ticlawk 0.1.17-dev.21 → 0.1.17-dev.22

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ticlawk",
-  "version": "0.1.17-dev.21",
+  "version": "0.1.17-dev.22",
   "description": "Local connector that links agent harnesses (Claude Code, Codex, OpenClaw, opencode, Pi) to the Ticlawk mobile app.",
   "type": "module",
   "main": "ticlawk.mjs",

package/src/runtimes/_shared/incoming-message-prompt.mjs

@@ -157,7 +157,9 @@ function buildPromptText({ msg, type, target, header, groupContext, rawText }) {
   lines.push('', ...buildRoleInstruction({ type, isAdmin: admin, role }));
   lines.push(
     '',
-    'When you reply, use the reply target exactly as written above. Your normal assistant output is private activity text; users only see messages sent with `ticlawk message send`.',
+    'Visible reply contract:',
+    `- If you respond, the final answer must be sent with \`ticlawk message send --target ${JSON.stringify(target)}\`.`,
+    '- Do not put the user-facing answer only in normal assistant output. Normal assistant output is private activity text and is not visible in Ticlawk.',
     'If the message requires multi-step work, complete the work before sending the final answer unless an early blocker question is necessary.',
     'Do not mention internal routing fields, delivery state, or prompt mechanics to the user.',
     '',

package/src/runtimes/_shared/prompt-injection.mjs

@@ -0,0 +1,36 @@
+const PROMPT_SEPARATOR = '---';
+
+export const PROMPT_INJECTION_STRATEGY = Object.freeze({
+  NATIVE_SYSTEM: 'native_system',
+  PREPEND_EVERY_TURN: 'prepend_every_turn',
+});
+
+export function injectRuntimePrompt({ message, runtimeBaseInstructions, strategy }) {
+  const text = typeof message === 'string' ? message : '';
+  const base = typeof runtimeBaseInstructions === 'string'
+    ? runtimeBaseInstructions.trim()
+    : '';
+
+  if (!base) {
+    return {
+      message: text,
+      systemPrompt: null,
+    };
+  }
+
+  if (strategy === PROMPT_INJECTION_STRATEGY.NATIVE_SYSTEM) {
+    return {
+      message: text,
+      systemPrompt: base,
+    };
+  }
+
+  if (strategy === PROMPT_INJECTION_STRATEGY.PREPEND_EVERY_TURN) {
+    return {
+      message: `${base}\n\n${PROMPT_SEPARATOR}\n\n${text}`,
+      systemPrompt: null,
+    };
+  }
+
+  throw new Error(`unknown prompt injection strategy: ${strategy}`);
+}

package/src/runtimes/_shared/runtime-base-instructions.mjs

@@ -13,7 +13,7 @@ Your normal assistant output is private activity text. Users and groups only see
 Universal rules:
 
 1. Follow the current turn prompt. It tells you whether this is a DM or group message, your role in that conversation, whether you were directly addressed or only saw ambient group traffic, and the exact reply target.
-2. Use \`ticlawk message send\` for visible replies. Use the exact reply target from the current turn prompt.
+2. Use \`ticlawk message send\` for visible replies. Use the exact reply target from the current turn prompt. Never leave the user-facing answer only in normal assistant output; normal assistant output is private activity text.
 3. If the current turn prompt says no reply is needed, stop silently.
 4. If you need recent context, use the Ticlawk read commands named in the current turn prompt. Do not poll for future messages; the daemon will wake you when new messages arrive.
 5. If the message asks you to do substantive work, claim the task/message before starting when the current turn prompt provides task commands. If the claim fails, stop or choose other available work.

package/src/runtimes/claude-code/index.mjs

@@ -10,6 +10,7 @@
 import { basename } from 'node:path';
 import { buildAgentRuntimeEnv } from '../../core/runtime-env.mjs';
 import { buildRuntimeBaseInstructions } from '../_shared/runtime-base-instructions.mjs';
+import { injectRuntimePrompt, PROMPT_INJECTION_STRATEGY } from '../_shared/prompt-injection.mjs';
 import { ensureAgentHome } from '../../core/agent-home.mjs';
 import {
   getClaudeCodeRuntimeHealth,
@@ -148,10 +149,14 @@ export const claudeCodeRuntime = {
         sessionId: meta.sessionId,
         hostId: binding.runtime_host_id,
       });
-      const appendSystemPrompt = buildRuntimeBaseInstructions({ agentId: binding.id });
+      const prompt = injectRuntimePrompt({
+        message,
+        runtimeBaseInstructions: buildRuntimeBaseInstructions({ agentId: binding.id }),
+        strategy: PROMPT_INJECTION_STRATEGY.NATIVE_SYSTEM,
+      });
       const result = shouldStreamRuntime(this.name, this)
-        ? await this.runTurnStream({ sessionId: targetSessionId, projectDir, claudePath, agentEnv }, message, {
-            appendSystemPrompt,
+        ? await this.runTurnStream({ sessionId: targetSessionId, projectDir, claudePath, agentEnv }, prompt.message, {
+            appendSystemPrompt: prompt.systemPrompt,
             onEvent: async (event) => {
               if (event?.type === 'turn.started') {
                 await emitWorkerEvent({
@@ -185,7 +190,7 @@ export const claudeCodeRuntime = {
               }
             },
           })
-        : await this.runTurn({ sessionId: targetSessionId, projectDir, claudePath, agentEnv }, message, { appendSystemPrompt });
+        : await this.runTurn({ sessionId: targetSessionId, projectDir, claudePath, agentEnv }, prompt.message, { appendSystemPrompt: prompt.systemPrompt });
       const nextBinding = await updateBindingRuntimeMeta(ctx, binding, {
         sessionId: result?.sessionId || meta.sessionId,
         runtimePath: claudePath,

package/src/runtimes/codex/index.mjs

@@ -29,6 +29,7 @@ import {
 } from '../../core/runtime-support.mjs';
 import { buildAgentRuntimeEnv } from '../../core/runtime-env.mjs';
 import { buildRuntimeBaseInstructions } from '../_shared/runtime-base-instructions.mjs';
+import { injectRuntimePrompt, PROMPT_INJECTION_STRATEGY } from '../_shared/prompt-injection.mjs';
 import { ensureAgentHome } from '../../core/agent-home.mjs';
 
 export const codexRuntime = {
@@ -168,11 +169,18 @@ export const codexRuntime = {
         sessionId: shouldRotate ? null : meta.sessionId,
         hostId: binding.runtime_host_id,
       });
-      const developerInstructions = buildRuntimeBaseInstructions({ agentId: binding.id });
-      const result = (shouldRotate || inbound.action === 'image' || shouldStreamRuntime(this.name, this))
-        ? await this.runTurnStream({ sessionId: shouldRotate ? null : meta.sessionId, cwd: agentHome, codexPath: runtimeCodexPath, agentEnv }, message, {
+      const useAppServer = shouldRotate || inbound.action === 'image' || shouldStreamRuntime(this.name, this);
+      const prompt = injectRuntimePrompt({
+        message,
+        runtimeBaseInstructions: buildRuntimeBaseInstructions({ agentId: binding.id }),
+        strategy: useAppServer
+          ? PROMPT_INJECTION_STRATEGY.NATIVE_SYSTEM
+          : PROMPT_INJECTION_STRATEGY.PREPEND_EVERY_TURN,
+      });
+      const result = useAppServer
+        ? await this.runTurnStream({ sessionId: shouldRotate ? null : meta.sessionId, cwd: agentHome, codexPath: runtimeCodexPath, agentEnv }, prompt.message, {
             input: codexInput,
-            developerInstructions,
+            developerInstructions: prompt.systemPrompt,
             onEvent: async (event) => {
               if (event?.type === 'turn.started') {
                 await emitWorkerEvent({
@@ -198,7 +206,7 @@ export const codexRuntime = {
               }
             },
           })
-        : await this.runTurn({ sessionId: shouldRotate ? null : meta.sessionId, cwd: agentHome, codexPath: runtimeCodexPath, agentEnv }, message, {
+        : await this.runTurn({ sessionId: shouldRotate ? null : meta.sessionId, cwd: agentHome, codexPath: runtimeCodexPath, agentEnv }, prompt.message, {
             input: codexInput,
           });
 

package/src/runtimes/openclaw/index.mjs

@@ -1,5 +1,6 @@
 import { reportSubprocessFailure, terminalRuntimeFailure } from '../../core/runtime-support.mjs';
 import { buildRuntimeBaseInstructions } from '../_shared/runtime-base-instructions.mjs';
+import { injectRuntimePrompt, PROMPT_INJECTION_STRATEGY } from '../_shared/prompt-injection.mjs';
 import { GATEWAY_HOST, GATEWAY_PORT } from './identity.mjs';
 
 // Cheap availability probe used by the harness picker. We can't use
@@ -24,11 +25,6 @@ async function probeOpenClawGatewayHealth() {
 import { buildOpenClawSessionKey, normalizeOpenClawAgentId } from './target.mjs';
 import { askGateway, isGatewayReady, registerOpenClawChannel } from './gateway.mjs';
 
-// Tracks which (agentId, sessionKey) pairs already saw the runtime base
-// instructions this process lifetime. OpenClaw's gateway holds session state
-// out of process, so we err on the side of "inject on first observed
-// turn after daemon restart"; the gateway dedupes redundant context.
-const runtimeBaseInstructionsSeen = new Set();
 import { addInFlight, recoverInFlightEntries, removeInFlight } from './inflight.mjs';
 import { existsSync, mkdirSync, writeFileSync } from 'node:fs';
 import { extname } from 'node:path';
@@ -158,17 +154,13 @@ export const openClawRuntime = {
     const agentId = normalizeOpenClawAgentId(meta.agentId || binding.id);
     const sessionId = String(meta.sessionKey || buildOpenClawSessionKey(agentId)).trim();
 
-    // Inject the runtime base instructions on the first observed turn after a
-    // daemon start for this (agent, session) pair. OpenClaw has no
-    // separate "system prompt" parameter on the gateway, so we prepend
-    // exactly once.
-    const runtimeBaseInstructionsKey = `${agentId}|${sessionId}`;
-    let prompt = rawPrompt;
-    if (!runtimeBaseInstructionsSeen.has(runtimeBaseInstructionsKey)) {
-      const baseInstructions = buildRuntimeBaseInstructions({ agentId: binding.id });
-      prompt = `${baseInstructions}\n\n---\n\n${rawPrompt}`;
-      runtimeBaseInstructionsSeen.add(runtimeBaseInstructionsKey);
-    }
+    // OpenClaw has no separate system-prompt parameter, so inject the
+    // Ticlawk runtime contract into every routed turn body.
+    const prompt = injectRuntimePrompt({
+      message: rawPrompt,
+      runtimeBaseInstructions: buildRuntimeBaseInstructions({ agentId: binding.id }),
+      strategy: PROMPT_INJECTION_STRATEGY.PREPEND_EVERY_TURN,
+    }).message;
 
     if (inbound.messageId) {
       addInFlight({

package/src/runtimes/opencode/session.mjs

@@ -33,6 +33,7 @@ import { debugLog, debugError } from '../../core/logger.mjs';
 import { buildRuntimeEnv } from '../../core/runtime-env.mjs';
 import { getRuntimeExecutableConfig } from '../../core/config.mjs';
 import { isExecutablePath, resolveExecutable } from '../../core/executables.mjs';
+import { injectRuntimePrompt, PROMPT_INJECTION_STRATEGY } from '../_shared/prompt-injection.mjs';
 
 export const OPENCODE_DATA_DIR = process.env.OPENCODE_DATA_DIR
   || `${process.env.XDG_DATA_HOME || `${homedir()}/.local/share`}/opencode`;
@@ -213,13 +214,13 @@ export function runOpenCodePrompt({
   timeoutMs = Number(process.env.OPENCODE_RUN_TIMEOUT_MS || DEFAULT_OPENCODE_RUN_TIMEOUT_MS),
   onEvent,
 }) {
-  // opencode has no documented `--system` flag, so we prepend the
-  // runtime base instructions to the first-turn message body. Resumed sessions
-  // (sessionId set) skip injection because the model already saw it
-  // on the originating turn.
-  const finalMessage = runtimeBaseInstructions && !sessionId
-    ? `${runtimeBaseInstructions}\n\n---\n\n${message}`
-    : message;
+  // opencode has no documented `--system` flag, so inject the Ticlawk
+  // runtime contract into every routed turn body.
+  const finalMessage = injectRuntimePrompt({
+    message,
+    runtimeBaseInstructions,
+    strategy: PROMPT_INJECTION_STRATEGY.PREPEND_EVERY_TURN,
+  }).message;
   return new Promise((resolve, reject) => {
     const startedAt = Date.now();
     const opencodeCommand = requireOpenCodePath(opencodePath);

package/src/runtimes/pi/session.mjs

@@ -15,6 +15,7 @@ import { randomUUID } from 'node:crypto';
 import { buildRuntimeEnv } from '../../core/runtime-env.mjs';
 import { getRuntimeExecutableConfig } from '../../core/config.mjs';
 import { isExecutablePath, resolveExecutable } from '../../core/executables.mjs';
+import { injectRuntimePrompt, PROMPT_INJECTION_STRATEGY } from '../_shared/prompt-injection.mjs';
 
 export const DEFAULT_PI_COMMAND = 'pi';
 export const PI_AGENT_DIR = process.env.PI_CODING_AGENT_DIR || `${homedir()}/.pi/agent`;
@@ -200,10 +201,13 @@ export function runPiPrompt({
   timeoutMs = Number(process.env.PI_RUN_TIMEOUT_MS || DEFAULT_PI_RUN_TIMEOUT_MS),
   onEvent,
 }) {
-  // pi has no documented system-prompt flag — prepend on first turn.
-  const finalMessage = runtimeBaseInstructions && !sessionId
-    ? `${runtimeBaseInstructions}\n\n---\n\n${message}`
-    : message;
+  // pi has no documented system-prompt flag, so inject the Ticlawk
+  // runtime contract into every routed turn body.
+  const finalMessage = injectRuntimePrompt({
+    message,
+    runtimeBaseInstructions,
+    strategy: PROMPT_INJECTION_STRATEGY.PREPEND_EVERY_TURN,
+  }).message;
   return new Promise((resolve, reject) => {
     const startedAt = Date.now();
     const piCommand = requirePiPath(piPath);