ticlawk 0.1.16-dev.3 → 0.1.16-dev.31

package/src/adapters/ticlawk/index.mjs

@@ -10,14 +10,15 @@ import { isTerminalRuntimeFailure } from '../../core/runtime-support.mjs';
 import { clearUpdateRequiredState, readUpdateState, setUpdateRequiredState } from '../../core/update-state.mjs';
 import { isManagedInstall, startDetachedSelfUpdate } from '../../core/update.mjs';
 import * as api from './api.mjs';
-import { processAndSaveResult } from './cards.mjs';
-import { persistApiCredential } from './credentials.mjs';
+import { persistApiCredential, persistRuntimeCredentials } from './credentials.mjs';
 import { TiclawkWakeClient } from './wake-client.mjs';
+import { buildInboundWakePrompt } from '../../runtimes/_shared/wake-prompt.mjs';
 
 const require = createRequire(import.meta.url);
 const qrcode = require('qrcode-terminal');
 const JOBS_WAKE_DEBOUNCE_MS = 100;
 const BINDINGS_WAKE_DEBOUNCE_MS = 500;
+const CREDENTIALS_WAKE_DEBOUNCE_MS = 500;
 const RECOVERY_AUDIT_INTERVAL_MS = 5 * 60 * 1000;
 const BINDING_AUDIT_INTERVAL_MS = 5 * 60 * 1000;
 const UPDATE_RETRY_COOLDOWN_MS = 15 * 60 * 1000;
@@ -27,6 +28,32 @@ function connectError(statusCode, error) {
   return { statusCode, body: { ok: false, error } };
 }
 
+// Coalesce: returns a wrapped fn that runs at most one invocation at a
+// time. If it's called while an invocation is in flight, the most recent
+// args are stashed and the wrapped fn re-runs exactly once after the
+// current run completes (regardless of how many times it was called
+// during the run). The wrapped fn always returns the in-flight Promise.
+function coalesce(fn) {
+  let running = null;
+  let pendingArgs = null;
+  return function call(...args) {
+    if (running) {
+      pendingArgs = args;
+      return running;
+    }
+    running = (async () => {
+      let currentArgs = args;
+      while (true) {
+        pendingArgs = null;
+        await fn(...currentArgs);
+        if (pendingArgs === null) return;
+        currentArgs = pendingArgs;
+      }
+    })().finally(() => { running = null; });
+    return running;
+  };
+}
+
 function normalizeInboundMediaAssets(msg) {
   if (!Array.isArray(msg?.media_assets)) return [];
   return msg.media_assets
@@ -44,98 +71,6 @@ function normalizeInboundMediaAssets(msg) {
     .filter(Boolean);
 }
 
-function buildEnvelopeTarget(msg) {
-  const convType = msg.conversation_type || 'dm';
-  const conversationId = msg.conversation_id || '';
-  const senderHandle = msg.sender_display_name || msg.sender_user_id || msg.sender_agent_id || '';
-  if (convType === 'dm') {
-    return senderHandle ? `dm:@${senderHandle}` : `dm:${conversationId}`;
-  }
-  if (convType === 'thread') {
-    const groupName = msg.conversation_name || conversationId;
-    const threadRoot = msg.thread_root_message_id || msg.message_id || '';
-    return `#${groupName}:${threadRoot}`;
-  }
-  // group
-  const groupName = msg.conversation_name || conversationId;
-  return `#${groupName}`;
-}
-
-function buildTaskSuffix(msg) {
-  if (msg.task_number == null) return '';
-  const status = msg.task_status || 'todo';
-  const parts = [`task #${msg.task_number} status=${status}`];
-  if (msg.task_assignee_agent_id || msg.task_assignee_user_id) {
-    const t = msg.task_assignee_type || 'agent';
-    const id = msg.task_assignee_agent_id || msg.task_assignee_user_id;
-    parts.push(`assignee=${t}:${id}`);
-  }
-  if (msg.task_title) {
-    parts.push(`title=${JSON.stringify(msg.task_title)}`);
-  }
-  return ` [${parts.join(' ')}]`;
-}
-
-function buildReactionsSuffix(msg) {
-  const entries = Array.isArray(msg.reactions_summary) ? msg.reactions_summary : [];
-  if (entries.length === 0) return '';
-  return ` [reactions: ${entries.join('; ')}]`;
-}
-
-function buildEnvelopeHeader(msg) {
-  const target = buildEnvelopeTarget(msg);
-  const msgId = msg.id || msg.message_id || '';
-  const seq = msg.seq != null ? msg.seq : '';
-  const time = msg.created_at || new Date().toISOString();
-  const type = msg.sender_type || 'human';
-  const sender = msg.sender_display_name || msg.sender_user_id || msg.sender_agent_id || 'unknown';
-  // `reason` tells the agent how this delivery was routed: 'mention'
-  // / 'assignment' = you were directly addressed → respond by default;
-  // 'ambient' = you are in the room and saw it → respond only if
-  // clearly the right responder; 'dm' / 'thread_follow' / 'manual' =
-  // the legacy direct paths. The agent's behaviour split is in the
-  // standing prompt; we just surface the field.
-  const reason = msg.reason ? ` reason=${msg.reason}` : '';
-  return `[target=${target} msg=${msgId} seq=${seq} time=${time} type=${type}${reason}] @${sender}:`;
-}
-
-function buildGroupContextBlock(msg) {
-  // Only useful in groups — DMs don't need group-purpose context.
-  if ((msg.conversation_type || 'dm') !== 'group') return '';
-  const lines = [];
-  const name = msg.conversation_name || msg.conversation_display_name || '';
-  if (name) lines.push(`name: ${name}`);
-  const description = (msg.conversation_description || '').trim();
-  if (description) lines.push(`purpose: ${description}`);
-  if (lines.length === 0) return '';
-  return [
-    'Group context:',
-    ...lines.map((l) => `  ${l}`),
-    'Use `ticlawk group members --target <target>` if you need to see who else is here.',
-  ].join('\n');
-}
-
-// Wrap each per-turn message with an explicit reply instruction so the
-// runtime LLM never has to remember the standing prompt to figure out
-// HOW to reply. Codex in particular treats the developerInstructions as
-// background and ignores the chat-send pattern without this per-turn
-// nudge (Slock does the same — see chunk-M4A5QPUN.js dynamicReplyInstruction).
-function buildWakePromptText({ envelopeHeader, target, rawText, groupContext }) {
-  const body = `${envelopeHeader} ${rawText || ''}`.trim();
-  const lines = ['New message received:', '', body];
-  if (groupContext) {
-    lines.push('', groupContext);
-  }
-  lines.push(
-    '',
-    `Respond as appropriate — reply using \`ticlawk message send --target "${target}"\` (body via stdin / heredoc), or take action as needed. Complete ALL your work before stopping.`,
-    'Reply in the channel or create/reply in a thread as appropriate; use each message\'s `target` and `msg` fields to choose the exact target.',
-    '',
-    'IMPORTANT: If the message requires multi-step work (research, code changes, testing), complete ALL steps before stopping. Sending a progress update does NOT mean your task is done — only stop when you have NO more work to do. The daemon will wake you again automatically when new messages arrive.',
-  );
-  return lines.join('\n');
-}
-
 export function normalizeInboundMessage(msg) {
   // Claimed delivery rows carry the recipient agent id; legacy messages
   // (history sync, manual inserts) may still use plain agent_id. Prefer
@@ -144,21 +79,8 @@ export function normalizeInboundMessage(msg) {
   const messageId = msg.id || msg.message_id || null;
   const deliveryId = msg.delivery_id || null;
   const media = normalizeInboundMediaAssets(msg);
-  const rawText = msg.text || '';
   const enriched = { ...msg, id: messageId };
-  const baseHeader = buildEnvelopeHeader(enriched);
-  // Task + reactions suffixes are appended INSIDE the envelope so an
-  // agent can see at a glance whether a message is already claimed and
-  // who has already acknowledged it — same shape as slock's incoming
-  // message render (`[task #N status=… assignee=…]` + `[reactions: …]`).
-  const taskSuffix = buildTaskSuffix(enriched);
-  const reactionsSuffix = buildReactionsSuffix(enriched);
-  const header = baseHeader + taskSuffix + reactionsSuffix;
-  const target = buildEnvelopeTarget(enriched);
-  const groupContext = buildGroupContextBlock(enriched);
-  const text = header
-    ? buildWakePromptText({ envelopeHeader: header, target, rawText, groupContext })
-    : rawText;
+  const wakePrompt = buildInboundWakePrompt(enriched);
   return {
     bindingId: recipientAgentId,
     messageId,
@@ -166,10 +88,10 @@ export function normalizeInboundMessage(msg) {
     conversationId: msg.conversation_id || null,
     seq: msg.seq != null ? Number(msg.seq) : null,
     senderType: msg.sender_type || 'human',
-    envelopeHeader: header,
-    envelopeTarget: target,
-    text,
-    rawText,
+    envelopeHeader: wakePrompt.header,
+    envelopeTarget: wakePrompt.target,
+    text: wakePrompt.text,
+    rawText: wakePrompt.rawText,
     action: msg.action || (media.length > 0 ? 'image' : 'task'),
     media,
     raw: {
@@ -179,10 +101,6 @@ export function normalizeInboundMessage(msg) {
   };
 }
 
-function getBindingSessionId(binding) {
-  return binding?.runtimeMeta?.sessionId || binding?.runtimeMeta?.sessionKey || binding?.runtimeMeta?.agentId || binding?.id || null;
-}
-
 function getRuntimeVersion(bindingOrMeta) {
   const value = bindingOrMeta?.runtimeMeta?.runtimeVersion ?? bindingOrMeta?.runtimeVersion ?? bindingOrMeta?.agent_runtime_version ?? null;
   return Number.isInteger(value) ? Number(value) : null;
@@ -222,6 +140,7 @@ const RUNTIME_META_KEYS = [
   'runtimePath',
   'rotatePending',
   'lastRotatedAt',
+  'conversationSessions',
   // claude_code
   'claudePath',
   'claudeVersion',
@@ -257,51 +176,46 @@ function normalizeRuntimeVersion(value) {
   return Number.isInteger(value) ? Number(value) : 0;
 }
 
-// Build a binding from the agent table snapshot (returned by
-// /api/agents and used by the startup hydrate path). Reads agent.id,
-// agent.service_type, agent.meta, etc. — the agent-row shape.
-function buildBindingFromAgentRow(agent) {
-  const agentId = String(agent?.id || agent?.agent_id || '').trim();
-  const runtime = agent?.service_type;
-  const hostId = getRuntimeHostIdFromPayload(agent) || undefined;
+// Build a binding from any source row that carries agent metadata.
+// Two source shapes feed in:
+//   /api/agents row           — id, service_type, meta, …
+//   claim_pending_deliveries  — recipient_agent_id, agent_service_type,
+//                               agent_meta, … (prefixed because the
+//                               delivery row also carries message fields)
+// We try the prefixed names first, then fall through to the bare names,
+// so one builder handles both without the caller having to remember
+// which shape it has.
+function buildBindingFromSource(source) {
+  const agentId = String(
+    source?.recipient_agent_id
+      || source?.id
+      || source?.agent_id
+      || ''
+  ).trim();
+  const runtime = source?.agent_service_type || source?.service_type;
+  const meta = source?.agent_meta ?? source?.meta;
+  const runtimeVersion = source?.agent_runtime_version ?? source?.runtime_version;
+  const displayName = source?.agent_display_name
+    || source?.agent_name
+    || source?.display_name
+    || source?.name
+    || agentId;
+  const status = source?.agent_status || source?.status || 'connected';
+  const hostId = getRuntimeHostIdFromPayload(source) || undefined;
   return {
     id: agentId,
     adapter: 'ticlawk',
     targetKey: agentId,
     targetMeta: { agentId, runtime_host_id: hostId },
     runtime_host_id: hostId,
-    runtime_host_label: getRuntimeHostLabelFromPayload(agent) || undefined,
+    runtime_host_label: getRuntimeHostLabelFromPayload(source) || undefined,
     runtime,
     runtimeMeta: {
-      ...projectRuntimeMeta(agent?.meta),
-      runtimeVersion: normalizeRuntimeVersion(agent?.runtime_version),
+      ...projectRuntimeMeta(meta),
+      runtimeVersion: normalizeRuntimeVersion(runtimeVersion),
     },
-    displayName: agent?.display_name || agent?.name || agentId,
-    status: agent?.status || 'connected',
-  };
-}
-
-// Build a binding from a claimed delivery row. Reads
-// recipient_agent_id, agent_service_type, agent_meta, etc. — the
-// claim-payload shape returned by claim_pending_deliveries.
-function buildBindingFromDeliveryRow(msg) {
-  const agentId = String(msg?.recipient_agent_id || '').trim();
-  const runtime = msg?.agent_service_type;
-  const hostId = getRuntimeHostIdFromPayload(msg) || undefined;
-  return {
-    id: agentId,
-    adapter: 'ticlawk',
-    targetKey: agentId,
-    targetMeta: { agentId, runtime_host_id: hostId },
-    runtime_host_id: hostId,
-    runtime_host_label: getRuntimeHostLabelFromPayload(msg) || undefined,
-    runtime,
-    runtimeMeta: {
-      ...projectRuntimeMeta(msg?.agent_meta),
-      runtimeVersion: normalizeRuntimeVersion(msg?.agent_runtime_version),
-    },
-    displayName: msg?.agent_display_name || msg?.agent_name || agentId,
-    status: msg?.agent_status || 'connected',
+    displayName,
+    status,
   };
 }
 
@@ -343,6 +257,31 @@ function getRuntimeWorkdir(runtimeMeta = {}) {
   return String(runtimeMeta.workdir || runtimeMeta.cwd || runtimeMeta.projectDir || '').trim();
 }
 
+function compareStrings(a, b) {
+  const av = String(a || '');
+  const bv = String(b || '');
+  if (av < bv) return -1;
+  if (av > bv) return 1;
+  return 0;
+}
+
+function compareNumbers(a, b) {
+  const av = Number(a);
+  const bv = Number(b);
+  const aFinite = Number.isFinite(av);
+  const bFinite = Number.isFinite(bv);
+  if (aFinite && bFinite && av !== bv) return av - bv;
+  if (aFinite !== bFinite) return aFinite ? -1 : 1;
+  return 0;
+}
+
+function compareClaimedDeliveries(a, b) {
+  return compareStrings(a?.created_at, b?.created_at)
+    || compareStrings(a?.conversation_id, b?.conversation_id)
+    || compareNumbers(a?.seq, b?.seq)
+    || compareStrings(a?.delivery_id, b?.delivery_id);
+}
+
 function runtimeLabel(runtime) {
   if (runtime === 'claude_code') return 'Claude Code';
   if (runtime === 'opencode') return 'OpenCode';
@@ -456,10 +395,10 @@ export function createTiclawkAdapter(ctx) {
   let bindingAuditTimer = null;
   let jobsWakeTimer = null;
   let bindingsWakeTimer = null;
-  let drainPromise = null;
-  let drainRequested = false;
+  let credentialsWakeTimer = null;
   let lastJobsWakeAt = 0;
   let lastBindingsWakeAt = 0;
+  let lastCredentialsWakeAt = 0;
   let updateRequired = null;
   let lastUpdateRequiredLogAt = 0;
 
@@ -633,9 +572,9 @@ export function createTiclawkAdapter(ctx) {
           continue;
         }
 
-        const binding = await ctx.persistBinding(buildBindingFromDeliveryRow(msg));
+        const binding = await ctx.persistBinding(buildBindingFromSource(msg));
         if (!binding?.runtime) {
-          throw new Error('claimed message missing runtime binding');
+          throw new Error('claimed delivery missing runtime binding');
         }
         if (!belongsToRuntimeHost(binding, hostId)) {
           await api.releaseDelivery(deliveryId, hostId, 'binding-host-mismatch');
@@ -733,7 +672,7 @@ export function createTiclawkAdapter(ctx) {
         continue;
       }
       try {
-        await ctx.persistBinding(buildBindingFromAgentRow(agent));
+        await ctx.persistBinding(buildBindingFromSource(agent));
         hydrated += 1;
       } catch (err) {
         debugError('ticlawk', 'binding.hydrate-failed', {
@@ -741,6 +680,27 @@ export function createTiclawkAdapter(ctx) {
           error: err?.message || 'unknown error',
         });
       }
+
+      // Agents created from the App via POST /me/agents land here in
+      // status='unpaired'. Once we've successfully registered the
+      // binding locally, flip them to 'connected' — same end state the
+      // legacy QR pairing flow leaves agents in. spawn itself stays
+      // lazy (happens on first delivery via deliverTurn).
+      if (agent.status === 'unpaired' && agentHostId === hostId) {
+        try {
+          await api.updateAgent(agent.id, {
+            status: 'connected',
+            runtime_host_id: hostId,
+            runtime_host_label: getHostLabel(),
+          });
+          debugLog('ticlawk', 'binding.unpaired-claimed', { agentId: agent.id });
+        } catch (err) {
+          debugError('ticlawk', 'binding.unpaired-claim-failed', {
+            agentId: agent.id,
+            error: err?.message || 'unknown error',
+          });
+        }
+      }
     }
     const pruned = await pruneDeletedBindings(channels, reason);
     debugLog('ticlawk', 'binding.refresh-ok', {
@@ -755,6 +715,33 @@ export function createTiclawkAdapter(ctx) {
     return hydrated;
   }
 
+  const syncCredentials = coalesce(async (reason = 'manual') => {
+    const startedAt = Date.now();
+    try {
+      const payload = await api.fetchCredentials();
+      const credentials = Array.isArray(payload?.credentials) ? payload.credentials : [];
+      const result = persistRuntimeCredentials(credentials);
+      debugLog('ticlawk-credentials', 'sync-ok', {
+        reason,
+        saved: result.saved,
+        removed: result.removed,
+        durationMs: Date.now() - startedAt,
+        wakeToSyncMs: String(reason || '').startsWith('wake') && lastCredentialsWakeAt
+          ? Date.now() - lastCredentialsWakeAt
+          : null,
+      });
+    } catch (err) {
+      if (api.isUpdateRequiredError(err)) {
+        recordUpdateRequired(err, 'credentials.sync');
+      }
+      debugError('ticlawk-credentials', 'sync-failed', {
+        reason,
+        durationMs: Date.now() - startedAt,
+        error: err?.message || 'unknown error',
+      });
+    }
+  });
+
   async function releaseBlockedRows(agentId, messages, reason) {
     for (const msg of messages) {
       if (!msg?.delivery_id) continue;
@@ -803,7 +790,8 @@ export function createTiclawkAdapter(ctx) {
       return { failed: true, claimed: 0, launched: 0 };
     }
 
-    const claimed = Array.isArray(data) ? data.length : 0;
+    const orderedData = Array.isArray(data) ? [...data].sort(compareClaimedDeliveries) : [];
+    const claimed = orderedData.length;
     debugLog('ticlawk', 'claim.result', {
       reason,
       hostId,
@@ -822,12 +810,12 @@ export function createTiclawkAdapter(ctx) {
       });
     }
 
-    if (!Array.isArray(data) || data.length === 0) {
+    if (orderedData.length === 0) {
       return { failed: false, claimed: 0, launched: 0 };
     }
 
     const grouped = new Map();
-    for (const msg of data) {
+    for (const msg of orderedData) {
       const agentId = getAgentIdFromPayload(msg);
       if (!agentId) {
         // Claim rows must carry the recipient agent id; a missing value
@@ -866,7 +854,7 @@ export function createTiclawkAdapter(ctx) {
       launched += messages.length;
     }
 
-    return { failed: false, claimed: data.length, launched };
+    return { failed: false, claimed: orderedData.length, launched };
   }
 
   async function runDrain(reason) {
@@ -883,23 +871,7 @@ export function createTiclawkAdapter(ctx) {
     return { totalClaimed, iterations };
   }
 
-  function requestDrain(reason) {
-    if (drainPromise) {
-      drainRequested = true;
-      return drainPromise;
-    }
-    drainPromise = (async () => {
-      let currentReason = reason;
-      do {
-        drainRequested = false;
-        await runDrain(currentReason);
-        currentReason = 'drain.requested-again';
-      } while (drainRequested);
-    })().finally(() => {
-      drainPromise = null;
-    });
-    return drainPromise;
-  }
+  const requestDrain = coalesce(runDrain);
 
   function scheduleDrain(reason) {
     jobsWakeTimer = clearDebounce(jobsWakeTimer);
@@ -921,6 +893,15 @@ export function createTiclawkAdapter(ctx) {
     bindingsWakeTimer.unref?.();
   }
 
+  function scheduleCredentialSync(reason) {
+    credentialsWakeTimer = clearDebounce(credentialsWakeTimer);
+    credentialsWakeTimer = setTimeout(() => {
+      credentialsWakeTimer = null;
+      void syncCredentials(reason);
+    }, CREDENTIALS_WAKE_DEBOUNCE_MS);
+    credentialsWakeTimer.unref?.();
+  }
+
   async function reportHostCapabilitiesNow() {
     const entries = await Promise.all(Object.entries(ctx.runtimes || {})
       .filter(([, runtime]) => typeof runtime?.health === 'function')
@@ -960,6 +941,7 @@ export function createTiclawkAdapter(ctx) {
       void refreshBindings('wake.hello')
         .then(() => requestDrain('wake.hello'))
         .catch(() => {});
+      void syncCredentials('wake.hello');
       void reportHostCapabilitiesNow();
       return;
     }
@@ -981,6 +963,17 @@ export function createTiclawkAdapter(ctx) {
       scheduleRefreshAndDrain('wake.bindings.changed');
       return;
     }
+    if (event?.type === 'credentials.changed') {
+      lastCredentialsWakeAt = Date.now();
+      debugLog('ticlawk-wake', 'credentials.changed', {
+        credentialId: event.credential_id || null,
+        name: event.name || null,
+        status: event.status || null,
+        reason: event.reason || null,
+      });
+      scheduleCredentialSync('wake.credentials.changed');
+      return;
+    }
     if (event?.type === 'auth.revoked') {
       wakeState.lastError = 'auth revoked';
       debugError('ticlawk-wake', 'auth.revoked', {});
@@ -1015,7 +1008,17 @@ export function createTiclawkAdapter(ctx) {
 
   function connectWakeSocket() {
     connectorSocket = new TiclawkWakeClient({
-      getUrl: api.getConnectorWsUrl,
+      // host_id rides on the WS query string so connector-wake can flip
+      // runtime_hosts.online for the right row. Empty host_id is
+      // tolerated by the server (it just skips the state write).
+      getUrl: () => {
+        const base = String(api.getConnectorWsUrl() || '').trim();
+        if (!base) return '';
+        const hostId = String(getHostId() || '').trim();
+        if (!hostId) return base;
+        const sep = base.includes('?') ? '&' : '?';
+        return `${base}${sep}host_id=${encodeURIComponent(hostId)}`;
+      },
       getApiKey: api.getApiKey,
       onEvent: handleWakeEvent,
       onStatus: handleWakeStatus,
@@ -1165,11 +1168,11 @@ export function createTiclawkAdapter(ctx) {
     id: 'ticlawk',
 
     async start() {
-      // No stale-delivery recovery anywhere — if the daemon is killed
-      // mid-claim, the row stays `claimed` forever. lease_expires_at
-      // was dropped in X1; no cron has replaced it. Rare in practice;
-      // when it happens the fix is a one-row UPDATE in supabase.
+      // Stale claimed deliveries are recovered conservatively by the
+      // claim RPC; this startup path only refreshes local bindings and
+      // asks for the next drain.
       await refreshBindings('startup');
+      await syncCredentials('startup');
       await requestDrain('startup');
       connectWakeSocket();
       startAuditTimers();
@@ -1338,22 +1341,19 @@ export function createTiclawkAdapter(ctx) {
       }
     },
 
-    async send(binding, outbound) {
-      const localMediaPaths = (outbound.media || [])
-        .filter((item) => item.kind === 'local_path')
-        .map((item) => item.value);
-      await processAndSaveResult({
-        text: outbound.text || '',
-        mediaUrls: localMediaPaths,
-      }, {
-        agentId: binding.id,
-        hostId,
-        agent: binding.runtime,
-        sessionId: getBindingSessionId(binding),
-        runtimeVersion: getRuntimeVersion(binding),
-        turnId: outbound.turnId || outbound.replyToMessageId || null,
-        type: outbound.type || 'agent_message',
-        replyToMessageId: outbound.replyToMessageId || null,
+    // Daemon-driven impersonated reply: the runtime never reached
+    // `ticlawk message send` (subprocess died, timeout, etc.), so the
+    // daemon speaks for the agent. Used by reportSubprocessFailure
+    // with visibility='admin' so the notice only reaches owners.
+    async postAgentReply(binding, { conversationId, text, replyToMessageId, visibility }) {
+      if (!conversationId || !text) return null;
+      return api.sendAgentMessage({
+        actingAgentId: binding.id,
+        conversationId,
+        text,
+        replyToMessageId: replyToMessageId || null,
+        runtimeHostId: hostId,
+        visibility: visibility || null,
       });
     },
 

package/src/adapters/ticlawk/wake-client.mjs

@@ -165,7 +165,7 @@ export class TiclawkWakeClient {
       return;
     }
 
-    if (type === 'jobs.available' || type === 'bindings.changed') {
+    if (type === 'jobs.available' || type === 'bindings.changed' || type === 'credentials.changed') {
       this.onEvent?.(msg);
       return;
     }