedup concurrent requests for the same path
+    const inflight = assetInflight.get(urlPath);
+    if (inflight)
+        return inflight;
+    const promise = (async () => {
         try {
-            const data = await fetchBuffer(`${PWA_ORIGIN}${ref}`);
-            assets.set(ref, { data, contentType: guessContentType(ref) });
-            // 4. Parse CSS for font url() references
-            if (ref.endsWith(".css")) {
-                const cssStr = data.toString("utf-8");
-                const urlRegex = /url\(["']?([^"')]+)["']?\)/g;
-                let cssMatch;
-                while ((cssMatch = urlRegex.exec(cssStr)) !== null) {
-                    let fontRef = cssMatch[1];
-                    if (fontRef.startsWith("data:"))
-                        continue;
-                    // Resolve relative URLs against the CSS file's directory
-                    if (!fontRef.startsWith("/")) {
-                        const cssDir = ref.substring(0, ref.lastIndexOf("/") + 1);
-                        fontRef = cssDir + fontRef;
-                    }
-                    htmlRefs.add(fontRef);
-                }
+            let data = await fetchBuffer(`${PWA_ORIGIN}${urlPath}`);
+            // Inject LAN mode marker into index HTML so the PWA can detect it's served by palmier
+            if (urlPath === "/") {
+                const html = data.toString("utf-8").replace("</head>", "<script>window.__PALMIER_SERVE__=true</script></head>");
+                data = Buffer.from(html, "utf-8");
             }
+            const asset = { data, contentType: guessContentType(urlPath) };
+            assetCache.set(urlPath, asset);
+            return asset;
         }
         catch (err) {
-            console.warn(`[pwa] Failed to fetch ${ref}: ${err}`);
+            console.warn(`[pwa] Failed to fetch ${urlPath}: ${err}`);
+            return null;
         }
-    }
-    return assets;
+        finally {
+            assetInflight.delete(urlPath);
+        }
+    })();
+    assetInflight.set(urlPath, promise);
+    return promise;
 }
 const pendingPairs = new Map();
 export function detectLanIp() {
@@ -87,22 +79,18 @@ export function detectLanIp() {
     return "127.0.0.1";
 }
 /**
- * Start the HTTP transport: Express-like server with RPC, SSE, and health endpoints.
+ * Start the HTTP transport: server with RPC, SSE, PWA proxy, pairing, and
+ * localhost-only agent endpoints (notify, request-input, confirmation, permission).
  */
-export async function startHttpTransport(config, handleRpc, port, pairingCode, onReady) {
-    // Download PWA assets into memory before starting the server
-    console.log("[http] Downloading PWA assets...");
-    const pwaAssets = await downloadPwaAssets();
-    console.log(`[http] Cached ${pwaAssets.size} PWA assets in memory.`);
+export async function startHttpTransport(config, handleRpc, port, nc, pairingCode, onReady) {
     const sseClients = new Set();
-    // If a pairing code is provided (from `palmier lan`), pre-register it
+    const lanEnabled = config.lanEnabled ?? false;
+    const bindAddress = lanEnabled ? "0.0.0.0" : "127.0.0.1";
+    // If a pairing code is provided, pre-register it
     if (pairingCode) {
-        const EXPIRY_MS = 24 * 60 * 60 * 1000; // 24 hours — stays valid while lan server runs
+        const EXPIRY_MS = 24 * 60 * 60 * 1000;
         const timer = setTimeout(() => { pendingPairs.delete(pairingCode); }, EXPIRY_MS);
-        pendingPairs.set(pairingCode, {
-            resolve: () => { },
-            timer,
-        });
+        pendingPairs.set(pairingCode, { resolve: () => { }, timer });
     }
     function broadcastSseEvent(data) {
         const payload = `data: ${JSON.stringify(data)}\n\n`;
@@ -114,8 +102,7 @@ export async function startHttpTransport(config, handleRpc, port, pairingCode, o
         const auth = req.headers.authorization;
         if (!auth || !auth.startsWith("Bearer "))
             return false;
-        const token = auth.slice(7);
-        return validateSession(token);
+        return validateSession(auth.slice(7));
     }
     function extractSessionToken(req) {
         const auth = req.headers.authorization;
@@ -139,11 +126,22 @@ export async function startHttpTransport(config, handleRpc, port, pairingCode, o
         const addr = req.socket.remoteAddress;
         return addr === "127.0.0.1" || addr === "::1" || addr === "::ffff:127.0.0.1";
     }
+    /**
+     * Publish an event via NATS and SSE.
+     */
+    async function publishEvent(taskId, payload) {
+        const sc = StringCodec();
+        const subject = `host-event.${config.hostId}.${taskId}`;
+        if (nc) {
+            nc.publish(subject, sc.encode(JSON.stringify(payload)));
+        }
+        broadcastSseEvent({ task_id: taskId, ...payload });
+    }
     const server = http.createServer(async (req, res) => {
         const url = new URL(req.url ?? "/", `http://localhost:${port}`);
         const pathname = url.pathname;
-        // Internal event endpoint — localhost only, no auth
-        if (req.method === "POST" && pathname === "/internal/event") {
+        // ── Localhost-only endpoints (no auth) ─────────────────────────────
+        if (req.method === "POST" && pathname === "/event") {
             if (!isLocalhost(req)) {
                 sendJson(res, 403, { error: "localhost only" });
                 return;
@@ -159,9 +157,7 @@ export async function startHttpTransport(config, handleRpc, port, pairingCode, o
             }
             return;
         }
-        // Internal pair-register endpoint — localhost only, long-poll
-        // The pair CLI posts here and blocks until paired or expired.
-        if (req.method === "POST" && pathname === "/internal/pair-register") {
+        if (req.method === "POST" && pathname === "/pair-register") {
             if (!isLocalhost(req)) {
                 sendJson(res, 403, { error: "localhost only" });
                 return;
@@ -183,7 +179,6 @@ export async function startHttpTransport(config, handleRpc, port, pairingCode, o
                         resolve({ paired: false });
                     }, expiryMs ?? 5 * 60 * 1000);
                     pendingPairs.set(code, { resolve, timer });
-                    // Clean up if the CLI disconnects early
                     req.on("close", () => {
                         if (pendingPairs.has(code)) {
                             clearTimeout(timer);
@@ -198,7 +193,148 @@ export async function startHttpTransport(config, handleRpc, port, pairingCode, o
             }
             return;
         }
-        // Public pair endpoint — no auth required, PWA posts OTP code here
+        // ── POST /notify — send push notification via NATS ─────────────────
+        if (req.method === "POST" && pathname === "/notify") {
+            if (!isLocalhost(req)) {
+                sendJson(res, 403, { error: "localhost only" });
+                return;
+            }
+            if (!nc) {
+                sendJson(res, 503, { error: "NATS not connected — push notifications require server mode" });
+                return;
+            }
+            try {
+                const body = await readBody(req);
+                const { title, body: notifBody } = JSON.parse(body);
+                if (!title || !notifBody) {
+                    sendJson(res, 400, { error: "title and body are required" });
+                    return;
+                }
+                const sc = StringCodec();
+                const payload = { hostId: config.hostId, title, body: notifBody };
+                const subject = `host.${config.hostId}.push.send`;
+                const reply = await nc.request(subject, sc.encode(JSON.stringify(payload)), { timeout: 15_000 });
+                const result = JSON.parse(sc.decode(reply.data));
+                if (result.ok) {
+                    sendJson(res, 200, { ok: true });
+                }
+                else {
+                    sendJson(res, 502, { error: result.error ?? "Push notification failed" });
+                }
+            }
+            catch (err) {
+                sendJson(res, 500, { error: `Failed to send notification: ${err}` });
+            }
+            return;
+        }
+        // ── POST /request-input — held connection until user responds ────────
+        if (req.method === "POST" && pathname === "/request-input") {
+            if (!isLocalhost(req)) {
+                sendJson(res, 403, { error: "localhost only" });
+                return;
+            }
+            try {
+                const body = await readBody(req);
+                const { taskId, runId, descriptions } = JSON.parse(body);
+                if (!taskId || !descriptions?.length) {
+                    sendJson(res, 400, { error: "taskId and descriptions are required" });
+                    return;
+                }
+                const taskDir = getTaskDir(config.projectRoot, taskId);
+                const task = parseTaskFile(taskDir);
+                await publishEvent(taskId, {
+                    event_type: "input-request",
+                    host_id: config.hostId,
+                    input_descriptions: descriptions,
+                    name: task.frontmatter.name,
+                });
+                const response = await registerPending(taskId, "input", descriptions);
+                if (response.length === 1 && response[0] === "aborted") {
+                    await publishEvent(taskId, { event_type: "input-resolved", host_id: config.hostId, status: "aborted" });
+                    if (runId) {
+                        appendRunMessage(taskDir, runId, { role: "user", time: Date.now(), content: "Input request aborted.", type: "input" });
+                    }
+                    sendJson(res, 200, { aborted: true });
+                }
+                else {
+                    await publishEvent(taskId, { event_type: "input-resolved", host_id: config.hostId, status: "provided" });
+                    if (runId) {
+                        const lines = descriptions.map((desc, i) => `**${desc}** ${response[i]}`);
+                        appendRunMessage(taskDir, runId, { role: "user", time: Date.now(), content: lines.join("\n"), type: "input" });
+                    }
+                    sendJson(res, 200, { values: response });
+                }
+            }
+            catch (err) {
+                sendJson(res, 500, { error: String(err) });
+            }
+            return;
+        }
+        // ── POST /request-confirmation — held connection ────────────────────
+        if (req.method === "POST" && pathname === "/request-confirmation") {
+            if (!isLocalhost(req)) {
+                sendJson(res, 403, { error: "localhost only" });
+                return;
+            }
+            try {
+                const body = await readBody(req);
+                const { taskId } = JSON.parse(body);
+                if (!taskId) {
+                    sendJson(res, 400, { error: "taskId is required" });
+                    return;
+                }
+                await publishEvent(taskId, {
+                    event_type: "confirm-request",
+                    host_id: config.hostId,
+                });
+                const response = await registerPending(taskId, "confirmation");
+                const confirmed = response[0] === "confirmed";
+                await publishEvent(taskId, {
+                    event_type: "confirm-resolved",
+                    host_id: config.hostId,
+                    status: confirmed ? "confirmed" : "aborted",
+                });
+                sendJson(res, 200, { confirmed });
+            }
+            catch (err) {
+                sendJson(res, 500, { error: String(err) });
+            }
+            return;
+        }
+        // ── POST /request-permission — held connection ──────────────────────
+        if (req.method === "POST" && pathname === "/request-permission") {
+            if (!isLocalhost(req)) {
+                sendJson(res, 403, { error: "localhost only" });
+                return;
+            }
+            try {
+                const body = await readBody(req);
+                const { taskId, taskName, permissions } = JSON.parse(body);
+                if (!taskId || !permissions?.length) {
+                    sendJson(res, 400, { error: "taskId and permissions are required" });
+                    return;
+                }
+                await publishEvent(taskId, {
+                    event_type: "permission-request",
+                    host_id: config.hostId,
+                    required_permissions: permissions,
+                    name: taskName,
+                });
+                const response = await registerPending(taskId, "permission", permissions);
+                const status = response[0];
+                await publishEvent(taskId, {
+                    event_type: "permission-resolved",
+                    host_id: config.hostId,
+                    status,
+                });
+                sendJson(res, 200, { response: status });
+            }
+            catch (err) {
+                sendJson(res, 500, { error: String(err) });
+            }
+            return;
+        }
+        // ── Public pair endpoint — no auth, PWA posts OTP code here ────────
         if (req.method === "POST" && pathname === "/pair") {
             try {
                 const body = await readBody(req);
@@ -212,7 +348,6 @@ export async function startHttpTransport(config, handleRpc, port, pairingCode, o
                     sendJson(res, 401, { error: "Invalid code" });
                     return;
                 }
-                // Create session and build response
                 const session = addSession(label);
                 const ip = detectLanIp();
                 const response = {
@@ -220,7 +355,6 @@ export async function startHttpTransport(config, handleRpc, port, pairingCode, o
                     sessionToken: session.token,
                     directUrl: `http://${ip}:${port}`,
                 };
-                // Resolve the long-poll and clean up
                 clearTimeout(pending.timer);
                 pendingPairs.delete(code);
                 pending.resolve({ paired: true });
@@ -231,22 +365,31 @@ export async function startHttpTransport(config, handleRpc, port, pairingCode, o
             }
             return;
         }
-        // Serve cached PWA assets for non-API routes (no auth required)
+        // ── PWA assets (on-the-fly, cached) ────────────────────────────────
+        // Skip service worker and manifest — they require HTTPS which LAN mode doesn't use
+        const SKIP = new Set(["/registerSW.js", "/service-worker.js", "/manifest.webmanifest"]);
         const isApiRoute = pathname === "/events" || pathname.startsWith("/rpc/");
         if (!isApiRoute) {
-            // SPA fallback: serve index.html for unrecognized paths
-            const asset = pwaAssets.get(pathname) ?? (pathname !== "/" ? pwaAssets.get("/") : undefined);
+            if (SKIP.has(pathname)) {
+                sendJson(res, 404, { error: "Not found" });
+                return;
+            }
+            // Try exact path, then fall back to index.html (SPA routing)
+            let asset = await getAsset(pathname);
+            if (!asset && pathname !== "/") {
+                asset = await getAsset("/");
+            }
             if (asset) {
                 res.writeHead(200, { "Content-Type": asset.contentType });
                 res.end(asset.data);
             }
             else {
-                sendJson(res, 404, { error: "Not found" });
+                sendJson(res, 502, { error: "Failed to fetch PWA assets" });
             }
             return;
         }
-        // API endpoints require auth
-        if (!checkAuth(req)) {
+        // ── API endpoints require auth (localhost is trusted) ───────────────
+        if (!isLocalhost(req) && !checkAuth(req)) {
             sendJson(res, 401, { error: "Unauthorized" });
             return;
         }
@@ -258,7 +401,6 @@ export async function startHttpTransport(config, handleRpc, port, pairingCode, o
                 Connection: "keep-alive",
             });
             res.write(":ok\n\n");
-            // Send heartbeat every 5 seconds
             const heartbeat = setInterval(() => {
                 res.write("data: {\"heartbeat\":true}\n\n");
             }, 5000);
@@ -290,7 +432,7 @@ export async function startHttpTransport(config, handleRpc, port, pairingCode, o
             const sessionToken = extractSessionToken(req);
             console.log(`[http] RPC: ${method}`);
             try {
-                const response = await handleRpc({ method, params, sessionToken });
+                const response = await handleRpc({ method, params, sessionToken, localhost: isLocalhost(req) });
                 console.log(`[http] RPC done: ${method}`, JSON.stringify(response).slice(0, 200));
                 sendJson(res, 200, response);
             }
@@ -303,10 +445,9 @@ export async function startHttpTransport(config, handleRpc, port, pairingCode, o
         sendJson(res, 404, { error: "Not found" });
     });
     return new Promise((resolve, reject) => {
-        server.listen(port, () => {
-            console.log(`[http] Listening on port ${port}`);
+        server.listen(port, bindAddress, () => {
+            console.log(`[http] Listening on ${bindAddress}:${port}`);
             onReady?.();
-            // Graceful shutdown
             const shutdown = () => {
                 console.log("[http] Shutting down...");
                 for (const client of sseClients) {

package/dist/types.d.ts

@@ -8,6 +8,8 @@ export interface HostConfig {
         key: string;
         label: string;
     }>;
+    httpPort?: number;
+    lanEnabled?: boolean;
 }
 export interface TaskFrontmatter {
     id: string;
@@ -29,8 +31,6 @@ export interface ParsedTask {
     body: string;
 }
 /**
- * State machine: started → (pending_confirmation | pending_permission | pending_input) → finished | aborted | failed
- *
  * - `started`: task is actively running
  * - `finished`: agent completed successfully
  * - `aborted`: user declined confirmation, permission, or input
@@ -38,26 +38,15 @@ export interface ParsedTask {
  */
 export type TaskRunningState = "started" | "finished" | "aborted" | "failed";
 /**
- * Persisted to `status.json` in the task directory. Updated by the run process
- * and read by the RPC handler + PWA to track live task state.
- *
- * Interactive request flow: the run process sets a `pending_*` field and waits
- * for `user_input` to be populated by an RPC call (task.user_input). Only one
- * `pending_*` field is set at a time.
+ * Persisted to `status.json` in the task directory. Used for crash detection
+ * (checkStaleTasks) and abort signalling. Interactive request flows (confirmation,
+ * permission, input) are handled via held HTTP connections on the serve daemon.
  */
 export interface TaskStatus {
     running_state: TaskRunningState;
     time_stamp: number;
     /** PID of the palmier run process (used on Windows to kill the process tree). */
     pid?: number;
-    /** Set when the task has `requires_confirmation` and is awaiting user approval. */
-    pending_confirmation?: boolean;
-    /** Set when the agent requests permissions not yet granted. Contains the permissions needed. */
-    pending_permission?: RequiredPermission[];
-    /** Set when the agent requests user input. Contains descriptions of each requested value. */
-    pending_input?: string[];
-    /** Written by the RPC handler to deliver the user's response to the waiting run process. */
-    user_input?: string[];
 }
 export interface HistoryEntry {
     task_id: string;
@@ -78,5 +67,7 @@ export interface RpcMessage {
     method: string;
     params: Record<string, unknown>;
     sessionToken?: string;
+    /** Trusted localhost request — skip session validation. */
+    localhost?: boolean;
 }
 //# sourceMappingURL=types.d.ts.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "palmier",
-  "version": "0.4.5",
+  "version": "0.4.7",
   "description": "Palmier host CLI - provisions, executes tasks, and serves NATS RPC",
   "license": "Apache-2.0",
   "author": "Hongxu Cai",

package/src/agents/agent-instructions.md

@@ -20,19 +20,19 @@ If the task fails because a tool was denied or you lack the required permissions
 [PALMIER_PERMISSION] Bash(npm test) | Run the test suite via npm
 [PALMIER_PERMISSION] Write | Write generated output files
 
-## CLI Commands
+## HTTP Endpoints
 
-You have access to the following palmier CLI commands:
+The following HTTP endpoints are available at http://localhost:{{PORT}} during task execution. Use curl to call them.
 
-**Requesting user input** — If you need any information you do not have (credentials, configuration values, preferences, clarifications, etc.) or the task explicitly asks you to get input from the user, do NOT fail the task. Instead, request it:
+**Requesting user input** — When you need information from the user (credentials, questions, preferences, clarifications, etc.), do not guess, fail, or prompt via stdout. Instead, POST to `/request-input` with:
+```json
+{"taskId":"{{TASK_ID}}","descriptions":["question 1","question 2"]}
 ```
-palmier request-input --description "What is the database connection string?" --description "What is the API key?"
-```
-The command blocks until the user responds and prints each value on its own line. If the user aborts, the command exits with a non-zero status.
+The request blocks until the user responds. Response: `{"values":["answer1","answer2"]}` on success, or `{"aborted":true}` if the user declines.
 
-**Sending push notifications** — If you need to send a push notification to the user:
-```
-palmier notify --title "Task Complete" --body "The deployment finished successfully."
+**Sending push notifications** — To notify the user, POST to `/notify` with:
+```json
+{"title":"...","body":"..."}
 ```
 
 ---

package/src/agents/claude.ts

@@ -1,7 +1,7 @@
 import type { ParsedTask, RequiredPermission } from "../types.js";
 import { execSync } from "child_process";
 import type { AgentTool, CommandLine } from "./agent.js";
-import { AGENT_INSTRUCTIONS } from "./shared-prompt.js";
+import { getAgentInstructions } from "./shared-prompt.js";
 import { SHELL } from "../platform/index.js";
 
 export class ClaudeAgent implements AgentTool {
@@ -13,8 +13,8 @@ export class ClaudeAgent implements AgentTool {
   }
 
   getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine {
-    const prompt = AGENT_INSTRUCTIONS + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
-    const args = ["--permission-mode", "acceptEdits", "-p"];
+    const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+    const args = ["--permission-mode", "acceptEdits", "-p", "--allowedTools", "WebFetch"];
 
     const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
     for (const p of allPerms) {

package/src/agents/codex.ts

@@ -1,7 +1,7 @@
 import type { ParsedTask, RequiredPermission } from "../types.js";
 import { execSync } from "child_process";
 import type { AgentTool, CommandLine } from "./agent.js";
-import { AGENT_INSTRUCTIONS } from "./shared-prompt.js";
+import { getAgentInstructions } from "./shared-prompt.js";
 import { SHELL } from "../platform/index.js";
 
 export class CodexAgent implements AgentTool {
@@ -13,7 +13,7 @@ export class CodexAgent implements AgentTool {
   }
 
   getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine {
-    const prompt = AGENT_INSTRUCTIONS + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
+    const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
     // Using danger-full-access until workspace-write is fixed: https://github.com/openai/codex/issues/12572
     const args = ["exec", "--full-auto", "--skip-git-repo-check", "--sandbox", "danger-full-access"];
 
@@ -22,9 +22,9 @@ export class CodexAgent implements AgentTool {
       args.push("--config");
       args.push(`apps.${p.name}.default_tools_approval_mode="approve"`);
     }
+    if (followupPrompt) {args.push("resume", "--last");} // continue mode for followups
     args.push("-"); // read prompt from stdin
 
-    if (followupPrompt) {args.push("resume", "--last");} // continue mode for followups
     return { command: "codex", args, stdin: prompt };
   }
 

package/src/agents/copilot.ts

@@ -1,7 +1,7 @@
 import type { ParsedTask, RequiredPermission } from "../types.js";
 import { execSync } from "child_process";
 import type { AgentTool, CommandLine } from "./agent.js";
-import { AGENT_INSTRUCTIONS } from "./shared-prompt.js";
+import { getAgentInstructions } from "./shared-prompt.js";
 import { SHELL } from "../platform/index.js";
 
 export class CopilotAgent implements AgentTool {
@@ -13,14 +13,11 @@ export class CopilotAgent implements AgentTool {
   }
 
   getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine {
-    const prompt = AGENT_INSTRUCTIONS + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
+    const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
     const args = ["-p", prompt];
 
     const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
-    if (allPerms.length > 0) {
-      args.push(`--allow-tool='${allPerms.map((p) => p.name).join(",")}'`);;
-    }
-
+    args.push(`--allow-tool=${["web_fetch", ...allPerms.map((p) => p.name)].join(",")}`);
     if (followupPrompt) { args.push("--continue"); }
     return { command: "copilot", args};
   }

package/src/agents/gemini.ts

@@ -1,7 +1,7 @@
 import type { ParsedTask, RequiredPermission } from "../types.js";
 import { execSync } from "child_process";
 import type { AgentTool, CommandLine } from "./agent.js";
-import { AGENT_INSTRUCTIONS } from "./shared-prompt.js";
+import { getAgentInstructions } from "./shared-prompt.js";
 import { SHELL } from "../platform/index.js";
 
 export class GeminiAgent implements AgentTool {
@@ -13,19 +13,19 @@ export class GeminiAgent implements AgentTool {
   }
 
   getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine {
-    const prompt = followupPrompt ?? (task.body || task.frontmatter.user_prompt);
-    const fullPrompt = AGENT_INSTRUCTIONS + "\n\n" + prompt;
-    const args = ["--prompt", "-"];
+    const fullPrompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+    const args = ["--allowed-tools", "web_fetch"];
 
     const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
     if (allPerms.length > 0) {
-      args.push("--allowed-tools");
       for (const p of allPerms) {
         args.push(p.name);
       }
     }
 
     if (followupPrompt) {args.push("--resume");} // continue mode for followups
+    args.push("--prompt", "-"); // read prompt from stdin
+    
     return { command: "gemini", args, stdin: fullPrompt };
   }
 

package/src/agents/openclaw.ts

@@ -1,7 +1,7 @@
 import type { ParsedTask, RequiredPermission } from "../types.js";
 import { execSync } from "child_process";
 import type { AgentTool, CommandLine } from "./agent.js";
-import { AGENT_INSTRUCTIONS } from "./shared-prompt.js";
+import { getAgentInstructions } from "./shared-prompt.js";
 
 export class OpenClawAgent implements AgentTool {
   getPlanGenerationCommandLine(prompt: string): CommandLine {
@@ -12,7 +12,7 @@ export class OpenClawAgent implements AgentTool {
   }
 
   getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine {
-    const prompt = AGENT_INSTRUCTIONS + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
+    const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
     // OpenClaw does not support stdin as prompt.
     const args = ["agent", "--local", "--session-id", task.frontmatter.id, "--message", prompt];