typeclaw 0.27.0 → 0.28.1

package/src/secrets/index.ts

@@ -6,8 +6,6 @@ export { type Secret } from './resolve'
 
 export { hydrateChannelEnvFromSecrets } from './hydrate'
 
-export { migrateKakaotalkCredentials } from './migrate-kakaotalk'
-
 export {
   type ExportCodexAuthFileResult,
   exportCodexAuthFileForAgent,

package/src/secrets/schema.ts

@@ -1,7 +1,6 @@
 import { z } from 'zod'
 
-import { CHANNEL_ENV_TO_FIELD } from './defaults'
-import { secretFieldSchema, type Secret } from './resolve'
+import { secretFieldSchema } from './resolve'
 
 // providers.<id> for api-key credentials: the `key` field is a Secret (string
 // shorthand or `{ value?, env? }` object). resolveSecret turns this into a
@@ -115,9 +114,7 @@ export const channelsSchema = z
   .catchall(z.unknown())
 
 // version 2 = providers.* with Secret-typed api-key.key + per-adapter
-// channel field shapes. version 1 = the previous shape (flat `llm.*`, channel
-// slots keyed by env-var name). Legacy v1 input is upgraded transparently by
-// parseSecretsFile; the first write persists v2.
+// channel field shapes.
 export const SECRETS_FILE_VERSION = 2
 
 export const secretsFileSchema = z.object({
@@ -140,98 +137,15 @@ export type SecretsFile = z.infer<typeof secretsFileSchema>
 
 export type ParseSecretsResult = { ok: true; file: SecretsFile } | { ok: false; reason: string }
 
-// parseSecretsFile recognises three shapes, in priority order:
-//   1. The v2 envelope (current): { version: 2, providers, channels }
-//   2. The v1 envelope (legacy): { version: 1, llm, channels } where channel
-//      slots are keyed by env-var name. Both `llm` and `channels` get
-//      reshaped — llm -> providers, env-keyed channel slots -> field-keyed.
-//   3. The pre-envelope flat shape (very legacy): Record<string, AuthCredential>
-//      at top level. Treated as { version: 2, providers: <flat>, channels: {} }
-//      so existing OAuth users transparently upgrade.
-//
-// Every legacy upgrade produces a v2-shaped SecretsFile in memory; the next
-// write persists v2 to disk. The legacy branches stay forever as a quiet
-// compatibility seam — only the v2 form is documented.
+// parseSecretsFile accepts only the current v2 envelope:
+// { version: 2, providers, channels }.
 export function parseSecretsFile(raw: unknown): ParseSecretsResult {
   const v2 = secretsFileSchema.safeParse(raw)
   if (v2.success) return { ok: true, file: v2.data }
 
-  const v1 = legacyV1Schema.safeParse(raw)
-  if (v1.success) return { ok: true, file: upgradeV1ToV2(v1.data) }
-
-  const flat = legacyFlatProviderSchema.safeParse(raw)
-  if (flat.success) {
-    return { ok: true, file: upgradeV1ToV2({ version: 1, llm: flat.data, channels: {} }) }
-  }
-
   return { ok: false, reason: v2.error.issues.map(formatIssue).join('; ') }
 }
 
-// Legacy v1 schema: `llm` (flat string-key) and `channels` (env-var-keyed
-// flat map per adapter). Used only for upgrade reads; never written.
-const legacyV1ApiKeySchema = z.object({
-  type: z.literal('api_key'),
-  key: z.string().min(1),
-})
-
-const legacyV1OAuthSchema = z
-  .object({
-    type: z.literal('oauth'),
-  })
-  .catchall(z.unknown())
-
-const legacyV1CredentialSchema = z.discriminatedUnion('type', [legacyV1ApiKeySchema, legacyV1OAuthSchema])
-
-const legacyV1LlmSchema = z.record(z.string(), legacyV1CredentialSchema)
-
-const legacyV1ChannelsSchema = z.record(z.string(), z.record(z.string(), z.string()))
-
-const legacyV1Schema = z.object({
-  $schema: z.string().optional(),
-  version: z.literal(1),
-  llm: legacyV1LlmSchema.default({}),
-  channels: legacyV1ChannelsSchema.default({}),
-})
-
-const legacyFlatProviderSchema = z.record(z.string(), legacyV1CredentialSchema)
-
-function upgradeV1ToV2(legacy: z.infer<typeof legacyV1Schema>): SecretsFile {
-  const providers: Providers = {}
-  for (const [providerId, cred] of Object.entries(legacy.llm)) {
-    if (cred.type === 'api_key') {
-      providers[providerId] = { type: 'api_key', key: { value: cred.key } }
-    } else {
-      providers[providerId] = cred
-    }
-  }
-
-  const channels: Channels = {}
-  for (const [adapterId, envKeyedSlot] of Object.entries(legacy.channels)) {
-    const upgradedSlot: Record<string, Secret> = {}
-    for (const [envKey, value] of Object.entries(envKeyedSlot)) {
-      const mapping = CHANNEL_ENV_TO_FIELD[envKey]
-      if (mapping && mapping.adapterId === adapterId) {
-        upgradedSlot[mapping.fieldName] = { value }
-      } else {
-        // Unknown env-var-name key on a known adapter, or an adapter we don't
-        // recognise: pass through verbatim under the original key. Better to
-        // preserve user data than drop it; the catchall on channelsSchema
-        // makes this safe.
-        upgradedSlot[envKey] = { value }
-      }
-    }
-    channels[adapterId] = upgradedSlot
-  }
-
-  const result: SecretsFile = {
-    version: SECRETS_FILE_VERSION,
-    providers,
-    channels,
-  }
-  if (legacy.$schema !== undefined) result.$schema = legacy.$schema
-  return result
-}
-
 function formatIssue(issue: { path: PropertyKey[]; message: string }): string {
   const path = issue.path.length > 0 ? issue.path.map(String).join('.') : '<root>'
   return `${path}: ${issue.message}`

package/src/secrets/storage.ts

@@ -9,7 +9,6 @@ import {
 import lockfile from 'proper-lockfile'
 
 import { providerKeyDefaultEnv } from './defaults'
-import { migrateLegacyAuthJson } from './migrate'
 import { resolveSecret, type Secret } from './resolve'
 import {
   type Channels,
@@ -375,7 +374,6 @@ export class SecretsBackend implements AuthStorageBackend {
 }
 
 export function createSecretsStoreForAgent(secretsPath: string): AuthStorage {
-  migrateLegacyAuthJson(dirname(secretsPath))
   return AuthStorageImpl.fromStorage(new SecretsBackend(secretsPath))
 }
 

package/src/server/index.ts

@@ -199,8 +199,18 @@ export function safeWsSend(ws: { send: (data: string) => void }, msg: ServerMess
   }
 }
 
+const TIMESTAMPED_SERVER_MESSAGES: ReadonlySet<ServerMessage['type']> = new Set([
+  'text_delta',
+  'tool_start',
+  'tool_end',
+  'done',
+  'error',
+  'prompt_started',
+])
+
 function send(ws: Ws, msg: ServerMessage): boolean {
-  return safeWsSend(ws, msg)
+  const stamped = TIMESTAMPED_SERVER_MESSAGES.has(msg.type) ? { ...msg, ts: Date.now() } : msg
+  return safeWsSend(ws, stamped)
 }
 
 function sendTunnelLog(ws: TunnelLogsWs, msg: TunnelLogsServerMessage): boolean {
@@ -1181,10 +1191,6 @@ async function handleCronList(
     // jobs from a newer registry.
     const snapshot = pluginRuntime?.get()
     const loadResult = await loadCron(agentDir, {
-      // Read-only path: do not rewrite cron.json or commit the
-      // migration just because the user (or the agent) asked to see
-      // the schedule. Boot/reload still own the persistent migration.
-      persistMigrations: false,
       ...(snapshot !== undefined ? { subagents: snapshot.subagents } : {}),
     })
     if (!loadResult.ok) {

package/src/shared/protocol.ts

@@ -202,22 +202,34 @@ export type ClaimErrorPayload = {
   reason: string
 }
 
+// `ts` (ms since epoch) is the server send time, stamped centrally in `send()`,
+// for the variants the TUI renders into scrollback. Optional on the wire so an
+// old CLI parses a new server's frames; control frames the TUI never timestamps
+// (queue_state, doctor, tunnel, claim, command_*) omit it by design.
 export type ServerMessage =
   // serverVersion is optional so an old CLI talking to a new server still
   // parses cleanly. The server impl always emits it; consumers that care
   // about host/agent skew (the TUI command in particular) read it to warn
   // the user when their CLI is on a different version than the container.
   | { type: 'connected'; sessionId: string; serverVersion?: string }
-  | { type: 'text_delta'; delta: string }
-  | { type: 'tool_start'; toolCallId: string; name: string; args: unknown }
-  | { type: 'tool_end'; toolCallId: string; name: string; error: boolean; result: unknown; durationMs: number }
-  | { type: 'done' }
-  | { type: 'error'; message: string }
+  | { type: 'text_delta'; delta: string; ts?: number }
+  | { type: 'tool_start'; toolCallId: string; name: string; args: unknown; ts?: number }
+  | {
+      type: 'tool_end'
+      toolCallId: string
+      name: string
+      error: boolean
+      result: unknown
+      durationMs: number
+      ts?: number
+    }
+  | { type: 'done'; ts?: number }
+  | { type: 'error'; message: string; ts?: number }
   | { type: 'reload_result'; results: ReloadResultPayload[] }
   | { type: 'restart_result'; status: 'accepted' | 'failed'; message?: string; error?: string }
   | { type: 'notification'; payload: unknown; replyTo?: string; meta?: Record<string, string> }
   | { type: 'queue_state'; pending: QueueStateItem[] }
-  | { type: 'prompt_started'; messageId: string; text: string }
+  | { type: 'prompt_started'; messageId: string; text: string; ts?: number }
   | { type: 'doctor_result'; requestId: DoctorRequestId; checks: DoctorCheckPayload[] }
   | { type: 'doctor_fix_result'; requestId: DoctorRequestId; result: DoctorFixPayload }
   | { type: 'cron_list_result'; requestId: CronListRequestId; result: CronListResultPayload }

package/src/skills/typeclaw-config/SKILL.md

@@ -54,7 +54,7 @@ You yourself cannot run `typeclaw restart` — that is a host-stage command and
 
 > **Top-level keys not in this table are not "ignored unknowns" anymore** — they are reserved for **plugin config blocks**. The schema's `catchall(z.unknown())` preserves them, and the plugin loader hands each block to its owning plugin's `configSchema` for validation. The bundled memory plugin owns `memory` at the top level — see the `typeclaw-memory` skill for that block's semantics. Do not write a top-level key unless you know which plugin owns it.
 
-Within the well-known ten (`$schema`, `port`, `models`, `mounts`, `plugins`, `alias`, `channels`, `portForward`, `docker`, `git`), **fields the schema doesn't predeclare are silently dropped**. Legacy top-level `dockerfile` and `gitignore` keys are migrated to `docker.file` / `git.ignore` automatically the first time the CLI loads the file — see **Legacy migration** below. Do not invent runtime fields like `provider`, `apiKey`, `temperature`, `maxTokens`, `systemPrompt`, `tools`, `timeout`, etc. — those are not plugin blocks, they are imaginary. If the user asks for one, say it is not yet supported and (if it makes sense) suggest they file a request.
+Within the well-known ten (`$schema`, `port`, `models`, `mounts`, `plugins`, `alias`, `channels`, `portForward`, `docker`, `git`), **fields the schema doesn't predeclare are silently dropped**. Legacy top-level `dockerfile` and `gitignore` keys are no longer migrated — use `docker.file` and `git.ignore` directly (the legacy keys are silently ignored). Do not invent runtime fields like `provider`, `apiKey`, `temperature`, `maxTokens`, `systemPrompt`, `tools`, `timeout`, etc. — those are not plugin blocks, they are imaginary. If the user asks for one, say it is not yet supported and (if it makes sense) suggest they file a request.
 
 A scaffolded `typeclaw.json` looks like:
 
@@ -436,7 +436,7 @@ The toggle-driven apt install benefits from BuildKit `--mount=type=cache` on `/v
 
 `typeclaw start` rewrites the agent folder's `.gitignore` from a template baked into the typeclaw CLI on **every** invocation, then auto-commits it when the agent folder is a git repo and the file changed. The template protects two categories: truly-ignored paths (`secrets.json`, `.env`, `.env.local`, `auth.json`, `node_modules/`, `workspace/`, `mounts/`, `channels/`, `Dockerfile`, `.DS_Store`) and system-managed runtime state (`sessions/`, `memory/`) that TypeClaw, not the agent, commits on its own schedule. Editing `.gitignore` by hand is temporary; the next `typeclaw start` overwrites it.
 
-The `git.ignore.append` field (introduced when the legacy top-level `gitignore` key was nested under the `git` namespace for future extensibility — see **Legacy migration**) is the supported escape hatch for additional local ignore patterns. It is an array of strings, each treated as a single `.gitignore` line. The CLI splices them into the autogenerated `.gitignore` before TypeClaw's protected rules, prefixed with a `# Custom entries from typeclaw.json#git.ignore.append.` comment.
+The `git.ignore.append` field is the supported escape hatch for additional local ignore patterns. It is an array of strings, each treated as a single `.gitignore` line. The CLI splices them into the autogenerated `.gitignore` before TypeClaw's protected rules, prefixed with a `# Custom entries from typeclaw.json#git.ignore.append.` comment.
 
 ### Field
 
@@ -487,19 +487,17 @@ channels/
 
 ## Legacy migration
 
-Pre-namespace `typeclaw.json` files carried `dockerfile` and `gitignore` as top-level keys. The current schema nests them under `docker.file` and `git.ignore` so the `docker` and `git` namespaces stay free for future siblings (`docker.compose`, `git.attributes`, etc.) without a second rename.
+The only migration step that still runs is dropping a seeded `channels.github.eventAllowlist` field — if present, it is removed and the file is rewritten with a descriptive commit subject.
 
-The first time `validateConfig` or `loadConfigSync` reads a legacy file:
+All other legacy shapes are no longer migrated:
 
-1. The in-memory JSON is rewritten: top-level `dockerfile` → `docker.file`, top-level `gitignore` → `git.ignore`.
-2. The same rewrite is persisted back to `typeclaw.json` on disk (pretty-printed, trailing newline). Best-effort: a read-only filesystem just retries next start.
-3. If the file already has a `docker` or `git` block AND the legacy key, the new shape wins — the legacy duplicate is dropped silently. The new shape would have shadowed the legacy at parse time anyway.
+- **Top-level `dockerfile` and `gitignore` keys** are silently ignored on parse. Use `docker.file` and `git.ignore` directly. If a file still carries these keys, update it by hand.
+- **`channels.<adapter>.allow[]`** is silently ignored on parse and NOT translated to `roles.member.match[]`. Define `roles.member.match[]` directly.
 
 What this means for you:
 
-- **Do not write top-level `dockerfile` or `gitignore` keys** when editing `typeclaw.json`. They'll be migrated away on the next CLI invocation; meanwhile the file is briefly in an inconsistent shape.
+- **Do not write top-level `dockerfile` or `gitignore` keys** when editing `typeclaw.json`. They are ignored; the intended fields are `docker.file` and `git.ignore`.
 - **Old documentation or examples that still mention `typeclaw.json#dockerfile.append` are stale.** The current path is `typeclaw.json#docker.file.append`. Same for `git.ignore.append`.
-- **An auto-commit may appear** the next time `typeclaw start` runs against a freshly-migrated agent folder. The diff is mechanical (top-level rename → nested) — surface it to the user as a one-time migration, not a behavior change.
 
 ## Plugin config blocks
 
@@ -550,7 +548,7 @@ Do **not** edit `typeclaw.json` to a model the registry doesn't know, even if th
     - `slack-bot: { botToken: <Secret>, appToken: <Secret> }`
     - `telegram-bot: { token: <Secret> }`
 
-  (Pre-v2 agent folders carry the older `llm` slice and channel-env-var-keyed shape; they are upgraded transparently on first read. Pre-rename folders may even carry the file as `auth.json`; it is renamed to `secrets.json` on the next boot.)
+  (Only the `v2` envelope is accepted. Pre-v2 shapes and `auth.json` are no longer auto-upgraded — they are rejected with an error. `auth.json` stays gitignored as a safety net for old folders, but it is not read.)
 
 - **`./.env`** (env-var overrides): plain `KEY=value` lines, loaded by Docker via `--env-file` at container start. When set, an env var **wins** over the file value (see resolution rules below). Useful for CI, transient rotations, or any tooling outside typeclaw that reads from the environment. The canonical env-var names per provider:
   - `OPENAI_API_KEY` — for any `openai/...` model.
@@ -630,7 +628,7 @@ Never echo, log, or commit values from `secrets.json` or `.env`. Both are gitign
 - If `alias` is set: array of strings, each non-empty after trimming surrounding whitespace
 - If `channels.<adapter>.engagement.trigger` is set: array of `"mention"`, `"reply"`, `"dm"` (any subset, including empty)
 - If `channels.<adapter>.engagement.stickiness` is set: either the literal `"off"` or `{ "perReply": { "window": <int 1..86400000> } }`
-- `channels.<adapter>.allow` (legacy) is silently dropped on parse; `migrateLegacyConfigShape` lifts it into `roles.member.match` on load. See the `typeclaw-permissions` skill.
+- `channels.<adapter>.allow` (legacy) is silently ignored on parse and NOT translated to `roles.member.match`. Define `roles.member.match[]` directly. See the `typeclaw-permissions` skill.
 - If `portForward` is set: `allow` is either `"*"` or an array of integers (1–65535); `deny`, if present, is an array of integers and **only valid when `allow` is `"*"`** (the schema rejects `deny` paired with a number-array `allow`)
 - If `docker.file.append` is set: array of strings, each with no embedded `\n` or `\r` (multi-step shell logic goes in a single `&&`-chained `RUN` entry)
 - If any `docker.file` toggle is set: `tmux`/`gh`/`ffmpeg` are boolean or version string (no whitespace, no `=`); `python`, `cjkFonts`, `cloudflared`, `claudeCode`, and `codexCli` are boolean only

package/src/skills/typeclaw-permissions/SKILL.md

@@ -81,7 +81,7 @@ Things the DSL rejects (the parser emits actionable errors at boot, but you shou
 - `slack:*/*` — `*/*` is redundant; use `slack:*` for "any Slack chat".
 - `slack:*/C0ABCDE` — workspace-less chat ID is impossible; pick a workspace.
 - `slack:T0123/*` — workspace-only is enough; drop the trailing `/*`.
-- `team:T0123`, `guild:G123`, `tg:42` — these are legacy prefixes from the old `channels.<adapter>.allow[]` field. They are auto-migrated on load but **don't write them in new code** — use `slack:T0123`, `discord:G123`, `telegram:42` directly.
+- `team:T0123`, `guild:G123`, `tg:42` — these are legacy prefixes that are no longer supported. The parser rejects them with a hint to use the canonical form: `slack:T0123`, `discord:G123`, `telegram:42`.
 - `autor:U_ME` — typo of `author:`. The parser will suggest the fix at boot.
 
 ## Permission strings you will see

package/src/tui/format.ts

@@ -24,6 +24,19 @@ export function formatUserPromptHistory(text: string): string {
     .join('\n')
 }
 
+export function formatTimestamp(ts: number | undefined): string {
+  if (ts === undefined || ts === 0) return colors.dim('--:--:--')
+  const d = new Date(ts)
+  const hh = String(d.getHours()).padStart(2, '0')
+  const mm = String(d.getMinutes()).padStart(2, '0')
+  const ss = String(d.getSeconds()).padStart(2, '0')
+  return colors.dim(`${hh}:${mm}:${ss}`)
+}
+
+export function withTimestamp(ts: number | undefined, body: string): string {
+  return `${formatTimestamp(ts)} ${body}`
+}
+
 function stripHiddenBlocks(text: string): string {
   return text.replace(/<hatching>[\s\S]*?<\/hatching>\s*/g, '').trimStart()
 }

package/src/tui/index.ts

@@ -3,7 +3,14 @@ import { Editor, Key, Markdown, matchesKey, ProcessTerminal, type Terminal, Text
 import { parseCommand } from '@/commands'
 
 import { createClient as createClientDefault, type Client } from './client'
-import { formatQueuePanel, formatToolEnd, formatToolStart, formatUserPromptHistory } from './format'
+import {
+  formatQueuePanel,
+  formatTimestamp,
+  formatToolEnd,
+  formatToolStart,
+  formatUserPromptHistory,
+  withTimestamp,
+} from './format'
 import { colors, editorTheme, markdownTheme } from './theme'
 
 export type ClientFactory = (url: string) => Promise<Client>
@@ -173,8 +180,13 @@ export function createTui({
       onReplyDone = null
     }
 
-    const ensureAssistantBlock = (): Markdown => {
+    // A Markdown block can't carry an ANSI timestamp prefix (it'd be parsed as
+    // markdown), so the assistant turn's timestamp is a separate dim Text line
+    // emitted just above the block when it's first created — stamped with the
+    // first delta's server `ts`.
+    const ensureAssistantBlock = (ts: number | undefined): Markdown => {
       if (currentAssistant) return currentAssistant
+      appendHistory(new Text(formatTimestamp(ts), 0, 0))
       const md = new Markdown('', 0, 0, markdownTheme)
       currentAssistant = md
       currentAssistantText = ''
@@ -185,12 +197,12 @@ export function createTui({
     client.onMessage((msg) => {
       switch (msg.type) {
         case 'prompt_started': {
-          appendHistory(new Text(formatUserPromptHistory(msg.text), 0, 0))
+          appendHistory(new Text(withTimestamp(msg.ts, formatUserPromptHistory(msg.text)), 0, 0))
           tui.requestRender()
           break
         }
         case 'text_delta': {
-          const block = ensureAssistantBlock()
+          const block = ensureAssistantBlock(msg.ts)
           currentAssistantText += msg.delta
           block.setText(currentAssistantText)
           tui.requestRender()
@@ -198,13 +210,15 @@ export function createTui({
         }
         case 'tool_start': {
           sealAssistantBlock()
-          appendHistory(new Text(formatToolStart(msg.name, msg.args), 0, 0))
+          appendHistory(new Text(withTimestamp(msg.ts, formatToolStart(msg.name, msg.args)), 0, 0))
           tui.requestRender()
           break
         }
         case 'tool_end': {
           sealAssistantBlock()
-          appendHistory(new Text(formatToolEnd(msg.name, msg.error, msg.result, msg.durationMs), 0, 0))
+          appendHistory(
+            new Text(withTimestamp(msg.ts, formatToolEnd(msg.name, msg.error, msg.result, msg.durationMs)), 0, 0),
+          )
           tui.requestRender()
           break
         }
@@ -214,7 +228,7 @@ export function createTui({
           break
         }
         case 'error': {
-          appendHistory(new Text(colors.red(`error: ${msg.message}`), 0, 0))
+          appendHistory(new Text(withTimestamp(msg.ts, colors.red(`error: ${msg.message}`)), 0, 0))
           finishAssistantTurn()
           tui.requestRender()
           break

package/typeclaw.schema.json

@@ -532,6 +532,7 @@
                 "pull_request.ready_for_review",
                 "pull_request.review_requested",
                 "pull_request.review_request_removed",
+                "pull_request.synchronize",
                 "discussion.created",
                 "pull_request_review.submitted"
               ],

package/src/agent/tools/normalize-ref.ts

@@ -1,11 +0,0 @@
-export function normalizeRef(ref: string): string {
-  const trimmed = ref.trim()
-  // New classifiers store bare Slack file ids; legacy persisted refs (and
-  // anything still hitting the lookup path from older contextBuffer state)
-  // may carry the old prompt-visible `id=Fxxxx` prefix. Strip it here so
-  // both attachment-fetching tools route the same ref through the adapter
-  // callback — without this, `channel_fetch_attachment` would silently
-  // succeed on a legacy ref while `look_at_channel_attachment` would fail.
-  if (trimmed.startsWith('id=')) return trimmed.slice(3)
-  return trimmed
-}