ticlawk 0.1.16-dev.2 → 0.1.16-dev.21

package/src/core/http.mjs

@@ -3,6 +3,25 @@ import {
   handleAttachmentUpload,
   handleAttachmentView,
   handleGroupCreate,
+  handleWorkstreamCharterGet,
+  handleWorkstreamCharterSet,
+  handleWorkstreamCreate,
+  handleWorkstreamDelete,
+  handleWorkstreamList,
+  handleAgentList,
+  handleAgentCreate,
+  handleAgentDelete,
+  handleWorkstreamDashboardSet,
+  handleWorkstreamDashboardGet,
+  handleCredentialRequest,
+  handleBriefingPublish,
+  handleBriefingGet,
+  handleServiceCreate,
+  handleServiceUpdate,
+  handleServiceDelete,
+  handleServiceList,
+  handleServiceInfo,
+  handleServiceCall,
   handleGroupMembers,
   handleGroupMembersAdd,
   handleGroupMembersRemove,
@@ -11,6 +30,7 @@ import {
   handleMessageRead,
   handleMessageSearch,
   handleMessageSend,
+  handleProfileAvatarUpload,
   handleProfileShow,
   handleProfileUpdate,
   handleReminderCancel,
@@ -148,6 +168,12 @@ export function startLocalHttpServer({ port, adapter, ctx }) {
         const r = await handleProfileUpdate(req, body, cliCtx);
         return writeJson(res, r.status, r.body);
       }
+      if (urlNoQuery === '/agent/profile/avatar' && method === 'POST') {
+        const body = await readJsonBody(req);
+        if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
+        const r = await handleProfileAvatarUpload(req, body, cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
       if (urlNoQuery === '/agent/attachment/upload' && method === 'POST') {
         const body = await readJsonBody(req);
         if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
@@ -216,6 +242,106 @@ export function startLocalHttpServer({ port, adapter, ctx }) {
         const r = await handleServerInfo(req, parseQuery(req.url || ''), cliCtx);
         return writeJson(res, r.status, r.body);
       }
+      if (urlNoQuery === '/agent/workstream/charter/get' && method === 'GET') {
+        const r = await handleWorkstreamCharterGet(req, parseQuery(req.url || ''), cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/workstream/charter/set' && method === 'POST') {
+        const body = await readJsonBody(req);
+        if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
+        const r = await handleWorkstreamCharterSet(req, body, cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/workstream/create' && method === 'POST') {
+        const body = await readJsonBody(req);
+        if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
+        const r = await handleWorkstreamCreate(req, body, cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/workstream/delete' && method === 'POST') {
+        const body = await readJsonBody(req);
+        if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
+        const r = await handleWorkstreamDelete(req, body, cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/workstream/list' && method === 'GET') {
+        const r = await handleWorkstreamList(req, parseQuery(req.url || ''), cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/agent/list' && method === 'GET') {
+        const r = await handleAgentList(req, parseQuery(req.url || ''), cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/agent/create' && method === 'POST') {
+        const body = await readJsonBody(req);
+        if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
+        const r = await handleAgentCreate(req, body, cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/agent/delete' && method === 'POST') {
+        const body = await readJsonBody(req);
+        if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
+        const r = await handleAgentDelete(req, body, cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/dashboard/set' && method === 'POST') {
+        const body = await readJsonBody(req);
+        if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
+        const r = await handleWorkstreamDashboardSet(req, body, cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/dashboard/get' && method === 'GET') {
+        const r = await handleWorkstreamDashboardGet(req, parseQuery(req.url || ''), cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/briefing/publish' && method === 'POST') {
+        const body = await readJsonBody(req);
+        if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
+        const r = await handleBriefingPublish(req, body, cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/briefing/get' && method === 'GET') {
+        const r = await handleBriefingGet(req, parseQuery(req.url || ''), cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/credential/request' && method === 'POST') {
+        const body = await readJsonBody(req);
+        if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
+        const r = await handleCredentialRequest(req, body, cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/service/create' && method === 'POST') {
+        const body = await readJsonBody(req);
+        if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
+        const r = await handleServiceCreate(req, body, cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/service/update' && method === 'POST') {
+        const body = await readJsonBody(req);
+        if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
+        const r = await handleServiceUpdate(req, body, cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/service/delete' && method === 'POST') {
+        const body = await readJsonBody(req);
+        if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
+        const r = await handleServiceDelete(req, body, cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/service/list' && method === 'GET') {
+        const r = await handleServiceList(req, parseQuery(req.url || ''), cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/service/info' && method === 'GET') {
+        const r = await handleServiceInfo(req, parseQuery(req.url || ''), cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
+      if (urlNoQuery === '/agent/service/call' && method === 'POST') {
+        const body = await readJsonBody(req);
+        if (body === null) return writeJson(res, 400, { error: 'invalid json body' });
+        const r = await handleServiceCall(req, body, cliCtx);
+        return writeJson(res, r.status, r.body);
+      }
 
       writeJson(res, 404, { error: 'not found' });
     } catch (err) {

package/src/core/runtime-env.mjs

@@ -15,6 +15,7 @@
 const STRIPPED_KEYS = new Set([
   'TICLAWK_CONNECTOR_API_KEY',
   'TICLAWK_CONNECTOR_WS_URL',
+  'TICLAWK_CREDENTIAL_NAMES',
   'TICLAWK_SETUP_CODE',
 ]);
 
@@ -35,11 +36,17 @@ export function buildAgentRuntimeEnv({
   sessionId,
   hostId,
   daemonUrl,
+  conversationId,
+  messageId,
+  target,
 } = {}) {
   const out = {};
   if (agentId) out.TICLAWK_RUNTIME_AGENT_ID = String(agentId);
   if (sessionId) out.TICLAWK_RUNTIME_SESSION_ID = String(sessionId);
   if (hostId) out.TICLAWK_RUNTIME_HOST_ID = String(hostId);
+  if (conversationId) out.TICLAWK_RUNTIME_CONVERSATION_ID = String(conversationId);
+  if (messageId) out.TICLAWK_RUNTIME_MESSAGE_ID = String(messageId);
+  if (target) out.TICLAWK_RUNTIME_TARGET = String(target);
   out.TICLAWK_RUNTIME_DAEMON_URL = daemonUrl || 'http://127.0.0.1:8741';
   return out;
 }

package/src/core/runtime-support.mjs

@@ -3,6 +3,7 @@ import { getAgentHome } from './agent-home.mjs';
 const ERROR_MAX_CHARS = 500;
 const DEFAULT_DELTA_FLUSH_MS = 250;
 const DEFAULT_DELTA_FLUSH_CHARS = 64;
+const MAX_SCOPED_RUNTIME_SESSIONS = 50;
 
 function truncateError(text) {
   if (!text) return null;
@@ -42,36 +43,6 @@ export function shouldStreamRuntime(runtimeName, runtime) {
   return Boolean(runtime?.runTurnStream) && getStreamingMode(runtimeName);
 }
 
-export async function sendAdapterMessage(adapter, binding, payload) {
-  await adapter.send(binding, payload);
-}
-
-/**
- * Record the runtime's final turn output as activity (NOT chat).
- *
- * Previously called `sendResult` and treated as "the chat reply path".
- * After the group-chat upgrade, chat is produced exclusively by the
- * agent invoking `ticlawk message send` via the CLI. The runtime's
- * raw final output is still surfaced for trajectory/debug UI, but it
- * no longer materializes as a `messages` row — the trigger
- * `project_agent_event` was updated in PR-2b to drop the chat
- * projection.
- *
- * Renamed so the call sites read self-evidently: "record activity"
- * never reads as "send a chat message".
- */
-export async function recordActivity(adapter, binding, inbound, result) {
-  if (!result?.text && (!result?.mediaUrls || result.mediaUrls.length === 0)) return;
-  await sendAdapterMessage(adapter, binding, {
-    type: 'assistant',
-    text: result.text || '',
-    media: result.media || [],
-    turnId: inbound.messageId || result?.turnId || null,
-    replyToMessageId: inbound.messageId || null,
-  });
-}
-
-
 export async function reportSubprocessFailure({ adapter, binding, inbound, runtimeName, info }) {
   if (!info || info.ok) return;
   const seconds = ((info.durationMs || 0) / 1000).toFixed(1);
@@ -135,6 +106,106 @@ export async function updateBindingRuntimeMeta(ctx, binding, runtimeMetaPatch, e
   });
 }
 
+function readScopedSessionKey(inbound = {}) {
+  const conversationId = String(inbound?.conversationId || '').trim();
+  if (!conversationId) return '';
+  const threadRoot = String(inbound?.raw?.thread_root_message_id || '').trim();
+  return threadRoot ? `${conversationId}:thread:${threadRoot}` : conversationId;
+}
+
+function normalizeScopedRuntimeSessions(value) {
+  if (!value || typeof value !== 'object' || Array.isArray(value)) return {};
+  const out = {};
+  for (const [key, session] of Object.entries(value)) {
+    if (!key || !session || typeof session !== 'object' || Array.isArray(session)) continue;
+    const sessionId = typeof session.sessionId === 'string' ? session.sessionId.trim() : '';
+    if (!sessionId) continue;
+    out[key] = {
+      sessionId,
+      path: typeof session.path === 'string' ? session.path : null,
+      lastRotatedAt: typeof session.lastRotatedAt === 'string' ? session.lastRotatedAt : null,
+      updatedAt: typeof session.updatedAt === 'string' ? session.updatedAt : null,
+    };
+  }
+  return out;
+}
+
+function pruneScopedRuntimeSessions(sessions) {
+  const entries = Object.entries(sessions);
+  if (entries.length <= MAX_SCOPED_RUNTIME_SESSIONS) return sessions;
+  return Object.fromEntries(entries
+    .sort(([, a], [, b]) => {
+      const aTs = Date.parse(a?.updatedAt || a?.lastRotatedAt || '') || 0;
+      const bTs = Date.parse(b?.updatedAt || b?.lastRotatedAt || '') || 0;
+      return bTs - aTs;
+    })
+    .slice(0, MAX_SCOPED_RUNTIME_SESSIONS));
+}
+
+export function resolveRuntimeSessionScope(meta = {}, inbound = {}) {
+  const key = readScopedSessionKey(inbound);
+  if (!key) {
+    return {
+      key: '',
+      sessions: {},
+      sessionId: meta.sessionId || null,
+      path: meta.path || null,
+      lastRotatedAt: meta.lastRotatedAt || null,
+      shouldRotate: !meta.sessionId || Boolean(meta.rotatePending),
+    };
+  }
+
+  const sessions = meta.rotatePending ? {} : normalizeScopedRuntimeSessions(meta.conversationSessions);
+  const scoped = sessions[key] || {};
+  return {
+    key,
+    sessions,
+    sessionId: scoped.sessionId || null,
+    path: scoped.path || null,
+    lastRotatedAt: scoped.lastRotatedAt || null,
+    shouldRotate: !scoped.sessionId || Boolean(meta.rotatePending),
+  };
+}
+
+export function buildRuntimeSessionMetaPatch(meta = {}, scope = {}, result = {}) {
+  const now = new Date().toISOString();
+  const scoped = Boolean(scope.key);
+  const sessionId = result?.sessionId || scope.sessionId || (scoped ? null : meta.sessionId || null);
+  const path = result?.path || scope.path || (scoped ? null : meta.path || null);
+  const lastRotatedAt = scope.shouldRotate
+    ? now
+    : (scope.lastRotatedAt || meta.lastRotatedAt || now);
+
+  if (!scoped) {
+    return {
+      sessionId,
+      ...(path !== undefined ? { path } : {}),
+      rotatePending: false,
+      lastRotatedAt,
+    };
+  }
+
+  const sessions = {
+    ...(scope.sessions || {}),
+  };
+  if (sessionId) {
+    sessions[scope.key] = {
+      sessionId,
+      path,
+      lastRotatedAt,
+      updatedAt: now,
+    };
+  }
+
+  return {
+    sessionId,
+    path,
+    conversationSessions: pruneScopedRuntimeSessions(sessions),
+    rotatePending: false,
+    lastRotatedAt,
+  };
+}
+
 export function createDeltaAggregator({
   flushDelta,
   flushMs = DEFAULT_DELTA_FLUSH_MS,

package/src/migrate/write-initial-memory.mjs

@@ -1,12 +1,12 @@
 #!/usr/bin/env node
-// Seed the slock-style per-agent home + MEMORY.md for every paired
-// agent in the linked Supabase project.
+// Seed the per-agent home + MEMORY.md for every paired agent in the
+// linked Supabase project.
 //
 //   ~/.ticlawk/agents/<agent_id>/MEMORY.md
 //
-// This replaces the Phase-B variant that wrote MEMORY.md into each
-// agent's *project* workdir. The new design follows slock exactly:
-// agent cwd = its own home dir, MEMORY.md lives in cwd.
+// Replaces the Phase-B variant that wrote MEMORY.md into each agent's
+// project workdir. Each agent now has its own home dir as cwd, with
+// MEMORY.md living at the root of that home.
 //
 // Usage:
 //   node src/migrate/write-initial-memory.mjs           # dry-run

package/src/runtimes/_shared/brand.mjs

@@ -0,0 +1 @@
+export const BRAND_NAME = 'Ticlawk';

package/src/runtimes/_shared/goal-task-protocol.mjs

@@ -0,0 +1,228 @@
+/**
+ * Canonical Ticlawk goal/task protocol module.
+ *
+ * Keep goal/task law here instead of scattering it through role-specific
+ * wake envelopes. This module describes runtime behavior; API enforcement
+ * lives separately.
+ */
+
+import { BRAND_NAME } from './brand.mjs';
+
+export const GOAL_TASK_PROTOCOL_MODULE = 'goal-task-protocol';
+
+function getInboundRaw(ctx = {}) {
+  return ctx?.inbound?.raw && typeof ctx.inbound.raw === 'object'
+    ? ctx.inbound.raw
+    : {};
+}
+
+function promptBlock(text) {
+  return text.trim();
+}
+
+function inferScope(ctx = {}) {
+  const raw = getInboundRaw(ctx);
+  const conversationType = String(raw.conversation_type || '').trim();
+  if (conversationType === 'group' || conversationType === 'thread') return 'group';
+  return 'dm';
+}
+
+function getRecipientConversationRole(ctx = {}) {
+  const raw = getInboundRaw(ctx);
+  return String(raw.recipient_conversation_role || raw.recipient_role || '').trim().toLowerCase() || 'member';
+}
+
+function hasConversationAdminRole(ctx = {}) {
+  const raw = getInboundRaw(ctx);
+  if (raw.recipient_is_conversation_admin === true) return true;
+  const role = getRecipientConversationRole(ctx);
+  return role === 'admin' || role === 'owner';
+}
+
+function hasGoalAuthority(ctx = {}) {
+  const scope = inferScope(ctx);
+  if (scope === 'dm') return true;
+  return hasConversationAdminRole(ctx);
+}
+
+function buildUniversalInvariants() {
+  return promptBlock(`
+Universal goal/task invariants:
+- Every conversation can have a chartered goal.
+- Group conversations can also have a shared task board.
+- Valid shared task lifecycle: \`todo\` -> \`in_progress\` -> \`in_review\` -> \`done\`; \`canceled\` is also terminal for abandoned work.
+- Claim the task before substantive task work when a claimable task exists.
+`);
+}
+
+function buildCoreConcepts() {
+  return promptBlock(`
+Core concepts:
+- Wake message: the inbound message or reminder that started the current turn.
+- Conversation: a DM or group where messages, goals, tasks, and context live.
+- Goal: the desired outcome of the conversation, whether it is a DM or group.
+- Task: an executable unit of work that closes a gap between the current state and the goal.
+- Owner: the human whose ${BRAND_NAME} workspace these conversations and agents belong to.
+- DM: a private conversation. The agent in the DM owns the goal loop for that direct ask.
+- Group: a shared conversation. Admin/owner agents own the group goal loop; non-admin agents execute tasks.
+- Group admin/owner: the agent role responsible for the group goal loop, dashboard, briefings, membership, charter, and final task closure.
+- Group member: a non-admin agent role responsible only for assigned or claimable tasks.
+- Charter: the source of truth for a conversation's durable goal and role spec when present.
+- Quote: context showing which message, briefing, or dashboard the user is responding to.
+- Task board: the persistent group task list managed through \`ticlawk task list/create/claim/unclaim/update\`.
+- Claimable task: a task assigned to you or an unclaimed task you are about to execute.
+- Dashboard: an owner-facing HTML report for the conversation goal. It is the visual presentation of the key information associated with the level of achievement of the goal, like a report sent to a CEO for review. It is published or updated with \`ticlawk dashboard set\` as an \`html_template\` plus optional structured \`data_json\`.
+- Briefing: an active notification to the owner. It tells the owner what happened, why it matters to the goal, and what owner action is needed, if any. It is published with \`ticlawk briefing publish --text "..." --mode info\` for updates/notifications, or \`--mode approval\` when the owner needs to approve, optionally with one image, video, or HTML attachment when visual context matters.
+`);
+}
+
+function buildOperatingModes() {
+  return promptBlock(`
+Operating modes:
+- Before acting, determine the conversation scope, your role, and the goal state from the inbound message, charter, task board, and recent context.
+- In a DM, own the direct ask. Answer one-off asks directly; when durable owner intent is visible, run goal setup, then run the goal loop once the goal exists.
+- In a group where you are admin or owner and a local goal exists, own the group goal loop and task system.
+- In a group where you are admin or owner and no local goal exists, do not invent one. If the owner clearly expresses a durable group/workstream goal, run goal setup; otherwise handle only the current coordination need.
+- In a group where you are not admin or owner, do not drive the group goal. Work only on assigned, claimable, or directly delegated tasks through the task worker loop.
+- Ambient group messages are visible context, not automatic work, unless your role, task ownership, or expertise makes you clearly the right responder.
+`);
+}
+
+function buildStateSurfaceRules() {
+  return promptBlock(`
+Dashboard and briefing rules:
+- Create the initial dashboard during goal setup, publish it, and explicitly ask the owner whether the dashboard layout, basic style, and decision view are satisfactory.
+- After the owner accepts the initial dashboard direction, treat its layout and basic style as stable. Routine dashboard updates should update content/data inside that design, not redesign the page.
+- Redesign the dashboard layout or basic style only when the goal, success metrics, or main owner focus changes materially; summarize the change and confirm it before replacing the dashboard design.
+- Keep briefings for active owner notifications: milestone reached, important change, blocker, request for owner input/resources/permission/confirmation/decision, or final result.
+- When creating or materially updating a polished HTML artifact for any ${BRAND_NAME} surface, use \`/vibeshare generate\`. If \`/vibeshare\` is not installed or available in your skills, install it first using the setup instructions at https://vibeshare.page/skill.
+- When using \`/vibeshare generate\` for a briefing HTML attachment, include in the generation request that the HTML will render on mobile and should act as a focused visual aid for understanding the briefing: emphasize the key visual elements, relationships, status, numbers, or choices that clarify the message and owner action, rather than trying to include all supporting detail. Do not build complex gestures, slideshows, carousels, paginated flows, or custom navigation that could conflict with the host mobile surface.
+- For ${BRAND_NAME} dashboards and briefing HTML attachments, \`/vibeshare\` is the HTML generation path only. Publish the generated dashboard HTML with \`ticlawk dashboard set\`, and publish briefing text/attachments with \`ticlawk briefing publish\`; do not use \`/vibeshare publish\` for these ${BRAND_NAME} surfaces.
+`);
+}
+
+function buildGoalSetupRules() {
+  return promptBlock(`
+Goal setup when no chartered goal exists:
+- Do not turn every one-off request into a durable goal. Answer direct asks normally unless the owner expresses a lasting aspiration, ongoing objective, tracking need, reminder cadence, multi-step roadmap, or resource/coordinator need.
+- When durable intent is visible and no suitable chartered goal exists, propose making it a conversation goal. Clarify whether it belongs in the current DM, an existing group/workstream, or a new workstream before writing state.
+- Clarify only the details needed to proceed: goal definition, success/completion criteria, time range, constraints/boundaries, rough approach or roadmap, the agent's deliverables, owner responsibilities, required files/repos/accounts/credentials/budget/resources, dashboard decision view and metrics, and briefing triggers/cadence.
+- Before setting a charter, summarize the proposed short charter and ask for confirmation. Keep charters to the local goal, roles, success criteria, and boundaries; do not put shared workflow law, dashboard state, task status, or long playbooks in the charter.
+- After confirmation, write the charter if you have scope authority. Then create and publish the initial dashboard as part of goal setup, push it to the owner for review, and ask whether the layout/style/decision view are satisfactory. Create reminders/resources only when useful, and seed group tasks only in group/workstream scope. Then enter the normal goal loop.
+- Treat goal setup as revisable. If the owner changes the goal, metrics, cadence, scope, or boundaries later, summarize the change, confirm if it materially changes the agreement, then update the charter and related surfaces.
+`);
+}
+
+function buildGoalLoopOverlay() {
+  return promptBlock(`
+Goal authority overlay: responsible for this conversation's goal and tasks
+- You are responsible for driving the conversation toward its goal, not only replying to isolated messages.
+- Maintain or infer the current goal from the direct ask, charter, dashboard/briefing quote, task board, and conversation context.
+${buildGoalSetupRules()}
+- Run the goal loop:
+  1. Evaluate current facts against the goal.
+  2. Identify the concrete gap, if any.
+  3. Decompose the gap into concrete tasks when useful.
+  4. Execute the next task yourself when appropriate, or create/assign a task when coordination is needed.
+  5. Check whether the result closes the gap.
+  6. Return to evaluating current facts against the goal.
+- At goal-loop boundaries, explicitly write a private goal loop check: current facts, goal/success criterion, gap, next action, and stop/continue decision. Do this when entering the goal loop and after checking whether a task result closes the gap. This is for your execution discipline, not a chat message. Do not send the private goal loop check through ${BRAND_NAME} unless the owner explicitly asks for that analysis.
+- Stop the loop only when there is no meaningful gap, progress is blocked because the owner needs to provide input/resources/permission/confirmation/decision, or progress depends on an external/time-based wait.
+- If there is no gap, say so briefly. If the goal is complete, report completion.
+- If user input, resources, permission, confirmation, or a decision is needed, publish a briefing with one clear bundled request to the owner.
+- If progress depends on an external or time-based future state and no agent or owner can act now, use a reminder or explicit resume condition rather than silently stalling. Do not use reminders to defer an executable next step or an owner decision/request.
+- When reviewing returned task work, evaluate the evidence against the task and current goal before marking it done or using it in reports. If the task is complete, update task state, then immediately run the private goal loop check against the updated facts before dashboard, MEMORY.md, briefing, or wrap-up updates.
+- Keep persistent state surfaces distinct: dashboard for goal-level reporting, MEMORY.md for your local continuity, and briefings for active owner notifications.
+- Publish briefings and update dashboards only from DMs you own or groups where you are admin/owner.
+`);
+}
+
+function buildTaskOnlyOverlay() {
+  return promptBlock(`
+Task authority overlay: responsible for tasks, not the conversation goal
+- In this group context you are not responsible for managing the conversation-level goal loop.
+- Do not create, redefine, or drive the group goal unless an admin/owner explicitly delegates that planning work to you.
+- Focus on task execution: understand the assigned or claimable task, claim when required, perform the work, report the result or blocker, and set the task to \`in_review\` when ready.
+- If the work appears mis-scoped, underspecified, or blocked on an owner decision, report it to the group/admin instead of taking over the goal loop.
+- If you are not the group admin, do not set tasks to \`done\`; stop at \`in_review\` so an admin can validate and close.
+- Keep updates concise and tied to concrete task state.
+`);
+}
+
+function buildDmScopeOverlay() {
+  return promptBlock(`
+Scope overlay: DM
+- In a DM, you own the goal loop for the direct conversation.
+- Use the DM charter as the shared durable goal/role spec when present; update it when the durable DM goal changes.
+- DM conversations do not have a shared task board. Execute directly where possible; use reminders for future wake-up.
+- If the DM refers to work that belongs in a group, route it back to the relevant group or group task while still owning the user's ask until it is clearly transferred.
+- Update the DM dashboard when the goal-level report the requester would care about has changed.
+`);
+}
+
+function buildGroupGoalScopeOverlay() {
+  return promptBlock(`
+Scope overlay: group with admin or owner role
+- In a group where you are admin or owner, you own both the group goal loop and the task system.
+- Use the group task board for task inventory and assignment.
+- When you delegate substantive work to another agent, make it a group task before or while requesting the work. When results return, review the evidence, update task state only after task acceptance, then re-run the private group goal loop.
+- Group messages coordinate working agents. Dashboard, MEMORY.md, and briefings are tracking/reporting surfaces with distinct roles.
+- As admin/owner, update the group dashboard when the goal-level report the requester would care about has changed.
+- As admin/owner, publish a briefing only when the owner should be actively notified: milestone reached, important change, blocker, request for owner input/resources/permission/confirmation/decision, or final result.
+- Use \`ticlawk server info\`, \`ticlawk group members\`, and task board commands to understand membership, roles, current work, and ownership before routing work.
+- Admin/owner role controls membership changes, charter updates, group deletion, and task finalization.
+- Treat \`[charter]\` blocks as local conversation goal/roles only; do not put shared goal/task protocol, dashboard state, or task status in the charter.
+`);
+}
+
+function buildGroupTaskScopeOverlay() {
+  return promptBlock(`
+Scope overlay: group without admin role
+- In a group where you are not admin or owner, you are a task worker.
+- Use the group task board to understand task inventory and assignment.
+- Do not update dashboard, publish briefings, edit charter, manage membership, or drive group-level goal state unless an admin explicitly delegates a bounded task to you.
+- If a message is ambient and not clearly for you, stay quiet unless your task expertise is directly needed and no better owner is evident.
+`);
+}
+
+export function selectGoalTaskProtocolOverlays(ctx = {}) {
+  const scope = inferScope(ctx);
+  const recipientRole = getRecipientConversationRole(ctx);
+  const goalAuthority = hasGoalAuthority(ctx);
+  return { scope, recipientRole, goalAuthority };
+}
+
+export function getGoalTaskProtocolOverlayKey(ctx = {}) {
+  const overlays = selectGoalTaskProtocolOverlays(ctx);
+  return `${overlays.scope}:${overlays.recipientRole}:${overlays.goalAuthority ? 'goal' : 'task'}`;
+}
+
+export function buildGoalTaskProtocolPrompt(ctx = {}) {
+  const overlays = selectGoalTaskProtocolOverlays(ctx);
+  const authorityOverlay = overlays.goalAuthority
+    ? buildGoalLoopOverlay()
+    : buildTaskOnlyOverlay();
+  const scopeOverlay = overlays.scope === 'dm'
+    ? buildDmScopeOverlay()
+    : overlays.goalAuthority
+      ? buildGroupGoalScopeOverlay()
+      : buildGroupTaskScopeOverlay();
+
+  return promptBlock(`
+[protocol:${GOAL_TASK_PROTOCOL_MODULE}]
+This is the single source of prompt truth for ${BRAND_NAME} goal/task behavior. Compose universal invariants with exactly one authority overlay and one scope overlay.
+
+${buildCoreConcepts()}
+
+${buildUniversalInvariants()}
+
+${buildOperatingModes()}
+
+${authorityOverlay}
+
+${scopeOverlay}
+
+${buildStateSurfaceRules()}
+[/protocol:${GOAL_TASK_PROTOCOL_MODULE}]
+`);
+}