typeclaw 0.15.0 → 0.15.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "typeclaw",
-  "version": "0.15.0",
+  "version": "0.15.2",
   "homepage": "https://github.com/typeclaw/typeclaw#readme",
   "bugs": {
     "url": "https://github.com/typeclaw/typeclaw/issues"

package/src/agent/system-prompt.ts

@@ -151,19 +151,20 @@ TypeClaw runtime version: ${version}.`
 // would already be re-billed on each turn's user message — so this is
 // cache-free relative to the previous "## Now" placement.
 //
-// The block emits both English and Korean weekday names alongside the ISO
-// timestamp because models replying in a non-English language frequently
-// compute weekday-from-ISO incorrectly; pre-computing the weekday in both
-// candidate reply languages removes that arithmetic step entirely. The
-// framing is a single `<current-time>` XML tag for parity with other
-// runtime-injected per-turn blocks the agent already sees
-// (`<system-reminder>` etc.), so the model reads it as a structured anchor
-// rather than as content authored by a human in the chat.
+// The block emits the English weekday name alongside the ISO timestamp
+// because models frequently compute weekday-from-ISO incorrectly;
+// pre-computing it removes that arithmetic step entirely. English only:
+// TypeClaw's users are global, so the anchor uses one canonical language
+// and leaves reply language to each agent's SOUL.md. The framing is a
+// single `<current-time>` XML tag for parity with other runtime-injected
+// per-turn blocks the agent already sees (`<system-reminder>` etc.), so
+// the model reads it as a structured anchor rather than as content
+// authored by a human in the chat.
 export function renderTurnTimeAnchor(now: Date = new Date()): string {
   const iso = formatLocalDateTime(now)
   const zone = resolveLocalTimezoneName()
   const weekday = formatLocalWeekday(now)
-  return `<current-time>${iso} (${zone}, ${weekday.en} / ${weekday.ko})</current-time>`
+  return `<current-time>${iso} (${zone}, ${weekday})</current-time>`
 }
 
 // Compact replacement for DEFAULT_SYSTEM_PROMPT, used by non-interactive

package/src/agent/tools/channel-reply.ts

@@ -10,7 +10,7 @@ import {
 import type { AdapterId } from '@/channels/schema'
 
 import { type ChannelToolLogger, consoleChannelLogger, formatChannelToolFailure } from './channel-log'
-import { fenceRuntimeNotice } from './runtime-notice'
+import { fenceRuntimeNotice, fenceToolResult } from './runtime-notice'
 
 export type ChannelReplyOrigin = {
   adapter: AdapterId
@@ -71,11 +71,20 @@ export function createChannelReplyTool({
           },
         ),
       ),
+      continue: Type.Optional(
+        Type.Boolean({
+          description:
+            'Set `true` ONLY when this reply is a mid-turn status update (e.g. "working on it…") and you still have work to do THIS turn — fetching data, running a tool, spawning a subagent, then replying again. ' +
+            'A normal reply omits this: by default a successful reply ends the turn (no wasted follow-up LLM call). ' +
+            'Do not set it just to seem responsive; only when genuine multi-step work follows in the same turn.',
+        }),
+      ),
     }),
 
     async execute(_toolCallId, params) {
       const text = params.text
       const attachments = params.attachments
+      const keepTurnAlive = params.continue === true
       if ((text === undefined || text === '') && (attachments === undefined || attachments.length === 0)) {
         logger.warn(formatChannelToolFailure('channel_reply', 'missing text and attachments'))
         return {
@@ -130,7 +139,14 @@ export function createChannelReplyTool({
           ),
         )
       }
-      const details: { ok: boolean; error?: string } = result.ok ? { ok: true } : { ok: false, error: result.error }
+      // `continue` is read by the router's terminal hook (installChannelReplyTerminalHook),
+      // not by this tool — it suppresses the post-reply abort so a multi-step turn
+      // keeps going. Success-only: a denied reply never ran, so there is no turn to keep.
+      const details: { ok: boolean; error?: string; continue?: boolean } = result.ok
+        ? keepTurnAlive
+          ? { ok: true, continue: true }
+          : { ok: true }
+        : { ok: false, error: result.error }
       // Echo the delivered text back to the model. The adapter classifier
       // drops self-authored messages on the inbound path (`self_author`),
       // so the bot otherwise has ZERO visibility into what it just said —
@@ -138,34 +154,37 @@ export function createChannelReplyTool({
       // Without this echo, a model that splits a multi-part reply has no
       // way to tell "did I already send part 1?" from "I haven't started
       // yet", and routinely re-sends near-duplicates within the same turn
-      // (observed in production: two consecutive identical
-      // greeting messages to one prompt).
+      // (observed in production: two consecutive identical greeting messages
+      // to one prompt).
       //
-      // We deliberately do NOT cap sends-per-turn here. A complex user
-      // request legitimately needs split replies, and a hard cap would
-      // mutilate that. The fix is to give the model honest feedback —
-      // show it what it sent, let it decide whether to continue.
-      // Truncate past 500 chars so a long reply doesn't double the prompt
-      // size on every subsequent iteration; the prefix is enough to detect
-      // duplication, and the full text is recoverable from the session
-      // JSONL if needed.
-      const echo = renderOutboundEcho(text, attachments)
-      const baseText = result.ok
-        ? `posted to ${origin.adapter}:${origin.workspace}/${origin.chat}: ${echo}`
-        : `channel_reply denied: ${result.error}`
-      const hint = result.ok
-        ? consecutiveSendHint(
-            router.getConsecutiveSendCount({
-              adapter: origin.adapter,
-              workspace: origin.workspace,
-              chat: origin.chat,
-              thread: origin.thread,
-            }),
-          )
-        : ''
-      const body = hint ? `${baseText}${hint}` : baseText
+      // The echo is the model's OWN words, which is uniquely seductive to
+      // "reply" to, so on the success path we wrap the whole result in the
+      // strong SYSTEM MESSAGE fence (`fenceToolResult`) rather than the weak
+      // `[system: tool result...]` prefix — the prefix did not stop Kimi from
+      // answering its own echo and looping (PR #481). Denials carry no echoed
+      // prose (just machine error text), so they keep the lighter prefix.
+      if (result.ok) {
+        const echo = renderOutboundEcho(text, attachments)
+        const receipt = `posted to ${origin.adapter}:${origin.workspace}/${origin.chat}: ${echo}`
+        const hint = consecutiveSendHint(
+          router.getConsecutiveSendCount({
+            adapter: origin.adapter,
+            workspace: origin.workspace,
+            chat: origin.chat,
+            thread: origin.thread,
+          }),
+        )
+        // Keep fenceToolResult here — do NOT "unify" the success branch back to
+        // TOOL_RESULT_PREFIX to match the denial branch below. The prefix is
+        // intentionally weaker and is safe ONLY because denials carry no echoed
+        // prose; the success result does, and the weak prefix let Kimi loop.
+        return {
+          content: [{ type: 'text' as const, text: `${fenceToolResult(receipt)}${hint}` }],
+          details,
+        }
+      }
       return {
-        content: [{ type: 'text' as const, text: `${TOOL_RESULT_PREFIX}${body}` }],
+        content: [{ type: 'text' as const, text: `${TOOL_RESULT_PREFIX}channel_reply denied: ${result.error}` }],
         details,
       }
     },
@@ -188,6 +207,13 @@ export function renderEcho(text: string): string {
   return `${JSON.stringify(text.slice(0, ECHO_MAX_CHARS))}... (${text.length} chars total)`
 }
 
+// DO NOT remove this echo or replace it with a hash/length-only "receipt" to
+// stop the self-reply loop (PR #481). That trade was tried and rejected: the
+// echo is the model's only view of what it already said (the inbound path
+// drops self-authored messages), so without the FULL text a split reply
+// re-sends near-duplicates — the exact bug 58c62c1 added the echo to fix, and
+// a fingerprint cannot catch paraphrased near-dupes. The loop is solved by
+// FENCING this echo (see fenceToolResult call site below), not by removing it.
 export function renderOutboundEcho(
   text: string | undefined,
   attachments: ReadonlyArray<{ path: string; filename?: string }> | undefined,

package/src/agent/tools/channel-send.ts

@@ -11,7 +11,7 @@ import { ADAPTER_IDS, type AdapterId } from '@/channels/schema'
 
 import { type ChannelToolLogger, consoleChannelLogger, formatChannelToolFailure } from './channel-log'
 import { renderOutboundEcho, TOOL_RESULT_PREFIX } from './channel-reply'
-import { fenceRuntimeNotice } from './runtime-notice'
+import { fenceRuntimeNotice, fenceToolResult } from './runtime-notice'
 
 export type ChannelSendOrigin = {
   adapter: AdapterId
@@ -154,12 +154,13 @@ export function createChannelSendTool({ router, origin, logger = consoleChannelL
         )
       }
       const details: { ok: boolean; error?: string } = result.ok ? { ok: true } : { ok: false, error: result.error }
-      const echo = renderOutboundEcho(bodyText, attachments)
-      const baseText = result.ok
-        ? `posted to ${params.adapter}:${params.workspace}/${params.chat}: ${echo}`
-        : `channel_send denied: ${result.error}`
-      const hints: string[] = []
+      // Success wraps the echoed sent text in the strong SYSTEM MESSAGE fence;
+      // denials keep the lighter prefix. See channel-reply.ts for the full
+      // rationale (PR #481 self-reply loop).
       if (result.ok) {
+        const echo = renderOutboundEcho(bodyText, attachments)
+        const receipt = `posted to ${params.adapter}:${params.workspace}/${params.chat}: ${echo}`
+        const hints: string[] = []
         const consecutive = consecutiveSendHint(
           router.getConsecutiveSendCount({
             adapter,
@@ -177,10 +178,14 @@ export function createChannelSendTool({ router, origin, logger = consoleChannelL
           thread: params.thread,
         })
         if (threadMismatch) hints.push(threadMismatch)
+
+        return {
+          content: [{ type: 'text' as const, text: `${fenceToolResult(receipt)}${hints.join('')}` }],
+          details,
+        }
       }
-      const body = hints.length > 0 ? `${baseText}${hints.join('')}` : baseText
       return {
-        content: [{ type: 'text' as const, text: `${TOOL_RESULT_PREFIX}${body}` }],
+        content: [{ type: 'text' as const, text: `${TOOL_RESULT_PREFIX}channel_send denied: ${result.error}` }],
         details,
       }
     },

package/src/agent/tools/runtime-notice.ts

@@ -39,3 +39,31 @@ export function fenceRuntimeNotice(body: string): string {
     '---'
   )
 }
+
+// Wraps a channel tool result (delivery confirmation + echoed sent text) in the
+// SAME canonical SYSTEM MESSAGE framing as fenceRuntimeNotice — but as the
+// ENTIRE result body, not an appended hint, so there is no unfenced prose for
+// the model to read as conversation.
+//
+// The echoed sent text is load-bearing (the bot has no other view of what it
+// just said — the inbound path drops self-authored messages — so without it a
+// split reply re-sends near-duplicates). But that text is the model's OWN
+// words, which is uniquely seductive to "reply" to: a persona-rich model
+// (Kimi K2 on the GitHub channel, PR #481) read its own delivered prose as a
+// fresh user turn and answered it ("you're welcome!", "aww thanks!") until the
+// per-turn send cap. The weak `[system: tool result...]` prefix did not stop
+// the misread; the full fence — bracketed marker, horizontal-rule fences,
+// explicit "Do not reply" closer — has months of production track record
+// against Kimi (it already wraps the consecutive-send and thread-mismatch
+// hints). Reusing the exact same shape extends that protection to the echo.
+export function fenceToolResult(receipt: string): string {
+  return (
+    '---\n' +
+    '**[SYSTEM MESSAGE — not from a human]**\n\n' +
+    receipt +
+    '\n\nThe text above is your OWN already-delivered message, echoed back so ' +
+    'you can see what you sent — it is NOT a new message from anyone in the ' +
+    'chat. **Do not acknowledge or reply to it.**\n' +
+    '---'
+  )
+}

package/src/agent/tools/webfetch/tool.ts

@@ -24,6 +24,7 @@ export const webfetchTool = defineTool({
   description:
     'Fetch a single HTTP(S) URL and return the body, optionally compacted by a strategy. ' +
     'Use this when the user references a specific URL or when websearch surfaced a result you need to read in full. ' +
+    'If `spawn_subagent` is available to you, PREFER delegating to the `scout` subagent by default: spawn it whenever you expect more than one fetch, an "across multiple sources" task, or any search-then-fetch loop. Scout runs the noisy fetching in its own context window and returns a distilled, citation-backed answer, keeping bulky page bodies out of yours. Only call this tool directly for a single known URL whose content you will cite immediately — or whenever you cannot spawn subagents (e.g. you are yourself a subagent), in which case fetch here. ' +
     'Outbound requests impersonate Chrome 136 at the TLS, HTTP/2, and header layers ' +
     '(via curl-impersonate), which helps with TLS/header fingerprint gates on sites behind Cloudflare/Akamai. ' +
     'It does NOT solve JavaScript challenges, behavioural fingerprinting (mouse/scroll/timing), interactive CAPTCHAs, ' +

package/src/agent/tools/websearch.ts

@@ -20,7 +20,8 @@ export const websearchTool = defineTool({
   name: 'websearch',
   label: 'Web Search',
   description:
-    'Search the public web. Returns a ranked list of {title, url, snippet} entries. Use `source: "wikipedia"` for encyclopedic lookups; otherwise default to general web results from DuckDuckGo. Pair this with the `read` tool by visiting URLs you find with `bash` (curl) when you need full page contents.',
+    'Search the public web. Returns a ranked list of {title, url, snippet} entries. Use `source: "wikipedia"` for encyclopedic lookups; otherwise default to general web results from DuckDuckGo. Pair this with the `read` tool by visiting URLs you find with `bash` (curl) when you need full page contents.\n' +
+    'If `spawn_subagent` is available to you, PREFER delegating to the `scout` subagent by default: spawn it whenever the research is non-trivial (more than 1-2 queries, any "across multiple sources" framing, or follow-up fetches of the results). Scout runs `websearch`/`webfetch` in its own context window and returns a distilled, citation-backed answer, so the search churn never pollutes yours. Only call this tool directly for a single query whose top result you will cite immediately — or whenever you cannot spawn subagents (e.g. you are yourself a subagent), in which case run the searches here.',
   parameters: Type.Object({
     query: Type.String({ description: 'The search query.' }),
     limit: Type.Optional(

package/src/channels/router.ts

@@ -117,6 +117,18 @@ export const MAX_CHANNEL_SENDS_PER_TURN = 10
 // same-tick duplicate/cap denials) is never mistaken for a loop. Reset at turn
 // start alongside `turnSeq`.
 export const MAX_POLICY_DENIED_CHANNEL_SENDS_PER_TURN = 3
+// Per-request output-token cap for channel sessions, threaded into the agent's
+// stream options to override pi-ai's silent `Math.min(model.maxTokens, 32000)`
+// default (`buildBaseOptions` in @mariozechner/pi-ai). Without it, Fireworks'
+// kimi-k2p6-turbo — which degenerates into single-token repetition on the
+// post-tool follow-up turn — runs the full 32000 tokens (~116s of garbage that
+// never produces a reply) before `stopReason: 'length'`. The terminal-reply
+// hook below removes the turn that triggers this; the cap bounds any other path
+// that still reaches a channel LLM call. 4096 fits a thinking block plus a
+// nontrivial reply (healthy channel turns observed at ~317 output tokens
+// including reasoning). Deliberately NOT lowered in `providers.ts`, where
+// `maxTokens` is the model's true capability that compaction math reads.
+export const CHANNEL_MAX_OUTPUT_TOKENS = 4096
 // Rolling window for outbound send-rate telemetry. 5s matches Discord's
 // rate-limit shape (5 msg / 5 s / channel) and comfortably covers Slack's
 // 1 msg/s sustained. The window is observational; exceeding the burst
@@ -1059,6 +1071,8 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
         logger.error(`[channels] ${live.keyId}: LLM call failed: ${err.message}`)
       })
       live.unsubTypingActivity = subscribeTypingActivity(created.session, live)
+      installChannelReplyTerminalHook(live)
+      installChannelOutputCap(live)
       liveSessions.set(keyId, live)
 
       if (isColdStart) {
@@ -1216,6 +1230,60 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
     })
   }
 
+  // After a successful `channel_reply`, the model has delivered its user-facing
+  // response and the turn is semantically done. pi-agent-core's loop, however,
+  // unconditionally makes one more LLM call after any tool result (the
+  // "post-tool follow-up") to let multi-step tool chains continue. On a turn
+  // that ended with `channel_reply` there is nothing left to say, and Fireworks'
+  // kimi-k2p6-turbo degenerates that empty follow-up into a 32000-token
+  // repetition loop (see CHANNEL_MAX_OUTPUT_TOKENS). Aborting the run's signal
+  // from `afterToolCall` — which runs during tool execution, before the loop
+  // re-enters the LLM stream — makes the follow-up stream observe an already-
+  // aborted signal and return `stopReason: 'aborted'` without generating. This
+  // is the same `agent.abort()` lever the policy-denied-send cap uses; the
+  // tool's own result is already persisted, so the reply still lands.
+  //
+  // Scope is deliberately narrow: only `channel_reply` (the current-chat user-
+  // facing response), only on success, and only for channel sessions. Read-only
+  // tools and `channel_send` must keep the follow-up so genuine multi-step turns
+  // continue. A prior non-typeclaw `afterToolCall` (none today) would be
+  // composed, not clobbered.
+  //
+  // `channel_reply({ continue: true })` is the explicit opt-out: a mid-turn
+  // status reply ("working on it…") that the model follows with more work this
+  // turn. The tool surfaces that intent as `details.continue === true`, and we
+  // keep the follow-up so the turn proceeds. The kimi 32k loop only recurs when
+  // the model genuinely has nothing left to say after a reply, which `continue`
+  // asserts is not the case; Layer 2's maxTokens cap still bounds any misuse.
+  const installChannelReplyTerminalHook = (live: LiveSession): void => {
+    const { agent } = live.session
+    const prior = agent.afterToolCall
+    agent.afterToolCall = async (context, signal) => {
+      const result = prior ? await prior(context, signal) : undefined
+      const details = context.result.details as { ok?: unknown; continue?: unknown } | undefined
+      const succeeded = context.toolCall.name === 'channel_reply' && !context.isError && details?.ok === true
+      const keepTurnAlive = details?.continue === true
+      if (succeeded && !keepTurnAlive && agent.signal?.aborted !== true) {
+        logger.info(`[channels] ${live.keyId} terminal_after_channel_reply`)
+        agent.abort()
+      }
+      return result
+    }
+  }
+
+  // Override pi-ai's hidden `Math.min(model.maxTokens, 32000)` output cap for
+  // channel sessions by threading an explicit `maxTokens` into every stream
+  // call. See CHANNEL_MAX_OUTPUT_TOKENS for why. Composes the existing streamFn
+  // (pi's default `streamSimple` unless a proxy was installed) and only fills
+  // `maxTokens` when the caller left it unset, so an explicit per-call value
+  // still wins.
+  const installChannelOutputCap = (live: LiveSession): void => {
+    const { agent } = live.session
+    const inner = agent.streamFn
+    agent.streamFn = (model, context, options) =>
+      inner(model, context, { ...options, maxTokens: options?.maxTokens ?? CHANNEL_MAX_OUTPUT_TOKENS })
+  }
+
   const startTypingHeartbeat = (live: LiveSession): void => {
     if (live.typingTimedOut || live.typingStopPromise) return
     if (live.destroyed) return
@@ -1461,13 +1529,21 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
     }, wait)
   }
 
-  const publishInbound = (event: InboundMessage, decision: 'engage' | 'observe' | 'denied' | 'claim'): void => {
+  const publishInbound = (
+    event: InboundMessage,
+    decision: 'engage' | 'observe' | 'denied' | 'claim',
+    // Undefined before a session exists (denied/claim intercepts). Carried so a
+    // session-scoped `typeclaw inspect` only sees its own session's inbounds —
+    // the broadcast otherwise fans out to every inspect client.
+    sessionId?: string,
+  ): void => {
     if (stream === undefined) return
     try {
       stream.publish({
         target: { kind: 'broadcast' },
         payload: {
           kind: 'channel-inbound',
+          ...(sessionId !== undefined ? { sessionId } : {}),
           adapter: event.adapter,
           workspace: event.workspace,
           chat: event.chat,
@@ -1604,7 +1680,7 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
     })
 
     if (decision === 'observe') {
-      publishInbound(event, 'observe')
+      publishInbound(event, 'observe', live.sessionId)
       // Log every observe so an unanswered mention is diagnosable from logs
       // alone instead of "routed but no prompting" silence. The bracketed
       // shape mirrors `prompting batch=` so log scraping can pair them.
@@ -1613,7 +1689,7 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
       return
     }
 
-    publishInbound(event, 'engage')
+    publishInbound(event, 'engage', live.sessionId)
 
     updateLoopGuard(live, event)
 

package/src/cli/inspect.ts

@@ -49,31 +49,35 @@ export const inspectCommand = defineCommand({
     const escListener = isJson ? null : createEscListener()
     const liveHint = escListener === null ? undefined : escHintLine(color)
 
-    const result = await runInspectLoop({
-      agentDir: cwd,
-      ...(sessionArg !== undefined ? { sessionIdOrPrefix: sessionArg } : {}),
-      ...(filterArg !== undefined ? { filter: filterArg } : {}),
-      ...(sinceArg !== undefined ? { since: sinceArg } : {}),
-      json: isJson,
-      color,
-      selectSession: (sessions, selectOpts) => {
-        escListener?.pause()
-        return clackSelect(sessions, selectOpts?.initialSessionId).finally(() => {
-          escListener?.resume()
-        })
-      },
-      ...(liveSource !== undefined ? { liveSource } : {}),
-      signal,
-      newEscSignal: () => {
-        if (escListener === null) return new AbortController().signal
-        return escListener.armForStream()
-      },
-      ...(liveHint !== undefined ? { liveHint } : {}),
-      stdout: (line) => process.stdout.write(`${line}\n`),
-      stderr: (line) => process.stderr.write(`${line}\n`),
-    })
-
-    escListener?.stop()
+    // try/finally so a thrown loop never leaves the terminal stuck in raw mode.
+    let result: Awaited<ReturnType<typeof runInspectLoop>>
+    try {
+      result = await runInspectLoop({
+        agentDir: cwd,
+        ...(sessionArg !== undefined ? { sessionIdOrPrefix: sessionArg } : {}),
+        ...(filterArg !== undefined ? { filter: filterArg } : {}),
+        ...(sinceArg !== undefined ? { since: sinceArg } : {}),
+        json: isJson,
+        color,
+        selectSession: (sessions, selectOpts) => {
+          escListener?.pause()
+          return clackSelect(sessions, selectOpts?.initialSessionId).finally(() => {
+            escListener?.resume()
+          })
+        },
+        ...(liveSource !== undefined ? { liveSource } : {}),
+        signal,
+        newEscSignal: () => {
+          if (escListener === null) return new AbortController().signal
+          return escListener.armForStream()
+        },
+        ...(liveHint !== undefined ? { liveHint } : {}),
+        stdout: (line) => process.stdout.write(`${line}\n`),
+        stderr: (line) => process.stderr.write(`${line}\n`),
+      })
+    } finally {
+      escListener?.stop()
+    }
 
     if (!result.ok) {
       process.stderr.write(`${errorLine(result.reason)}\n`)

package/src/inspect/live.ts

@@ -63,9 +63,17 @@ export async function* streamLive(opts: StreamLiveOptions): AsyncGenerator<Inspe
     }
   })
 
-  const onOpen = new Promise<void>((resolve, reject) => {
-    ws.addEventListener('open', () => resolve(), { once: true })
+  // Settle on open OR on any terminal condition (error/close/abort). Resolving
+  // false here is what unblocks the connect gate when esc aborts mid-connect —
+  // otherwise `await onOpen` would hang forever and freeze the inspect CLI.
+  const onOpen = new Promise<boolean>((resolve, reject) => {
+    ws.addEventListener('open', () => resolve(true), { once: true })
     ws.addEventListener('error', () => reject(new Error('websocket connection failed')), { once: true })
+    ws.addEventListener('close', () => resolve(false), { once: true })
+    if (opts.signal !== undefined) {
+      if (opts.signal.aborted) resolve(false)
+      else opts.signal.addEventListener('abort', () => resolve(false), { once: true })
+    }
   })
   ws.addEventListener('close', () => {
     closed = true
@@ -96,12 +104,14 @@ export async function* streamLive(opts: StreamLiveOptions): AsyncGenerator<Inspe
     }
   }
 
+  let opened: boolean
   try {
-    await onOpen
+    opened = await onOpen
   } catch (err) {
     closed = true
     throw err
   }
+  if (!opened || closed || opts.signal?.aborted === true) return
 
   const subscribe: InspectClientMessage = {
     type: 'subscribe',

package/src/server/index.ts

@@ -1121,7 +1121,9 @@ function handleInspectMessage(
 
   if (stream !== undefined && typeof msg.sinceMs === 'number') {
     for (const event of stream.scan({ sinceTs: msg.sinceMs, target: { kind: 'broadcast' } })) {
-      sendInspect(ws, { type: 'frame', ts: event.ts, payload: broadcastEventToFrame(event) })
+      const payload = broadcastEventToFrame(event)
+      if (!isFrameForWatchedSession(payload, msg.sessionId)) continue
+      sendInspect(ws, { type: 'frame', ts: event.ts, payload })
     }
     for (const event of stream.scan({ sinceTs: msg.sinceMs, target: { kind: 'cron' } })) {
       sendInspect(ws, {
@@ -1143,7 +1145,9 @@ function handleInspectMessage(
 
   if (stream !== undefined) {
     ws.data.unsubBroadcast = stream.subscribe({ target: { kind: 'broadcast' } }, (event) => {
-      sendInspect(ws, { type: 'frame', ts: event.ts, payload: broadcastEventToFrame(event) })
+      const payload = broadcastEventToFrame(event)
+      if (!isFrameForWatchedSession(payload, msg.sessionId)) return
+      sendInspect(ws, { type: 'frame', ts: event.ts, payload })
     })
     ws.data.unsubCron = stream.subscribe({ target: { kind: 'cron' } }, (event) => {
       sendInspect(ws, {
@@ -1171,6 +1175,15 @@ function broadcastEventToFrame(event: StreamMessage): InspectFramePayload {
   }
 }
 
+// Channel inbounds are published as global broadcasts, so every inspect client
+// receives every session's inbounds. Drop the ones that don't belong to the
+// session being watched. Non-inbound broadcasts (subagent completions, cron,
+// tunnels) stay global — they carry no session identity here.
+function isFrameForWatchedSession(payload: InspectFramePayload, watchedSessionId: string): boolean {
+  if (payload.kind !== 'channel_inbound') return true
+  return payload.sessionId === watchedSessionId
+}
+
 function readChannelInboundBroadcast(payload: unknown): InspectFramePayload | null {
   if (typeof payload !== 'object' || payload === null) return null
   const p = payload as Record<string, unknown>
@@ -1191,6 +1204,7 @@ function readChannelInboundBroadcast(payload: unknown): InspectFramePayload | nu
   if (decision !== 'engage' && decision !== 'observe' && decision !== 'denied' && decision !== 'claim') return null
   return {
     kind: 'channel_inbound',
+    ...(typeof p.sessionId === 'string' ? { sessionId: p.sessionId } : {}),
     adapter: p.adapter,
     workspace: p.workspace,
     chat: p.chat,

package/src/shared/index.ts

@@ -24,10 +24,4 @@ export {
   type TunnelSnapshot,
 } from './protocol'
 
-export {
-  formatLocalDate,
-  formatLocalDateTime,
-  formatLocalWeekday,
-  type LocalWeekday,
-  resolveLocalTimezoneName,
-} from './local-time'
+export { formatLocalDate, formatLocalDateTime, formatLocalWeekday, resolveLocalTimezoneName } from './local-time'

package/src/shared/local-time.ts

@@ -37,34 +37,26 @@ export function resolveLocalTimezoneName(): string {
   }
 }
 
-// English + Korean weekday name pair for a given Date. The per-turn time
-// anchor renders both so the model has the answer to "what day is it"
-// without computing weekday-from-ISO-date — a step LLMs get wrong often
-// enough to matter, especially when answering in a non-English language.
-// Pre-computing in both candidate reply languages removes the arithmetic
-// step entirely instead of trusting the model to do it correctly each
-// turn.
+// English weekday name for a given Date. The per-turn time anchor renders
+// it so the model has the answer to "what day is it" without computing
+// weekday-from-ISO-date — a step LLMs get wrong often enough to matter.
+// Pre-computing the weekday removes the arithmetic step entirely instead
+// of trusting the model to do it correctly each turn. English only:
+// TypeClaw's users are global, so a single canonical language keeps the
+// anchor compact and lets each agent's SOUL.md decide its reply language.
 //
-// Uses Intl.DateTimeFormat with explicit locales. No `timeZone` option:
+// Uses Intl.DateTimeFormat with an explicit locale. No `timeZone` option:
 // the container's local clock is already host-local (the entrypoint
 // propagates TZ via `-e TZ=<host-tz>`), so the runtime's default zone is
-// the one the user sees. Both locales fall back to the hand-rolled
-// 7-entry lookup if Intl throws (no-tzdata, locked-down sandbox) — the
-// fallback names stay readable and never make the prefix empty.
+// the one the user sees. Falls back to the hand-rolled 7-entry lookup if
+// Intl throws (no-tzdata, locked-down sandbox) — the fallback names stay
+// readable and never make the prefix empty.
 const WEEKDAYS_EN = ['Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday'] as const
-const WEEKDAYS_KO = ['일요일', '월요일', '화요일', '수요일', '목요일', '금요일', '토요일'] as const
 
-export type LocalWeekday = { en: string; ko: string }
-
-export function formatLocalWeekday(date: Date = new Date()): LocalWeekday {
-  const dow = date.getDay()
-  const fallback: LocalWeekday = { en: WEEKDAYS_EN[dow]!, ko: WEEKDAYS_KO[dow]! }
+export function formatLocalWeekday(date: Date = new Date()): string {
   try {
-    return {
-      en: new Intl.DateTimeFormat('en-US', { weekday: 'long' }).format(date),
-      ko: new Intl.DateTimeFormat('ko-KR', { weekday: 'long' }).format(date),
-    }
+    return new Intl.DateTimeFormat('en-US', { weekday: 'long' }).format(date)
   } catch {
-    return fallback
+    return WEEKDAYS_EN[date.getDay()]!
   }
 }

package/src/shared/protocol.ts

@@ -101,6 +101,10 @@ export type InspectFramePayload =
   // text — no batching, no compose-prompt wrapping.
   | {
       kind: 'channel_inbound'
+      // Channel session this inbound belongs to. Absent for denied/claim
+      // intercepts that fire before a session exists. The inspect server drops
+      // frames whose sessionId does not match the watched session.
+      sessionId?: string
       adapter: string
       workspace: string
       chat: string

package/src/skills/typeclaw-channel-github/SKILL.md

@@ -9,6 +9,10 @@ GitHub renders normal Markdown in issues, PRs, discussions, and review comments.
 - There is no typing indicator.
 - For PR review threads, keep `thread` set to reply in-place. Omit `thread` for a top-level PR/issue comment.
 
+## Mid-turn status replies need `continue: true`
+
+A successful `channel_reply` ends your turn by default — the runtime stops the model right after the reply lands. That is correct for a final answer, but it will **silently truncate** a turn that still has work to do. If you post a status line like "Reviewing now, I'll be back with findings" and then expect to keep working (fetch the diff, spawn the reviewer, post the review) in the **same** turn, you must call `channel_reply({ text: "…", continue: true })`. Without `continue: true`, the turn ends at that status reply and the review never runs. Reserve `continue: true` for genuine multi-step turns; the final reply that wraps up the turn omits it.
+
 ## Opening new issues and PRs
 
 The `gh` CLI is pre-authenticated via `GH_TOKEN` (injected by the adapter at startup). Use it to open new issues or PRs:
@@ -39,6 +43,8 @@ Why delegate: the `reviewer` subagent runs on the `deep` model profile, loads a
 
 2. **Spawn the `reviewer` subagent with the PR target.** Use `run_in_background: true` so you stay responsive while the deep model works. Pass the PR URL (or `owner/repo#N`) plus any context the requester gave you (focus areas, specific files, etc.) so the reviewer knows what the requester cares about.
 
+   If you post an "on it" acknowledgement before fetching the diff or spawning the reviewer, it **must** be `channel_reply({ text: "…", continue: true })` — a bare reply ends the turn and the review never starts (see "Mid-turn status replies need `continue: true`" above).
+
    The reviewer will fetch the diff itself (`gh pr diff`, `gh api /repos/.../pulls/<n>`), load the matching skill (`code-review` for a code PR; `general` for a mixed-format change), and return a `<review>` block.
 
 3. **Wait for the completion `<system-reminder>`,** then call `subagent_output({ task_id })` to read the reviewer's final assistant message. The structured payload looks like: