- Added systemPrompt for overriding the default system prompt.
- Introduced skills for pre-loaded skills management.
- Added contextFiles for handling pre-loaded context files with path and content attributes.
* Fix missing before_tool_call hook integration
- Add hook call in handleToolExecutionStart before tool execution begins
- Support parameter modification via hookResult.params
- Support tool call blocking via hookResult.block with custom blockReason
- Fix try/catch logic to properly re-throw blocking errors using __isHookBlocking flag
- Maintain tool event consistency by emitting start/end events when blocked
- Addresses GitHub issue #6535 (1 of 8 unimplemented hooks now working)
Co-Authored-By: Claude Sonnet 4 <noreply@anthropic.com>
* Add comprehensive test suite for before_tool_call hook
- 9 tests covering all hook scenarios: no hooks, parameter passing, modification, blocking, error handling
- Tests tool name normalization and different argument types
- Verifies proper error re-throwing and logging behavior
- Maintained in fork for regression testing
* Fix all issues identified by Greptile code review
Address P0/P1/P3 bugs:
P0 - Fix parameter mutation crash for non-object args:
- Normalize args to objects before passing to hooks (maintains hook contract)
- Handle parameter merging safely for both object and non-object args
P1 - Add missing internal state updates when blocking tools:
- Set toolMetaById metadata like normal flow
- Call onAgentEvent callback to maintain consistency
- Emit events in same order as normal tool execution
P1 - Fix test expectations to match implementation reality:
- Non-object args normalized to {} for hook params (not passed as-is)
- Add test for safe parameter modification with various arg types
- Update mocks to verify state updates when blocking
P3 - Replace magic __isHookBlocking property with dedicated ToolBlockedError class:
- More robust error handling without property collision risk
- Cleaner control flow that's serialization-safe
Co-Authored-By: Claude Sonnet 4 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4 <noreply@anthropic.com>
* security(web): sanitize WhatsApp accountId to prevent path traversal
Apply normalizeAccountId() from routing/session-key to
resolveDefaultAuthDir() so that malicious config values like
"../../../etc" cannot escape the intended auth directory.
Fixes#2692
* fix(web): check sanitized segment instead of full path in Windows test
* style(web): fix oxfmt formatting in accounts test
highlightMatch() was replacing tokens inside ANSI escape codes,
corrupting sequences like [38;2;123;127;135m when searching for '2'.
Fix: apply highlighting to plain text before theme styling.
- Update @mariozechner/pi-ai and pi-agent-core to 0.50.9
- Rename cacheControlTtl to cacheRetention with values none/short/long
- Add backwards compatibility mapping: 5m->short, 1h->long
- Remove dead OpenRouter check (uses openai-completions API)
- Default new configs to cacheRetention: short
* Slash new: use agent personality in session greeting
Previously /new and /reset used a generic greeting prompt. Agents with
personality files (IDENTITY.md, SOUL.md, etc) would respond out of
character until the conversation got going.
Now the prompt instructs the agent to greet users as their character,
using their defined voice, mannerisms, and mood from the start.
* Auto-reply: avoid workspace references in reset prompt
* fix: avoid workspace references in reset greeting (#5706) (thanks @bravostation)
---------
Co-authored-by: MoltBot <bot@moltbot.com>
Co-authored-by: Shadow <shadow@clawd.bot>
On Windows, non-.exe commands like npm, pnpm, yarn, npx require
their .cmd extension when using spawn(). This adds a resolveCommand()
helper that automatically appends .cmd on Windows for these commands.
Fixes#5773
* feat(routing): add thread parent binding inheritance for Discord
When a Discord thread message doesn't match a direct peer binding,
now checks if the parent channel has a binding and uses that agent.
This enables multi-agent setups where threads inherit their parent
channel's agent binding automatically.
Changes:
- Add parentPeer parameter to ResolveAgentRouteInput
- Add binding.peer.parent match type
- Resolve thread parent early in Discord preflight
- Pass parentPeer to resolveAgentRoute for threads
Fixes thread routing in Discord multi-agent configurations where
threads were incorrectly routed to the default agent instead of
inheriting from their parent channel's binding.
* ci: trigger fresh macOS runners
* Discord: inherit thread bindings in reactions
* fix: add changelog for thread parent binding (#3892) (thanks @aerolalit)
---------
Co-authored-by: Lalit Singh <lalit@clawd.bot>
Co-authored-by: OSS Agent <oss-agent@clawdbot.ai>
Co-authored-by: Shadow <shadow@clawd.bot>
* fix(security): restrict inbound media staging to media directory
* docs: update MEDIA path guidance for security restrictions
- Update agent hint to warn against absolute/~ paths
- Update docs example to use https:// instead of /tmp/
---------
Co-authored-by: Evan Otero <evanotero@google.com>
Small model testing showed the label did not meaningfully help:
- Sub-3B models fail regardless of format
- 8B models untested with label specifically
- Frontier models never needed it
The bracket convention [Wed 2026-01-28 22:30 EST] matches existing
channel envelope format and is widely present in training data.
Saves ~2-3 tokens per message vs the labeled version.
Changes [Wed 2026-01-28 20:30 EST] to [Current Date: Wed 2026-01-28 20:30 EST].
Tested with qwen3-1.7B: even with DOW in the timestamp, the model
ignored it and tried to compute the day using Zeller's Congruence.
The "Current Date:" semantic label is widely present in training data
and gives small models the best chance of recognizing the timestamp
as authoritative context rather than metadata to parse.
Cost: ~18 tokens per message. Prevents hallucination spirals that
burn hundreds or thousands of tokens on date derivation.
Changes [2026-01-28 20:30 EST] to [Wed 2026-01-28 20:30 EST].
Costs ~1 extra token but provides day-of-week for smaller models
that can't derive DOW from a date. Frontier models already handle
it, but this is cheap insurance for 7B-class models.
Replace verbose formatUserTime (Wednesday, January 28th, 2026 — 8:30 PM)
with the same formatZonedTimestamp used by channel envelopes (2026-01-28
20:30 EST). This:
- Saves ~4 tokens per message (~7 vs ~11)
- Uses globally unambiguous YYYY-MM-DD 24h format
- Removes 12/24h config option (always 24h, agent-facing)
- Anchors envelope detection to the actual format function — if channels
change their timestamp format, our injection + detection change too
- Adds test that compares injection output to formatZonedTimestamp directly
Exported formatZonedTimestamp from auto-reply/envelope.ts for reuse.
Verifies that America/New_York correctly resolves to midnight for
both EST (winter, UTC-5) and EDT (summer, UTC-4) using the same
IANA timezone. Intl.DateTimeFormat handles the DST transition.
The chat.send handler (used by webchat and TUI) is a separate path
from the agent handler. Inject timestamp into BodyForAgent (what the
model sees) while keeping Body raw for UI display.
This completes timestamp coverage for all non-channel paths:
- agent handler: spawned subagents, sessions_send, heartbeats
- chat.send: webchat, TUI
Messages arriving through the gateway agent method (TUI, web, spawned
subagents, sessions_send, heartbeats) now get a timestamp prefix
automatically. This gives all agent contexts date/time awareness
without modifying the system prompt (which is cached for stability).
Channel messages (Discord, Telegram, etc.) already have timestamps
via envelope formatting in a separate code path and never reach
the agent handler, so there is no double-stamping risk.
Cron jobs also inject their own 'Current time:' prefix and are
detected and skipped.
Extracted as a pure function (injectTimestamp) with 12 unit tests
covering: timezone handling, 12/24h format, midnight boundaries,
envelope detection, cron detection, and empty messages.
Integration test verifies the agent handler wires it in correctly.
Closes#3658
Refs: #1897, #1928, #2108
