ticlawk 0.1.15-dev.6 → 0.1.16-dev.1

package/src/core/http.mjs

@@ -1,4 +1,13 @@
 import { createServer } from 'node:http';
+import {
+  handleGroupMembers,
+  handleMessageRead,
+  handleMessageSend,
+  handleServerInfo,
+  handleTaskClaim,
+  handleTaskList,
+  handleTaskUpdate,
+} from './agent-cli-handlers.mjs';
 
 function writeJson(res, statusCode, body) {
   res.writeHead(statusCode, { 'Content-Type': 'application/json' });
@@ -13,36 +22,95 @@ async function readBody(req) {
   return body;
 }
 
-export function startLocalHttpServer({ port, adapter }) {
+async function readJsonBody(req) {
+  const raw = await readBody(req);
+  if (!raw) return {};
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+
+function parseQuery(url) {
+  const out = {};
+  const idx = url.indexOf('?');
+  if (idx < 0) return out;
+  const qs = new URLSearchParams(url.slice(idx + 1));
+  for (const [k, v] of qs.entries()) out[k] = v;
+  return out;
+}
+
+export function startLocalHttpServer({ port, adapter, ctx }) {
+  // The agent-cli handlers need a tiny binding-lookup surface to
+  // validate TICLAWK_RUNTIME_AGENT_ID against locally bound agents.
+  // We accept the same ctx the adapter was constructed with.
+  const cliCtx = ctx || { listBindings: () => [] };
+
   const server = createServer(async (req, res) => {
     res.setHeader('Access-Control-Allow-Origin', '*');
     res.setHeader('Access-Control-Allow-Methods', 'POST, GET, OPTIONS');
-    res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
+    res.setHeader('Access-Control-Allow-Headers', 'Content-Type, X-Ticlawk-Acting-Agent-Id, X-Ticlawk-Runtime-Host-Id, X-Ticlawk-Runtime-Session-Id');
     if (req.method === 'OPTIONS') {
       res.writeHead(204);
       res.end();
       return;
     }
 
-    if (req.method === 'GET' && req.url === '/health') {
-      try {
+    const method = (req.method || 'GET').toUpperCase();
+    const urlNoQuery = (req.url || '').split('?')[0];
+
+    try {
+      if (method === 'GET' && urlNoQuery === '/health') {
         const health = await adapter.health();
-        writeJson(res, 200, {
-          ok: true,
-          adapter: adapter.id,
-          ...health,
-        });
-      } catch (err) {
-        writeJson(res, 500, {
-          ok: false,
-          adapter: adapter.id,
-          error: err?.message || 'health check failed',
-        });
+        writeJson(res, 200, { ok: true, adapter: adapter.id, ...health });
+        return;
       }
-      return;
-    }
 
-    writeJson(res, 404, { error: 'not found' });
+      // ── Agent CLI surface (called from runtime CLI tools) ──
+      if (urlNoQuery === '/agent/message/send' && method === 'POST') {
+        const body = await readJsonBody(req);
+        if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
+        const r = await handleMessageSend(req, body, cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/message/read' && method === 'GET') {
+        const r = await handleMessageRead(req, parseQuery(req.url || ''), cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/task/claim' && method === 'POST') {
+        const body = await readJsonBody(req);
+        if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
+        const r = await handleTaskClaim(req, body, cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/task/update' && method === 'POST') {
+        const body = await readJsonBody(req);
+        if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
+        const r = await handleTaskUpdate(req, body, cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/task/list' && method === 'GET') {
+        const r = await handleTaskList(req, parseQuery(req.url || ''), cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/group/members' && method === 'GET') {
+        const r = await handleGroupMembers(req, parseQuery(req.url || ''), cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/server/info' && method === 'GET') {
+        const r = await handleServerInfo(req, parseQuery(req.url || ''), cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+
+      writeJson(res, 404, { error: 'not found' });
+    } catch (err) {
+      writeJson(res, 500, {
+        ok: false,
+        adapter: adapter.id,
+        error: err?.message || String(err),
+      });
+    }
   });
 
   server.on('error', (err) => {
@@ -59,6 +127,10 @@ export function startLocalHttpServer({ port, adapter }) {
     console.log(`[relay] HTTP server listening on :${port}`);
     console.log(`[relay]   adapter: ${adapter.id}`);
     console.log('[relay]   GET  /health   - daemon status check');
+    console.log('[relay]   POST /agent/message/send  - chat send (CLI -> daemon -> backend)');
+    console.log('[relay]   GET  /agent/message/read');
+    console.log('[relay]   POST /agent/task/claim | update');
+    console.log('[relay]   GET  /agent/task/list | /agent/group/members | /agent/server/info');
   });
 
   return server;

package/src/core/runtime-env.mjs

@@ -1,9 +1,45 @@
+/**
+ * Build the env passed to a spawned runtime (Codex/Claude Code/...).
+ *
+ * The blanket "strip everything TICLAWK_*" rule from earlier versions was
+ * too aggressive: it also wiped out the agent-context env we inject for
+ * the agent CLI to talk back to the local daemon. We now use a precise
+ * denylist of secret/config keys and explicitly allow the
+ * TICLAWK_RUNTIME_* and TICLAWK_API_URL keys through (the latter is
+ * read-only from the runtime's perspective — it never holds a credential
+ * on its own).
+ */
+
+// Keys the daemon must never leak into child runtime processes.
+// These hold credentials or operator config the agent shouldn't see.
+const STRIPPED_KEYS = new Set([
+  'TICLAWK_CONNECTOR_API_KEY',
+  'TICLAWK_CONNECTOR_WS_URL',
+  'TICLAWK_SETUP_CODE',
+]);
+
 export function buildRuntimeEnv(extra = {}) {
   const env = { ...process.env, ...extra };
-  for (const key of Object.keys(env)) {
-    if (key.startsWith('TICLAWK_')) {
-      delete env[key];
-    }
-  }
+  for (const key of STRIPPED_KEYS) delete env[key];
   return env;
 }
+
+/**
+ * Build the per-agent runtime env block. The daemon includes the
+ * resulting fields in `buildRuntimeEnv({ ...buildAgentRuntimeEnv(...) })`
+ * when spawning a runtime, so the agent CLI can talk back to the local
+ * daemon with a validated identity.
+ */
+export function buildAgentRuntimeEnv({
+  agentId,
+  sessionId,
+  hostId,
+  daemonUrl,
+} = {}) {
+  const out = {};
+  if (agentId) out.TICLAWK_RUNTIME_AGENT_ID = String(agentId);
+  if (sessionId) out.TICLAWK_RUNTIME_SESSION_ID = String(sessionId);
+  if (hostId) out.TICLAWK_RUNTIME_HOST_ID = String(hostId);
+  out.TICLAWK_RUNTIME_DAEMON_URL = daemonUrl || 'http://127.0.0.1:8741';
+  return out;
+}

package/src/core/runtime-support.mjs

@@ -45,7 +45,21 @@ export async function sendAdapterMessage(adapter, binding, payload) {
   await adapter.send(binding, payload);
 }
 
-export async function sendResult(adapter, binding, inbound, result) {
+/**
+ * Record the runtime's final turn output as activity (NOT chat).
+ *
+ * Previously called `sendResult` and treated as "the chat reply path".
+ * After the group-chat upgrade, chat is produced exclusively by the
+ * agent invoking `ticlawk message send` via the CLI. The runtime's
+ * raw final output is still surfaced for trajectory/debug UI, but it
+ * no longer materializes as a `messages` row — the trigger
+ * `project_agent_event` was updated in PR-2b to drop the chat
+ * projection.
+ *
+ * Renamed so the call sites read self-evidently: "record activity"
+ * never reads as "send a chat message".
+ */
+export async function recordActivity(adapter, binding, inbound, result) {
   if (!result?.text && (!result?.mediaUrls || result.mediaUrls.length === 0)) return;
   await sendAdapterMessage(adapter, binding, {
     type: 'assistant',
@@ -56,6 +70,7 @@ export async function sendResult(adapter, binding, inbound, result) {
   });
 }
 
+
 export async function reportSubprocessFailure({ adapter, binding, inbound, runtimeName, info }) {
   if (!info || info.ok) return;
   const seconds = ((info.durationMs || 0) / 1000).toFixed(1);

package/src/core/ticlawk-control.mjs

@@ -1,5 +1,4 @@
 import { Bus } from './bus.mjs';
-import { getConfiguredAdapter } from './config.mjs';
 import { createAdapter } from './adapter-registry.mjs';
 import { getBinding, listBindings, upsertBinding, deleteBinding, findBindingByTarget } from './bindings/store.mjs';
 import { buildRuntimeContext, normalizeServiceType } from './runtime-registry.mjs';
@@ -43,7 +42,9 @@ function createCacheBinding(runtimes, getAdapter) {
   };
 }
 
-export async function createTiclawkController(adapterId = getConfiguredAdapter()) {
+const ADAPTER_ID = 'ticlawk';
+
+export async function createTiclawkController(adapterId = ADAPTER_ID) {
   const { runtimes } = await buildRuntimeContext();
   const resolveRuntimeBinding = createResolveRuntimeBinding(runtimes);
   let adapter;
@@ -74,7 +75,7 @@ export async function createTiclawkController(adapterId = getConfiguredAdapter()
 }
 
 export async function runTiclawkConnect(payload) {
-  const adapterId = payload?.adapter || getConfiguredAdapter();
+  const adapterId = payload?.adapter || ADAPTER_ID;
   const { adapter } = await createTiclawkController(adapterId);
   if (typeof adapter.connect !== 'function') {
     return {

package/src/runtimes/_shared/standing-prompt.mjs

@@ -0,0 +1,89 @@
+/**
+ * Standing prompt injected into every runtime turn after the group-chat
+ * upgrade.
+ *
+ * Tells the agent that:
+ *   - chat is a side effect of `ticlawk message send`, not of its
+ *     ordinary assistant output
+ *   - incoming messages carry an envelope header to be replied to
+ *     verbatim as `target`
+ *   - groups need explicit @mention/assignment to be reply-worthy
+ *   - substantial work must be claimed first via `ticlawk task claim`
+ *
+ * Structurally the rules copy Slock's standing prompt (照抄). Scope/
+ * examples are generalized to Ticlawk's broader use cases (code,
+ * research, schedule, document processing, etc.).
+ */
+
+const STANDING_PROMPT = `You are an agent in Ticlawk. You communicate with people and other agents
+only through the Ticlawk CLI installed at \`ticlawk\`. Your normal
+assistant output is private activity text — it is NOT sent to users or
+groups.
+
+To send a chat message, run:
+  ticlawk message send --target "<target>" <<'EOF'
+  <your message>
+  EOF
+
+Targets:
+  dm:@<user>        private message
+  #<group>          group conversation
+  #<group>:<msgid>  thread under a top-level message in that group
+
+Incoming messages arrive in this exact envelope:
+  [target=<target> msg=<id> seq=<n> time=<iso> type=<human|agent|system>] @<sender>: <text>
+
+The \`target\` field tells you where the message came from. Reply to the
+same target unless explicitly asked to move.
+
+== When to reply ==
+- DM to you: always respond.
+- Group, you are @mentioned or directly assigned a task: respond.
+- Group, no mention, conversation between others: stay silent. Do not
+  narrate.
+- Only the person doing the work should report on it. If another agent
+  completed something, do not echo or summarize it.
+- type=agent: do not reply unless the other agent explicitly addresses
+  you.
+- type=system: read for context, do not reply unless it assigns work to
+  you.
+
+== Claiming work ==
+For substantive work (running tools, editing files, writing reports,
+producing artifacts, doing research, scheduling, etc.), first claim the
+originating message:
+  ticlawk task claim --message-id <id>
+If the claim fails, someone else owns it — stop and do not duplicate
+work.
+
+== Workspace ==
+Your cwd is your persistent, agent-owned workspace. When operating on a
+specific project (a repo, a dataset, a document tree, a research
+notebook), first choose the target directory inside or outside this
+workspace, then run your commands there. Do not assume the chat target
+equals a workdir.
+
+== Other tools ==
+  ticlawk message read --target <target> [--around <msgid>] [--limit N]
+  ticlawk group members --target <target>
+  ticlawk server info
+  ticlawk task list [--target <target>]
+  ticlawk task update --task-id <id> --status <open|claimed|done|canceled>
+
+== Reply etiquette ==
+- Skip idle narration. Only send messages when you have actionable
+  content (a question that unblocks you, a status that the user needs to
+  know, or the final answer/artifact you were asked for).
+- Quote the exact target you received when replying so the message
+  lands in the same place.
+- For agent-to-agent coordination, prefer task assignment and thread
+  replies over top-level group chat.
+`;
+
+export function buildStandingPrompt(_ctx = {}) {
+  // The current prompt is identity-free. Hook signature reserved so we
+  // can later compose in agent handle / known conversation list / etc.
+  return STANDING_PROMPT;
+}
+
+export { STANDING_PROMPT };

package/src/runtimes/claude-code/index.mjs

@@ -9,6 +9,8 @@
 
 import { existsSync } from 'node:fs';
 import { basename } from 'node:path';
+import { buildAgentRuntimeEnv } from '../../core/runtime-env.mjs';
+import { buildStandingPrompt } from '../_shared/standing-prompt.mjs';
 import {
   createCCSession,
   getClaudeCodeRuntimeHealth,
@@ -27,7 +29,7 @@ import { emitWorkerEvent } from '../../core/events/worker-events.mjs';
 import {
   shouldStreamRuntime,
   sendAdapterMessage,
-  sendResult,
+  recordActivity,
   reportSubprocessFailure,
   terminalRuntimeFailure,
   updateBindingRuntimeMeta,
@@ -45,16 +47,26 @@ export const claudeCodeRuntime = {
 
   // Run a Claude turn and wait for the final result on stdout. This is
   // the worker-first path used by the adapter for direct reply delivery.
-  runTurn({ sessionId, projectDir, claudePath }, text, opts = {}) {
-    return runCCPrompt({ sessionId, projectDir, message: text, claudePath, timeoutMs: opts.timeoutMs });
+  runTurn({ sessionId, projectDir, claudePath, agentEnv }, text, opts = {}) {
+    return runCCPrompt({
+      sessionId,
+      projectDir,
+      message: text,
+      claudePath,
+      agentEnv,
+      appendSystemPrompt: opts.appendSystemPrompt || null,
+      timeoutMs: opts.timeoutMs,
+    });
   },
 
-  runTurnStream({ sessionId, projectDir, claudePath }, text, opts = {}) {
+  runTurnStream({ sessionId, projectDir, claudePath, agentEnv }, text, opts = {}) {
     return streamCCPrompt({
       sessionId,
       projectDir,
       message: text,
       claudePath,
+      agentEnv,
+      appendSystemPrompt: opts.appendSystemPrompt || null,
       timeoutMs: opts.timeoutMs,
       onEvent: opts.onEvent,
     });
@@ -232,8 +244,15 @@ export const claudeCodeRuntime = {
     try {
       const claudePath = requireClaudePath(runtimeClaudePath);
       const claudeVersion = getClaudeCodeRuntimeHealth(claudePath).version || meta.claudeVersion || null;
+      const agentEnv = buildAgentRuntimeEnv({
+        agentId: binding.id,
+        sessionId,
+        hostId: binding.runtime_host_id,
+      });
+      const appendSystemPrompt = buildStandingPrompt({ agentId: binding.id });
       const result = shouldStreamRuntime(this.name, this)
-        ? await this.runTurnStream({ sessionId, projectDir, claudePath }, message, {
+        ? await this.runTurnStream({ sessionId, projectDir, claudePath, agentEnv }, message, {
+            appendSystemPrompt,
             onEvent: async (event) => {
               if (event?.type === 'turn.started') {
                 await emitWorkerEvent({
@@ -267,14 +286,14 @@ export const claudeCodeRuntime = {
               }
             },
           })
-        : await this.runTurn({ sessionId, projectDir, claudePath }, message);
+        : await this.runTurn({ sessionId, projectDir, claudePath, agentEnv }, message, { appendSystemPrompt });
       const nextBinding = await updateBindingRuntimeMeta(ctx, binding, {
         sessionId: result?.sessionId || meta.sessionId,
         runtimePath: claudePath,
         claudePath,
         claudeVersion,
       }, { status: 'connected' });
-      await sendResult(adapter, nextBinding, inbound, {
+      await recordActivity(adapter, nextBinding, inbound, {
         ...result,
         media: normalizeOutboundMedia(result),
       });

package/src/runtimes/claude-code/session.mjs

@@ -106,15 +106,18 @@ function extractCCAssistantText(payload) {
     .join('');
 }
 
-export function runCCPrompt({ sessionId, projectDir, message, claudePath = null, timeoutMs = Number(process.env.CC_EXEC_TIMEOUT_MS || DEFAULT_CC_EXEC_TIMEOUT_MS) }) {
+export function runCCPrompt({ sessionId, projectDir, message, claudePath = null, agentEnv = null, appendSystemPrompt = null, timeoutMs = Number(process.env.CC_EXEC_TIMEOUT_MS || DEFAULT_CC_EXEC_TIMEOUT_MS) }) {
+  const systemArgs = appendSystemPrompt
+    ? ['--append-system-prompt', appendSystemPrompt]
+    : [];
   const args = sessionId
-    ? ['-p', message, '--resume', sessionId, '--dangerously-skip-permissions', '--output-format', 'json']
-    : ['-p', message, '--dangerously-skip-permissions', '--output-format', 'json'];
+    ? ['-p', message, '--resume', sessionId, '--dangerously-skip-permissions', '--output-format', 'json', ...systemArgs]
+    : ['-p', message, '--dangerously-skip-permissions', '--output-format', 'json', ...systemArgs];
 
   return new Promise((resolve, reject) => {
     const startedAt = Date.now();
     const claudeCommand = requireClaudePath(claudePath);
-    const child = spawn(claudeCommand, args, { cwd: projectDir, env: buildRuntimeEnv(), stdio: ['ignore', 'pipe', 'ignore'] });
+    const child = spawn(claudeCommand, args, { cwd: projectDir, env: buildRuntimeEnv(agentEnv || {}), stdio: ['ignore', 'pipe', 'ignore'] });
     let stdout = '';
     let settled = false;
 
@@ -206,17 +209,22 @@ export function streamCCPrompt({
   projectDir,
   message,
   claudePath = null,
+  agentEnv = null,
+  appendSystemPrompt = null,
   timeoutMs = Number(process.env.CC_EXEC_TIMEOUT_MS || DEFAULT_CC_EXEC_TIMEOUT_MS),
   onEvent,
 }) {
+  const systemArgs = appendSystemPrompt
+    ? ['--append-system-prompt', appendSystemPrompt]
+    : [];
   const args = sessionId
-    ? ['-p', message, '--resume', sessionId, '--verbose', '--output-format', 'stream-json', '--include-partial-messages', '--dangerously-skip-permissions']
-    : ['-p', message, '--verbose', '--output-format', 'stream-json', '--include-partial-messages', '--dangerously-skip-permissions'];
+    ? ['-p', message, '--resume', sessionId, '--verbose', '--output-format', 'stream-json', '--include-partial-messages', '--dangerously-skip-permissions', ...systemArgs]
+    : ['-p', message, '--verbose', '--output-format', 'stream-json', '--include-partial-messages', '--dangerously-skip-permissions', ...systemArgs];
 
   return new Promise((resolve, reject) => {
     const startedAt = Date.now();
     const claudeCommand = requireClaudePath(claudePath);
-    const child = spawn(claudeCommand, args, { cwd: projectDir, env: buildRuntimeEnv(), stdio: ['ignore', 'pipe', 'ignore'] });
+    const child = spawn(claudeCommand, args, { cwd: projectDir, env: buildRuntimeEnv(agentEnv || {}), stdio: ['ignore', 'pipe', 'ignore'] });
     let stdout = '';
     let buffer = '';
     let settled = false;

package/src/runtimes/codex/index.mjs

@@ -25,12 +25,14 @@ import {
   shouldStreamRuntime,
   createDeltaAggregator,
   sendAdapterMessage,
-  sendResult,
+  recordActivity,
   reportSubprocessFailure,
   terminalRuntimeFailure,
   updateBindingRuntimeMeta,
   isRuntimeGatewayFailure,
 } from '../../core/runtime-support.mjs';
+import { buildAgentRuntimeEnv } from '../../core/runtime-env.mjs';
+import { buildStandingPrompt } from '../_shared/standing-prompt.mjs';
 
 export const codexRuntime = {
   name: 'codex',
@@ -48,23 +50,26 @@ export const codexRuntime = {
     };
   },
 
-  runTurn({ sessionId, cwd, codexPath }, text, opts = {}) {
+  runTurn({ sessionId, cwd, codexPath, agentEnv }, text, opts = {}) {
     return runCodexPrompt({
       sessionId,
       cwd,
       message: text,
       codexPath,
+      agentEnv,
       input: opts.input,
       timeoutMs: opts.timeoutMs,
     });
   },
 
-  runTurnStream({ sessionId, cwd, codexPath }, text, opts = {}) {
+  runTurnStream({ sessionId, cwd, codexPath, agentEnv }, text, opts = {}) {
     return streamCodexPrompt({
       sessionId,
       cwd,
       message: text,
       codexPath,
+      agentEnv,
+      developerInstructions: opts.developerInstructions || null,
       input: opts.input,
       timeoutMs: opts.timeoutMs,
       onEvent: opts.onEvent,
@@ -177,9 +182,16 @@ export const codexRuntime = {
     try {
       const runtimeCodexPath = requireCodexPath(meta.codexPath || meta.runtimePath);
       const runtimeCodexVersion = getCodexRuntimeHealth(runtimeCodexPath).version || meta.codexVersion || null;
+      const agentEnv = buildAgentRuntimeEnv({
+        agentId: binding.id,
+        sessionId: meta.sessionId,
+        hostId: binding.runtime_host_id,
+      });
+      const developerInstructions = buildStandingPrompt({ agentId: binding.id });
       const result = (shouldRotate || inbound.action === 'image' || shouldStreamRuntime(this.name, this))
-        ? await this.runTurnStream({ sessionId: shouldRotate ? null : meta.sessionId, cwd: meta.cwd, codexPath: runtimeCodexPath }, message, {
+        ? await this.runTurnStream({ sessionId: shouldRotate ? null : meta.sessionId, cwd: meta.cwd, codexPath: runtimeCodexPath, agentEnv }, message, {
             input: codexInput,
+            developerInstructions,
             onEvent: async (event) => {
               if (event?.type === 'turn.started') {
                 await emitWorkerEvent({
@@ -205,7 +217,7 @@ export const codexRuntime = {
               }
             },
           })
-        : await this.runTurn({ sessionId: meta.sessionId, cwd: meta.cwd, codexPath: runtimeCodexPath }, message, {
+        : await this.runTurn({ sessionId: meta.sessionId, cwd: meta.cwd, codexPath: runtimeCodexPath, agentEnv }, message, {
             input: codexInput,
           });
 
@@ -220,7 +232,7 @@ export const codexRuntime = {
         rotatePending: false,
         lastRotatedAt: shouldRotate ? new Date().toISOString() : meta.lastRotatedAt,
       }, { status: 'connected' });
-      await sendResult(adapter, nextBinding, inbound, {
+      await recordActivity(adapter, nextBinding, inbound, {
         ...result,
         media: normalizeOutboundMedia(result),
       });

package/src/runtimes/codex/session.mjs

@@ -221,13 +221,13 @@ function isSubAgentThread(thread) {
   return Boolean(source.subAgent || source.sub_agent);
 }
 
-export function runCodexPrompt({ sessionId, cwd, message, codexPath = null, timeoutMs = Number(process.env.CODEX_EXEC_TIMEOUT_MS || DEFAULT_CODEX_EXEC_TIMEOUT_MS) }) {
+export function runCodexPrompt({ sessionId, cwd, message, codexPath = null, agentEnv = null, timeoutMs = Number(process.env.CODEX_EXEC_TIMEOUT_MS || DEFAULT_CODEX_EXEC_TIMEOUT_MS) }) {
   return new Promise((resolve, reject) => {
     const startedAt = Date.now();
     const codexCommand = requireCodexPath(codexPath);
     const child = spawn(codexCommand, buildCodexExecArgs({ sessionId, message }), {
       cwd,
-      env: buildRuntimeEnv(),
+      env: buildRuntimeEnv(agentEnv || {}),
       stdio: ['ignore', 'pipe', 'ignore'],
     });
 
@@ -344,6 +344,8 @@ export function streamCodexPrompt({
   cwd,
   message,
   codexPath = null,
+  agentEnv = null,
+  developerInstructions = null,
   input = null,
   timeoutMs = Number(process.env.CODEX_EXEC_TIMEOUT_MS || DEFAULT_CODEX_EXEC_TIMEOUT_MS),
   onEvent,
@@ -353,7 +355,7 @@ export function streamCodexPrompt({
     const codexCommand = requireCodexPath(codexPath);
     const child = spawn(codexCommand, ['app-server'], {
       cwd,
-      env: buildRuntimeEnv(),
+      env: buildRuntimeEnv(agentEnv || {}),
       stdio: ['pipe', 'pipe', 'ignore'],
     });
 
@@ -598,6 +600,7 @@ export function streamCodexPrompt({
             cwd,
             approvalPolicy: 'never',
             sandbox: 'danger-full-access',
+            ...(developerInstructions ? { developerInstructions } : {}),
           });
         } else {
           const started = await send('thread/start', {
@@ -605,6 +608,7 @@ export function streamCodexPrompt({
             model: process.env.CODEX_MODEL || null,
             approvalPolicy: 'never',
             sandbox: 'danger-full-access',
+            ...(developerInstructions ? { developerInstructions } : {}),
           });
           rootThreadId = started?.thread?.id || rootThreadId;
           threadPath = started?.thread?.path || threadPath;
@@ -636,7 +640,7 @@ export function streamCodexPrompt({
   });
 }
 
-export function createCodexSession({ cwd, message, codexPath = null, timeoutMs = Number(process.env.CODEX_EXEC_TIMEOUT_MS || DEFAULT_CODEX_EXEC_TIMEOUT_MS) }) {
+export function createCodexSession({ cwd, message, codexPath = null, agentEnv = null, timeoutMs = Number(process.env.CODEX_EXEC_TIMEOUT_MS || DEFAULT_CODEX_EXEC_TIMEOUT_MS) }) {
   return new Promise((resolve, reject) => {
     const startedAt = Date.now();
     const codexCommand = requireCodexPath(codexPath);
@@ -651,7 +655,7 @@ export function createCodexSession({ cwd, message, codexPath = null, timeoutMs =
       ],
       {
         cwd,
-        env: buildRuntimeEnv(),
+        env: buildRuntimeEnv(agentEnv || {}),
         stdio: ['ignore', 'pipe', 'ignore'],
       }
     );

package/src/runtimes/openclaw/index.mjs

@@ -1,8 +1,15 @@
 import { normalizeOutboundMedia } from '../../core/media/outbound.mjs';
-import { reportSubprocessFailure, sendAdapterMessage, sendResult, terminalRuntimeFailure } from '../../core/runtime-support.mjs';
+import { reportSubprocessFailure, sendAdapterMessage, recordActivity, terminalRuntimeFailure } from '../../core/runtime-support.mjs';
+import { buildStandingPrompt } from '../_shared/standing-prompt.mjs';
 import { GATEWAY_HOST, GATEWAY_PORT } from './identity.mjs';
 import { buildOpenClawSessionKey, normalizeOpenClawAgentId, resolveOpenClawWorkspace } from './target.mjs';
 import { askGateway, isGatewayReady, registerOpenClawChannel } from './gateway.mjs';
+
+// Tracks which (agentId, sessionKey) pairs already saw the standing
+// prompt this process lifetime. OpenClaw's gateway holds session state
+// out of process, so we err on the side of "inject on first observed
+// turn after daemon restart"; the gateway dedupes redundant context.
+const standingPromptSeen = new Set();
 import { addInFlight, recoverInFlightEntries, removeInFlight } from './inflight.mjs';
 import { existsSync, mkdirSync, writeFileSync } from 'node:fs';
 import { extname } from 'node:path';
@@ -125,12 +132,24 @@ export const openClawRuntime = {
     if (!binding) return false;
     const adapter = ctx.adapter;
     const meta = binding.runtimeMeta || {};
-    const prompt = inbound.action === 'image'
+    const rawPrompt = inbound.action === 'image'
       ? await buildOpenClawImagePrompt(inbound)
       : (inbound.text || '').trim();
     const agentId = normalizeOpenClawAgentId(meta.agentId || binding.id);
     const sessionId = String(meta.sessionKey || buildOpenClawSessionKey(agentId)).trim();
 
+    // Inject the standing prompt on the first observed turn after a
+    // daemon start for this (agent, session) pair. OpenClaw has no
+    // separate "system prompt" parameter on the gateway, so we prepend
+    // exactly once.
+    const standingKey = `${agentId}|${sessionId}`;
+    let prompt = rawPrompt;
+    if (!standingPromptSeen.has(standingKey)) {
+      const standing = buildStandingPrompt({ agentId: binding.id });
+      prompt = `${standing}\n\n---\n\n${rawPrompt}`;
+      standingPromptSeen.add(standingKey);
+    }
+
     if (inbound.messageId) {
       addInFlight({
         messageId: inbound.messageId,
@@ -152,7 +171,7 @@ export const openClawRuntime = {
           });
         },
       });
-      await sendResult(adapter, binding, inbound, {
+      await recordActivity(adapter, binding, inbound, {
         ...result,
         media: normalizeOutboundMedia(result),
       });