typeclaw 0.14.0 → 0.15.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "typeclaw",
-  "version": "0.14.0",
+  "version": "0.15.1",
   "homepage": "https://github.com/typeclaw/typeclaw#readme",
   "bugs": {
     "url": "https://github.com/typeclaw/typeclaw/issues"
@@ -46,7 +46,7 @@
     "@mariozechner/pi-coding-agent": "^0.67.3",
     "@mariozechner/pi-tui": "^0.67.3",
     "@mozilla/readability": "^0.6.0",
-    "agent-messenger": "2.18.0",
+    "agent-messenger": "2.19.0",
     "cheerio": "^1.2.0",
     "citty": "^0.2.2",
     "cron-parser": "^5.5.0",

package/src/agent/system-prompt.ts

@@ -151,19 +151,20 @@ TypeClaw runtime version: ${version}.`
 // would already be re-billed on each turn's user message — so this is
 // cache-free relative to the previous "## Now" placement.
 //
-// The block emits both English and Korean weekday names alongside the ISO
-// timestamp because models replying in a non-English language frequently
-// compute weekday-from-ISO incorrectly; pre-computing the weekday in both
-// candidate reply languages removes that arithmetic step entirely. The
-// framing is a single `<current-time>` XML tag for parity with other
-// runtime-injected per-turn blocks the agent already sees
-// (`<system-reminder>` etc.), so the model reads it as a structured anchor
-// rather than as content authored by a human in the chat.
+// The block emits the English weekday name alongside the ISO timestamp
+// because models frequently compute weekday-from-ISO incorrectly;
+// pre-computing it removes that arithmetic step entirely. English only:
+// TypeClaw's users are global, so the anchor uses one canonical language
+// and leaves reply language to each agent's SOUL.md. The framing is a
+// single `<current-time>` XML tag for parity with other runtime-injected
+// per-turn blocks the agent already sees (`<system-reminder>` etc.), so
+// the model reads it as a structured anchor rather than as content
+// authored by a human in the chat.
 export function renderTurnTimeAnchor(now: Date = new Date()): string {
   const iso = formatLocalDateTime(now)
   const zone = resolveLocalTimezoneName()
   const weekday = formatLocalWeekday(now)
-  return `<current-time>${iso} (${zone}, ${weekday.en} / ${weekday.ko})</current-time>`
+  return `<current-time>${iso} (${zone}, ${weekday})</current-time>`
 }
 
 // Compact replacement for DEFAULT_SYSTEM_PROMPT, used by non-interactive

package/src/agent/tools/channel-reply.ts

@@ -10,7 +10,7 @@ import {
 import type { AdapterId } from '@/channels/schema'
 
 import { type ChannelToolLogger, consoleChannelLogger, formatChannelToolFailure } from './channel-log'
-import { fenceRuntimeNotice } from './runtime-notice'
+import { fenceRuntimeNotice, fenceToolResult } from './runtime-notice'
 
 export type ChannelReplyOrigin = {
   adapter: AdapterId
@@ -138,34 +138,37 @@ export function createChannelReplyTool({
       // Without this echo, a model that splits a multi-part reply has no
       // way to tell "did I already send part 1?" from "I haven't started
       // yet", and routinely re-sends near-duplicates within the same turn
-      // (observed in production: two consecutive identical
-      // greeting messages to one prompt).
+      // (observed in production: two consecutive identical greeting messages
+      // to one prompt).
       //
-      // We deliberately do NOT cap sends-per-turn here. A complex user
-      // request legitimately needs split replies, and a hard cap would
-      // mutilate that. The fix is to give the model honest feedback —
-      // show it what it sent, let it decide whether to continue.
-      // Truncate past 500 chars so a long reply doesn't double the prompt
-      // size on every subsequent iteration; the prefix is enough to detect
-      // duplication, and the full text is recoverable from the session
-      // JSONL if needed.
-      const echo = renderOutboundEcho(text, attachments)
-      const baseText = result.ok
-        ? `posted to ${origin.adapter}:${origin.workspace}/${origin.chat}: ${echo}`
-        : `channel_reply denied: ${result.error}`
-      const hint = result.ok
-        ? consecutiveSendHint(
-            router.getConsecutiveSendCount({
-              adapter: origin.adapter,
-              workspace: origin.workspace,
-              chat: origin.chat,
-              thread: origin.thread,
-            }),
-          )
-        : ''
-      const body = hint ? `${baseText}${hint}` : baseText
+      // The echo is the model's OWN words, which is uniquely seductive to
+      // "reply" to, so on the success path we wrap the whole result in the
+      // strong SYSTEM MESSAGE fence (`fenceToolResult`) rather than the weak
+      // `[system: tool result...]` prefix — the prefix did not stop Kimi from
+      // answering its own echo and looping (PR #481). Denials carry no echoed
+      // prose (just machine error text), so they keep the lighter prefix.
+      if (result.ok) {
+        const echo = renderOutboundEcho(text, attachments)
+        const receipt = `posted to ${origin.adapter}:${origin.workspace}/${origin.chat}: ${echo}`
+        const hint = consecutiveSendHint(
+          router.getConsecutiveSendCount({
+            adapter: origin.adapter,
+            workspace: origin.workspace,
+            chat: origin.chat,
+            thread: origin.thread,
+          }),
+        )
+        // Keep fenceToolResult here — do NOT "unify" the success branch back to
+        // TOOL_RESULT_PREFIX to match the denial branch below. The prefix is
+        // intentionally weaker and is safe ONLY because denials carry no echoed
+        // prose; the success result does, and the weak prefix let Kimi loop.
+        return {
+          content: [{ type: 'text' as const, text: `${fenceToolResult(receipt)}${hint}` }],
+          details,
+        }
+      }
       return {
-        content: [{ type: 'text' as const, text: `${TOOL_RESULT_PREFIX}${body}` }],
+        content: [{ type: 'text' as const, text: `${TOOL_RESULT_PREFIX}channel_reply denied: ${result.error}` }],
         details,
       }
     },
@@ -188,6 +191,13 @@ export function renderEcho(text: string): string {
   return `${JSON.stringify(text.slice(0, ECHO_MAX_CHARS))}... (${text.length} chars total)`
 }
 
+// DO NOT remove this echo or replace it with a hash/length-only "receipt" to
+// stop the self-reply loop (PR #481). That trade was tried and rejected: the
+// echo is the model's only view of what it already said (the inbound path
+// drops self-authored messages), so without the FULL text a split reply
+// re-sends near-duplicates — the exact bug 58c62c1 added the echo to fix, and
+// a fingerprint cannot catch paraphrased near-dupes. The loop is solved by
+// FENCING this echo (see fenceToolResult call site below), not by removing it.
 export function renderOutboundEcho(
   text: string | undefined,
   attachments: ReadonlyArray<{ path: string; filename?: string }> | undefined,

package/src/agent/tools/channel-send.ts

@@ -11,7 +11,7 @@ import { ADAPTER_IDS, type AdapterId } from '@/channels/schema'
 
 import { type ChannelToolLogger, consoleChannelLogger, formatChannelToolFailure } from './channel-log'
 import { renderOutboundEcho, TOOL_RESULT_PREFIX } from './channel-reply'
-import { fenceRuntimeNotice } from './runtime-notice'
+import { fenceRuntimeNotice, fenceToolResult } from './runtime-notice'
 
 export type ChannelSendOrigin = {
   adapter: AdapterId
@@ -154,12 +154,13 @@ export function createChannelSendTool({ router, origin, logger = consoleChannelL
         )
       }
       const details: { ok: boolean; error?: string } = result.ok ? { ok: true } : { ok: false, error: result.error }
-      const echo = renderOutboundEcho(bodyText, attachments)
-      const baseText = result.ok
-        ? `posted to ${params.adapter}:${params.workspace}/${params.chat}: ${echo}`
-        : `channel_send denied: ${result.error}`
-      const hints: string[] = []
+      // Success wraps the echoed sent text in the strong SYSTEM MESSAGE fence;
+      // denials keep the lighter prefix. See channel-reply.ts for the full
+      // rationale (PR #481 self-reply loop).
       if (result.ok) {
+        const echo = renderOutboundEcho(bodyText, attachments)
+        const receipt = `posted to ${params.adapter}:${params.workspace}/${params.chat}: ${echo}`
+        const hints: string[] = []
         const consecutive = consecutiveSendHint(
           router.getConsecutiveSendCount({
             adapter,
@@ -177,10 +178,14 @@ export function createChannelSendTool({ router, origin, logger = consoleChannelL
           thread: params.thread,
         })
         if (threadMismatch) hints.push(threadMismatch)
+
+        return {
+          content: [{ type: 'text' as const, text: `${fenceToolResult(receipt)}${hints.join('')}` }],
+          details,
+        }
       }
-      const body = hints.length > 0 ? `${baseText}${hints.join('')}` : baseText
       return {
-        content: [{ type: 'text' as const, text: `${TOOL_RESULT_PREFIX}${body}` }],
+        content: [{ type: 'text' as const, text: `${TOOL_RESULT_PREFIX}channel_send denied: ${result.error}` }],
         details,
       }
     },

package/src/agent/tools/runtime-notice.ts

@@ -39,3 +39,31 @@ export function fenceRuntimeNotice(body: string): string {
     '---'
   )
 }
+
+// Wraps a channel tool result (delivery confirmation + echoed sent text) in the
+// SAME canonical SYSTEM MESSAGE framing as fenceRuntimeNotice — but as the
+// ENTIRE result body, not an appended hint, so there is no unfenced prose for
+// the model to read as conversation.
+//
+// The echoed sent text is load-bearing (the bot has no other view of what it
+// just said — the inbound path drops self-authored messages — so without it a
+// split reply re-sends near-duplicates). But that text is the model's OWN
+// words, which is uniquely seductive to "reply" to: a persona-rich model
+// (Kimi K2 on the GitHub channel, PR #481) read its own delivered prose as a
+// fresh user turn and answered it ("you're welcome!", "aww thanks!") until the
+// per-turn send cap. The weak `[system: tool result...]` prefix did not stop
+// the misread; the full fence — bracketed marker, horizontal-rule fences,
+// explicit "Do not reply" closer — has months of production track record
+// against Kimi (it already wraps the consecutive-send and thread-mismatch
+// hints). Reusing the exact same shape extends that protection to the echo.
+export function fenceToolResult(receipt: string): string {
+  return (
+    '---\n' +
+    '**[SYSTEM MESSAGE — not from a human]**\n\n' +
+    receipt +
+    '\n\nThe text above is your OWN already-delivered message, echoed back so ' +
+    'you can see what you sent — it is NOT a new message from anyone in the ' +
+    'chat. **Do not acknowledge or reply to it.**\n' +
+    '---'
+  )
+}

package/src/agent/tools/webfetch/tool.ts

@@ -24,6 +24,7 @@ export const webfetchTool = defineTool({
   description:
     'Fetch a single HTTP(S) URL and return the body, optionally compacted by a strategy. ' +
     'Use this when the user references a specific URL or when websearch surfaced a result you need to read in full. ' +
+    'If `spawn_subagent` is available to you, PREFER delegating to the `scout` subagent by default: spawn it whenever you expect more than one fetch, an "across multiple sources" task, or any search-then-fetch loop. Scout runs the noisy fetching in its own context window and returns a distilled, citation-backed answer, keeping bulky page bodies out of yours. Only call this tool directly for a single known URL whose content you will cite immediately — or whenever you cannot spawn subagents (e.g. you are yourself a subagent), in which case fetch here. ' +
     'Outbound requests impersonate Chrome 136 at the TLS, HTTP/2, and header layers ' +
     '(via curl-impersonate), which helps with TLS/header fingerprint gates on sites behind Cloudflare/Akamai. ' +
     'It does NOT solve JavaScript challenges, behavioural fingerprinting (mouse/scroll/timing), interactive CAPTCHAs, ' +

package/src/agent/tools/websearch.ts

@@ -20,7 +20,8 @@ export const websearchTool = defineTool({
   name: 'websearch',
   label: 'Web Search',
   description:
-    'Search the public web. Returns a ranked list of {title, url, snippet} entries. Use `source: "wikipedia"` for encyclopedic lookups; otherwise default to general web results from DuckDuckGo. Pair this with the `read` tool by visiting URLs you find with `bash` (curl) when you need full page contents.',
+    'Search the public web. Returns a ranked list of {title, url, snippet} entries. Use `source: "wikipedia"` for encyclopedic lookups; otherwise default to general web results from DuckDuckGo. Pair this with the `read` tool by visiting URLs you find with `bash` (curl) when you need full page contents.\n' +
+    'If `spawn_subagent` is available to you, PREFER delegating to the `scout` subagent by default: spawn it whenever the research is non-trivial (more than 1-2 queries, any "across multiple sources" framing, or follow-up fetches of the results). Scout runs `websearch`/`webfetch` in its own context window and returns a distilled, citation-backed answer, so the search churn never pollutes yours. Only call this tool directly for a single query whose top result you will cite immediately — or whenever you cannot spawn subagents (e.g. you are yourself a subagent), in which case run the searches here.',
   parameters: Type.Object({
     query: Type.String({ description: 'The search query.' }),
     limit: Type.Optional(

package/src/channels/adapters/discord-bot.ts

@@ -393,7 +393,14 @@ export function createOutboundCallback(deps: {
     }
 
     try {
-      const sent = await client.sendMessage(msg.chat, text, msg.thread ? { thread_id: msg.thread } : undefined)
+      const sendOptions: { thread_id?: string; reply_to?: string } = {}
+      if (msg.thread) sendOptions.thread_id = msg.thread
+      if (msg.replyTo?.externalMessageId) sendOptions.reply_to = msg.replyTo.externalMessageId
+      const sent = await client.sendMessage(
+        msg.chat,
+        text,
+        Object.keys(sendOptions).length > 0 ? sendOptions : undefined,
+      )
       logger.info(`[discord-bot] sent id=${sent.id} ${tag}`)
       return { ok: true }
     } catch (err) {

package/src/channels/adapters/kakaotalk-format.ts

@@ -0,0 +1,239 @@
+// KakaoTalk's LOCO protocol renders no rich text — bytes display verbatim, so
+// the agent's Markdown (`**bold**`, `### heading`, fenced ```blocks```) leaks
+// literal `*`/`#`/backtick noise into the chat. This strips the formatting
+// markers and keeps the content. Mirrors telegram-bot-format.ts, but emits
+// plain content instead of re-encoding to MarkdownV2. Links collapse to
+// `label (url)` so the destination survives; list/quote markers stay (they
+// read fine unrendered).
+
+export function toKakaoPlainText(input: string): string {
+  // Pull fenced code out first so a `*` inside a block is not re-tokenized as
+  // italic.
+  const out: string[] = []
+  let i = 0
+  while (i < input.length) {
+    if (matchesAt(input, i, '```')) {
+      const fenceEnd = findFenceEnd(input, i + 3)
+      if (fenceEnd !== -1) {
+        out.push(renderFence(input.slice(i + 3, fenceEnd)))
+        i = fenceEnd + 3
+        continue
+      }
+      // Unterminated fence — strip the open backticks and render the rest
+      // inline so we never infinite-loop and never drop the tail.
+      out.push(renderInline(stripLeadingFence(input.slice(i + 3))))
+      break
+    }
+    const nextFence = input.indexOf('```', i)
+    const segmentEnd = nextFence === -1 ? input.length : nextFence
+    out.push(renderLines(input.slice(i, segmentEnd)))
+    i = segmentEnd
+  }
+  return out.join('')
+}
+
+function matchesAt(s: string, idx: number, needle: string): boolean {
+  return s.slice(idx, idx + needle.length) === needle
+}
+
+function findFenceEnd(s: string, start: number): number {
+  return s.indexOf('```', start)
+}
+
+function stripLeadingFence(inner: string): string {
+  // Drop an optional language hint and the newline after an opening fence.
+  const newline = inner.indexOf('\n')
+  if (newline === -1) return inner
+  const candidate = inner.slice(0, newline).trim()
+  if (candidate === '' || /^[A-Za-z0-9_+\-.]+$/.test(candidate)) {
+    return inner.slice(newline + 1)
+  }
+  return inner
+}
+
+function renderFence(inner: string): string {
+  // Keep the code body verbatim, drop the fences and any language hint.
+  let body = inner
+  const newline = inner.indexOf('\n')
+  if (newline !== -1) {
+    const candidate = inner.slice(0, newline).trim()
+    if (candidate === '' || /^[A-Za-z0-9_+\-.]+$/.test(candidate)) {
+      body = inner.slice(newline + 1)
+    }
+  }
+  if (body.endsWith('\n')) body = body.slice(0, -1)
+  return body
+}
+
+// Strip per-line block markers (heading hashes, blockquote arrows) before
+// running the inline tokenizer on each line. List markers (`- `, `* `, `1.`)
+// are left intact — they read fine as plain text and signal structure.
+function renderLines(text: string): string {
+  const lines = text.split('\n')
+  const rendered = lines.map((line) => renderInline(stripBlockMarkers(line)))
+  return rendered.join('\n')
+}
+
+function stripBlockMarkers(line: string): string {
+  // `### heading` → `heading`; `> quote` → `quote`. Only acts on leading
+  // markers after optional indentation so mid-line `#`/`>` stay literal.
+  const heading = /^(\s*)#{1,6}\s+(.*)$/.exec(line)
+  if (heading !== null) return heading[1]! + heading[2]!
+  const quote = /^(\s*)>\s?(.*)$/.exec(line)
+  if (quote !== null) return quote[1]! + quote[2]!
+  return line
+}
+
+// Inline tokenizer. Recognizes (in priority order):
+//   1. Inline code:   `code`        → code
+//   2. Links:         [text](url)   → text (url)
+//   3. Bold:          **text** / __text__ → text
+//   4. Strikethrough: ~~text~~      → text
+//   5. Italic:        *text* / _text_     → text
+//
+// Bold is checked before italic so `**` is not eaten as two italic markers.
+// Word-boundary guards keep snake_case identifiers and `a*b` math from being
+// mistaken for emphasis — the same rules the Telegram formatter uses.
+function renderInline(text: string): string {
+  const out: string[] = []
+  let i = 0
+  while (i < text.length) {
+    const ch = text[i]!
+
+    if (ch === '`') {
+      const close = text.indexOf('`', i + 1)
+      if (close !== -1) {
+        out.push(text.slice(i + 1, close))
+        i = close + 1
+        continue
+      }
+    }
+
+    if (ch === '[') {
+      const link = parseLink(text, i)
+      if (link !== null) {
+        const label = renderInline(link.label)
+        out.push(link.url === '' ? label : `${label} (${link.url})`)
+        i = link.end
+        continue
+      }
+    }
+
+    if (ch === '*' && text[i + 1] === '*') {
+      const close = findClose(text, i + 2, '**')
+      if (close !== -1 && close > i + 2) {
+        out.push(renderInline(text.slice(i + 2, close)))
+        i = close + 2
+        continue
+      }
+    }
+    if (ch === '_' && text[i + 1] === '_' && !isWordChar(text[i - 1])) {
+      const close = findClose(text, i + 2, '__')
+      if (close !== -1 && close > i + 2 && !isWordChar(text[close + 2])) {
+        out.push(renderInline(text.slice(i + 2, close)))
+        i = close + 2
+        continue
+      }
+    }
+
+    if (ch === '~' && text[i + 1] === '~') {
+      const close = findClose(text, i + 2, '~~')
+      if (close !== -1 && close > i + 2) {
+        out.push(renderInline(text.slice(i + 2, close)))
+        i = close + 2
+        continue
+      }
+    }
+
+    if (ch === '*' && !isWordChar(text[i - 1])) {
+      const close = findInlineClose(text, i + 1, '*')
+      if (close !== -1 && !isWordChar(text[close + 1])) {
+        const inner = text.slice(i + 1, close)
+        if (inner !== '' && !/^\s|\s$/.test(inner)) {
+          out.push(renderInline(inner))
+          i = close + 1
+          continue
+        }
+      }
+    }
+    if (ch === '_' && !isWordChar(text[i - 1])) {
+      const close = findInlineClose(text, i + 1, '_')
+      if (close !== -1 && !isWordChar(text[close + 1])) {
+        const inner = text.slice(i + 1, close)
+        if (inner !== '' && !/^\s|\s$/.test(inner)) {
+          out.push(renderInline(inner))
+          i = close + 1
+          continue
+        }
+      }
+    }
+
+    out.push(ch)
+    i++
+  }
+  return out.join('')
+}
+
+function findClose(text: string, from: number, marker: string): number {
+  let i = from
+  while (i <= text.length - marker.length) {
+    if (text[i] === '\\') {
+      i += 2
+      continue
+    }
+    if (matchesAt(text, i, marker)) return i
+    i++
+  }
+  return -1
+}
+
+function findInlineClose(text: string, from: number, marker: string): number {
+  let i = from
+  while (i < text.length) {
+    if (text[i] === '\n') return -1
+    if (text[i] === '\\') {
+      i += 2
+      continue
+    }
+    if (matchesAt(text, i, marker)) return i
+    i++
+  }
+  return -1
+}
+
+function parseLink(text: string, start: number): { label: string; url: string; end: number } | null {
+  let i = start + 1
+  const labelStart = i
+  while (i < text.length) {
+    const c = text[i]!
+    if (c === '\\') {
+      i += 2
+      continue
+    }
+    if (c === ']') break
+    if (c === '\n') return null
+    i++
+  }
+  if (text[i] !== ']' || text[i + 1] !== '(') return null
+  const label = text.slice(labelStart, i)
+  const urlStart = i + 2
+  let j = urlStart
+  while (j < text.length) {
+    const c = text[j]!
+    if (c === '\\') {
+      j += 2
+      continue
+    }
+    if (c === ')') break
+    if (c === '(') return null
+    if (c === '\n') return null
+    j++
+  }
+  if (text[j] !== ')') return null
+  return { label, url: text.slice(urlStart, j), end: j + 1 }
+}
+
+function isWordChar(ch: string | undefined): boolean {
+  if (ch === undefined) return false
+  return /[A-Za-z0-9_]/.test(ch)
+}

package/src/channels/adapters/kakaotalk.ts

@@ -8,6 +8,7 @@ import {
   type KakaoMember,
   type KakaoMessage,
   type KakaoProfile,
+  type KakaoReplyTarget,
   type KakaoSendResult,
   type KakaoTalkListenerEventMap,
   type KakaoTalkPushEmoticonEvent,
@@ -15,7 +16,7 @@ import {
 } from 'agent-messenger/kakaotalk'
 import type { KakaoAccountCredentials, KakaoConfig, PendingLoginState } from 'agent-messenger/kakaotalk'
 
-import type { ChannelRouter } from '@/channels/router'
+import { prependQuoteAnchor, type ChannelRouter } from '@/channels/router'
 import type { ChannelAdapterConfig } from '@/channels/schema'
 import type {
   ChannelHistoryMessage,
@@ -39,6 +40,7 @@ import { createKakaoAuthorResolver, type KakaoAuthorResolver } from './kakaotalk
 import { createKakaoChannelResolver, type KakaoChannelResolver } from './kakaotalk-channel-resolver'
 import { classifyInbound, type InboundDropReason } from './kakaotalk-classify'
 import { createFetchAttachmentCallback } from './kakaotalk-fetch-attachment'
+import { toKakaoPlainText } from './kakaotalk-format'
 
 // Structural duck-type of the upstream KakaoTalkClient class. The upstream
 // type is a class with private fields, and TypeScript treats those
@@ -53,7 +55,7 @@ export interface KakaoTalkClient {
   ): Promise<this>
   getChats(options?: { all?: boolean; search?: string }): Promise<KakaoChat[]>
   getMessages(chatId: string, options?: { count?: number; from?: string }): Promise<KakaoMessage[]>
-  sendMessage(chatId: string, text: string): Promise<KakaoSendResult>
+  sendMessage(chatId: string, text: string, options?: { replyTo?: KakaoReplyTarget }): Promise<KakaoSendResult>
   sendAttachment(
     chatId: string,
     data: Uint8Array | Buffer,
@@ -160,6 +162,11 @@ export type KakaotalkAdapter = {
 
 export const KAKAO_HISTORY_LIMIT_MAX = 200
 
+// How far back to scan for a reply target's source message. Matches the upstream
+// CLI's window; an anchored reply targets the message just answered, so the
+// target is almost always near the head of this window.
+const KAKAO_REPLY_LOOKUP_COUNT = 100
+
 function formatLabel(name: string | undefined, id: string, prefix = ''): string {
   if (name === undefined || name === '' || name === id) return id
   return `${prefix}${name}(${id})`
@@ -171,7 +178,7 @@ async function readAttachmentBuffer(path: string): Promise<Buffer> {
 }
 
 export function createOutboundCallback(deps: {
-  client: Pick<KakaoTalkClient, 'sendMessage' | 'sendAttachment'>
+  client: Pick<KakaoTalkClient, 'sendMessage' | 'sendAttachment' | 'getMessages'>
   logger: KakaotalkAdapterLogger
   formatChannelTag: (workspace: string, chat: string) => Promise<string>
   readFile?: (path: string) => Promise<Buffer>
@@ -182,7 +189,7 @@ export function createOutboundCallback(deps: {
     if (msg.adapter !== 'kakaotalk') {
       return { ok: false, error: `unknown adapter: ${msg.adapter}` }
     }
-    const text = msg.text ?? ''
+    const text = toKakaoPlainText(msg.text ?? '')
     const attachments = msg.attachments ?? []
     if (text === '' && attachments.length === 0) {
       return { ok: false, error: 'message has neither text nor attachments' }
@@ -221,8 +228,26 @@ export function createOutboundCallback(deps: {
     }
 
     if (text !== '') {
+      // KakaoTalk's native reply payload is built from the *source* message
+      // (author, original text, type), which the SDK does not derive from a
+      // bare log_id — we resolve it from recent history. If that lookup can't
+      // find the target (scrolled past the window, or the fetch failed), we
+      // degrade to the same blockquote anchor the router uses for quote-mode
+      // adapters, so the reply still visibly references the right message.
+      let outboundText = text
+      let replyTarget: KakaoReplyTarget | undefined
+      if (msg.replyTo !== undefined) {
+        replyTarget = await resolveKakaoReplyTarget(client, msg.chat, msg.replyTo.externalMessageId, logger)
+        if (replyTarget === undefined && msg.replyTo.source !== undefined) {
+          outboundText = prependQuoteAnchor(text, msg.replyTo.source)
+        }
+      }
       try {
-        const result = await client.sendMessage(msg.chat, text)
+        const result = await client.sendMessage(
+          msg.chat,
+          outboundText,
+          replyTarget !== undefined ? { replyTo: replyTarget } : undefined,
+        )
         if (!result.success) {
           logger.error(`[kakaotalk] sendMessage status_code=${result.status_code} ${tag}`)
           return { ok: false, error: `kakaotalk send failed with status ${result.status_code}` }
@@ -239,6 +264,30 @@ export function createOutboundCallback(deps: {
   }
 }
 
+// KakaoTalk replies need the full source message, not just its log_id. Resolve
+// it from the chat's recent history (matching the upstream CLI's approach).
+// Returns undefined when the target isn't in the fetched window or the fetch
+// throws — the caller degrades to the blockquote fallback in that case.
+async function resolveKakaoReplyTarget(
+  client: Pick<KakaoTalkClient, 'getMessages'>,
+  chatId: string,
+  externalMessageId: string,
+  logger: KakaotalkAdapterLogger,
+): Promise<KakaoReplyTarget | undefined> {
+  try {
+    const messages = await client.getMessages(chatId, { count: KAKAO_REPLY_LOOKUP_COUNT })
+    const target = messages.find((m) => m.log_id === externalMessageId)
+    if (target === undefined) {
+      logger.warn(`[kakaotalk] reply target log_id=${externalMessageId} not in last ${KAKAO_REPLY_LOOKUP_COUNT}`)
+      return undefined
+    }
+    return { log_id: target.log_id, author_id: target.author_id, message: target.message, type: target.type }
+  } catch (err) {
+    logger.warn(`[kakaotalk] reply target lookup failed: ${describe(err)}`)
+    return undefined
+  }
+}
+
 export function createKakaoHistoryCallback(deps: {
   client: Pick<KakaoTalkClient, 'getMessages'>
   logger: KakaotalkAdapterLogger

package/src/channels/adapters/telegram-bot.ts

@@ -251,8 +251,12 @@ export function createOutboundCallback(deps: {
 
     try {
       const rendered = toTelegramMarkdownV2(text)
-      const sendOptions: { message_thread_id?: number; parse_mode: 'MarkdownV2' } = { parse_mode: 'MarkdownV2' }
+      const sendOptions: { message_thread_id?: number; reply_to_message_id?: number; parse_mode: 'MarkdownV2' } = {
+        parse_mode: 'MarkdownV2',
+      }
       if (threadId !== undefined) sendOptions.message_thread_id = threadId
+      const replyToId = parseTelegramMessageId(msg.replyTo?.externalMessageId)
+      if (replyToId !== undefined) sendOptions.reply_to_message_id = replyToId
       const sent = await client.sendMessage(msg.chat, rendered, sendOptions)
       logger.info(`[telegram-bot] sent message_id=${sent.message_id} ${tag}`)
       return { ok: true }
@@ -270,6 +274,12 @@ function parseThreadId(thread: string | null | undefined): number | undefined {
   return Number.isFinite(n) ? n : undefined
 }
 
+function parseTelegramMessageId(id: string | null | undefined): number | undefined {
+  if (id === null || id === undefined || id === '') return undefined
+  const n = Number(id)
+  return Number.isInteger(n) && n > 0 ? n : undefined
+}
+
 type TelegramFileResponse = {
   ok: boolean
   result?: { file_id: string; file_unique_id: string; file_size?: number; file_path?: string }