* fix(openclaw): inject context via system prompt instead of overwriting MEMORY.md
The OpenClaw plugin was overwriting each agent's MEMORY.md with a large
auto-generated observation dump (~12-15KB) on every before_agent_start
and tool_result_persist event. This conflicts with OpenClaw's design
where MEMORY.md is agent-curated long-term memory.
Migrate context injection from file-based (writeFile MEMORY.md) to
OpenClaw's native before_prompt_build hook, which returns context via
appendSystemContext. This keeps MEMORY.md under agent control while
still providing cross-session observation context to the LLM.
Changes:
- Add before_prompt_build hook that returns { appendSystemContext }
- Remove writeFile/MEMORY.md sync from before_agent_start
- Remove MEMORY.md sync from tool_result_persist (observations still recorded)
- Add 60s TTL cache to avoid re-fetching context on every LLM turn
- Add syncMemoryFileExclude config for per-agent opt-out
- Remove dead workspaceDirsBySessionKey tracking map
- Rewrite test suite to verify prompt injection instead of file writes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(ui): align settings defaults with backend and use nullish coalescing
The web UI had two issues causing settings inflation:
1. DEFAULT_SETTINGS in the UI used FULL_COUNT='5' and all token columns
'true', while SettingsDefaultsManager (backend) uses FULL_COUNT='0'
and token columns 'false'. Opening the settings modal and saving
without changes would silently inflate the context.
2. useSettings used || for fallback, which treats '0' and 'false' as
falsy — even when the backend correctly returns these values, the UI
would replace them with inflated defaults. Changed to ?? (nullish
coalescing) so only null/undefined trigger the fallback.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs(openclaw): update integration docs for system prompt injection
Reflect the migration from MEMORY.md file writes to before_prompt_build
hook-based context injection:
- Update architecture diagram and overview to show new hook flow
- Replace "MEMORY.md Live Sync" section with "System Prompt Context Injection"
- Update event lifecycle steps (before_agent_start, tool_result_persist)
- Add before_prompt_build step with TTL cache description
- Document new syncMemoryFileExclude config parameter
- Update session tracking to reflect removed workspaceDirsBySessionKey
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: fix terminology and update SKILL.md for system prompt injection
Replace "prompt injection" with "context injection" in docs to avoid
confusion with the OWASP security term. Update openclaw/SKILL.md to
reflect the new before_prompt_build hook and remove stale MEMORY.md
references.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Alex Newman <thedotmack@gmail.com>
* MAESTRO: fix ChromaDB core issues — Python pinning, Windows paths, disable toggle, metadata sanitization, transport errors
- Add --python version pinning to uvx args in both local and remote mode (fixes#1196, #1206, #1208)
- Convert backslash paths to forward slashes for --data-dir on Windows (fixes#1199)
- Add CLAUDE_MEM_CHROMA_ENABLED setting for SQLite-only fallback mode (fixes#707)
- Sanitize metadata in addDocuments() to filter null/undefined/empty values (fixes#1183, #1188)
- Wrap callTool() in try/catch for transport errors with auto-reconnect (fixes#1162)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix data integrity — content-hash deduplication, project name collision, empty project guard, stuck isProcessing
- Add SHA-256 content-hash deduplication to observations INSERT (store.ts, transactions.ts, SessionStore.ts)
- Add content_hash column via migration 22 with backfill and index
- Fix project name collision: getCurrentProjectName() now returns parent/basename
- Guard against empty project string with cwd-derived fallback
- Fix stuck isProcessing: hasAnyPendingWork() resets processing messages older than 5 minutes
- Add 12 new tests covering all four fixes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix hook lifecycle — stderr suppression, output isolation, conversation pollution prevention
- Suppress process.stderr.write in hookCommand() to prevent Claude Code showing diagnostic
output as error UI (#1181). Restores stderr in finally block for worker-continues case.
- Convert console.error() to logger.warn()/error() in hook-command.ts and handlers/index.ts
so all diagnostics route to log file instead of stderr.
- Verified all 7 handlers return suppressOutput: true (prevents conversation pollution #598, #784).
- Verified session-complete is a recognized event type (fixes#984).
- Verified unknown event types return no-op handler with exit 0 (graceful degradation).
- Added 10 new tests in tests/hook-lifecycle.test.ts covering event dispatch, adapter defaults,
stderr suppression, and standard response constants.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix worker lifecycle — restart loop coordination, stale transport retry, ENOENT shutdown race
- Add PID file mtime guard to prevent concurrent restart storms (#1145):
isPidFileRecent() + touchPidFile() coordinate across sessions
- Add transparent retry in ChromaMcpManager.callTool() on transport
error — reconnects and retries once instead of failing (#1131)
- Wrap getInstalledPluginVersion() with ENOENT/EBUSY handling (#1042)
- Verified ChromaMcpManager.stop() already called on all shutdown paths
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix Windows platform support — uvx.cmd spawn, PowerShell $_ elimination, windowsHide, FTS5 fallback
- Route uvx spawn through cmd.exe /c on Windows since MCP SDK lacks shell:true (#1190, #1192, #1199)
- Replace all PowerShell Where-Object {$_} pipelines with WQL -Filter server-side filtering (#1024, #1062)
- Add windowsHide: true to all exec/spawn calls missing it to prevent console popups (#1048)
- Add FTS5 runtime probe with graceful fallback when unavailable on Windows (#791)
- Guard FTS5 table creation in migrations, SessionSearch, and SessionStore with try/catch
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix skills/ distribution — build-time verification and regression tests (#1187)
Add post-build verification in build-hooks.js that fails if critical
distribution files (skills, hooks, plugin manifest) are missing. Add
10 regression tests covering skill file presence, YAML frontmatter,
hooks.json integrity, and package.json files field.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix MigrationRunner schema initialization (#979) — version conflict between parallel migration systems
Root cause: old DatabaseManager migrations 1-7 shared schema_versions table with
MigrationRunner's 4-22, causing version number collisions (5=drop tables vs add column,
6=FTS5 vs prompt tracking, 7=discovery_tokens vs remove UNIQUE). initializeSchema()
was gated behind maxApplied===0, so core tables were never created when old versions
were present.
Fixes:
- initializeSchema() always creates core tables via CREATE TABLE IF NOT EXISTS
- Migrations 5-7 check actual DB state (columns/constraints) not just version tracking
- Crash-safe temp table rebuilds (DROP IF EXISTS _new before CREATE)
- Added missing migration 21 (ON UPDATE CASCADE) to MigrationRunner
- Added ON UPDATE CASCADE to FK definitions in initializeSchema()
- All changes applied to both runner.ts and SessionStore.ts
Tests: 13 new tests in migration-runner.test.ts covering fresh DB, idempotency,
version conflicts, crash recovery, FK constraints, and data integrity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix 21 test failures — stale mocks, outdated assertions, missing OpenClaw guards
Server tests (12): Added missing workerPath and getAiStatus to ServerOptions
mocks after interface expansion. ChromaSync tests (3): Updated to verify
transport cleanup in ChromaMcpManager after architecture refactor. OpenClaw (2):
Added memory_ tool skipping and response truncation to prevent recursive loops
and oversized payloads. MarkdownFormatter (2): Updated assertions to match
current output. SettingsDefaultsManager (1): Used correct default key for
getBool test. Logger standards (1): Excluded CLI transcript command from
background service check.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix Codex CLI compatibility (#744) — session_id fallbacks, unknown platform tolerance, undefined guard
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix Cursor IDE integration (#838, #1049) — adapter field fallbacks, tolerant session-init validation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix /api/logs OOM (#1203) — tail-read replaces full-file readFileSync
Replace readFileSync (loads entire file into memory) with readLastLines()
that reads only from the end of the file in expanding chunks (64KB → 10MB cap).
Prevents OOM on large log files while preserving the same API response shape.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix Settings CORS error (#1029) — explicit methods and allowedHeaders in CORS config
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: add session custom_title for agent attribution (#1213) — migration 23, endpoint + store support
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: prevent CLAUDE.md/AGENTS.md writes inside .git/ directories (#1165)
Add .git path guard to all 4 write sites to prevent ref corruption when
paths resolve inside .git internals.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix plugin disabled state not respected (#781) — early exit check in all hook entry points
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix UserPromptSubmit context re-injection on every turn (#1079) — contextInjected session flag
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix stale AbortController queue stall (#1099) — lastGeneratorActivity tracking + 30s timeout
Three-layer fix:
1. Added lastGeneratorActivity timestamp to ActiveSession, updated by
processAgentResponse (all agents), getMessageIterator (queue yields),
and startGeneratorWithProvider (generator launch)
2. Added stale generator detection in ensureGeneratorRunning — if no
activity for >30s, aborts stale controller, resets state, restarts
3. Added AbortSignal.timeout(30000) in deleteSession to prevent
indefinite hang when awaiting a stuck generator promise
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
The installer hardcoded ~/.openclaw/extensions/claude-mem as the target.
Users who moved the extension to a custom path (e.g. workspace
extensions via plugins.load.paths) would have their setup broken on
update. Now resolve_extension_dir() checks the OpenClaw config for an
existing installPath or load.paths entry before falling back to the
default.
The update step copies the root package.json over the extension's
package.json, wiping the openclaw.extensions field that plugin
discovery requires. This causes "plugin not found: claude-mem" after
every update. Merge only the version number instead.
Fixes#1106
Telegram Bot API only allows a-z, 0-9, and underscores in command
names. Rename /claude-mem-feed → /claude_mem_feed and
/claude-mem-status → /claude_mem_status.
Fixes#1108
Co-authored-by: Manantra <113709296+Manantra@users.noreply.github.com>
Move the /make-plan and /do orchestrator commands from plugin/commands/
into OpenClaw skills (openclaw/skills/make-plan, openclaw/skills/do-plan).
Skills are auto-discovered by the agent and loaded on-demand via SKILL.md
frontmatter matching, reducing context cost vs always-loaded slash commands.
Register skill directories in openclaw.plugin.json via the skills array.
Co-authored-by: Alex Newman <alexnewman@Alexs-Mac-mini.local>
* feat: universalize observation feed emojis with config-driven system
Replace hardcoded AGENT_EMOJI_MAP with a three-tier approach:
1. User-pinned emojis via observationFeed.emojis.agents config
2. Deterministic auto-assign from pool using agentId hash
3. Configurable fallbacks for primary, Claude Code, and default emojis
Claude Code sessions now display "Claude Code Session" instead of the
working directory name. All emoji settings are exposed in the plugin
configSchema so the onboarding wizard AI can discover and configure them.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(feed): keep Claude Code project id in source labels
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Replace raw.githubusercontent.com URLs with install.cmem.ai/openclaw.sh
across install script, SKILL.md, and docs. Add OpenClaw section with
install one-liner to README.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Three fixes for the OpenClaw plugin:
1. Fix MEMORY.md sync returning empty content
- syncMemoryToWorkspace() was querying basename(workspaceDir) as the
project name (e.g. 'workspace'), but observations are stored under
agent-scoped names like 'openclaw-main'
- Now queries both the base project and agent-scoped project name
- Passes EventContext through so the correct project can be derived
2. Add dedicated botToken support for observation feed
- New optional 'botToken' field in observationFeed config
- When set, sends observations directly via Telegram Bot API instead
of routing through the gateway's channel plugin
- Allows using a separate bot for the observation stream
3. Fix plugin kind for memory slot compatibility
- Changed plugin kind from 'integration' to 'memory' so OpenClaw
recognizes it as a valid memory slot plugin
- Fixes 'memory slot plugin not found' warning when
plugins.slots.memory = 'claude-mem' is configured
Remove arbitrary TOOL_RESULT_MAX_LENGTH truncation, capture all content
blocks instead of only the first, observe all tool uses including
memory_ tools, and filter context injection by workspace directory
instead of hardcoded project name.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Two-stage health verification (health + readiness), 30s timeout,
parse_health_json() helper with jq/python3/node fallbacks, smart
port-conflict handling with version/provider mismatch detection,
and enhanced completion summary showing version, AI auth, and uptime.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The stale config cleanup removed plugins.entries['claude-mem'] but left
plugins.slots.memory pointing to it. OpenClaw's config validator rejects
ALL CLI commands when a slot references a non-existent plugin, blocking
`openclaw plugins install` from running.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OpenClaw's config validator rejects unrecognized keys and references to
uninstalled plugins, blocking ALL CLI commands including `plugins install`.
The installer now temporarily removes the stale claude-mem entry before
installing, then restores the saved plugin config (workerPort, observationFeed,
etc.) after successful installation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The installer always cloned from main branch, making it impossible to test
changes on feature branches. Added --branch flag (e.g. --branch=openclaw-installer)
to override the default.
Also fixes "plugin already exists" error by removing the existing plugin
directory (~/.openclaw/extensions/claude-mem) before running plugins install,
allowing clean reinstallation without manual cleanup.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The before_agent_start handler was passing ctx.sessionKey (e.g. "agent:main:main")
as the prompt to the worker API, causing the viewer to display the session key
instead of actual user prompt text. Now correctly reads event.prompt from
OpenClaw's BeforeAgentStartEvent.
Also adds message_received hook to capture inbound user prompts from messaging
channels (Telegram, Discord, etc.) and stores them via the worker API.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
find_openclaw() only searched for openclaw.mjs, missing systems where the
binary is named just "openclaw" (e.g., npm install -g openclaw). Now checks
both names in PATH and in hardcoded paths. Added run_openclaw() helper that
invokes via node for .mjs files and directly for standalone binaries.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Addresses PR review feedback: bash variable interpolation into JavaScript
string literals could allow injection if paths contain special characters.
All 4 node -e calls now receive paths via process.env instead of ${var}
interpolation: package.json writer, config creator, config updater, and
PID file writer.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The check_uv not-found test was failing because find_uv_path checks
hardcoded system paths (/opt/homebrew/bin/uv, /usr/local/bin/uv) that
can't be overridden via HOME or PATH. Added graceful skip when uv is
installed at non-overridable system paths.
All 171/171 tests pass.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add --upgrade flag that detects existing installations and skips clone/build/register
- Add global trap-based cleanup (register_cleanup_dir + cleanup_on_exit) for temp dirs
- Add check_git() with platform-specific install suggestions (xcode-select on macOS, apt on Linux)
- Add check_port_37777() to detect worker already running before starting a new one
- Add is_claude_mem_installed() for upgrade detection via plugin directory check
- Add ensure_jq_or_fallback() utility for JSON operations with jq/node fallback
- All 160 tests pass (23 new tests for error handling functions)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
write_observation_feed_config() now uses jq as the primary JSON
manipulation tool, falls back to python3, then to node. This gives
users the most reliable path regardless of their system tooling.
Added 15 new tests covering all three fallback paths.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fixed IS_WSL=false (non-empty string) causing "(WSL)" to always display
on Linux platforms; now uses empty string initialization
- Refactored write_settings() to pass API key via environment variables
instead of interpolating into JavaScript string literals, preventing
potential injection or breakage with special characters
- Passes bash -n and shellcheck with zero warnings
- All 74/74 existing tests pass
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add setup_ai_provider() with 3-option menu (Claude Max/Gemini/OpenRouter),
mask_api_key() for secure terminal display, and write_settings() that generates
~/.claude-mem/settings.json with all 35 defaults from SettingsDefaultsManager.ts
in flat JSON schema. Preserves existing user customizations on re-run.
23 new tests added (46/46 total pass). Passes bash -n and shellcheck clean.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add find_openclaw()/check_openclaw() for gateway detection across PATH,
~/.openclaw/, /usr/local/bin/, and node_modules paths. Add install_plugin()
that clones, builds, creates installable package, and runs plugins install/enable
following the Dockerfile.e2e flow. Add configure_memory_slot() that creates or
updates ~/.openclaw/openclaw.json with plugins.slots.memory="claude-mem" while
preserving existing config. Includes test-install.sh with 23 passing tests.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Creates the core installer script with:
- ASCII banner and ANSI color utility functions (info/success/warn/error/prompt_user)
- Automatic terminal color support detection
- Platform detection (macOS, Linux, WSL, Windows/MINGW)
- Bun detection, version checking (>=1.1.14), and auto-installation
- uv detection and auto-installation
- find_bun_path() helper returning full path to bun binary
- --non-interactive flag for curl|bash piping safety
- All dependency patterns translated from plugin/scripts/smart-install.js
Passes bash -n syntax check and shellcheck with zero warnings.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The project field can be null/undefined for malformed SSE payloads.
Update the type and getSourceLabel signature to match the runtime
null guard.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Three fixes to make OpenClaw agent observations work end-to-end:
1. Session init in before_agent_start — the worker's privacy check
requires a stored user prompt; without calling /api/sessions/init,
all observations were skipped as "private"
2. Race condition fix in agent_end — await summarize before sending
complete, preventing session deletion before in-flight observation
POSTs arrive
3. OAuth token pass-through in buildIsolatedEnv — spawned Claude CLI
processes now receive CLAUDE_CODE_OAUTH_TOKEN from the worker's
env when no explicit API key is configured
Also adds agent-specific emoji mapping and dynamic project naming
for the Telegram observation feed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Use workerBaseUrl() for SSE stream URL instead of hardcoded localhost
- Concatenate all SSE data: lines per frame per SSE spec
- Update WhatsApp mock to accept third options argument
- Restrict SSE mock server to only respond on /stream path
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
gateway_start only fires on full process restart. Without cleanup,
sessionIds and workspaceDirsBySessionKey grow indefinitely across
/new and /reset cycles. session_end now deletes entries for the
completed session key.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Init was incorrectly placed in before_agent_start, which fires on every
agent attempt (retries, context overflow, auth rotation). Session init
should fire once on /new or /reset (session_start) and after compaction
(after_compaction). before_agent_start now only syncs MEMORY.md and
tracks workspace dirs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace dynamic function name construction with CHANNEL_SEND_MAP that
matches the actual PluginRuntime.channel structure. Fixes WhatsApp
(sendMessageWhatsApp) and iMessage (sendMessageIMessage) casing, and
adds WhatsApp's required verbose option. Also adds null guard on SSE
observation payload before type casting.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The worker doesn't require a Claude Code installation. Rewrite setup
to: clone repo first, check if worker is already running (from existing
Claude Code install), start from Claude Code install if available, or
start from cloned repo as fallback. Each path includes health check
verification and debug steps.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Complete setup guide covering prerequisites, plugin configuration,
observation recording verification, observation feed setup with
per-channel instructions (Telegram, Discord, Slack, Signal, WhatsApp,
LINE), command reference, architecture overview, and troubleshooting.
Written for bots to walk users through the full setup.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Merge crab-mem observation recording with existing SSE broadcasting to
create a complete OpenClaw plugin. Records observations from embedded
runner sessions via worker HTTP API, and continuously syncs MEMORY.md
to agent workspaces so agents always have fresh context.
- Add event handlers: before_agent_start, tool_result_persist, agent_end, gateway_start
- Add MEMORY.md live sync on every agent start and tool use (fire-and-forget)
- Add worker HTTP client (POST, fire-and-forget POST, GET text)
- Add /claude-mem-status health check command
- Add workspace dir tracking across session events
- Expand test suite from 17 to 36 tests
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Installs plugin on ghcr.io/openclaw/openclaw:main via `plugins install`,
starts mock worker + gateway, and verifies 16 checks (discovery, files,
SSE connectivity, gateway plugin load). Includes interactive mode for
human manual testing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
E2E testing against the official OpenClaw Docker image revealed the plugin
was built against a custom interface that didn't match the real SDK:
- api.log() → api.logger.info/warn/error() (PluginLogger interface)
- api.getConfig() → api.pluginConfig (direct property)
- command handler (args[], ctx) → (ctx) with ctx.args string
- service stop optional, service context typed
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Move sseAbortController/connectionState from module globals into closure for multi-instance safety
- Make start() idempotent by aborting existing connection before creating a new one
- Track connectionPromise and await it on stop() for proper cleanup
- Guard channel API access lazily to prevent crash when integrations are missing
- Add 1MB MAX_SSE_BUFFER_SIZE to prevent unbounded buffer growth
- Log malformed JSON parse errors instead of silently ignoring
- Replace error: any with proper instanceof Error type narrowing
- Remove hardcoded user paths from TESTING.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Glucksberg