palmier 0.4.6 → 0.4.8

package/README.md

@@ -193,8 +193,8 @@ The serve daemon exposes localhost-only HTTP endpoints for agents during task ex
 
 | Endpoint | Method | Description |
 |---|---|---|
-| `/notify` | GET | Send a push notification (requires server mode) |
-| `/request-input` | GET | Request user input; blocks until a response is provided |
+| `/notify` | POST | Send a push notification (requires server mode) |
+| `/request-input` | POST | Request user input; blocks until a response is provided |
 
 See [agent-instructions.md](src/agents/agent-instructions.md) for usage examples.
 

package/dist/agents/agent-instructions.md

@@ -22,11 +22,18 @@ If the task fails because a tool was denied or you lack the required permissions
 
 ## HTTP Endpoints
 
-The following HTTP endpoints are available at http://localhost:{{PORT}} during task execution.
-
-**Requesting user input** — If you need any information you do not have (credentials, configuration values, preferences, clarifications, etc.) or the task explicitly asks you to get input from the user, do NOT fail the task. Instead, GET `/request-input?taskId={{TASK_ID}}&descriptions=question+1&descriptions=question+2`. The request blocks until the user responds. The response is `{"values":["answer1","answer2"]}` on success, or `{"aborted":true}` if the user chooses to abort.
-
-**Sending push notifications** — GET `/notify?title=...&body=...` to send a push notification to the user's devices.
+The following HTTP endpoints are available at http://localhost:{{PORT}} during task execution. Use curl to call them.
+
+**Requesting user input** — When you need information from the user (credentials, questions, preferences, clarifications, etc.), do not guess, fail, or prompt via stdout. Instead, POST to `/request-input` with:
+```json
+{"taskId":"{{TASK_ID}}","descriptions":["question 1","question 2"]}
+```
+The request blocks until the user responds. Response: `{"values":["answer1","answer2"]}` on success, or `{"aborted":true}` if the user declines.
+
+**Sending push notifications** — To notify the user, POST to `/notify` with:
+```json
+{"title":"...","body":"..."}
+```
 
 ---
 

package/dist/agents/claude.js

@@ -9,7 +9,7 @@ export class ClaudeAgent {
         };
     }
     getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
-        const prompt = getAgentInstructions(task.frontmatter.id) + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
+        const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
         const args = ["--permission-mode", "acceptEdits", "-p", "--allowedTools", "WebFetch"];
         const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
         for (const p of allPerms) {

package/dist/agents/codex.js

@@ -9,7 +9,7 @@ export class CodexAgent {
         };
     }
     getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
-        const prompt = getAgentInstructions(task.frontmatter.id) + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
+        const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
         // Using danger-full-access until workspace-write is fixed: https://github.com/openai/codex/issues/12572
         const args = ["exec", "--full-auto", "--skip-git-repo-check", "--sandbox", "danger-full-access"];
         const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
@@ -17,10 +17,10 @@ export class CodexAgent {
             args.push("--config");
             args.push(`apps.${p.name}.default_tools_approval_mode="approve"`);
         }
-        args.push("-"); // read prompt from stdin
         if (followupPrompt) {
             args.push("resume", "--last");
         } // continue mode for followups
+        args.push("-"); // read prompt from stdin
         return { command: "codex", args, stdin: prompt };
     }
     async init() {

package/dist/agents/copilot.js

@@ -9,13 +9,10 @@ export class CopilotAgent {
         };
     }
     getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
-        const prompt = getAgentInstructions(task.frontmatter.id) + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
-        const args = ["-p", prompt, "--allowed-tools", "web_fetch"];
+        const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+        const args = ["-p", prompt];
         const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
-        if (allPerms.length > 0) {
-            args.push(`--allow-tool='${allPerms.map((p) => p.name).join(",")}'`);
-            ;
-        }
+        args.push(`--allow-tool=${["web_fetch", ...allPerms.map((p) => p.name)].join(",")}`);
         if (followupPrompt) {
             args.push("--continue");
         }

package/dist/agents/gemini.js

@@ -9,12 +9,10 @@ export class GeminiAgent {
         };
     }
     getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
-        const prompt = followupPrompt ?? (task.body || task.frontmatter.user_prompt);
-        const fullPrompt = getAgentInstructions(task.frontmatter.id) + "\n\n" + prompt;
-        const args = ["--prompt", "--allowed-tools", "web_fetch", "-"];
+        const fullPrompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+        const args = ["--allowed-tools", "web_fetch"];
         const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
         if (allPerms.length > 0) {
-            args.push("--allowed-tools");
             for (const p of allPerms) {
                 args.push(p.name);
             }
@@ -22,6 +20,7 @@ export class GeminiAgent {
         if (followupPrompt) {
             args.push("--resume");
         } // continue mode for followups
+        args.push("--prompt", "-"); // read prompt from stdin
         return { command: "gemini", args, stdin: fullPrompt };
     }
     async init() {

package/dist/agents/openclaw.js

@@ -8,7 +8,7 @@ export class OpenClawAgent {
         };
     }
     getTaskRunCommandLine(task, followupPrompt, extraPermissions) {
-        const prompt = getAgentInstructions(task.frontmatter.id) + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
+        const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
         // OpenClaw does not support stdin as prompt.
         const args = ["agent", "--local", "--session-id", task.frontmatter.id, "--message", prompt];
         return { command: "openclaw", args };

package/dist/commands/plan-generation.md

@@ -1,24 +1,21 @@
-You are a task planning assistant. Given a task description, produce a Markdown execution plan for an agent. **Do not execute any part of the plan yourself.**
+You are a task planning assistant. Given a task description, produce a Markdown execution plan for an AI agent to follow. Do not execute any part of the plan yourself.
 
-Output a raw YAML frontmatter block (delimited by `---`) followed by the plan body. Do NOT wrap frontmatter in code fences. The first line of output must be `---`.
+## Output Format
+
+Start with a YAML frontmatter block (no code fences), then the plan body:
 
 ---
-task_name: <short name, 3-6 words>
+task_name: <concise label, 3-6 words>
 ---
 
-**Frontmatter:** `task_name` — concise label (e.g., "Clean up temp files", "Backup database daily").
-
-**Plan body:**
-
-### 1. Goal
-What the task accomplishes and the expected end state.
+<plan body>
 
-### 2. Plan
-Numbered sequence of concrete, actionable steps. Include conditional branches where behavior may vary. Each step must be unambiguous.
+## Plan Body Guidelines
 
-### 3. Output Format (if applicable)
-If the task produces formatted output (report, email, etc.), specify structure, sections, tone, and templates.
+- Write a numbered sequence of concrete, actionable steps.
+- If the task produces formatted output (report, email, summary, etc.), specify the structure, sections, and tone.
+- When a step requires user input, simply state what information is needed from the user. Do not specify how to obtain it — the agent has its own tool for requesting user input.
+- Relative times in the task description (e.g., "yesterday", "last week") refer to execution time, not plan generation time.
 
-Relative times in the task description (e.g., "yesterday") are relative to execution time, not plan generation time.
+## Task Description
 
-**Task description:**

package/dist/commands/run.js

@@ -17,10 +17,9 @@ import { publishHostEvent } from "../events.js";
  * (for command-triggered mode this is the per-line augmented task).
  */
 async function invokeAgentWithContinuation(ctx, invokeTask) {
-    let followupPrompt;
     // eslint-disable-next-line no-constant-condition
     while (true) {
-        const { command, args, stdin } = ctx.agent.getTaskRunCommandLine(invokeTask, followupPrompt, ctx.transientPermissions);
+        const { command, args, stdin } = ctx.agent.getTaskRunCommandLine(invokeTask, undefined, ctx.transientPermissions);
         const result = await spawnCommand(command, args, {
             cwd: getRunDir(ctx.taskDir, ctx.runId),
             env: { ...ctx.guiEnv, PALMIER_TASK_ID: ctx.task.frontmatter.id, PALMIER_RUN_DIR: getRunDir(ctx.taskDir, ctx.runId), PALMIER_HTTP_PORT: String(ctx.config.httpPort ?? 7400) },
@@ -69,7 +68,6 @@ async function invokeAgentWithContinuation(ctx, invokeTask) {
             }
             // If the agent actually failed, retry with the new permissions
             if (outcome === "failed") {
-                followupPrompt = "Permissions granted, please continue.";
                 continue;
             }
         }
@@ -126,7 +124,7 @@ export async function runCommand(taskId) {
     const taskName = task.frontmatter.name;
     // Use existing run dir if just created by RPC, otherwise create a new one
     const existingRunId = findLatestPendingRunId(taskDir);
-    const runId = existingRunId ?? createRunDir(taskDir, taskName, Date.now());
+    const runId = existingRunId ?? createRunDir(taskDir, taskName, Date.now(), task.frontmatter.agent);
     if (!existingRunId) {
         appendHistory(config.projectRoot, { task_id: taskId, run_id: runId });
     }
@@ -334,12 +332,15 @@ async function publishTaskEvent(nc, config, taskDir, taskId, eventType, taskName
 }
 async function requestPermission(config, task, taskDir, requiredPermissions) {
     const port = config.httpPort ?? 7400;
-    const params = new URLSearchParams({
-        taskId: task.frontmatter.id,
-        taskName: task.frontmatter.name,
-        permissions: JSON.stringify(requiredPermissions),
+    const res = await fetch(`http://localhost:${port}/request-permission`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            taskId: task.frontmatter.id,
+            taskName: task.frontmatter.name,
+            permissions: requiredPermissions,
+        }),
     });
-    const res = await fetch(`http://localhost:${port}/request-permission?${params}`);
     const { response } = await res.json();
     writeTaskStatus(taskDir, {
         running_state: response === "aborted" ? "aborted" : "started",
@@ -349,11 +350,11 @@ async function requestPermission(config, task, taskDir, requiredPermissions) {
 }
 async function requestConfirmation(config, task, taskDir) {
     const port = config.httpPort ?? 7400;
-    const params = new URLSearchParams({
-        taskId: task.frontmatter.id,
-        taskName: task.frontmatter.name,
+    const res = await fetch(`http://localhost:${port}/request-confirmation`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ taskId: task.frontmatter.id, taskName: task.frontmatter.name }),
     });
-    const res = await fetch(`http://localhost:${port}/request-confirmation?${params}`);
     const { confirmed } = await res.json();
     writeTaskStatus(taskDir, {
         running_state: confirmed ? "started" : "aborted",

package/dist/rpc-handler.js

@@ -48,6 +48,7 @@ function parseResultFrontmatter(raw) {
     return {
         messages,
         task_name: meta.task_name,
+        agent: meta.agent,
         running_state: runningState,
         start_time: startedMsg?.time || undefined,
         end_time: terminalMsg?.time || undefined,
@@ -260,7 +261,7 @@ export function createRpcHandler(config, nc) {
                 writeTaskFile(taskDir, task);
                 // Do NOT append to tasks.jsonl — this is a one-off run
                 // Create initial result file so it appears in runs list immediately
-                const runId = createRunDir(taskDir, name, Date.now());
+                const runId = createRunDir(taskDir, name, Date.now(), params.agent);
                 appendHistory(config.projectRoot, { task_id: id, run_id: runId });
                 // Spawn `palmier run <id>` directly as a detached process
                 const script = process.argv[1] || "palmier";
@@ -278,7 +279,7 @@ export function createRpcHandler(config, nc) {
                     // Create initial result file so it appears in runs list immediately
                     const runTaskDir = getTaskDir(config.projectRoot, params.id);
                     const runTask = parseTaskFile(runTaskDir);
-                    const taskRunId = createRunDir(runTaskDir, runTask.frontmatter.name, Date.now());
+                    const taskRunId = createRunDir(runTaskDir, runTask.frontmatter.name, Date.now(), runTask.frontmatter.agent);
                     appendHistory(config.projectRoot, { task_id: params.id, run_id: taskRunId });
                     await getPlatform().startTask(params.id);
                     return { ok: true, task_id: params.id, run_id: taskRunId };

package/dist/task.d.ts

@@ -42,7 +42,7 @@ export declare function readTaskStatus(taskDir: string): TaskStatus | undefined;
  * Create a run directory with an initial TASKRUN.md file.
  * Returns the run ID (timestamp string used as directory name).
  */
-export declare function createRunDir(taskDir: string, taskName: string, startTime: number): string;
+export declare function createRunDir(taskDir: string, taskName: string, startTime: number, agent?: string): string;
 /**
  * Get the path to a run directory.
  */

package/dist/task.js

@@ -133,11 +133,12 @@ export function readTaskStatus(taskDir) {
  * Create a run directory with an initial TASKRUN.md file.
  * Returns the run ID (timestamp string used as directory name).
  */
-export function createRunDir(taskDir, taskName, startTime) {
+export function createRunDir(taskDir, taskName, startTime, agent) {
     const runId = String(startTime);
     const runDir = path.join(taskDir, runId);
     fs.mkdirSync(runDir, { recursive: true });
-    const content = `---\ntask_name: ${taskName}\n---\n\n`;
+    const agentLine = agent ? `\nagent: ${agent}` : "";
+    const content = `---\ntask_name: ${taskName}${agentLine}\n---\n\n`;
     fs.writeFileSync(path.join(runDir, "TASKRUN.md"), content, "utf-8");
     return runId;
 }

package/dist/transports/http-transport.js

@@ -193,8 +193,8 @@ export async function startHttpTransport(config, handleRpc, port, nc, pairingCod
             }
             return;
         }
-        // ── GET /notify — send push notification via NATS ──────────────────
-        if (req.method === "GET" && pathname === "/notify") {
+        // ── POST /notify — send push notification via NATS ─────────────────
+        if (req.method === "POST" && pathname === "/notify") {
             if (!isLocalhost(req)) {
                 sendJson(res, 403, { error: "localhost only" });
                 return;
@@ -204,10 +204,10 @@ export async function startHttpTransport(config, handleRpc, port, nc, pairingCod
                 return;
             }
             try {
-                const title = url.searchParams.get("title");
-                const notifBody = url.searchParams.get("body");
+                const body = await readBody(req);
+                const { title, body: notifBody } = JSON.parse(body);
                 if (!title || !notifBody) {
-                    sendJson(res, 400, { error: "title and body query params are required" });
+                    sendJson(res, 400, { error: "title and body are required" });
                     return;
                 }
                 const sc = StringCodec();
@@ -227,18 +227,17 @@ export async function startHttpTransport(config, handleRpc, port, nc, pairingCod
             }
             return;
         }
-        // ── GET /request-input — held connection until user responds ────────
-        if (req.method === "GET" && pathname === "/request-input") {
+        // ── POST /request-input — held connection until user responds ────────
+        if (req.method === "POST" && pathname === "/request-input") {
             if (!isLocalhost(req)) {
                 sendJson(res, 403, { error: "localhost only" });
                 return;
             }
             try {
-                const taskId = url.searchParams.get("taskId");
-                const runId = url.searchParams.get("runId");
-                const descriptions = url.searchParams.getAll("descriptions");
-                if (!taskId || !descriptions.length) {
-                    sendJson(res, 400, { error: "taskId and descriptions query params are required" });
+                const body = await readBody(req);
+                const { taskId, runId, descriptions } = JSON.parse(body);
+                if (!taskId || !descriptions?.length) {
+                    sendJson(res, 400, { error: "taskId and descriptions are required" });
                     return;
                 }
                 const taskDir = getTaskDir(config.projectRoot, taskId);
@@ -271,16 +270,17 @@ export async function startHttpTransport(config, handleRpc, port, nc, pairingCod
             }
             return;
         }
-        // ── GET /request-confirmation — held connection ─────────────────────
-        if (req.method === "GET" && pathname === "/request-confirmation") {
+        // ── POST /request-confirmation — held connection ────────────────────
+        if (req.method === "POST" && pathname === "/request-confirmation") {
             if (!isLocalhost(req)) {
                 sendJson(res, 403, { error: "localhost only" });
                 return;
             }
             try {
-                const taskId = url.searchParams.get("taskId");
+                const body = await readBody(req);
+                const { taskId } = JSON.parse(body);
                 if (!taskId) {
-                    sendJson(res, 400, { error: "taskId query param is required" });
+                    sendJson(res, 400, { error: "taskId is required" });
                     return;
                 }
                 await publishEvent(taskId, {
@@ -301,25 +301,17 @@ export async function startHttpTransport(config, handleRpc, port, nc, pairingCod
             }
             return;
         }
-        // ── GET /request-permission — held connection ───────────────────────
-        if (req.method === "GET" && pathname === "/request-permission") {
+        // ── POST /request-permission — held connection ──────────────────────
+        if (req.method === "POST" && pathname === "/request-permission") {
             if (!isLocalhost(req)) {
                 sendJson(res, 403, { error: "localhost only" });
                 return;
             }
             try {
-                const taskId = url.searchParams.get("taskId");
-                const taskName = url.searchParams.get("taskName");
-                const permissionsRaw = url.searchParams.get("permissions");
-                let permissions = [];
-                if (permissionsRaw) {
-                    try {
-                        permissions = JSON.parse(permissionsRaw);
-                    }
-                    catch { /* ignore */ }
-                }
-                if (!taskId || !permissions.length) {
-                    sendJson(res, 400, { error: "taskId and permissions query params are required" });
+                const body = await readBody(req);
+                const { taskId, taskName, permissions } = JSON.parse(body);
+                if (!taskId || !permissions?.length) {
+                    sendJson(res, 400, { error: "taskId and permissions are required" });
                     return;
                 }
                 await publishEvent(taskId, {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "palmier",
-  "version": "0.4.6",
+  "version": "0.4.8",
   "description": "Palmier host CLI - provisions, executes tasks, and serves NATS RPC",
   "license": "Apache-2.0",
   "author": "Hongxu Cai",

package/src/agents/agent-instructions.md

@@ -22,11 +22,18 @@ If the task fails because a tool was denied or you lack the required permissions
 
 ## HTTP Endpoints
 
-The following HTTP endpoints are available at http://localhost:{{PORT}} during task execution.
-
-**Requesting user input** — If you need any information you do not have (credentials, configuration values, preferences, clarifications, etc.) or the task explicitly asks you to get input from the user, do NOT fail the task. Instead, GET `/request-input?taskId={{TASK_ID}}&descriptions=question+1&descriptions=question+2`. The request blocks until the user responds. The response is `{"values":["answer1","answer2"]}` on success, or `{"aborted":true}` if the user chooses to abort.
-
-**Sending push notifications** — GET `/notify?title=...&body=...` to send a push notification to the user's devices.
+The following HTTP endpoints are available at http://localhost:{{PORT}} during task execution. Use curl to call them.
+
+**Requesting user input** — When you need information from the user (credentials, questions, preferences, clarifications, etc.), do not guess, fail, or prompt via stdout. Instead, POST to `/request-input` with:
+```json
+{"taskId":"{{TASK_ID}}","descriptions":["question 1","question 2"]}
+```
+The request blocks until the user responds. Response: `{"values":["answer1","answer2"]}` on success, or `{"aborted":true}` if the user declines.
+
+**Sending push notifications** — To notify the user, POST to `/notify` with:
+```json
+{"title":"...","body":"..."}
+```
 
 ---
 

package/src/agents/claude.ts

@@ -13,7 +13,7 @@ export class ClaudeAgent implements AgentTool {
   }
 
   getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine {
-    const prompt = getAgentInstructions(task.frontmatter.id) + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
+    const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
     const args = ["--permission-mode", "acceptEdits", "-p", "--allowedTools", "WebFetch"];
 
     const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];

package/src/agents/codex.ts

@@ -13,7 +13,7 @@ export class CodexAgent implements AgentTool {
   }
 
   getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine {
-    const prompt = getAgentInstructions(task.frontmatter.id) + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
+    const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
     // Using danger-full-access until workspace-write is fixed: https://github.com/openai/codex/issues/12572
     const args = ["exec", "--full-auto", "--skip-git-repo-check", "--sandbox", "danger-full-access"];
 
@@ -22,9 +22,9 @@ export class CodexAgent implements AgentTool {
       args.push("--config");
       args.push(`apps.${p.name}.default_tools_approval_mode="approve"`);
     }
+    if (followupPrompt) {args.push("resume", "--last");} // continue mode for followups
     args.push("-"); // read prompt from stdin
 
-    if (followupPrompt) {args.push("resume", "--last");} // continue mode for followups
     return { command: "codex", args, stdin: prompt };
   }
 

package/src/agents/copilot.ts

@@ -13,14 +13,11 @@ export class CopilotAgent implements AgentTool {
   }
 
   getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine {
-    const prompt = getAgentInstructions(task.frontmatter.id) + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
-    const args = ["-p", prompt, "--allowed-tools", "web_fetch"];
+    const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+    const args = ["-p", prompt];
 
     const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
-    if (allPerms.length > 0) {
-      args.push(`--allow-tool='${allPerms.map((p) => p.name).join(",")}'`);;
-    }
-
+    args.push(`--allow-tool=${["web_fetch", ...allPerms.map((p) => p.name)].join(",")}`);
     if (followupPrompt) { args.push("--continue"); }
     return { command: "copilot", args};
   }

package/src/agents/gemini.ts

@@ -13,19 +13,19 @@ export class GeminiAgent implements AgentTool {
   }
 
   getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine {
-    const prompt = followupPrompt ?? (task.body || task.frontmatter.user_prompt);
-    const fullPrompt = getAgentInstructions(task.frontmatter.id) + "\n\n" + prompt;
-    const args = ["--prompt", "--allowed-tools", "web_fetch", "-"];
+    const fullPrompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+    const args = ["--allowed-tools", "web_fetch"];
 
     const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
     if (allPerms.length > 0) {
-      args.push("--allowed-tools");
       for (const p of allPerms) {
         args.push(p.name);
       }
     }
 
     if (followupPrompt) {args.push("--resume");} // continue mode for followups
+    args.push("--prompt", "-"); // read prompt from stdin
+    
     return { command: "gemini", args, stdin: fullPrompt };
   }
 

package/src/agents/openclaw.ts

@@ -12,7 +12,7 @@ export class OpenClawAgent implements AgentTool {
   }
 
   getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine {
-    const prompt = getAgentInstructions(task.frontmatter.id) + "\n\n" + (followupPrompt ?? (task.body || task.frontmatter.user_prompt));
+    const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
     // OpenClaw does not support stdin as prompt.
     const args = ["agent", "--local", "--session-id", task.frontmatter.id, "--message", prompt];
 

package/src/commands/plan-generation.md

@@ -1,24 +1,21 @@
-You are a task planning assistant. Given a task description, produce a Markdown execution plan for an agent. **Do not execute any part of the plan yourself.**
+You are a task planning assistant. Given a task description, produce a Markdown execution plan for an AI agent to follow. Do not execute any part of the plan yourself.
 
-Output a raw YAML frontmatter block (delimited by `---`) followed by the plan body. Do NOT wrap frontmatter in code fences. The first line of output must be `---`.
+## Output Format
+
+Start with a YAML frontmatter block (no code fences), then the plan body:
 
 ---
-task_name: <short name, 3-6 words>
+task_name: <concise label, 3-6 words>
 ---
 
-**Frontmatter:** `task_name` — concise label (e.g., "Clean up temp files", "Backup database daily").
-
-**Plan body:**
-
-### 1. Goal
-What the task accomplishes and the expected end state.
+<plan body>
 
-### 2. Plan
-Numbered sequence of concrete, actionable steps. Include conditional branches where behavior may vary. Each step must be unambiguous.
+## Plan Body Guidelines
 
-### 3. Output Format (if applicable)
-If the task produces formatted output (report, email, etc.), specify structure, sections, tone, and templates.
+- Write a numbered sequence of concrete, actionable steps.
+- If the task produces formatted output (report, email, summary, etc.), specify the structure, sections, and tone.
+- When a step requires user input, simply state what information is needed from the user. Do not specify how to obtain it — the agent has its own tool for requesting user input.
+- Relative times in the task description (e.g., "yesterday", "last week") refer to execution time, not plan generation time.
 
-Relative times in the task description (e.g., "yesterday") are relative to execution time, not plan generation time.
+## Task Description
 
-**Task description:**

package/src/commands/run.ts

@@ -45,10 +45,9 @@ async function invokeAgentWithContinuation(
   ctx: InvocationContext,
   invokeTask: ParsedTask,
 ): Promise<InvocationResult> {
-  let followupPrompt: string | undefined;
   // eslint-disable-next-line no-constant-condition
   while (true) {
-    const { command, args, stdin } = ctx.agent.getTaskRunCommandLine(invokeTask, followupPrompt, ctx.transientPermissions);
+    const { command, args, stdin } = ctx.agent.getTaskRunCommandLine(invokeTask, undefined, ctx.transientPermissions);
     const result = await spawnCommand(command, args, {
       cwd: getRunDir(ctx.taskDir, ctx.runId),
       env: { ...ctx.guiEnv, PALMIER_TASK_ID: ctx.task.frontmatter.id, PALMIER_RUN_DIR: getRunDir(ctx.taskDir, ctx.runId), PALMIER_HTTP_PORT: String(ctx.config.httpPort ?? 7400) },
@@ -106,7 +105,6 @@ async function invokeAgentWithContinuation(
 
       // If the agent actually failed, retry with the new permissions
       if (outcome === "failed") {
-        followupPrompt = "Permissions granted, please continue.";
         continue;
       }
     }
@@ -172,7 +170,7 @@ export async function runCommand(taskId: string): Promise<void> {
 
   // Use existing run dir if just created by RPC, otherwise create a new one
   const existingRunId = findLatestPendingRunId(taskDir);
-  const runId = existingRunId ?? createRunDir(taskDir, taskName, Date.now());
+  const runId = existingRunId ?? createRunDir(taskDir, taskName, Date.now(), task.frontmatter.agent);
   if (!existingRunId) {
     appendHistory(config.projectRoot, { task_id: taskId, run_id: runId });
   }
@@ -412,12 +410,15 @@ async function requestPermission(
   requiredPermissions: RequiredPermission[],
 ): Promise<"granted" | "granted_all" | "aborted"> {
   const port = config.httpPort ?? 7400;
-  const params = new URLSearchParams({
-    taskId: task.frontmatter.id,
-    taskName: task.frontmatter.name,
-    permissions: JSON.stringify(requiredPermissions),
+  const res = await fetch(`http://localhost:${port}/request-permission`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      taskId: task.frontmatter.id,
+      taskName: task.frontmatter.name,
+      permissions: requiredPermissions,
+    }),
   });
-  const res = await fetch(`http://localhost:${port}/request-permission?${params}`);
   const { response } = await res.json() as { response: "granted" | "granted_all" | "aborted" };
   writeTaskStatus(taskDir, {
     running_state: response === "aborted" ? "aborted" : "started",
@@ -433,11 +434,11 @@ async function requestConfirmation(
   taskDir: string,
 ): Promise<boolean> {
   const port = config.httpPort ?? 7400;
-  const params = new URLSearchParams({
-    taskId: task.frontmatter.id,
-    taskName: task.frontmatter.name,
+  const res = await fetch(`http://localhost:${port}/request-confirmation`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ taskId: task.frontmatter.id, taskName: task.frontmatter.name }),
   });
-  const res = await fetch(`http://localhost:${port}/request-confirmation?${params}`);
   const { confirmed } = await res.json() as { confirmed: boolean };
   writeTaskStatus(taskDir, {
     running_state: confirmed ? "started" : "aborted",

package/src/rpc-handler.ts

@@ -58,6 +58,7 @@ function parseResultFrontmatter(raw: string): Record<string, unknown> {
   return {
     messages,
     task_name: meta.task_name,
+    agent: meta.agent,
     running_state: runningState,
     start_time: startedMsg?.time || undefined,
     end_time: terminalMsg?.time || undefined,
@@ -318,7 +319,7 @@ export function createRpcHandler(config: HostConfig, nc?: NatsConnection) {
         // Do NOT append to tasks.jsonl — this is a one-off run
 
         // Create initial result file so it appears in runs list immediately
-        const runId = createRunDir(taskDir, name, Date.now());
+        const runId = createRunDir(taskDir, name, Date.now(), params.agent);
         appendHistory(config.projectRoot, { task_id: id, run_id: runId });
 
         // Spawn `palmier run <id>` directly as a detached process
@@ -339,7 +340,7 @@ export function createRpcHandler(config: HostConfig, nc?: NatsConnection) {
           // Create initial result file so it appears in runs list immediately
           const runTaskDir = getTaskDir(config.projectRoot, params.id);
           const runTask = parseTaskFile(runTaskDir);
-          const taskRunId = createRunDir(runTaskDir, runTask.frontmatter.name, Date.now());
+          const taskRunId = createRunDir(runTaskDir, runTask.frontmatter.name, Date.now(), runTask.frontmatter.agent);
           appendHistory(config.projectRoot, { task_id: params.id, run_id: taskRunId });
 
           await getPlatform().startTask(params.id);

package/src/task.ts

@@ -155,11 +155,13 @@ export function createRunDir(
   taskDir: string,
   taskName: string,
   startTime: number,
+  agent?: string,
 ): string {
   const runId = String(startTime);
   const runDir = path.join(taskDir, runId);
   fs.mkdirSync(runDir, { recursive: true });
-  const content = `---\ntask_name: ${taskName}\n---\n\n`;
+  const agentLine = agent ? `\nagent: ${agent}` : "";
+  const content = `---\ntask_name: ${taskName}${agentLine}\n---\n\n`;
   fs.writeFileSync(path.join(runDir, "TASKRUN.md"), content, "utf-8");
   return runId;
 }

package/src/transports/http-transport.ts

@@ -217,16 +217,16 @@ export async function startHttpTransport(
       return;
     }
 
-    // ── GET /notify — send push notification via NATS ──────────────────
+    // ── POST /notify — send push notification via NATS ─────────────────
 
-    if (req.method === "GET" && pathname === "/notify") {
+    if (req.method === "POST" && pathname === "/notify") {
       if (!isLocalhost(req)) { sendJson(res, 403, { error: "localhost only" }); return; }
       if (!nc) { sendJson(res, 503, { error: "NATS not connected — push notifications require server mode" }); return; }
 
       try {
-        const title = url.searchParams.get("title");
-        const notifBody = url.searchParams.get("body");
-        if (!title || !notifBody) { sendJson(res, 400, { error: "title and body query params are required" }); return; }
+        const body = await readBody(req);
+        const { title, body: notifBody } = JSON.parse(body) as { title: string; body: string };
+        if (!title || !notifBody) { sendJson(res, 400, { error: "title and body are required" }); return; }
 
         const sc = StringCodec();
         const payload = { hostId: config.hostId, title, body: notifBody };
@@ -245,16 +245,17 @@ export async function startHttpTransport(
       return;
     }
 
-    // ── GET /request-input — held connection until user responds ────────
+    // ── POST /request-input — held connection until user responds ────────
 
-    if (req.method === "GET" && pathname === "/request-input") {
+    if (req.method === "POST" && pathname === "/request-input") {
       if (!isLocalhost(req)) { sendJson(res, 403, { error: "localhost only" }); return; }
       try {
-        const taskId = url.searchParams.get("taskId");
-        const runId = url.searchParams.get("runId");
-        const descriptions = url.searchParams.getAll("descriptions");
-        if (!taskId || !descriptions.length) {
-          sendJson(res, 400, { error: "taskId and descriptions query params are required" });
+        const body = await readBody(req);
+        const { taskId, runId, descriptions } = JSON.parse(body) as {
+          taskId: string; runId?: string; descriptions: string[];
+        };
+        if (!taskId || !descriptions?.length) {
+          sendJson(res, 400, { error: "taskId and descriptions are required" });
           return;
         }
 
@@ -290,13 +291,14 @@ export async function startHttpTransport(
       return;
     }
 
-    // ── GET /request-confirmation — held connection ─────────────────────
+    // ── POST /request-confirmation — held connection ────────────────────
 
-    if (req.method === "GET" && pathname === "/request-confirmation") {
+    if (req.method === "POST" && pathname === "/request-confirmation") {
       if (!isLocalhost(req)) { sendJson(res, 403, { error: "localhost only" }); return; }
       try {
-        const taskId = url.searchParams.get("taskId");
-        if (!taskId) { sendJson(res, 400, { error: "taskId query param is required" }); return; }
+        const body = await readBody(req);
+        const { taskId } = JSON.parse(body) as { taskId: string };
+        if (!taskId) { sendJson(res, 400, { error: "taskId is required" }); return; }
 
         await publishEvent(taskId, {
           event_type: "confirm-request",
@@ -319,20 +321,17 @@ export async function startHttpTransport(
       return;
     }
 
-    // ── GET /request-permission — held connection ───────────────────────
+    // ── POST /request-permission — held connection ──────────────────────
 
-    if (req.method === "GET" && pathname === "/request-permission") {
+    if (req.method === "POST" && pathname === "/request-permission") {
       if (!isLocalhost(req)) { sendJson(res, 403, { error: "localhost only" }); return; }
       try {
-        const taskId = url.searchParams.get("taskId");
-        const taskName = url.searchParams.get("taskName");
-        const permissionsRaw = url.searchParams.get("permissions");
-        let permissions: RequiredPermission[] = [];
-        if (permissionsRaw) {
-          try { permissions = JSON.parse(permissionsRaw) as RequiredPermission[]; } catch { /* ignore */ }
-        }
-        if (!taskId || !permissions.length) {
-          sendJson(res, 400, { error: "taskId and permissions query params are required" });
+        const body = await readBody(req);
+        const { taskId, taskName, permissions } = JSON.parse(body) as {
+          taskId: string; taskName?: string; permissions: RequiredPermission[];
+        };
+        if (!taskId || !permissions?.length) {
+          sendJson(res, 400, { error: "taskId and permissions are required" });
           return;
         }