polygram 0.7.9 → 0.8.0-rc.2

package/polygram.js

@@ -25,6 +25,14 @@ const { migrateJsonToDb, getClaudeSessionId } = require('./lib/sessions');
 const { buildPrompt } = require('./lib/prompt');
 const { filterAttachments, MAX_FILE_BYTES } = require('./lib/attachments');
 const { ProcessManager } = require('./lib/process-manager');
+// 0.8.0 Phase 3: SDK-backed pm available behind POLYGRAM_USE_SDK=1.
+// Both implementations expose the same public API (constructor +
+// callbacks), so the rest of polygram.js doesn't branch beyond the
+// pick-at-startup. Phase 4 deletes the CLI version after Phase 5
+// soak proves SDK stable. See docs/0.8.0-architecture-decisions.md.
+const { ProcessManagerSdk } = require('./lib/process-manager-sdk');
+const agentLoader = require('./lib/agent-loader');
+const USE_SDK = process.env.POLYGRAM_USE_SDK === '1';
 const { createSender } = require('./lib/telegram');
 const { createAsyncLock } = require('./lib/async-lock');
 const { sweepInbox } = require('./lib/inbox');
@@ -752,6 +760,98 @@ function spawnClaude(sessionKey, ctx) {
   return proc;
 }
 
+/**
+ * 0.8.0 Phase 3 — SDK pm spawn factory.
+ *
+ * Replacement for `spawnClaude` when POLYGRAM_USE_SDK=1. Returns
+ * SdkOptions for the SDK pm to pass to `query({ prompt, options })`.
+ * The SDK pm wraps this in its inputController + iteration loop;
+ * polygram only needs to compose the Options object.
+ *
+ * Per v4 plan §6.5.7 — explicit env enumeration (Options.env is
+ * SHADOW per Phase 0 gate 33), bypassPermissions +
+ * allowDangerouslySkipPermissions both set for forward-compat,
+ * agent-loader composes per-chat agent into systemPrompt + skills +
+ * mcpServers, optional resume sessionId for continuity.
+ */
+function buildSdkOptions(sessionKey, ctx) {
+  const { chatConfig, existingSessionId, label, chatId } = ctx;
+
+  // Per-chat agent (D14): if pinned, load & compose. Failure is
+  // non-fatal — chat falls back to defaults; logged for ops.
+  let agentBundle = null;
+  if (chatConfig.agent) {
+    try {
+      agentBundle = agentLoader.loadAgent(chatConfig.agent, {
+        homeDir: CHILD_HOME,
+        logger: console,
+      });
+    } catch (err) {
+      console.error(`[${label}] agent-loader: ${err.message}`);
+      logEvent('agent-load-failed', {
+        chat_id: chatId, agent: chatConfig.agent, error: err.message,
+      });
+    }
+  }
+
+  console.log(`[${label}] Spawning SDK Query (${chatConfig.model}/${chatConfig.effort})`);
+
+  // Env: SHADOW semantics (gate 33) — must enumerate every var
+  // pollygram needs in the spawned worker.
+  const botConfig = config.bot || {};
+  const childEnv = filterEnv(process.env);
+  childEnv.HOME = CHILD_HOME;
+  childEnv.CLAUDE_CHANNEL_BOT = BOT_NAME;
+  if (process.env.POLYGRAM_IPC_SECRET) {
+    childEnv.POLYGRAM_IPC_SECRET = process.env.POLYGRAM_IPC_SECRET;
+  }
+  if (botConfig.needsToken) {
+    childEnv.TELEGRAM_BOT_TOKEN = botConfig.token || '';
+  }
+
+  // 0.8.0 Phase 2 step 6: in-process approval flow via canUseTool.
+  // Wire up only when approvals.gatedTools is configured for this
+  // bot — otherwise leave canUseTool unset and rely on
+  // bypassPermissions for the full allow-all path.
+  const apprCfg = config.bot?.approvals;
+  const useCanUseTool = apprCfg && apprCfg.adminChatId
+    && Array.isArray(apprCfg.gatedTools) && apprCfg.gatedTools.length > 0;
+
+  const baseOpts = {
+    model: chatConfig.model || config.defaults.model,
+    effort: chatConfig.effort || config.defaults.effort,
+    cwd: chatConfig.cwd,
+    env: childEnv,
+    // permissionMode 'default' when canUseTool is wired (so the SDK
+    // actually consults our callback). Otherwise stick with
+    // bypassPermissions (matches today's CLI behaviour).
+    permissionMode: useCanUseTool ? 'default' : 'bypassPermissions',
+    allowDangerouslySkipPermissions: !useCanUseTool,
+    ...(useCanUseTool && { canUseTool: makeCanUseTool(sessionKey) }),
+    executable: 'node',
+    ...(existingSessionId && { resume: existingSessionId }),
+    ...(process.env.POLYGRAM_CLAUDE_BIN && {
+      pathToClaudeCodeExecutable: process.env.POLYGRAM_CLAUDE_BIN,
+    }),
+  };
+
+  // Compose with agent overlay + chat-level config. agent-loader
+  // precedence: chatConfig > agent > defaults. The chatConfig keys
+  // we care about for SDK options are model/effort/cwd/thinking;
+  // others (agent, chrome, isolateTopics) are polygram-only.
+  return agentLoader.composeSdkOptions(
+    {
+      // chat-level overrides — only the keys SDK understands.
+      model: chatConfig.model,
+      effort: chatConfig.effort,
+      cwd: chatConfig.cwd,
+      ...(chatConfig.thinking && { thinking: chatConfig.thinking }),
+    },
+    agentBundle,
+    baseOpts,
+  );
+}
+
 function buildSpawnContext(sessionKey) {
   const chatId = getChatIdFromKey(sessionKey);
   const chatConfig = config.chats[chatId];
@@ -1043,6 +1143,32 @@ function buildApprovalKeyboard(approvalId, token) {
   };
 }
 
+// 0.8.0 Phase 2 step 6: 4-button approval keyboard for SDK canUseTool
+// flow. Adds "Always allow" and "Always deny" rows that persist the
+// decision into chat_tool_decisions (via callback_query handler),
+// so subsequent invocations of the same tool with the same input
+// short-circuit without prompting.
+//
+// Callback_data conventions:
+//   approve:<id>:<token>          — one-time allow
+//   deny:<id>:<token>             — one-time deny
+//   approve-always:<id>:<token>   — allow + persist
+//   deny-always:<id>:<token>      — deny + persist
+function buildApprovalKeyboardWithAlways(approvalId, token) {
+  return {
+    inline_keyboard: [
+      [
+        { text: '✅ Approve', callback_data: `approve:${approvalId}:${token}` },
+        { text: '❌ Deny',    callback_data: `deny:${approvalId}:${token}` },
+      ],
+      [
+        { text: '🔁 Always allow', callback_data: `approve-always:${approvalId}:${token}` },
+        { text: '🚫 Always deny',  callback_data: `deny-always:${approvalId}:${token}` },
+      ],
+    ],
+  };
+}
+
 // /model and /effort inline keyboard. `show` controls which row(s) appear:
 // 'model', 'effort', or 'all'. The current value gets a ✓ marker so the
 // user can see at a glance what's selected.
@@ -1133,6 +1259,174 @@ function safeParse(s) {
   try { return JSON.parse(s); } catch { return s; }
 }
 
+/**
+ * 0.8.0 Phase 2 step 6: canonical-JSON-stringify of a tool input
+ * object. Keys sorted alphabetically; no whitespace. Used as the
+ * dedup key for chat_tool_decisions match_type='exact' lookups
+ * and as the input_pattern stored on "Always allow" clicks.
+ *
+ * Why canonical: Claude can reorder JSON keys between retries of
+ * the same tool call (different SDK versions, different temperature
+ * sampling). Without canonicalisation, the dedup digest would
+ * differ for semantically-identical calls and the user would see
+ * the same approval card twice (ship-breaker M8 mitigation).
+ */
+function canonicalizeToolInput(input) {
+  if (input == null || typeof input !== 'object') {
+    return JSON.stringify(input);
+  }
+  const sortRec = (v) => {
+    if (Array.isArray(v)) return v.map(sortRec);
+    if (v == null || typeof v !== 'object') return v;
+    const out = {};
+    for (const k of Object.keys(v).sort()) out[k] = sortRec(v[k]);
+    return out;
+  };
+  return JSON.stringify(sortRec(input));
+}
+
+/**
+ * 0.8.0 Phase 2 step 6: SDK canUseTool callback. Hands back to the
+ * SDK an async PermissionResult per `@anthropic-ai/claude-agent-sdk`
+ * sdk.d.ts:146-188.
+ *
+ * Flow (per v4 plan §4.2):
+ *   1. If no approval config → allow.
+ *   2. Look up chat_tool_decisions for short-circuit (always-allow/
+ *      always-deny by exact / prefix / regex match). If found,
+ *      return that decision.
+ *   3. Match against config.bot.approvals.gatedTools; if not gated,
+ *      allow.
+ *   4. Issue pending_approvals row (with tool_use_id dedup); post
+ *      4-button card to admin chat; park resolver in
+ *      approvalWaiters Map; race against opts.signal + timeout.
+ *   5. Return PermissionResult; the SDK lets the tool run or denies.
+ *
+ * Reuses the existing approvals store + approvalWaiters Map (same
+ * shape as today's IPC flow). Both paths can coexist on the same
+ * daemon — IPC for CLI pm chats, canUseTool for SDK pm chats.
+ */
+function makeCanUseTool(sessionKey) {
+  const chatId = getChatIdFromKey(sessionKey);
+  const threadId = sessionKey.includes(':') ? sessionKey.split(':')[1] : null;
+  return async function canUseTool(toolName, input, opts) {
+    const apprCfg = config.bot?.approvals;
+    if (!apprCfg || !apprCfg.adminChatId) {
+      // Not configured for this bot → allow everything (matches CLI
+      // pm's bypassPermissions today when approvals not set).
+      return { behavior: 'allow' };
+    }
+
+    const canonicalInput = canonicalizeToolInput(input);
+
+    // Step 2: chat_tool_decisions short-circuit.
+    try {
+      const persisted = db.lookupChatToolDecision({
+        bot_name: BOT_NAME, chat_id: chatId, tool_name: toolName,
+        canonical_input: canonicalInput, now: Date.now(),
+      });
+      if (persisted) {
+        logEvent('canusetool-shortcircuit', {
+          chat_id: chatId, tool_name: toolName,
+          decision: persisted.decision, match_type: persisted.match_type,
+          tool_use_id: opts?.toolUseID || null,
+        });
+        if (persisted.decision === 'allow') return { behavior: 'allow' };
+        return { behavior: 'deny', message: 'matched persisted always-deny rule' };
+      }
+    } catch (err) {
+      console.error(`[${sessionKey}] chat_tool_decisions lookup: ${err.message}`);
+      // Non-fatal — fall through to gating + card.
+    }
+
+    // Step 3: gating check.
+    const gated = matchesApprovalPattern(toolName, input, apprCfg.gatedTools || []);
+    if (!gated.matched) return { behavior: 'allow' };
+
+    // Step 4: issue + post + park.
+    const row = approvals.issue({
+      bot_name: BOT_NAME, turn_id: opts?.toolUseID || null,
+      requester_chat_id: chatId,
+      approver_chat_id: String(apprCfg.adminChatId),
+      tool_name: toolName, tool_input: input,
+      timeoutMs: apprCfg.timeoutMs || APPROVAL_DEFAULT_TIMEOUT_MS,
+    });
+    if (opts?.toolUseID) {
+      // Persist the SDK's stable per-call ID so dedup-by-toolUseId
+      // works on retries (same call, same row).
+      try {
+        approvals.setToolUseId?.(row.id, opts.toolUseID);
+      } catch { /* swallow if older approvals store */ }
+    }
+    if (!bot) {
+      approvals.resolve({ id: row.id, status: 'cancelled', reason: 'bot not ready' });
+      return { behavior: 'deny', message: 'bot not ready' };
+    }
+    if (!row.reused || !row.approver_msg_id) {
+      try {
+        const sent = await tg(bot, 'sendMessage', {
+          chat_id: apprCfg.adminChatId,
+          text: approvalCardText(row),
+          reply_markup: buildApprovalKeyboardWithAlways(row.id, row.callback_token),
+        }, { source: 'canusetool-card', botName: BOT_NAME, plainText: true });
+        if (sent?.message_id) approvals.setApproverMsgId(row.id, sent.message_id);
+      } catch (err) {
+        console.error(`[${sessionKey}] failed to post canUseTool card: ${err.message}`);
+        approvals.resolve({ id: row.id, status: 'cancelled', reason: `post failed: ${err.message}` });
+        return { behavior: 'deny', message: `post failed: ${err.message}` };
+      }
+    }
+
+    // Step 5: race signal + timeout + click.
+    return await new Promise((resolve) => {
+      let settled = false;
+      const settle = (decision) => {
+        if (settled) return;
+        settled = true;
+        clearTimeout(timer);
+        if (opts?.signal && sigCleanup) {
+          try { opts.signal.removeEventListener('abort', sigCleanup); }
+          catch { /* swallow */ }
+        }
+        dropWaiter(row.id, wrappedResolve);
+        resolve(decision);
+      };
+      const timer = setTimeout(() => {
+        approvals.resolve({ id: row.id, status: 'timeout' }).catch?.(() => {});
+        settle({ behavior: 'deny', message: 'approval timed out' });
+      }, Math.max(1000, row.timeout_ts - Date.now()));
+      const sigCleanup = opts?.signal
+        ? () => settle({ behavior: 'deny', message: 'aborted' })
+        : null;
+      if (opts?.signal && sigCleanup) {
+        opts.signal.addEventListener('abort', sigCleanup, { once: true });
+      }
+      const wrappedResolve = (decision, reason, extra) => {
+        // decision here is from resolveApprovalWaiter:
+        //   'approved' | 'denied' | 'approved-always' | 'denied-always'
+        // Map to SDK PermissionResult shape. extra carries
+        // updatedPermissions for the always-* variants.
+        if (decision === 'approved' || decision === 'approved-always') {
+          settle({
+            behavior: 'allow',
+            ...(decision === 'approved-always' && extra?.updatedPermissions
+              ? { updatedPermissions: extra.updatedPermissions }
+              : {}),
+          });
+        } else {
+          settle({
+            behavior: 'deny',
+            message: reason || decision || 'denied',
+          });
+        }
+      };
+      const list = approvalWaiters.get(row.id) || [];
+      list.push(wrappedResolve);
+      approvalWaiters.set(row.id, list);
+    });
+  };
+}
+
 async function handleApprovalRequest(req) {
   const { bot_name, chat_id, turn_id, tool_name, tool_input } = req;
   if (!chat_id || !tool_name) {
@@ -1194,6 +1488,11 @@ async function handleApprovalRequest(req) {
 
     const wrappedResolve = (decision, reason) => {
       clearTimeout(timer);
+      // Translate 'approved-always' / 'denied-always' to plain
+      // approve/deny for the IPC caller — the IPC hook protocol
+      // doesn't carry persistence state, only the bool decision.
+      if (decision === 'approved-always') decision = 'approved';
+      else if (decision === 'denied-always') decision = 'denied';
       resolve({ decision, reason });
     };
 
@@ -1211,18 +1510,26 @@ function dropWaiter(id, fn) {
   if (list.length === 0) approvalWaiters.delete(id);
 }
 
-function resolveApprovalWaiter(id, decision, reason) {
+function resolveApprovalWaiter(id, decision, reason, extra) {
+  // `extra` carries SDK-shape updatedPermissions for always-* clicks.
+  // IPC waiters (CLI pm) ignore it; SDK canUseTool waiters use it
+  // to populate PermissionResult.updatedPermissions so the in-flight
+  // Query picks up the new rule for the rest of the turn.
   const list = approvalWaiters.get(id);
   if (!list) return;
   approvalWaiters.delete(id);
   for (const fn of list) {
-    try { fn(decision, reason); } catch {}
+    try { fn(decision, reason, extra); } catch {}
   }
 }
 
 async function handleApprovalCallback(ctx) {
   const data = ctx.callbackQuery?.data || '';
-  const m = String(data).match(/^(approve|deny):(\d+):(\S+)$/);
+  // 0.8.0 Phase 2 step 6: extended pattern accepts the 4-button
+  // SDK canUseTool format. `approve-always` / `deny-always`
+  // additionally write a row to chat_tool_decisions so subsequent
+  // calls to the same tool with the same input short-circuit.
+  const m = String(data).match(/^(approve|deny|approve-always|deny-always):(\d+):(\S+)$/);
   if (!m) return;
   const decision = m[1];
   const id = parseInt(m[2], 10);
@@ -1259,7 +1566,14 @@ async function handleApprovalCallback(ctx) {
     return;
   }
 
-  const status = decision === 'approve' ? 'approved' : 'denied';
+  // 0.8.0 Phase 2 step 6: parse always-variants. The base status
+  // ('approved' / 'denied') drives existing logic + card edit;
+  // `isAlways` triggers the chat_tool_decisions persistence
+  // below (after the atomic SQL resolve succeeds, so we don't
+  // write a "always" rule for a stale double-click).
+  const isApprove = decision === 'approve' || decision === 'approve-always';
+  const isAlways = decision === 'approve-always' || decision === 'deny-always';
+  const status = isApprove ? 'approved' : 'denied';
   const user = ctx.from?.first_name || ctx.from?.username || null;
   const userId = ctx.from?.id || null;
   // SQL-level atomic resolve: UPDATE ... WHERE status='pending' — so in a
@@ -1300,9 +1614,56 @@ async function handleApprovalCallback(ctx) {
   } catch (err) {
     console.error(`[${BOT_NAME}] edit approval card failed: ${err.message}`);
   }
+  // 0.8.0 Phase 2 step 6: persist always-* clicks to chat_tool_decisions
+  // so subsequent SDK canUseTool calls for the same (bot, chat, tool,
+  // input) short-circuit without prompting. Use prefix match by default
+  // (allows minor argument variations) — the user can hand-edit to
+  // exact / regex via SQL if they want narrower rules.
+  let updatedPermissions = null;
+  if (isAlways) {
+    try {
+      const canonical = canonicalizeToolInput(row.tool_input);
+      db.insertChatToolDecision({
+        bot_name: BOT_NAME,
+        chat_id: row.requester_chat_id,
+        tool_name: row.tool_name,
+        match_type: 'prefix',  // most useful default; exact would be too narrow
+        input_pattern: canonical,
+        decision: status === 'approved' ? 'allow' : 'deny',
+        issued_by_user_id: userId ? String(userId) : null,
+        expires_ts: null,
+      });
+      logEvent('chat-tool-decision-persisted', {
+        chat_id: row.requester_chat_id,
+        tool_name: row.tool_name,
+        decision: status === 'approved' ? 'allow' : 'deny',
+        match_type: 'prefix',
+      });
+      // Build SDK-shape updatedPermissions so the in-flight Query
+      // also picks up the rule for the rest of THIS turn (avoids
+      // re-prompting on the next sibling tool call).
+      updatedPermissions = [{
+        type: 'addRules',
+        rules: [{
+          toolName: row.tool_name,
+          decision: status === 'approved' ? 'allow' : 'deny',
+        }],
+      }];
+    } catch (err) {
+      console.error(`[${BOT_NAME}] chat_tool_decisions persist failed: ${err.message}`);
+      // Non-fatal — the one-time decision still propagates below.
+    }
+  }
+
   await ctx.answerCallbackQuery({ text: status }).catch(() => {});
 
-  resolveApprovalWaiter(id, status);
+  // Pass the original decision token back to the waiter so it can
+  // distinguish 'approved-always' (SDK gets updatedPermissions)
+  // from plain 'approved'. CLI IPC waiters strip back to plain
+  // approve/deny in their wrappedResolve.
+  resolveApprovalWaiter(id, decision === 'approve-always' ? 'approved-always'
+    : decision === 'deny-always' ? 'denied-always'
+    : status, undefined, { updatedPermissions });
 }
 
 // Handles taps on the /model and /effort inline keyboard buttons. Same
@@ -1499,6 +1860,115 @@ async function handleMessage(sessionKey, chatId, msg, bot) {
     await sendReply(info, { params: { reply_markup } });
     return;
   }
+  // 0.8.0 Phase 2 step 7: /new and /reset slash commands. Both close
+  // the current Query (if any), clear the claude_session_id from the
+  // sessions table, and post "✨ Started a fresh session." Next user
+  // message starts a fresh subprocess with no resume.
+  //
+  // Equivalent UX to OpenClaw's /new and /reset handlers
+  // (pi-embedded:40594 BARE_SESSION_RESET_PROMPT). Required by the
+  // 85%-context-full hint (Phase 2 step 4) and by classifier-driven
+  // auto-recovery (step 8) — both reference these commands.
+  // 0.8.0 Phase 2 step 9: /context slash command. On-demand context-
+  // usage report. Only meaningful under SDK pm (CLI pm has no
+  // getContextUsage equivalent); CLI path replies with a hint.
+  if (botAllowsCommands && text === '/context') {
+    if (!USE_SDK) {
+      await sendReply('📚 /context requires the SDK pm (set POLYGRAM_USE_SDK=1 to enable).');
+      return;
+    }
+    const entry = pm.get(sessionKey);
+    const q = entry?.query;
+    if (!q || typeof q.getContextUsage !== 'function') {
+      await sendReply('📚 No active session yet — send a message first, then /context.');
+      return;
+    }
+    try {
+      const u = await q.getContextUsage();
+      const pct = ((u?.percentage ?? 0) * 100).toFixed(0);
+      const total = (u?.totalTokens ?? 0).toLocaleString();
+      const max = (u?.maxTokens ?? 0).toLocaleString();
+      const lines = [`📚 Context: ${total} / ${max} tokens (${pct}%)`];
+      if (u?.model) lines.push(`Model: ${u.model}`);
+      if (u?.isAutoCompactEnabled && u?.autoCompactThreshold) {
+        const thrPct = (u.autoCompactThreshold * 100).toFixed(0);
+        lines.push(`Auto-compact at ${thrPct}%.`);
+      }
+      // Top-3 categories by token cost so the user knows where the
+      // budget is going. SDK exposes a rich breakdown in
+      // u.categories — we just summarise.
+      if (Array.isArray(u?.categories) && u.categories.length) {
+        const top = [...u.categories]
+          .filter((c) => Number.isFinite(c?.tokens) && c.tokens > 0)
+          .sort((a, b) => b.tokens - a.tokens)
+          .slice(0, 3)
+          .map((c) => `  • ${c.label || c.name || '?'}: ${c.tokens.toLocaleString()}`);
+        if (top.length) lines.push('Top categories:', ...top);
+      }
+      await sendReply(lines.join('\n'));
+    } catch (err) {
+      console.error(`[${label}] /context failed: ${err.message}`);
+      await sendReply(`📚 Couldn't fetch context info: ${err.message}`);
+    }
+    return;
+  }
+  if (botAllowsCommands && (text === '/new' || text === '/reset')) {
+    let drained = 0;
+    if (typeof pm.resetSession === 'function') {
+      try {
+        const r = await pm.resetSession(sessionKey, { reason: text.slice(1) });
+        drained = r?.drainedPendings ?? 0;
+      } catch (err) {
+        console.error(`[${label}] resetSession ${text}: ${err.message}`);
+      }
+    } else {
+      // CLI pm fallback: kill the session; sessions table cleared
+      // via clearSessionId in pm's proc.on('close') resume-fail
+      // path (lib/process-manager.js:457). We force the path by
+      // setting the kill rationale so the close handler treats it
+      // as a successful reset.
+      try { await pm.kill(sessionKey); }
+      catch (err) { console.error(`[${label}] kill on ${text}: ${err.message}`); }
+      try { db.clearSessionId(sessionKey); } catch { /* swallow */ }
+    }
+    logEvent('session-reset-command', {
+      chat_id: chatId, command: text, drained_pendings: drained,
+      user: cmdUser, user_id: cmdUserId,
+    });
+    await sendReply('✨ Started a fresh session.');
+    return;
+  }
+  // 0.8.0 Phase 2 step 1: /steer <text> — mid-turn steering. Pushes
+  // a priority:'now' user message onto the active Query so Claude
+  // sees it without waiting for the in-flight turn to fully
+  // complete. SDK pm only — CLI pm has no steer primitive (its
+  // stream-json transport is request-response, not interruptible
+  // mid-turn). Falls back to /new under CLI pm.
+  if (botAllowsCommands && text.startsWith('/steer ')) {
+    const steerText = text.slice(7).trim();
+    if (!steerText) { await sendReply('Usage: /steer <text>'); return; }
+    if (!USE_SDK || typeof pm.steer !== 'function') {
+      await sendReply('🛞 /steer requires the SDK pm (set POLYGRAM_USE_SDK=1 to enable).');
+      return;
+    }
+    if (!pm.has(sessionKey)) {
+      await sendReply('🛞 No active session — /steer only works mid-turn. Send a message first, then /steer while it\'s thinking.');
+      return;
+    }
+    const ok = pm.steer(sessionKey, steerText);
+    if (ok) {
+      logEvent('steer-command', {
+        chat_id: chatId, text_len: steerText.length,
+        user: cmdUser, user_id: cmdUserId,
+      });
+      // Quiet ack so user knows it landed; the actual response will
+      // arrive as the in-flight turn's continuation.
+      await sendReply('🛞 Steering applied. Watching for the response.');
+    } else {
+      await sendReply('🛞 Couldn\'t apply steer — session may have just closed.');
+    }
+    return;
+  }
   // Graceful respawn of the user's CURRENT session only. With
   // isolateTopics=false the sessionKey is just the chat (one shared
   // session for the whole chat — every topic respawns implicitly).
@@ -1884,6 +2354,52 @@ async function handleMessage(sessionKey, chatId, msg, bot) {
     chat_id: chatId, msg_id: msg.message_id, status: 'replied',
   }), 'set handler_status=replied');
 
+  // 0.8.0 Phase 2 step 1 — AUTOSTEER. If SDK pm is active AND there's
+  // already an in-flight turn for this session AND autosteer isn't
+  // disabled in config, route this user message via pm.steer()
+  // instead of pm.send(). Matches OpenClaw's default UX: typing a
+  // follow-up while the bot is mid-reply MERGES into the active
+  // turn rather than queueing as a separate response. Saves a turn,
+  // saves tokens, feels more conversational.
+  //
+  // Opt-out: config.bot.autosteer === false (or per-chat
+  // chatConfig.autosteer === false). CLI pm always falls through
+  // to the queue-FIFO path (no steer primitive on stream-json).
+  //
+  // The steered message gets a 🛞 reaction so the user knows it
+  // landed; no separate reply is generated (the in-flight turn's
+  // response covers both messages, OpenClaw-style).
+  const chatAutosteer = chatConfig.autosteer != null
+    ? chatConfig.autosteer
+    : config.bot?.autosteer;
+  const autosteerEnabled = USE_SDK && chatAutosteer !== false;
+  if (autosteerEnabled && typeof pm.steer === 'function' && pm.has(sessionKey)) {
+    const entry = pm.get(sessionKey);
+    if (entry?.inFlight) {
+      const ok = pm.steer(sessionKey, prompt);
+      if (ok) {
+        // Quiet ack — no chat-bubble reply, just a reaction so the
+        // user sees their message was incorporated. The in-flight
+        // turn's response will address both questions.
+        tg(bot, 'setMessageReaction', {
+          chat_id: chatId,
+          message_id: msg.message_id,
+          reaction: [{ type: 'emoji', emoji: '🛞' }],
+        }, { source: 'autosteer-ack', botName: BOT_NAME }).catch((err) => {
+          console.error(`[${label}] autosteer reaction: ${err.message}`);
+        });
+        logEvent('autosteer', {
+          chat_id: chatId, msg_id: msg.message_id,
+          text_len: prompt?.length ?? 0,
+        });
+        stopTyping();
+        reactor.stop();
+        markReplied();
+        return;
+      }
+    }
+  }
+
   try {
     // Pass streamer + reactor as per-turn context. pm's callbacks pick
     // them off entry.pendingQueue[0].context so concurrent pendings each
@@ -1930,6 +2446,21 @@ async function handleMessage(sessionKey, chatId, msg, bot) {
     if (result.error) {
       console.error(`[${label}] Error (${elapsed}s):`, result.error);
       reactor.setState('ERROR');
+      // 0.8.0 Phase 2 step 8: classifier-driven auto-recovery. If
+      // the error kind has autoRecover === 'reset_session' (i.e.
+      // role_ordering / context_overflow / missing_tool_input),
+      // tell pm to reset the session NOW so the user's NEXT
+      // message starts fresh — without them having to type /new.
+      // Only fires when pm.resetSession is available (SDK pm
+      // path); CLI pm doesn't have the method.
+      const cls = classifyError(result.error);
+      if (cls.autoRecover === 'reset_session' && typeof pm.resetSession === 'function') {
+        pm.resetSession(sessionKey, { reason: cls.kind })
+          .catch((err) => console.error(`[${label}] auto-reset failed: ${err.message}`));
+        logEvent('auto-recover', {
+          chat_id: chatId, kind: cls.kind, action: 'reset_session',
+        });
+      }
       // 0.6.16: pre-fix, silently markReplied()+return — the user got an
       // error reaction emoji on their message but no actual reply text,
       // AND 'replied' status meant boot replay didn't re-dispatch on next
@@ -1946,6 +2477,30 @@ async function handleMessage(sessionKey, chatId, msg, bot) {
       // every answered message is chat noise (plus triggers reaction
       // notifications for other group members).
       reactor.clear().catch(() => {});
+
+      // 0.8.0 Phase 2 step 4: 85%-context-full live hint. After a
+      // successful turn, peek at SDK's getContextUsage(); if past
+      // 85%, post a quiet hint so the user knows /new will help.
+      // SDK pm only — CLI pm has no equivalent (no Query object,
+      // no getContextUsage). Per-bot opt-out via
+      // config.bot.contextHint = false.
+      if (USE_SDK && config.bot?.contextHint !== false) {
+        const entry = pm.get(sessionKey);
+        const q = entry?.query;
+        if (q && typeof q.getContextUsage === 'function') {
+          q.getContextUsage().then((usage) => {
+            const pct = usage?.percentage ?? 0;
+            if (pct < 0.85) return;
+            return tg(bot, 'sendMessage', {
+              chat_id: chatId,
+              text: `📚 Context window ${(pct * 100).toFixed(0)}% full. Send /new to start fresh — older messages will start dropping soon.`,
+              ...(threadId ? { message_thread_id: threadId } : {}),
+            }, { source: 'context-full-hint', botName: BOT_NAME });
+          }).catch((err) => {
+            console.error(`[${label}] context-hint failed: ${err.message}`);
+          });
+        }
+      }
     }
 
     // 0.7.0: empty-response fallback (port from OpenClaw —
@@ -2161,7 +2716,7 @@ function createBot(token) {
   // Cached once @botUsername is known — was recompiling per inbound msg.
   let mentionRe = null;
   // Hoisted admin-command matcher; was re-allocated per message.
-  const ADMIN_CMD_RE = /^\/(model|effort|config|pair-code|pairings|unpair)(\s|$)/;
+  const ADMIN_CMD_RE = /^\/(model|effort|config|pair-code|pairings|unpair|new|reset|context|steer)(\s|$)/;
   const PAIR_CLAIM_RE = /^\/pair\s+\S+/;
 
   // The filter in main() guarantees config.chats only contains chats owned
@@ -2285,16 +2840,36 @@ function createBot(token) {
       // skip the generic error-reply. If we marked after, there'd be a
       // race where the error-reply slips through.
       if (hadActive) markSessionAborted(sessionKey);
-      // Kill ONLY the user's own session, not every topic in the chat.
-      // Pre-0.6.5 this was pm.killChat(chatId) which fanned out across
-      // all topics under isolateTopics=true: the user typed "stop" in
-      // topic A and the bot tore down topic B's in-flight turn, surfacing
-      // a 💥 reply to topic B's user (whose key was never marked aborted,
-      // so the abort grace window didn't apply). With isolateTopics=false
-      // the sessionKey is the chat itself, so killing one session is the
-      // same as killing the chat — behavior unchanged for the common case.
-      await pm.kill(sessionKey).catch((err) =>
-        console.error(`[${BOT_NAME}] abort kill failed: ${err.message}`));
+      // 0.8.0 Phase 2 step 2: under SDK pm, prefer interrupt() +
+      // drainQueue() — keeps the Query alive (cheap to reuse for
+      // the user's next message), no respawn cost. Falls back to
+      // pm.kill() under CLI pm, which is the original behaviour.
+      //
+      // Why both: interrupt() cancels the in-flight turn at SDK
+      // level WITHOUT tearing down the subprocess; drainQueue()
+      // rejects every queued pending with err.code='INTERRUPTED'
+      // so the abort-grace classifier suppresses error replies.
+      //
+      // Kill ONLY the user's own session, not every topic in the
+      // chat. Pre-0.6.5 this was pm.killChat(chatId) which fanned
+      // out across all topics under isolateTopics=true: the user
+      // typed "stop" in topic A and the bot tore down topic B's
+      // in-flight turn, surfacing a 💥 reply to topic B's user
+      // (whose key was never marked aborted, so the abort grace
+      // window didn't apply). With isolateTopics=false the
+      // sessionKey is the chat itself, so killing one session is
+      // the same as killing the chat — behavior unchanged for the
+      // common case.
+      if (USE_SDK && typeof pm.interrupt === 'function') {
+        await pm.interrupt(sessionKey).catch((err) =>
+          console.error(`[${BOT_NAME}] interrupt failed: ${err.message}`));
+        if (typeof pm.drainQueue === 'function') {
+          pm.drainQueue(sessionKey, 'INTERRUPTED');
+        }
+      } else {
+        await pm.kill(sessionKey).catch((err) =>
+          console.error(`[${BOT_NAME}] abort kill failed: ${err.message}`));
+      }
       logEvent('abort-requested', {
         chat_id: chatId, user_id: msg.from?.id || null,
         had_active: hadActive,
@@ -2698,10 +3273,52 @@ async function main() {
     process.exit(1);
   }
 
+  // 0.8.0 Phase 1 step 11: belt-and-suspenders unhandledRejection
+  // logger. The new pm wraps every Query iteration in try/catch so
+  // SDK throws never leak — but if a callback ever does throw async
+  // (canUseTool body, onResult handler, etc.) the rejection could
+  // escape to the global handler. Without this, Node's default is to
+  // exit the process. With this, we log + persist and keep running
+  // so other chats are unaffected.
+  process.on('unhandledRejection', (reason, promise) => {
+    const reasonStr = reason instanceof Error
+      ? `${reason.message}\n${(reason.stack || '').split('\n').slice(0, 3).join('\n')}`
+      : String(reason);
+    console.error(`[polygram] unhandledRejection: ${reasonStr.slice(0, 1000)}`);
+    try {
+      db.logEvent('unhandled-rejection', {
+        reason: String(reason instanceof Error ? reason.message : reason).slice(0, 500),
+        bot_name: BOT_NAME,
+      });
+    } catch { /* swallow — db might be closing */ }
+  });
+  // Same defensive posture for uncaughtException — Node's default is
+  // exit on these. We want to log + persist + survive (the affected
+  // chat's iteration loop will have rejected its pendings via the
+  // catch in pm's _runIteration, so user-visible UX is "their turn
+  // failed", not "bot died").
+  process.on('uncaughtException', (err) => {
+    console.error(`[polygram] uncaughtException: ${err?.message}\n${err?.stack?.split('\n').slice(0, 5).join('\n')}`);
+    try {
+      db.logEvent('uncaught-exception', {
+        message: String(err?.message || err).slice(0, 500),
+        bot_name: BOT_NAME,
+      });
+    } catch { /* swallow */ }
+  });
+
   const cap = config.maxWarmProcesses || DEFAULT_MAX_WARM_PROCS;
-  pm = new ProcessManager({
+  // 0.8.0 Phase 3: pick pm implementation via env flag. Default
+  // (POLYGRAM_USE_SDK unset) keeps the CLI-based pm — same as 0.7.x.
+  // Set POLYGRAM_USE_SDK=1 to switch to the SDK-backed pm.
+  // Phase 5 soak: enable on umi-assistant first, watch for
+  // regressions, then enable on shumabit.
+  const PMClass = USE_SDK ? ProcessManagerSdk : ProcessManager;
+  const spawnFn = USE_SDK ? buildSdkOptions : spawnClaude;
+  console.log(`[polygram] using ${USE_SDK ? 'SDK' : 'CLI'} ProcessManager`);
+  pm = new PMClass({
     cap,
-    spawnFn: spawnClaude,
+    spawnFn,
     db,
     logger: console,
     onInit: (sessionKey, event, entry) => {
@@ -2765,6 +3382,33 @@ async function main() {
       const s = head?.context?.streamer;
       if (s) s.forceNewMessage();
     },
+    // 0.8.0 Phase 2 step 5: SDK auto-compaction observability. Fires
+    // when SDK emits SDKCompactBoundaryMessage (between turns or
+    // mid-turn — see Phase 0 gate 8.5). Surfaces a quiet system
+    // status note to the chat so the user knows context was
+    // reorganised. Off by default per-bot (announceCompact !== true).
+    // Only fires under SDK pm — the CLI pm has no equivalent event.
+    onCompactBoundary: async (sessionKey, msg, entry) => {
+      const chatCfg = config.chats[entry.chatId] || {};
+      const optIn = chatCfg.announceCompact != null
+        ? chatCfg.announceCompact
+        : config.bot?.announceCompact;
+      if (optIn !== true) return;
+      const meta = msg.compact_metadata || {};
+      const summary = meta.pre_tokens && meta.post_tokens
+        ? ` (${(meta.pre_tokens / 1000).toFixed(0)}K → ${(meta.post_tokens / 1000).toFixed(0)}K tokens)`
+        : '';
+      const threadId = entry.threadId || undefined;
+      try {
+        await tg(bot, 'sendMessage', {
+          chat_id: entry.chatId,
+          text: `🗜️ Memory compacted${summary} — earlier context summarised.`,
+          ...(threadId ? { message_thread_id: threadId } : {}),
+        }, { source: 'compact-boundary', botName: BOT_NAME });
+      } catch (err) {
+        console.error(`[${entry.label}] compact-boundary post: ${err.message}`);
+      }
+    },
     // Fires after a graceful /model or /effort drain has actually
     // swapped to the new settings. Post a confirmation back to the
     // chat ONLY when wasDrained=true — the user actively waited for an