typeclaw 0.36.7 → 0.37.0

package/src/bundled-plugins/agent-browser/index.ts

@@ -1,23 +1,20 @@
 import { join } from 'node:path'
 
 import { definePlugin } from '@/plugin'
-import { bindWithForward } from '@/portbroker'
+import { publishForwardRequest, subscribeForwardResult } from '@/portbroker'
 
-import { AGENT_BROWSER_DASHBOARD_PROXY_PORT, startDashboardProxy, type DashboardProxy } from './dashboard-proxy'
 import { installShim, KNOWN_BIN_PATHS, type InstallShimResult } from './shim-install'
 
 type SafeResult = InstallShimResult | { kind: 'error'; binPath: string; error: unknown }
 
 // Documented in skills/agent-browser/SKILL.md so the agent can discover which
-// port the proxy actually bound to (4848 + a 10-port fallback range). Moving
-// or renaming this path requires updating the skill in lockstep.
+// host port the reserved dashboard forward actually bound. Moving or renaming
+// this path requires updating the skill in lockstep.
 const PROXY_PORT_HINT_PATH = '/tmp/typeclaw-agent-browser-proxy-port'
-const PORT_CANDIDATE_RANGE = 10
-const BROKER_HANDSHAKE_DELAY_MS = 1_000
-const FORWARD_RESULT_TIMEOUT_MS = 10_000
+const DASHBOARD_TARGET_PORT = 4848
+const DASHBOARD_HOST_CANDIDATES = [4848, 4849, 4850, 4851, 4852, 4853, 4854, 4855, 4856, 4857] as const
 
-let activeProxy: DashboardProxy | null = null
-let bindingInFlight: Promise<void> | null = null
+let unsubscribeForwardResult: (() => void) | null = null
 
 export default definePlugin({
   plugin: async (ctx) => {
@@ -25,20 +22,7 @@ export default definePlugin({
       logInstallResult(ctx.logger, safeInstallShim(binPath))
     }
 
-    // Kick off the proxy bind in the background and let the plugin factory
-    // return immediately. Two reasons:
-    //   1. The container-side broker is created AFTER pluginsLoaded.markBooted()
-    //      runs (see src/run/index.ts). If we awaited bindWithForward here, we
-    //      would block the boot sequence past 20s of timeouts before the broker
-    //      even existed to send forward-result events.
-    //   2. The dashboard isn't typically used at boot — the user runs
-    //      `agent-browser dashboard start` later. The proxy has plenty of time
-    //      to settle before its first request.
-    if (activeProxy === null && bindingInFlight === null) {
-      bindingInFlight = bindProxyAfterBrokerSettles(ctx.logger).finally(() => {
-        bindingInFlight = null
-      })
-    }
+    requestDashboardForward(ctx.logger)
 
     return {
       skillsDirs: [join(import.meta.dir, 'skills')],
@@ -46,63 +30,35 @@ export default definePlugin({
   },
 })
 
-export function __resetProxyForTesting(): void {
-  activeProxy?.stop()
-  activeProxy = null
-  bindingInFlight = null
-}
-
-export function __waitForProxyBindForTesting(): Promise<void> {
-  return bindingInFlight ?? Promise.resolve()
+export function __resetForwardRequestForTesting(): void {
+  unsubscribeForwardResult?.()
+  unsubscribeForwardResult = null
 }
 
-async function bindProxyAfterBrokerSettles(logger: {
-  info: (msg: string) => void
-  warn: (msg: string) => void
-}): Promise<void> {
-  // Give the run-loop time to construct the container broker and let it
-  // complete its WS handshake with hostd. Without this the first candidate
-  // bind fires before the broker is ready, the bus never delivers a result,
-  // and we waste the full timeout × candidate-count budget tearing down
-  // every port in the range. The exact delay isn't load-bearing — anything
-  // longer than the broker's connect+hello round-trip works.
-  if (defaultBrokerEnabled()) {
-    await Bun.sleep(BROKER_HANDSHAKE_DELAY_MS)
+function requestDashboardForward(logger: { info: (msg: string) => void; warn: (msg: string) => void }): void {
+  if (!defaultBrokerEnabled()) {
+    recordProxyPort('TypeClaw dashboard forwarding unavailable: hostd broker is disabled.', logger)
+    return
   }
 
-  const config = readPortConfig()
-  const candidates = buildCandidatePorts(config.listenPort)
-  const upstreamOverride = config.upstreamPort
-
-  const result = await bindWithForward<DashboardProxy>({
-    candidates,
-    timeoutMs: FORWARD_RESULT_TIMEOUT_MS,
-    factory: (port) => {
-      try {
-        const proxy = startDashboardProxy({ listenPort: port, upstreamPort: upstreamOverride })
-        return Promise.resolve({ resource: proxy, close: () => proxy.stop() })
-      } catch (error) {
-        logger.warn(`bind ${port} failed: ${String(error)}`)
-        return Promise.resolve(null)
+  if (unsubscribeForwardResult === null) {
+    unsubscribeForwardResult = subscribeForwardResult((event) => {
+      if (event.port !== DASHBOARD_TARGET_PORT) return
+      if (event.ok) {
+        recordProxyPort(String(event.hostPort), logger)
+        logger.info(`agent-browser dashboard forward reserved on host:${event.hostPort}`)
+        return
       }
-    },
-    onLog: (msg) => logger.info(`[bind-with-forward] ${msg}`),
-  })
-
-  if (result === null) {
-    logger.warn(
-      `could not allocate a host-forwardable dashboard proxy port from ${candidates[0]}-${candidates[candidates.length - 1]}; ` +
-        `remote dashboard access will not work until another container releases its port`,
-    )
-    return
+      recordProxyPort(`TypeClaw dashboard forwarding unavailable: ${event.reason}`, logger)
+      logger.warn(`agent-browser dashboard forward failed: ${event.reason}`)
+    })
   }
 
-  activeProxy = result.resource
-  recordProxyPort(result.port, logger)
-  logger.info(
-    `dashboard proxy listening on port ${result.port}` +
-      (result.hostPort !== null ? ` (forwarded to host:${result.hostPort})` : ''),
-  )
+  publishForwardRequest({
+    targetPort: DASHBOARD_TARGET_PORT,
+    hostCandidates: [...DASHBOARD_HOST_CANDIDATES],
+    reason: 'agent-browser-dashboard',
+  })
 }
 
 function defaultBrokerEnabled(): boolean {
@@ -110,15 +66,9 @@ function defaultBrokerEnabled(): boolean {
   return token !== undefined && token.length > 0
 }
 
-function buildCandidatePorts(start: number): number[] {
-  const out: number[] = []
-  for (let i = 0; i < PORT_CANDIDATE_RANGE; i += 1) out.push(start + i)
-  return out
-}
-
-function recordProxyPort(port: number, logger: { warn: (msg: string) => void }): void {
+function recordProxyPort(contents: string, logger: { warn: (msg: string) => void }): void {
   try {
-    Bun.write(PROXY_PORT_HINT_PATH, String(port))
+    Bun.write(PROXY_PORT_HINT_PATH, contents)
   } catch (error) {
     // Hint is informational (lets a future `typeclaw status` or a human shell
     // session report which port to open). Failure is non-fatal.
@@ -126,31 +76,6 @@ function recordProxyPort(port: number, logger: { warn: (msg: string) => void }):
   }
 }
 
-type PortConfig = { listenPort: number; upstreamPort: number | undefined }
-
-function readPortConfig(): PortConfig {
-  const overrideUpstream = process.env['TYPECLAW_DASHBOARD_UPSTREAM_PORT']
-  return {
-    listenPort: numberFromEnv('TYPECLAW_DASHBOARD_PROXY_PORT', AGENT_BROWSER_DASHBOARD_PROXY_PORT),
-    upstreamPort:
-      overrideUpstream === undefined || overrideUpstream === '' ? undefined : numberOrUndefined(overrideUpstream),
-  }
-}
-
-function numberOrUndefined(raw: string): number | undefined {
-  const parsed = Number(raw)
-  if (!Number.isInteger(parsed) || parsed < 0 || parsed > 65_535) return undefined
-  return parsed
-}
-
-function numberFromEnv(name: string, fallback: number): number {
-  const raw = process.env[name]
-  if (raw === undefined || raw === '') return fallback
-  const parsed = Number(raw)
-  if (!Number.isInteger(parsed) || parsed < 0 || parsed > 65_535) return fallback
-  return parsed
-}
-
 function safeInstallShim(binPath: string): SafeResult {
   try {
     return installShim({ binPath })
@@ -164,7 +89,7 @@ function logInstallResult(
   result: SafeResult,
 ): void {
   if (result.kind === 'installed') {
-    logger.info(`installed agent-browser shim at ${result.binPath} (real bin: ${result.realBin})`)
+    logger.info(`installed agent-browser shim at ${result.binPath} (real bin stashed at ${result.stashTarget})`)
     return
   }
   if (result.kind === 'already-installed') {
@@ -172,7 +97,7 @@ function logInstallResult(
     return
   }
   if (result.kind === 'no-upstream') {
-    logger.info(`no agent-browser binary at ${result.binPath}; skipping`)
+    logger.info(`no agent-browser binary at ${result.binPath}; nothing to shim here`)
     return
   }
   logger.warn(`failed to install agent-browser shim at ${result.binPath}: ${String(result.error)}`)

package/src/bundled-plugins/agent-browser/shim.ts

@@ -3,18 +3,11 @@
 // bash-regex `tool.before` block, which was leaky (missed shell variations,
 // bypassed by `typeclaw shell`, by spawned subprocesses, by the user typing
 // it directly). Now ANY in-container `agent-browser` caller routes through
-// here — the dashboard subcommand transparently gets its --port rewritten
-// onto the agent-process-owned proxy's upstream port, every other subcommand
-// passes through unchanged. The proxy itself lives in the long-lived agent
-// process (see src/bundled-plugins/agent-browser/index.ts); the shim does NOT own its
-// lifecycle, because `agent-browser dashboard start` daemonizes upstream and
-// returns immediately — a shim-owned proxy would die the moment start exits.
+// here and gets the anti-fingerprint User-Agent default before execing the
+// real upstream binary unchanged.
 
 import { existsSync } from 'node:fs'
 
-import { writePortHint } from './dashboard-discovery'
-import { AGENT_BROWSER_DASHBOARD_UPSTREAM_PORT } from './dashboard-proxy'
-
 export const REAL_BIN_ENV = 'TYPECLAW_AGENT_BROWSER_REAL_BIN'
 
 // Recent desktop Chrome on Linux x86_64. The shim runs inside the TypeClaw
@@ -60,71 +53,6 @@ export function injectUserAgentEnv(
   env[USER_AGENT_ENV] = defaultUa
 }
 
-export type DashboardIntent = 'start' | 'stop' | 'other'
-
-export function classifyDashboardCommand(argv: readonly string[]): DashboardIntent {
-  // Find the first non-flag token. `agent-browser` takes no pre-subcommand
-  // global flags today; the loop is defensive against future ones.
-  let dashboardIdx = -1
-  for (let i = 0; i < argv.length; i += 1) {
-    const arg = argv[i]!
-    if (arg.startsWith('-')) continue
-    if (arg !== 'dashboard') return 'other'
-    dashboardIdx = i
-    break
-  }
-  if (dashboardIdx === -1) return 'other'
-
-  // Look for the next non-flag token after `dashboard`. Upstream treats a
-  // missing subcommand as `start`, so we do too. `--port <n>` and `-p <n>`
-  // consume two argv entries; the value is not a subcommand and must not be
-  // classified as one.
-  for (let i = dashboardIdx + 1; i < argv.length; i += 1) {
-    const arg = argv[i]!
-    if (arg === '--port' || arg === '-p') {
-      i += 1
-      continue
-    }
-    if (arg.startsWith('-')) continue
-    if (arg === 'stop') return 'stop'
-    if (arg === 'start') return 'start'
-    return 'other'
-  }
-  return 'start'
-}
-
-export function rewriteDashboardArgs(argv: readonly string[], upstreamPort: number): string[] {
-  // Force --port to upstreamPort regardless of what the caller passed. The
-  // proxy on AGENT_BROWSER_DASHBOARD_PROXY_PORT (4848) is the only externally
-  // visible surface; honoring a user --port would let a caller bypass the
-  // proxy by listening directly on the externally forwarded port. Insert
-  // `start` explicitly when the caller relied on the implicit-start behavior
-  // so the appended `--port` lands on a subcommand upstream accepts.
-  const stripped: string[] = []
-  let i = 0
-  while (i < argv.length) {
-    const arg = argv[i]!
-    if (arg === '--port' || arg === '-p') {
-      i += 2
-      continue
-    }
-    if (arg.startsWith('--port=')) {
-      i += 1
-      continue
-    }
-    stripped.push(arg)
-    i += 1
-  }
-
-  const dashboardIdx = stripped.findIndex((a) => !a.startsWith('-'))
-  const hasSubcommand = stripped.slice(dashboardIdx + 1).some((a) => !a.startsWith('-'))
-  const out = hasSubcommand
-    ? [...stripped]
-    : [...stripped.slice(0, dashboardIdx + 1), 'start', ...stripped.slice(dashboardIdx + 1)]
-  out.push('--port', String(upstreamPort))
-  return out
-}
-
 export function resolveRealAgentBrowserBin(): string {
   // Set by the installer when it moves the upstream symlink aside. Honored
   // first so unit tests can point at a stub without touching the filesystem.
@@ -152,7 +80,6 @@ export function resolveRealAgentBrowserBin(): string {
 export type ShimOptions = {
   argv?: readonly string[]
   realBin?: string
-  upstreamPort?: number
   spawn?: (cmd: string[]) => { exited: Promise<number> }
   env?: Record<string, string | undefined>
 }
@@ -160,29 +87,11 @@ export type ShimOptions = {
 export async function runShim(opts: ShimOptions = {}): Promise<number> {
   const argv = opts.argv ?? process.argv.slice(2)
   const realBin = opts.realBin ?? resolveRealAgentBrowserBin()
-  const upstreamPort = opts.upstreamPort ?? AGENT_BROWSER_DASHBOARD_UPSTREAM_PORT
   const spawn = opts.spawn ?? defaultSpawn
   const env = opts.env ?? process.env
 
   injectUserAgentEnv(argv, env)
-
-  const intent = classifyDashboardCommand(argv)
-  if (intent !== 'start') {
-    return await spawn([realBin, ...argv]).exited
-  }
-
-  // Record the rewritten port to the hint file so the long-lived proxy can
-  // use it as the fast-path upstream lookup. The proxy still falls back to
-  // procfs discovery if the hint is wrong, but the hint avoids that work
-  // on the common path where the shim is the one starting the dashboard.
-  try {
-    writePortHint(upstreamPort)
-  } catch {
-    // Hint is an optimization; failure to write it is non-fatal.
-  }
-
-  const rewritten = rewriteDashboardArgs(argv, upstreamPort)
-  return await spawn([realBin, ...rewritten]).exited
+  return await spawn([realBin, ...argv]).exited
 }
 
 function defaultSpawn(cmd: string[]): { exited: Promise<number> } {

package/src/bundled-plugins/agent-browser/skills/agent-browser/SKILL.md

@@ -38,8 +38,9 @@ The dashboard takes a moment to come up and the user needs time to open the URL.
    needed.)
 2. Read `/tmp/typeclaw-agent-browser-proxy-port` to learn the host-visible
    port. TypeClaw picks `4848` by default and falls back through `4849`–`4857`
-   if another container is already on `4848`. If the file is missing, the proxy
-   hasn't finished binding yet — wait a second and retry, or fall back to `4848`.
+   if another container is already on `4848`. If the file contains a diagnostic
+   instead of a number, forwarding is unavailable; report that message instead
+   of inventing a URL.
 3. Tell the user: **"Open `http://localhost:<port>` in your browser."** Over
    Tailscale or LAN, the same port works on the host's external address:
    `http://<host>:<port>`.
@@ -47,37 +48,11 @@ The dashboard takes a moment to come up and the user needs time to open the URL.
 5. When the user is done, they hand control back implicitly — just resume your
    normal `agent-browser` commands. Session state is shared with the dashboard.
 
-The compatibility proxy on `:4848` (or the fallback port) rewrites the
-dashboard's hardcoded loopback URLs so the externally visible URL works over
-Tailscale and other remote networks. No special flag, tool, or config required.
-**Always share the proxy port URL — never `localhost:<raw-session-port>`** —
-those raw ports are inside the container and unreachable from the host.
-
-### Don't confuse the proxy port with the dashboard port
-
-There are two ports in play. Both sockets live inside the container, but
-they have very different audiences:
-
-| File                                        | Audience                 | What it's for                                                                                                                                                                                                                                                        |
-| ------------------------------------------- | ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `/tmp/typeclaw-agent-browser-proxy-port`    | **Host browser**         | The port the host browser opens (`http://localhost:<proxy-port>`). Host-forwarded via hostd; the compatibility proxy rewrites the dashboard's hardcoded loopback URLs so they work over Tailscale/LAN. **Default `4848`, falls back to `4849`–`4857` on collision.** |
-| `/tmp/typeclaw-agent-browser-upstream-port` | **In-container clients** | The actual `agent-browser dashboard` server. **Default `4849`.** This is what other in-container processes (Cloudflare tunnels, in-container `curl`, in-container scripts) must talk to. Not host-forwarded — there's no point.                                      |
-
-**For Cloudflare tunnels and anything else that originates inside the
-container, use the upstream-port file, NOT the proxy-port file.** Cloudflare's
-`cloudflared` runs in the container's netns and connects to `127.0.0.1:<port>`
-directly — it doesn't traverse the compatibility proxy and gains nothing from
-it. Pointing a tunnel at the proxy port silently tunnels the proxy's listen
-socket instead of the dashboard; the tunnel comes up, the URL "works" against
-the proxy's pass-through paths, but anything dashboard-specific (sessions,
-WebSocket activity feed, JSON API) breaks in non-obvious ways.
-
-Common-failure shape: reading `proxy-port` mechanically because it's the
-file you remembered, then passing that to `typeclaw tunnel add` or to a
-`cloudflared --url http://127.0.0.1:<port>` invocation. **Read the
-`upstream-port` file for tunnel upstreams.** When in doubt, run
-`agent-browser dashboard status` (or check the `agent-browser dashboard
-start` log line — it prints the upstream URL).
+The dashboard is served directly by `agent-browser` on one origin; TypeClaw only
+reserves a host-forward for that port. No special flag, tool, or config is
+required. **Always share the hint-file URL — never
+`localhost:<raw-session-port>`** — raw session ports are inside the container and
+unreachable from the host.
 
 ### When NOT to use the dashboard
 

package/src/bundled-plugins/doc-render/skills/typeclaw-render-pdf/SKILL.md

@@ -266,8 +266,8 @@ reports. For authored documents, stay on the Typst path above.
   ```
 
   Use a human-friendly `filename` and an absolute path. Slack, Discord, Telegram,
-  and KakaoTalk upload the file; the GitHub adapter has no attachment support, so
-  there post a link or paste the markdown.
+  and KakaoTalk upload the file; LINE and the GitHub adapter have no attachment
+  support, so there post a link or paste the markdown.
 
 - **Replying in a thread** — use `channel_reply` with the same `attachments` shape.
 

package/src/bundled-plugins/guard/policies/memory-retrieval-cache-write.ts

@@ -16,7 +16,13 @@ export async function isMemoryRetrievalCacheWriteAllowed(options: {
 }): Promise<boolean> {
   const { tool, args, agentDir, origin } = options
   if (tool !== 'write') return false
-  if (origin?.kind !== 'subagent' || origin.subagent !== 'memory-retrieval') return false
+  // Allow the memory-retrieval subagent (existing path) OR the in-process
+  // vector retrieval writer (system origin with component='memory-retrieval').
+  // The in-process path runs under the session origin, not a subagent, so we
+  // check for the system component name as the trusted internal actor.
+  const isMemoryRetrievalSubagent = origin?.kind === 'subagent' && origin.subagent === 'memory-retrieval'
+  const isInProcessWriter = origin?.kind === 'system' && origin.component === 'memory-retrieval'
+  if (!isMemoryRetrievalSubagent && !isInProcessWriter) return false
 
   const rawPath = args.path
   if (typeof rawPath !== 'string') return false