diff --git a/.gitignore b/.gitignore
index 715ee57d0..8b5f95215 100644
--- a/.gitignore
+++ b/.gitignore
@@ -60,5 +60,6 @@ cmd/telegram/
web/backend/dist/*
!web/backend/dist/.gitkeep
+.claude/
-docker/data
\ No newline at end of file
+docker/data
diff --git a/README.fr.md b/README.fr.md
index cbaffc2d1..301456262 100644
--- a/README.fr.md
+++ b/README.fr.md
@@ -3,7 +3,7 @@
PicoClaw : Assistant IA Ultra-Efficace en Go
-
Matériel à $10 · <10 Mo de RAM · Démarrage en <1s · 皮皮虾,我们走!
+
Matériel à $10 · 10 Mo de RAM · Démarrage en ms · Let's Go, PicoClaw!
@@ -24,147 +24,138 @@
---
-> **PicoClaw** est un projet open-source indépendant initié par [Sipeed](https://sipeed.com). Il est entièrement écrit en **Go** — ce n'est pas un fork d'OpenClaw, de NanoBot ou de tout autre projet.
+> **PicoClaw** est un projet open-source indépendant initié par [Sipeed](https://sipeed.com), entièrement écrit en **Go** à partir de zéro — ce n'est pas un fork d'OpenClaw, de NanoBot ou de tout autre projet.
-🦐 **PicoClaw** est un assistant personnel IA ultra-léger inspiré de [NanoBot](https://github.com/HKUDS/nanobot), entièrement réécrit en **Go** via un processus d'auto-amorçage (self-bootstrapping) — où l'agent IA lui-même a piloté l'intégralité de la migration architecturale et de l'optimisation du code.
+**PicoClaw** est un assistant personnel IA ultra-léger inspiré de [NanoBot](https://github.com/HKUDS/nanobot). Il a été entièrement reconstruit en **Go** via un processus d'auto-amorçage (self-bootstrapping) — l'Agent IA lui-même a piloté la migration architecturale et l'optimisation du code.
+
+**Fonctionne sur du matériel à $10 avec <10 Mo de RAM** — c'est 99% de mémoire en moins qu'OpenClaw et 98% moins cher qu'un Mac mini !
-⚡️ **Extrêmement léger :** Fonctionne sur du matériel à seulement **$10** avec **<10 Mo** de RAM. C'est 99% de mémoire en moins qu'OpenClaw et 98% moins cher qu'un Mac mini !
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
> [!CAUTION]
-> **🚨 SÉCURITÉ & CANAUX OFFICIELS**
+> **Avis de sécurité**
>
-> * **PAS DE CRYPTO :** PicoClaw n'a **AUCUN** token/jeton officiel. Toute annonce sur `pump.fun` ou d'autres plateformes de trading est une **ARNAQUE**.
->
-> * **DOMAINE OFFICIEL :** Le **SEUL** site officiel est **[picoclaw.io](https://picoclaw.io)**, et le site de l'entreprise est **[sipeed.com](https://sipeed.com)**.
-> * **Attention :** De nombreux domaines `.ai/.org/.com/.net/...` sont enregistrés par des tiers.
-> * **Attention :** PicoClaw est en phase de développement précoce et peut présenter des problèmes de sécurité réseau non résolus. Ne déployez pas en environnement de production avant la version v1.0.
-> * **Note :** PicoClaw a récemment fusionné de nombreuses PR, ce qui peut entraîner une empreinte mémoire plus importante (10–20 Mo) dans les dernières versions. Nous prévoyons de prioriser l'optimisation des ressources dès que l'ensemble des fonctionnalités sera stabilisé.
+> * **PAS DE CRYPTO :** PicoClaw n'a **pas** émis de tokens officiels ni de cryptomonnaie. Toute affirmation sur `pump.fun` ou d'autres plateformes de trading est une **arnaque**.
+> * **DOMAINE OFFICIEL :** Le **SEUL** site officiel est **[picoclaw.io](https://picoclaw.io)**, et le site de l'entreprise est **[sipeed.com](https://sipeed.com)**
+> * **ATTENTION :** De nombreux domaines `.ai/.org/.com/.net/...` ont été enregistrés par des tiers. Ne leur faites pas confiance.
+> * **NOTE :** PicoClaw est en développement rapide précoce. Des problèmes de sécurité non résolus peuvent exister. Ne pas déployer en production avant la v1.0.
+> * **NOTE :** PicoClaw a récemment fusionné de nombreuses PRs. Les builds récents peuvent utiliser 10-20 Mo de RAM. L'optimisation des ressources est prévue après la stabilisation des fonctionnalités.
## 📢 Actualités
-2026-03-17 🚀 **v0.2.3 publié !** Interface système tray (Windows & Linux), suivi de statut des sous-agents (`spawn_status`), rechargement à chaud expérimental du gateway, portes de sécurité cron, et 2 correctifs de sécurité. PicoClaw atteint **25K ⭐** !
+2026-03-17 🚀 **v0.2.3 publiée !** Interface system tray (Windows & Linux), requête de statut des sous-agents (`spawn_status`), rechargement à chaud expérimental du Gateway, sécurisation Cron, et 2 correctifs de sécurité. PicoClaw a atteint **25K Stars** !
-2026-03-09 🎉 **v0.2.1 — Plus grande mise à jour !** Support du protocole MCP, 4 nouveaux canaux (Matrix/IRC/WeCom/Discord Proxy), 3 nouveaux fournisseurs (Kimi/Minimax/Avian), pipeline de vision, stockage mémoire JSONL, et routage de modèles.
+2026-03-09 🎉 **v0.2.1 — La plus grande mise à jour à ce jour !** Support du protocole MCP, 4 nouveaux channels (Matrix/IRC/WeCom/Discord Proxy), 3 nouveaux providers (Kimi/Minimax/Avian), pipeline vision, stockage mémoire JSONL, routage de modèles.
-2026-02-28 📦 **v0.2.0** publié avec support Docker Compose et lanceur Web UI.
+2026-02-28 📦 **v0.2.0** publiée avec support Docker Compose et Web UI Launcher.
-2026-02-26 🎉 PicoClaw a atteint **20K étoiles** en seulement 17 jours ! L'orchestration automatique des canaux et les interfaces de capacités sont arrivées.
+2026-02-26 🎉 PicoClaw atteint **20K Stars** en seulement 17 jours ! L'orchestration automatique des channels et les interfaces de capacités sont disponibles.
Actualités précédentes...
-2026-02-16 🎉 PicoClaw a atteint 12K étoiles en une semaine ! Les rôles de mainteneurs communautaires et la [feuille de route](ROADMAP.md) sont officiellement publiés.
+2026-02-16 🎉 PicoClaw dépasse 12K Stars en une semaine ! Rôles de mainteneurs communautaires et [Roadmap](ROADMAP.md) officiellement lancés.
-2026-02-13 🎉 PicoClaw a atteint 5000 étoiles en 4 jours ! La Feuille de Route du Projet et le Groupe de Développeurs sont en cours de mise en place.
+2026-02-13 🎉 PicoClaw dépasse 5000 Stars en 4 jours ! Roadmap du projet et groupes de développeurs en cours.
-2026-02-09 🎉 **PicoClaw est lancé !** Construit en 1 jour pour apporter les Agents IA au matériel à $10 avec <10 Mo de RAM. 🦐 PicoClaw, c'est parti !
+2026-02-09 🎉 **PicoClaw publié !** Construit en 1 jour pour apporter les Agents IA sur du matériel à $10 avec <10 Mo de RAM. Let's Go, PicoClaw !
+
## ✨ Fonctionnalités
-🪶 **Ultra-Léger** : Empreinte mémoire <10 Mo — 99% plus petit que les fonctionnalités essentielles d'OpenClaw.*
+🪶 **Ultra-léger** : Empreinte mémoire du cœur <10 Mo — 99% plus petit qu'OpenClaw.*
-💰 **Coût Minimal** : Suffisamment efficace pour fonctionner sur du matériel à $10 — 98% moins cher qu'un Mac mini.
+💰 **Coût minimal** : Suffisamment efficace pour fonctionner sur du matériel à $10 — 98% moins cher qu'un Mac mini.
-⚡️ **Démarrage Éclair** : Temps de démarrage 400X plus rapide, boot en <1 seconde même sur un cœur unique à 0,6 GHz.
+⚡️ **Démarrage ultra-rapide** : 400x plus rapide au démarrage. Démarre en <1s même sur un processeur monocœur à 0,6 GHz.
-🌍 **Véritable Portabilité** : Un seul binaire autonome pour RISC-V, ARM, MIPS et x86. Un clic et c'est parti !
+🌍 **Vraiment portable** : Binaire unique pour les architectures RISC-V, ARM, MIPS et x86. Un seul binaire, fonctionne partout !
-🤖 **Auto-Construit par l'IA** : Implémentation native en Go de manière autonome — 95% du cœur généré par l'Agent avec affinement humain dans la boucle.
+🤖 **Auto-amorcé par IA** : Implémentation native pure Go — 95% du code principal a été généré par un Agent et affiné via une révision humaine en boucle.
-🔌 **Support MCP** : Intégration native du [Model Context Protocol](https://modelcontextprotocol.io/) — connectez n'importe quel serveur MCP pour étendre les capacités de l'agent.
+🔌 **Support MCP** : Intégration native du [Model Context Protocol](https://modelcontextprotocol.io/) — connectez n'importe quel serveur MCP pour étendre les capacités de l'Agent.
-👁️ **Pipeline de Vision** : Envoyez des images et fichiers directement à l'agent — encodage base64 automatique pour les LLM multimodaux.
+👁️ **Pipeline vision** : Envoyez des images et des fichiers directement à l'Agent — encodage base64 automatique pour les LLMs multimodaux.
-🧠 **Routage Intelligent** : Routage de modèles basé sur des règles — les requêtes simples vont vers des modèles légers, économisant les coûts API.
+🧠 **Routage intelligent** : Routage de modèles basé sur des règles — les requêtes simples vont vers des modèles légers, économisant les coûts API.
-_*Les versions récentes peuvent utiliser 10–20 Mo en raison des fusions rapides de fonctionnalités. L'optimisation des ressources est prévue. La comparaison de démarrage est basée sur des benchmarks à cœur unique 0,8 GHz (voir tableau ci-dessous)._
+_*Les builds récents peuvent utiliser 10-20 Mo en raison des fusions rapides de PRs. L'optimisation des ressources est prévue. Comparaison de vitesse de démarrage basée sur des benchmarks monocœur à 0,8 GHz (voir tableau ci-dessous)._
-| | OpenClaw | NanoBot | **PicoClaw** |
-| ----------------------------- | ------------- | ------------------------ | ----------------------------------------- |
-| **Langage** | TypeScript | Python | **Go** |
-| **RAM** | >1 Go | >100 Mo | **< 10 Mo*** |
-| **Démarrage**(cœur 0,8 GHz) | >500s | >30s | **<1s** |
-| **Coût** | Mac Mini $599 | La plupart des SBC Linux ~$50 | **N'importe quelle carte Linux****À partir de $10** |
+
+
+| | OpenClaw | NanoBot | **PicoClaw** |
+| ------------------------------ | ------------- | ------------------------ | -------------------------------------- |
+| **Langage** | TypeScript | Python | **Go** |
+| **RAM** | >1 Go | >100 Mo | **< 10 Mo*** |
+| **Temps de démarrage**(cœur 0,8 GHz) | >500s | >30s | **<1s** |
+| **Coût** | Mac Mini $599 | La plupart des cartes Linux ~$50 | **N'importe quelle carte Linux****à partir de $10** |
-> 📋 **[Liste de Compatibilité Matérielle](docs/hardware-compatibility.md)** — Voir toutes les cartes testées, du RISC-V à $5 au Raspberry Pi en passant par les téléphones Android. Votre carte n'est pas listée ? Soumettez une PR !
+
+
+> **[Liste de compatibilité matérielle](docs/fr/hardware-compatibility.md)** — Voir toutes les cartes testées, du RISC-V à $5 au Raspberry Pi en passant par les téléphones Android. Votre carte n'est pas listée ? Soumettez une PR !
+
+
+
+
## 🦾 Démonstration
-### 🛠️ Flux de Travail Standard de l'Assistant
+### 🛠️ Flux de travail standard de l'assistant
-
-
🧩 Ingénieur Full-Stack
-
🗂️ Gestion des Logs & Planification
-
🔎 Recherche Web & Apprentissage
-
-
-
-
-
-
-
-
Développer • Déployer • Mettre à l'échelle
-
Planifier • Automatiser • Mémoriser
-
Découvrir • Analyser • Tendances
-
+
+
Mode Ingénieur Full-Stack
+
Journalisation & Planification
+
Recherche Web & Apprentissage
+
+
+
+
+
+
+
+
Développer · Déployer · Mettre à l'échelle
+
Planifier · Automatiser · Mémoriser
+
Découvrir · Analyser · Tendances
+
-### 📱 Utiliser sur d'anciens téléphones Android
-
-Donnez une seconde vie à votre téléphone d'il y a dix ans ! Transformez-le en assistant IA intelligent avec PicoClaw. Démarrage rapide :
-
-1. **Installez [Termux](https://github.com/termux/termux-app)** (Téléchargez depuis [GitHub Releases](https://github.com/termux/termux-app/releases), ou recherchez sur F-Droid / Google Play).
-2. **Exécutez les commandes**
-
-```bash
-# Téléchargez la dernière version depuis https://github.com/sipeed/picoclaw/releases
-wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz
-tar xzf picoclaw_Linux_arm64.tar.gz
-pkg install proot
-termux-chroot ./picoclaw onboard # chroot fournit une disposition standard du système de fichiers Linux
-```
-
-Puis suivez les instructions de la section « Démarrage Rapide » pour terminer la configuration !
-
-
-
-### 🐜 Déploiement Innovant à Faible Empreinte
+### 🐜 Déploiement innovant à faible empreinte
PicoClaw peut être déployé sur pratiquement n'importe quel appareil Linux !
-- 9,9$ [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) version E (Ethernet) ou W (WiFi6), pour un Assistant Domotique Minimaliste
-- 30~$50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), ou 100$ [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html) pour la Maintenance Automatisée de Serveurs
-- 50$ [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) ou 100$ [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera) pour la Surveillance Intelligente
+- $9,9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) édition E(Ethernet) ou W(WiFi6), pour un assistant domestique minimal
+- $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), ou $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html), pour des opérations serveur automatisées
+- $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) ou $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera), pour la surveillance intelligente
-🌟 Encore plus de scénarios de déploiement vous attendent !
+🌟 D'autres cas de déploiement vous attendent !
+
## 📦 Installation
### Télécharger depuis picoclaw.io (Recommandé)
-Visitez **[picoclaw.io](https://picoclaw.io)** — le site officiel détecte automatiquement votre plateforme et propose un téléchargement en un clic. Pas besoin de choisir manuellement une architecture.
+Visitez **[picoclaw.io](https://picoclaw.io)** — le site officiel détecte automatiquement votre plateforme et fournit un téléchargement en un clic. Pas besoin de choisir manuellement une architecture.
### Télécharger le binaire précompilé
@@ -178,80 +169,418 @@ git clone https://github.com/sipeed/picoclaw.git
cd picoclaw
make deps
-# Compiler, pas besoin d'installer
+# Compiler le binaire principal
make build
+# Compiler le Web UI Launcher (requis pour le mode WebUI)
+make build-launcher
+
# Compiler pour plusieurs plateformes
make build-all
-# Compiler pour Raspberry Pi Zero 2 W (32-bit : make build-linux-arm ; 64-bit : make build-linux-arm64)
+# Compiler pour Raspberry Pi Zero 2 W (32 bits : make build-linux-arm ; 64 bits : make build-linux-arm64)
make build-pi-zero
-# Compiler et Installer
+# Compiler et installer
make install
```
-**Raspberry Pi Zero 2 W :** Utilisez le binaire correspondant à votre OS : Raspberry Pi OS 32-bit → `make build-linux-arm` ; 64-bit → `make build-linux-arm64`. Ou exécutez `make build-pi-zero` pour compiler les deux.
+**Raspberry Pi Zero 2 W :** Utilisez le binaire correspondant à votre OS : Raspberry Pi OS 32 bits -> `make build-linux-arm` ; 64 bits -> `make build-linux-arm64`. Ou exécutez `make build-pi-zero` pour compiler les deux.
-## 📚 Documentation
+## 🚀 Guide de démarrage rapide
-Pour des guides détaillés, consultez la documentation ci-dessous. Ce README ne couvre que le démarrage rapide.
+### 🌐 WebUI Launcher (Recommandé pour le bureau)
-| Sujet | Description |
-|-------|-------------|
-| 🐳 [Docker & Démarrage Rapide](docs/fr/docker.md) | Configuration Docker Compose, modes Launcher/Agent, configuration rapide |
-| 💬 [Applications de Chat](docs/fr/chat-apps.md) | Telegram, Discord, WhatsApp, Matrix, QQ, Slack, IRC, DingTalk, LINE, Feishu, WeCom, et plus |
-| ⚙️ [Configuration](docs/fr/configuration.md) | Variables d'environnement, structure du workspace, sources de compétences, bac à sable de sécurité, heartbeat |
-| 🔌 [Fournisseurs & Modèles](docs/fr/providers.md) | 20+ fournisseurs LLM, routage de modèles, configuration model_list, architecture des fournisseurs |
-| 🔄 [Spawn & Tâches Asynchrones](docs/fr/spawn-tasks.md) | Tâches rapides, tâches longues avec spawn, orchestration asynchrone de sous-agents |
-| 🐛 [Dépannage](docs/fr/troubleshooting.md) | Problèmes courants et solutions |
-| 🔧 [Configuration des Outils](docs/fr/tools_configuration.md) | Activation/désactivation par outil, politiques exec |
-| 📋 [Compatibilité Matérielle](docs/hardware-compatibility.md) | Cartes testées, exigences minimales, comment ajouter votre carte |
+Le WebUI Launcher fournit une interface basée sur navigateur pour la configuration et le chat. C'est la façon la plus simple de démarrer — aucune connaissance de la ligne de commande requise.
-## Rejoignez le Réseau Social d'Agents
+**Option 1 : Double-clic (Bureau)**
-Connectez PicoClaw au Réseau Social d'Agents simplement en envoyant un seul message via le CLI ou n'importe quelle application de chat intégrée.
+Après téléchargement depuis [picoclaw.io](https://picoclaw.io), double-cliquez sur `picoclaw-launcher` (ou `picoclaw-launcher.exe` sous Windows). Votre navigateur s'ouvrira automatiquement sur `http://localhost:18800`.
+
+**Option 2 : Ligne de commande**
+
+```bash
+picoclaw-launcher
+# Ouvrez http://localhost:18800 dans votre navigateur
+```
+
+> [!TIP]
+> **Accès distant / Docker / VM :** Ajoutez le flag `-public` pour écouter sur toutes les interfaces :
+> ```bash
+> picoclaw-launcher -public
+> ```
+
+
+
+
+
+**Pour commencer :**
+
+Ouvrez le WebUI, puis : **1)** Configurez un Provider (ajoutez votre clé API LLM) -> **2)** Configurez un Channel (ex. Telegram) -> **3)** Démarrez le Gateway -> **4)** Chattez !
+
+Pour la documentation détaillée du WebUI, voir [docs.picoclaw.io](https://docs.picoclaw.io).
+
+
+Docker (alternative)
+
+```bash
+# 1. Cloner ce dépôt
+git clone https://github.com/sipeed/picoclaw.git
+cd picoclaw
+
+# 2. Premier lancement — génère automatiquement docker/data/config.json puis s'arrête
+# (se déclenche uniquement quand config.json et workspace/ sont tous deux absents)
+docker compose -f docker/docker-compose.yml --profile launcher up
+# Le conteneur affiche "First-run setup complete." et s'arrête.
+
+# 3. Définir vos clés API
+vim docker/data/config.json
+
+# 4. Démarrer
+docker compose -f docker/docker-compose.yml --profile launcher up -d
+# Ouvrez http://localhost:18800
+```
+
+> **Utilisateurs Docker / VM :** Le Gateway écoute sur `127.0.0.1` par défaut. Définissez `PICOCLAW_GATEWAY_HOST=0.0.0.0` ou utilisez le flag `-public` pour le rendre accessible depuis l'hôte.
+
+```bash
+# Vérifier les logs
+docker compose -f docker/docker-compose.yml logs -f
+
+# Arrêter
+docker compose -f docker/docker-compose.yml --profile launcher down
+
+# Mettre à jour
+docker compose -f docker/docker-compose.yml pull
+docker compose -f docker/docker-compose.yml --profile launcher up -d
+```
+
+
+
+### 💻 TUI Launcher (Recommandé pour les environnements sans interface / SSH)
+
+Le TUI (Terminal UI) Launcher fournit une interface terminal complète pour la configuration et la gestion. Idéal pour les serveurs, Raspberry Pi et autres environnements sans interface graphique.
+
+```bash
+picoclaw-launcher-tui
+```
+
+
+
+
+
+**Pour commencer :**
+
+Utilisez les menus TUI pour : **1)** Configurer un Provider -> **2)** Configurer un Channel -> **3)** Démarrer le Gateway -> **4)** Chattez !
+
+Pour la documentation détaillée du TUI, voir [docs.picoclaw.io](https://docs.picoclaw.io).
+
+### 📱 Android
+
+Donnez une seconde vie à votre téléphone vieux de dix ans ! Transformez-le en assistant IA intelligent avec PicoClaw.
+
+**Option 1 : Termux (disponible maintenant)**
+
+1. Installez [Termux](https://github.com/termux/termux-app) (téléchargez depuis [GitHub Releases](https://github.com/termux/termux-app/releases), ou cherchez dans F-Droid / Google Play)
+2. Exécutez les commandes suivantes :
+
+```bash
+# Télécharger la dernière version
+wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz
+tar xzf picoclaw_Linux_arm64.tar.gz
+pkg install proot
+termux-chroot ./picoclaw onboard # chroot fournit une arborescence Linux standard
+```
+
+Suivez ensuite la section Terminal Launcher ci-dessous pour terminer la configuration.
+
+
+
+**Option 2 : Installation APK (bientôt disponible)**
+
+Un APK Android autonome avec WebUI intégré est en développement. Restez à l'écoute !
+
+
+Terminal Launcher (pour les environnements à ressources limitées)
+
+Pour les environnements minimaux où seul le binaire principal `picoclaw` est disponible (sans Launcher UI), vous pouvez tout configurer via la ligne de commande et un fichier de configuration JSON.
+
+**1. Initialiser**
+
+```bash
+picoclaw onboard
+```
+
+Cela crée `~/.picoclaw/config.json` et le répertoire workspace.
+
+**2. Configurer** (`~/.picoclaw/config.json`)
+
+```json
+{
+ "agents": {
+ "defaults": {
+ "model_name": "gpt-5.4"
+ }
+ },
+ "model_list": [
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_key": "sk-your-api-key"
+ }
+ ]
+}
+```
+
+> Voir `config/config.example.json` dans le dépôt pour un modèle de configuration complet avec toutes les options disponibles.
+
+**3. Chatter**
+
+```bash
+# Question ponctuelle
+picoclaw agent -m "What is 2+2?"
+
+# Mode interactif
+picoclaw agent
+
+# Démarrer le gateway pour l'intégration d'applications de chat
+picoclaw gateway
+```
+
+
+
+
+## 🔌 Providers (LLM)
+
+PicoClaw supporte plus de 30 providers LLM via la configuration `model_list`. Utilisez le format `protocole/modèle` :
+
+| Provider | Protocole | Clé API | Notes |
+|----------|-----------|---------|-------|
+| [OpenAI](https://platform.openai.com/api-keys) | `openai/` | Requise | GPT-5.4, GPT-4o, o3, etc. |
+| [Anthropic](https://console.anthropic.com/settings/keys) | `anthropic/` | Requise | Claude Opus 4.6, Sonnet 4.6, etc. |
+| [Google Gemini](https://aistudio.google.com/apikey) | `gemini/` | Requise | Gemini 3 Flash, 2.5 Pro, etc. |
+| [OpenRouter](https://openrouter.ai/keys) | `openrouter/` | Requise | 200+ modèles, API unifiée |
+| [Zhipu (GLM)](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | `zhipu/` | Requise | GLM-4.7, GLM-5, etc. |
+| [DeepSeek](https://platform.deepseek.com/api_keys) | `deepseek/` | Requise | DeepSeek-V3, DeepSeek-R1 |
+| [Volcengine](https://console.volcengine.com) | `volcengine/` | Requise | Modèles Doubao, Ark |
+| [Qwen](https://dashscope.console.aliyun.com/apiKey) | `qwen/` | Requise | Qwen3, Qwen-Max, etc. |
+| [Groq](https://console.groq.com/keys) | `groq/` | Requise | Inférence rapide (Llama, Mixtral) |
+| [Moonshot (Kimi)](https://platform.moonshot.cn/console/api-keys) | `moonshot/` | Requise | Modèles Kimi |
+| [Minimax](https://platform.minimaxi.com/user-center/basic-information/interface-key) | `minimax/` | Requise | Modèles MiniMax |
+| [Mistral](https://console.mistral.ai/api-keys) | `mistral/` | Requise | Mistral Large, Codestral |
+| [NVIDIA NIM](https://build.nvidia.com/) | `nvidia/` | Requise | Modèles hébergés NVIDIA |
+| [Cerebras](https://cloud.cerebras.ai/) | `cerebras/` | Requise | Inférence rapide |
+| [Novita AI](https://novita.ai/) | `novita/` | Requise | Divers modèles open |
+| [Ollama](https://ollama.com/) | `ollama/` | Non requise | Modèles locaux, auto-hébergé |
+| [vLLM](https://docs.vllm.ai/) | `vllm/` | Non requise | Déploiement local, compatible OpenAI |
+| [LiteLLM](https://docs.litellm.ai/) | `litellm/` | Variable | Proxy pour 100+ providers |
+| [Azure OpenAI](https://portal.azure.com/) | `azure/` | Requise | Déploiement Azure entreprise |
+| [GitHub Copilot](https://github.com/features/copilot) | `github-copilot/` | OAuth | Connexion par code appareil |
+| [Antigravity](https://console.cloud.google.com/) | `antigravity/` | OAuth | Google Cloud AI |
+
+
+Déploiement local (Ollama, vLLM, etc.)
+
+**Ollama :**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "local-llama",
+ "model": "ollama/llama3.1:8b",
+ "api_base": "http://localhost:11434/v1"
+ }
+ ]
+}
+```
+
+**vLLM :**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "local-vllm",
+ "model": "vllm/your-model",
+ "api_base": "http://localhost:8000/v1"
+ }
+ ]
+}
+```
+
+Pour les détails complets de configuration des providers, voir [Providers & Models](docs/fr/providers.md).
+
+
+
+## 💬 Channels (Applications de chat)
+
+Parlez à votre PicoClaw via plus de 17 plateformes de messagerie :
+
+| Channel | Configuration | Protocole | Docs |
+|---------|---------------|-----------|------|
+| **Telegram** | Facile (token bot) | Long polling | [Guide](docs/channels/telegram/README.fr.md) |
+| **Discord** | Facile (token bot + intents) | WebSocket | [Guide](docs/channels/discord/README.fr.md) |
+| **WhatsApp** | Facile (scan QR ou URL bridge) | Natif / Bridge | [Guide](docs/fr/chat-apps.md#whatsapp) |
+| **Weixin** | Facile (scan QR natif) | iLink API | [Guide](docs/fr/chat-apps.md#weixin) |
+| **QQ** | Facile (AppID + AppSecret) | WebSocket | [Guide](docs/channels/qq/README.fr.md) |
+| **Slack** | Facile (token bot + app) | Socket Mode | [Guide](docs/channels/slack/README.fr.md) |
+| **Matrix** | Moyen (homeserver + token) | Sync API | [Guide](docs/channels/matrix/README.fr.md) |
+| **DingTalk** | Moyen (identifiants client) | Stream | [Guide](docs/channels/dingtalk/README.fr.md) |
+| **Feishu / Lark** | Moyen (App ID + Secret) | WebSocket/SDK | [Guide](docs/channels/feishu/README.fr.md) |
+| **LINE** | Moyen (identifiants + webhook) | Webhook | [Guide](docs/channels/line/README.fr.md) |
+| **WeCom Bot** | Moyen (URL webhook) | Webhook | [Guide](docs/channels/wecom/wecom_bot/README.fr.md) |
+| **WeCom App** | Moyen (identifiants corp) | Webhook | [Guide](docs/channels/wecom/wecom_app/README.fr.md) |
+| **WeCom AI Bot** | Moyen (token + clé AES) | WebSocket / Webhook | [Guide](docs/channels/wecom/wecom_aibot/README.fr.md) |
+| **IRC** | Moyen (serveur + pseudo) | Protocole IRC | [Guide](docs/fr/chat-apps.md#irc) |
+| **OneBot** | Moyen (URL WebSocket) | OneBot v11 | [Guide](docs/channels/onebot/README.fr.md) |
+| **MaixCam** | Facile (activer) | Socket TCP | [Guide](docs/channels/maixcam/README.fr.md) |
+| **Pico** | Facile (activer) | Protocole natif | Intégré |
+| **Pico Client** | Facile (URL WebSocket) | WebSocket | Intégré |
+
+> Tous les channels basés sur webhook partagent un seul serveur HTTP Gateway (`gateway.host`:`gateway.port`, par défaut `127.0.0.1:18790`). Feishu utilise le mode WebSocket/SDK et n'utilise pas le serveur HTTP partagé.
+
+Pour les instructions détaillées de configuration des channels, voir [Configuration des applications de chat](docs/fr/chat-apps.md).
+
+## 🔧 Outils
+
+### 🔍 Recherche Web
+
+PicoClaw peut effectuer des recherches sur le web pour fournir des informations à jour. Configurez dans `tools.web` :
+
+| Moteur de recherche | Clé API | Niveau gratuit | Lien |
+|--------------------|---------|----------------|------|
+| DuckDuckGo | Non requise | Illimité | Fallback intégré |
+| [Baidu Search](https://cloud.baidu.com/doc/qianfan-api/s/Wmbq4z7e5) | Requise | 1000 requêtes/jour | IA, optimisé pour le chinois |
+| [Tavily](https://tavily.com) | Requise | 1000 requêtes/mois | Optimisé pour les Agents IA |
+| [Brave Search](https://brave.com/search/api) | Requise | 2000 requêtes/mois | Rapide et privé |
+| [Perplexity](https://www.perplexity.ai) | Requise | Payant | Recherche propulsée par IA |
+| [SearXNG](https://github.com/searxng/searxng) | Non requise | Auto-hébergé | Métamoteur de recherche gratuit |
+| [GLM Search](https://open.bigmodel.cn/) | Requise | Variable | Recherche web Zhipu |
+
+### ⚙️ Autres outils
+
+PicoClaw inclut des outils intégrés pour les opérations sur fichiers, l'exécution de code, la planification et plus encore. Voir [Configuration des outils](docs/fr/tools_configuration.md) pour les détails.
+
+## 🎯 Skills
+
+Les Skills sont des capacités modulaires qui étendent votre Agent. Elles sont chargées depuis les fichiers `SKILL.md` dans votre workspace.
+
+**Installer des Skills depuis ClawHub :**
+
+```bash
+picoclaw skills search "web scraping"
+picoclaw skills install
+```
+
+**Configurer le token ClawHub** (optionnel, pour des limites de débit plus élevées) :
+
+Ajoutez à votre `config.json` :
+```json
+{
+ "tools": {
+ "skills": {
+ "registries": {
+ "clawhub": {
+ "auth_token": "your-clawhub-token"
+ }
+ }
+ }
+ }
+}
+```
+
+Pour plus de détails, voir [Configuration des outils - Skills](docs/fr/tools_configuration.md#skills-tool).
+
+## 🔗 MCP (Model Context Protocol)
+
+PicoClaw supporte nativement [MCP](https://modelcontextprotocol.io/) — connectez n'importe quel serveur MCP pour étendre les capacités de votre Agent avec des outils et sources de données externes.
+
+```json
+{
+ "tools": {
+ "mcp": {
+ "enabled": true,
+ "servers": {
+ "filesystem": {
+ "enabled": true,
+ "command": "npx",
+ "args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"]
+ }
+ }
+ }
+ }
+}
+```
+
+Pour la configuration MCP complète (transports stdio, SSE, HTTP, Tool Discovery), voir [Configuration des outils - MCP](docs/fr/tools_configuration.md#mcp-tool).
+
+## Rejoignez le réseau social des Agents
+
+Connectez PicoClaw au réseau social des Agents simplement en envoyant un seul message via le CLI ou n'importe quelle application de chat intégrée.
**Lisez `https://clawdchat.ai/skill.md` et suivez les instructions pour rejoindre [ClawdChat.ai](https://clawdchat.ai)**
## 🖥️ Référence CLI
-| Commande | Description |
-| ------------------------- | ---------------------------------- |
-| `picoclaw onboard` | Initialiser la config & le workspace |
-| `picoclaw agent -m "..."` | Discuter avec l'agent |
-| `picoclaw agent` | Mode chat interactif |
-| `picoclaw gateway` | Démarrer le gateway |
-| `picoclaw status` | Afficher le statut |
-| `picoclaw version` | Afficher les infos de version |
-| `picoclaw cron list` | Lister les tâches planifiées |
-| `picoclaw cron add ...` | Ajouter une tâche planifiée |
-| `picoclaw cron disable` | Désactiver une tâche planifiée |
-| `picoclaw cron remove` | Supprimer une tâche planifiée |
-| `picoclaw skills list` | Lister les compétences installées |
-| `picoclaw skills install` | Installer une compétence |
-| `picoclaw migrate` | Migrer les données des anciennes versions |
-| `picoclaw auth login` | S'authentifier auprès des fournisseurs |
-| `picoclaw model` | Voir ou changer le modèle par défaut |
+| Commande | Description |
+| ------------------------- | ---------------------------------------- |
+| `picoclaw onboard` | Initialiser la config & le workspace |
+| `picoclaw onboard weixin` | Connecter un compte WeChat via QR |
+| `picoclaw agent -m "..."` | Chatter avec l'agent |
+| `picoclaw agent` | Mode chat interactif |
+| `picoclaw gateway` | Démarrer le gateway |
+| `picoclaw status` | Afficher le statut |
+| `picoclaw version` | Afficher les informations de version |
+| `picoclaw model` | Voir ou changer le modèle par défaut |
+| `picoclaw cron list` | Lister toutes les tâches planifiées |
+| `picoclaw cron add ...` | Ajouter une tâche planifiée |
+| `picoclaw cron disable` | Désactiver une tâche planifiée |
+| `picoclaw cron remove` | Supprimer une tâche planifiée |
+| `picoclaw skills list` | Lister les Skills installées |
+| `picoclaw skills install` | Installer une Skill |
+| `picoclaw migrate` | Migrer les données depuis d'anciennes versions |
+| `picoclaw auth login` | S'authentifier auprès des providers |
-### Tâches Planifiées / Rappels
+### ⏰ Tâches planifiées / Rappels
-PicoClaw prend en charge les rappels planifiés et les tâches récurrentes via l'outil `cron` :
+PicoClaw supporte les rappels planifiés et les tâches récurrentes via l'outil `cron` :
-* **Rappels ponctuels** : « Rappelle-moi dans 10 minutes » → se déclenche une fois après 10 min
-* **Tâches récurrentes** : « Rappelle-moi toutes les 2 heures » → se déclenche toutes les 2 heures
-* **Expressions cron** : « Rappelle-moi à 9h chaque jour » → utilise une expression cron
+* **Rappels ponctuels** : "Rappelle-moi dans 10 minutes" -> se déclenche une fois après 10 min
+* **Tâches récurrentes** : "Rappelle-moi toutes les 2 heures" -> se déclenche toutes les 2 heures
+* **Expressions cron** : "Rappelle-moi à 9h chaque jour" -> utilise une expression cron
-## 🤝 Contribuer & Feuille de Route
+## 📚 Documentation
-Les PR sont les bienvenues ! Le code est intentionnellement petit et lisible. 🤗
+Pour des guides détaillés au-delà de ce README :
-Consultez notre [Feuille de Route Communautaire](https://github.com/sipeed/picoclaw/blob/main/ROADMAP.md) complète.
+| Sujet | Description |
+|-------|-------------|
+| [Docker & Démarrage rapide](docs/fr/docker.md) | Configuration Docker Compose, modes Launcher/Agent |
+| [Applications de chat](docs/fr/chat-apps.md) | Guides de configuration pour les 17+ channels |
+| [Configuration](docs/fr/configuration.md) | Variables d'environnement, structure du workspace, sandbox de sécurité |
+| [Providers & Modèles](docs/fr/providers.md) | 30+ providers LLM, routage de modèles, configuration model_list |
+| [Spawn & Tâches asynchrones](docs/fr/spawn-tasks.md) | Tâches rapides, tâches longues avec spawn, orchestration de sous-agents asynchrones |
+| [Hooks](docs/hooks/README.md) | Système de hooks événementiels : observateurs, intercepteurs, hooks d'approbation |
+| [Steering](docs/steering.md) | Injecter des messages dans une boucle agent en cours d'exécution |
+| [SubTurn](docs/subturn.md) | Coordination de subagents, contrôle de concurrence, cycle de vie |
+| [Dépannage](docs/fr/troubleshooting.md) | Problèmes courants et solutions |
+| [Configuration des outils](docs/fr/tools_configuration.md) | Activation/désactivation par outil, politiques d'exécution, MCP, Skills |
+| [Compatibilité matérielle](docs/fr/hardware-compatibility.md) | Cartes testées, exigences minimales |
-Groupe de développeurs en construction, rejoignez-nous après votre première PR fusionnée !
+## 🤝 Contribuer & Roadmap
+
+Les PRs sont les bienvenues ! Le code source est intentionnellement petit et lisible.
+
+Consultez notre [Roadmap communautaire](https://github.com/sipeed/picoclaw/issues/988) et [CONTRIBUTING.md](CONTRIBUTING.md) pour les directives.
+
+Groupe de développeurs en construction, rejoignez-le après votre première PR fusionnée !
Groupes d'utilisateurs :
-discord :
+Discord :
+
+WeChat :
+
+
+
+
-
diff --git a/README.id.md b/README.id.md
index 3f462981c..6b7025ffd 100644
--- a/README.id.md
+++ b/README.id.md
@@ -1,9 +1,9 @@
-
+
-
PicoClaw: Asisten AI Super Ringan berbasis Go
+
PicoClaw: Asisten AI Super Ringan berbasis Go
-
Perangkat Keras $10 · RAM <10MB · Boot <1 Detik · Ayo, Berangkat!
+
Perangkat Keras $10 · RAM 10MB · Boot ms · Let's Go, PicoClaw!
@@ -24,135 +24,125 @@
---
-> **PicoClaw** adalah proyek open-source independen yang diinisiasi oleh [Sipeed](https://sipeed.com). Ditulis sepenuhnya dalam **Go** — bukan fork dari OpenClaw, NanoBot, atau proyek lainnya.
+> **PicoClaw** adalah proyek open-source independen yang diinisiasi oleh [Sipeed](https://sipeed.com), ditulis sepenuhnya dalam **Go** — bukan fork dari OpenClaw, NanoBot, atau proyek lainnya.
-🦐 PicoClaw adalah asisten AI pribadi yang super ringan, terinspirasi dari [NanoBot](https://github.com/HKUDS/nanobot), ditulis ulang sepenuhnya dalam Go melalui proses "self-bootstrapping" — di mana AI Agent itu sendiri yang memandu seluruh migrasi arsitektur dan optimasi kode.
+**PicoClaw** adalah asisten AI pribadi yang super ringan, terinspirasi dari [NanoBot](https://github.com/HKUDS/nanobot). Dibangun ulang dari awal dalam **Go** melalui proses "self-bootstrapping" — AI Agent itu sendiri yang memandu migrasi arsitektur dan optimasi kode.
-⚡️ Berjalan di perangkat keras $10 dengan RAM <10MB: Hemat 99% memori dibanding OpenClaw dan 98% lebih murah dibanding Mac mini!
+**Berjalan di perangkat keras $10 dengan RAM <10MB** — hemat 99% memori dibanding OpenClaw dan 98% lebih murah dari Mac mini!
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
> [!CAUTION]
-> **🚨 KEAMANAN & SALURAN RESMI**
->
-> * **TANPA KRIPTO:** PicoClaw **TIDAK** memiliki token/koin resmi. Semua klaim di `pump.fun` atau platform trading lainnya adalah **PENIPUAN**.
+> **Peringatan Keamanan**
>
+> * **TANPA KRIPTO:** PicoClaw **tidak** menerbitkan token atau cryptocurrency resmi apa pun. Semua klaim di `pump.fun` atau platform trading lainnya adalah **penipuan**.
> * **DOMAIN RESMI:** Satu-satunya website resmi adalah **[picoclaw.io](https://picoclaw.io)**, dan website perusahaan adalah **[sipeed.com](https://sipeed.com)**
-> * **Peringatan:** Banyak domain `.ai/.org/.com/.net/...` yang didaftarkan oleh pihak ketiga.
-> * **Peringatan:** PicoClaw masih dalam tahap pengembangan awal dan mungkin memiliki masalah keamanan jaringan yang belum teratasi. Jangan deploy ke lingkungan produksi sebelum rilis v1.0.
-> * **Catatan:** PicoClaw baru-baru ini menggabungkan banyak PR, yang mungkin mengakibatkan penggunaan memori lebih besar (10–20MB) pada versi terbaru. Kami berencana untuk memprioritaskan optimasi sumber daya segera setelah fitur saat ini mencapai kondisi stabil.
+> * **WASPADA:** Banyak domain `.ai/.org/.com/.net/...` telah didaftarkan oleh pihak ketiga. Jangan percaya mereka.
+> * **CATATAN:** PicoClaw masih dalam tahap pengembangan awal yang cepat. Mungkin ada masalah keamanan yang belum terselesaikan. Jangan deploy ke produksi sebelum v1.0.
+> * **CATATAN:** PicoClaw baru-baru ini menggabungkan banyak PR. Build terbaru mungkin menggunakan RAM 10-20MB. Optimasi sumber daya direncanakan setelah fitur stabil.
## 📢 Berita
-2026-03-17 🚀 **v0.2.3 Dirilis!** UI system tray (Windows & Linux), pelacakan status sub-agent (`spawn_status`), eksperimental gateway hot-reload, gerbang keamanan cron, dan 2 perbaikan keamanan. PicoClaw kini di **25K ⭐**!
+2026-03-17 🚀 **v0.2.3 Dirilis!** UI system tray (Windows & Linux), pelacakan status sub-agent (`spawn_status`), eksperimental Gateway hot-reload, gerbang keamanan Cron, dan 2 perbaikan keamanan. PicoClaw telah mencapai **25K Stars**!
-2026-03-09 🎉 **v0.2.1 — Update terbesar!** Dukungan protokol MCP, 4 channel baru (Matrix/IRC/WeCom/Discord Proxy), 3 provider baru (Kimi/Minimax/Avian), pipeline vision, penyimpanan memori JSONL, dan routing model.
+2026-03-09 🎉 **v0.2.1 — Update terbesar sejauh ini!** Dukungan protokol MCP, 4 channel baru (Matrix/IRC/WeCom/Discord Proxy), 3 provider baru (Kimi/Minimax/Avian), pipeline vision, penyimpanan memori JSONL, routing model.
-2026-02-28 📦 **v0.2.0** dirilis dengan dukungan Docker Compose dan launcher Web UI.
+2026-02-28 📦 **v0.2.0** dirilis dengan dukungan Docker Compose dan Web UI Launcher.
-2026-02-26 🎉 PicoClaw mencapai **20K bintang** hanya dalam 17 hari! Orkestrasi channel otomatis dan antarmuka kapabilitas diluncurkan.
+2026-02-26 🎉 PicoClaw mencapai **20K Stars** hanya dalam 17 hari! Orkestrasi channel otomatis dan antarmuka kapabilitas kini aktif.
-Berita lama...
+Berita sebelumnya...
-2026-02-16 🎉 PicoClaw mencapai 12K bintang dalam satu minggu! Peran maintainer komunitas dan [roadmap](ROADMAP.md) resmi diposting.
+2026-02-16 🎉 PicoClaw menembus 12K Stars dalam satu minggu! Peran maintainer komunitas dan [Roadmap](ROADMAP.md) resmi diluncurkan.
-2026-02-13 🎉 PicoClaw mencapai 5000 bintang dalam 4 hari! Roadmap Proyek dan pengaturan Grup Pengembang sedang berjalan.
+2026-02-13 🎉 PicoClaw menembus 5000 Stars dalam 4 hari! Roadmap proyek dan grup pengembang sedang dalam proses.
-2026-02-09 🎉 **PicoClaw Diluncurkan!** Dibangun dalam 1 hari untuk menghadirkan AI Agent ke perangkat keras $10 dengan RAM <10MB. 🦐 PicoClaw, Ayo Berangkat!
+2026-02-09 🎉 **PicoClaw Diluncurkan!** Dibangun dalam 1 hari untuk menghadirkan AI Agent ke perangkat keras $10 dengan RAM <10MB. Let's Go, PicoClaw!
## ✨ Fitur
-🪶 **Super Ringan**: Penggunaan memori <10MB — 99% lebih kecil dari fungsionalitas inti OpenClaw.*
+🪶 **Super Ringan**: Penggunaan memori inti <10MB — 99% lebih kecil dari OpenClaw.*
💰 **Biaya Minimal**: Cukup efisien untuk berjalan di perangkat keras $10 — 98% lebih murah dari Mac mini.
-⚡️ **Secepat Kilat**: Waktu startup 400X lebih cepat, boot dalam <1 detik bahkan di prosesor single core 0,6GHz.
+⚡️ **Boot Secepat Kilat**: Startup 400x lebih cepat. Boot dalam <1 detik bahkan di prosesor single-core 0,6GHz.
-🌍 **Portabilitas Sejati**: Satu binary mandiri untuk RISC-V, ARM, MIPS, dan x86, Satu Klik Langsung Jalan!
+🌍 **Portabilitas Sejati**: Satu binary untuk RISC-V, ARM, MIPS, dan x86. Satu binary, jalan di mana saja!
-🤖 **AI-Bootstrapped**: Implementasi Go-native secara otonom — 95% kode inti dihasilkan oleh Agent dengan penyempurnaan human-in-the-loop.
+🤖 **AI-Bootstrapped**: Implementasi Go native murni — 95% kode inti dihasilkan oleh Agent dengan penyempurnaan human-in-the-loop.
-🔌 **Dukungan MCP**: Integrasi [Model Context Protocol](https://modelcontextprotocol.io/) native — hubungkan server MCP mana pun untuk memperluas kapabilitas agent.
+🔌 **Dukungan MCP**: Integrasi [Model Context Protocol](https://modelcontextprotocol.io/) native — hubungkan server MCP mana pun untuk memperluas kapabilitas Agent.
-👁️ **Pipeline Vision**: Kirim gambar dan file langsung ke agent — encoding base64 otomatis untuk LLM multimodal.
+👁️ **Pipeline Vision**: Kirim gambar dan file langsung ke Agent — encoding base64 otomatis untuk LLM multimodal.
🧠 **Routing Cerdas**: Routing model berbasis aturan — kueri sederhana diarahkan ke model ringan, menghemat biaya API.
-_*Versi terbaru mungkin menggunakan 10–20MB karena penggabungan fitur yang cepat. Optimasi sumber daya direncanakan. Perbandingan startup berdasarkan benchmark prosesor single-core 0,8GHz (lihat tabel di bawah)._
+_*Build terbaru mungkin menggunakan 10-20MB karena penggabungan PR yang cepat. Optimasi sumber daya direncanakan. Perbandingan kecepatan boot berdasarkan benchmark single-core 0,8GHz (lihat tabel di bawah)._
-| | OpenClaw | NanoBot | **PicoClaw** |
-| ----------------------------- | ------------- | ------------------------ | ----------------------------------------- |
-| **Bahasa** | TypeScript | Python | **Go** |
-| **RAM** | >1GB | >100MB | **< 10MB*** |
-| **Startup**(0,8GHz core) | >500d | >30d | **<1d** |
-| **Biaya** | Mac Mini $599 | Kebanyakan Linux SBC ~$50 | **Semua Board Linux****Mulai dari $10** |
+
+
+> **[Daftar Kompatibilitas Hardware](docs/hardware-compatibility.md)** — Lihat semua board yang telah diuji, dari RISC-V $5 hingga Raspberry Pi hingga ponsel Android. Board Anda belum terdaftar? Kirim PR!
+
+
+
+
+
## 🦾 Demonstrasi
### 🛠️ Alur Kerja Asisten Standar
-
-
🧩 Full-Stack Engineer
-
🗂️ Pencatatan & Manajemen Perencanaan
-
🔎 Pencarian Web & Pembelajaran
-
-
-
-
-
-
-
-
Develop • Deploy • Scale
-
Jadwal • Otomasi • Memori
-
Penemuan • Wawasan • Tren
-
+
+
Mode Full-Stack Engineer
+
Pencatatan & Perencanaan
+
Pencarian Web & Pembelajaran
+
+
+
+
+
+
+
+
Develop · Deploy · Scale
+
Jadwal · Otomasi · Ingat
+
Temukan · Wawasan · Tren
+
-### 📱 Jalankan di HP Android Lama
-
-Berikan kehidupan kedua untuk HP lama Anda! Ubah menjadi Asisten AI pintar dengan PicoClaw. Panduan Cepat:
-
-1. **Instal [Termux](https://github.com/termux/termux-app)** (Unduh dari [GitHub Releases](https://github.com/termux/termux-app/releases), atau cari di F-Droid / Google Play).
-2. **Jalankan perintah**
-
-```bash
-# Unduh rilis terbaru dari https://github.com/sipeed/picoclaw/releases
-wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz
-tar xzf picoclaw_Linux_arm64.tar.gz
-pkg install proot
-termux-chroot ./picoclaw onboard
-```
-
-Kemudian ikuti instruksi di bagian "Panduan Cepat" untuk menyelesaikan konfigurasi!
-
-
-
### 🐜 Deploy Inovatif dengan Footprint Rendah
PicoClaw dapat di-deploy di hampir semua perangkat Linux!
-- $9,9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) versi E(Ethernet) atau W(WiFi6), untuk Home Assistant Minimal
-- $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), atau $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html) untuk Pemeliharaan Server Otomatis
-- $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) atau $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera) untuk Pemantauan Cerdas
+- $9,9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) versi E(Ethernet) atau W(WiFi6), untuk home assistant minimal
+- $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), atau $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html), untuk operasi server otomatis
+- $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) atau $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera), untuk pengawasan cerdas
@@ -160,11 +150,15 @@ PicoClaw dapat di-deploy di hampir semua perangkat Linux!
## 📦 Instalasi
-### Instal dengan binary yang sudah dikompilasi
+### Unduh dari picoclaw.io (Direkomendasikan)
-Unduh binary untuk platform Anda dari halaman [Releases](https://github.com/sipeed/picoclaw/releases).
+Kunjungi **[picoclaw.io](https://picoclaw.io)** — website resmi mendeteksi platform Anda secara otomatis dan menyediakan unduhan satu klik. Tidak perlu memilih arsitektur secara manual.
-### Instal dari source (fitur terbaru, disarankan untuk pengembangan)
+### Unduh binary yang sudah dikompilasi
+
+Atau, unduh binary untuk platform Anda dari halaman [GitHub Releases](https://github.com/sipeed/picoclaw/releases).
+
+### Build dari source (untuk pengembangan)
```bash
git clone https://github.com/sipeed/picoclaw.git
@@ -172,78 +166,414 @@ git clone https://github.com/sipeed/picoclaw.git
cd picoclaw
make deps
-# Build, tidak perlu instal
+# Build binary inti
make build
+# Build Web UI Launcher (diperlukan untuk mode WebUI)
+make build-launcher
+
# Build untuk berbagai platform
make build-all
# Build untuk Raspberry Pi Zero 2 W (32-bit: make build-linux-arm; 64-bit: make build-linux-arm64)
make build-pi-zero
-# Build dan Instal
+# Build dan instal
make install
```
-**Raspberry Pi Zero 2 W:** Gunakan binary yang sesuai dengan OS Anda: Raspberry Pi OS 32-bit → `make build-linux-arm`; 64-bit → `make build-linux-arm64`. Atau jalankan `make build-pi-zero` untuk build keduanya.
+**Raspberry Pi Zero 2 W:** Gunakan binary yang sesuai dengan OS Anda: Raspberry Pi OS 32-bit -> `make build-linux-arm`; 64-bit -> `make build-linux-arm64`. Atau jalankan `make build-pi-zero` untuk build keduanya.
-## 📚 Dokumentasi
+## 🚀 Panduan Memulai Cepat
-Untuk panduan lengkap, lihat dokumen di bawah. README ini hanya berisi panduan cepat.
+### 🌐 WebUI Launcher (Direkomendasikan untuk Desktop)
-| Topik | Deskripsi |
-|-------|-----------|
-| 🐳 [Docker & Panduan Cepat](docs/docker.md) | Pengaturan Docker Compose, mode Launcher/Agent, konfigurasi Panduan Cepat |
-| 💬 [Aplikasi Chat](docs/chat-apps.md) | Telegram, Discord, WhatsApp, Matrix, QQ, Slack, IRC, DingTalk, LINE, Feishu, WeCom, dan lainnya |
-| ⚙️ [Konfigurasi](docs/configuration.md) | Variabel environment, tata letak workspace, sumber skill, sandbox keamanan, heartbeat |
-| 🔌 [Provider & Model](docs/providers.md) | 20+ provider LLM, routing model, konfigurasi model_list, arsitektur provider |
-| 🔄 [Spawn & Tugas Async](docs/spawn-tasks.md) | Tugas cepat, tugas panjang dengan spawn, orkestrasi sub-agent async |
-| 🐛 [Pemecahan Masalah](docs/troubleshooting.md) | Masalah umum dan solusinya |
-| 🔧 [Konfigurasi Tools](docs/tools_configuration.md) | Aktifkan/nonaktifkan tool, kebijakan exec |
+WebUI Launcher menyediakan antarmuka berbasis browser untuk konfigurasi dan chat. Ini adalah cara termudah untuk memulai — tidak perlu pengetahuan command-line.
+
+**Opsi 1: Klik dua kali (Desktop)**
+
+Setelah mengunduh dari [picoclaw.io](https://picoclaw.io), klik dua kali `picoclaw-launcher` (atau `picoclaw-launcher.exe` di Windows). Browser Anda akan terbuka otomatis di `http://localhost:18800`.
+
+**Opsi 2: Command line**
+
+```bash
+picoclaw-launcher
+# Buka http://localhost:18800 di browser Anda
+```
+
+> [!TIP]
+> **Akses jarak jauh / Docker / VM:** Tambahkan flag `-public` untuk mendengarkan di semua antarmuka:
+> ```bash
+> picoclaw-launcher -public
+> ```
+
+
+
+
+
+**Memulai:**
+
+Buka WebUI, lalu: **1)** Konfigurasi Provider (tambahkan API key LLM Anda) -> **2)** Konfigurasi Channel (mis. Telegram) -> **3)** Mulai Gateway -> **4)** Chat!
+
+Untuk dokumentasi WebUI lengkap, lihat [docs.picoclaw.io](https://docs.picoclaw.io).
+
+
+Docker (alternatif)
+
+```bash
+# 1. Clone repo ini
+git clone https://github.com/sipeed/picoclaw.git
+cd picoclaw
+
+# 2. Jalankan pertama kali — otomatis membuat docker/data/config.json lalu keluar
+# (hanya terpicu ketika config.json dan workspace/ keduanya tidak ada)
+docker compose -f docker/docker-compose.yml --profile launcher up
+# Container mencetak "First-run setup complete." dan berhenti.
+
+# 3. Atur API key Anda
+vim docker/data/config.json
+
+# 4. Mulai
+docker compose -f docker/docker-compose.yml --profile launcher up -d
+# Buka http://localhost:18800
+```
+
+> **Pengguna Docker / VM:** Gateway mendengarkan di `127.0.0.1` secara default. Atur `PICOCLAW_GATEWAY_HOST=0.0.0.0` atau gunakan flag `-public` agar dapat diakses dari host.
+
+```bash
+# Cek log
+docker compose -f docker/docker-compose.yml logs -f
+
+# Hentikan
+docker compose -f docker/docker-compose.yml --profile launcher down
+
+# Update
+docker compose -f docker/docker-compose.yml pull
+docker compose -f docker/docker-compose.yml --profile launcher up -d
+```
+
+
+
+### 💻 TUI Launcher (Direkomendasikan untuk Headless / SSH)
+
+TUI (Terminal UI) Launcher menyediakan antarmuka terminal lengkap untuk konfigurasi dan manajemen. Ideal untuk server, Raspberry Pi, dan lingkungan headless lainnya.
+
+```bash
+picoclaw-launcher-tui
+```
+
+
+
+
+
+**Memulai:**
+
+Gunakan menu TUI untuk: **1)** Konfigurasi Provider -> **2)** Konfigurasi Channel -> **3)** Mulai Gateway -> **4)** Chat!
+
+Untuk dokumentasi TUI lengkap, lihat [docs.picoclaw.io](https://docs.picoclaw.io).
+
+### 📱 Android
+
+Berikan kehidupan kedua untuk ponsel lama Anda! Ubah menjadi Asisten AI pintar dengan PicoClaw.
+
+**Opsi 1: Termux (tersedia sekarang)**
+
+1. Instal [Termux](https://github.com/termux/termux-app) (unduh dari [GitHub Releases](https://github.com/termux/termux-app/releases), atau cari di F-Droid / Google Play)
+2. Jalankan perintah berikut:
+
+```bash
+# Unduh rilis terbaru
+wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz
+tar xzf picoclaw_Linux_arm64.tar.gz
+pkg install proot
+termux-chroot ./picoclaw onboard # chroot menyediakan tata letak filesystem Linux standar
+```
+
+Kemudian ikuti bagian Terminal Launcher di bawah untuk menyelesaikan konfigurasi.
+
+
+
+**Opsi 2: Instal APK (segera hadir)**
+
+APK Android mandiri dengan WebUI bawaan sedang dalam pengembangan. Pantau terus!
+
+
+Terminal Launcher (untuk lingkungan dengan sumber daya terbatas)
+
+Untuk lingkungan minimal di mana hanya binary inti `picoclaw` yang tersedia (tanpa Launcher UI), Anda dapat mengonfigurasi semuanya melalui command line dan file konfigurasi JSON.
+
+**1. Inisialisasi**
+
+```bash
+picoclaw onboard
+```
+
+Ini membuat `~/.picoclaw/config.json` dan direktori workspace.
+
+**2. Konfigurasi** (`~/.picoclaw/config.json`)
+
+```json
+{
+ "agents": {
+ "defaults": {
+ "model_name": "gpt-5.4"
+ }
+ },
+ "model_list": [
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_key": "sk-your-api-key"
+ }
+ ]
+}
+```
+
+> Lihat `config/config.example.json` di repo untuk template konfigurasi lengkap dengan semua opsi yang tersedia.
+
+**3. Chat**
+
+```bash
+# Pertanyaan satu kali
+picoclaw agent -m "What is 2+2?"
+
+# Mode interaktif
+picoclaw agent
+
+# Mulai gateway untuk integrasi aplikasi chat
+picoclaw gateway
+```
+
+
+
+## 🔌 Providers (LLM)
+
+PicoClaw mendukung 30+ provider LLM melalui konfigurasi `model_list`. Gunakan format `protocol/model`:
+
+| Provider | Protocol | API Key | Catatan |
+|----------|----------|---------|---------|
+| [OpenAI](https://platform.openai.com/api-keys) | `openai/` | Diperlukan | GPT-5.4, GPT-4o, o3, dll. |
+| [Anthropic](https://console.anthropic.com/settings/keys) | `anthropic/` | Diperlukan | Claude Opus 4.6, Sonnet 4.6, dll. |
+| [Google Gemini](https://aistudio.google.com/apikey) | `gemini/` | Diperlukan | Gemini 3 Flash, 2.5 Pro, dll. |
+| [OpenRouter](https://openrouter.ai/keys) | `openrouter/` | Diperlukan | 200+ model, API terpadu |
+| [Zhipu (GLM)](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | `zhipu/` | Diperlukan | GLM-4.7, GLM-5, dll. |
+| [DeepSeek](https://platform.deepseek.com/api_keys) | `deepseek/` | Diperlukan | DeepSeek-V3, DeepSeek-R1 |
+| [Volcengine](https://console.volcengine.com) | `volcengine/` | Diperlukan | Doubao, model Ark |
+| [Qwen](https://dashscope.console.aliyun.com/apiKey) | `qwen/` | Diperlukan | Qwen3, Qwen-Max, dll. |
+| [Groq](https://console.groq.com/keys) | `groq/` | Diperlukan | Inferensi cepat (Llama, Mixtral) |
+| [Moonshot (Kimi)](https://platform.moonshot.cn/console/api-keys) | `moonshot/` | Diperlukan | Model Kimi |
+| [Minimax](https://platform.minimaxi.com/user-center/basic-information/interface-key) | `minimax/` | Diperlukan | Model MiniMax |
+| [Mistral](https://console.mistral.ai/api-keys) | `mistral/` | Diperlukan | Mistral Large, Codestral |
+| [NVIDIA NIM](https://build.nvidia.com/) | `nvidia/` | Diperlukan | Model yang di-host NVIDIA |
+| [Cerebras](https://cloud.cerebras.ai/) | `cerebras/` | Diperlukan | Inferensi cepat |
+| [Novita AI](https://novita.ai/) | `novita/` | Diperlukan | Berbagai model open |
+| [Ollama](https://ollama.com/) | `ollama/` | Tidak perlu | Model lokal, self-hosted |
+| [vLLM](https://docs.vllm.ai/) | `vllm/` | Tidak perlu | Deploy lokal, kompatibel OpenAI |
+| [LiteLLM](https://docs.litellm.ai/) | `litellm/` | Bervariasi | Proxy untuk 100+ provider |
+| [Azure OpenAI](https://portal.azure.com/) | `azure/` | Diperlukan | Deploy Azure enterprise |
+| [GitHub Copilot](https://github.com/features/copilot) | `github-copilot/` | OAuth | Login dengan device code |
+| [Antigravity](https://console.cloud.google.com/) | `antigravity/` | OAuth | Google Cloud AI |
+
+
+Deploy lokal (Ollama, vLLM, dll.)
+
+**Ollama:**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "local-llama",
+ "model": "ollama/llama3.1:8b",
+ "api_base": "http://localhost:11434/v1"
+ }
+ ]
+}
+```
+
+**vLLM:**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "local-vllm",
+ "model": "vllm/your-model",
+ "api_base": "http://localhost:8000/v1"
+ }
+ ]
+}
+```
+
+Untuk detail konfigurasi provider lengkap, lihat [Providers & Models](docs/providers.md).
+
+
+
+## 💬 Channels (Aplikasi Chat)
+
+Bicara dengan PicoClaw Anda melalui 17+ platform pesan:
+
+| Channel | Pengaturan | Protocol | Dokumentasi |
+|---------|------------|----------|-------------|
+| **Telegram** | Mudah (bot token) | Long polling | [Panduan](docs/channels/telegram/README.md) |
+| **Discord** | Mudah (bot token + intents) | WebSocket | [Panduan](docs/channels/discord/README.md) |
+| **WhatsApp** | Mudah (scan QR atau bridge URL) | Native / Bridge | [Panduan](docs/chat-apps.md#whatsapp) |
+| **Weixin** | Mudah (scan QR native) | iLink API | [Panduan](docs/chat-apps.md#weixin) |
+| **QQ** | Mudah (AppID + AppSecret) | WebSocket | [Panduan](docs/channels/qq/README.md) |
+| **Slack** | Mudah (bot + app token) | Socket Mode | [Panduan](docs/channels/slack/README.md) |
+| **Matrix** | Sedang (homeserver + token) | Sync API | [Panduan](docs/channels/matrix/README.md) |
+| **DingTalk** | Sedang (client credentials) | Stream | [Panduan](docs/channels/dingtalk/README.md) |
+| **Feishu / Lark** | Sedang (App ID + Secret) | WebSocket/SDK | [Panduan](docs/channels/feishu/README.md) |
+| **LINE** | Sedang (credentials + webhook) | Webhook | [Panduan](docs/channels/line/README.md) |
+| **WeCom Bot** | Sedang (webhook URL) | Webhook | [Panduan](docs/channels/wecom/wecom_bot/README.md) |
+| **WeCom App** | Sedang (corp credentials) | Webhook | [Panduan](docs/channels/wecom/wecom_app/README.md) |
+| **WeCom AI Bot** | Sedang (token + AES key) | WebSocket / Webhook | [Panduan](docs/channels/wecom/wecom_aibot/README.md) |
+| **IRC** | Sedang (server + nick) | IRC protocol | [Panduan](docs/chat-apps.md#irc) |
+| **OneBot** | Sedang (WebSocket URL) | OneBot v11 | [Panduan](docs/channels/onebot/README.md) |
+| **MaixCam** | Mudah (aktifkan) | TCP socket | [Panduan](docs/channels/maixcam/README.md) |
+| **Pico** | Mudah (aktifkan) | Native protocol | Bawaan |
+| **Pico Client** | Mudah (WebSocket URL) | WebSocket | Bawaan |
+
+> Semua channel berbasis webhook berbagi satu server HTTP Gateway (`gateway.host`:`gateway.port`, default `127.0.0.1:18790`). Feishu menggunakan mode WebSocket/SDK dan tidak menggunakan server HTTP bersama.
+
+Untuk instruksi pengaturan channel lengkap, lihat [Konfigurasi Aplikasi Chat](docs/chat-apps.md).
+
+## 🔧 Tools
+
+### 🔍 Pencarian Web
+
+PicoClaw dapat mencari web untuk memberikan informasi terkini. Konfigurasi di `tools.web`:
+
+| Mesin Pencari | API Key | Tier Gratis | Tautan |
+|--------------|---------|-------------|--------|
+| DuckDuckGo | Tidak perlu | Tidak terbatas | Fallback bawaan |
+| [Baidu Search](https://cloud.baidu.com/doc/qianfan-api/s/Wmbq4z7e5) | Diperlukan | 1000 kueri/hari | Bertenaga AI, dioptimalkan untuk bahasa Mandarin |
+| [Tavily](https://tavily.com) | Diperlukan | 1000 kueri/bulan | Dioptimalkan untuk AI Agent |
+| [Brave Search](https://brave.com/search/api) | Diperlukan | 2000 kueri/bulan | Cepat dan privat |
+| [Perplexity](https://www.perplexity.ai) | Diperlukan | Berbayar | Pencarian bertenaga AI |
+| [SearXNG](https://github.com/searxng/searxng) | Tidak perlu | Self-hosted | Mesin metasearch gratis |
+| [GLM Search](https://open.bigmodel.cn/) | Diperlukan | Bervariasi | Pencarian web Zhipu |
+
+### ⚙️ Tools Lainnya
+
+PicoClaw menyertakan tools bawaan untuk operasi file, eksekusi kode, penjadwalan, dan lainnya. Lihat [Konfigurasi Tools](docs/tools_configuration.md) untuk detail.
+
+## 🎯 Skills
+
+Skills adalah kapabilitas modular yang memperluas Agent Anda. Dimuat dari file `SKILL.md` di workspace Anda.
+
+**Instal skills dari ClawHub:**
+
+```bash
+picoclaw skills search "web scraping"
+picoclaw skills install
+```
+
+**Konfigurasi token ClawHub** (opsional, untuk rate limit lebih tinggi):
+
+Tambahkan ke `config.json` Anda:
+```json
+{
+ "tools": {
+ "skills": {
+ "registries": {
+ "clawhub": {
+ "auth_token": "your-clawhub-token"
+ }
+ }
+ }
+ }
+}
+```
+
+Untuk detail lebih lanjut, lihat [Konfigurasi Tools - Skills](docs/tools_configuration.md#skills-tool).
+
+## 🔗 MCP (Model Context Protocol)
+
+PicoClaw mendukung [MCP](https://modelcontextprotocol.io/) secara native — hubungkan server MCP mana pun untuk memperluas kapabilitas Agent Anda dengan tools dan sumber data eksternal.
+
+```json
+{
+ "tools": {
+ "mcp": {
+ "enabled": true,
+ "servers": {
+ "filesystem": {
+ "enabled": true,
+ "command": "npx",
+ "args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"]
+ }
+ }
+ }
+ }
+}
+```
+
+Untuk konfigurasi MCP lengkap (transport stdio, SSE, HTTP, Tool Discovery), lihat [Konfigurasi Tools - MCP](docs/tools_configuration.md#mcp-tool).
## Bergabung dengan Jaringan Sosial Agent
-Hubungkan Picoclaw ke Jaringan Sosial Agent hanya dengan mengirim satu pesan melalui CLI atau Aplikasi Chat terintegrasi.
+Hubungkan PicoClaw ke Jaringan Sosial Agent hanya dengan mengirim satu pesan melalui CLI atau Aplikasi Chat terintegrasi mana pun.
**Baca `https://clawdchat.ai/skill.md` dan ikuti instruksi untuk bergabung dengan [ClawdChat.ai](https://clawdchat.ai)**
## 🖥️ Referensi CLI
-| Perintah | Deskripsi |
-| ------------------------- | -------------------------------- |
-| `picoclaw onboard` | Inisialisasi konfigurasi & workspace |
+| Perintah | Deskripsi |
+| -------------------------- | -------------------------------- |
+| `picoclaw onboard` | Inisialisasi konfigurasi & workspace |
+| `picoclaw onboard weixin` | Hubungkan akun WeChat via QR |
| `picoclaw agent -m "..."` | Chat dengan agent |
-| `picoclaw agent` | Mode chat interaktif |
-| `picoclaw gateway` | Mulai gateway |
-| `picoclaw status` | Tampilkan status |
-| `picoclaw version` | Tampilkan info versi |
-| `picoclaw cron list` | Daftar semua tugas terjadwal |
-| `picoclaw cron add ...` | Tambah tugas terjadwal |
-| `picoclaw cron disable` | Nonaktifkan tugas terjadwal |
-| `picoclaw cron remove` | Hapus tugas terjadwal |
-| `picoclaw skills list` | Daftar skill yang terinstal |
-| `picoclaw skills install` | Instal skill |
-| `picoclaw migrate` | Migrasi data dari versi lama |
-| `picoclaw auth login` | Autentikasi dengan provider |
+| `picoclaw agent` | Mode chat interaktif |
+| `picoclaw gateway` | Mulai gateway |
+| `picoclaw status` | Tampilkan status |
+| `picoclaw version` | Tampilkan info versi |
+| `picoclaw model` | Lihat atau ganti model default |
+| `picoclaw cron list` | Daftar semua tugas terjadwal |
+| `picoclaw cron add ...` | Tambah tugas terjadwal |
+| `picoclaw cron disable` | Nonaktifkan tugas terjadwal |
+| `picoclaw cron remove` | Hapus tugas terjadwal |
+| `picoclaw skills list` | Daftar skill yang terinstal |
+| `picoclaw skills install` | Instal skill |
+| `picoclaw migrate` | Migrasi data dari versi lama |
+| `picoclaw auth login` | Autentikasi dengan provider |
-### Tugas Terjadwal / Pengingat
+### ⏰ Tugas Terjadwal / Pengingat
PicoClaw mendukung pengingat terjadwal dan tugas berulang melalui tool `cron`:
-* **Pengingat satu kali**: "Ingatkan saya dalam 10 menit" → terpicu sekali setelah 10 menit
-* **Tugas berulang**: "Ingatkan saya setiap 2 jam" → terpicu setiap 2 jam
-* **Ekspresi cron**: "Ingatkan saya jam 9 pagi setiap hari" → menggunakan ekspresi cron
+* **Pengingat satu kali**: "Ingatkan saya dalam 10 menit" -> terpicu sekali setelah 10 menit
+* **Tugas berulang**: "Ingatkan saya setiap 2 jam" -> terpicu setiap 2 jam
+* **Ekspresi cron**: "Ingatkan saya jam 9 pagi setiap hari" -> menggunakan ekspresi cron
+
+## 📚 Dokumentasi
+
+Untuk panduan lengkap di luar README ini:
+
+| Topik | Deskripsi |
+|-------|-----------|
+| [Docker & Panduan Cepat](docs/docker.md) | Pengaturan Docker Compose, mode Launcher/Agent |
+| [Aplikasi Chat](docs/chat-apps.md) | Semua 17+ panduan pengaturan channel |
+| [Konfigurasi](docs/configuration.md) | Variabel environment, tata letak workspace, sandbox keamanan |
+| [Providers & Models](docs/providers.md) | 30+ provider LLM, routing model, konfigurasi model_list |
+| [Spawn & Tugas Async](docs/spawn-tasks.md) | Tugas cepat, tugas panjang dengan spawn, orkestrasi sub-agent async |
+| [Hooks](docs/hooks/README.md) | Sistem hook berbasis event: observer, interceptor, approval hook |
+| [Steering](docs/steering.md) | Menyuntikkan pesan ke dalam loop agent yang sedang berjalan |
+| [SubTurn](docs/subturn.md) | Koordinasi subagent, kontrol konkurensi, siklus hidup |
+| [Pemecahan Masalah](docs/troubleshooting.md) | Masalah umum dan solusinya |
+| [Konfigurasi Tools](docs/tools_configuration.md) | Aktifkan/nonaktifkan per-tool, kebijakan exec, MCP, Skills |
+| [Kompatibilitas Hardware](docs/hardware-compatibility.md) | Board yang telah diuji, persyaratan minimum |
## 🤝 Kontribusi & Roadmap
-PR sangat diterima! Codebase sengaja dibuat kecil dan mudah dibaca. 🤗
+PR sangat diterima! Codebase sengaja dibuat kecil dan mudah dibaca.
-Lihat [Roadmap Komunitas](https://github.com/sipeed/picoclaw/blob/main/ROADMAP.md) lengkap kami.
+Lihat [Roadmap Komunitas](https://github.com/sipeed/picoclaw/issues/988) dan [CONTRIBUTING.md](CONTRIBUTING.md) untuk panduan.
Grup pengembang sedang dibangun, bergabunglah setelah PR pertama Anda di-merge!
Grup Pengguna:
-discord:
+Discord:
+
+WeChat:
+
-
diff --git a/README.it.md b/README.it.md
index 27027d95f..dae541a17 100644
--- a/README.it.md
+++ b/README.it.md
@@ -1,9 +1,9 @@
-
+
-
PicoClaw: Assistente IA Ultra-Efficiente in Go
+
PicoClaw: Assistente IA Ultra-Efficiente in Go
-
Hardware da $10 · <10MB RAM · Boot in <1s · 皮皮虾,我们走!
+
Hardware da $10 · 10MB di RAM · Avvio in ms · Let's Go, PicoClaw!
@@ -24,135 +24,125 @@
---
-> **PicoClaw** è un progetto open-source indipendente avviato da [Sipeed](https://sipeed.com). È scritto interamente in **Go** — non è un fork di OpenClaw, NanoBot o di qualsiasi altro progetto.
+> **PicoClaw** è un progetto open-source indipendente avviato da [Sipeed](https://sipeed.com), scritto interamente in **Go** da zero — non è un fork di OpenClaw, NanoBot o di qualsiasi altro progetto.
-🦐 PicoClaw è un assistente IA personale ultra-leggero ispirato a [NanoBot](https://github.com/HKUDS/nanobot), riscritto da zero in Go attraverso un processo di auto-bootstrapping, in cui l'agente IA stesso ha guidato l'intera migrazione architetturale e l'ottimizzazione del codice.
+**PicoClaw** è un assistente IA personale ultra-leggero ispirato a [NanoBot](https://github.com/HKUDS/nanobot). È stato riscritto da zero in **Go** attraverso un processo di "auto-bootstrapping" — l'Agent IA stesso ha guidato la migrazione architetturale e l'ottimizzazione del codice.
-⚡️ Funziona su hardware da $10 con meno di 10MB di RAM: il 99% di memoria in meno rispetto a OpenClaw e il 98% più economico di un Mac mini!
+**Funziona su hardware da $10 con <10MB di RAM** — il 99% di memoria in meno rispetto a OpenClaw e il 98% più economico di un Mac mini!
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
> [!CAUTION]
-> **🚨 SICUREZZA & CANALI UFFICIALI**
+> **Avviso di Sicurezza**
>
-> * **NESSUNA CRYPTO:** PicoClaw non ha **NESSUN** token/coin ufficiale. Qualsiasi annuncio su `pump.fun` o altre piattaforme di trading è una **TRUFFA**.
->
-> * **DOMINIO UFFICIALE:** L'**UNICO** sito ufficiale è **[picoclaw.io](https://picoclaw.io)**, e il sito aziendale è **[sipeed.com](https://sipeed.com)**.
-> * **Attenzione:** Molti domini `.ai/.org/.com/.net/...` sono registrati da terze parti.
-> * **Attenzione:** PicoClaw è in fase di sviluppo iniziale e potrebbe avere problemi di sicurezza di rete non risolti. Non distribuire in ambienti di produzione prima della release v1.0.
-> * **Nota:** PicoClaw ha recentemente unito molte PR, il che potrebbe comportare un'impronta di memoria maggiore (10–20MB) nelle ultime versioni. Prevediamo di dare priorità all'ottimizzazione delle risorse non appena il set di funzionalità corrente raggiungerà uno stato stabile.
+> * **NESSUNA CRYPTO:** PicoClaw **non** ha emesso token o criptovalute ufficiali. Qualsiasi annuncio su `pump.fun` o altre piattaforme di trading è una **truffa**.
+> * **DOMINIO UFFICIALE:** L'**UNICO** sito ufficiale è **[picoclaw.io](https://picoclaw.io)**, e il sito aziendale è **[sipeed.com](https://sipeed.com)**
+> * **ATTENZIONE:** Molti domini `.ai/.org/.com/.net/...` sono stati registrati da terze parti. Non fidarti di essi.
+> * **NOTA:** PicoClaw è in fase di sviluppo iniziale rapido. Potrebbero esserci problemi di sicurezza non risolti. Non distribuire in produzione prima della v1.0.
+> * **NOTA:** PicoClaw ha recentemente unito molte PR. Le build recenti potrebbero usare 10-20MB di RAM. L'ottimizzazione delle risorse è pianificata dopo la stabilizzazione delle funzionalità.
## 📢 Novità
-2026-03-17 🚀 **v0.2.3 rilasciata!** Interfaccia system tray (Windows & Linux), tracciamento dello stato dei sub-agent (`spawn_status`), hot-reload sperimentale del gateway, gate di sicurezza per cron e 2 correzioni di sicurezza. PicoClaw raggiunge **25K ⭐**!
+2026-03-17 🚀 **v0.2.3 rilasciata!** Interfaccia system tray (Windows & Linux), query sullo stato dei sub-agent (`spawn_status`), hot-reload sperimentale del Gateway, gate di sicurezza per Cron e 2 correzioni di sicurezza. PicoClaw raggiunge **25K Stars**!
2026-03-09 🎉 **v0.2.1 — Il più grande aggiornamento di sempre!** Supporto al protocollo MCP, 4 nuovi canali (Matrix/IRC/WeCom/Discord Proxy), 3 nuovi provider (Kimi/Minimax/Avian), pipeline di visione, store di memoria JSONL e routing dei modelli.
-2026-02-28 📦 **v0.2.0** rilasciata con supporto Docker Compose e launcher Web UI.
+2026-02-28 📦 **v0.2.0** rilasciata con supporto Docker Compose e Web UI Launcher.
-2026-02-26 🎉 PicoClaw ha raggiunto **20K stelle** in soli 17 giorni! Arrivate l'orchestrazione automatica dei canali e le interfacce di capacità.
+2026-02-26 🎉 PicoClaw raggiunge **20K stelle** in soli 17 giorni! Orchestrazione automatica dei canali e interfacce di capacità sono attive.
Notizie precedenti...
-2026-02-16 🎉 PicoClaw ha raggiunto 12K stelle in una settimana! Ruoli di maintainer della community e [roadmap](ROADMAP.md) pubblicati ufficialmente.
+2026-02-16 🎉 PicoClaw supera 12K stelle in una settimana! Ruoli di maintainer della community e [Roadmap](ROADMAP.md) pubblicati ufficialmente.
-2026-02-13 🎉 PicoClaw ha raggiunto 5000 stelle in 4 giorni! Roadmap del progetto e gruppo sviluppatori in fase di avvio.
+2026-02-13 🎉 PicoClaw supera 5000 stelle in 4 giorni! Roadmap del progetto e gruppi sviluppatori in fase di avvio.
-2026-02-09 🎉 **PicoClaw lanciato!** Costruito in 1 giorno per portare gli agenti IA su hardware da $10 con <10MB di RAM. 🦐 PicoClaw, andiamo!
+2026-02-09 🎉 **PicoClaw lanciato!** Costruito in 1 giorno per portare gli AI Agent su hardware da $10 con <10MB di RAM. Let's Go, PicoClaw!
## ✨ Caratteristiche
-🪶 **Ultra-Leggero**: Impronta di memoria <10MB — il 99% più piccolo delle funzionalità principali di OpenClaw.*
+🪶 **Ultra-Leggero**: Impronta di memoria <10MB — il 99% più piccolo rispetto a OpenClaw.*
💰 **Costo Minimo**: Abbastanza efficiente da girare su hardware da $10 — il 98% più economico di un Mac mini.
-⚡️ **Avvio Fulmineo**: Tempo di avvio 400 volte più veloce, boot in meno di 1 secondo anche su un singolo core a 0,6 GHz.
+⚡️ **Avvio Fulmineo**: Avvio 400 volte più veloce. Boot in meno di 1 secondo anche su un singolo core a 0,6 GHz.
-🌍 **Vera Portabilità**: Singolo binario autonomo per RISC-V, ARM, MIPS e x86. Un click e si parte!
+🌍 **Vera Portabilità**: Singolo binario per RISC-V, ARM, MIPS e x86. Un binario, funziona ovunque!
-🤖 **Auto-Costruito dall'IA**: Implementazione nativa in Go in modo autonomo — 95% del core generato dall'Agent con perfezionamento umano nel ciclo.
+🤖 **Auto-Costruito dall'IA**: Implementazione nativa in Go — il 95% del codice core è stato generato da un Agent e perfezionato tramite revisione umana nel ciclo.
-🔌 **Supporto MCP**: Integrazione nativa del [Model Context Protocol](https://modelcontextprotocol.io/) — connetti qualsiasi server MCP per estendere le capacità dell'agent.
+🔌 **Supporto MCP**: Integrazione nativa del [Model Context Protocol](https://modelcontextprotocol.io/) — connetti qualsiasi server MCP per estendere le capacità dell'Agent.
-👁️ **Pipeline di Visione**: Invia immagini e file direttamente all'agent — codifica base64 automatica per LLM multimodali.
+👁️ **Pipeline di Visione**: Invia immagini e file direttamente all'Agent — codifica base64 automatica per LLM multimodali.
🧠 **Routing Intelligente**: Routing dei modelli basato su regole — le query semplici vanno verso modelli leggeri, risparmiando sui costi API.
-_*Le versioni recenti potrebbero usare 10–20MB a causa delle fusioni rapide di funzionalità. L'ottimizzazione delle risorse è pianificata. Il confronto dell'avvio è basato su benchmark con singolo core a 0,8 GHz (vedi tabella sotto)._
+_*Le build recenti potrebbero usare 10-20MB a causa delle fusioni rapide di PR. L'ottimizzazione delle risorse è pianificata. Il confronto dell'avvio è basato su benchmark con singolo core a 0,8 GHz (vedi tabella sotto)._
-| | OpenClaw | NanoBot | **PicoClaw** |
-| ----------------------------- | ------------- | ------------------------ | ----------------------------------------- |
-| **Linguaggio** | TypeScript | Python | **Go** |
-| **RAM** | >1GB | >100MB | **< 10MB*** |
-| **Avvio**(core 0,8 GHz) | >500s | >30s | **<1s** |
-| **Costo** | Mac Mini $599 | La maggior parte degli SBC Linux ~$50 | **Qualsiasi scheda Linux****A partire da $10** |
+
+
+| | OpenClaw | NanoBot | **PicoClaw** |
+| ------------------------------ | ------------- | ------------------------ | -------------------------------------- |
+| **Linguaggio** | TypeScript | Python | **Go** |
+| **RAM** | >1GB | >100MB | **< 10MB*** |
+| **Avvio**(core 0,8 GHz) | >500s | >30s | **<1s** |
+| **Costo** | Mac Mini $599 | La maggior parte degli SBC Linux ~$50 | **Qualsiasi scheda Linux****a partire da $10** |
+
+
+> **[Lista di Compatibilità Hardware](docs/hardware-compatibility.md)** — Vedi tutte le schede testate, dai $5 RISC-V al Raspberry Pi ai telefoni Android. La tua scheda non è elencata? Invia una PR!
+
+
+
+
+
## 🦾 Dimostrazione
### 🛠️ Flussi di Lavoro Standard dell'Assistente
-
-
🧩 Ingegnere Full-Stack
-
🗂️ Gestione Log & Pianificazione
-
🔎 Ricerca Web & Apprendimento
-
-
-
-
-
-
-
-
Sviluppa • Distribuisci • Scala
-
Pianifica • Automatizza • Memorizza
-
Scopri • Analizza • Tendenze
-
+
+
Modalità Ingegnere Full-Stack
+
Log & Pianificazione
+
Ricerca Web & Apprendimento
+
+
+
+
+
+
+
+
Sviluppa · Distribuisci · Scala
+
Pianifica · Automatizza · Memorizza
+
Scopri · Analizza · Tendenze
+
-### 📱 Usa su vecchi telefoni Android
-
-Dai una seconda vita al tuo telefono di dieci anni fa! Trasformalo in un assistente IA intelligente con PicoClaw. Avvio rapido:
-
-1. **Installa [Termux](https://github.com/termux/termux-app)** (Scarica da [GitHub Releases](https://github.com/termux/termux-app/releases), o cerca su F-Droid / Google Play).
-2. **Esegui i comandi**
-
-```bash
-# Scarica l'ultima release da https://github.com/sipeed/picoclaw/releases
-wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz
-tar xzf picoclaw_Linux_arm64.tar.gz
-pkg install proot
-termux-chroot ./picoclaw onboard
-```
-
-Poi segui le istruzioni nella sezione "Avvio Rapido" per completare la configurazione!
-
-
-
### 🐜 Deploy Innovativo a Bassa Impronta
PicoClaw può essere distribuito su quasi qualsiasi dispositivo Linux!
-- $9,9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) versione E (Ethernet) o W (WiFi6), per un Assistente Domotico Minimale
-- $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), o $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html) per la Manutenzione Automatizzata dei Server
-- $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) o $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera) per il Monitoraggio Intelligente
+- $9,9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) versione E (Ethernet) o W (WiFi6), per un assistente domotico minimale
+- $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), o $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html), per la manutenzione automatizzata dei server
+- $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) o $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera), per la sorveglianza intelligente
@@ -160,11 +150,15 @@ PicoClaw può essere distribuito su quasi qualsiasi dispositivo Linux!
## 📦 Installazione
-### Installa con binario precompilato
+### Scarica da picoclaw.io (Consigliato)
-Scarica il binario per la tua piattaforma dalla pagina delle [Releases](https://github.com/sipeed/picoclaw/releases).
+Visita **[picoclaw.io](https://picoclaw.io)** — il sito ufficiale rileva automaticamente la tua piattaforma e fornisce il download con un clic. Non è necessario scegliere manualmente l'architettura.
-### Installa dai sorgenti (ultime funzionalità, consigliato per lo sviluppo)
+### Scarica il binario precompilato
+
+In alternativa, scarica il binario per la tua piattaforma dalla pagina delle [GitHub Releases](https://github.com/sipeed/picoclaw/releases).
+
+### Compila dai sorgenti (per lo sviluppo)
```bash
git clone https://github.com/sipeed/picoclaw.git
@@ -172,34 +166,348 @@ git clone https://github.com/sipeed/picoclaw.git
cd picoclaw
make deps
-# Compila, senza installare
+# Compila il binario core
make build
+# Compila il Web UI Launcher (necessario per la modalità WebUI)
+make build-launcher
+
# Compila per più piattaforme
make build-all
# Compila per Raspberry Pi Zero 2 W (32-bit: make build-linux-arm; 64-bit: make build-linux-arm64)
make build-pi-zero
-# Compila e Installa
+# Compila e installa
make install
```
-**Raspberry Pi Zero 2 W:** Usa il binario che corrisponde al tuo OS: Raspberry Pi OS 32-bit → `make build-linux-arm`; 64-bit → `make build-linux-arm64`. Oppure esegui `make build-pi-zero` per compilare entrambi.
+**Raspberry Pi Zero 2 W:** Usa il binario che corrisponde al tuo OS: Raspberry Pi OS 32-bit -> `make build-linux-arm`; 64-bit -> `make build-linux-arm64`. Oppure esegui `make build-pi-zero` per compilare entrambi.
-## 📚 Documentazione
+## 🚀 Guida Rapida
-Per guide dettagliate, consulta la documentazione qui sotto. Il README copre solo l'avvio rapido.
+### 🌐 WebUI Launcher (Consigliato per Desktop)
-| Argomento | Descrizione |
-|-----------|-------------|
-| 🐳 [Docker & Avvio Rapido](docs/docker.md) | Configurazione Docker Compose, modalità Launcher/Agent, configurazione rapida |
-| 💬 [App di Chat](docs/chat-apps.md) | Telegram, Discord, WhatsApp, Matrix, QQ, Slack, IRC, DingTalk, LINE, Feishu, WeCom e altro |
-| ⚙️ [Configurazione](docs/it/configuration.md) | Variabili d'ambiente, struttura del workspace, sorgenti delle skill, sandbox di sicurezza, heartbeat |
-| 🔌 [Provider & Modelli](docs/providers.md) | 20+ provider LLM, routing dei modelli, configurazione model_list, architettura dei provider |
-| 🔄 [Spawn & Task Asincroni](docs/spawn-tasks.md) | Task veloci, task lunghi con spawn, orchestrazione asincrona di sub-agent |
-| 🐛 [Risoluzione Problemi](docs/troubleshooting.md) | Problemi comuni e soluzioni |
-| 🔧 [Configurazione degli Strumenti](docs/tools_configuration.md) | Abilitazione/disabilitazione per strumento, politiche exec |
+Il WebUI Launcher fornisce un'interfaccia basata su browser per la configurazione e la chat. È il modo più semplice per iniziare — non è richiesta alcuna conoscenza della riga di comando.
+
+**Opzione 1: Doppio clic (Desktop)**
+
+Dopo aver scaricato da [picoclaw.io](https://picoclaw.io), fai doppio clic su `picoclaw-launcher` (o `picoclaw-launcher.exe` su Windows). Il browser si aprirà automaticamente su `http://localhost:18800`.
+
+**Opzione 2: Riga di comando**
+
+```bash
+picoclaw-launcher
+# Apri http://localhost:18800 nel browser
+```
+
+> [!TIP]
+> **Accesso remoto / Docker / VM:** Aggiungi il flag `-public` per ascoltare su tutte le interfacce:
+> ```bash
+> picoclaw-launcher -public
+> ```
+
+
+
+
+
+**Per iniziare:**
+
+Apri il WebUI, poi: **1)** Configura un Provider (aggiungi la tua API key LLM) -> **2)** Configura un Channel (es. Telegram) -> **3)** Avvia il Gateway -> **4)** Chatta!
+
+Per la documentazione dettagliata del WebUI, vedi [docs.picoclaw.io](https://docs.picoclaw.io).
+
+
+Docker (alternativa)
+
+```bash
+# 1. Clona questo repo
+git clone https://github.com/sipeed/picoclaw.git
+cd picoclaw
+
+# 2. Prima esecuzione — genera automaticamente docker/data/config.json poi si ferma
+# (si attiva solo quando sia config.json che workspace/ sono assenti)
+docker compose -f docker/docker-compose.yml --profile launcher up
+# Il container stampa "First-run setup complete." e si ferma.
+
+# 3. Imposta le tue API key
+vim docker/data/config.json
+
+# 4. Avvia
+docker compose -f docker/docker-compose.yml --profile launcher up -d
+# Apri http://localhost:18800
+```
+
+> **Utenti Docker / VM:** Il Gateway ascolta su `127.0.0.1` per impostazione predefinita. Imposta `PICOCLAW_GATEWAY_HOST=0.0.0.0` o usa il flag `-public` per renderlo accessibile dall'host.
+
+```bash
+# Controlla i log
+docker compose -f docker/docker-compose.yml logs -f
+
+# Ferma
+docker compose -f docker/docker-compose.yml --profile launcher down
+
+# Aggiorna
+docker compose -f docker/docker-compose.yml pull
+docker compose -f docker/docker-compose.yml --profile launcher up -d
+```
+
+
+
+### 💻 TUI Launcher (Consigliato per Headless / SSH)
+
+Il TUI (Terminal UI) Launcher fornisce un'interfaccia terminale completa per la configurazione e la gestione. Ideale per server, Raspberry Pi e altri ambienti headless.
+
+```bash
+picoclaw-launcher-tui
+```
+
+
+
+
+
+**Per iniziare:**
+
+Usa i menu TUI per: **1)** Configurare un Provider -> **2)** Configurare un Channel -> **3)** Avviare il Gateway -> **4)** Chattare!
+
+Per la documentazione dettagliata del TUI, vedi [docs.picoclaw.io](https://docs.picoclaw.io).
+
+### 📱 Android
+
+Dai una seconda vita al tuo telefono di dieci anni fa! Trasformalo in un assistente IA intelligente con PicoClaw.
+
+**Opzione 1: Termux (disponibile ora)**
+
+1. Installa [Termux](https://github.com/termux/termux-app) (scarica da [GitHub Releases](https://github.com/termux/termux-app/releases), o cerca su F-Droid / Google Play)
+2. Esegui i seguenti comandi:
+
+```bash
+# Scarica l'ultima release
+wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz
+tar xzf picoclaw_Linux_arm64.tar.gz
+pkg install proot
+termux-chroot ./picoclaw onboard # chroot fornisce un layout standard del filesystem Linux
+```
+
+Poi segui la sezione Terminal Launcher qui sotto per completare la configurazione.
+
+
+
+**Opzione 2: APK Install (prossimamente)**
+
+Un APK Android standalone con WebUI integrato è in sviluppo. Resta sintonizzato!
+
+
+Terminal Launcher (per ambienti con risorse limitate)
+
+Per ambienti minimali dove è disponibile solo il binario core `picoclaw` (senza Launcher UI), puoi configurare tutto tramite riga di comando e un file di configurazione JSON.
+
+**1. Inizializza**
+
+```bash
+picoclaw onboard
+```
+
+Questo crea `~/.picoclaw/config.json` e la directory workspace.
+
+**2. Configura** (`~/.picoclaw/config.json`)
+
+```json
+{
+ "agents": {
+ "defaults": {
+ "model_name": "gpt-5.4"
+ }
+ },
+ "model_list": [
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_key": "sk-your-api-key"
+ }
+ ]
+}
+```
+
+> Vedi `config/config.example.json` nel repo per un template di configurazione completo con tutte le opzioni disponibili.
+
+**3. Chatta**
+
+```bash
+# Domanda singola
+picoclaw agent -m "Quanto fa 2+2?"
+
+# Modalità interattiva
+picoclaw agent
+
+# Avvia il gateway per l'integrazione con app di chat
+picoclaw gateway
+```
+
+
+
+## 🔌 Provider (LLM)
+
+PicoClaw supporta 30+ provider LLM tramite la configurazione `model_list`. Usa il formato `protocollo/modello`:
+
+| Provider | Protocollo | API Key | Note |
+|----------|------------|---------|------|
+| [OpenAI](https://platform.openai.com/api-keys) | `openai/` | Richiesta | GPT-5.4, GPT-4o, o3, ecc. |
+| [Anthropic](https://console.anthropic.com/settings/keys) | `anthropic/` | Richiesta | Claude Opus 4.6, Sonnet 4.6, ecc. |
+| [Google Gemini](https://aistudio.google.com/apikey) | `gemini/` | Richiesta | Gemini 3 Flash, 2.5 Pro, ecc. |
+| [OpenRouter](https://openrouter.ai/keys) | `openrouter/` | Richiesta | 200+ modelli, API unificata |
+| [Zhipu (GLM)](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | `zhipu/` | Richiesta | GLM-4.7, GLM-5, ecc. |
+| [DeepSeek](https://platform.deepseek.com/api_keys) | `deepseek/` | Richiesta | DeepSeek-V3, DeepSeek-R1 |
+| [Volcengine](https://console.volcengine.com) | `volcengine/` | Richiesta | Doubao, modelli Ark |
+| [Qwen](https://dashscope.console.aliyun.com/apiKey) | `qwen/` | Richiesta | Qwen3, Qwen-Max, ecc. |
+| [Groq](https://console.groq.com/keys) | `groq/` | Richiesta | Inferenza veloce (Llama, Mixtral) |
+| [Moonshot (Kimi)](https://platform.moonshot.cn/console/api-keys) | `moonshot/` | Richiesta | Modelli Kimi |
+| [Minimax](https://platform.minimaxi.com/user-center/basic-information/interface-key) | `minimax/` | Richiesta | Modelli MiniMax |
+| [Mistral](https://console.mistral.ai/api-keys) | `mistral/` | Richiesta | Mistral Large, Codestral |
+| [NVIDIA NIM](https://build.nvidia.com/) | `nvidia/` | Richiesta | Modelli ospitati NVIDIA |
+| [Cerebras](https://cloud.cerebras.ai/) | `cerebras/` | Richiesta | Inferenza veloce |
+| [Novita AI](https://novita.ai/) | `novita/` | Richiesta | Vari modelli open |
+| [Ollama](https://ollama.com/) | `ollama/` | Non necessaria | Modelli locali, self-hosted |
+| [vLLM](https://docs.vllm.ai/) | `vllm/` | Non necessaria | Deploy locale, compatibile OpenAI |
+| [LiteLLM](https://docs.litellm.ai/) | `litellm/` | Variabile | Proxy per 100+ provider |
+| [Azure OpenAI](https://portal.azure.com/) | `azure/` | Richiesta | Deploy Azure enterprise |
+| [GitHub Copilot](https://github.com/features/copilot) | `github-copilot/` | OAuth | Login con device code |
+| [Antigravity](https://console.cloud.google.com/) | `antigravity/` | OAuth | Google Cloud AI |
+
+
+Deploy locale (Ollama, vLLM, ecc.)
+
+**Ollama:**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "local-llama",
+ "model": "ollama/llama3.1:8b",
+ "api_base": "http://localhost:11434/v1"
+ }
+ ]
+}
+```
+
+**vLLM:**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "local-vllm",
+ "model": "vllm/your-model",
+ "api_base": "http://localhost:8000/v1"
+ }
+ ]
+}
+```
+
+Per i dettagli completi sulla configurazione dei provider, vedi [Provider & Modelli](docs/providers.md).
+
+
+
+## 💬 Channel (App di Chat)
+
+Parla con il tuo PicoClaw attraverso 17+ piattaforme di messaggistica:
+
+| Channel | Configurazione | Protocollo | Docs |
+|---------|----------------|------------|------|
+| **Telegram** | Facile (bot token) | Long polling | [Guida](docs/channels/telegram/README.md) |
+| **Discord** | Facile (bot token + intents) | WebSocket | [Guida](docs/channels/discord/README.md) |
+| **WhatsApp** | Facile (QR scan o bridge URL) | Nativo / Bridge | [Guida](docs/chat-apps.md#whatsapp) |
+| **Weixin** | Facile (scan QR nativo) | iLink API | [Guida](docs/chat-apps.md#weixin) |
+| **QQ** | Facile (AppID + AppSecret) | WebSocket | [Guida](docs/channels/qq/README.md) |
+| **Slack** | Facile (bot + app token) | Socket Mode | [Guida](docs/channels/slack/README.md) |
+| **Matrix** | Medio (homeserver + token) | Sync API | [Guida](docs/channels/matrix/README.md) |
+| **DingTalk** | Medio (credenziali client) | Stream | [Guida](docs/channels/dingtalk/README.md) |
+| **Feishu / Lark** | Medio (App ID + Secret) | WebSocket/SDK | [Guida](docs/channels/feishu/README.md) |
+| **LINE** | Medio (credenziali + webhook) | Webhook | [Guida](docs/channels/line/README.md) |
+| **WeCom Bot** | Medio (webhook URL) | Webhook | [Guida](docs/channels/wecom/wecom_bot/README.md) |
+| **WeCom App** | Medio (credenziali aziendali) | Webhook | [Guida](docs/channels/wecom/wecom_app/README.md) |
+| **WeCom AI Bot** | Medio (token + AES key) | WebSocket / Webhook | [Guida](docs/channels/wecom/wecom_aibot/README.md) |
+| **IRC** | Medio (server + nick) | Protocollo IRC | [Guida](docs/chat-apps.md#irc) |
+| **OneBot** | Medio (WebSocket URL) | OneBot v11 | [Guida](docs/channels/onebot/README.md) |
+| **MaixCam** | Facile (abilita) | TCP socket | [Guida](docs/channels/maixcam/README.md) |
+| **Pico** | Facile (abilita) | Protocollo nativo | Integrato |
+| **Pico Client** | Facile (WebSocket URL) | WebSocket | Integrato |
+
+> Tutti i channel basati su webhook condividono un singolo server HTTP Gateway (`gateway.host`:`gateway.port`, default `127.0.0.1:18790`). Feishu usa la modalità WebSocket/SDK e non usa il server HTTP condiviso.
+
+Per istruzioni dettagliate sulla configurazione dei channel, vedi [Configurazione App di Chat](docs/chat-apps.md).
+
+## 🔧 Strumenti
+
+### 🔍 Ricerca Web
+
+PicoClaw può cercare sul web per fornire informazioni aggiornate. Configura in `tools.web`:
+
+| Motore di Ricerca | API Key | Piano Gratuito | Link |
+|-------------------|---------|----------------|------|
+| DuckDuckGo | Non necessaria | Illimitato | Fallback integrato |
+| [Baidu Search](https://cloud.baidu.com/doc/qianfan-api/s/Wmbq4z7e5) | Richiesta | 1000 query/giorno | IA, ottimizzato per il cinese |
+| [Tavily](https://tavily.com) | Richiesta | 1000 query/mese | Ottimizzato per AI Agent |
+| [Brave Search](https://brave.com/search/api) | Richiesta | 2000 query/mese | Veloce e privato |
+| [Perplexity](https://www.perplexity.ai) | Richiesta | A pagamento | Ricerca potenziata dall'IA |
+| [SearXNG](https://github.com/searxng/searxng) | Non necessaria | Self-hosted | Metasearch engine gratuito |
+| [GLM Search](https://open.bigmodel.cn/) | Richiesta | Variabile | Ricerca web Zhipu |
+
+### ⚙️ Altri Strumenti
+
+PicoClaw include strumenti integrati per operazioni su file, esecuzione di codice, pianificazione e altro. Vedi [Configurazione degli Strumenti](docs/tools_configuration.md) per i dettagli.
+
+## 🎯 Skill
+
+Le Skill sono capacità modulari che estendono il tuo Agent. Vengono caricate dai file `SKILL.md` nel tuo workspace.
+
+**Installa skill da ClawHub:**
+
+```bash
+picoclaw skills search "web scraping"
+picoclaw skills install
+```
+
+**Configura il token ClawHub** (opzionale, per limiti di frequenza più alti):
+
+Aggiungi al tuo `config.json`:
+```json
+{
+ "tools": {
+ "skills": {
+ "registries": {
+ "clawhub": {
+ "auth_token": "your-clawhub-token"
+ }
+ }
+ }
+ }
+}
+```
+
+Per maggiori dettagli, vedi [Configurazione degli Strumenti - Skill](docs/tools_configuration.md#skills-tool).
+
+## 🔗 MCP (Model Context Protocol)
+
+PicoClaw supporta nativamente [MCP](https://modelcontextprotocol.io/) — connetti qualsiasi server MCP per estendere le capacità del tuo Agent con strumenti e sorgenti di dati esterni.
+
+```json
+{
+ "tools": {
+ "mcp": {
+ "enabled": true,
+ "servers": {
+ "filesystem": {
+ "enabled": true,
+ "command": "npx",
+ "args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"]
+ }
+ }
+ }
+ }
+}
+```
+
+Per la configurazione MCP completa (trasporti stdio, SSE, HTTP, Tool Discovery), vedi [Configurazione degli Strumenti - MCP](docs/tools_configuration.md#mcp-tool).
## Unisciti al Social Network degli Agent
@@ -212,11 +520,13 @@ Connetti PicoClaw al Social Network degli Agent semplicemente inviando un singol
| Comando | Descrizione |
| ------------------------- | ---------------------------------- |
| `picoclaw onboard` | Inizializza config & workspace |
+| `picoclaw onboard weixin` | Connetti account WeChat tramite QR |
| `picoclaw agent -m "..."` | Chatta con l'agent |
| `picoclaw agent` | Modalità chat interattiva |
| `picoclaw gateway` | Avvia il gateway |
| `picoclaw status` | Mostra lo stato |
| `picoclaw version` | Mostra le info sulla versione |
+| `picoclaw model` | Visualizza o cambia il modello predefinito |
| `picoclaw cron list` | Elenca tutti i job pianificati |
| `picoclaw cron add ...` | Aggiunge un job pianificato |
| `picoclaw cron disable` | Disabilita un job pianificato |
@@ -226,24 +536,43 @@ Connetti PicoClaw al Social Network degli Agent semplicemente inviando un singol
| `picoclaw migrate` | Migra i dati dalle versioni precedenti |
| `picoclaw auth login` | Autenticazione con i provider |
-### Task Pianificati / Promemoria
+### ⏰ Task Pianificati / Promemoria
PicoClaw supporta promemoria pianificati e task ricorrenti tramite lo strumento `cron`:
-* **Promemoria una tantum**: "Ricordami tra 10 minuti" → si attiva una volta dopo 10 min
-* **Task ricorrenti**: "Ricordami ogni 2 ore" → si attiva ogni 2 ore
-* **Espressioni cron**: "Ricordami alle 9 ogni giorno" → usa un'espressione cron
+* **Promemoria una tantum**: "Ricordami tra 10 minuti" -> si attiva una volta dopo 10 min
+* **Task ricorrenti**: "Ricordami ogni 2 ore" -> si attiva ogni 2 ore
+* **Espressioni cron**: "Ricordami alle 9 ogni giorno" -> usa un'espressione cron
+
+## 📚 Documentazione
+
+Per guide dettagliate oltre questo README:
+
+| Argomento | Descrizione |
+|-----------|-------------|
+| [Docker & Avvio Rapido](docs/docker.md) | Configurazione Docker Compose, modalità Launcher/Agent |
+| [App di Chat](docs/chat-apps.md) | Tutte le guide di configurazione per 17+ channel |
+| [Configurazione](docs/configuration.md) | Variabili d'ambiente, struttura del workspace, sandbox di sicurezza |
+| [Provider & Modelli](docs/providers.md) | 30+ provider LLM, routing dei modelli, configurazione model_list |
+| [Spawn & Task Asincroni](docs/spawn-tasks.md) | Task veloci, task lunghi con spawn, orchestrazione asincrona di sub-agent |
+| [Hooks](docs/hooks/README.md) | Sistema di hook event-driven: observer, interceptor, approval hook |
+| [Steering](docs/steering.md) | Iniettare messaggi in un loop agent in esecuzione |
+| [SubTurn](docs/subturn.md) | Coordinamento subagent, controllo concorrenza, ciclo di vita |
+| [Risoluzione Problemi](docs/troubleshooting.md) | Problemi comuni e soluzioni |
+| [Configurazione degli Strumenti](docs/tools_configuration.md) | Abilitazione/disabilitazione per strumento, politiche exec, MCP, Skill |
+| [Compatibilità Hardware](docs/hardware-compatibility.md) | Schede testate, requisiti minimi |
## 🤝 Contribuisci & Roadmap
-Le PR sono benvenute! Il codice è volutamente piccolo e leggibile. 🤗
+Le PR sono benvenute! Il codice è volutamente piccolo e leggibile.
-Consulta la nostra [Roadmap della Community](https://github.com/sipeed/picoclaw/blob/main/ROADMAP.md) completa.
+Consulta la nostra [Roadmap della Community](https://github.com/sipeed/picoclaw/issues/988) e [CONTRIBUTING.md](CONTRIBUTING.md) per le linee guida.
Gruppo sviluppatori in costruzione, unisciti dopo la tua prima PR accettata!
Gruppi utenti:
-discord:
+Discord:
-
+WeChat:
+
diff --git a/README.ja.md b/README.ja.md
index e5a927505..3096d4022 100644
--- a/README.ja.md
+++ b/README.ja.md
@@ -3,7 +3,7 @@
@@ -24,141 +24,129 @@
---
-> **PicoClaw** is an independent open-source project initiated by [Sipeed](https://sipeed.com). It is written entirely in **Go** — not a fork of OpenClaw, NanoBot, or any other project.
+> **PicoClaw** is an independent open-source project initiated by [Sipeed](https://sipeed.com), written entirely in **Go** from scratch — not a fork of OpenClaw, NanoBot, or any other project.
-🦐 PicoClaw is an ultra-lightweight personal AI Assistant inspired by [NanoBot](https://github.com/HKUDS/nanobot), refactored from the ground up in Go through a self-bootstrapping process, where the AI agent itself drove the entire architectural migration and code optimization.
+**PicoClaw** is an ultra-lightweight personal AI assistant inspired by [NanoBot](https://github.com/HKUDS/nanobot). It was rebuilt from the ground up in **Go** through a "self-bootstrapping" process — the AI Agent itself drove the architecture migration and code optimization.
-⚡️ Runs on $10 hardware with <10MB RAM: That's 99% less memory than OpenClaw and 98% cheaper than a Mac mini!
+**Runs on $10 hardware with <10MB RAM** — that's 99% less memory than OpenClaw and 98% cheaper than a Mac mini!
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
> [!CAUTION]
-> **🚨 SECURITY & OFFICIAL CHANNELS / 安全声明**
->
-> * **NO CRYPTO:** PicoClaw has **NO** official token/coin. All claims on `pump.fun` or other trading platforms are **SCAMS**.
+> **Security Notice**
>
+> * **NO CRYPTO:** PicoClaw has **not** issued any official tokens or cryptocurrency. All claims on `pump.fun` or other trading platforms are **scams**.
> * **OFFICIAL DOMAIN:** The **ONLY** official website is **[picoclaw.io](https://picoclaw.io)**, and company website is **[sipeed.com](https://sipeed.com)**
-> * **Warning:** Many `.ai/.org/.com/.net/...` domains are registered by third parties.
-> * **Warning:** picoclaw is in early development now and may have unresolved network security issues. Do not deploy to production environments before the v1.0 release.
-> * **Note:** picoclaw has recently merged a lot of PRs, which may result in a larger memory footprint (10–20MB) in the latest versions. We plan to prioritize resource optimization as soon as the current feature set reaches a stable state.
+> * **BEWARE:** Many `.ai/.org/.com/.net/...` domains have been registered by third parties. Do not trust them.
+> * **NOTE:** PicoClaw is in early rapid development. There may be unresolved security issues. Do not deploy to production before v1.0.
+> * **NOTE:** PicoClaw has recently merged many PRs. Recent builds may use 10-20MB RAM. Resource optimization is planned after feature stabilization.
## 📢 News
-2026-03-17 🚀 **v0.2.3 Released!** System tray UI (Windows & Linux), sub-agent status tracking (`spawn_status`), experimental gateway hot-reload, cron security gates, and 2 security fixes. PicoClaw now at **25K ⭐**!
+2026-03-17 🚀 **v0.2.3 Released!** System tray UI (Windows & Linux), sub-agent status query (`spawn_status`), experimental Gateway hot-reload, Cron security gating, and 2 security fixes. PicoClaw has reached **25K Stars**!
-2026-03-09 🎉 **v0.2.1 — Biggest update yet!** MCP protocol support, 4 new channels (Matrix/IRC/WeCom/Discord Proxy), 3 new providers (Kimi/Minimax/Avian), vision pipeline, JSONL memory store, and model routing.
+2026-03-09 🎉 **v0.2.1 — Biggest update yet!** MCP protocol support, 4 new channels (Matrix/IRC/WeCom/Discord Proxy), 3 new providers (Kimi/Minimax/Avian), vision pipeline, JSONL memory store, model routing.
-2026-02-28 📦 **v0.2.0** released with Docker Compose support and Web UI launcher.
+2026-02-28 📦 **v0.2.0** released with Docker Compose and Web UI Launcher support.
-2026-02-26 🎉 PicoClaw hit **20K stars** in just 17 days! Channel auto-orchestration and capability interfaces landed.
+2026-02-26 🎉 PicoClaw hits **20K Stars** in just 17 days! Channel auto-orchestration and capability interfaces are live.
-Older news...
+Earlier news...
-2026-02-16 🎉 PicoClaw hit 12K stars in one week! Community maintainer roles and [roadmap](ROADMAP.md) officially posted.
+2026-02-16 🎉 PicoClaw breaks 12K Stars in one week! Community maintainer roles and [Roadmap](ROADMAP.md) officially launched.
-2026-02-13 🎉 PicoClaw hit 5000 stars in 4 days! Project Roadmap and Developer Group setup underway.
+2026-02-13 🎉 PicoClaw breaks 5000 Stars in 4 days! Project roadmap and developer groups in progress.
-2026-02-09 🎉 **PicoClaw Launched!** Built in 1 day to bring AI Agents to $10 hardware with <10MB RAM. 🦐 PicoClaw,Let's Go!
+2026-02-09 🎉 **PicoClaw Released!** Built in 1 day to bring AI Agents to $10 hardware with <10MB RAM. Let's Go, PicoClaw!
## ✨ Features
-🪶 **Ultra-Lightweight**: <10MB Memory footprint — 99% smaller than OpenClaw core functionality.*
+🪶 **Ultra-lightweight**: Core memory footprint <10MB — 99% smaller than OpenClaw.*
-💰 **Minimal Cost**: Efficient enough to run on $10 Hardware — 98% cheaper than a Mac mini.
+💰 **Minimal cost**: Efficient enough to run on $10 hardware — 98% cheaper than a Mac mini.
-⚡️ **Lightning Fast**: 400X Faster startup time, boot in <1 second even on 0.6GHz single core.
+⚡️ **Lightning-fast boot**: 400x faster startup. Boots in <1s even on a 0.6GHz single-core processor.
-🌍 **True Portability**: Single self-contained binary across RISC-V, ARM, MIPS, and x86, One-click to Go!
+🌍 **Truly portable**: Single binary across RISC-V, ARM, MIPS, and x86 architectures. One binary, runs everywhere!
-🤖 **AI-Bootstrapped**: Autonomous Go-native implementation — 95% Agent-generated core with human-in-the-loop refinement.
+🤖 **AI-bootstrapped**: Pure Go native implementation — 95% of core code was generated by an Agent and fine-tuned through human-in-the-loop review.
-🔌 **MCP Support**: Native [Model Context Protocol](https://modelcontextprotocol.io/) integration — connect any MCP server to extend agent capabilities.
+🔌 **MCP support**: Native [Model Context Protocol](https://modelcontextprotocol.io/) integration — connect any MCP server to extend Agent capabilities.
-👁️ **Vision Pipeline**: Send images and files directly to the agent — automatic base64 encoding for multimodal LLMs.
+👁️ **Vision pipeline**: Send images and files directly to the Agent — automatic base64 encoding for multimodal LLMs.
-🧠 **Smart Routing**: Rule-based model routing — simple queries go to lightweight models, saving API costs.
+🧠 **Smart routing**: Rule-based model routing — simple queries go to lightweight models, saving API costs.
-_*Recent versions may use 10–20MB due to rapid feature merges. Resource optimization is planned. Startup comparison based on 0.8GHz single-core benchmarks (see table below)._
+_*Recent builds may use 10-20MB due to rapid PR merges. Resource optimization is planned. Boot speed comparison based on 0.8GHz single-core benchmarks (see table below)._
-| | OpenClaw | NanoBot | **PicoClaw** |
-| ----------------------------- | ------------- | ------------------------ | ----------------------------------------- |
-| **Language** | TypeScript | Python | **Go** |
-| **RAM** | >1GB | >100MB | **< 10MB*** |
-| **Startup**(0.8GHz core) | >500s | >30s | **<1s** |
-| **Cost** | Mac Mini $599 | Most Linux SBC ~$50 | **Any Linux Board****As low as $10** |
+
+
+| | OpenClaw | NanoBot | **PicoClaw** |
+| ------------------------------ | ------------- | ------------------------ | -------------------------------------- |
+| **Language** | TypeScript | Python | **Go** |
+| **RAM** | >1GB | >100MB | **< 10MB*** |
+| **Boot time**(0.8GHz core) | >500s | >30s | **<1s** |
+| **Cost** | Mac Mini $599 | Most Linux boards ~$50 | **Any Linux board****from $10** |
-> 📋 **[Hardware Compatibility List](docs/hardware-compatibility.md)** — See all tested boards, from $5 RISC-V to Raspberry Pi to Android phones. Your board not listed? Submit a PR!
+
+
+> **[Hardware Compatibility List](docs/hardware-compatibility.md)** — See all tested boards, from $5 RISC-V to Raspberry Pi to Android phones. Your board not listed? Submit a PR!
+
+
+
+
## 🦾 Demonstration
### 🛠️ Standard Assistant Workflows
-
-
🧩 Full-Stack Engineer
-
🗂️ Logging & Planning Management
-
🔎 Web Search & Learning
-
-
-
-
-
-
-
-
Develop • Deploy • Scale
-
Schedule • Automate • Memory
-
Discovery • Insights • Trends
-
+
+
Full-Stack Engineer Mode
+
Logging & Planning
+
Web Search & Learning
+
+
+
+
+
+
+
+
Develop · Deploy · Scale
+
Schedule · Automate · Remember
+
Discover · Insights · Trends
+
-### 📱 Run on old Android Phones
+### 🐜 Innovative Low-Footprint Deployment
-Give your decade-old phone a second life! Turn it into a smart AI Assistant with PicoClaw. Quick Start:
+PicoClaw can be deployed on virtually any Linux device!
-1. **Install [Termux](https://github.com/termux/termux-app)** (Download from [GitHub Releases](https://github.com/termux/termux-app/releases), or search in F-Droid / Google Play).
-2. **Execute cmds**
-
-```bash
-# Download the latest release from https://github.com/sipeed/picoclaw/releases
-wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz
-tar xzf picoclaw_Linux_arm64.tar.gz
-pkg install proot
-termux-chroot ./picoclaw onboard # chroot provides a standard Linux filesystem layout
-```
-
-And then follow the instructions in the "Quick Start" section to complete the configuration!
-
-
-
-### 🐜 Innovative Low-Footprint Deploy
-
-PicoClaw can be deployed on almost any Linux device!
-
-- $9.9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) E(Ethernet) or W(WiFi6) version, for Minimal Home Assistant
-- $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), or $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html) for Automated Server Maintenance
-- $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) or $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera) for Smart Monitoring
+- $9.9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) E(Ethernet) or W(WiFi6) edition, for a minimal home assistant
+- $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), or $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html), for automated server operations
+- $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) or $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera), for smart surveillance
-🌟 More Deployment Cases Await!
+🌟 More Deployment Cases Await!
## 📦 Install
@@ -178,24 +166,59 @@ git clone https://github.com/sipeed/picoclaw.git
cd picoclaw
make deps
-# Build, no need to install
+# Build core binary
make build
+# Build Web UI Launcher (required for WebUI mode)
+make build-launcher
+
# Build for multiple platforms
make build-all
# Build for Raspberry Pi Zero 2 W (32-bit: make build-linux-arm; 64-bit: make build-linux-arm64)
make build-pi-zero
-# Build And Install
+# Build and install
make install
```
-**Raspberry Pi Zero 2 W:** Use the binary that matches your OS: 32-bit Raspberry Pi OS → `make build-linux-arm`; 64-bit → `make build-linux-arm64`. Or run `make build-pi-zero` to build both.
+**Raspberry Pi Zero 2 W:** Use the binary that matches your OS: 32-bit Raspberry Pi OS -> `make build-linux-arm`; 64-bit -> `make build-linux-arm64`. Or run `make build-pi-zero` to build both.
-## 📚 Documentation
+## 🚀 Quick Start Guide
-For detailed guides, see the docs below. The README covers quick start only.
+### 🌐 WebUI Launcher (Recommended for Desktop)
+
+The WebUI Launcher provides a browser-based interface for configuration and chat. This is the easiest way to get started — no command-line knowledge required.
+
+**Option 1: Double-click (Desktop)**
+
+After downloading from [picoclaw.io](https://picoclaw.io), double-click `picoclaw-launcher` (or `picoclaw-launcher.exe` on Windows). Your browser will open automatically at `http://localhost:18800`.
+
+**Option 2: Command line**
+
+```bash
+picoclaw-launcher
+# Open http://localhost:18800 in your browser
+```
+
+> [!TIP]
+> **Remote access / Docker / VM:** Add the `-public` flag to listen on all interfaces:
+> ```bash
+> picoclaw-launcher -public
+> ```
+
+
+
+
+
+**Getting started:**
+
+Open the WebUI, then: **1)** Configure a Provider (add your LLM API key) -> **2)** Configure a Channel (e.g., Telegram) -> **3)** Start the Gateway -> **4)** Chat!
+
+For detailed WebUI documentation, see [docs.picoclaw.io](https://docs.picoclaw.io).
+
+
+Docker (alternative)
```bash
# 1. Clone this repo
@@ -203,61 +226,81 @@ git clone https://github.com/sipeed/picoclaw.git
cd picoclaw
# 2. First run — auto-generates docker/data/config.json then exits
-docker compose -f docker/docker-compose.yml --profile gateway up
+# (only triggers when both config.json and workspace/ are missing)
+docker compose -f docker/docker-compose.yml --profile launcher up
# The container prints "First-run setup complete." and stops.
# 3. Set your API keys
-vim docker/data/config.json # Set provider API keys, bot tokens, etc.
+vim docker/data/config.json
# 4. Start
-docker compose -f docker/docker-compose.yml --profile gateway up -d
+docker compose -f docker/docker-compose.yml --profile launcher up -d
+# Open http://localhost:18800
```
-> [!TIP]
-> **Docker Users**: By default, the Gateway listens on `127.0.0.1` which is not accessible from the host. If you need to access the health endpoints or expose ports, set `PICOCLAW_GATEWAY_HOST=0.0.0.0` in your environment or update `config.json`.
+> **Docker / VM users:** The Gateway listens on `127.0.0.1` by default. Set `PICOCLAW_GATEWAY_HOST=0.0.0.0` or use the `-public` flag to make it accessible from the host.
```bash
-# 5. Check logs
-docker compose -f docker/docker-compose.yml logs -f picoclaw-gateway
+# Check logs
+docker compose -f docker/docker-compose.yml logs -f
-# 6. Stop
-docker compose -f docker/docker-compose.yml --profile gateway down
-```
+# Stop
+docker compose -f docker/docker-compose.yml --profile launcher down
-### Launcher Mode (Web Console)
-
-The `launcher` image includes all three binaries (`picoclaw`, `picoclaw-launcher`, `picoclaw-launcher-tui`) and starts the web console by default, which provides a browser-based UI for configuration and chat.
-
-```bash
+# Update
+docker compose -f docker/docker-compose.yml pull
docker compose -f docker/docker-compose.yml --profile launcher up -d
```
-Open http://localhost:18800 in your browser. The launcher manages the gateway process automatically.
+
-> [!WARNING]
-> The web console does not yet support authentication. Avoid exposing it to the public internet.
+### 💻 TUI Launcher (Recommended for Headless / SSH)
-### Agent Mode (One-shot)
+The TUI (Terminal UI) Launcher provides a full-featured terminal interface for configuration and management. Ideal for servers, Raspberry Pi, and other headless environments.
```bash
-# Ask a question
-docker compose -f docker/docker-compose.yml run --rm picoclaw-agent -m "What is 2+2?"
-
-# Interactive mode
-docker compose -f docker/docker-compose.yml run --rm picoclaw-agent
+picoclaw-launcher-tui
```
-### Update
+
+
+
+
+**Getting started:**
+
+Use the TUI menus to: **1)** Configure a Provider -> **2)** Configure a Channel -> **3)** Start the Gateway -> **4)** Chat!
+
+For detailed TUI documentation, see [docs.picoclaw.io](https://docs.picoclaw.io).
+
+### 📱 Android
+
+Give your decade-old phone a second life! Turn it into a smart AI Assistant with PicoClaw.
+
+**Option 1: Termux (available now)**
+
+1. Install [Termux](https://github.com/termux/termux-app) (download from [GitHub Releases](https://github.com/termux/termux-app/releases), or search in F-Droid / Google Play)
+2. Run the following commands:
```bash
-docker compose -f docker/docker-compose.yml pull
-docker compose -f docker/docker-compose.yml --profile gateway up -d
+# Download the latest release
+wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz
+tar xzf picoclaw_Linux_arm64.tar.gz
+pkg install proot
+termux-chroot ./picoclaw onboard # chroot provides a standard Linux filesystem layout
```
-### 🚀 Quick Start
+Then follow the Terminal Launcher section below to complete configuration.
-> [!TIP]
-> Set your API Key in `~/.picoclaw/config.json`. Get API Keys: [Volcengine (CodingPlan)](https://console.volcengine.com) (LLM) · [OpenRouter](https://openrouter.ai/keys) (LLM) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) (LLM). Web search is optional — get a free [Tavily API](https://tavily.com) (1000 free queries/month) or [Brave Search API](https://brave.com/search/api) (2000 free queries/month).
+
+
+**Option 2: APK Install (coming soon)**
+
+A standalone Android APK with built-in WebUI is in development. Stay tuned!
+
+
+Terminal Launcher (for resource-constrained environments)
+
+For minimal environments where only the `picoclaw` core binary is available (no Launcher UI), you can configure everything via the command line and a JSON config file.
**1. Initialize**
@@ -265,522 +308,271 @@ docker compose -f docker/docker-compose.yml --profile gateway up -d
picoclaw onboard
```
+This creates `~/.picoclaw/config.json` and the workspace directory.
+
**2. Configure** (`~/.picoclaw/config.json`)
```json
{
"agents": {
"defaults": {
- "workspace": "~/.picoclaw/workspace",
- "model_name": "gpt-5.4",
- "max_tokens": 8192,
- "temperature": 0.7,
- "max_tool_iterations": 20
+ "model_name": "gpt-5.4"
}
},
"model_list": [
- {
- "model_name": "ark-code-latest",
- "model": "volcengine/ark-code-latest",
- "api_key": "sk-your-api-key"
- },
{
"model_name": "gpt-5.4",
"model": "openai/gpt-5.4",
- "api_key": "your-api-key",
- "request_timeout": 300
- },
- {
- "model_name": "claude-sonnet-4.6",
- "model": "anthropic/claude-sonnet-4.6",
- "api_key": "your-anthropic-key"
+ "api_key": "sk-your-api-key"
}
- ],
+ ]
+}
+```
+
+> See `config/config.example.json` in the repo for a complete configuration template with all available options.
+
+**3. Chat**
+
+```bash
+# One-shot question
+picoclaw agent -m "What is 2+2?"
+
+# Interactive mode
+picoclaw agent
+
+# Start gateway for chat app integration
+picoclaw gateway
+```
+
+
+
+## 🔌 Providers (LLM)
+
+PicoClaw supports 30+ LLM providers through the `model_list` configuration. Use the `protocol/model` format:
+
+| Provider | Protocol | API Key | Notes |
+|----------|----------|---------|-------|
+| [OpenAI](https://platform.openai.com/api-keys) | `openai/` | Required | GPT-5.4, GPT-4o, o3, etc. |
+| [Anthropic](https://console.anthropic.com/settings/keys) | `anthropic/` | Required | Claude Opus 4.6, Sonnet 4.6, etc. |
+| [Google Gemini](https://aistudio.google.com/apikey) | `gemini/` | Required | Gemini 3 Flash, 2.5 Pro, etc. |
+| [OpenRouter](https://openrouter.ai/keys) | `openrouter/` | Required | 200+ models, unified API |
+| [Zhipu (GLM)](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | `zhipu/` | Required | GLM-4.7, GLM-5, etc. |
+| [DeepSeek](https://platform.deepseek.com/api_keys) | `deepseek/` | Required | DeepSeek-V3, DeepSeek-R1 |
+| [Volcengine](https://console.volcengine.com) | `volcengine/` | Required | Doubao, Ark models |
+| [Qwen](https://dashscope.console.aliyun.com/apiKey) | `qwen/` | Required | Qwen3, Qwen-Max, etc. |
+| [Groq](https://console.groq.com/keys) | `groq/` | Required | Fast inference (Llama, Mixtral) |
+| [Moonshot (Kimi)](https://platform.moonshot.cn/console/api-keys) | `moonshot/` | Required | Kimi models |
+| [Minimax](https://platform.minimaxi.com/user-center/basic-information/interface-key) | `minimax/` | Required | MiniMax models |
+| [Mistral](https://console.mistral.ai/api-keys) | `mistral/` | Required | Mistral Large, Codestral |
+| [NVIDIA NIM](https://build.nvidia.com/) | `nvidia/` | Required | NVIDIA hosted models |
+| [Cerebras](https://cloud.cerebras.ai/) | `cerebras/` | Required | Fast inference |
+| [Novita AI](https://novita.ai/) | `novita/` | Required | Various open models |
+| [Ollama](https://ollama.com/) | `ollama/` | Not needed | Local models, self-hosted |
+| [vLLM](https://docs.vllm.ai/) | `vllm/` | Not needed | Local deployment, OpenAI-compatible |
+| [LiteLLM](https://docs.litellm.ai/) | `litellm/` | Varies | Proxy for 100+ providers |
+| [Azure OpenAI](https://portal.azure.com/) | `azure/` | Required | Enterprise Azure deployment |
+| [GitHub Copilot](https://github.com/features/copilot) | `github-copilot/` | OAuth | Device code login |
+| [Antigravity](https://console.cloud.google.com/) | `antigravity/` | OAuth | Google Cloud AI |
+
+
+Local deployment (Ollama, vLLM, etc.)
+
+**Ollama:**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "local-llama",
+ "model": "ollama/llama3.1:8b",
+ "api_base": "http://localhost:11434/v1"
+ }
+ ]
+}
+```
+
+**vLLM:**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "local-vllm",
+ "model": "vllm/your-model",
+ "api_base": "http://localhost:8000/v1"
+ }
+ ]
+}
+```
+
+For full provider configuration details, see [Providers & Models](docs/providers.md).
+
+
+
+## 💬 Channels (Chat Apps)
+
+Talk to your PicoClaw through 17+ messaging platforms:
+
+| Channel | Setup | Protocol | Docs |
+|---------|-------|----------|------|
+| **Telegram** | Easy (bot token) | Long polling | [Guide](docs/channels/telegram/README.md) |
+| **Discord** | Easy (bot token + intents) | WebSocket | [Guide](docs/channels/discord/README.md) |
+| **WhatsApp** | Easy (QR scan or bridge URL) | Native / Bridge | [Guide](docs/chat-apps.md#whatsapp) |
+| **Weixin** | Easy (Native QR scan) | iLink API | [Guide](docs/chat-apps.md#weixin) |
+| **QQ** | Easy (AppID + AppSecret) | WebSocket | [Guide](docs/channels/qq/README.md) |
+| **Slack** | Easy (bot + app token) | Socket Mode | [Guide](docs/channels/slack/README.md) |
+| **Matrix** | Medium (homeserver + token) | Sync API | [Guide](docs/channels/matrix/README.md) |
+| **DingTalk** | Medium (client credentials) | Stream | [Guide](docs/channels/dingtalk/README.md) |
+| **Feishu / Lark** | Medium (App ID + Secret) | WebSocket/SDK | [Guide](docs/channels/feishu/README.md) |
+| **LINE** | Medium (credentials + webhook) | Webhook | [Guide](docs/channels/line/README.md) |
+| **WeCom Bot** | Medium (webhook URL) | Webhook | [Guide](docs/channels/wecom/wecom_bot/README.md) |
+| **WeCom App** | Medium (corp credentials) | Webhook | [Guide](docs/channels/wecom/wecom_app/README.md) |
+| **WeCom AI Bot** | Medium (token + AES key) | WebSocket / Webhook | [Guide](docs/channels/wecom/wecom_aibot/README.md) |
+| **IRC** | Medium (server + nick) | IRC protocol | [Guide](docs/chat-apps.md#irc) |
+| **OneBot** | Medium (WebSocket URL) | OneBot v11 | [Guide](docs/channels/onebot/README.md) |
+| **MaixCam** | Easy (enable) | TCP socket | [Guide](docs/channels/maixcam/README.md) |
+| **Pico** | Easy (enable) | Native protocol | Built-in |
+| **Pico Client** | Easy (WebSocket URL) | WebSocket | Built-in |
+
+> All webhook-based channels share a single Gateway HTTP server (`gateway.host`:`gateway.port`, default `127.0.0.1:18790`). Feishu uses WebSocket/SDK mode and does not use the shared HTTP server.
+
+For detailed channel setup instructions, see [Chat Apps Configuration](docs/chat-apps.md).
+
+## 🔧 Tools
+
+### 🔍 Web Search
+
+PicoClaw can search the web to provide up-to-date information. Configure in `tools.web`:
+
+| Search Engine | API Key | Free Tier | Link |
+|--------------|---------|-----------|------|
+| DuckDuckGo | Not needed | Unlimited | Built-in fallback |
+| [Baidu Search](https://cloud.baidu.com/doc/qianfan-api/s/Wmbq4z7e5) | Required | 1000 queries/day | AI-powered, China-optimized |
+| [Tavily](https://tavily.com) | Required | 1000 queries/month | Optimized for AI Agents |
+| [Brave Search](https://brave.com/search/api) | Required | 2000 queries/month | Fast and private |
+| [Perplexity](https://www.perplexity.ai) | Required | Paid | AI-powered search |
+| [SearXNG](https://github.com/searxng/searxng) | Not needed | Self-hosted | Free metasearch engine |
+| [GLM Search](https://open.bigmodel.cn/) | Required | Varies | Zhipu web search |
+
+### ⚙️ Other Tools
+
+PicoClaw includes built-in tools for file operations, code execution, scheduling, and more. See [Tools Configuration](docs/tools_configuration.md) for details.
+
+## 🎯 Skills
+
+Skills are modular capabilities that extend your Agent. They are loaded from `SKILL.md` files in your workspace.
+
+**Install skills from ClawHub:**
+
+```bash
+picoclaw skills search "web scraping"
+picoclaw skills install
+```
+
+**Configure ClawHub token** (optional, for higher rate limits):
+
+Add to your `config.json`:
+```json
+{
"tools": {
- "web": {
- "brave": {
- "enabled": false,
- "api_key": "YOUR_BRAVE_API_KEY",
- "max_results": 5
- },
- "tavily": {
- "enabled": false,
- "api_key": "YOUR_TAVILY_API_KEY",
- "max_results": 5
- },
- "duckduckgo": {
- "enabled": true,
- "max_results": 5
- },
- "perplexity": {
- "enabled": false,
- "api_key": "YOUR_PERPLEXITY_API_KEY",
- "max_results": 5
- },
- "searxng": {
- "enabled": false,
- "base_url": "http://your-searxng-instance:8888",
- "max_results": 5
+ "skills": {
+ "registries": {
+ "clawhub": {
+ "auth_token": "your-clawhub-token"
+ }
}
}
}
}
```
-> **New**: The `model_list` configuration format allows zero-code provider addition. See [Model Configuration](#model-configuration-model_list) for details.
-> `request_timeout` is optional and uses seconds. If omitted or set to `<= 0`, PicoClaw uses the default timeout (120s).
+For more details, see [Tools Configuration - Skills](docs/tools_configuration.md#skills-tool).
-**3. Get API Keys**
+## 🔗 MCP (Model Context Protocol)
-* **LLM Provider**: [OpenRouter](https://openrouter.ai/keys) · [Zhipu](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) · [Anthropic](https://console.anthropic.com) · [OpenAI](https://platform.openai.com) · [Gemini](https://aistudio.google.com/api-keys)
-* **Web Search** (optional):
- * [Brave Search](https://brave.com/search/api) - Paid ($5/1000 queries, ~$5-6/month)
- * [Perplexity](https://www.perplexity.ai) - AI-powered search with chat interface
- * [SearXNG](https://github.com/searxng/searxng) - Self-hosted metasearch engine (free, no API key needed)
- * [Tavily](https://tavily.com) - Optimized for AI Agents (1000 requests/month)
- * DuckDuckGo - Built-in fallback (no API key required)
-
-> **Note**: See `config.example.json` for a complete configuration template.
-
-**4. Chat**
-
-```bash
-picoclaw agent -m "What is 2+2?"
-```
-
-That's it! You have a working AI assistant in 2 minutes.
-
----
-
-## 💬 Chat Apps
-
-Talk to your picoclaw through Telegram, Discord, WhatsApp, Matrix, QQ, DingTalk, LINE, or WeCom
-
-> **Note**: All webhook-based channels (LINE, WeCom, etc.) are served on a single shared Gateway HTTP server (`gateway.host`:`gateway.port`, default `127.0.0.1:18790`). There are no per-channel ports to configure. Note: Feishu uses WebSocket/SDK mode and does not use the shared HTTP webhook server.
-
-| Channel | Setup |
-| ------------ | ---------------------------------- |
-| **Telegram** | Easy (just a token) |
-| **Discord** | Easy (bot token + intents) |
-| **WhatsApp** | Easy (native: QR scan; or bridge URL) |
-| **Weixin** | Easy (Native QR scan) |
-| **Matrix** | Medium (homeserver + bot access token) |
-| **QQ** | Easy (AppID + AppSecret) |
-| **DingTalk** | Medium (app credentials) |
-| **LINE** | Medium (credentials + webhook URL) |
-| **WeCom AI Bot** | Medium (Token + AES key) |
-
-
-Telegram (Recommended)
-
-**1. Create a bot**
-
-* Open Telegram, search `@BotFather`
-* Send `/newbot`, follow prompts
-* Copy the token
-
-**2. Configure**
+PicoClaw natively supports [MCP](https://modelcontextprotocol.io/) — connect any MCP server to extend your Agent's capabilities with external tools and data sources.
```json
{
- "channels": {
- "telegram": {
+ "tools": {
+ "mcp": {
"enabled": true,
- "token": "YOUR_BOT_TOKEN",
- "allow_from": ["YOUR_USER_ID"]
+ "servers": {
+ "filesystem": {
+ "enabled": true,
+ "command": "npx",
+ "args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"]
+ }
+ }
}
}
}
```
-> Get your user ID from `@userinfobot` on Telegram.
-
-**3. Run**
-
-```bash
-picoclaw gateway
-```
-
-**4. Telegram command menu (auto-registered at startup)**
-
-PicoClaw now keeps command definitions in one shared registry. On startup, Telegram will automatically register supported bot commands (for example `/start`, `/help`, `/show`, `/list`) so command menu and runtime behavior stay in sync.
-Telegram command menu registration remains channel-local discovery UX; generic command execution is handled centrally in the agent loop via the commands executor.
-
-If command registration fails (network/API transient errors), the channel still starts and PicoClaw retries registration in the background.
-
-
-
-
-Discord
-
-**1. Create a bot**
-
-* Go to
-* Create an application → Bot → Add Bot
-* Copy the bot token
-
-**2. Enable intents**
-
-* In the Bot settings, enable **MESSAGE CONTENT INTENT**
-* (Optional) Enable **SERVER MEMBERS INTENT** if you plan to use allow lists based on member data
-
-**3. Get your User ID**
-* Discord Settings → Advanced → enable **Developer Mode**
-* Right-click your avatar → **Copy User ID**
-
-**4. Configure**
-
-```json
-{
- "channels": {
- "discord": {
- "enabled": true,
- "token": "YOUR_BOT_TOKEN",
- "allow_from": ["YOUR_USER_ID"]
- }
- }
-}
-```
-
-**5. Invite the bot**
-
-* OAuth2 → URL Generator
-* Scopes: `bot`
-* Bot Permissions: `Send Messages`, `Read Message History`
-* Open the generated invite URL and add the bot to your server
-
-**Optional: Group trigger mode**
-
-By default the bot responds to all messages in a server channel. To restrict responses to @-mentions only, add:
-
-```json
-{
- "channels": {
- "discord": {
- "group_trigger": { "mention_only": true }
- }
- }
-}
-```
-
-You can also trigger by keyword prefixes (e.g. `!bot`):
-
-```json
-{
- "channels": {
- "discord": {
- "group_trigger": { "prefixes": ["!bot"] }
- }
- }
-}
-```
-
-**6. Run**
-
-```bash
-picoclaw gateway
-```
-
-
-
-
-WhatsApp (native via whatsmeow)
-
-PicoClaw can connect to WhatsApp in two ways:
-
-- **Native (recommended):** In-process using [whatsmeow](https://github.com/tulir/whatsmeow). No separate bridge. Set `"use_native": true` and leave `bridge_url` empty. On first run, scan the QR code with WhatsApp (Linked Devices). Session is stored under your workspace (e.g. `workspace/whatsapp/`). The native channel is **optional** to keep the default binary small; build with `-tags whatsapp_native` (e.g. `make build-whatsapp-native` or `go build -tags whatsapp_native ./cmd/...`).
-- **Bridge:** Connect to an external WebSocket bridge. Set `bridge_url` (e.g. `ws://localhost:3001`) and keep `use_native` false.
-
-**Configure (native)**
-
-```json
-{
- "channels": {
- "whatsapp": {
- "enabled": true,
- "use_native": true,
- "session_store_path": "",
- "allow_from": []
- }
- }
-}
-```
-
-If `session_store_path` is empty, the session is stored in `<workspace>/whatsapp/`. Run `picoclaw gateway`; on first run, scan the QR code printed in the terminal with WhatsApp → Linked Devices.
-
-
-
-
-Weixin (WeChat Personal)
-
-PicoClaw supports connecting to your personal WeChat account using the official Tencent iLink API.
-
-**1. Login**
-Run the interactive QR login flow:
-```bash
-picoclaw onboard weixin
-```
-Scan the printed QR code with your WeChat mobile app. On success, the token is saved to your config.
-
-**2. Configure**
-(Optional) Update `allow_from` with your WeChat User ID to restrict who can message the bot:
-```json
-{
- "channels": {
- "weixin": {
- "enabled": true,
- "token": "YOUR_TOKEN",
- "allow_from": ["YOUR_USER_ID"]
- }
- }
-}
-```
-
-**3. Run**
-```bash
-picoclaw gateway
-```
-
-
-
-
-QQ
-
-**1. Create a bot**
-
-- Go to [QQ Open Platform](https://q.qq.com/#)
-- Create an application → Get **AppID** and **AppSecret**
-
-**2. Configure**
-
-```json
-{
- "channels": {
- "qq": {
- "enabled": true,
- "app_id": "YOUR_APP_ID",
- "app_secret": "YOUR_APP_SECRET",
- "allow_from": []
- }
- }
-}
-```
-
-> Set `allow_from` to empty to allow all users, or specify QQ numbers to restrict access.
-
-**3. Run**
-
-```bash
-picoclaw gateway
-```
-
-
-
-
-DingTalk
-
-**1. Create a bot**
-
-* Go to [Open Platform](https://open.dingtalk.com/)
-* Create an internal app
-* Copy Client ID and Client Secret
-
-**2. Configure**
-
-```json
-{
- "channels": {
- "dingtalk": {
- "enabled": true,
- "client_id": "YOUR_CLIENT_ID",
- "client_secret": "YOUR_CLIENT_SECRET",
- "allow_from": []
- }
- }
-}
-```
-
-> Set `allow_from` to empty to allow all users, or specify DingTalk user IDs to restrict access.
-
-**3. Run**
-
-```bash
-picoclaw gateway
-```
-
-
-
-Matrix
-
-**1. Prepare bot account**
-
-* Use your preferred homeserver (e.g. `https://matrix.org` or self-hosted)
-* Create a bot user and obtain its access token
-
-**2. Configure**
-
-```json
-{
- "channels": {
- "matrix": {
- "enabled": true,
- "homeserver": "https://matrix.org",
- "user_id": "@your-bot:matrix.org",
- "access_token": "YOUR_MATRIX_ACCESS_TOKEN",
- "allow_from": []
- }
- }
-}
-```
-
-**3. Run**
-
-```bash
-picoclaw gateway
-```
-
-For full options (`device_id`, `join_on_invite`, `group_trigger`, `placeholder`, `reasoning_channel_id`), see [Matrix Channel Configuration Guide](docs/channels/matrix/README.md).
-
-
-
-
-LINE
-
-**1. Create a LINE Official Account**
-
-- Go to [LINE Developers Console](https://developers.line.biz/)
-- Create a provider → Create a Messaging API channel
-- Copy **Channel Secret** and **Channel Access Token**
-
-**2. Configure**
-
-```json
-{
- "channels": {
- "line": {
- "enabled": true,
- "channel_secret": "YOUR_CHANNEL_SECRET",
- "channel_access_token": "YOUR_CHANNEL_ACCESS_TOKEN",
- "webhook_path": "/webhook/line",
- "allow_from": []
- }
- }
-}
-```
-
-> LINE webhook is served on the shared Gateway server (`gateway.host`:`gateway.port`, default `127.0.0.1:18790`).
-
-**3. Set up Webhook URL**
-
-LINE requires HTTPS for webhooks. Use a reverse proxy or tunnel:
-
-```bash
-# Example with ngrok (gateway default port is 18790)
-ngrok http 18790
-```
-
-Then set the Webhook URL in LINE Developers Console to `https://your-domain/webhook/line` and enable **Use webhook**.
-
-**4. Run**
-
-```bash
-picoclaw gateway
-```
-
-> In group chats, the bot responds only when @mentioned. Replies quote the original message.
-
-
-
-
-WeCom (企业微信)
-
-PicoClaw supports three types of WeCom integration:
-
-**Option 1: WeCom Bot (Bot)** - Easier setup, supports group chats
-**Option 2: WeCom App (Custom App)** - More features, proactive messaging, private chat only
-**Option 3: WeCom AI Bot (AI Bot)** - Official AI Bot, streaming replies, supports group & private chat
-
-See [WeCom AI Bot Configuration Guide](docs/channels/wecom/wecom_aibot/README.zh.md) for detailed setup instructions.
-
-**Quick Setup - WeCom AI Bot:**
-
-**1. Create an AI Bot**
-
-* Go to WeCom Admin Console → AI Bot
-* Create a new AI Bot → Set name, avatar, etc.
-* Copy **Bot ID** and **Secret**
-
-**2. Configure**
-
-```json
-{
- "channels": {
- "wecom_aibot": {
- "enabled": true,
- "bot_id": "YOUR_BOT_ID",
- "secret": "YOUR_SECRET",
- "allow_from": [],
- "welcome_message": "Hello! How can I help you?"
- }
- }
-}
-```
-
-**3. Run**
-
-```bash
-picoclaw gateway
-```
-
-> **Note**: WeCom AI Bot uses streaming pull protocol — no reply timeout concerns. Long tasks (>30 seconds) automatically switch to `response_url` push delivery.
-
-
+For full MCP configuration (stdio, SSE, HTTP transports, Tool Discovery), see [Tools Configuration - MCP](docs/tools_configuration.md#mcp-tool).
## Join the Agent Social Network
-Connect Picoclaw to the Agent Social Network simply by sending a single message via the CLI or any integrated Chat App.
+Connect PicoClaw to the Agent Social Network simply by sending a single message via the CLI or any integrated Chat App.
**Read `https://clawdchat.ai/skill.md` and follow the instructions to join [ClawdChat.ai](https://clawdchat.ai)**
## 🖥️ CLI Reference
-| Command | Description |
-| ------------------------- | ----------------------------- |
-| `picoclaw onboard` | Initialize config & workspace |
+| Command | Description |
+| ------------------------- | -------------------------------- |
+| `picoclaw onboard` | Initialize config & workspace |
| `picoclaw onboard weixin` | Connect WeChat account via QR |
-| `picoclaw agent -m "..."` | Chat with the agent |
-| `picoclaw agent` | Interactive chat mode |
-| `picoclaw gateway` | Start the gateway |
-| `picoclaw status` | Show status |
-| `picoclaw version` | Show version info |
-| `picoclaw cron list` | List all scheduled jobs |
-| `picoclaw cron add ...` | Add a scheduled job |
-| `picoclaw cron disable` | Disable a scheduled job |
-| `picoclaw cron remove` | Remove a scheduled job |
-| `picoclaw skills list` | List installed skills |
-| `picoclaw skills install` | Install a skill |
+| `picoclaw agent -m "..."` | Chat with the agent |
+| `picoclaw agent` | Interactive chat mode |
+| `picoclaw gateway` | Start the gateway |
+| `picoclaw status` | Show status |
+| `picoclaw version` | Show version info |
+| `picoclaw model` | View or switch the default model |
+| `picoclaw cron list` | List all scheduled jobs |
+| `picoclaw cron add ...` | Add a scheduled job |
+| `picoclaw cron disable` | Disable a scheduled job |
+| `picoclaw cron remove` | Remove a scheduled job |
+| `picoclaw skills list` | List installed skills |
+| `picoclaw skills install` | Install a skill |
| `picoclaw migrate` | Migrate data from older versions |
-| `picoclaw auth login` | Authenticate with providers |
+| `picoclaw auth login` | Authenticate with providers |
-### Scheduled Tasks / Reminders
+### ⏰ Scheduled Tasks / Reminders
PicoClaw supports scheduled reminders and recurring tasks through the `cron` tool:
-* **One-time reminders**: "Remind me in 10 minutes" → triggers once after 10min
-* **Recurring tasks**: "Remind me every 2 hours" → triggers every 2 hours
-* **Cron expressions**: "Remind me at 9am daily" → uses cron expression
+* **One-time reminders**: "Remind me in 10 minutes" -> triggers once after 10min
+* **Recurring tasks**: "Remind me every 2 hours" -> triggers every 2 hours
+* **Cron expressions**: "Remind me at 9am daily" -> uses cron expression
+
+## 📚 Documentation
+
+For detailed guides beyond this README:
+
+| Topic | Description |
+|-------|-------------|
+| [Docker & Quick Start](docs/docker.md) | Docker Compose setup, Launcher/Agent modes |
+| [Chat Apps](docs/chat-apps.md) | All 17+ channel setup guides |
+| [Configuration](docs/configuration.md) | Environment variables, workspace layout, security sandbox |
+| [Providers & Models](docs/providers.md) | 30+ LLM providers, model routing, model_list configuration |
+| [Spawn & Async Tasks](docs/spawn-tasks.md) | Quick tasks, long tasks with spawn, async sub-agent orchestration |
+| [Hooks](docs/hooks/README.md) | Event-driven hook system: observers, interceptors, approval hooks |
+| [Steering](docs/steering.md) | Inject messages into a running agent loop between tool calls |
+| [SubTurn](docs/subturn.md) | Subagent coordination, concurrency control, lifecycle |
+| [Troubleshooting](docs/troubleshooting.md) | Common issues and solutions |
+| [Tools Configuration](docs/tools_configuration.md) | Per-tool enable/disable, exec policies, MCP, Skills |
+| [Hardware Compatibility](docs/hardware-compatibility.md) | Tested boards, minimum requirements |
## 🤝 Contribute & Roadmap
-PRs welcome! The codebase is intentionally small and readable. 🤗
+PRs welcome! The codebase is intentionally small and readable.
-See our full [Community Roadmap](https://github.com/sipeed/picoclaw/blob/main/ROADMAP.md).
+See our [Community Roadmap](https://github.com/sipeed/picoclaw/issues/988) and [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
Developer group building, join after your first merged PR!
User Groups:
-discord:
+Discord:
WeChat:
diff --git a/README.pt-br.md b/README.pt-br.md
index c1df570a5..3c039f190 100644
--- a/README.pt-br.md
+++ b/README.pt-br.md
@@ -1,9 +1,9 @@
-
+
-
PicoClaw: Assistente de IA Ultra-Eficiente em Go
+
PicoClaw: Assistente de IA Ultra-Eficiente em Go
-
Hardware de $10 · <10MB de RAM · Boot em <1s · 皮皮虾,我们走!
+
Hardware de $10 · 10MB de RAM · Boot em ms · Let's Go, PicoClaw!
@@ -24,149 +24,137 @@
---
-> **PicoClaw** é um projeto open-source independente iniciado pela [Sipeed](https://sipeed.com). É escrito inteiramente em **Go** — não é um fork do OpenClaw, NanoBot ou qualquer outro projeto.
+> **PicoClaw** é um projeto open-source independente iniciado pela [Sipeed](https://sipeed.com), escrito inteiramente em **Go** do zero — não é um fork do OpenClaw, NanoBot ou qualquer outro projeto.
-🦐 PicoClaw é um assistente pessoal de IA ultra-leve inspirado no [NanoBot](https://github.com/HKUDS/nanobot), reescrito do zero em Go por meio de um processo de auto-inicialização (self-bootstrapping), onde o próprio agente de IA conduziu toda a migração de arquitetura e otimização de código.
+**PicoClaw** é um assistente de IA pessoal ultra-leve inspirado no [NanoBot](https://github.com/HKUDS/nanobot). Foi reconstruído do zero em **Go** por meio de um processo de "auto-bootstrapping" — o próprio AI Agent conduziu a migração de arquitetura e a otimização do código.
-⚡️ Roda em hardware de $10 com <10MB de RAM: Isso é 99% menos memória que o OpenClaw e 98% mais barato que um Mac mini!
+**Roda em hardware de $10 com menos de 10MB de RAM** — isso é 99% menos memória que o OpenClaw e 98% mais barato que um Mac mini!
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
> [!CAUTION]
-> **🚨 DECLARAÇÃO DE SEGURANÇA & CANAIS OFICIAIS**
+> **Aviso de Segurança**
>
-> * **SEM CRIPTOMOEDAS:** O PicoClaw **NÃO** possui nenhum token/moeda oficial. Todas as alegações no `pump.fun` ou outras plataformas de negociação são **GOLPES**.
->
-> * **DOMÍNIO OFICIAL:** O **ÚNICO** site oficial é o **[picoclaw.io](https://picoclaw.io)**, e o site da empresa é o **[sipeed.com](https://sipeed.com)**
-> * **Aviso:** Muitos domínios `.ai/.org/.com/.net/...` foram registrados por terceiros.
-> * **Aviso:** O PicoClaw está em fase inicial de desenvolvimento e pode ter problemas de segurança de rede não resolvidos. Não implante em ambientes de produção antes da versão v1.0.
-> * **Nota:** O PicoClaw recentemente fez merge de muitos PRs, o que pode resultar em maior consumo de memória (10–20MB) nas versões mais recentes. Planejamos priorizar a otimização de recursos assim que o conjunto de funcionalidades estiver estável.
+> * **SEM CRIPTO:** O PicoClaw **não** emitiu nenhum token oficial ou criptomoeda. Todas as alegações no `pump.fun` ou outras plataformas de negociação são **golpes**.
+> * **DOMÍNIO OFICIAL:** O **ÚNICO** site oficial é **[picoclaw.io](https://picoclaw.io)**, e o site da empresa é **[sipeed.com](https://sipeed.com)**
+> * **ATENÇÃO:** Muitos domínios `.ai/.org/.com/.net/...` foram registrados por terceiros. Não confie neles.
+> * **NOTA:** O PicoClaw está em desenvolvimento rápido inicial. Podem existir problemas de segurança não resolvidos. Não implante em produção antes da v1.0.
+> * **NOTA:** O PicoClaw mesclou muitos PRs recentemente. Builds recentes podem usar 10-20MB de RAM. A otimização de recursos está planejada após a estabilização de funcionalidades.
## 📢 Novidades
-2026-03-17 🚀 **v0.2.3 Lançado!** Interface de bandeja do sistema (Windows & Linux), rastreamento de status de sub-agentes (`spawn_status`), hot-reload experimental do gateway, portões de segurança para cron e 2 correções de segurança. PicoClaw agora com **25K ⭐**!
+2026-03-17 🚀 **v0.2.3 Lançada!** UI na bandeja do sistema (Windows e Linux), consulta de status de sub-agent (`spawn_status`), hot-reload experimental do Gateway, controle de segurança do Cron e 2 correções de segurança. O PicoClaw atingiu **25K Stars**!
-2026-03-09 🎉 **v0.2.1 — Maior atualização até agora!** Suporte ao protocolo MCP, 4 novos canais (Matrix/IRC/WeCom/Discord Proxy), 3 novos provedores (Kimi/Minimax/Avian), pipeline de visão, armazenamento de memória JSONL e roteamento de modelos.
+2026-03-09 🎉 **v0.2.1 — Maior atualização até agora!** Suporte ao protocolo MCP, 4 novos channels (Matrix/IRC/WeCom/Discord Proxy), 3 novos providers (Kimi/Minimax/Avian), pipeline de visão, armazenamento de memória JSONL, roteamento de modelos.
-2026-02-28 📦 **v0.2.0** lançado com suporte a Docker Compose e launcher Web UI.
+2026-02-28 📦 **v0.2.0** lançada com suporte a Docker Compose e Web UI Launcher.
-2026-02-26 🎉 PicoClaw atingiu **20K stars** em apenas 17 dias! Orquestração automática de canais e interfaces de capacidade implementadas.
+2026-02-26 🎉 O PicoClaw atinge **20K Stars** em apenas 17 dias! Orquestração automática de channels e interfaces de capacidade estão disponíveis.
-Novidades anteriores...
+Notícias anteriores...
-2026-02-16 🎉 PicoClaw atingiu 12K stars em uma semana! Papéis de maintainers da comunidade e [roadmap](ROADMAP.md) publicados oficialmente.
+2026-02-16 🎉 O PicoClaw ultrapassa 12K Stars em uma semana! Funções de mantenedor da comunidade e [Roadmap](ROADMAP.md) lançados oficialmente.
-2026-02-13 🎉 PicoClaw atingiu 5000 stars em 4 dias! Roadmap do Projeto e Grupo de Desenvolvedores em preparação.
+2026-02-13 🎉 O PicoClaw ultrapassa 5000 Stars em 4 dias! Roadmap do projeto e grupos de desenvolvedores em andamento.
-2026-02-09 🎉 **PicoClaw Lançado!** Construído em 1 dia para trazer Agentes de IA para hardware de $10 com <10MB de RAM. 🦐 PicoClaw, Partiu!
+2026-02-09 🎉 **PicoClaw Lançado!** Construído em 1 dia para levar AI Agents a hardware de $10 com menos de 10MB de RAM. Let's Go, PicoClaw!
## ✨ Funcionalidades
-🪶 **Ultra-Leve**: Consumo de memória <10MB — 99% menor que o OpenClaw para funcionalidades essenciais.*
+🪶 **Ultra-leve**: Footprint de memória do núcleo <10MB — 99% menor que o OpenClaw.*
-💰 **Custo Mínimo**: Eficiente o suficiente para rodar em hardware de $10 — 98% mais barato que um Mac mini.
+💰 **Custo mínimo**: Eficiente o suficiente para rodar em hardware de $10 — 98% mais barato que um Mac mini.
-⚡️ **Inicialização Relâmpago**: Tempo de inicialização 400X mais rápido, boot em <1 segundo mesmo em CPU single-core de 0.6GHz.
+⚡️ **Boot ultrarrápido**: Inicialização 400x mais rápida. Boot em menos de 1s mesmo em um processador single-core de 0,6GHz.
-🌍 **Portabilidade Real**: Um único binário auto-contido para RISC-V, ARM, MIPS e x86. Um clique e já era!
+🌍 **Verdadeiramente portátil**: Binário único para arquiteturas RISC-V, ARM, MIPS e x86. Um binário, roda em qualquer lugar!
-🤖 **Auto-Construído por IA**: Implementação nativa em Go de forma autônoma — 95% do núcleo gerado pelo Agente com refinamento humano no loop.
+🤖 **Bootstrapped por IA**: Implementação nativa pura em Go — 95% do código principal foi gerado por um Agent e refinado por revisão humana.
-🔌 **Suporte MCP**: Integração nativa com o [Model Context Protocol](https://modelcontextprotocol.io/) — conecte qualquer servidor MCP para estender as capacidades do agente.
+🔌 **Suporte a MCP**: Integração nativa com o [Model Context Protocol](https://modelcontextprotocol.io/) — conecte qualquer servidor MCP para estender as capacidades do Agent.
-👁️ **Pipeline de Visão**: Envie imagens e arquivos diretamente ao agente — codificação base64 automática para LLMs multimodais.
+👁️ **Pipeline de visão**: Envie imagens e arquivos diretamente ao Agent — codificação base64 automática para LLMs multimodais.
-🧠 **Roteamento Inteligente**: Roteamento de modelos baseado em regras — consultas simples vão para modelos leves, economizando custos de API.
+🧠 **Roteamento inteligente**: Roteamento de modelos baseado em regras — consultas simples vão para modelos leves, economizando custos de API.
-_*Versões recentes podem usar 10–20MB devido a merges rápidos de funcionalidades. Otimização de recursos está planejada. Comparação de inicialização baseada em benchmarks de single-core a 0.8GHz (veja tabela abaixo)._
+_*Builds recentes podem usar 10-20MB devido a merges rápidos de PRs. Otimização de recursos está planejada. Comparação de velocidade de boot baseada em benchmarks de single-core a 0,8GHz (veja tabela abaixo)._
-| | OpenClaw | NanoBot | **PicoClaw** |
-| ----------------------------- | ------------- | ------------------------ | ----------------------------------------- |
-| **Linguagem** | TypeScript | Python | **Go** |
-| **RAM** | >1GB | >100MB | **< 10MB*** |
-| **Inicialização**(CPU 0.8GHz) | >500s | >30s | **<1s** |
-| **Custo** | Mac Mini $599 | Maioria dos SBC Linux ~$50 | **Qualquer placa Linux****A partir de $10** |
+
+
+| | OpenClaw | NanoBot | **PicoClaw** |
+| ------------------------------ | ------------- | ------------------------ | -------------------------------------- |
+| **Linguagem** | TypeScript | Python | **Go** |
+| **RAM** | >1GB | >100MB | **< 10MB*** |
+| **Tempo de boot**(core 0,8GHz) | >500s | >30s | **<1s** |
+| **Custo** | Mac Mini $599 | Maioria das placas Linux ~$50 | **Qualquer placa Linux****a partir de $10** |
-> 📋 **[Lista de Compatibilidade de Hardware](docs/hardware-compatibility.md)** — Veja todas as placas testadas, de RISC-V de $5 a Raspberry Pi e telefones Android. Sua placa não está listada? Envie um PR!
+
+
+> **[Lista de Compatibilidade de Hardware](docs/pt-br/hardware-compatibility.md)** — Veja todas as placas testadas, de RISC-V de $5 ao Raspberry Pi e celulares Android. Sua placa não está listada? Envie um PR!
+
+
+
+
## 🦾 Demonstração
### 🛠️ Fluxos de Trabalho Padrão do Assistente
-
-
🧩 Engenharia Full-Stack
-
🗂️ Gerenciamento de Logs & Planejamento
-
🔎 Busca Web & Aprendizado
-
-
-
-
-
-
-
-
Desenvolver • Implantar • Escalar
-
Agendar • Automatizar • Memorizar
-
Descobrir • Analisar • Tendências
-
+
+
Modo Engenheiro Full-Stack
+
Registro e Planejamento
+
Busca na Web e Aprendizado
+
+
+
+
+
+
+
+
Desenvolver · Implantar · Escalar
+
Agendar · Automatizar · Lembrar
+
Descobrir · Insights · Tendências
+
-### 📱 Rode em celulares Android antigos
-
-Dê uma segunda vida ao seu celular de dez anos atrás! Transforme-o em um assistente de IA inteligente com o PicoClaw. Início rápido:
-
-1. **Instale o [Termux](https://github.com/termux/termux-app)** (Baixe em [GitHub Releases](https://github.com/termux/termux-app/releases), ou busque no F-Droid / Google Play).
-2. **Execute os comandos**
-
-```bash
-# Baixe a versão mais recente em https://github.com/sipeed/picoclaw/releases
-wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz
-tar xzf picoclaw_Linux_arm64.tar.gz
-pkg install proot
-termux-chroot ./picoclaw onboard # chroot fornece um layout padrão do sistema de arquivos Linux
-```
-
-Depois siga as instruções na seção "Início Rápido" para completar a configuração!
-
-
-
-### 🐜 Implantação Inovadora com Baixo Consumo
+### 🐜 Implantação Inovadora de Baixo Consumo
O PicoClaw pode ser implantado em praticamente qualquer dispositivo Linux!
-- $9.9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) versão E(Ethernet) ou W(WiFi6), para Assistente Doméstico Minimalista
-- $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), ou $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html) para Manutenção Automatizada de Servidores
-- $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) ou $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera) para Monitoramento Inteligente
+- $9,9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) edição E(Ethernet) ou W(WiFi6), para um assistente doméstico mínimo
+- $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), ou $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html), para operações automatizadas de servidor
+- $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) ou $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera), para vigilância inteligente
-🌟 Mais cenários de implantação aguardam você!
+🌟 Mais Casos de Implantação Aguardam!
## 📦 Instalação
-### Baixar de picoclaw.io (Recomendado)
+### Download pelo picoclaw.io (Recomendado)
-Visite **[picoclaw.io](https://picoclaw.io)** — o site oficial detecta automaticamente sua plataforma e oferece download com um clique. Sem necessidade de escolher manualmente a arquitetura.
+Acesse **[picoclaw.io](https://picoclaw.io)** — o site oficial detecta automaticamente sua plataforma e fornece download com um clique. Não é necessário selecionar a arquitetura manualmente.
-### Baixar binário pré-compilado
+### Download do binário pré-compilado
Alternativamente, baixe o binário para sua plataforma na página de [GitHub Releases](https://github.com/sipeed/picoclaw/releases).
@@ -178,80 +166,413 @@ git clone https://github.com/sipeed/picoclaw.git
cd picoclaw
make deps
-# Build, sem necessidade de instalar
+# Compilar o binário principal
make build
-# Build para múltiplas plataformas
+# Compilar o Web UI Launcher (necessário para o modo WebUI)
+make build-launcher
+
+# Compilar para múltiplas plataformas
make build-all
-# Build para Raspberry Pi Zero 2 W (32-bit: make build-linux-arm; 64-bit: make build-linux-arm64)
+# Compilar para Raspberry Pi Zero 2 W (32-bit: make build-linux-arm; 64-bit: make build-linux-arm64)
make build-pi-zero
-# Build e Instalar
+# Compilar e instalar
make install
```
-**Raspberry Pi Zero 2 W:** Use o binário correspondente ao seu SO: Raspberry Pi OS 32-bit → `make build-linux-arm`; 64-bit → `make build-linux-arm64`. Ou execute `make build-pi-zero` para compilar ambos.
+**Raspberry Pi Zero 2 W:** Use o binário que corresponde ao seu SO: Raspberry Pi OS 32-bit -> `make build-linux-arm`; 64-bit -> `make build-linux-arm64`. Ou execute `make build-pi-zero` para compilar ambos.
-## 📚 Documentação
+## 🚀 Guia de Início Rápido
-Para guias detalhados, consulte a documentação abaixo. Este README cobre apenas o início rápido.
+### 🌐 WebUI Launcher (Recomendado para Desktop)
-| Tópico | Descrição |
-|--------|-----------|
-| 🐳 [Docker & Início Rápido](docs/pt-br/docker.md) | Configuração Docker Compose, modos Launcher/Agent, configuração de Início Rápido |
-| 💬 [Apps de Chat](docs/pt-br/chat-apps.md) | Telegram, Discord, WhatsApp, Matrix, QQ, Slack, IRC, DingTalk, LINE, Feishu, WeCom e mais |
-| ⚙️ [Configuração](docs/pt-br/configuration.md) | Variáveis de ambiente, estrutura do workspace, fontes de skills, sandbox de segurança, heartbeat |
-| 🔌 [Provedores & Modelos](docs/pt-br/providers.md) | 20+ provedores LLM, roteamento de modelos, configuração model_list, arquitetura de provedores |
-| 🔄 [Spawn & Tarefas Assíncronas](docs/pt-br/spawn-tasks.md) | Tarefas rápidas, tarefas longas com spawn, orquestração assíncrona de sub-agentes |
-| 🐛 [Solução de Problemas](docs/pt-br/troubleshooting.md) | Problemas comuns e soluções |
-| 🔧 [Configuração de Ferramentas](docs/pt-br/tools_configuration.md) | Habilitar/desabilitar por ferramenta, políticas de execução |
-| 📋 [Compatibilidade de Hardware](docs/hardware-compatibility.md) | Placas testadas, requisitos mínimos, como adicionar sua placa |
+O WebUI Launcher fornece uma interface baseada em navegador para configuração e chat. Esta é a maneira mais fácil de começar — sem necessidade de conhecimento de linha de comando.
-## Junte-se à Rede Social de Agentes
+**Opção 1: Duplo clique (Desktop)**
-Conecte o PicoClaw à Rede Social de Agentes simplesmente enviando uma única mensagem via CLI ou qualquer App de Chat integrado.
+Após baixar de [picoclaw.io](https://picoclaw.io), dê duplo clique em `picoclaw-launcher` (ou `picoclaw-launcher.exe` no Windows). Seu navegador abrirá automaticamente em `http://localhost:18800`.
+
+**Opção 2: Linha de comando**
+
+```bash
+picoclaw-launcher
+# Abra http://localhost:18800 no seu navegador
+```
+
+> [!TIP]
+> **Acesso remoto / Docker / VM:** Adicione a flag `-public` para escutar em todas as interfaces:
+> ```bash
+> picoclaw-launcher -public
+> ```
+
+
+
+
+
+**Primeiros passos:**
+
+Abra o WebUI e então: **1)** Configure um Provider (adicione sua API key de LLM) -> **2)** Configure um Channel (ex.: Telegram) -> **3)** Inicie o Gateway -> **4)** Converse!
+
+Para documentação detalhada do WebUI, veja [docs.picoclaw.io](https://docs.picoclaw.io).
+
+
+Docker (alternativa)
+
+```bash
+# 1. Clone este repositório
+git clone https://github.com/sipeed/picoclaw.git
+cd picoclaw
+
+# 2. Primeira execução — gera automaticamente docker/data/config.json e encerra
+# (só é acionado quando config.json e workspace/ estão ausentes)
+docker compose -f docker/docker-compose.yml --profile launcher up
+# O container imprime "First-run setup complete." e para.
+
+# 3. Configure suas API keys
+vim docker/data/config.json
+
+# 4. Iniciar
+docker compose -f docker/docker-compose.yml --profile launcher up -d
+# Abra http://localhost:18800
+```
+
+> **Usuários de Docker / VM:** O Gateway escuta em `127.0.0.1` por padrão. Defina `PICOCLAW_GATEWAY_HOST=0.0.0.0` ou use a flag `-public` para torná-lo acessível pelo host.
+
+```bash
+# Verificar logs
+docker compose -f docker/docker-compose.yml logs -f
+
+# Parar
+docker compose -f docker/docker-compose.yml --profile launcher down
+
+# Atualizar
+docker compose -f docker/docker-compose.yml pull
+docker compose -f docker/docker-compose.yml --profile launcher up -d
+```
+
+
+
+### 💻 TUI Launcher (Recomendado para Headless / SSH)
+
+O TUI (Terminal UI) Launcher fornece uma interface de terminal completa para configuração e gerenciamento. Ideal para servidores, Raspberry Pi e outros ambientes headless.
+
+```bash
+picoclaw-launcher-tui
+```
+
+
+
+
+
+**Primeiros passos:**
+
+Use os menus do TUI para: **1)** Configurar um Provider -> **2)** Configurar um Channel -> **3)** Iniciar o Gateway -> **4)** Conversar!
+
+Para documentação detalhada do TUI, veja [docs.picoclaw.io](https://docs.picoclaw.io).
+
+### 📱 Android
+
+Dê uma segunda vida ao seu celular de uma década! Transforme-o em um Assistente de IA inteligente com o PicoClaw.
+
+**Opção 1: Termux (disponível agora)**
+
+1. Instale o [Termux](https://github.com/termux/termux-app) (baixe nas [GitHub Releases](https://github.com/termux/termux-app/releases), ou pesquise no F-Droid / Google Play)
+2. Execute os seguintes comandos:
+
+```bash
+# Baixar a versão mais recente
+wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz
+tar xzf picoclaw_Linux_arm64.tar.gz
+pkg install proot
+termux-chroot ./picoclaw onboard # chroot fornece um layout padrão de sistema de arquivos Linux
+```
+
+Em seguida, siga a seção Terminal Launcher abaixo para concluir a configuração.
+
+
+
+**Opção 2: Instalação via APK (em breve)**
+
+Um APK Android independente com WebUI integrado está em desenvolvimento. Fique ligado!
+
+
+Terminal Launcher (para ambientes com recursos limitados)
+
+Para ambientes mínimos onde apenas o binário principal `picoclaw` está disponível (sem Launcher UI), você pode configurar tudo via linha de comando e um arquivo de configuração JSON.
+
+**1. Inicializar**
+
+```bash
+picoclaw onboard
+```
+
+Isso cria `~/.picoclaw/config.json` e o diretório workspace.
+
+**2. Configurar** (`~/.picoclaw/config.json`)
+
+```json
+{
+ "agents": {
+ "defaults": {
+ "model_name": "gpt-5.4"
+ }
+ },
+ "model_list": [
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_key": "sk-your-api-key"
+ }
+ ]
+}
+```
+
+> Veja `config/config.example.json` no repositório para um template de configuração completo com todas as opções disponíveis.
+
+**3. Conversar**
+
+```bash
+# Pergunta única
+picoclaw agent -m "What is 2+2?"
+
+# Modo interativo
+picoclaw agent
+
+# Iniciar gateway para integração com app de chat
+picoclaw gateway
+```
+
+
+
+## 🔌 Providers (LLM)
+
+O PicoClaw suporta mais de 30 providers de LLM através da configuração `model_list`. Use o formato `protocolo/modelo`:
+
+| Provider | Protocolo | API Key | Notas |
+|----------|-----------|---------|-------|
+| [OpenAI](https://platform.openai.com/api-keys) | `openai/` | Obrigatória | GPT-5.4, GPT-4o, o3, etc. |
+| [Anthropic](https://console.anthropic.com/settings/keys) | `anthropic/` | Obrigatória | Claude Opus 4.6, Sonnet 4.6, etc. |
+| [Google Gemini](https://aistudio.google.com/apikey) | `gemini/` | Obrigatória | Gemini 3 Flash, 2.5 Pro, etc. |
+| [OpenRouter](https://openrouter.ai/keys) | `openrouter/` | Obrigatória | 200+ modelos, API unificada |
+| [Zhipu (GLM)](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | `zhipu/` | Obrigatória | GLM-4.7, GLM-5, etc. |
+| [DeepSeek](https://platform.deepseek.com/api_keys) | `deepseek/` | Obrigatória | DeepSeek-V3, DeepSeek-R1 |
+| [Volcengine](https://console.volcengine.com) | `volcengine/` | Obrigatória | Modelos Doubao, Ark |
+| [Qwen](https://dashscope.console.aliyun.com/apiKey) | `qwen/` | Obrigatória | Qwen3, Qwen-Max, etc. |
+| [Groq](https://console.groq.com/keys) | `groq/` | Obrigatória | Inferência rápida (Llama, Mixtral) |
+| [Moonshot (Kimi)](https://platform.moonshot.cn/console/api-keys) | `moonshot/` | Obrigatória | Modelos Kimi |
+| [Minimax](https://platform.minimaxi.com/user-center/basic-information/interface-key) | `minimax/` | Obrigatória | Modelos MiniMax |
+| [Mistral](https://console.mistral.ai/api-keys) | `mistral/` | Obrigatória | Mistral Large, Codestral |
+| [NVIDIA NIM](https://build.nvidia.com/) | `nvidia/` | Obrigatória | Modelos hospedados pela NVIDIA |
+| [Cerebras](https://cloud.cerebras.ai/) | `cerebras/` | Obrigatória | Inferência rápida |
+| [Novita AI](https://novita.ai/) | `novita/` | Obrigatória | Vários modelos abertos |
+| [Ollama](https://ollama.com/) | `ollama/` | Não necessária | Modelos locais, self-hosted |
+| [vLLM](https://docs.vllm.ai/) | `vllm/` | Não necessária | Implantação local, compatível com OpenAI |
+| [LiteLLM](https://docs.litellm.ai/) | `litellm/` | Varia | Proxy para 100+ providers |
+| [Azure OpenAI](https://portal.azure.com/) | `azure/` | Obrigatória | Implantação Azure Enterprise |
+| [GitHub Copilot](https://github.com/features/copilot) | `github-copilot/` | OAuth | Login por código de dispositivo |
+| [Antigravity](https://console.cloud.google.com/) | `antigravity/` | OAuth | Google Cloud AI |
+
+
+Implantação local (Ollama, vLLM, etc.)
+
+**Ollama:**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "local-llama",
+ "model": "ollama/llama3.1:8b",
+ "api_base": "http://localhost:11434/v1"
+ }
+ ]
+}
+```
+
+**vLLM:**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "local-vllm",
+ "model": "vllm/your-model",
+ "api_base": "http://localhost:8000/v1"
+ }
+ ]
+}
+```
+
+Para detalhes completos de configuração de providers, veja [Providers & Models](docs/pt-br/providers.md).
+
+
+
+## 💬 Channels (Apps de Chat)
+
+Converse com seu PicoClaw por meio de mais de 17 plataformas de mensagens:
+
+| Channel | Configuração | Protocolo | Docs |
+|---------|--------------|-----------|------|
+| **Telegram** | Fácil (bot token) | Long polling | [Guia](docs/channels/telegram/README.pt-br.md) |
+| **Discord** | Fácil (bot token + intents) | WebSocket | [Guia](docs/channels/discord/README.pt-br.md) |
+| **WhatsApp** | Fácil (QR scan ou bridge URL) | Nativo / Bridge | [Guia](docs/pt-br/chat-apps.md#whatsapp) |
+| **Weixin** | Fácil (scan QR nativo) | iLink API | [Guia](docs/pt-br/chat-apps.md#weixin) |
+| **QQ** | Fácil (AppID + AppSecret) | WebSocket | [Guia](docs/channels/qq/README.pt-br.md) |
+| **Slack** | Fácil (bot + app token) | Socket Mode | [Guia](docs/channels/slack/README.pt-br.md) |
+| **Matrix** | Médio (homeserver + token) | Sync API | [Guia](docs/channels/matrix/README.pt-br.md) |
+| **DingTalk** | Médio (credenciais do cliente) | Stream | [Guia](docs/channels/dingtalk/README.pt-br.md) |
+| **Feishu / Lark** | Médio (App ID + Secret) | WebSocket/SDK | [Guia](docs/channels/feishu/README.pt-br.md) |
+| **LINE** | Médio (credenciais + webhook) | Webhook | [Guia](docs/channels/line/README.pt-br.md) |
+| **WeCom Bot** | Médio (webhook URL) | Webhook | [Guia](docs/channels/wecom/wecom_bot/README.pt-br.md) |
+| **WeCom App** | Médio (credenciais corporativas) | Webhook | [Guia](docs/channels/wecom/wecom_app/README.pt-br.md) |
+| **WeCom AI Bot** | Médio (token + chave AES) | WebSocket / Webhook | [Guia](docs/channels/wecom/wecom_aibot/README.pt-br.md) |
+| **IRC** | Médio (servidor + nick) | Protocolo IRC | [Guia](docs/pt-br/chat-apps.md#irc) |
+| **OneBot** | Médio (WebSocket URL) | OneBot v11 | [Guia](docs/channels/onebot/README.pt-br.md) |
+| **MaixCam** | Fácil (habilitar) | TCP socket | [Guia](docs/channels/maixcam/README.pt-br.md) |
+| **Pico** | Fácil (habilitar) | Protocolo nativo | Integrado |
+| **Pico Client** | Fácil (WebSocket URL) | WebSocket | Integrado |
+
+> Todos os channels baseados em webhook compartilham um único servidor HTTP do Gateway (`gateway.host`:`gateway.port`, padrão `127.0.0.1:18790`). O Feishu usa modo WebSocket/SDK e não utiliza o servidor HTTP compartilhado.
+
+Para instruções detalhadas de configuração de channels, veja [Configuração de Apps de Chat](docs/pt-br/chat-apps.md).
+
+## 🔧 Ferramentas
+
+### 🔍 Busca na Web
+
+O PicoClaw pode pesquisar na web para fornecer informações atualizadas. Configure em `tools.web`:
+
+| Motor de Busca | API Key | Nível Gratuito | Link |
+|----------------|---------|----------------|------|
+| DuckDuckGo | Não necessária | Ilimitado | Fallback integrado |
+| [Baidu Search](https://cloud.baidu.com/doc/qianfan-api/s/Wmbq4z7e5) | Obrigatória | 1000 consultas/dia | IA, otimizado para chinês |
+| [Tavily](https://tavily.com) | Obrigatória | 1000 consultas/mês | Otimizado para AI Agents |
+| [Brave Search](https://brave.com/search/api) | Obrigatória | 2000 consultas/mês | Rápido e privado |
+| [Perplexity](https://www.perplexity.ai) | Obrigatória | Pago | Busca com IA |
+| [SearXNG](https://github.com/searxng/searxng) | Não necessária | Self-hosted | Metabuscador gratuito |
+| [GLM Search](https://open.bigmodel.cn/) | Obrigatória | Varia | Busca web Zhipu |
+
+### ⚙️ Outras Ferramentas
+
+O PicoClaw inclui ferramentas integradas para operações de arquivo, execução de código, agendamento e mais. Veja [Configuração de Ferramentas](docs/pt-br/tools_configuration.md) para detalhes.
+
+## 🎯 Skills
+
+Skills são capacidades modulares que estendem seu Agent. Elas são carregadas a partir de arquivos `SKILL.md` no seu workspace.
+
+**Instalar skills do ClawHub:**
+
+```bash
+picoclaw skills search "web scraping"
+picoclaw skills install
+```
+
+**Configurar token do ClawHub** (opcional, para limites de taxa mais altos):
+
+Adicione ao seu `config.json`:
+```json
+{
+ "tools": {
+ "skills": {
+ "registries": {
+ "clawhub": {
+ "auth_token": "your-clawhub-token"
+ }
+ }
+ }
+ }
+}
+```
+
+Para mais detalhes, veja [Configuração de Ferramentas - Skills](docs/pt-br/tools_configuration.md#skills-tool).
+
+## 🔗 MCP (Model Context Protocol)
+
+O PicoClaw suporta nativamente o [MCP](https://modelcontextprotocol.io/) — conecte qualquer servidor MCP para estender as capacidades do seu Agent com ferramentas externas e fontes de dados.
+
+```json
+{
+ "tools": {
+ "mcp": {
+ "enabled": true,
+ "servers": {
+ "filesystem": {
+ "enabled": true,
+ "command": "npx",
+ "args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"]
+ }
+ }
+ }
+ }
+}
+```
+
+Para configuração completa de MCP (transportes stdio, SSE, HTTP, Tool Discovery), veja [Configuração de Ferramentas - MCP](docs/pt-br/tools_configuration.md#mcp-tool).
+
+## Junte-se à Rede Social de Agents
+
+Conecte o PicoClaw à Rede Social de Agents simplesmente enviando uma única mensagem via CLI ou qualquer App de Chat integrado.
**Leia `https://clawdchat.ai/skill.md` e siga as instruções para entrar no [ClawdChat.ai](https://clawdchat.ai)**
## 🖥️ Referência CLI
-| Comando | Descrição |
-| ------------------------- | ----------------------------- |
-| `picoclaw onboard` | Inicializar configuração & workspace |
-| `picoclaw agent -m "..."` | Conversar com o agente |
-| `picoclaw agent` | Modo de chat interativo |
-| `picoclaw gateway` | Iniciar o gateway |
-| `picoclaw status` | Mostrar status |
-| `picoclaw version` | Mostrar informações de versão |
-| `picoclaw cron list` | Listar todas as tarefas agendadas |
-| `picoclaw cron add ...` | Adicionar uma tarefa agendada |
-| `picoclaw cron disable` | Desabilitar uma tarefa agendada |
-| `picoclaw cron remove` | Remover uma tarefa agendada |
-| `picoclaw skills list` | Listar skills instaladas |
-| `picoclaw skills install` | Instalar uma skill |
-| `picoclaw migrate` | Migrar dados de versões anteriores |
-| `picoclaw auth login` | Autenticar com provedores |
-| `picoclaw model` | Ver ou trocar o modelo padrão |
+| Comando | Descrição |
+| ------------------------- | -------------------------------------- |
+| `picoclaw onboard` | Inicializar config e workspace |
+| `picoclaw onboard weixin` | Conectar conta WeChat via QR |
+| `picoclaw agent -m "..."` | Conversar com o agent |
+| `picoclaw agent` | Modo de chat interativo |
+| `picoclaw gateway` | Iniciar o gateway |
+| `picoclaw status` | Exibir status |
+| `picoclaw version` | Exibir informações de versão |
+| `picoclaw model` | Ver ou trocar o modelo padrão |
+| `picoclaw cron list` | Listar todos os jobs agendados |
+| `picoclaw cron add ...` | Adicionar um job agendado |
+| `picoclaw cron disable` | Desabilitar um job agendado |
+| `picoclaw cron remove` | Remover um job agendado |
+| `picoclaw skills list` | Listar skills instaladas |
+| `picoclaw skills install` | Instalar uma skill |
+| `picoclaw migrate` | Migrar dados de versões anteriores |
+| `picoclaw auth login` | Autenticar com providers |
-### Tarefas Agendadas / Lembretes
+### ⏰ Tarefas Agendadas / Lembretes
-O PicoClaw suporta lembretes agendados e tarefas recorrentes por meio da ferramenta `cron`:
+O PicoClaw suporta lembretes agendados e tarefas recorrentes através da ferramenta `cron`:
-* **Lembretes únicos**: "Me lembre em 10 minutos" → dispara uma vez após 10min
-* **Tarefas recorrentes**: "Me lembre a cada 2 horas" → dispara a cada 2 horas
-* **Expressões Cron**: "Me lembre às 9h todos os dias" → usa expressão cron
+* **Lembretes únicos**: "Lembre-me em 10 minutos" -> dispara uma vez após 10min
+* **Tarefas recorrentes**: "Lembre-me a cada 2 horas" -> dispara a cada 2 horas
+* **Expressões cron**: "Lembre-me às 9h diariamente" -> usa expressão cron
+
+## 📚 Documentação
+
+Para guias detalhados além deste README:
+
+| Tópico | Descrição |
+|--------|-----------|
+| [Docker & Início Rápido](docs/pt-br/docker.md) | Configuração do Docker Compose, modos Launcher/Agent |
+| [Apps de Chat](docs/pt-br/chat-apps.md) | Guias de configuração para todos os 17+ channels |
+| [Configuração](docs/pt-br/configuration.md) | Variáveis de ambiente, layout do workspace, sandbox de segurança |
+| [Providers & Models](docs/pt-br/providers.md) | 30+ providers de LLM, roteamento de modelos, configuração de model_list |
+| [Spawn & Tarefas Assíncronas](docs/pt-br/spawn-tasks.md) | Tarefas rápidas, tarefas longas com spawn, orquestração assíncrona de sub-agents |
+| [Hooks](docs/hooks/README.md) | Sistema de hooks orientado a eventos: observadores, interceptores, hooks de aprovação |
+| [Steering](docs/steering.md) | Injetar mensagens em um loop de agente em execução |
+| [SubTurn](docs/subturn.md) | Coordenação de subagentes, controle de concorrência, ciclo de vida |
+| [Solução de Problemas](docs/pt-br/troubleshooting.md) | Problemas comuns e soluções |
+| [Configuração de Ferramentas](docs/pt-br/tools_configuration.md) | Habilitar/desabilitar por ferramenta, políticas de exec, MCP, Skills |
+| [Compatibilidade de Hardware](docs/pt-br/hardware-compatibility.md) | Placas testadas, requisitos mínimos |
## 🤝 Contribuir & Roadmap
-PRs são bem-vindos! O código-fonte é intencionalmente pequeno e legível. 🤗
+PRs são bem-vindos! O código-fonte é intencionalmente pequeno e legível.
-Veja nosso [Roadmap da Comunidade](https://github.com/sipeed/picoclaw/blob/main/ROADMAP.md) completo.
+Veja nosso [Roadmap da Comunidade](https://github.com/sipeed/picoclaw/issues/988) e [CONTRIBUTING.md](CONTRIBUTING.md) para diretrizes.
-Grupo de desenvolvedores em formação. Junte-se após seu primeiro PR com merge!
+Grupo de desenvolvedores em formação, entre após seu primeiro PR mesclado!
-Grupos de usuários:
+Grupos de Usuários:
-discord:
+Discord:
-
+WeChat:
+
diff --git a/README.vi.md b/README.vi.md
index cd65ac526..b63fd4ef7 100644
--- a/README.vi.md
+++ b/README.vi.md
@@ -1,9 +1,9 @@
-
+
-
PicoClaw: Trợ lý AI Siêu Nhẹ viết bằng Go
+
PicoClaw: Trợ lý AI Siêu Nhẹ viết bằng Go
-
Phần cứng $10 · <10MB RAM · Khởi động <1 giây · Nào, xuất phát!
+
Phần cứng $10 · RAM 10MB · Khởi động ms · Let's Go, PicoClaw!
@@ -24,153 +24,141 @@
---
-> **PicoClaw** là dự án mã nguồn mở độc lập được khởi xướng bởi [Sipeed](https://sipeed.com). Được viết hoàn toàn bằng **Go** — không phải là bản fork của OpenClaw, NanoBot hay bất kỳ dự án nào khác.
+> **PicoClaw** là một dự án mã nguồn mở độc lập do [Sipeed](https://sipeed.com) khởi xướng, được viết hoàn toàn bằng **Go** từ đầu — không phải fork của OpenClaw, NanoBot hay bất kỳ dự án nào khác.
-🦐 PicoClaw là trợ lý AI cá nhân siêu nhẹ, lấy cảm hứng từ [NanoBot](https://github.com/HKUDS/nanobot), được viết lại hoàn toàn bằng Go thông qua quá trình "tự khởi tạo" (self-bootstrapping) — nơi chính AI Agent đã tự dẫn dắt toàn bộ quá trình chuyển đổi kiến trúc và tối ưu hóa mã nguồn.
+**PicoClaw** là trợ lý AI cá nhân siêu nhẹ lấy cảm hứng từ [NanoBot](https://github.com/HKUDS/nanobot). Nó được xây dựng lại từ đầu bằng **Go** thông qua quá trình "tự khởi động" — chính AI Agent đã dẫn dắt quá trình di chuyển kiến trúc và tối ưu hóa mã nguồn.
-⚡️ Chạy trên phần cứng chỉ $10 với RAM <10MB: Tiết kiệm 99% bộ nhớ so với OpenClaw và rẻ hơn 98% so với Mac mini!
+**Chạy trên phần cứng $10 với <10MB RAM** — ít hơn 99% bộ nhớ so với OpenClaw và rẻ hơn 98% so với Mac mini!
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
> [!CAUTION]
-> **🚨 TUYÊN BỐ BẢO MẬT & KÊNH CHÍNH THỨC**
+> **Thông báo Bảo mật**
>
-> * **KHÔNG CÓ CRYPTO:** PicoClaw **KHÔNG** có bất kỳ token/coin chính thức nào. Mọi thông tin trên `pump.fun` hoặc các sàn giao dịch khác đều là **LỪA ĐẢO**.
->
-> * **DOMAIN CHÍNH THỨC:** Website chính thức **DUY NHẤT** là **[picoclaw.io](https://picoclaw.io)**, website công ty là **[sipeed.com](https://sipeed.com)**
-> * **Cảnh báo:** Nhiều tên miền `.ai/.org/.com/.net/...` đã bị bên thứ ba đăng ký.
-> * **Cảnh báo:** PicoClaw đang trong giai đoạn phát triển sớm và có thể còn các vấn đề bảo mật mạng chưa được giải quyết. Không nên triển khai lên môi trường production trước phiên bản v1.0.
-> * **Lưu ý:** PicoClaw gần đây đã merge nhiều PR, dẫn đến bộ nhớ sử dụng có thể lớn hơn (10–20MB) ở các phiên bản mới nhất. Chúng tôi sẽ ưu tiên tối ưu tài nguyên khi bộ tính năng đã ổn định.
+> * **KHÔNG CÓ CRYPTO:** PicoClaw **chưa** phát hành bất kỳ token hay tiền điện tử chính thức nào. Mọi thông tin trên `pump.fun` hoặc các nền tảng giao dịch khác đều là **lừa đảo**.
+> * **DOMAIN CHÍNH THỨC:** Website chính thức **DUY NHẤT** là **[picoclaw.io](https://picoclaw.io)**, và website công ty là **[sipeed.com](https://sipeed.com)**
+> * **CẢNH BÁO:** Nhiều domain `.ai/.org/.com/.net/...` đã bị bên thứ ba đăng ký. Đừng tin tưởng chúng.
+> * **LƯU Ý:** PicoClaw đang trong giai đoạn phát triển nhanh. Có thể còn các vấn đề bảo mật chưa được giải quyết. Không triển khai lên môi trường production trước v1.0.
+> * **LƯU Ý:** PicoClaw gần đây đã merge nhiều PR. Các bản build gần đây có thể dùng 10-20MB RAM. Tối ưu hóa tài nguyên được lên kế hoạch sau khi tính năng ổn định.
## 📢 Tin tức
-2026-03-17 🚀 **v0.2.3 Phát hành!** Giao diện khay hệ thống (Windows & Linux), theo dõi trạng thái sub-agent (`spawn_status`), hot-reload gateway thử nghiệm, cổng bảo mật cron và 2 bản vá bảo mật. PicoClaw đạt **25K ⭐**!
+2026-03-17 🚀 **v0.2.3 đã phát hành!** Giao diện system tray (Windows & Linux), truy vấn trạng thái sub-agent (`spawn_status`), thử nghiệm Gateway hot-reload, bảo mật Cron, và 2 bản vá bảo mật. PicoClaw đã đạt **25K Stars**!
-2026-03-09 🎉 **v0.2.1 — Bản cập nhật lớn nhất!** Hỗ trợ giao thức MCP, 4 kênh mới (Matrix/IRC/WeCom/Discord Proxy), 3 nhà cung cấp mới (Kimi/Minimax/Avian), pipeline xử lý hình ảnh, bộ nhớ JSONL và định tuyến mô hình.
+2026-03-09 🎉 **v0.2.1 — Bản cập nhật lớn nhất từ trước đến nay!** Hỗ trợ giao thức MCP, 4 Channel mới (Matrix/IRC/WeCom/Discord Proxy), 3 Provider mới (Kimi/Minimax/Avian), pipeline thị giác, bộ nhớ JSONL, định tuyến mô hình.
-2026-02-28 📦 **v0.2.0** phát hành với hỗ trợ Docker Compose và launcher Web UI.
+2026-02-28 📦 **v0.2.0** phát hành với hỗ trợ Docker Compose và Web UI Launcher.
-2026-02-26 🎉 PicoClaw đạt **20K stars** chỉ trong 17 ngày! Tự động điều phối kênh và giao diện năng lực đã được triển khai.
+2026-02-26 🎉 PicoClaw đạt **20K Stars** chỉ trong 17 ngày! Tự động điều phối Channel và giao diện khả năng đã hoạt động.
-Tin tức cũ hơn...
+Tin tức trước đó...
-2026-02-16 🎉 PicoClaw đạt 12K stars chỉ trong một tuần! Vai trò maintainer cộng đồng và [roadmap](ROADMAP.md) đã được công bố chính thức.
+2026-02-16 🎉 PicoClaw vượt 12K Stars trong một tuần! Vai trò người duy trì cộng đồng và [Lộ trình](ROADMAP.md) chính thức ra mắt.
-2026-02-13 🎉 PicoClaw đạt 5000 stars trong 4 ngày! Lộ trình dự án và Nhóm phát triển đang được thiết lập.
+2026-02-13 🎉 PicoClaw vượt 5000 Stars trong 4 ngày! Lộ trình dự án và nhóm nhà phát triển đang được xây dựng.
-2026-02-09 🎉 **PicoClaw chính thức ra mắt!** Được xây dựng trong 1 ngày để mang AI Agent đến phần cứng $10 với RAM <10MB. 🦐 PicoClaw, Lên Đường!
+2026-02-09 🎉 **PicoClaw ra mắt!** Được xây dựng trong 1 ngày để đưa AI Agent lên phần cứng $10 với <10MB RAM. Let's Go, PicoClaw!
-## ✨ Tính năng nổi bật
+## ✨ Tính năng
-🪶 **Siêu nhẹ**: Bộ nhớ sử dụng <10MB — nhỏ hơn 99% so với OpenClaw (chức năng cốt lõi).*
+🪶 **Siêu nhẹ**: Bộ nhớ lõi <10MB — nhỏ hơn 99% so với OpenClaw.*
💰 **Chi phí tối thiểu**: Đủ hiệu quả để chạy trên phần cứng $10 — rẻ hơn 98% so với Mac mini.
-⚡️ **Khởi động siêu nhanh**: Nhanh gấp 400 lần, khởi động trong <1 giây ngay cả trên CPU đơn nhân 0.6GHz.
+⚡️ **Khởi động cực nhanh**: Khởi động nhanh hơn 400 lần. Khởi động trong <1 giây ngay cả trên bộ xử lý đơn nhân 0.6GHz.
-🌍 **Di động thực sự**: Một file binary duy nhất chạy trên RISC-V, ARM, MIPS và x86. Một click là chạy!
+🌍 **Thực sự di động**: Một binary duy nhất cho các kiến trúc RISC-V, ARM, MIPS và x86. Một binary, chạy mọi nơi!
-🤖 **AI tự xây dựng**: Triển khai Go-native tự động — 95% mã nguồn cốt lõi được Agent tạo ra, với sự tinh chỉnh của con người.
+🤖 **Được AI khởi động**: Triển khai Go thuần túy — 95% mã lõi được tạo bởi Agent và tinh chỉnh qua quy trình human-in-the-loop.
-🔌 **Hỗ trợ MCP**: Tích hợp [Model Context Protocol](https://modelcontextprotocol.io/) gốc — kết nối bất kỳ máy chủ MCP nào để mở rộng khả năng của agent.
+🔌 **Hỗ trợ MCP**: Tích hợp [Model Context Protocol](https://modelcontextprotocol.io/) gốc — kết nối bất kỳ MCP server nào để mở rộng khả năng Agent.
-👁️ **Pipeline Xử lý Hình ảnh**: Gửi hình ảnh và tệp trực tiếp cho agent — tự động mã hóa base64 cho các LLM đa phương thức.
+👁️ **Pipeline thị giác**: Gửi hình ảnh và tệp trực tiếp đến Agent — tự động mã hóa base64 cho LLM đa phương thức.
-🧠 **Định tuyến Thông minh**: Định tuyến mô hình dựa trên quy tắc — truy vấn đơn giản chuyển đến mô hình nhẹ, tiết kiệm chi phí API.
+🧠 **Định tuyến thông minh**: Định tuyến mô hình dựa trên quy tắc — các truy vấn đơn giản đến mô hình nhẹ, tiết kiệm chi phí API.
-_*Các phiên bản gần đây có thể sử dụng 10–20MB do merge tính năng nhanh chóng. Tối ưu tài nguyên đang được lên kế hoạch. So sánh thời gian khởi động dựa trên benchmark đơn nhân 0.8GHz (xem bảng bên dưới)._
+_*Các bản build gần đây có thể dùng 10-20MB do merge PR nhanh. Tối ưu hóa tài nguyên đang được lên kế hoạch. So sánh tốc độ khởi động dựa trên benchmark lõi đơn 0.8GHz (xem bảng bên dưới)._
-| | OpenClaw | NanoBot | **PicoClaw** |
-| ----------------------------- | ------------- | ------------------------ | ----------------------------------------- |
-| **Ngôn ngữ** | TypeScript | Python | **Go** |
-| **RAM** | >1GB | >100MB | **< 10MB*** |
-| **Thời gian khởi động**(CPU 0.8GHz) | >500s | >30s | **<1s** |
-| **Chi phí** | Mac Mini $599 | Hầu hết SBC Linux ~$50 | **Mọi bo mạch Linux****Chỉ từ $10** |
+
+
+| | OpenClaw | NanoBot | **PicoClaw** |
+| ------------------------------ | ------------- | ------------------------ | -------------------------------------- |
+| **Ngôn ngữ** | TypeScript | Python | **Go** |
+| **RAM** | >1GB | >100MB | **< 10MB*** |
+| **Thời gian khởi động**(lõi 0.8GHz) | >500s | >30s | **<1s** |
+| **Chi phí** | Mac Mini $599 | Hầu hết board Linux ~$50 | **Bất kỳ board Linux****từ $10** |
-> 📋 **[Danh Sách Tương Thích Phần Cứng](docs/hardware-compatibility.md)** — Xem tất cả các board đã được kiểm tra, từ RISC-V $5 đến Raspberry Pi và điện thoại Android. Board của bạn chưa có? Gửi PR!
+
-## 🦾 Demo
+> **[Danh sách Tương thích Phần cứng](docs/vi/hardware-compatibility.md)** — Xem tất cả các board đã được kiểm tra, từ RISC-V $5 đến Raspberry Pi đến điện thoại Android. Board của bạn chưa có trong danh sách? Gửi PR!
-### 🛠️ Quy trình trợ lý tiêu chuẩn
+
+
+
+
+## 🦾 Minh họa
+
+### 🛠️ Quy trình Trợ lý Tiêu chuẩn
-
-
🧩 Lập trình Full-Stack
-
🗂️ Quản lý Nhật ký & Kế hoạch
-
🔎 Tìm kiếm Web & Học hỏi
-
-
-
-
-
-
-
-
Phát triển • Triển khai • Mở rộng
-
Lên lịch • Tự động hóa • Ghi nhớ
-
Khám phá • Phân tích • Xu hướng
-
+
+
Chế độ Kỹ sư Full-Stack
+
Ghi nhật ký & Lập kế hoạch
+
Tìm kiếm Web & Học tập
+
+
+
+
+
+
+
+
Phát triển · Triển khai · Mở rộng
+
Lên lịch · Tự động hóa · Ghi nhớ
+
Khám phá · Thông tin · Xu hướng
+
-### 📱 Chạy trên điện thoại Android cũ
+### 🐜 Triển khai Sáng tạo với Dấu chân Nhỏ
-Hãy cho chiếc điện thoại cũ một cuộc sống mới! Biến nó thành trợ lý AI thông minh với PicoClaw. Bắt đầu nhanh:
+PicoClaw có thể được triển khai trên hầu hết mọi thiết bị Linux!
-1. **Cài đặt [Termux](https://github.com/termux/termux-app)** (Tải từ [GitHub Releases](https://github.com/termux/termux-app/releases), hoặc tìm trên F-Droid / Google Play).
-2. **Chạy các lệnh**
-
-```bash
-# Tải phiên bản mới nhất từ https://github.com/sipeed/picoclaw/releases
-wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz
-tar xzf picoclaw_Linux_arm64.tar.gz
-pkg install proot
-termux-chroot ./picoclaw onboard # chroot cung cấp bố cục hệ thống tệp Linux tiêu chuẩn
-```
-
-Sau đó làm theo hướng dẫn trong phần "Bắt đầu nhanh" để hoàn tất cấu hình!
-
-
-
-### 🐜 Triển khai sáng tạo trên phần cứng tối thiểu
-
-PicoClaw có thể triển khai trên hầu hết mọi thiết bị Linux!
-
-- $9.9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) phiên bản E(Ethernet) hoặc W(WiFi6), dùng làm Trợ lý Gia đình tối giản
-- $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), hoặc $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html) dùng cho quản trị Server tự động
-- $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) hoặc $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera) dùng cho Giám sát thông minh
+- $9.9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) phiên bản E(Ethernet) hoặc W(WiFi6), cho trợ lý gia đình tối giản
+- $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), hoặc $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html), cho vận hành máy chủ tự động
+- $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) hoặc $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera), cho giám sát thông minh
-🌟 Nhiều hình thức triển khai hơn đang chờ bạn khám phá!
+🌟 Còn nhiều trường hợp triển khai đang chờ đón!
## 📦 Cài đặt
-### Tải từ picoclaw.io (Khuyến nghị)
+### Tải xuống từ picoclaw.io (Khuyến nghị)
-Truy cập **[picoclaw.io](https://picoclaw.io)** — trang web chính thức tự động phát hiện nền tảng của bạn và cung cấp tải xuống một cú nhấp. Không cần chọn kiến trúc thủ công.
+Truy cập **[picoclaw.io](https://picoclaw.io)** — website chính thức tự động phát hiện nền tảng của bạn và cung cấp tải xuống một cú nhấp. Không cần chọn kiến trúc thủ công.
-### Tải binary đã biên dịch sẵn
+### Tải xuống binary đã biên dịch sẵn
-Hoặc tải binary cho nền tảng của bạn từ trang [GitHub Releases](https://github.com/sipeed/picoclaw/releases).
+Ngoài ra, tải binary cho nền tảng của bạn từ trang [GitHub Releases](https://github.com/sipeed/picoclaw/releases).
-### Biên dịch từ mã nguồn (cho phát triển)
+### Xây dựng từ mã nguồn (để phát triển)
```bash
git clone https://github.com/sipeed/picoclaw.git
@@ -178,80 +166,413 @@ git clone https://github.com/sipeed/picoclaw.git
cd picoclaw
make deps
-# Build (không cần cài đặt)
+# Build core binary
make build
-# Build cho nhiều nền tảng
+# Build Web UI Launcher (required for WebUI mode)
+make build-launcher
+
+# Build for multiple platforms
make build-all
-# Build cho Raspberry Pi Zero 2 W (32-bit: make build-linux-arm; 64-bit: make build-linux-arm64)
+# Build for Raspberry Pi Zero 2 W (32-bit: make build-linux-arm; 64-bit: make build-linux-arm64)
make build-pi-zero
-# Build và cài đặt
+# Build and install
make install
```
-**Raspberry Pi Zero 2 W:** Sử dụng binary phù hợp với hệ điều hành: Raspberry Pi OS 32-bit → `make build-linux-arm`; 64-bit → `make build-linux-arm64`. Hoặc chạy `make build-pi-zero` để build cả hai.
+**Raspberry Pi Zero 2 W:** Sử dụng binary phù hợp với hệ điều hành của bạn: Raspberry Pi OS 32-bit -> `make build-linux-arm`; 64-bit -> `make build-linux-arm64`. Hoặc chạy `make build-pi-zero` để xây dựng cả hai.
-## 📚 Tài liệu
+## 🚀 Hướng dẫn Khởi động Nhanh
-Để xem hướng dẫn chi tiết, tham khảo tài liệu bên dưới. README này chỉ bao gồm phần bắt đầu nhanh.
+### 🌐 WebUI Launcher (Khuyến nghị cho Desktop)
-| Chủ đề | Mô tả |
-|--------|-------|
-| 🐳 [Docker & Bắt đầu nhanh](docs/vi/docker.md) | Thiết lập Docker Compose, chế độ Launcher/Agent, cấu hình Bắt đầu nhanh |
-| 💬 [Ứng dụng Chat](docs/vi/chat-apps.md) | Telegram, Discord, WhatsApp, Matrix, QQ, Slack, IRC, DingTalk, LINE, Feishu, WeCom và nhiều hơn |
-| ⚙️ [Cấu hình](docs/vi/configuration.md) | Biến môi trường, cấu trúc workspace, nguồn skill, sandbox bảo mật, heartbeat |
-| 🔌 [Nhà cung cấp & Mô hình](docs/vi/providers.md) | 20+ nhà cung cấp LLM, định tuyến mô hình, cấu hình model_list, kiến trúc nhà cung cấp |
-| 🔄 [Spawn & Tác vụ bất đồng bộ](docs/vi/spawn-tasks.md) | Tác vụ nhanh, tác vụ dài với spawn, điều phối sub-agent bất đồng bộ |
-| 🐛 [Xử lý sự cố](docs/vi/troubleshooting.md) | Các vấn đề thường gặp và giải pháp |
-| 🔧 [Cấu hình Công cụ](docs/vi/tools_configuration.md) | Bật/tắt từng công cụ, chính sách thực thi |
-| 📋 [Tương Thích Phần Cứng](docs/hardware-compatibility.md) | Các board đã kiểm tra, yêu cầu tối thiểu, cách thêm board |
+WebUI Launcher cung cấp giao diện dựa trên trình duyệt để cấu hình và trò chuyện. Đây là cách dễ nhất để bắt đầu — không cần kiến thức dòng lệnh.
+
+**Tùy chọn 1: Nhấp đúp (Desktop)**
+
+Sau khi tải xuống từ [picoclaw.io](https://picoclaw.io), nhấp đúp vào `picoclaw-launcher` (hoặc `picoclaw-launcher.exe` trên Windows). Trình duyệt của bạn sẽ tự động mở tại `http://localhost:18800`.
+
+**Tùy chọn 2: Dòng lệnh**
+
+```bash
+picoclaw-launcher
+# Mở http://localhost:18800 trong trình duyệt của bạn
+```
+
+> [!TIP]
+> **Truy cập từ xa / Docker / VM:** Thêm cờ `-public` để lắng nghe trên tất cả giao diện:
+> ```bash
+> picoclaw-launcher -public
+> ```
+
+
+
+
+
+**Bắt đầu:**
+
+Mở WebUI, sau đó: **1)** Cấu hình Provider (thêm API key LLM của bạn) -> **2)** Cấu hình Channel (ví dụ: Telegram) -> **3)** Khởi động Gateway -> **4)** Trò chuyện!
+
+Để biết tài liệu WebUI chi tiết, xem [docs.picoclaw.io](https://docs.picoclaw.io).
+
+
+Docker (thay thế)
+
+```bash
+# 1. Clone this repo
+git clone https://github.com/sipeed/picoclaw.git
+cd picoclaw
+
+# 2. First run — auto-generates docker/data/config.json then exits
+# (only triggers when both config.json and workspace/ are missing)
+docker compose -f docker/docker-compose.yml --profile launcher up
+# The container prints "First-run setup complete." and stops.
+
+# 3. Set your API keys
+vim docker/data/config.json
+
+# 4. Start
+docker compose -f docker/docker-compose.yml --profile launcher up -d
+# Open http://localhost:18800
+```
+
+> **Người dùng Docker / VM:** Gateway lắng nghe trên `127.0.0.1` theo mặc định. Đặt `PICOCLAW_GATEWAY_HOST=0.0.0.0` hoặc dùng cờ `-public` để có thể truy cập từ host.
+
+```bash
+# Check logs
+docker compose -f docker/docker-compose.yml logs -f
+
+# Stop
+docker compose -f docker/docker-compose.yml --profile launcher down
+
+# Update
+docker compose -f docker/docker-compose.yml pull
+docker compose -f docker/docker-compose.yml --profile launcher up -d
+```
+
+
+
+### 💻 TUI Launcher (Khuyến nghị cho Headless / SSH)
+
+TUI (Terminal UI) Launcher cung cấp giao diện terminal đầy đủ tính năng để cấu hình và quản lý. Lý tưởng cho máy chủ, Raspberry Pi và các môi trường headless khác.
+
+```bash
+picoclaw-launcher-tui
+```
+
+
+
+
+
+**Bắt đầu:**
+
+Sử dụng menu TUI để: **1)** Cấu hình Provider -> **2)** Cấu hình Channel -> **3)** Khởi động Gateway -> **4)** Trò chuyện!
+
+Để biết tài liệu TUI chi tiết, xem [docs.picoclaw.io](https://docs.picoclaw.io).
+
+### 📱 Android
+
+Hãy cho chiếc điện thoại cũ của bạn một cuộc sống mới! Biến nó thành Trợ lý AI thông minh với PicoClaw.
+
+**Tùy chọn 1: Termux (có sẵn ngay)**
+
+1. Cài đặt [Termux](https://github.com/termux/termux-app) (tải từ [GitHub Releases](https://github.com/termux/termux-app/releases), hoặc tìm kiếm trong F-Droid / Google Play)
+2. Chạy các lệnh sau:
+
+```bash
+# Download the latest release
+wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz
+tar xzf picoclaw_Linux_arm64.tar.gz
+pkg install proot
+termux-chroot ./picoclaw onboard # chroot provides a standard Linux filesystem layout
+```
+
+Sau đó làm theo phần Terminal Launcher bên dưới để hoàn tất cấu hình.
+
+
+
+**Tùy chọn 2: Cài đặt APK (sắp ra mắt)**
+
+Một APK Android độc lập với WebUI tích hợp đang được phát triển. Hãy đón chờ!
+
+
+Terminal Launcher (cho môi trường hạn chế tài nguyên)
+
+Đối với các môi trường tối giản chỉ có binary lõi `picoclaw` (không có Launcher UI), bạn có thể cấu hình mọi thứ qua dòng lệnh và tệp cấu hình JSON.
+
+**1. Khởi tạo**
+
+```bash
+picoclaw onboard
+```
+
+Lệnh này tạo `~/.picoclaw/config.json` và thư mục workspace.
+
+**2. Cấu hình** (`~/.picoclaw/config.json`)
+
+```json
+{
+ "agents": {
+ "defaults": {
+ "model_name": "gpt-5.4"
+ }
+ },
+ "model_list": [
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_key": "sk-your-api-key"
+ }
+ ]
+}
+```
+
+> Xem `config/config.example.json` trong repo để có mẫu cấu hình đầy đủ với tất cả các tùy chọn có sẵn.
+
+**3. Trò chuyện**
+
+```bash
+# One-shot question
+picoclaw agent -m "What is 2+2?"
+
+# Interactive mode
+picoclaw agent
+
+# Start gateway for chat app integration
+picoclaw gateway
+```
+
+
+
+## 🔌 Providers (LLM)
+
+PicoClaw hỗ trợ 30+ Provider LLM thông qua cấu hình `model_list`. Sử dụng định dạng `protocol/model`:
+
+| Provider | Protocol | API Key | Ghi chú |
+|----------|----------|---------|---------|
+| [OpenAI](https://platform.openai.com/api-keys) | `openai/` | Bắt buộc | GPT-5.4, GPT-4o, o3, v.v. |
+| [Anthropic](https://console.anthropic.com/settings/keys) | `anthropic/` | Bắt buộc | Claude Opus 4.6, Sonnet 4.6, v.v. |
+| [Google Gemini](https://aistudio.google.com/apikey) | `gemini/` | Bắt buộc | Gemini 3 Flash, 2.5 Pro, v.v. |
+| [OpenRouter](https://openrouter.ai/keys) | `openrouter/` | Bắt buộc | 200+ mô hình, API thống nhất |
+| [Zhipu (GLM)](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | `zhipu/` | Bắt buộc | GLM-4.7, GLM-5, v.v. |
+| [DeepSeek](https://platform.deepseek.com/api_keys) | `deepseek/` | Bắt buộc | DeepSeek-V3, DeepSeek-R1 |
+| [Volcengine](https://console.volcengine.com) | `volcengine/` | Bắt buộc | Doubao, Ark models |
+| [Qwen](https://dashscope.console.aliyun.com/apiKey) | `qwen/` | Bắt buộc | Qwen3, Qwen-Max, v.v. |
+| [Groq](https://console.groq.com/keys) | `groq/` | Bắt buộc | Suy luận nhanh (Llama, Mixtral) |
+| [Moonshot (Kimi)](https://platform.moonshot.cn/console/api-keys) | `moonshot/` | Bắt buộc | Kimi models |
+| [Minimax](https://platform.minimaxi.com/user-center/basic-information/interface-key) | `minimax/` | Bắt buộc | MiniMax models |
+| [Mistral](https://console.mistral.ai/api-keys) | `mistral/` | Bắt buộc | Mistral Large, Codestral |
+| [NVIDIA NIM](https://build.nvidia.com/) | `nvidia/` | Bắt buộc | Mô hình do NVIDIA lưu trữ |
+| [Cerebras](https://cloud.cerebras.ai/) | `cerebras/` | Bắt buộc | Suy luận nhanh |
+| [Novita AI](https://novita.ai/) | `novita/` | Bắt buộc | Nhiều mô hình mở |
+| [Ollama](https://ollama.com/) | `ollama/` | Không cần | Mô hình cục bộ, tự lưu trữ |
+| [vLLM](https://docs.vllm.ai/) | `vllm/` | Không cần | Triển khai cục bộ, tương thích OpenAI |
+| [LiteLLM](https://docs.litellm.ai/) | `litellm/` | Tùy | Proxy cho 100+ provider |
+| [Azure OpenAI](https://portal.azure.com/) | `azure/` | Bắt buộc | Triển khai Azure doanh nghiệp |
+| [GitHub Copilot](https://github.com/features/copilot) | `github-copilot/` | OAuth | Đăng nhập bằng device code |
+| [Antigravity](https://console.cloud.google.com/) | `antigravity/` | OAuth | Google Cloud AI |
+
+
+Triển khai cục bộ (Ollama, vLLM, v.v.)
+
+**Ollama:**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "local-llama",
+ "model": "ollama/llama3.1:8b",
+ "api_base": "http://localhost:11434/v1"
+ }
+ ]
+}
+```
+
+**vLLM:**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "local-vllm",
+ "model": "vllm/your-model",
+ "api_base": "http://localhost:8000/v1"
+ }
+ ]
+}
+```
+
+Để biết chi tiết cấu hình provider đầy đủ, xem [Providers & Models](docs/vi/providers.md).
+
+
+
+## 💬 Channels (Ứng dụng Chat)
+
+Trò chuyện với PicoClaw của bạn qua 17+ nền tảng nhắn tin:
+
+| Channel | Thiết lập | Protocol | Tài liệu |
+|---------|-----------|----------|----------|
+| **Telegram** | Dễ (bot token) | Long polling | [Hướng dẫn](docs/channels/telegram/README.vi.md) |
+| **Discord** | Dễ (bot token + intents) | WebSocket | [Hướng dẫn](docs/channels/discord/README.vi.md) |
+| **WhatsApp** | Dễ (quét QR hoặc bridge URL) | Native / Bridge | [Hướng dẫn](docs/vi/chat-apps.md#whatsapp) |
+| **Weixin** | Dễ (quét QR gốc) | iLink API | [Hướng dẫn](docs/vi/chat-apps.md#weixin) |
+| **QQ** | Dễ (AppID + AppSecret) | WebSocket | [Hướng dẫn](docs/channels/qq/README.vi.md) |
+| **Slack** | Dễ (bot + app token) | Socket Mode | [Hướng dẫn](docs/channels/slack/README.vi.md) |
+| **Matrix** | Trung bình (homeserver + token) | Sync API | [Hướng dẫn](docs/channels/matrix/README.vi.md) |
+| **DingTalk** | Trung bình (client credentials) | Stream | [Hướng dẫn](docs/channels/dingtalk/README.vi.md) |
+| **Feishu / Lark** | Trung bình (App ID + Secret) | WebSocket/SDK | [Hướng dẫn](docs/channels/feishu/README.vi.md) |
+| **LINE** | Trung bình (credentials + webhook) | Webhook | [Hướng dẫn](docs/channels/line/README.vi.md) |
+| **WeCom Bot** | Trung bình (webhook URL) | Webhook | [Hướng dẫn](docs/channels/wecom/wecom_bot/README.vi.md) |
+| **WeCom App** | Trung bình (corp credentials) | Webhook | [Hướng dẫn](docs/channels/wecom/wecom_app/README.vi.md) |
+| **WeCom AI Bot** | Trung bình (token + AES key) | WebSocket / Webhook | [Hướng dẫn](docs/channels/wecom/wecom_aibot/README.vi.md) |
+| **IRC** | Trung bình (server + nick) | IRC protocol | [Hướng dẫn](docs/vi/chat-apps.md#irc) |
+| **OneBot** | Trung bình (WebSocket URL) | OneBot v11 | [Hướng dẫn](docs/channels/onebot/README.vi.md) |
+| **MaixCam** | Dễ (bật) | TCP socket | [Hướng dẫn](docs/channels/maixcam/README.vi.md) |
+| **Pico** | Dễ (bật) | Native protocol | Tích hợp sẵn |
+| **Pico Client** | Dễ (WebSocket URL) | WebSocket | Tích hợp sẵn |
+
+> Tất cả các Channel dựa trên webhook dùng chung một Gateway HTTP server (`gateway.host`:`gateway.port`, mặc định `127.0.0.1:18790`). Feishu sử dụng chế độ WebSocket/SDK và không dùng HTTP server chung.
+
+Để biết hướng dẫn thiết lập Channel chi tiết, xem [Cấu hình Ứng dụng Chat](docs/vi/chat-apps.md).
+
+## 🔧 Tools
+
+### 🔍 Tìm kiếm Web
+
+PicoClaw có thể tìm kiếm web để cung cấp thông tin cập nhật. Cấu hình trong `tools.web`:
+
+| Công cụ Tìm kiếm | API Key | Gói miễn phí | Liên kết |
+|------------------|---------|--------------|----------|
+| DuckDuckGo | Không cần | Không giới hạn | Dự phòng tích hợp sẵn |
+| [Baidu Search](https://cloud.baidu.com/doc/qianfan-api/s/Wmbq4z7e5) | Bắt buộc | 1000 truy vấn/ngày | AI, tối ưu cho tiếng Trung |
+| [Tavily](https://tavily.com) | Bắt buộc | 1000 truy vấn/tháng | Tối ưu cho AI Agent |
+| [Brave Search](https://brave.com/search/api) | Bắt buộc | 2000 truy vấn/tháng | Nhanh và riêng tư |
+| [Perplexity](https://www.perplexity.ai) | Bắt buộc | Trả phí | Tìm kiếm hỗ trợ AI |
+| [SearXNG](https://github.com/searxng/searxng) | Không cần | Tự lưu trữ | Metasearch engine miễn phí |
+| [GLM Search](https://open.bigmodel.cn/) | Bắt buộc | Tùy | Tìm kiếm web Zhipu |
+
+### ⚙️ Các Tools Khác
+
+PicoClaw bao gồm các tool tích hợp sẵn cho thao tác tệp, thực thi mã, lên lịch và nhiều hơn nữa. Xem [Cấu hình Tools](docs/vi/tools_configuration.md) để biết chi tiết.
+
+## 🎯 Skills
+
+Skills là các khả năng mô-đun mở rộng Agent của bạn. Chúng được tải từ các tệp `SKILL.md` trong workspace của bạn.
+
+**Cài đặt Skills từ ClawHub:**
+
+```bash
+picoclaw skills search "web scraping"
+picoclaw skills install
+```
+
+**Cấu hình token ClawHub** (tùy chọn, để có giới hạn tốc độ cao hơn):
+
+Thêm vào `config.json` của bạn:
+```json
+{
+ "tools": {
+ "skills": {
+ "registries": {
+ "clawhub": {
+ "auth_token": "your-clawhub-token"
+ }
+ }
+ }
+ }
+}
+```
+
+Để biết thêm chi tiết, xem [Cấu hình Tools - Skills](docs/vi/tools_configuration.md#skills-tool).
+
+## 🔗 MCP (Model Context Protocol)
+
+PicoClaw hỗ trợ [MCP](https://modelcontextprotocol.io/) gốc — kết nối bất kỳ MCP server nào để mở rộng khả năng Agent của bạn với các tool và nguồn dữ liệu bên ngoài.
+
+```json
+{
+ "tools": {
+ "mcp": {
+ "enabled": true,
+ "servers": {
+ "filesystem": {
+ "enabled": true,
+ "command": "npx",
+ "args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"]
+ }
+ }
+ }
+ }
+}
+```
+
+Để biết cấu hình MCP đầy đủ (stdio, SSE, HTTP transports, Tool Discovery), xem [Cấu hình Tools - MCP](docs/vi/tools_configuration.md#mcp-tool).
## Tham gia Mạng xã hội Agent
-Kết nối PicoClaw với Mạng xã hội Agent chỉ bằng cách gửi một tin nhắn qua CLI hoặc bất kỳ ứng dụng Chat nào đã tích hợp.
+Kết nối PicoClaw với Mạng xã hội Agent chỉ bằng cách gửi một tin nhắn duy nhất qua CLI hoặc bất kỳ Ứng dụng Chat nào đã tích hợp.
**Đọc `https://clawdchat.ai/skill.md` và làm theo hướng dẫn để tham gia [ClawdChat.ai](https://clawdchat.ai)**
## 🖥️ Tham chiếu CLI
-| Lệnh | Mô tả |
-| -------------------------- | ------------------------------ |
-| `picoclaw onboard` | Khởi tạo cấu hình & workspace |
-| `picoclaw agent -m "..."` | Trò chuyện với agent |
-| `picoclaw agent` | Chế độ chat tương tác |
-| `picoclaw gateway` | Khởi động gateway |
-| `picoclaw status` | Hiển thị trạng thái |
-| `picoclaw version` | Hiển thị thông tin phiên bản |
-| `picoclaw cron list` | Liệt kê tất cả tác vụ định kỳ |
-| `picoclaw cron add ...` | Thêm tác vụ định kỳ |
-| `picoclaw cron disable` | Tắt tác vụ định kỳ |
-| `picoclaw cron remove` | Xóa tác vụ định kỳ |
-| `picoclaw skills list` | Liệt kê các skill đã cài |
-| `picoclaw skills install` | Cài đặt một skill |
-| `picoclaw migrate` | Di chuyển dữ liệu từ phiên bản cũ |
-| `picoclaw auth login` | Xác thực với nhà cung cấp |
-| `picoclaw model` | Xem hoặc chuyển đổi model mặc định |
+| Lệnh | Mô tả |
+| ------------------------- | ---------------------------------------- |
+| `picoclaw onboard` | Khởi tạo cấu hình & workspace |
+| `picoclaw onboard weixin` | Kết nối tài khoản WeChat qua QR |
+| `picoclaw agent -m "..."` | Trò chuyện với agent |
+| `picoclaw agent` | Chế độ trò chuyện tương tác |
+| `picoclaw gateway` | Khởi động gateway |
+| `picoclaw status` | Hiển thị trạng thái |
+| `picoclaw version` | Hiển thị thông tin phiên bản |
+| `picoclaw model` | Xem hoặc chuyển đổi mô hình mặc định |
+| `picoclaw cron list` | Liệt kê tất cả công việc đã lên lịch |
+| `picoclaw cron add ...` | Thêm công việc đã lên lịch |
+| `picoclaw cron disable` | Vô hiệu hóa công việc đã lên lịch |
+| `picoclaw cron remove` | Xóa công việc đã lên lịch |
+| `picoclaw skills list` | Liệt kê các Skill đã cài đặt |
+| `picoclaw skills install` | Cài đặt một Skill |
+| `picoclaw migrate` | Di chuyển dữ liệu từ các phiên bản cũ |
+| `picoclaw auth login` | Xác thực với các provider |
-### Tác vụ định kỳ / Nhắc nhở
+### ⏰ Tác vụ Đã lên lịch / Nhắc nhở
-PicoClaw hỗ trợ nhắc nhở theo lịch và tác vụ lặp lại thông qua công cụ `cron`:
+PicoClaw hỗ trợ nhắc nhở đã lên lịch và tác vụ định kỳ thông qua tool `cron`:
-* **Nhắc nhở một lần**: "Nhắc tôi sau 10 phút" → kích hoạt một lần sau 10 phút
-* **Tác vụ lặp lại**: "Nhắc tôi mỗi 2 giờ" → kích hoạt mỗi 2 giờ
-* **Biểu thức Cron**: "Nhắc tôi lúc 9 giờ sáng mỗi ngày" → sử dụng biểu thức cron
+* **Nhắc nhở một lần**: "Nhắc tôi sau 10 phút" -> kích hoạt một lần sau 10 phút
+* **Tác vụ định kỳ**: "Nhắc tôi mỗi 2 giờ" -> kích hoạt mỗi 2 giờ
+* **Biểu thức Cron**: "Nhắc tôi lúc 9 giờ sáng hàng ngày" -> sử dụng biểu thức cron
+
+## 📚 Tài liệu
+
+Để biết các hướng dẫn chi tiết ngoài README này:
+
+| Chủ đề | Mô tả |
+|--------|-------|
+| [Docker & Khởi động Nhanh](docs/vi/docker.md) | Thiết lập Docker Compose, chế độ Launcher/Agent |
+| [Ứng dụng Chat](docs/vi/chat-apps.md) | Hướng dẫn thiết lập 17+ Channel |
+| [Cấu hình](docs/vi/configuration.md) | Biến môi trường, bố cục workspace, sandbox bảo mật |
+| [Providers & Models](docs/vi/providers.md) | 30+ Provider LLM, định tuyến mô hình, cấu hình model_list |
+| [Spawn & Tác vụ Bất đồng bộ](docs/vi/spawn-tasks.md) | Tác vụ nhanh, tác vụ dài với spawn, điều phối sub-agent bất đồng bộ |
+| [Hooks](docs/hooks/README.md) | Hệ thống hook hướng sự kiện: observer, interceptor, approval hook |
+| [Steering](docs/steering.md) | Chèn tin nhắn vào vòng lặp agent đang chạy |
+| [SubTurn](docs/subturn.md) | Điều phối subagent, kiểm soát đồng thời, vòng đời |
+| [Khắc phục sự cố](docs/vi/troubleshooting.md) | Các vấn đề thường gặp và giải pháp |
+| [Cấu hình Tools](docs/vi/tools_configuration.md) | Bật/tắt từng tool, chính sách exec, MCP, Skills |
+| [Tương thích Phần cứng](docs/vi/hardware-compatibility.md) | Các board đã kiểm tra, yêu cầu tối thiểu |
## 🤝 Đóng góp & Lộ trình
-Chào đón mọi PR! Mã nguồn được thiết kế nhỏ gọn và dễ đọc. 🤗
+PR luôn được chào đón! Codebase được thiết kế nhỏ gọn và dễ đọc.
-Xem [Lộ trình Cộng đồng](https://github.com/sipeed/picoclaw/blob/main/ROADMAP.md) đầy đủ.
+Xem [Lộ trình Cộng đồng](https://github.com/sipeed/picoclaw/issues/988) và [CONTRIBUTING.md](CONTRIBUTING.md) để biết hướng dẫn.
-Nhóm phát triển đang được xây dựng. Tham gia sau khi có PR đầu tiên được merge!
+Nhóm nhà phát triển đang được xây dựng, tham gia sau khi PR đầu tiên của bạn được merge!
-Nhóm người dùng:
+Nhóm Người dùng:
-discord:
+Discord:
-
+WeChat:
+
diff --git a/README.zh.md b/README.zh.md
index 1bc5d1a4b..de96e5164 100644
--- a/README.zh.md
+++ b/README.zh.md
@@ -3,7 +3,7 @@
+
+**开始使用:**
+
+通过 TUI 菜单:**1)** 配置 Provider -> **2)** 配置 Channel -> **3)** 启动 Gateway -> **4)** 开始聊天!
+
+详细 TUI 文档请参阅 [docs.picoclaw.io](https://docs.picoclaw.io)。
+
+### 📱 Android
+
+让你十年前的旧手机焕发新生!将它变成你的 AI 助手。
+
+**方式一:Termux(现已可用)**
+
+1. 安装 [Termux](https://github.com/termux/termux-app)(可从 [GitHub Releases](https://github.com/termux/termux-app/releases) 下载,或在 F-Droid / Google Play 中搜索)
+2. 执行以下命令:
+
+```bash
+# 从 Release 页面下载最新版本
+wget https://github.com/sipeed/picoclaw/releases/latest/download/picoclaw_Linux_arm64.tar.gz
+tar xzf picoclaw_Linux_arm64.tar.gz
+pkg install proot
+termux-chroot ./picoclaw onboard # chroot 提供标准 Linux 文件系统布局
+```
+
+然后跟随下面的"Terminal Launcher"章节继续配置。
+
+
+
+**方式二:APK 安装(即将推出)**
+
+内置 WebUI 的独立 Android APK 正在开发中,敬请期待!
+
+
+Terminal Launcher(适用于资源受限环境)
+
+对于只有 `picoclaw` 核心二进制文件的极简环境(无 Launcher UI),可通过命令行和 JSON 配置文件完成所有配置。
+
+**1. 初始化**
+
+```bash
+picoclaw onboard
+```
+
+此命令会创建 `~/.picoclaw/config.json` 和工作区目录。
+
+**2. 配置** (`~/.picoclaw/config.json`)
+
+```json
+{
+ "agents": {
+ "defaults": {
+ "model_name": "gpt-5.4"
+ }
+ },
+ "model_list": [
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_key": "sk-your-api-key"
+ }
+ ]
+}
+```
+
+> 完整配置模板请参阅仓库中的 `config/config.example.json`。
+
+**3. 开始聊天**
+
+```bash
+# 单次提问
+picoclaw agent -m "What is 2+2?"
+
+# 交互式对话模式
+picoclaw agent
+
+# 启动 Gateway 以接入聊天应用
+picoclaw gateway
+```
+
+
+
+## 🔌 Providers (LLM)
+
+PicoClaw 通过 `model_list` 配置支持 30+ LLM Provider,使用 `协议/模型` 格式:
+
+| Provider | 协议 | API Key | 备注 |
+|----------|------|---------|------|
+| [OpenAI](https://platform.openai.com/api-keys) | `openai/` | 必填 | GPT-5.4、GPT-4o、o3 等 |
+| [Anthropic](https://console.anthropic.com/settings/keys) | `anthropic/` | 必填 | Claude Opus 4.6、Sonnet 4.6 等 |
+| [Google Gemini](https://aistudio.google.com/apikey) | `gemini/` | 必填 | Gemini 3 Flash、2.5 Pro 等 |
+| [OpenRouter](https://openrouter.ai/keys) | `openrouter/` | 必填 | 200+ 模型,统一 API |
+| [智谱 (GLM)](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) | `zhipu/` | 必填 | GLM-4.7、GLM-5 等 |
+| [DeepSeek](https://platform.deepseek.com/api_keys) | `deepseek/` | 必填 | DeepSeek-V3、DeepSeek-R1 |
+| [火山引擎](https://console.volcengine.com) | `volcengine/` | 必填 | 豆包、Ark 系列模型 |
+| [Qwen](https://dashscope.console.aliyun.com/apiKey) | `qwen/` | 必填 | Qwen3、Qwen-Max 等 |
+| [Groq](https://console.groq.com/keys) | `groq/` | 必填 | 快速推理(Llama、Mixtral) |
+| [Moonshot (Kimi)](https://platform.moonshot.cn/console/api-keys) | `moonshot/` | 必填 | Kimi 系列模型 |
+| [Minimax](https://platform.minimaxi.com/user-center/basic-information/interface-key) | `minimax/` | 必填 | MiniMax 系列模型 |
+| [Mistral](https://console.mistral.ai/api-keys) | `mistral/` | 必填 | Mistral Large、Codestral |
+| [NVIDIA NIM](https://build.nvidia.com/) | `nvidia/` | 必填 | NVIDIA 托管模型 |
+| [Cerebras](https://cloud.cerebras.ai/) | `cerebras/` | 必填 | 快速推理 |
+| [Novita AI](https://novita.ai/) | `novita/` | 必填 | 多种开源模型 |
+| [Ollama](https://ollama.com/) | `ollama/` | 无需 | 本地模型,自托管 |
+| [vLLM](https://docs.vllm.ai/) | `vllm/` | 无需 | 本地部署,兼容 OpenAI |
+| [LiteLLM](https://docs.litellm.ai/) | `litellm/` | 视情况 | 100+ Provider 代理 |
+| [Azure OpenAI](https://portal.azure.com/) | `azure/` | 必填 | 企业级 Azure 部署 |
+| [GitHub Copilot](https://github.com/features/copilot) | `github-copilot/` | OAuth | 设备码登录 |
+| [Antigravity](https://console.cloud.google.com/) | `antigravity/` | OAuth | Google Cloud AI |
+
+
+本地部署(Ollama、vLLM 等)
+
+**Ollama:**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "local-llama",
+ "model": "ollama/llama3.1:8b",
+ "api_base": "http://localhost:11434/v1"
+ }
+ ]
+}
+```
+
+**vLLM:**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "local-vllm",
+ "model": "vllm/your-model",
+ "api_base": "http://localhost:8000/v1"
+ }
+ ]
+}
+```
+
+完整 Provider 配置详情请参阅 [Providers & Models](docs/zh/providers.md)。
+
+
+
+## 💬 Channels(聊天应用)
+
+通过 17+ 消息平台与你的 PicoClaw 对话:
+
+| Channel | 配置难度 | 协议 | 文档 |
+|---------|----------|------|------|
+| **Telegram** | 简单(bot token) | 长轮询 | [指南](docs/channels/telegram/README.zh.md) |
+| **Discord** | 简单(bot token + intents) | WebSocket | [指南](docs/channels/discord/README.zh.md) |
+| **WhatsApp** | 简单(扫码或 bridge URL) | 原生 / Bridge | [指南](docs/zh/chat-apps.md#whatsapp) |
+| **微信 (Weixin)** | 简单(扫码登录) | iLink API | [指南](docs/zh/chat-apps.md#weixin) |
+| **QQ** | 简单(AppID + AppSecret) | WebSocket | [指南](docs/channels/qq/README.zh.md) |
+| **Slack** | 简单(bot + app token) | Socket Mode | [指南](docs/channels/slack/README.zh.md) |
+| **Matrix** | 中等(homeserver + token) | Sync API | [指南](docs/channels/matrix/README.zh.md) |
+| **钉钉** | 中等(client credentials) | Stream | [指南](docs/channels/dingtalk/README.zh.md) |
+| **飞书 / Lark** | 中等(App ID + Secret) | WebSocket/SDK | [指南](docs/channels/feishu/README.zh.md) |
+| **LINE** | 中等(credentials + webhook) | Webhook | [指南](docs/channels/line/README.zh.md) |
+| **企业微信机器人** | 中等(webhook URL) | Webhook | [指南](docs/channels/wecom/wecom_bot/README.zh.md) |
+| **企业微信应用** | 中等(corp credentials) | Webhook | [指南](docs/channels/wecom/wecom_app/README.zh.md) |
+| **企业微信 AI 机器人** | 中等(token + AES key) | WebSocket / Webhook | [指南](docs/channels/wecom/wecom_aibot/README.zh.md) |
+| **IRC** | 中等(server + nick) | IRC 协议 | [指南](docs/zh/chat-apps.md#irc) |
+| **OneBot** | 中等(WebSocket URL) | OneBot v11 | [指南](docs/channels/onebot/README.zh.md) |
+| **MaixCam** | 简单(启用即可) | TCP socket | [指南](docs/channels/maixcam/README.zh.md) |
+| **Pico** | 简单(启用即可) | 原生协议 | 内置 |
+| **Pico Client** | 简单(WebSocket URL) | WebSocket | 内置 |
+
+> 所有基于 Webhook 的 Channel 共用同一个 Gateway HTTP 服务器(`gateway.host`:`gateway.port`,默认 `127.0.0.1:18790`)。飞书使用 WebSocket/SDK 模式,不使用共享 HTTP 服务器。
+
+详细 Channel 配置说明请参阅 [聊天应用配置](docs/zh/chat-apps.md)。
+
+## 🔧 Tools
+
+### 🔍 网络搜索
+
+PicoClaw 可以搜索网络以提供最新信息。在 `tools.web` 中配置:
+
+| 搜索引擎 | API Key | 免费额度 | 链接 |
+|---------|---------|---------|------|
+| [百度搜索](https://cloud.baidu.com/doc/qianfan-api/s/Wmbq4z7e5) | 必填 | 1000 次/天 | AI 搜索,国内首选 |
+| [Tavily](https://tavily.com) | 必填 | 1000 次/月 | 专为 AI Agent 优化 |
+| [GLM Search](https://open.bigmodel.cn/) | 必填 | 视情况 | 智谱网络搜索 |
+| DuckDuckGo | 无需 | 无限制 | 内置备用(国内访问困难) |
+| [Perplexity](https://www.perplexity.ai) | 必填 | 付费 | AI 驱动搜索(国内访问困难) |
+| [Brave Search](https://brave.com/search/api) | 必填 | 2000 次/月 | 快速且注重隐私(国内访问困难) |
+| [SearXNG](https://github.com/searxng/searxng) | 无需 | 自托管 | 免费元搜索引擎 |
+
+### ⚙️ 其他工具
+
+PicoClaw 内置文件操作、代码执行、定时任务等工具。详情请参阅 [工具配置](docs/zh/tools_configuration.md)。
+
+## 🎯 Skills
+
+Skills 是扩展 Agent 能力的模块化插件,从工作区的 `SKILL.md` 文件加载。
+
+**从 ClawHub 安装 Skills:**
+
+```bash
+picoclaw skills search "web scraping"
+picoclaw skills install
+```
+
+**配置 ClawHub token**(可选,用于提高速率限制):
+
+在 `config.json` 中添加:
+```json
+{
+ "tools": {
+ "skills": {
+ "registries": {
+ "clawhub": {
+ "auth_token": "your-clawhub-token"
+ }
+ }
+ }
+ }
+}
+```
+
+更多详情请参阅 [工具配置 - Skills](docs/zh/tools_configuration.md#skills-tool)。
+
+## 🔗 MCP (Model Context Protocol)
+
+PicoClaw 原生支持 [MCP](https://modelcontextprotocol.io/) — 连接任意 MCP 服务器,通过外部工具和数据源扩展 Agent 能力。
+
+```json
+{
+ "tools": {
+ "mcp": {
+ "enabled": true,
+ "servers": {
+ "filesystem": {
+ "enabled": true,
+ "command": "npx",
+ "args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"]
+ }
+ }
+ }
+ }
+}
+```
+
+完整 MCP 配置(stdio、SSE、HTTP 传输、Tool Discovery)请参阅 [工具配置 - MCP](docs/zh/tools_configuration.md#mcp-tool)。
## 加入 Agent 社交网络
@@ -218,23 +520,23 @@ make install
| 命令 | 说明 |
| ------------------------- | ---------------------- |
| `picoclaw onboard` | 初始化配置与工作区 |
-| `picoclaw onboard weixin` | 扫码连接微信个人号 |
+| `picoclaw onboard weixin` | 扫码连接微信个人号 |
| `picoclaw agent -m "..."` | 与 Agent 对话 |
| `picoclaw agent` | 交互式对话模式 |
| `picoclaw gateway` | 启动网关 |
| `picoclaw status` | 查看状态 |
| `picoclaw version` | 查看版本信息 |
+| `picoclaw model` | 查看或切换默认模型 |
| `picoclaw cron list` | 列出所有定时任务 |
| `picoclaw cron add ...` | 添加定时任务 |
| `picoclaw cron disable` | 禁用定时任务 |
| `picoclaw cron remove` | 删除定时任务 |
-| `picoclaw skills list` | 列出已安装技能 |
-| `picoclaw skills install` | 安装技能 |
+| `picoclaw skills list` | 列出已安装 Skills |
+| `picoclaw skills install` | 安装 Skill |
| `picoclaw migrate` | 从旧版本迁移数据 |
-| `picoclaw auth login` | 认证提供商 |
-| `picoclaw model` | 查看或切换默认模型 |
+| `picoclaw auth login` | 认证 Provider |
-### 定时任务 / 提醒
+### ⏰ 定时任务 / 提醒
PicoClaw 通过 `cron` 工具支持定时提醒和重复任务:
@@ -242,11 +544,29 @@ PicoClaw 通过 `cron` 工具支持定时提醒和重复任务:
* **重复任务**: "每2小时提醒我" → 每2小时触发
* **Cron 表达式**: "每天上午9点提醒我" → 使用 cron 表达式
+## 📚 文档
+
+详细指南请参阅以下文档,README 仅涵盖快速入门。
+
+| 主题 | 说明 |
+|------|------|
+| 🐳 [Docker 与快速开始](docs/zh/docker.md) | Docker Compose 配置、Launcher/Agent 模式、快速开始 |
+| 💬 [聊天应用配置](docs/zh/chat-apps.md) | 全部 17+ Channel 配置指南 |
+| ⚙️ [配置指南](docs/zh/configuration.md) | 环境变量、工作区布局、安全沙箱 |
+| 🔌 [提供商与模型配置](docs/zh/providers.md) | 30+ LLM Provider、模型路由、model_list 配置 |
+| 🔄 [异步任务与 Spawn](docs/zh/spawn-tasks.md) | 快速任务、长任务与 Spawn、异步子 Agent 编排 |
+| 🪝 [Hook 系统](docs/hooks/README.zh.md) | 事件驱动 Hook:观察者、拦截器、审批 Hook |
+| 🎯 [Steering](docs/steering.md) | 在工具调用间向运行中的 Agent 注入消息 |
+| 🔀 [SubTurn](docs/subturn.md) | 子 Agent 协调、并发控制、生命周期管理 |
+| 🐛 [疑难解答](docs/zh/troubleshooting.md) | 常见问题与解决方案 |
+| 🔧 [工具配置](docs/zh/tools_configuration.md) | 工具启用/禁用、执行策略、MCP、Skills |
+| 📋 [硬件兼容列表](docs/zh/hardware-compatibility.md) | 已测试板卡、最低要求 |
+
## 🤝 贡献与路线图
欢迎提交 PR!代码库刻意保持小巧和可读。🤗
-查看完整的 [社区路线图](https://github.com/sipeed/picoclaw/blob/main/ROADMAP.md)。
+查看完整的 [社区路线图](https://github.com/sipeed/picoclaw/issues/988) 和 [CONTRIBUTING.md](CONTRIBUTING.md)。
开发者群组正在组建中,入群门槛:至少合并过 1 个 PR。
@@ -254,4 +574,10 @@ PicoClaw 通过 `cron` 工具支持定时提醒和重复任务:
Discord:
-
+WeChat:
+
+
+
+
+
+
diff --git a/assets/hardware-banner.jpg b/assets/hardware-banner.jpg
new file mode 100644
index 000000000..f9a1190b1
Binary files /dev/null and b/assets/hardware-banner.jpg differ
diff --git a/assets/launcher-tui.jpg b/assets/launcher-tui.jpg
new file mode 100644
index 000000000..cf5e8ea4d
Binary files /dev/null and b/assets/launcher-tui.jpg differ
diff --git a/assets/launcher-webui.jpg b/assets/launcher-webui.jpg
new file mode 100644
index 000000000..9e7c699b2
Binary files /dev/null and b/assets/launcher-webui.jpg differ
diff --git a/cmd/picoclaw/internal/auth/helpers.go b/cmd/picoclaw/internal/auth/helpers.go
index 4bf132685..531cb76aa 100644
--- a/cmd/picoclaw/internal/auth/helpers.go
+++ b/cmd/picoclaw/internal/auth/helpers.go
@@ -56,9 +56,6 @@ func authLoginOpenAI(useDeviceCode bool) error {
appCfg, err := internal.LoadConfig()
if err == nil {
- // Update Providers (legacy format)
- appCfg.Providers.OpenAI.AuthMethod = "oauth"
-
// Update or add openai in ModelList
foundOpenAI := false
for i := range appCfg.ModelList {
@@ -71,7 +68,7 @@ func authLoginOpenAI(useDeviceCode bool) error {
// If no openai in ModelList, add it
if !foundOpenAI {
- appCfg.ModelList = append(appCfg.ModelList, config.ModelConfig{
+ appCfg.ModelList = append(appCfg.ModelList, &config.ModelConfig{
ModelName: "gpt-5.4",
Model: "openai/gpt-5.4",
AuthMethod: "oauth",
@@ -130,9 +127,6 @@ func authLoginGoogleAntigravity() error {
appCfg, err := internal.LoadConfig()
if err == nil {
- // Update Providers (legacy format, for backward compatibility)
- appCfg.Providers.Antigravity.AuthMethod = "oauth"
-
// Update or add antigravity in ModelList
foundAntigravity := false
for i := range appCfg.ModelList {
@@ -145,7 +139,7 @@ func authLoginGoogleAntigravity() error {
// If no antigravity in ModelList, add it
if !foundAntigravity {
- appCfg.ModelList = append(appCfg.ModelList, config.ModelConfig{
+ appCfg.ModelList = append(appCfg.ModelList, &config.ModelConfig{
ModelName: "gemini-flash",
Model: "antigravity/gemini-3-flash",
AuthMethod: "oauth",
@@ -210,8 +204,6 @@ func authLoginAnthropicSetupToken() error {
appCfg, err := internal.LoadConfig()
if err == nil {
- appCfg.Providers.Anthropic.AuthMethod = "oauth"
-
found := false
for i := range appCfg.ModelList {
if isAnthropicModel(appCfg.ModelList[i].Model) {
@@ -221,7 +213,7 @@ func authLoginAnthropicSetupToken() error {
}
}
if !found {
- appCfg.ModelList = append(appCfg.ModelList, config.ModelConfig{
+ appCfg.ModelList = append(appCfg.ModelList, &config.ModelConfig{
ModelName: defaultAnthropicModel,
Model: "anthropic/" + defaultAnthropicModel,
AuthMethod: "oauth",
@@ -287,7 +279,6 @@ func authLoginPasteToken(provider string) error {
if err == nil {
switch provider {
case "anthropic":
- appCfg.Providers.Anthropic.AuthMethod = "token"
// Update ModelList
found := false
for i := range appCfg.ModelList {
@@ -298,7 +289,7 @@ func authLoginPasteToken(provider string) error {
}
}
if !found {
- appCfg.ModelList = append(appCfg.ModelList, config.ModelConfig{
+ appCfg.ModelList = append(appCfg.ModelList, &config.ModelConfig{
ModelName: defaultAnthropicModel,
Model: "anthropic/" + defaultAnthropicModel,
AuthMethod: "token",
@@ -306,7 +297,6 @@ func authLoginPasteToken(provider string) error {
appCfg.Agents.Defaults.ModelName = defaultAnthropicModel
}
case "openai":
- appCfg.Providers.OpenAI.AuthMethod = "token"
// Update ModelList
found := false
for i := range appCfg.ModelList {
@@ -317,7 +307,7 @@ func authLoginPasteToken(provider string) error {
}
}
if !found {
- appCfg.ModelList = append(appCfg.ModelList, config.ModelConfig{
+ appCfg.ModelList = append(appCfg.ModelList, &config.ModelConfig{
ModelName: "gpt-5.4",
Model: "openai/gpt-5.4",
AuthMethod: "token",
@@ -365,15 +355,6 @@ func authLogoutCmd(provider string) error {
}
}
}
- // Clear AuthMethod in Providers (legacy)
- switch provider {
- case "openai":
- appCfg.Providers.OpenAI.AuthMethod = ""
- case "anthropic":
- appCfg.Providers.Anthropic.AuthMethod = ""
- case "google-antigravity", "antigravity":
- appCfg.Providers.Antigravity.AuthMethod = ""
- }
config.SaveConfig(internal.GetConfigPath(), appCfg)
}
@@ -392,10 +373,6 @@ func authLogoutCmd(provider string) error {
for i := range appCfg.ModelList {
appCfg.ModelList[i].AuthMethod = ""
}
- // Clear all AuthMethods in Providers (legacy)
- appCfg.Providers.OpenAI.AuthMethod = ""
- appCfg.Providers.Anthropic.AuthMethod = ""
- appCfg.Providers.Antigravity.AuthMethod = ""
config.SaveConfig(internal.GetConfigPath(), appCfg)
}
diff --git a/cmd/picoclaw/internal/helpers.go b/cmd/picoclaw/internal/helpers.go
index ae1d58c29..17de88ccb 100644
--- a/cmd/picoclaw/internal/helpers.go
+++ b/cmd/picoclaw/internal/helpers.go
@@ -4,11 +4,12 @@ import (
"os"
"path/filepath"
+ "github.com/sipeed/picoclaw/pkg"
"github.com/sipeed/picoclaw/pkg/config"
"github.com/sipeed/picoclaw/pkg/logger"
)
-const Logo = "🦞"
+const Logo = pkg.Logo
// GetPicoclawHome returns the picoclaw home directory.
// Priority: $PICOCLAW_HOME > ~/.picoclaw
@@ -17,7 +18,7 @@ func GetPicoclawHome() string {
return home
}
home, _ := os.UserHomeDir()
- return filepath.Join(home, ".picoclaw")
+ return filepath.Join(home, pkg.DefaultPicoClawHome)
}
func GetConfigPath() string {
@@ -32,7 +33,7 @@ func LoadConfig() (*config.Config, error) {
if err != nil {
return nil, err
}
- logger.SetLevelFromString(cfg.Agents.Defaults.LogLevel)
+ logger.SetLevelFromString(cfg.Gateway.LogLevel)
return cfg, nil
}
diff --git a/cmd/picoclaw/internal/helpers_test.go b/cmd/picoclaw/internal/helpers_test.go
index 583751781..953da8886 100644
--- a/cmd/picoclaw/internal/helpers_test.go
+++ b/cmd/picoclaw/internal/helpers_test.go
@@ -8,6 +8,8 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
+
+ "github.com/sipeed/picoclaw/pkg/config"
)
func TestGetConfigPath(t *testing.T) {
@@ -20,7 +22,7 @@ func TestGetConfigPath(t *testing.T) {
}
func TestGetConfigPath_WithPICOCLAW_HOME(t *testing.T) {
- t.Setenv("PICOCLAW_HOME", "/custom/picoclaw")
+ t.Setenv(config.EnvHome, "/custom/picoclaw")
t.Setenv("HOME", "/tmp/home")
got := GetConfigPath()
@@ -31,7 +33,7 @@ func TestGetConfigPath_WithPICOCLAW_HOME(t *testing.T) {
func TestGetConfigPath_WithPICOCLAW_CONFIG(t *testing.T) {
t.Setenv("PICOCLAW_CONFIG", "/custom/config.json")
- t.Setenv("PICOCLAW_HOME", "/custom/picoclaw")
+ t.Setenv(config.EnvHome, "/custom/picoclaw")
t.Setenv("HOME", "/tmp/home")
got := GetConfigPath()
diff --git a/cmd/picoclaw/internal/model/command.go b/cmd/picoclaw/internal/model/command.go
index cad106fd5..314259d0f 100644
--- a/cmd/picoclaw/internal/model/command.go
+++ b/cmd/picoclaw/internal/model/command.go
@@ -56,9 +56,6 @@ Note: 'local-model' is a special value for using a local VLLM server
func showCurrentModel(cfg *config.Config) {
defaultModel := cfg.Agents.Defaults.ModelName
- if defaultModel == "" {
- defaultModel = cfg.Agents.Defaults.Model
- }
if defaultModel == "" {
fmt.Println("No default model is currently set.")
@@ -78,16 +75,13 @@ func listAvailableModels(cfg *config.Config) {
}
defaultModel := cfg.Agents.Defaults.ModelName
- if defaultModel == "" {
- defaultModel = cfg.Agents.Defaults.Model
- }
for _, model := range cfg.ModelList {
marker := " "
if model.ModelName == defaultModel {
marker = "> "
}
- if model.APIKey == "" {
+ if model.APIKey() == "" {
continue
}
fmt.Printf("%s- %s (%s)\n", marker, model.ModelName, model.Model)
@@ -98,7 +92,7 @@ func setDefaultModel(configPath string, cfg *config.Config, modelName string) er
// Validate that the model exists in model_list
modelFound := false
for _, model := range cfg.ModelList {
- if model.APIKey != "" && model.ModelName == modelName {
+ if model.APIKey() != "" && model.ModelName == modelName {
modelFound = true
break
}
@@ -111,12 +105,8 @@ func setDefaultModel(configPath string, cfg *config.Config, modelName string) er
// Update the default model
// Clear old model field and set new model_name
oldModel := cfg.Agents.Defaults.ModelName
- if oldModel == "" {
- oldModel = cfg.Agents.Defaults.Model
- }
cfg.Agents.Defaults.ModelName = modelName
- cfg.Agents.Defaults.Model = "" // Clear deprecated field
// Save config back to file
if err := config.SaveConfig(configPath, cfg); err != nil {
diff --git a/cmd/picoclaw/internal/model/command_test.go b/cmd/picoclaw/internal/model/command_test.go
index 82943e4a6..6cbbf0b55 100644
--- a/cmd/picoclaw/internal/model/command_test.go
+++ b/cmd/picoclaw/internal/model/command_test.go
@@ -58,17 +58,24 @@ func TestNewModelCommand(t *testing.T) {
}
func TestShowCurrentModel_WithDefaultModel(t *testing.T) {
- cfg := &config.Config{
+ cfg := (&config.Config{
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
ModelName: "gpt-4",
},
},
- ModelList: []config.ModelConfig{
- {ModelName: "gpt-4", Model: "openai/gpt-4", APIKey: "test"},
- {ModelName: "claude-3", Model: "anthropic/claude-3", APIKey: "test"},
+ ModelList: []*config.ModelConfig{
+ {ModelName: "gpt-4", Model: "openai/gpt-4"},
+ {ModelName: "claude-3", Model: "anthropic/claude-3"},
},
- }
+ }).WithSecurity(&config.SecurityConfig{ModelList: map[string]config.ModelSecurityEntry{
+ "gpt-4": {
+ APIKeys: []string{"test"},
+ },
+ "claude-3": {
+ APIKeys: []string{"test"},
+ },
+ }})
output := captureStdout(func() {
showCurrentModel(cfg)
@@ -81,17 +88,20 @@ func TestShowCurrentModel_WithDefaultModel(t *testing.T) {
}
func TestShowCurrentModel_NoDefaultModel(t *testing.T) {
- cfg := &config.Config{
+ cfg := (&config.Config{
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
ModelName: "",
- Model: "",
},
},
- ModelList: []config.ModelConfig{
- {ModelName: "gpt-4", Model: "openai/gpt-4", APIKey: "test"},
+ ModelList: []*config.ModelConfig{
+ {ModelName: "gpt-4", Model: "openai/gpt-4"},
},
- }
+ }).WithSecurity(&config.SecurityConfig{ModelList: map[string]config.ModelSecurityEntry{
+ "gpt-4": {
+ APIKeys: []string{"test"},
+ },
+ }})
output := captureStdout(func() {
showCurrentModel(cfg)
@@ -101,26 +111,9 @@ func TestShowCurrentModel_NoDefaultModel(t *testing.T) {
assert.Contains(t, output, "Available models in your config:")
}
-func TestShowCurrentModel_BackwardCompatibility(t *testing.T) {
- cfg := &config.Config{
- Agents: config.AgentsConfig{
- Defaults: config.AgentDefaults{
- Model: "legacy-model",
- },
- },
- ModelList: []config.ModelConfig{},
- }
-
- output := captureStdout(func() {
- showCurrentModel(cfg)
- })
-
- assert.Contains(t, output, "Current default model: legacy-model")
-}
-
func TestListAvailableModels_Empty(t *testing.T) {
cfg := &config.Config{
- ModelList: []config.ModelConfig{},
+ ModelList: []*config.ModelConfig{},
}
output := captureStdout(func() {
@@ -131,18 +124,25 @@ func TestListAvailableModels_Empty(t *testing.T) {
}
func TestListAvailableModels_WithModels(t *testing.T) {
- cfg := &config.Config{
+ cfg := (&config.Config{
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
ModelName: "gpt-4",
},
},
- ModelList: []config.ModelConfig{
- {ModelName: "gpt-4", Model: "openai/gpt-4", APIKey: "test"},
- {ModelName: "claude-3", Model: "anthropic/claude-3", APIKey: "test"},
- {ModelName: "no-key-model", Model: "openai/test", APIKey: ""},
+ ModelList: []*config.ModelConfig{
+ {ModelName: "gpt-4", Model: "openai/gpt-4"},
+ {ModelName: "claude-3", Model: "anthropic/claude-3"},
+ {ModelName: "no-key-model", Model: "openai/test"},
},
- }
+ }).WithSecurity(&config.SecurityConfig{ModelList: map[string]config.ModelSecurityEntry{
+ "gpt-4": {
+ APIKeys: []string{"test"},
+ },
+ "claude-3": {
+ APIKeys: []string{"test"},
+ },
+ }})
output := captureStdout(func() {
listAvailableModels(cfg)
@@ -157,17 +157,24 @@ func TestListAvailableModels_WithModels(t *testing.T) {
func TestSetDefaultModel_ValidModel(t *testing.T) {
initTest(t)
- cfg := &config.Config{
+ cfg := (&config.Config{
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
ModelName: "old-model",
},
},
- ModelList: []config.ModelConfig{
- {ModelName: "new-model", Model: "openai/new-model", APIKey: "test"},
- {ModelName: "old-model", Model: "openai/old-model", APIKey: "test"},
+ ModelList: []*config.ModelConfig{
+ {ModelName: "new-model", Model: "openai/new-model"},
+ {ModelName: "old-model", Model: "openai/old-model"},
},
- }
+ }).WithSecurity(&config.SecurityConfig{ModelList: map[string]config.ModelSecurityEntry{
+ "new-model": {
+ APIKeys: []string{"test"},
+ },
+ "old-model": {
+ APIKeys: []string{"test"},
+ },
+ }})
output := captureStdout(func() {
err := setDefaultModel(configPath, cfg, "new-model")
@@ -180,44 +187,25 @@ func TestSetDefaultModel_ValidModel(t *testing.T) {
updatedCfg, err := config.LoadConfig(configPath)
require.NoError(t, err)
assert.Equal(t, "new-model", updatedCfg.Agents.Defaults.ModelName)
- assert.Empty(t, updatedCfg.Agents.Defaults.Model)
-}
-
-func TestSetDefaultModel_LegacyModelField(t *testing.T) {
- initTest(t)
-
- cfg := &config.Config{
- Agents: config.AgentsConfig{
- Defaults: config.AgentDefaults{
- Model: "legacy-old",
- },
- },
- ModelList: []config.ModelConfig{
- {ModelName: "new-model", Model: "openai/new-model", APIKey: "test"},
- },
- }
-
- output := captureStdout(func() {
- err := setDefaultModel(configPath, cfg, "new-model")
- assert.NoError(t, err)
- })
-
- assert.Contains(t, output, "Default model changed from 'legacy-old' to 'new-model'")
}
func TestSetDefaultModel_InvalidModel(t *testing.T) {
initTest(t)
- cfg := &config.Config{
+ cfg := (&config.Config{
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
ModelName: "existing-model",
},
},
- ModelList: []config.ModelConfig{
- {ModelName: "existing-model", Model: "openai/existing", APIKey: "test"},
+ ModelList: []*config.ModelConfig{
+ {ModelName: "existing-model", Model: "openai/existing"},
},
- }
+ }).WithSecurity(&config.SecurityConfig{ModelList: map[string]config.ModelSecurityEntry{
+ "existing-model": {
+ APIKeys: []string{"test"},
+ },
+ }})
assert.Error(t, setDefaultModel(configPath, cfg, "nonexistent-model"))
}
@@ -225,17 +213,24 @@ func TestSetDefaultModel_InvalidModel(t *testing.T) {
func TestSetDefaultModel_ModelWithoutAPIKey(t *testing.T) {
initTest(t)
- cfg := &config.Config{
+ cfg := (&config.Config{
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
ModelName: "existing-model",
},
},
- ModelList: []config.ModelConfig{
- {ModelName: "existing-model", Model: "openai/existing", APIKey: "test"},
- {ModelName: "no-key-model", Model: "openai/nokey", APIKey: ""},
+ ModelList: []*config.ModelConfig{
+ {ModelName: "existing-model", Model: "openai/existing"},
+ {ModelName: "no-key-model", Model: "openai/nokey"},
},
- }
+ }).WithSecurity(&config.SecurityConfig{ModelList: map[string]config.ModelSecurityEntry{
+ "existing-model": {
+ APIKeys: []string{"test"},
+ },
+ "no-key-model": {
+ APIKeys: []string{""},
+ },
+ }})
assert.Error(t, setDefaultModel(configPath, cfg, "no-key-model"))
}
@@ -244,16 +239,20 @@ func TestSetDefaultModel_SaveConfigError(t *testing.T) {
// Use an invalid path to trigger save error
invalidPath := "/nonexistent/directory/config.json"
- cfg := &config.Config{
+ cfg := (&config.Config{
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
ModelName: "old-model",
},
},
- ModelList: []config.ModelConfig{
- {ModelName: "new-model", Model: "openai/new-model", APIKey: "test"},
+ ModelList: []*config.ModelConfig{
+ {ModelName: "new-model", Model: "openai/new-model"},
},
- }
+ }).WithSecurity(&config.SecurityConfig{ModelList: map[string]config.ModelSecurityEntry{
+ "new-model": {
+ APIKeys: []string{"test"},
+ },
+ }})
err := setDefaultModel(invalidPath, cfg, "new-model")
@@ -285,16 +284,20 @@ func TestModelCommandExecution_Show(t *testing.T) {
initTest(t)
// Create a test config
- cfg := &config.Config{
+ cfg := (&config.Config{
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
ModelName: "test-model",
},
},
- ModelList: []config.ModelConfig{
- {ModelName: "test-model", Model: "openai/test", APIKey: "test"},
+ ModelList: []*config.ModelConfig{
+ {ModelName: "test-model", Model: "openai/test"},
},
- }
+ }).WithSecurity(&config.SecurityConfig{ModelList: map[string]config.ModelSecurityEntry{
+ "test-model": {
+ APIKeys: []string{"test"},
+ },
+ }})
err := config.SaveConfig(configPath, cfg)
require.NoError(t, err)
@@ -312,17 +315,25 @@ func TestModelCommandExecution_Show(t *testing.T) {
func TestModelCommandExecution_Set(t *testing.T) {
initTest(t)
- cfg := &config.Config{
+ sec := &config.SecurityConfig{ModelList: map[string]config.ModelSecurityEntry{
+ "old-model": {
+ APIKeys: []string{"test"},
+ },
+ "new-model": {
+ APIKeys: []string{"test"},
+ },
+ }}
+ cfg := (&config.Config{
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
ModelName: "old-model",
},
},
- ModelList: []config.ModelConfig{
- {ModelName: "old-model", Model: "openai/old", APIKey: "test"},
- {ModelName: "new-model", Model: "openai/new", APIKey: "test"},
+ ModelList: []*config.ModelConfig{
+ {ModelName: "old-model", Model: "openai/old"},
+ {ModelName: "new-model", Model: "openai/new"},
},
- }
+ }).WithSecurity(sec)
err := config.SaveConfig(configPath, cfg)
require.NoError(t, err)
@@ -346,18 +357,28 @@ func TestModelCommandExecution_TooManyArgs(t *testing.T) {
}
func TestListAvailableModels_MarkerLogic(t *testing.T) {
- cfg := &config.Config{
+ cfg := (&config.Config{
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
ModelName: "middle-model",
},
},
- ModelList: []config.ModelConfig{
- {ModelName: "first-model", Model: "openai/first", APIKey: "test"},
- {ModelName: "middle-model", Model: "openai/middle", APIKey: "test"},
- {ModelName: "last-model", Model: "openai/last", APIKey: "test"},
+ ModelList: []*config.ModelConfig{
+ {ModelName: "first-model", Model: "openai/first"},
+ {ModelName: "middle-model", Model: "openai/middle"},
+ {ModelName: "last-model", Model: "openai/last"},
},
- }
+ }).WithSecurity(&config.SecurityConfig{ModelList: map[string]config.ModelSecurityEntry{
+ "first-model": {
+ APIKeys: []string{"test"},
+ },
+ "middle-model": {
+ APIKeys: []string{"test"},
+ },
+ "last-model": {
+ APIKeys: []string{"test"},
+ },
+ }})
output := captureStdout(func() {
listAvailableModels(cfg)
diff --git a/cmd/picoclaw/internal/onboard/helpers_test.go b/cmd/picoclaw/internal/onboard/helpers_test.go
index f3e0c92e0..23fc97c5a 100644
--- a/cmd/picoclaw/internal/onboard/helpers_test.go
+++ b/cmd/picoclaw/internal/onboard/helpers_test.go
@@ -6,20 +6,32 @@ import (
"testing"
)
-func TestCopyEmbeddedToTargetUsesAgentsMarkdown(t *testing.T) {
+func TestCopyEmbeddedToTargetUsesStructuredAgentFiles(t *testing.T) {
targetDir := t.TempDir()
if err := copyEmbeddedToTarget(targetDir); err != nil {
t.Fatalf("copyEmbeddedToTarget() error = %v", err)
}
- agentsPath := filepath.Join(targetDir, "AGENTS.md")
- if _, err := os.Stat(agentsPath); err != nil {
- t.Fatalf("expected %s to exist: %v", agentsPath, err)
+ agentPath := filepath.Join(targetDir, "AGENT.md")
+ if _, err := os.Stat(agentPath); err != nil {
+ t.Fatalf("expected %s to exist: %v", agentPath, err)
}
- legacyPath := filepath.Join(targetDir, "AGENT.md")
- if _, err := os.Stat(legacyPath); !os.IsNotExist(err) {
- t.Fatalf("expected legacy file %s to be absent, got err=%v", legacyPath, err)
+ soulPath := filepath.Join(targetDir, "SOUL.md")
+ if _, err := os.Stat(soulPath); err != nil {
+ t.Fatalf("expected %s to exist: %v", soulPath, err)
+ }
+
+ userPath := filepath.Join(targetDir, "USER.md")
+ if _, err := os.Stat(userPath); err != nil {
+ t.Fatalf("expected %s to exist: %v", userPath, err)
+ }
+
+ for _, legacyName := range []string{"AGENTS.md", "IDENTITY.md"} {
+ legacyPath := filepath.Join(targetDir, legacyName)
+ if _, err := os.Stat(legacyPath); !os.IsNotExist(err) {
+ t.Fatalf("expected legacy file %s to be absent, got err=%v", legacyPath, err)
+ }
}
}
diff --git a/cmd/picoclaw/internal/onboard/weixin.go b/cmd/picoclaw/internal/onboard/weixin.go
index 721b4f0e9..2e1c2ad75 100644
--- a/cmd/picoclaw/internal/onboard/weixin.go
+++ b/cmd/picoclaw/internal/onboard/weixin.go
@@ -96,7 +96,7 @@ func saveWeixinConfig(token, baseURL, proxy string) error {
}
cfg.Channels.Weixin.Enabled = true
- cfg.Channels.Weixin.Token = token
+ cfg.Channels.Weixin.SetToken(token)
const defaultBase = "https://ilinkai.weixin.qq.com/"
if baseURL != "" && baseURL != defaultBase {
cfg.Channels.Weixin.BaseURL = baseURL
diff --git a/cmd/picoclaw/internal/skills/command.go b/cmd/picoclaw/internal/skills/command.go
index 8c666b810..4f64ef3f9 100644
--- a/cmd/picoclaw/internal/skills/command.go
+++ b/cmd/picoclaw/internal/skills/command.go
@@ -31,7 +31,7 @@ func NewSkillsCommand() *cobra.Command {
d.workspace = cfg.WorkspacePath()
installer, err := skills.NewSkillInstaller(
d.workspace,
- cfg.Tools.Skills.Github.Token,
+ cfg.Tools.Skills.Github.Token(),
cfg.Tools.Skills.Github.Proxy,
)
if err != nil {
diff --git a/cmd/picoclaw/internal/skills/helpers.go b/cmd/picoclaw/internal/skills/helpers.go
index a59a2013a..a246f7da5 100644
--- a/cmd/picoclaw/internal/skills/helpers.go
+++ b/cmd/picoclaw/internal/skills/helpers.go
@@ -64,9 +64,20 @@ func skillsInstallFromRegistry(cfg *config.Config, registryName, slug string) er
fmt.Printf("Installing skill '%s' from %s registry...\n", slug, registryName)
+ clawHubConfig := cfg.Tools.Skills.Registries.ClawHub
registryMgr := skills.NewRegistryManagerFromConfig(skills.RegistryConfig{
MaxConcurrentSearches: cfg.Tools.Skills.MaxConcurrentSearches,
- ClawHub: skills.ClawHubConfig(cfg.Tools.Skills.Registries.ClawHub),
+ ClawHub: skills.ClawHubConfig{
+ Enabled: clawHubConfig.Enabled,
+ BaseURL: clawHubConfig.BaseURL,
+ AuthToken: clawHubConfig.AuthToken(),
+ SearchPath: clawHubConfig.SearchPath,
+ SkillsPath: clawHubConfig.SkillsPath,
+ DownloadPath: clawHubConfig.DownloadPath,
+ Timeout: clawHubConfig.Timeout,
+ MaxZipSize: clawHubConfig.MaxZipSize,
+ MaxResponseSize: clawHubConfig.MaxResponseSize,
+ },
})
registry := registryMgr.GetRegistry(registryName)
@@ -226,9 +237,20 @@ func skillsSearchCmd(query string) {
return
}
+ clawHubConfig := cfg.Tools.Skills.Registries.ClawHub
registryMgr := skills.NewRegistryManagerFromConfig(skills.RegistryConfig{
MaxConcurrentSearches: cfg.Tools.Skills.MaxConcurrentSearches,
- ClawHub: skills.ClawHubConfig(cfg.Tools.Skills.Registries.ClawHub),
+ ClawHub: skills.ClawHubConfig{
+ Enabled: clawHubConfig.Enabled,
+ BaseURL: clawHubConfig.BaseURL,
+ AuthToken: clawHubConfig.AuthToken(),
+ SearchPath: clawHubConfig.SearchPath,
+ SkillsPath: clawHubConfig.SkillsPath,
+ DownloadPath: clawHubConfig.DownloadPath,
+ Timeout: clawHubConfig.Timeout,
+ MaxZipSize: clawHubConfig.MaxZipSize,
+ MaxResponseSize: clawHubConfig.MaxResponseSize,
+ },
})
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
diff --git a/cmd/picoclaw/internal/status/helpers.go b/cmd/picoclaw/internal/status/helpers.go
index dd7063fe6..43c5786a8 100644
--- a/cmd/picoclaw/internal/status/helpers.go
+++ b/cmd/picoclaw/internal/status/helpers.go
@@ -42,48 +42,6 @@ func statusCmd() {
if _, err := os.Stat(configPath); err == nil {
fmt.Printf("Model: %s\n", cfg.Agents.Defaults.GetModelName())
- hasOpenRouter := cfg.Providers.OpenRouter.APIKey != ""
- hasAnthropic := cfg.Providers.Anthropic.APIKey != ""
- hasOpenAI := cfg.Providers.OpenAI.APIKey != ""
- hasGemini := cfg.Providers.Gemini.APIKey != ""
- hasZhipu := cfg.Providers.Zhipu.APIKey != ""
- hasQwen := cfg.Providers.Qwen.APIKey != ""
- hasGroq := cfg.Providers.Groq.APIKey != ""
- hasVLLM := cfg.Providers.VLLM.APIBase != ""
- hasMoonshot := cfg.Providers.Moonshot.APIKey != ""
- hasDeepSeek := cfg.Providers.DeepSeek.APIKey != ""
- hasVolcEngine := cfg.Providers.VolcEngine.APIKey != ""
- hasNvidia := cfg.Providers.Nvidia.APIKey != ""
- hasOllama := cfg.Providers.Ollama.APIBase != ""
-
- status := func(enabled bool) string {
- if enabled {
- return "✓"
- }
- return "not set"
- }
- fmt.Println("OpenRouter API:", status(hasOpenRouter))
- fmt.Println("Anthropic API:", status(hasAnthropic))
- fmt.Println("OpenAI API:", status(hasOpenAI))
- fmt.Println("Gemini API:", status(hasGemini))
- fmt.Println("Zhipu API:", status(hasZhipu))
- fmt.Println("Qwen API:", status(hasQwen))
- fmt.Println("Groq API:", status(hasGroq))
- fmt.Println("Moonshot API:", status(hasMoonshot))
- fmt.Println("DeepSeek API:", status(hasDeepSeek))
- fmt.Println("VolcEngine API:", status(hasVolcEngine))
- fmt.Println("Nvidia API:", status(hasNvidia))
- if hasVLLM {
- fmt.Printf("vLLM/Local: ✓ %s\n", cfg.Providers.VLLM.APIBase)
- } else {
- fmt.Println("vLLM/Local: not set")
- }
- if hasOllama {
- fmt.Printf("Ollama: ✓ %s\n", cfg.Providers.Ollama.APIBase)
- } else {
- fmt.Println("Ollama: not set")
- }
-
store, _ := auth.LoadStore()
if store != nil && len(store.Credentials) > 0 {
fmt.Println("\nOAuth/Token Auth:")
diff --git a/config/config.example.json b/config/config.example.json
index 69e8feeae..88578701a 100644
--- a/config/config.example.json
+++ b/config/config.example.json
@@ -1,11 +1,11 @@
{
"agents": {
"defaults": {
- "log_level": "fatal",
"workspace": "~/.picoclaw/workspace",
"restrict_to_workspace": true,
"model_name": "gpt-5.4",
"max_tokens": 8192,
+ "context_window": 131072,
"temperature": 0.7,
"max_tool_iterations": 20,
"summarize_message_threshold": 20,
@@ -547,11 +547,22 @@
"monitor_usb": true
},
"voice": {
+ "model_name": "",
"echo_transcription": false
},
+ "hooks": {
+ "enabled": true,
+ "defaults": {
+ "observer_timeout_ms": 500,
+ "interceptor_timeout_ms": 5000,
+ "approval_timeout_ms": 60000
+ }
+ },
"gateway": {
+ "_comment": "Default log level is set to 'fatal'. Other available options are 'debug', 'info', 'warn' and 'error'.",
"host": "127.0.0.1",
"port": 18790,
- "hot_reload": false
+ "hot_reload": false,
+ "log_level": "fatal"
}
}
diff --git a/docs/agent-refactor/context.md b/docs/agent-refactor/context.md
new file mode 100644
index 000000000..2269d9258
--- /dev/null
+++ b/docs/agent-refactor/context.md
@@ -0,0 +1,164 @@
+# Context
+
+## What this document covers
+
+This document makes explicit the boundaries of context management in the agent loop:
+
+- what fills the context window and how space is divided
+- what is stored in session history vs. built at request time
+- when and how context compression happens
+- how token budgets are estimated
+
+These are existing concepts. This document clarifies their boundaries rather than introducing new ones.
+
+---
+
+## Context window regions
+
+The context window is the model's total input capacity. Four regions fill it:
+
+| Region | Assembled by | Stored in session? |
+|---|---|---|
+| System prompt | `BuildMessages()` — static + dynamic parts | No |
+| Summary | `SetSummary()` stores it; `BuildMessages()` injects it | Separate from history |
+| Session history | User / assistant / tool messages | Yes |
+| Tool definitions | Provider adapter injects at call time | No |
+
+`MaxTokens` (the output generation limit) must also be reserved from the total budget.
+
+The available space for history is therefore:
+
+```
+history_budget = ContextWindow - system_prompt - summary - tool_definitions - MaxTokens
+```
+
+---
+
+## ContextWindow vs MaxTokens
+
+These serve different purposes:
+
+- **MaxTokens** — maximum tokens the LLM may generate in one response. Sent as the `max_tokens` request parameter.
+- **ContextWindow** — the model's total input context capacity.
+
+These were previously set to the same value, which caused the summarization threshold to fire either far too early (at the default 32K) or not at all (when a user raised `max_tokens`).
+
+Current default when not explicitly configured: `ContextWindow = MaxTokens * 4`.
+
+---
+
+## Session history
+
+Session history stores only conversation messages:
+
+- `user` — user input
+- `assistant` — LLM response (may include `ToolCalls`)
+- `tool` — tool execution results
+
+Session history does **not** contain:
+
+- System prompts — assembled at request time by `BuildMessages`
+- Summary content — stored separately via `SetSummary`, injected by `BuildMessages`
+
+This distinction matters: any code that operates on session history — compression, boundary detection, token estimation — must not assume a system message is present.
+
+---
+
+## Turn
+
+A **Turn** is one complete cycle:
+
+> user message -> LLM iterations (possibly including tool calls) -> final assistant response
+
+This definition comes from the agent loop design (#1316). In session history, Turn boundaries are identified by `user`-role messages.
+
+Turn is the atomic unit for compression. Cutting inside a Turn can orphan tool-call sequences — an assistant message with `ToolCalls` separated from its corresponding `tool` results. Compressing at Turn boundaries avoids this by construction.
+
+`parseTurnBoundaries(history)` returns the starting index of each Turn.
+`findSafeBoundary(history, targetIndex)` snaps a target cut point to the nearest Turn boundary.
+
+---
+
+## Compression paths
+
+Three compression paths exist, in order of preference:
+
+### 1. Async summarization
+
+`maybeSummarize` runs after each Turn completes.
+
+Triggers when message count exceeds a threshold, or when estimated history tokens exceed a percentage of `ContextWindow`. If triggered, a background goroutine calls the LLM to produce a summary of the oldest messages. The summary is stored via `SetSummary`; `BuildMessages` injects it into the system prompt on the next call.
+
+Cut point uses `findSafeBoundary` so no Turn is split.
+
+### 2. Proactive budget check
+
+`isOverContextBudget` runs before each LLM call.
+
+Uses the full budget formula: `message_tokens + tool_def_tokens + MaxTokens > ContextWindow`. If over budget, triggers `forceCompression` and rebuilds messages before calling the LLM.
+
+This prevents wasted (and billed) LLM calls that would otherwise fail with a context-window error.
+
+### 3. Emergency compression (reactive)
+
+`forceCompression` runs when the LLM returns a context-window error despite the proactive check.
+
+Drops the oldest ~50% of Turns. If the history is a single Turn with no safe split point (e.g. one user message followed by a massive tool response), falls back to keeping only the most recent user message — breaking Turn atomicity as a last resort to avoid a context-exceeded loop.
+
+Stores a compression note in the session summary (not in history messages) so `BuildMessages` can include it in the next system prompt.
+
+This is the fallback for when the token estimate undershoots reality.
+
+---
+
+## Token estimation
+
+Estimation uses a heuristic of ~2.5 characters per token (`chars * 2 / 5`).
+
+`estimateMessageTokens` counts:
+
+- `Content` (rune count, for multibyte correctness)
+- `ReasoningContent` (extended thinking / chain-of-thought)
+- `ToolCalls` — ID, type, function name, arguments
+- `ToolCallID` (tool result metadata)
+- Per-message overhead (role label, JSON structure)
+- `Media` items — flat per-item token estimate, added directly to the final count (not through the character heuristic, since actual cost depends on resolution and provider-specific image tokenization)
+
+`estimateToolDefsTokens` counts tool definition overhead: name, description, JSON schema of parameters.
+
+These are deliberately heuristic. The proactive check handles the common case; the reactive path catches estimation errors.
+
+---
+
+## Interface boundaries
+
+Context budget functions (`parseTurnBoundaries`, `findSafeBoundary`, `estimateMessageTokens`, `isOverContextBudget`) are **pure functions**. They take `[]providers.Message` and integer parameters. They have no dependency on `AgentLoop` or any other runtime struct.
+
+`BuildMessages` is the sole assembler of the final message array sent to the LLM. Budget functions inform compression decisions but do not construct messages.
+
+`forceCompression` and `summarizeSession` mutate session state (history and summary). `BuildMessages` reads that state to construct context. The flow is:
+
+```
+budget check --> compression decision --> mutate session --> BuildMessages reads session --> LLM call
+```
+
+---
+
+## Known gaps
+
+These are recognized limitations in the current implementation, documented here for visibility:
+
+- **Summarization trigger does not use the full budget formula.** `maybeSummarize` compares estimated history tokens against a percentage of `ContextWindow`. It does not account for system prompt size, tool definition overhead, or `MaxTokens` reserve. The proactive check covers the critical path (preventing 400 errors), but the summarization trigger could be aligned with the same budget model for more accurate early compression.
+
+- **Token estimation is heuristic.** It does not account for provider-specific tokenization, exact system prompt size (assembled separately), or variable image token costs. The two-path design (proactive + reactive) is intended to tolerate this imprecision.
+
+- **Reactive retry does not preserve media.** When the reactive path rebuilds context after compression, it currently passes empty values for media references. This is a pre-existing issue in the main loop, not introduced by the budget system.
+
+---
+
+## What this document does not cover
+
+- How `AGENT.md` frontmatter configures context parameters — that is part of the Agent definition work
+- How the context builder assembles context in the new architecture — that is upcoming work
+- How compression events surface through the event system — that is part of the event model (#1316)
+- Subagent context isolation — that is a separate track
diff --git a/docs/channels/matrix/README.fr.md b/docs/channels/matrix/README.fr.md
new file mode 100644
index 000000000..ec762a8b8
--- /dev/null
+++ b/docs/channels/matrix/README.fr.md
@@ -0,0 +1,64 @@
+> Retour au [README](../../../README.fr.md)
+
+# Guide de configuration du canal Matrix
+
+## 1. Exemple de configuration
+
+Ajoutez ceci à `config.json` :
+
+```json
+{
+ "channels": {
+ "matrix": {
+ "enabled": true,
+ "homeserver": "https://matrix.org",
+ "user_id": "@your-bot:matrix.org",
+ "access_token": "YOUR_MATRIX_ACCESS_TOKEN",
+ "device_id": "",
+ "join_on_invite": true,
+ "allow_from": [],
+ "group_trigger": {
+ "mention_only": true
+ },
+ "placeholder": {
+ "enabled": true,
+ "text": "Thinking..."
+ },
+ "reasoning_channel_id": "",
+ "message_format": "richtext"
+ }
+ }
+}
+```
+
+## 2. Référence des champs
+
+| Champ | Type | Requis | Description |
+|----------------------|----------|--------|-------------|
+| enabled | bool | Oui | Activer ou désactiver le canal Matrix |
+| homeserver | string | Oui | URL du homeserver Matrix (par exemple `https://matrix.org`) |
+| user_id | string | Oui | ID utilisateur Matrix du bot (par exemple `@bot:matrix.org`) |
+| access_token | string | Oui | Jeton d'accès du bot |
+| device_id | string | Non | ID d'appareil Matrix optionnel |
+| join_on_invite | bool | Non | Rejoindre automatiquement les salons invités |
+| allow_from | []string | Non | Liste blanche d'utilisateurs (IDs Matrix) |
+| group_trigger | object | Non | Stratégie de déclenchement de groupe (`mention_only` / `prefixes`) |
+| placeholder | object | Non | Configuration du message de remplacement |
+| reasoning_channel_id | string | Non | Canal cible pour la sortie de raisonnement |
+| message_format | string | Non | Format de sortie : `"richtext"` (défaut) rend le markdown en HTML ; `"plain"` envoie du texte brut uniquement |
+
+## 3. Fonctionnalités actuellement supportées
+
+- Envoi/réception de messages texte avec rendu markdown (gras, italique, titres, blocs de code, etc.)
+- Format de message configurable (`richtext` / `plain`)
+- Téléchargement d'images/audio/vidéo/fichiers entrants (MediaStore en priorité, chemin local en secours)
+- Normalisation de l'audio entrant dans le flux de transcription existant (`[audio: ...]`)
+- Upload et envoi d'images/audio/vidéo/fichiers sortants
+- Règles de déclenchement de groupe (y compris le mode mention uniquement)
+- État de frappe (`m.typing`)
+- Message de remplacement + remplacement de la réponse finale
+- Rejoindre automatiquement les salons invités (peut être désactivé)
+
+## 4. TODO
+
+- Améliorations des métadonnées des médias riches (par exemple taille et miniatures des images/vidéos)
diff --git a/docs/channels/matrix/README.ja.md b/docs/channels/matrix/README.ja.md
new file mode 100644
index 000000000..e5a773d4d
--- /dev/null
+++ b/docs/channels/matrix/README.ja.md
@@ -0,0 +1,64 @@
+> [README](../../../README.ja.md) に戻る
+
+# Matrix チャンネル設定ガイド
+
+## 1. 設定例
+
+`config.json` に以下を追加してください:
+
+```json
+{
+ "channels": {
+ "matrix": {
+ "enabled": true,
+ "homeserver": "https://matrix.org",
+ "user_id": "@your-bot:matrix.org",
+ "access_token": "YOUR_MATRIX_ACCESS_TOKEN",
+ "device_id": "",
+ "join_on_invite": true,
+ "allow_from": [],
+ "group_trigger": {
+ "mention_only": true
+ },
+ "placeholder": {
+ "enabled": true,
+ "text": "Thinking..."
+ },
+ "reasoning_channel_id": "",
+ "message_format": "richtext"
+ }
+ }
+}
+```
+
+## 2. フィールドリファレンス
+
+| フィールド | 型 | 必須 | 説明 |
+|----------------------|----------|------|------|
+| enabled | bool | はい | Matrix チャンネルの有効/無効 |
+| homeserver | string | はい | Matrix ホームサーバー URL(例:`https://matrix.org`) |
+| user_id | string | はい | ボットの Matrix ユーザー ID(例:`@bot:matrix.org`) |
+| access_token | string | はい | ボットのアクセストークン |
+| device_id | string | いいえ | オプションの Matrix デバイス ID |
+| join_on_invite | bool | いいえ | 招待されたルームに自動参加 |
+| allow_from | []string | いいえ | ユーザーホワイトリスト(Matrix ユーザー ID) |
+| group_trigger | object | いいえ | グループトリガー戦略(`mention_only` / `prefixes`) |
+| placeholder | object | いいえ | プレースホルダーメッセージ設定 |
+| reasoning_channel_id | string | いいえ | 推論出力のターゲットチャンネル |
+| message_format | string | いいえ | 出力形式:`"richtext"`(デフォルト)は markdown を HTML としてレンダリング;`"plain"` はプレーンテキストのみ送信 |
+
+## 3. 現在サポートされている機能
+
+- markdown レンダリング付きテキストメッセージ送受信(太字、斜体、見出し、コードブロックなど)
+- 設定可能なメッセージ形式(`richtext` / `plain`)
+- 受信画像/音声/動画/ファイルのダウンロード(MediaStore 優先、ローカルパスフォールバック)
+- 受信音声の既存文字起こしフローへの正規化(`[audio: ...]`)
+- 送信画像/音声/動画/ファイルのアップロードと送信
+- グループトリガールール(メンションのみモードを含む)
+- タイピング状態(`m.typing`)
+- プレースホルダーメッセージ + 最終返信の置き換え
+- 招待されたルームへの自動参加(無効化可能)
+
+## 4. TODO
+
+- リッチメディアメタデータの改善(例:画像/動画のサイズとサムネイル)
diff --git a/docs/channels/matrix/README.md b/docs/channels/matrix/README.md
index 233f5c0a3..2ed19245a 100644
--- a/docs/channels/matrix/README.md
+++ b/docs/channels/matrix/README.md
@@ -1,3 +1,5 @@
+> Back to [README](../../../README.md)
+
# Matrix Channel Configuration Guide
## 1. Example Configuration
diff --git a/docs/channels/matrix/README.pt-br.md b/docs/channels/matrix/README.pt-br.md
new file mode 100644
index 000000000..11a9aaa11
--- /dev/null
+++ b/docs/channels/matrix/README.pt-br.md
@@ -0,0 +1,64 @@
+> Voltar ao [README](../../../README.pt-br.md)
+
+# Guia de Configuração do Canal Matrix
+
+## 1. Exemplo de Configuração
+
+Adicione isto ao `config.json`:
+
+```json
+{
+ "channels": {
+ "matrix": {
+ "enabled": true,
+ "homeserver": "https://matrix.org",
+ "user_id": "@your-bot:matrix.org",
+ "access_token": "YOUR_MATRIX_ACCESS_TOKEN",
+ "device_id": "",
+ "join_on_invite": true,
+ "allow_from": [],
+ "group_trigger": {
+ "mention_only": true
+ },
+ "placeholder": {
+ "enabled": true,
+ "text": "Thinking..."
+ },
+ "reasoning_channel_id": "",
+ "message_format": "richtext"
+ }
+ }
+}
+```
+
+## 2. Referência de Campos
+
+| Campo | Tipo | Obrigatório | Descrição |
+|----------------------|----------|-------------|-----------|
+| enabled | bool | Sim | Habilitar ou desabilitar o canal Matrix |
+| homeserver | string | Sim | URL do homeserver Matrix (por exemplo `https://matrix.org`) |
+| user_id | string | Sim | ID de usuário Matrix do bot (por exemplo `@bot:matrix.org`) |
+| access_token | string | Sim | Token de acesso do bot |
+| device_id | string | Não | ID de dispositivo Matrix opcional |
+| join_on_invite | bool | Não | Entrar automaticamente em salas convidadas |
+| allow_from | []string | Não | Lista branca de usuários (IDs Matrix) |
+| group_trigger | object | Não | Estratégia de gatilho de grupo (`mention_only` / `prefixes`) |
+| placeholder | object | Não | Configuração de mensagem de espaço reservado |
+| reasoning_channel_id | string | Não | Canal alvo para saída de raciocínio |
+| message_format | string | Não | Formato de saída: `"richtext"` (padrão) renderiza markdown como HTML; `"plain"` envia apenas texto simples |
+
+## 3. Suporte Atual
+
+- Envio/recebimento de mensagens de texto com renderização markdown (negrito, itálico, cabeçalhos, blocos de código, etc.)
+- Formato de mensagem configurável (`richtext` / `plain`)
+- Download de imagens/áudio/vídeo/arquivos recebidos (MediaStore primeiro, fallback para caminho local)
+- Normalização de áudio recebido no fluxo de transcrição existente (`[audio: ...]`)
+- Upload e envio de imagens/áudio/vídeo/arquivos de saída
+- Regras de gatilho de grupo (incluindo modo somente menção)
+- Estado de digitação (`m.typing`)
+- Mensagem de espaço reservado + substituição de resposta final
+- Entrada automática em salas convidadas (pode ser desabilitado)
+
+## 4. TODO
+
+- Melhorias nos metadados de mídia rica (por exemplo tamanho e miniaturas de imagens/vídeos)
diff --git a/docs/channels/matrix/README.vi.md b/docs/channels/matrix/README.vi.md
new file mode 100644
index 000000000..f1272076f
--- /dev/null
+++ b/docs/channels/matrix/README.vi.md
@@ -0,0 +1,64 @@
+> Quay lại [README](../../../README.vi.md)
+
+# Hướng dẫn Cấu hình Kênh Matrix
+
+## 1. Cấu hình Mẫu
+
+Thêm vào `config.json`:
+
+```json
+{
+ "channels": {
+ "matrix": {
+ "enabled": true,
+ "homeserver": "https://matrix.org",
+ "user_id": "@your-bot:matrix.org",
+ "access_token": "YOUR_MATRIX_ACCESS_TOKEN",
+ "device_id": "",
+ "join_on_invite": true,
+ "allow_from": [],
+ "group_trigger": {
+ "mention_only": true
+ },
+ "placeholder": {
+ "enabled": true,
+ "text": "Thinking..."
+ },
+ "reasoning_channel_id": "",
+ "message_format": "richtext"
+ }
+ }
+}
+```
+
+## 2. Tham chiếu Trường
+
+| Trường | Kiểu | Bắt buộc | Mô tả |
+|----------------------|----------|----------|-------|
+| enabled | bool | Có | Bật hoặc tắt kênh Matrix |
+| homeserver | string | Có | URL homeserver Matrix (ví dụ `https://matrix.org`) |
+| user_id | string | Có | ID người dùng Matrix của bot (ví dụ `@bot:matrix.org`) |
+| access_token | string | Có | Token truy cập của bot |
+| device_id | string | Không | ID thiết bị Matrix tùy chọn |
+| join_on_invite | bool | Không | Tự động tham gia phòng được mời |
+| allow_from | []string | Không | Danh sách trắng người dùng (ID Matrix) |
+| group_trigger | object | Không | Chiến lược kích hoạt nhóm (`mention_only` / `prefixes`) |
+| placeholder | object | Không | Cấu hình tin nhắn giữ chỗ |
+| reasoning_channel_id | string | Không | Kênh đích cho đầu ra suy luận |
+| message_format | string | Không | Định dạng đầu ra: `"richtext"` (mặc định) render markdown thành HTML; `"plain"` chỉ gửi văn bản thuần |
+
+## 3. Tính năng Hiện tại
+
+- Gửi/nhận tin nhắn văn bản với render markdown (đậm, nghiêng, tiêu đề, khối code, v.v.)
+- Định dạng tin nhắn có thể cấu hình (`richtext` / `plain`)
+- Tải xuống hình ảnh/âm thanh/video/tệp đến (MediaStore trước, fallback đường dẫn cục bộ)
+- Chuẩn hóa âm thanh đến vào luồng phiên âm hiện có (`[audio: ...]`)
+- Tải lên và gửi hình ảnh/âm thanh/video/tệp đi
+- Quy tắc kích hoạt nhóm (bao gồm chế độ chỉ đề cập)
+- Trạng thái đang gõ (`m.typing`)
+- Tin nhắn giữ chỗ + thay thế phản hồi cuối cùng
+- Tự động tham gia phòng được mời (có thể tắt)
+
+## 4. TODO
+
+- Cải thiện metadata phương tiện phong phú (ví dụ kích thước và hình thu nhỏ hình ảnh/video)
diff --git a/docs/channels/matrix/README.zh.md b/docs/channels/matrix/README.zh.md
index 1f9e5bbe2..8db3e4383 100644
--- a/docs/channels/matrix/README.zh.md
+++ b/docs/channels/matrix/README.zh.md
@@ -1,3 +1,5 @@
+> 返回 [README](../../../README.zh.md)
+
# Matrix 通道配置指南
## 1. 配置示例
diff --git a/docs/channels/telegram/README.md b/docs/channels/telegram/README.md
index a3e057ba4..5b4d6c76a 100644
--- a/docs/channels/telegram/README.md
+++ b/docs/channels/telegram/README.md
@@ -2,7 +2,7 @@
# Telegram
-The Telegram channel uses long polling via the Telegram Bot API for bot-based communication. It supports text messages, media attachments (photos, voice, audio, documents), voice transcription via Groq Whisper, and built-in command handling.
+The Telegram channel uses long polling via the Telegram Bot API for bot-based communication. It supports text messages, media attachments (photos, voice, audio, documents), voice transcription ([setup](../../providers.md#voice-transcription)), and built-in command handling.
## Configuration
diff --git a/docs/channels/telegram/README.zh.md b/docs/channels/telegram/README.zh.md
index f50c712ce..6a7533582 100644
--- a/docs/channels/telegram/README.zh.md
+++ b/docs/channels/telegram/README.zh.md
@@ -2,7 +2,7 @@
# Telegram
-Telegram Channel 通过 Telegram 机器人 API 使用长轮询实现基于机器人的通信。它支持文本消息、媒体附件(照片、语音、音频、文档)、通过 Groq Whisper 进行语音转录以及内置命令处理器。
+Telegram Channel 通过 Telegram 机器人 API 使用长轮询实现基于机器人的通信。它支持文本消息、媒体附件(照片、语音、音频、文档)、语音转录(配置见[提供商与模型配置](../../zh/providers.md#语音转录)),以及内置命令处理器。
## 配置
diff --git a/docs/chat-apps.md b/docs/chat-apps.md
index 07297952a..b0ebc7c54 100644
--- a/docs/chat-apps.md
+++ b/docs/chat-apps.md
@@ -10,22 +10,23 @@ Talk to your picoclaw through Telegram, Discord, WhatsApp, Matrix, QQ, DingTalk,
| Channel | Difficulty | Description | Documentation |
| -------------------- | ------------------ | ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- |
-| **Telegram** | ⭐ Easy | Recommended, voice-to-text, long polling (no public IP needed) | [Docs](../channels/telegram/README.md) |
-| **Discord** | ⭐ Easy | Socket Mode, group/DM support, rich bot ecosystem | [Docs](../channels/discord/README.md) |
+| **Telegram** | ⭐ Easy | Recommended, voice-to-text, long polling (no public IP needed) | [Docs](channels/telegram/README.md) |
+| **Discord** | ⭐ Easy | Socket Mode, group/DM support, rich bot ecosystem | [Docs](channels/discord/README.md) |
| **WhatsApp** | ⭐ Easy | Native (QR scan) or Bridge URL | [Docs](#whatsapp) |
-| **Weixin** | ⭐ Easy | Native QR scan (Tencent iLink API) | [Docs](../channels/weixin/README.md) |
-| **Slack** | ⭐ Easy | **Socket Mode** (no public IP needed), enterprise | [Docs](../channels/slack/README.md) |
-| **Matrix** | ⭐⭐ Medium | Federated protocol, self-hosting supported | [Docs](../channels/matrix/README.md) |
-| **QQ** | ⭐⭐ Medium | Official bot API, Chinese community | [Docs](../channels/qq/README.md) |
-| **DingTalk** | ⭐⭐ Medium | Stream mode (no public IP needed), enterprise | [Docs](../channels/dingtalk/README.md) |
-| **LINE** | ⭐⭐⭐ Advanced | HTTPS Webhook required | [Docs](../channels/line/README.md) |
-| **WeCom (企业微信)** | ⭐⭐⭐ Advanced | Group Bot (Webhook), custom App (API), AI Bot | [Bot](../channels/wecom/wecom_bot/README.md) / [App](../channels/wecom/wecom_app/README.md) / [AI Bot](../channels/wecom/wecom_aibot/README.md) |
-| **Feishu (飞书)** | ⭐⭐⭐ Advanced | Enterprise collaboration, feature-rich | [Docs](../channels/feishu/README.md) |
-| **IRC** | ⭐⭐ Medium | Server + TLS configuration | - |
-| **OneBot** | ⭐⭐ Medium | NapCat/Go-CQHTTP compatible, community ecosystem | [Docs](../channels/onebot/README.md) |
-| **MaixCam** | ⭐ Easy | Hardware integration channel for Sipeed AI cameras | [Docs](../channels/maixcam/README.md) |
+| **Weixin** | ⭐ Easy | Native QR scan (Tencent iLink API) | [Docs](#weixin) |
+| **Slack** | ⭐ Easy | **Socket Mode** (no public IP needed), enterprise | [Docs](channels/slack/README.md) |
+| **Matrix** | ⭐⭐ Medium | Federated protocol, self-hosting supported | [Docs](channels/matrix/README.md) |
+| **QQ** | ⭐⭐ Medium | Official bot API, Chinese community | [Docs](channels/qq/README.md) |
+| **DingTalk** | ⭐⭐ Medium | Stream mode (no public IP needed), enterprise | [Docs](channels/dingtalk/README.md) |
+| **LINE** | ⭐⭐⭐ Advanced | HTTPS Webhook required | [Docs](channels/line/README.md) |
+| **WeCom (企业微信)** | ⭐⭐⭐ Advanced | Group Bot (Webhook), custom App (API), AI Bot | [Bot](channels/wecom/wecom_bot/README.md) / [App](channels/wecom/wecom_app/README.md) / [AI Bot](channels/wecom/wecom_aibot/README.md) |
+| **Feishu (飞书)** | ⭐⭐⭐ Advanced | Enterprise collaboration, feature-rich | [Docs](channels/feishu/README.md) |
+| **IRC** | ⭐⭐ Medium | Server + TLS configuration | [Docs](#irc) |
+| **OneBot** | ⭐⭐ Medium | NapCat/Go-CQHTTP compatible, community ecosystem | [Docs](channels/onebot/README.md) |
+| **MaixCam** | ⭐ Easy | Hardware integration channel for Sipeed AI cameras | [Docs](channels/maixcam/README.md) |
| **Pico** | ⭐ Easy | Native PicoClaw protocol channel | |
+Telegram (Recommended)
@@ -44,7 +45,7 @@ Talk to your picoclaw through Telegram, Discord, WhatsApp, Matrix, QQ, DingTalk,
"enabled": true,
"token": "YOUR_BOT_TOKEN",
"allow_from": ["YOUR_USER_ID"],
- "use_markdown_v2": false,
+ "use_markdown_v2": false
}
}
}
@@ -70,6 +71,7 @@ You can set use_markdown_v2: true to enable enhanced formatting options. This al
+Discord
@@ -143,6 +145,7 @@ picoclaw gateway
+WhatsApp (native via whatsmeow)
@@ -170,12 +173,14 @@ If `session_store_path` is empty, the session is stored in `/whatsapp
+Weixin (WeChat Personal)
PicoClaw supports connecting to your personal WeChat account using the official Tencent iLink API.
**1. Login**
+
Run the interactive QR login flow:
```bash
picoclaw onboard weixin
@@ -183,6 +188,7 @@ picoclaw onboard weixin
Scan the printed QR code with your WeChat mobile app. On success, the token is saved to your config.
**2. Configure**
+
(Optional) Update `allow_from` with your WeChat User ID to restrict who can message the bot:
```json
{
@@ -203,6 +209,7 @@ picoclaw gateway
+QQ
@@ -244,6 +251,7 @@ If you prefer to create the bot manually:
+DingTalk
@@ -277,6 +285,7 @@ picoclaw gateway
```
+Matrix
@@ -311,6 +320,7 @@ For full options (`device_id`, `join_on_invite`, `group_trigger`, `placeholder`,
+LINE
@@ -359,6 +369,7 @@ picoclaw gateway
+WeCom (企业微信)
@@ -473,6 +484,7 @@ picoclaw gateway
+Feishu (Lark)
@@ -514,6 +526,7 @@ For full options, see [Feishu Channel Configuration Guide](channels/feishu/READM
+Slack
@@ -547,6 +560,7 @@ picoclaw gateway
+IRC
@@ -580,6 +594,7 @@ The bot will connect to the IRC server and join the specified channels.
+OneBot (QQ via OneBot protocol)
diff --git a/docs/config-versioning.md b/docs/config-versioning.md
new file mode 100644
index 000000000..36d7fdd25
--- /dev/null
+++ b/docs/config-versioning.md
@@ -0,0 +1,230 @@
+# Config Schema Versioning Guide
+
+## Overview
+
+PicoClaw uses a schema versioning system for `config.json` to ensure smooth upgrades as the configuration format evolves.
+
+## Version History
+
+### Version 1
+- **Introduction**: Initial version with version field support
+- **Changes**: Added `version` field to Config struct
+- **Migration**: No structural changes needed for existing configs
+
+## How It Works
+
+### Automatic Migration
+When you load a config file:
+1. The system first reads the `version` field from the JSON
+2. Based on the detected version, it loads the appropriate config struct (`ConfigV0`, `ConfigV1`, etc.)
+3. If the loaded version is less than the latest, migrations are applied incrementally
+4. The version number is updated automatically
+5. The migrated config is automatically saved back to disk
+
+### Version Field
+The `version` field in `config.json` indicates the schema version:
+- `0` or missing: Legacy config (no version field)
+- `1`: Current version with versioning support
+
+```json
+{
+ "version": 1,
+ "agents": {...},
+ ...
+}
+```
+
+## Adding a New Migration
+
+When making breaking changes to the config schema:
+
+### Step 1: Define the New Version Struct
+
+Create a new struct for the new version if the structure changes significantly:
+
+```go
+// ConfigV2 represents version 2 config structure
+type ConfigV2 struct {
+ Version int `json:"version"`
+ Agents AgentsConfig `json:"agents"`
+ // ... other fields with new structure
+}
+```
+
+### Step 2: Update Current Config Version
+
+```go
+const CurrentConfigVersion = 2 // Increment this
+```
+
+### Step 3: Add a Loader Function
+
+```go
+// loadConfigV2 loads a version 2 config
+func loadConfigV2(data []byte) (*Config, error) {
+ cfg := DefaultConfig()
+
+ // Parse to ConfigV2 struct
+ var v2 ConfigV2
+ if err := json.Unmarshal(data, &v2); err != nil {
+ return nil, err
+ }
+
+ // Convert to current Config
+ cfg.Version = v2.Version
+ cfg.Agents = v2.Agents
+ // ... map other fields
+
+ return cfg, nil
+}
+```
+
+### Step 4: Add Migration Logic
+
+```go
+// applyMigration applies a single migration step from fromVersion to toVersion
+func applyMigration(cfg *Config, fromVersion, toVersion int) (*Config, error) {
+ switch toVersion {
+ case 1:
+ // Migration from version 0 to 1
+ return &Config{
+ Version: 1,
+ Agents: cfg.Agents,
+ // ... copy all fields
+ }, nil
+ case 2:
+ // Migration from version 1 to 2
+ // Example: Move or rename fields
+ migrated := *cfg
+ migrated.Version = 2
+ // Apply structural changes
+ if cfg.SomeOldField != "" {
+ migrated.SomeNewField = cfg.SomeOldField
+ }
+ return &migrated, nil
+ default:
+ return nil, fmt.Errorf("unsupported migration target version: %d", toVersion)
+ }
+}
+```
+
+### Step 5: Update LoadConfig Switch
+
+```go
+func LoadConfig(path string) (*Config, error) {
+ // ... read file ...
+
+ switch versionInfo.Version {
+ case 0:
+ cfg, err = loadConfigV0(data)
+ case 1:
+ cfg, err = loadConfigV1(data)
+ case 2:
+ cfg, err = loadConfigV2(data)
+ default:
+ return nil, fmt.Errorf("unsupported config version: %d", versionInfo.Version)
+ }
+
+ // ... migrate and validate ...
+}
+```
+
+### Step 6: Test Your Migration
+
+Create a test in `config_migration_test.go`:
+
+```go
+func TestMigrateV1ToV2(t *testing.T) {
+ // Create a version 1 config
+ v1Config := Config{
+ Version: 1,
+ // ... set up test data
+ }
+
+ // Apply migration
+ migrated, err := applyMigration(&v1Config, 1, 2)
+ if err != nil {
+ t.Fatalf("Migration failed: %v", err)
+ }
+
+ // Verify version is updated
+ if migrated.Version != 2 {
+ t.Errorf("Expected version 2, got %d", migrated.Version)
+ }
+
+ // Verify data is preserved/transformed correctly
+ // ...
+}
+```
+
+## Migration Best Practices
+
+1. **Version-Specific Structs**: Define a separate struct for each version that has structural changes
+2. **Backward Compatibility**: Ensure old configs can still be loaded with their specific structs
+3. **No Data Loss**: Migrations should preserve all user settings
+4. **Idempotent**: Running the same migration multiple times should be safe
+5. **Auto-Save**: Migrated configs are automatically saved to update the user's file
+6. **Test Thoroughly**: Test with real user config files
+7. **Update Defaults**: Keep `defaults.go` in sync with the latest schema
+
+## Example Migration
+
+### Scenario: Adding a new field with default value
+
+Old config (version 1):
+```json
+{
+ "version": 1,
+ "agents": {
+ "defaults": {
+ "max_tokens": 32768
+ }
+ }
+}
+```
+
+Migration to version 2:
+```go
+case 2:
+ migrated := *cfg
+ migrated.Version = 2
+
+ // Add new field with default value if not set
+ if migrated.Agents.Defaults.NewFeatureEnabled == false {
+ // Use default value
+ }
+
+ return &migrated, nil
+```
+
+New config (version 2):
+```json
+{
+ "version": 2,
+ "agents": {
+ "defaults": {
+ "max_tokens": 32768,
+ "new_feature_enabled": false
+ }
+ }
+}
+```
+
+## Troubleshooting
+
+### Config Not Upgrading
+- Check that `CurrentConfigVersion` is incremented
+- Verify migration logic in `applyMigration()` handles the target version
+- Ensure `migrateConfig()` is called in `LoadConfig()`
+
+### Migration Errors
+- Check error messages for specific migration failures
+- Review migration logic for edge cases
+- Ensure all required fields are properly initialized
+- Verify the loader function for the source version
+
+### Data Loss After Migration
+- Ensure all fields are copied during migration
+- Check that the migration doesn't overwrite values with defaults unnecessarily
+- Review the conversion logic in the loader functions
+
diff --git a/docs/configuration.md b/docs/configuration.md
index b5d652a85..56c3e2dc7 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -347,3 +347,396 @@ For long-running tasks (web search, API calls), use the `spawn` tool to create a
```markdown
# Periodic Tasks
+
+## Quick Tasks (respond directly)
+
+- Report current time
+
+## Long Tasks (use spawn for async)
+
+- Search the web for AI news and summarize
+- Check email and report important messages
+```
+
+**Key behaviors:**
+
+| Feature | Description |
+| ----------------------- | --------------------------------------------------------- |
+| **spawn** | Creates async subagent, doesn't block heartbeat |
+| **Independent context** | Subagent has its own context, no session history |
+| **message tool** | Subagent communicates with user directly via message tool |
+| **Non-blocking** | After spawning, heartbeat continues to next task |
+
+#### How Subagent Communication Works
+
+```
+Heartbeat triggers
+ ↓
+Agent reads HEARTBEAT.md
+ ↓
+For long task: spawn subagent
+ ↓ ↓
+Continue to next task Subagent works independently
+ ↓ ↓
+All tasks done Subagent uses "message" tool
+ ↓ ↓
+Respond HEARTBEAT_OK User receives result directly
+```
+
+The subagent has access to tools (message, web_search, etc.) and can communicate with the user independently without going through the main agent.
+
+**Configuration:**
+
+```json
+{
+ "heartbeat": {
+ "enabled": true,
+ "interval": 30
+ }
+}
+```
+
+| Option | Default | Description |
+| ---------- | ------- | ---------------------------------- |
+| `enabled` | `true` | Enable/disable heartbeat |
+| `interval` | `30` | Check interval in minutes (min: 5) |
+
+**Environment variables:**
+
+* `PICOCLAW_HEARTBEAT_ENABLED=false` to disable
+* `PICOCLAW_HEARTBEAT_INTERVAL=60` to change interval
+
+### Providers
+
+> [!NOTE]
+> Groq provides free voice transcription via Whisper. If configured, audio messages from any channel will be automatically transcribed at the agent level.
+
+| Provider | Purpose | Get API Key |
+| ------------ | --------------------------------------- | ------------------------------------------------------------ |
+| `gemini` | LLM (Gemini direct) | [aistudio.google.com](https://aistudio.google.com) |
+| `zhipu` | LLM (Zhipu direct) | [bigmodel.cn](https://bigmodel.cn) |
+| `volcengine` | LLM (Volcengine direct) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) |
+| `openrouter` | LLM (recommended, access to all models) | [openrouter.ai](https://openrouter.ai) |
+| `anthropic` | LLM (Claude direct) | [console.anthropic.com](https://console.anthropic.com) |
+| `openai` | LLM (GPT direct) | [platform.openai.com](https://platform.openai.com) |
+| `deepseek` | LLM (DeepSeek direct) | [platform.deepseek.com](https://platform.deepseek.com) |
+| `qwen` | LLM (Qwen direct) | [dashscope.console.aliyun.com](https://dashscope.console.aliyun.com) |
+| `groq` | LLM + **Voice transcription** (Whisper) | [console.groq.com](https://console.groq.com) |
+| `cerebras` | LLM (Cerebras direct) | [cerebras.ai](https://cerebras.ai) |
+| `vivgrid` | LLM (Vivgrid direct) | [vivgrid.com](https://vivgrid.com) |
+
+### Model Configuration (model_list)
+
+> **What's New?** PicoClaw now uses a **model-centric** configuration approach. Simply specify `vendor/model` format (e.g., `zhipu/glm-4.7`) to add new providers — **zero code changes required!**
+
+This design also enables **multi-agent support** with flexible provider selection:
+
+- **Different agents, different providers**: Each agent can use its own LLM provider
+- **Model fallbacks**: Configure primary and fallback models for resilience
+- **Load balancing**: Distribute requests across multiple endpoints
+- **Centralized configuration**: Manage all providers in one place
+
+#### All Supported Vendors
+
+| Vendor | `model` Prefix | Default API Base | Protocol | API Key |
+| ----------------------- | ----------------- | --------------------------------------------------- | --------- | ---------------------------------------------------------------- |
+| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [Get Key](https://platform.openai.com) |
+| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [Get Key](https://console.anthropic.com) |
+| **智谱 AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [Get Key](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) |
+| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [Get Key](https://platform.deepseek.com) |
+| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [Get Key](https://aistudio.google.com/api-keys) |
+| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [Get Key](https://console.groq.com) |
+| **Moonshot** | `moonshot/` | `https://api.moonshot.cn/v1` | OpenAI | [Get Key](https://platform.moonshot.cn) |
+| **通义千问 (Qwen)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [Get Key](https://dashscope.console.aliyun.com) |
+| **NVIDIA** | `nvidia/` | `https://integrate.api.nvidia.com/v1` | OpenAI | [Get Key](https://build.nvidia.com) |
+| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | Local (no key needed) |
+| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [Get Key](https://openrouter.ai/keys) |
+| **LiteLLM Proxy** | `litellm/` | `http://localhost:4000/v1` | OpenAI | Your LiteLLM proxy key |
+| **VLLM** | `vllm/` | `http://localhost:8000/v1` | OpenAI | Local |
+| **Cerebras** | `cerebras/` | `https://api.cerebras.ai/v1` | OpenAI | [Get Key](https://cerebras.ai) |
+| **VolcEngine (Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [Get Key](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) |
+| **神算云** | `shengsuanyun/` | `https://router.shengsuanyun.com/api/v1` | OpenAI | — |
+| **BytePlus** | `byteplus/` | `https://ark.ap-southeast.bytepluses.com/api/v3` | OpenAI | [Get Key](https://www.byteplus.com) |
+| **Vivgrid** | `vivgrid/` | `https://api.vivgrid.com/v1` | OpenAI | [Get Key](https://vivgrid.com) |
+| **LongCat** | `longcat/` | `https://api.longcat.chat/openai` | OpenAI | [Get Key](https://longcat.chat/platform) |
+| **ModelScope (魔搭)** | `modelscope/` | `https://api-inference.modelscope.cn/v1` | OpenAI | [Get Token](https://modelscope.cn/my/tokens) |
+| **Antigravity** | `antigravity/` | Google Cloud | Custom | OAuth only |
+| **GitHub Copilot** | `github-copilot/` | `localhost:4321` | gRPC | — |
+
+#### Basic Configuration
+
+```json
+{
+ "model_list": [
+ {
+ "model_name": "ark-code-latest",
+ "model": "volcengine/ark-code-latest",
+ "api_key": "sk-your-api-key"
+ },
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_key": "sk-your-openai-key"
+ },
+ {
+ "model_name": "claude-sonnet-4.6",
+ "model": "anthropic/claude-sonnet-4.6",
+ "api_key": "sk-ant-your-key"
+ },
+ {
+ "model_name": "glm-4.7",
+ "model": "zhipu/glm-4.7",
+ "api_key": "your-zhipu-key"
+ }
+ ],
+ "agents": {
+ "defaults": {
+ "model": "gpt-5.4"
+ }
+ }
+}
+```
+
+#### Vendor-Specific Examples
+
+
+OpenAI
+
+```json
+{
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_key": "sk-..."
+}
+```
+
+
+
+
+VolcEngine (Doubao)
+
+```json
+{
+ "model_name": "ark-code-latest",
+ "model": "volcengine/ark-code-latest",
+ "api_key": "sk-..."
+}
+```
+
+
+
+
+智谱 AI (GLM)
+
+```json
+{
+ "model_name": "glm-4.7",
+ "model": "zhipu/glm-4.7",
+ "api_key": "your-key"
+}
+```
+
+
+
+
+DeepSeek
+
+```json
+{
+ "model_name": "deepseek-chat",
+ "model": "deepseek/deepseek-chat",
+ "api_key": "sk-..."
+}
+```
+
+
+
+
+Anthropic
+
+```json
+{
+ "model_name": "claude-sonnet-4.6",
+ "model": "anthropic/claude-sonnet-4.6",
+ "api_key": "sk-ant-your-key"
+}
+```
+
+> Run `picoclaw auth login --provider anthropic` to paste your API token.
+
+For direct Anthropic API access or custom endpoints that only support Anthropic's native message format:
+
+```json
+{
+ "model_name": "claude-opus-4-6",
+ "model": "anthropic-messages/claude-opus-4-6",
+ "api_key": "sk-ant-your-key",
+ "api_base": "https://api.anthropic.com"
+}
+```
+
+> Use `anthropic-messages` when the endpoint requires Anthropic's native `/v1/messages` format instead of OpenAI-compatible `/v1/chat/completions`.
+
+
+
+
+Ollama (local)
+
+```json
+{
+ "model_name": "llama3",
+ "model": "ollama/llama3"
+}
+```
+
+
+
+
+Custom Proxy / LiteLLM
+
+```json
+{
+ "model_name": "my-custom-model",
+ "model": "openai/custom-model",
+ "api_base": "https://my-proxy.com/v1",
+ "api_key": "sk-..."
+}
+```
+
+PicoClaw strips only the outer `litellm/` prefix before sending the request, so `litellm/lite-gpt4` sends `lite-gpt4`, while `litellm/openai/gpt-4o` sends `openai/gpt-4o`.
+
+
+
+#### Load Balancing
+
+Configure multiple endpoints for the same model name — PicoClaw will automatically round-robin between them:
+
+```json
+{
+ "model_list": [
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_base": "https://api1.example.com/v1",
+ "api_key": "sk-key1"
+ },
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_base": "https://api2.example.com/v1",
+ "api_key": "sk-key2"
+ }
+ ]
+}
+```
+
+#### Migration from Legacy `providers` Config
+
+The old `providers` configuration is **deprecated** but still supported for backward compatibility. See [docs/migration/model-list-migration.md](../migration/model-list-migration.md) for the full guide.
+
+### Provider Architecture
+
+PicoClaw routes providers by protocol family:
+
+- **OpenAI-compatible**: OpenRouter, Groq, Zhipu, vLLM-style endpoints, and most others.
+- **Anthropic**: Claude-native API behavior.
+- **Codex/OAuth**: OpenAI OAuth/token authentication route.
+
+This keeps the runtime lightweight while making new OpenAI-compatible backends mostly a config operation (`api_base` + `api_key`).
+
+
+Zhipu (legacy providers format)
+
+```json
+{
+ "agents": {
+ "defaults": {
+ "workspace": "~/.picoclaw/workspace",
+ "model": "glm-4.7",
+ "max_tokens": 8192,
+ "temperature": 0.7,
+ "max_tool_iterations": 20
+ }
+ },
+ "providers": {
+ "zhipu": {
+ "api_key": "Your API Key",
+ "api_base": "https://open.bigmodel.cn/api/paas/v4"
+ }
+ }
+}
+```
+
+
+
+
+Full config example
+
+```json
+{
+ "agents": {
+ "defaults": {
+ "model": "anthropic/claude-opus-4-5"
+ }
+ },
+ "session": {
+ "dm_scope": "per-channel-peer",
+ "backlog_limit": 20
+ },
+ "providers": {
+ "openrouter": {
+ "api_key": "sk-or-v1-xxx"
+ },
+ "groq": {
+ "api_key": "gsk_xxx"
+ }
+ },
+ "channels": {
+ "telegram": {
+ "enabled": true,
+ "token": "123456:ABC...",
+ "allow_from": ["123456789"]
+ }
+ },
+ "tools": {
+ "web": {
+ "duckduckgo": {
+ "enabled": true,
+ "max_results": 5
+ }
+ }
+ },
+ "heartbeat": {
+ "enabled": true,
+ "interval": 30
+ }
+}
+```
+
+
+
+### Scheduled Tasks / Reminders
+
+PicoClaw supports cron-style scheduled tasks via the `cron` tool. The agent can set, list, and cancel reminders or recurring jobs that trigger at specified times.
+
+```json
+{
+ "tools": {
+ "cron": {
+ "enabled": true,
+ "exec_timeout_minutes": 5
+ }
+ }
+}
+```
+
+Scheduled tasks persist across restarts and are stored in `~/.picoclaw/workspace/cron/`.
+
+### Advanced Topics
+
+| Topic | Description |
+| ----- | ----------- |
+| [Hook System](hooks/README.md) | Event-driven hooks: observers, interceptors, approval hooks |
+| [Steering](steering.md) | Inject messages into a running agent loop between tool calls |
+| [SubTurn](subturn.md) | Subagent coordination, concurrency control, lifecycle |
+| [Context Management](agent-refactor/context.md) | Context boundary detection, proactive budget check, compression |
diff --git a/docs/design/hook-system-design.zh.md b/docs/design/hook-system-design.zh.md
new file mode 100644
index 000000000..ab5566bec
--- /dev/null
+++ b/docs/design/hook-system-design.zh.md
@@ -0,0 +1,476 @@
+# PicoClaw Hook 系统设计(基于 `refactor/agent`)
+
+## 背景
+
+本设计围绕两个议题展开:
+
+- `#1316`:把 agent loop 重构为事件驱动、可中断、可追加、可观测
+- `#1796`:在 EventBus 稳定后,把 hooks 设计为 EventBus 的 consumer,而不是重新发明一套事件模型
+
+当前分支已经完成了第一步里的“事件系统基础”,但还没有真正的 hook 挂载层。因此这里的目标不是重新设计 event,而是在已有实现上补出一层可扩展、可拦截、可外挂的 HookManager。
+
+## 外部项目对比
+
+### OpenClaw
+
+OpenClaw 的扩展能力分成三层:
+
+- Internal hooks:目录发现,运行在 Gateway 进程内
+- Plugin hooks:插件在运行时注册 hook,也在进程内
+- Webhooks:外部系统通过 HTTP 触发 Gateway 动作,属于进程外
+
+值得借鉴的点:
+
+- 有“项目内挂载”和“项目外挂载”两种路径
+- hook 是配置驱动,可启停
+- 外部入口有明确的安全边界和映射层
+
+不建议直接照搬的点:
+
+- OpenClaw 的 hooks / plugin hooks / webhooks 是三套路由,PicoClaw 当前体量下会偏重
+- HTTP webhook 更适合“事件进入系统”,不适合作为“可同步拦截 agent loop”的基础机制
+
+### pi-mono
+
+pi-mono 的核心思路更接近当前分支:
+
+- 扩展统一为 extension API
+- 事件分为观察型和可变更型
+- 某些阶段允许 `transform` / `block` / `replace`
+- 扩展代码主要是进程内执行
+- RPC mode 把 UI 交互桥接到进程外客户端
+
+值得借鉴的点:
+
+- 不把“观察”和“拦截”混成一个接口
+- 允许返回结构化动作,而不是只有回调
+- 进程外通信只暴露必要协议,不把整个内部对象图泄露出去
+
+## 当前分支现状
+
+### 已有能力
+
+当前分支已经具备 hook 系统的地基:
+
+- `pkg/agent/events.go` 定义了稳定的 `EventKind`、`EventMeta` 和 payload
+- `pkg/agent/eventbus.go` 提供了非阻塞 fan-out 的 `EventBus`
+- `pkg/agent/loop.go` 中的 `runTurn()` 已在 turn、llm、tool、interrupt、follow-up、summary 等节点发射事件
+- `pkg/agent/steering.go` 已支持 steering、graceful interrupt、hard abort
+- `pkg/agent/turn.go` 已维护 turn phase、恢复点、active turn、abort 状态
+
+### 现有缺口
+
+当前分支还缺四件事:
+
+- 没有 HookManager,只有 EventBus
+- 没有 Before/After LLM、Before/After Tool 这种同步拦截点
+- 没有审批型 hook
+- 子 agent 仍走 `pkg/tools/SubagentManager + RunToolLoop`,没有接入 `pkg/agent` 的 turn tree 和事件流
+
+### 一个关键现实
+
+`#1316` 文案里提到“只读并行、写入串行”的工具执行策略,但当前 `runTurn()` 实现已经先收敛成“顺序执行 + 每个工具后检查 steering / interrupt”。因此 hook 设计不应依赖未来的并行模型,而应该先兼容当前顺序执行,再为以后增加 `ReadOnlyIndicator` 留口子。
+
+## 设计原则
+
+- Hook 必须建立在 `pkg/agent` 的 EventBus 和 turn 上下文之上
+- EventBus 负责广播,HookManager 负责拦截,两者职责分离
+- 项目内挂载要简单,项目外挂载必须走 IPC
+- 观察型 hook 不能阻塞 loop;拦截型 hook 必须有超时
+- 先覆盖主 turn,不把 sub-turn 一次做满
+- 不新增第二套用户事件命名系统,优先复用 `EventKind.String()`
+
+## 总体架构
+
+分成三层:
+
+1. `EventBus`
+ 负责广播只读事件,现有实现直接复用
+
+2. `HookManager`
+ 负责管理 hook、排序、超时、错误隔离,并在 `runTurn()` 的明确检查点执行同步拦截
+
+3. `HookMount`
+ 负责两种挂载方式:
+ - 进程内 Go hook
+ - 进程外 IPC hook
+
+换句话说:
+
+- EventBus 是“发生了什么”
+- HookManager 是“谁能介入”
+- HookMount 是“这些 hook 从哪里来”
+
+## Hook 分类
+
+不建议把所有 hook 都设计成 `OnEvent(evt)`。
+
+建议拆成两类。
+
+### 1. 观察型
+
+只消费事件,不修改流程:
+
+```go
+type EventObserver interface {
+ OnEvent(ctx context.Context, evt agent.Event) error
+}
+```
+
+这类 hook 直接订阅 EventBus 即可。
+
+适用场景:
+
+- 审计日志
+- 指标上报
+- 调试 trace
+- 将事件转发给外部 UI / TUI / Web 面板
+
+### 2. 拦截型
+
+只在少数明确节点触发,允许返回动作:
+
+```go
+type LLMInterceptor interface {
+ BeforeLLM(ctx context.Context, req *LLMRequest) HookDecision[*LLMRequest]
+ AfterLLM(ctx context.Context, resp *LLMResponse) HookDecision[*LLMResponse]
+}
+
+type ToolInterceptor interface {
+ BeforeTool(ctx context.Context, call *ToolCall) HookDecision[*ToolCall]
+ AfterTool(ctx context.Context, result *ToolResultView) HookDecision[*ToolResultView]
+}
+
+type ToolApprover interface {
+ ApproveTool(ctx context.Context, req *ToolApprovalRequest) ApprovalDecision
+}
+```
+
+这里的 `HookDecision` 统一支持:
+
+- `continue`
+- `modify`
+- `deny_tool`
+- `abort_turn`
+- `hard_abort`
+
+## 对外暴露的最小 hook 面
+
+V1 不需要把所有 EventKind 都变成可拦截点。
+
+建议只开放这些同步 hook:
+
+- `before_llm`
+- `after_llm`
+- `before_tool`
+- `after_tool`
+- `approve_tool`
+
+其余节点继续作为只读事件暴露:
+
+- `turn_start`
+- `turn_end`
+- `llm_request`
+- `llm_response`
+- `tool_exec_start`
+- `tool_exec_end`
+- `tool_exec_skipped`
+- `steering_injected`
+- `follow_up_queued`
+- `interrupt_received`
+- `context_compress`
+- `session_summarize`
+- `error`
+
+`subturn_*` 在 V1 中保留名字,但不承诺一定触发,直到子 turn 迁移完成。
+
+## 项目内挂载
+
+内部挂载必须尽量低摩擦。
+
+建议提供两种等价方式,底层都走 HookManager。
+
+### 方式 A:代码显式挂载
+
+```go
+al.MountHook(hooks.Named("audit", &AuditHook{}))
+```
+
+适用于:
+
+- 仓内内建 hook
+- 单元测试
+- feature flag 控制
+
+### 方式 B:内建 registry
+
+```go
+func init() {
+ hooks.RegisterBuiltin("audit", func() hooks.Hook {
+ return &AuditHook{}
+ })
+}
+```
+
+启动时根据配置启用:
+
+```json
+{
+ "hooks": {
+ "builtins": {
+ "audit": { "enabled": true }
+ }
+ }
+}
+```
+
+这比 OpenClaw 的目录扫描更轻,也更贴合 Go 项目。
+
+## 项目外挂载
+
+这是本设计的硬要求。
+
+建议 V1 采用:
+
+- `JSON-RPC over stdio`
+
+原因:
+
+- 跨平台最简单
+- 不依赖额外端口
+- 非常适合“由 PicoClaw 启动一个外部 hook 进程”
+- 比 HTTP webhook 更适合同步拦截
+
+### 外部 hook 进程模型
+
+PicoClaw 启动外部进程,并在其 stdin/stdout 上跑协议。
+
+配置示例:
+
+```json
+{
+ "hooks": {
+ "processes": {
+ "review-gate": {
+ "enabled": true,
+ "transport": "stdio",
+ "command": ["uvx", "picoclaw-hook-reviewer"],
+ "observe": ["turn_start", "turn_end", "tool_exec_end"],
+ "intercept": ["before_tool", "approve_tool"],
+ "timeout_ms": 5000
+ }
+ }
+ }
+}
+```
+
+### 协议边界
+
+不要把内部 Go 结构体直接暴露给 IPC。
+
+建议定义稳定的协议对象:
+
+- `HookHandshake`
+- `HookEventNotification`
+- `BeforeLLMRequest`
+- `AfterLLMRequest`
+- `BeforeToolRequest`
+- `AfterToolRequest`
+- `ApproveToolRequest`
+- `HookDecision`
+
+其中:
+
+- 观察型事件用 notification,fire-and-forget
+- 拦截型事件用 request/response,同步等待
+
+### 为什么是 stdio,而不是直接用 HTTP webhook
+
+因为两者用途不同:
+
+- HTTP webhook 更适合“外部系统向 PicoClaw 投递事件”
+- stdio/RPC 更适合“PicoClaw 在 turn 内同步询问外部 hook 是否改写 / 放行 / 拒绝”
+
+如果未来需要 OpenClaw 式 webhook,可以作为独立入口层,再把外部事件转成 inbound message 或 steering,而不是直接替代 hook IPC。
+
+## Hook 执行顺序
+
+建议统一排序规则:
+
+- 先内建 in-process hook
+- 再外部 IPC hook
+- 同组内按 `priority` 从小到大执行
+
+原因:
+
+- 内建 hook 延迟更低,适合做基础规范化
+- 外部 hook 更适合做审批、审计、组织级策略
+
+## 超时与错误策略
+
+### 观察型
+
+- 默认超时:`500ms`
+- 超时或报错:记录日志,继续主流程
+
+### 拦截型
+
+- `before_llm` / `after_llm` / `before_tool` / `after_tool`:默认 `5s`
+- `approve_tool`:默认 `60s`
+
+超时行为:
+
+- 普通拦截:`continue`
+- 审批:`deny`
+
+这点应直接沿用 `#1316` 的安全倾向。
+
+## 与当前分支的对接点
+
+### 直接复用
+
+- 事件定义:`pkg/agent/events.go`
+- 事件广播:`pkg/agent/eventbus.go`
+- 活跃 turn / interrupt / rollback:`pkg/agent/turn.go`
+- 事件发射点:`pkg/agent/loop.go`
+
+### 需要新增
+
+- `pkg/agent/hooks.go`
+ - Hook 接口
+ - HookDecision / ApprovalDecision
+ - HookManager
+
+- `pkg/agent/hook_mount.go`
+ - 内建 hook 注册
+ - 外部进程 hook 注册
+
+- `pkg/agent/hook_ipc.go`
+ - stdio JSON-RPC bridge
+
+- `pkg/agent/hook_types.go`
+ - IPC 稳定载荷
+
+### 需要改造
+
+- `pkg/agent/loop.go`
+ - 在 LLM 和 tool 关键路径前后插入 HookManager 调用
+
+- `pkg/tools/base.go`
+ - 可选新增 `ReadOnlyIndicator`
+
+- `pkg/tools/spawn.go`
+- `pkg/tools/subagent.go`
+ - 先保留现状
+ - 等 sub-turn 迁移后再接入 `subturn_*` hook
+
+## 一个更贴合当前分支的数据流
+
+### 观察链路
+
+```text
+runTurn() -> emitEvent() -> EventBus -> observers
+```
+
+### 拦截链路
+
+```text
+runTurn()
+ -> HookManager.BeforeLLM()
+ -> Provider.Chat()
+ -> HookManager.AfterLLM()
+ -> HookManager.BeforeTool()
+ -> HookManager.ApproveTool()
+ -> tool.Execute()
+ -> HookManager.AfterTool()
+```
+
+也就是说:
+
+- observer 不改变现有 `emitEvent()`
+- interceptor 直接插在 `runTurn()` 热路径
+
+## 用户可见配置
+
+建议新增:
+
+```json
+{
+ "hooks": {
+ "enabled": true,
+ "builtins": {},
+ "processes": {},
+ "defaults": {
+ "observer_timeout_ms": 500,
+ "interceptor_timeout_ms": 5000,
+ "approval_timeout_ms": 60000
+ }
+ }
+}
+```
+
+V1 不做复杂自动发现。
+
+原因:
+
+- 当前分支重点是把地基打稳
+- 目录扫描、安装器、脚手架可以后置
+- 先让仓内和仓外都能挂上去,比“管理体验完整”更重要
+
+## 推荐的 V1 范围
+
+### 必做
+
+- HookManager
+- in-process 挂载
+- stdio IPC 挂载
+- observer hooks
+- `before_tool` / `after_tool` / `approve_tool`
+- `before_llm` / `after_llm`
+
+### 可后置
+
+- hook CLI 管理命令
+- hook 自动发现
+- Unix socket / named pipe transport
+- sub-turn hook 生命周期
+- read-only 并行分组
+- webhook 到 inbound message 的映射入口
+
+## 分阶段落地
+
+### Phase 1
+
+- 引入 HookManager
+- 支持 in-process observer + interceptor
+- 先只接主 turn
+
+### Phase 2
+
+- 引入 `stdio` 外部 hook 进程桥
+- 支持组织级审批 / 审计 / 参数改写
+
+### Phase 3
+
+- 把 `SubagentManager` 迁移到 `runTurn/sub-turn`
+- 接通 `subturn_spawn` / `subturn_end` / `subturn_result_delivered`
+
+### Phase 4
+
+- 视需求补 `ReadOnlyIndicator`
+- 在主 turn 和 sub-turn 上统一只读并行策略
+
+## 最终结论
+
+最适合 PicoClaw 当前分支的方案,不是直接复制 OpenClaw 的 hooks,也不是完整照搬 pi-mono 的 extension system,而是:
+
+- 以现有 `EventBus` 为只读观察面
+- 以新增 `HookManager` 为同步拦截面
+- 项目内通过 Go 对象直接挂载
+- 项目外通过 `stdio JSON-RPC` 进程通信挂载
+
+这样做有三个好处:
+
+- 和 `#1796` 一致,hooks 只是 EventBus 之上的消费层
+- 和当前 `refactor/agent` 实现一致,不需要推翻已有事件系统
+- 同时满足“仓内简单挂载”和“仓外进程通信挂载”两个硬需求
diff --git a/docs/design/steering-spec.md b/docs/design/steering-spec.md
new file mode 100644
index 000000000..0951bf864
--- /dev/null
+++ b/docs/design/steering-spec.md
@@ -0,0 +1,306 @@
+# Steering — Implementation Specification
+
+## Problem
+
+When the agent is running (executing a chain of tool calls), the user has no way to redirect it. They must wait for the full cycle to complete before sending a new message. This creates a poor experience when the agent takes a wrong direction — the user watches it waste time on tools that are no longer relevant.
+
+## Solution
+
+Steering introduces a **message queue** that external callers can push into at any time. The agent loop polls this queue at well-defined checkpoints. When a steering message is found, the agent:
+
+1. Stops executing further tools in the current batch
+2. Injects the user's message into the conversation context
+3. Calls the LLM again with the updated context
+
+The user's intent reaches the model **as soon as the current tool finishes**, not after the entire turn completes.
+
+## Architecture Overview
+
+```mermaid
+graph TD
+ subgraph External Callers
+ TG[Telegram]
+ DC[Discord]
+ SL[Slack]
+ end
+
+ subgraph AgentLoop
+ BUS[MessageBus]
+ DRAIN[drainBusToSteering goroutine]
+ SQ[steeringQueue]
+ RLI[runLLMIteration]
+ TE[Tool Execution Loop]
+ LLM[LLM Call]
+ end
+
+ TG -->|PublishInbound| BUS
+ DC -->|PublishInbound| BUS
+ SL -->|PublishInbound| BUS
+
+ BUS -->|ConsumeInbound while busy| DRAIN
+ DRAIN -->|Steer| SQ
+
+ RLI -->|1. initial poll| SQ
+ TE -->|2. poll after each tool| SQ
+
+ SQ -->|pendingMessages| RLI
+ RLI -->|inject into context| LLM
+```
+
+### Bus drain mechanism
+
+Channels (Telegram, Discord, etc.) publish messages to the `MessageBus` via `PublishInbound`. Without additional wiring, these messages would sit in the bus buffer until the current `processMessage` finishes — meaning steering would never work for real users.
+
+The solution: when `Run()` starts processing a message, it spawns a **drain goroutine** (`drainBusToSteering`) that keeps consuming from the bus and calling `Steer()`. When `processMessage` returns, the drain is canceled and normal consumption resumes.
+
+```mermaid
+sequenceDiagram
+ participant Bus
+ participant Run
+ participant Drain
+ participant AgentLoop
+
+ Run->>Bus: ConsumeInbound() → msg
+ Run->>Drain: spawn drainBusToSteering(ctx)
+ Run->>Run: processMessage(msg)
+
+ Note over Drain: running concurrently
+
+ Bus-->>Drain: ConsumeInbound() → newMsg
+ Drain->>AgentLoop: al.transcribeAudioInMessage(ctx, newMsg)
+ Drain->>AgentLoop: Steer(providers.Message{Content: newMsg.Content})
+
+ Run->>Run: processMessage returns
+ Run->>Drain: cancel context
+ Note over Drain: exits
+```
+
+## Data Structures
+
+### steeringQueue
+
+A thread-safe FIFO queue, private to the `agent` package.
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `mu` | `sync.Mutex` | Protects all access to `queue` and `mode` |
+| `queue` | `[]providers.Message` | Pending steering messages |
+| `mode` | `SteeringMode` | Dequeue strategy |
+
+**Methods:**
+
+| Method | Description |
+|--------|-------------|
+| `push(msg) error` | Appends a message to the queue. Returns an error if the queue is full (`MaxQueueSize`) |
+| `dequeue() []Message` | Removes and returns messages according to `mode`. Returns `nil` if empty |
+| `len() int` | Returns the current queue length |
+| `setMode(mode)` | Updates the dequeue strategy |
+| `getMode() SteeringMode` | Returns the current mode |
+
+### SteeringMode
+
+| Value | Constant | Behavior |
+|-------|----------|----------|
+| `"one-at-a-time"` | `SteeringOneAtATime` | `dequeue()` returns only the **first** message. Remaining messages stay in the queue for subsequent polls. |
+| `"all"` | `SteeringAll` | `dequeue()` drains the **entire** queue and returns all messages at once. |
+
+Default: `"one-at-a-time"`.
+
+### processOptions extension
+
+A new field was added to `processOptions`:
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `SkipInitialSteeringPoll` | `bool` | When `true`, the initial steering poll at loop start is skipped. Used by `Continue()` to avoid double-dequeuing. |
+
+## Public API on AgentLoop
+
+| Method | Signature | Description |
+|--------|-----------|-------------|
+| `Steer` | `Steer(msg providers.Message) error` | Enqueues a steering message. Returns an error if the queue is full or not initialized. Thread-safe, can be called from any goroutine. |
+| `SteeringMode` | `SteeringMode() SteeringMode` | Returns the current dequeue mode. |
+| `SetSteeringMode` | `SetSteeringMode(mode SteeringMode)` | Changes the dequeue mode at runtime. |
+| `Continue` | `Continue(ctx, sessionKey, channel, chatID) (string, error)` | Resumes an idle agent using pending steering messages. Returns `""` if queue is empty. |
+
+## Integration into the Agent Loop
+
+### Where steering is wired
+
+The steering queue lives as a field on `AgentLoop`:
+
+```
+AgentLoop
+ ├── bus
+ ├── cfg
+ ├── registry
+ ├── steering *steeringQueue ← new
+ ├── ...
+```
+
+It is initialized in `NewAgentLoop` from `cfg.Agents.Defaults.SteeringMode`.
+
+### Detailed flow through runLLMIteration
+
+```mermaid
+sequenceDiagram
+ participant User
+ participant AgentLoop
+ participant runLLMIteration
+ participant ToolExecution
+ participant LLM
+
+ User->>AgentLoop: Steer(message)
+ Note over AgentLoop: steeringQueue.push(message)
+
+ Note over runLLMIteration: ── iteration starts ──
+
+ runLLMIteration->>AgentLoop: dequeueSteeringMessages() [initial poll]
+ AgentLoop-->>runLLMIteration: [] (empty, or messages)
+
+ alt pendingMessages not empty
+ runLLMIteration->>runLLMIteration: inject into messages[] save to session
+ end
+
+ runLLMIteration->>LLM: Chat(messages, tools)
+ LLM-->>runLLMIteration: response with toolCalls[0..N]
+
+ loop for each tool call (sequential)
+ ToolExecution->>ToolExecution: execute tool[i]
+ ToolExecution->>ToolExecution: process result, append to messages[]
+
+ ToolExecution->>AgentLoop: dequeueSteeringMessages()
+ AgentLoop-->>ToolExecution: steeringMessages
+
+ alt steering found
+ opt remaining tools > 0
+ Note over ToolExecution: Mark tool[i+1..N-1] as "Skipped due to queued user message."
+ end
+ Note over ToolExecution: steeringAfterTools = steeringMessages
+ Note over ToolExecution: break out of tool loop
+ end
+ end
+
+ alt steeringAfterTools not empty
+ ToolExecution-->>runLLMIteration: pendingMessages = steeringAfterTools
+ Note over runLLMIteration: next iteration will inject these before calling LLM
+ end
+
+ Note over runLLMIteration: ── loop back to iteration start ──
+```
+
+### Polling checkpoints
+
+| # | Location | When | Purpose |
+|---|----------|------|---------|
+| 1 | Top of `runLLMIteration`, before first LLM call | Once, at loop entry | Catch messages enqueued while the agent was still setting up context |
+| 2 | After every tool completes (including the first and the last) | Immediately after each tool's result is processed | Interrupt the batch as early as possible — if steering is found and there are remaining tools, they are all skipped |
+
+### What happens to skipped tools
+
+When steering interrupts a tool batch after tool `[i]` completes, all tools from `[i+1]` to `[N-1]` are **not executed**. Instead, a tool result message is generated for each:
+
+```json
+{
+ "role": "tool",
+ "content": "Skipped due to queued user message.",
+ "tool_call_id": ""
+}
+```
+
+These results are:
+- Appended to the conversation `messages[]`
+- Saved to the session via `AddFullMessage`
+
+This ensures the LLM knows which of its requested actions were not performed.
+
+### Loop condition change
+
+The iteration loop condition was changed from:
+
+```go
+for iteration < agent.MaxIterations
+```
+
+to:
+
+```go
+for iteration < agent.MaxIterations || len(pendingMessages) > 0
+```
+
+This allows **one extra iteration** when steering arrives right at the max iteration boundary, ensuring the steering message is always processed.
+
+### Tool execution: parallel → sequential
+
+**Before steering:** all tool calls in a batch were executed in parallel using `sync.WaitGroup`.
+
+**After steering:** tool calls execute **sequentially**. This is required because steering must be polled between individual tool completions. A parallel execution model would not allow interrupting mid-batch.
+
+> **Trade-off:** This introduces latency when the LLM requests multiple independent tools in a single turn. In practice, most batches contain 1-2 tools, so the impact is minimal. The benefit of being able to interrupt outweighs the cost.
+
+### Why skip remaining tools (instead of letting them finish)
+
+Two strategies were considered when a steering message is detected mid-batch:
+
+1. **Skip remaining tools** (chosen) — stop executing, mark the rest as skipped, inject steering
+2. **Finish all tools, then inject** — let everything run, append steering afterwards
+
+Strategy 2 was rejected for three reasons:
+
+**Irreversible side effects.** Tools can send emails, write files, spawn subagents, or call external APIs. If the user says "stop" or "change direction", those actions have already happened and cannot be undone.
+
+| Tool batch | Steering | Skip (1) | Finish (2) |
+|---|---|---|---|
+| `[search, send_email]` | "don't send it" | Email not sent | Email sent |
+| `[query, write_file, spawn]` | "wrong database" | Only query runs | File + subagent wasted |
+| `[fetch₁, fetch₂, fetch₃, write]` | topic change | 1 fetch | 3 fetches + write, all discarded |
+
+**Wasted latency.** Tools like web fetches and API calls take seconds each. In a 3-tool batch averaging 3-4s per tool, the user would wait 10+ seconds for work that gets thrown away.
+
+**The LLM retains full awareness.** Skipped tools receive an explicit `"Skipped due to queued user message."` result, so the model knows what was not done and can decide whether to re-execute with the new context or take a different path.
+
+## The Continue() method
+
+`Continue` handles the case where the agent is **idle** (its last message was from the assistant) and the user has enqueued steering messages in the meantime.
+
+```mermaid
+flowchart TD
+ A[Continue called] --> B{dequeueSteeringMessages}
+ B -->|empty| C["return ('', nil)"]
+ B -->|messages found| D[Combine message contents]
+ D --> E["runAgentLoop with SkipInitialSteeringPoll: true"]
+ E --> F[Return response]
+```
+
+**Why `SkipInitialSteeringPoll: true`?** Because `Continue` already dequeued the messages itself. Without this flag, `runLLMIteration` would poll again at the start and find nothing (the queue is already empty), or worse, double-process if new messages arrived in the meantime.
+
+## Configuration
+
+```json
+{
+ "agents": {
+ "defaults": {
+ "steering_mode": "one-at-a-time"
+ }
+ }
+}
+```
+
+| Field | Type | Default | Env var |
+|-------|------|---------|---------|
+| `steering_mode` | `string` | `"one-at-a-time"` | `PICOCLAW_AGENTS_DEFAULTS_STEERING_MODE` |
+
+
+## Design decisions and trade-offs
+
+| Decision | Rationale |
+|----------|-----------|
+| Sequential tool execution | Required for per-tool steering polls. Parallel execution cannot be interrupted mid-batch. |
+| Polling-based (not channel/signal) | Keeps the implementation simple. No need for `select` or signal channels. The polling cost is negligible (mutex lock + slice length check). |
+| `one-at-a-time` as default | Gives the model a chance to react to each steering message individually. More predictable behavior than dumping all messages at once. |
+| Skipped tools get explicit error results | The LLM protocol requires a tool result for every tool call in the assistant message. Omitting them would cause API errors. The skip message also informs the model about what was not done. |
+| `Continue()` uses `SkipInitialSteeringPoll` | Prevents race conditions and double-dequeuing when resuming an idle agent. |
+| Queue stored on `AgentLoop`, not `AgentInstance` | Steering is a loop-level concern (it affects the iteration flow), not a per-agent concern. All agents share the same steering queue since `processMessage` is sequential. |
+| Bus drain goroutine in `Run()` | Channels (Telegram, Discord, etc.) publish to the bus via `PublishInbound`. Without the drain, messages would queue in the bus channel buffer and only be consumed after `processMessage` returns — defeating the purpose of steering. The drain goroutine bridges the gap by consuming new bus messages and calling `Steer()` while the agent is busy. |
+| Audio transcription before steering | The drain goroutine calls `al.transcribeAudioInMessage(ctx, msg)` before steering, so voice messages are converted to text before the agent sees them. If transcription fails, the error is silently discarded and the original message is steered as-is. |
+| `MaxQueueSize = 10` | Prevents unbounded memory growth if a user sends many messages while the agent is busy. Excess messages are dropped with a warning. |
diff --git a/docs/fr/chat-apps.md b/docs/fr/chat-apps.md
index 67422e0ec..daff951f4 100644
--- a/docs/fr/chat-apps.md
+++ b/docs/fr/chat-apps.md
@@ -13,6 +13,7 @@ Communiquez avec votre PicoClaw via Telegram, Discord, WhatsApp, Matrix, QQ, Din
| **Telegram** | ⭐ Facile | Recommandé, transcription vocale, long polling (pas d'IP publique requise) | [Documentation](../channels/telegram/README.fr.md) |
| **Discord** | ⭐ Facile | Socket Mode, groupes/DM, écosystème bot riche | [Documentation](../channels/discord/README.fr.md) |
| **WhatsApp** | ⭐ Facile | Natif (scan QR) ou Bridge URL | [Documentation](#whatsapp) |
+| **Weixin** | ⭐ Facile | Scan QR natif (API Tencent iLink) | [Documentation](#weixin) |
| **Slack** | ⭐ Facile | **Socket Mode** (pas d'IP publique requise), entreprise | [Documentation](../channels/slack/README.fr.md) |
| **Matrix** | ⭐⭐ Moyen | Protocole fédéré, auto-hébergement possible | [Documentation](../channels/matrix/README.fr.md) |
| **QQ** | ⭐⭐ Moyen | API bot officielle, communauté chinoise | [Documentation](../channels/qq/README.fr.md) |
@@ -20,11 +21,12 @@ Communiquez avec votre PicoClaw via Telegram, Discord, WhatsApp, Matrix, QQ, Din
| **LINE** | ⭐⭐⭐ Avancé | HTTPS Webhook requis | [Documentation](../channels/line/README.fr.md) |
| **WeCom (企业微信)** | ⭐⭐⭐ Avancé | Bot groupe (Webhook), app personnalisée (API), AI Bot | [Bot](../channels/wecom/wecom_bot/README.fr.md) / [App](../channels/wecom/wecom_app/README.fr.md) / [AI Bot](../channels/wecom/wecom_aibot/README.fr.md) |
| **Feishu (飞书)** | ⭐⭐⭐ Avancé | Collaboration entreprise, fonctionnalités riches | [Documentation](../channels/feishu/README.fr.md) |
-| **IRC** | ⭐⭐ Moyen | Serveur + configuration TLS | - |
+| **IRC** | ⭐⭐ Moyen | Serveur + configuration TLS | [Documentation](#irc) |
| **OneBot** | ⭐⭐ Moyen | Compatible NapCat/Go-CQHTTP, écosystème communautaire | [Documentation](../channels/onebot/README.fr.md) |
| **MaixCam** | ⭐ Facile | Canal d'intégration matérielle pour caméras AI Sipeed | [Documentation](../channels/maixcam/README.fr.md) |
| **Pico** | ⭐ Facile | Canal protocole natif PicoClaw | |
+Telegram (Recommandé)
@@ -65,6 +67,7 @@ Si l'enregistrement des commandes échoue (erreurs transitoires réseau/API), le
+Discord
@@ -138,6 +141,7 @@ picoclaw gateway
+WhatsApp (natif via whatsmeow)
@@ -165,6 +169,43 @@ Si `session_store_path` est vide, la session est stockée dans `/what
+
+
+Weixin (WeChat Personnel)
+
+PicoClaw prend en charge la connexion à votre compte WeChat personnel via l'API officielle Tencent iLink.
+
+**1. Connexion**
+
+Lancez le flux de connexion interactif par QR code :
+```bash
+picoclaw onboard weixin
+```
+Scannez le QR code affiché avec votre application WeChat mobile. Une fois connecté, le token est sauvegardé dans votre configuration.
+
+**2. Configurer**
+
+(Optionnel) Ajoutez votre identifiant utilisateur WeChat dans `allow_from` pour restreindre qui peut envoyer des messages au bot :
+```json
+{
+ "channels": {
+ "weixin": {
+ "enabled": true,
+ "token": "YOUR_TOKEN",
+ "allow_from": ["YOUR_USER_ID"]
+ }
+ }
+}
+```
+
+**3. Lancer**
+```bash
+picoclaw gateway
+```
+
+
+
+QQ
@@ -206,6 +247,7 @@ Si vous préférez créer le bot manuellement :
+DingTalk
@@ -239,6 +281,7 @@ picoclaw gateway
```
+Matrix
@@ -273,6 +316,7 @@ Pour toutes les options (`device_id`, `join_on_invite`, `group_trigger`, `placeh
+LINE
@@ -321,6 +365,7 @@ picoclaw gateway
+WeCom (企业微信)
@@ -435,6 +480,7 @@ picoclaw gateway
+Feishu (飞书)
@@ -476,6 +522,7 @@ Pour toutes les options, voir le [Guide de Configuration du Canal Feishu](../cha
+Slack
@@ -509,6 +556,7 @@ picoclaw gateway
+IRC
@@ -542,6 +590,7 @@ Le bot se connectera au serveur IRC et rejoindra les canaux spécifiés.
+OneBot (QQ via protocole OneBot)
@@ -580,6 +629,7 @@ picoclaw gateway
+MaixCam
diff --git a/docs/fr/configuration.md b/docs/fr/configuration.md
index d56da2cad..8d94620ba 100644
--- a/docs/fr/configuration.md
+++ b/docs/fr/configuration.md
@@ -214,5 +214,150 @@ L'agent lira ce fichier toutes les 30 minutes (configurable) et exécutera toute
Pour les tâches longues (recherche web, appels API), utilisez l'outil `spawn` pour créer un **subagent** :
```markdown
-# Periodic Tasks
+# Tâches Périodiques
+
+## Tâches Rapides (répondre directement)
+
+- Indiquer l'heure actuelle
+
+## Tâches Longues (utiliser spawn pour l'asynchrone)
+
+- Rechercher les actualités IA sur le web et résumer
+- Vérifier les e-mails et signaler les messages importants
```
+
+**Comportements clés :**
+
+| Fonctionnalité | Description |
+| ---------------- | ------------------------------------------------------------------ |
+| **spawn** | Crée un subagent asynchrone, ne bloque pas le heartbeat |
+| **Contexte indépendant** | Le subagent a son propre contexte, sans historique de session |
+| **message tool** | Le subagent communique directement avec l'utilisateur |
+| **Non-bloquant** | Après le spawn, le heartbeat continue vers la tâche suivante |
+
+#### Flux de Communication du Subagent
+
+```
+Heartbeat déclenché
+ ↓
+Agent lit HEARTBEAT.md
+ ↓
+Tâche longue : spawn subagent
+ ↓ ↓
+Continue tâche suivante Subagent travaille indépendamment
+ ↓ ↓
+Toutes tâches terminées Subagent utilise "message" tool
+ ↓ ↓
+Répond HEARTBEAT_OK Utilisateur reçoit le résultat
+```
+
+**Configuration :**
+
+```json
+{
+ "heartbeat": {
+ "enabled": true,
+ "interval": 30
+ }
+}
+```
+
+| Option | Défaut | Description |
+| ---------- | ------ | ---------------------------------------- |
+| `enabled` | `true` | Activer/désactiver le heartbeat |
+| `interval` | `30` | Intervalle en minutes (minimum : 5) |
+
+**Variables d'environnement :**
+
+* `PICOCLAW_HEARTBEAT_ENABLED=false` pour désactiver
+* `PICOCLAW_HEARTBEAT_INTERVAL=60` pour changer l'intervalle
+
+### Providers
+
+> [!NOTE]
+> Groq fournit une transcription vocale gratuite via Whisper. Si configuré, les messages audio de n'importe quel canal seront automatiquement transcrits au niveau de l'agent.
+
+| Provider | Usage | Obtenir une clé API |
+| ------------ | --------------------------------------- | ------------------------------------------------------------ |
+| `gemini` | LLM (Gemini direct) | [aistudio.google.com](https://aistudio.google.com) |
+| `zhipu` | LLM (Zhipu direct) | [bigmodel.cn](https://bigmodel.cn) |
+| `volcengine` | LLM (Volcengine direct) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) |
+| `openrouter` | LLM (recommandé, accès à tous modèles) | [openrouter.ai](https://openrouter.ai) |
+| `anthropic` | LLM (Claude direct) | [console.anthropic.com](https://console.anthropic.com) |
+| `openai` | LLM (GPT direct) | [platform.openai.com](https://platform.openai.com) |
+| `deepseek` | LLM (DeepSeek direct) | [platform.deepseek.com](https://platform.deepseek.com) |
+| `qwen` | LLM (Qwen direct) | [dashscope.console.aliyun.com](https://dashscope.console.aliyun.com) |
+| `groq` | LLM + **Transcription vocale** (Whisper)| [console.groq.com](https://console.groq.com) |
+| `cerebras` | LLM (Cerebras direct) | [cerebras.ai](https://cerebras.ai) |
+| `vivgrid` | LLM (Vivgrid direct) | [vivgrid.com](https://vivgrid.com) |
+
+### Configuration des Modèles (model_list)
+
+> **Nouveauté :** PicoClaw utilise désormais une approche **centrée sur le modèle**. Spécifiez simplement le format `vendor/model` (ex. `zhipu/glm-4.7`) pour ajouter de nouveaux providers — **aucune modification de code requise !**
+
+#### Tous les Vendors Supportés
+
+| Vendor | Préfixe `model` | API Base par défaut | Protocole | API Key |
+| ----------------------- | --------------- | --------------------------------------------------- | --------- | ---------------------------------------------------------------- |
+| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [Obtenir](https://platform.openai.com) |
+| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [Obtenir](https://console.anthropic.com) |
+| **智谱 AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [Obtenir](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) |
+| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [Obtenir](https://platform.deepseek.com) |
+| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [Obtenir](https://aistudio.google.com/api-keys) |
+| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [Obtenir](https://console.groq.com) |
+| **通义千问 (Qwen)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [Obtenir](https://dashscope.console.aliyun.com) |
+| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | Local (pas de clé) |
+| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [Obtenir](https://openrouter.ai/keys) |
+| **VolcEngine (Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [Obtenir](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) |
+| **Antigravity** | `antigravity/` | Google Cloud | Custom | OAuth uniquement |
+
+#### Équilibrage de Charge
+
+Configurez plusieurs endpoints pour le même nom de modèle — PicoClaw effectuera automatiquement un round-robin :
+
+```json
+{
+ "model_list": [
+ { "model_name": "gpt-5.4", "model": "openai/gpt-5.4", "api_base": "https://api1.example.com/v1", "api_key": "sk-key1" },
+ { "model_name": "gpt-5.4", "model": "openai/gpt-5.4", "api_base": "https://api2.example.com/v1", "api_key": "sk-key2" }
+ ]
+}
+```
+
+#### Migration depuis l'ancienne config `providers`
+
+L'ancienne configuration `providers` est **dépréciée** mais toujours supportée. Voir [docs/migration/model-list-migration.md](../migration/model-list-migration.md).
+
+### Architecture des Providers
+
+PicoClaw route les providers par famille de protocole :
+
+- **Compatible OpenAI** : OpenRouter, Groq, Zhipu, endpoints vLLM et la plupart des autres.
+- **Anthropic** : Comportement natif de l'API Claude.
+- **Codex/OAuth** : Route d'authentification OAuth/token OpenAI.
+
+### Tâches Planifiées / Rappels
+
+PicoClaw supporte les tâches planifiées via l'outil `cron`. L'agent peut définir, lister et annuler des rappels ou tâches récurrentes.
+
+```json
+{
+ "tools": {
+ "cron": {
+ "enabled": true,
+ "exec_timeout_minutes": 5
+ }
+ }
+}
+```
+
+Les tâches planifiées persistent après redémarrage dans `~/.picoclaw/workspace/cron/`.
+
+### Sujets Avancés
+
+| Sujet | Description |
+| ----- | ----------- |
+| [Système de Hooks](../hooks/README.md) | Hooks événementiels : observateurs, intercepteurs, hooks d'approbation |
+| [Steering](../steering.md) | Injecter des messages dans une boucle agent en cours d'exécution |
+| [SubTurn](../subturn.md) | Coordination de subagents, contrôle de concurrence, cycle de vie |
+| [Gestion du Contexte](../agent-refactor/context.md) | Détection des limites de contexte, compression |
diff --git a/docs/fr/tools_configuration.md b/docs/fr/tools_configuration.md
index f6e1c0374..1324d49e5 100644
--- a/docs/fr/tools_configuration.md
+++ b/docs/fr/tools_configuration.md
@@ -41,14 +41,6 @@ Paramètres généraux pour la récupération et le traitement du contenu des pa
| `fetch_limit_bytes` | int | 10485760 | Taille maximale du contenu de la page web à récupérer, en octets (par défaut 10 Mo). |
| `format` | string | "plaintext" | Format de sortie du contenu récupéré. Options : `plaintext` ou `markdown` (recommandé). |
-### Brave
-
-| Config | Type | Par défaut | Description |
-|---------------|--------|------------|---------------------------|
-| `enabled` | bool | false | Activer la recherche Brave |
-| `api_key` | string | - | Clé API Brave Search |
-| `max_results` | int | 5 | Nombre maximum de résultats |
-
### DuckDuckGo
| Config | Type | Par défaut | Description |
@@ -56,13 +48,73 @@ Paramètres généraux pour la récupération et le traitement du contenu des pa
| `enabled` | bool | true | Activer la recherche DuckDuckGo |
| `max_results` | int | 5 | Nombre maximum de résultats |
+### Baidu Search
+
+| Config | Type | Par défaut | Description |
+|---------------|--------|-----------------------------------------------------------------|------------------------------------|
+| `enabled` | bool | false | Activer la recherche Baidu |
+| `api_key` | string | - | Clé API Qianfan |
+| `base_url` | string | `https://qianfan.baidubce.com/v2/ai_search/web_search` | URL de l'API Baidu Search |
+| `max_results` | int | 10 | Nombre maximum de résultats |
+
+```json
+{
+ "tools": {
+ "web": {
+ "baidu_search": {
+ "enabled": true,
+ "api_key": "YOUR_BAIDU_QIANFAN_API_KEY",
+ "max_results": 10
+ }
+ }
+ }
+}
+```
+
### Perplexity
| Config | Type | Par défaut | Description |
|---------------|--------|------------|--------------------------------|
-| `enabled` | bool | false | Activer la recherche Perplexity |
-| `api_key` | string | - | Clé API Perplexity |
-| `max_results` | int | 5 | Nombre maximum de résultats |
+| `enabled` | bool | false | Activer la recherche Perplexity |
+| `api_key` | string | - | Clé API Perplexity |
+| `api_keys` | string[] | - | Plusieurs clés API Perplexity pour la rotation (`api_key` prioritaire) |
+| `max_results` | int | 5 | Nombre maximum de résultats |
+
+### Brave
+
+| Config | Type | Par défaut | Description |
+|---------------|--------|------------|---------------------------|
+| `enabled` | bool | false | Activer la recherche Brave |
+| `api_key` | string | - | Clé API Brave Search |
+| `api_keys` | string[] | - | Plusieurs clés API Brave Search pour la rotation (`api_key` prioritaire) |
+| `max_results` | int | 5 | Nombre maximum de résultats |
+
+### Tavily
+
+| Config | Type | Par défaut | Description |
+|---------------|--------|------------|------------------------------------|
+| `enabled` | bool | false | Activer la recherche Tavily |
+| `api_key` | string | - | Clé API Tavily |
+| `base_url` | string | - | URL de base Tavily personnalisée |
+| `max_results` | int | 0 | Nombre maximum de résultats (0 = défaut) |
+
+### SearXNG
+
+| Config | Type | Par défaut | Description |
+|---------------|--------|--------------------------|--------------------------------|
+| `enabled` | bool | false | Activer la recherche SearXNG |
+| `base_url` | string | `http://localhost:8888` | URL de l'instance SearXNG |
+| `max_results` | int | 5 | Nombre maximum de résultats |
+
+### GLM Search
+
+| Config | Type | Par défaut | Description |
+|-----------------|--------|------------------------------------------------------|---------------------------|
+| `enabled` | bool | false | Activer GLM Search |
+| `api_key` | string | - | Clé API GLM |
+| `base_url` | string | `https://open.bigmodel.cn/api/paas/v4/web_search` | URL de l'API GLM Search |
+| `search_engine` | string | `search_std` | Type de moteur de recherche |
+| `max_results` | int | 5 | Nombre maximum de résultats |
## Outil Exec
diff --git a/docs/hooks/README.md b/docs/hooks/README.md
new file mode 100644
index 000000000..ec3bbc46a
--- /dev/null
+++ b/docs/hooks/README.md
@@ -0,0 +1,679 @@
+# Hook System Guide
+
+This document describes the hook system that is implemented in the current repository, not the older design draft.
+
+The current implementation supports two mounting modes:
+
+1. In-process hooks
+2. Out-of-process process hooks (`JSON-RPC over stdio`)
+
+The repository no longer ships standalone example source files. The Go and Python examples below are embedded directly in this document. If you want to use them, copy them into your own local files first.
+
+## Supported Hook Types
+
+| Type | Interface | Stage | Can modify data |
+| --- | --- | --- | --- |
+| Observer | `EventObserver` | EventBus broadcast | No |
+| LLM interceptor | `LLMInterceptor` | `before_llm` / `after_llm` | Yes |
+| Tool interceptor | `ToolInterceptor` | `before_tool` / `after_tool` | Yes |
+| Tool approver | `ToolApprover` | `approve_tool` | No, returns allow/deny |
+
+The currently exposed synchronous hook points are:
+
+- `before_llm`
+- `after_llm`
+- `before_tool`
+- `after_tool`
+- `approve_tool`
+
+Everything else is exposed as read-only events.
+
+## Execution Order
+
+`HookManager` sorts hooks like this:
+
+1. In-process hooks first
+2. Process hooks second
+3. Lower `priority` first within the same source
+4. Name order as the final tie-breaker
+
+## Timeouts
+
+Global defaults live under `hooks.defaults`:
+
+- `observer_timeout_ms`
+- `interceptor_timeout_ms`
+- `approval_timeout_ms`
+
+Note: the current implementation does not support per-process-hook `timeout_ms`. Timeouts are global defaults.
+
+## Quick Start
+
+If your first goal is simply to prove that the hook flow works and observe real requests, the easiest path is the Python process-hook example below:
+
+1. Enable `hooks.enabled`
+2. Save the Python example from this document to a local file, for example `/tmp/review_gate.py`
+3. Set `PICOCLAW_HOOK_LOG_FILE`
+4. Restart the gateway
+5. Watch the log file with `tail -f`
+
+Example:
+
+```json
+{
+ "hooks": {
+ "enabled": true,
+ "processes": {
+ "py_review_gate": {
+ "enabled": true,
+ "priority": 100,
+ "transport": "stdio",
+ "command": [
+ "python3",
+ "/tmp/review_gate.py"
+ ],
+ "observe": [
+ "tool_exec_start",
+ "tool_exec_end",
+ "tool_exec_skipped"
+ ],
+ "intercept": [
+ "before_tool",
+ "approve_tool"
+ ],
+ "env": {
+ "PICOCLAW_HOOK_LOG_FILE": "/tmp/picoclaw-hook-review-gate.log"
+ }
+ }
+ }
+ }
+}
+```
+
+Watch it with:
+
+```bash
+tail -f /tmp/picoclaw-hook-review-gate.log
+```
+
+If you are developing PicoClaw itself rather than only validating the protocol, continue with the Go in-process example as well.
+
+## What The Two Examples Are For
+
+- Go in-process example
+ Best for validating the host-side hook chain and understanding `MountHook()` plus the synchronous stages
+- Python process example
+ Best for understanding the `JSON-RPC over stdio` protocol and verifying the message flow between PicoClaw and an external process
+
+Both examples are intentionally safe: they only log, never rewrite, and never deny.
+
+## Go In-Process Example
+
+The following is a minimal logging hook for in-process use. It implements:
+
+1. `EventObserver`
+2. `LLMInterceptor`
+3. `ToolInterceptor`
+4. `ToolApprover`
+
+It only records activity. It does not rewrite requests or reject tools.
+
+You can save it as your own Go file, for example `pkg/myhooks/example_logger.go`:
+
+```go
+package myhooks
+
+import (
+ "context"
+ "encoding/json"
+ "os"
+ "path/filepath"
+ "strings"
+ "sync"
+ "time"
+
+ "github.com/sipeed/picoclaw/pkg/agent"
+ "github.com/sipeed/picoclaw/pkg/logger"
+)
+
+type ExampleLoggerHookOptions struct {
+ LogFile string `json:"log_file,omitempty"`
+ LogEvents bool `json:"log_events,omitempty"`
+}
+
+type ExampleLoggerHook struct {
+ logFile string
+ logEvents bool
+ mu sync.Mutex
+}
+
+func NewExampleLoggerHook(opts ExampleLoggerHookOptions) *ExampleLoggerHook {
+ return &ExampleLoggerHook{
+ logFile: strings.TrimSpace(opts.LogFile),
+ logEvents: opts.LogEvents,
+ }
+}
+
+func (h *ExampleLoggerHook) OnEvent(ctx context.Context, evt agent.Event) error {
+ _ = ctx
+ if h == nil || !h.logEvents {
+ return nil
+ }
+ h.record("event", evt.Meta, map[string]any{
+ "event": evt.Kind.String(),
+ "payload": evt.Payload,
+ }, nil)
+ return nil
+}
+
+func (h *ExampleLoggerHook) BeforeLLM(
+ ctx context.Context,
+ req *agent.LLMHookRequest,
+) (*agent.LLMHookRequest, agent.HookDecision, error) {
+ _ = ctx
+ h.record("before_llm", req.Meta, req, agent.HookDecision{Action: agent.HookActionContinue})
+ return req, agent.HookDecision{Action: agent.HookActionContinue}, nil
+}
+
+func (h *ExampleLoggerHook) AfterLLM(
+ ctx context.Context,
+ resp *agent.LLMHookResponse,
+) (*agent.LLMHookResponse, agent.HookDecision, error) {
+ _ = ctx
+ h.record("after_llm", resp.Meta, resp, agent.HookDecision{Action: agent.HookActionContinue})
+ return resp, agent.HookDecision{Action: agent.HookActionContinue}, nil
+}
+
+func (h *ExampleLoggerHook) BeforeTool(
+ ctx context.Context,
+ call *agent.ToolCallHookRequest,
+) (*agent.ToolCallHookRequest, agent.HookDecision, error) {
+ _ = ctx
+ h.record("before_tool", call.Meta, call, agent.HookDecision{Action: agent.HookActionContinue})
+ return call, agent.HookDecision{Action: agent.HookActionContinue}, nil
+}
+
+func (h *ExampleLoggerHook) AfterTool(
+ ctx context.Context,
+ result *agent.ToolResultHookResponse,
+) (*agent.ToolResultHookResponse, agent.HookDecision, error) {
+ _ = ctx
+ h.record("after_tool", result.Meta, result, agent.HookDecision{Action: agent.HookActionContinue})
+ return result, agent.HookDecision{Action: agent.HookActionContinue}, nil
+}
+
+func (h *ExampleLoggerHook) ApproveTool(
+ ctx context.Context,
+ req *agent.ToolApprovalRequest,
+) (agent.ApprovalDecision, error) {
+ _ = ctx
+ decision := agent.ApprovalDecision{Approved: true}
+ h.record("approve_tool", req.Meta, req, decision)
+ return decision, nil
+}
+
+func (h *ExampleLoggerHook) record(stage string, meta agent.EventMeta, payload any, decision any) {
+ logger.InfoCF("hooks", "Example hook observed", map[string]any{
+ "stage": stage,
+ })
+ if h == nil || h.logFile == "" {
+ return
+ }
+
+ entry := map[string]any{
+ "ts": time.Now().UTC(),
+ "stage": stage,
+ "meta": meta,
+ "payload": payload,
+ "decision": decision,
+ }
+
+ body, err := json.Marshal(entry)
+ if err != nil {
+ logger.WarnCF("hooks", "Example hook log encode failed", map[string]any{
+ "stage": stage,
+ "error": err.Error(),
+ })
+ return
+ }
+
+ h.mu.Lock()
+ defer h.mu.Unlock()
+
+ if dir := filepath.Dir(h.logFile); dir != "" && dir != "." {
+ if err := os.MkdirAll(dir, 0o755); err != nil {
+ logger.WarnCF("hooks", "Example hook log mkdir failed", map[string]any{
+ "stage": stage,
+ "path": h.logFile,
+ "error": err.Error(),
+ })
+ return
+ }
+ }
+
+ file, err := os.OpenFile(h.logFile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0o644)
+ if err != nil {
+ logger.WarnCF("hooks", "Example hook log open failed", map[string]any{
+ "stage": stage,
+ "path": h.logFile,
+ "error": err.Error(),
+ })
+ return
+ }
+ defer func() { _ = file.Close() }()
+
+ if _, err := file.Write(append(body, '\n')); err != nil {
+ logger.WarnCF("hooks", "Example hook log write failed", map[string]any{
+ "stage": stage,
+ "path": h.logFile,
+ "error": err.Error(),
+ })
+ }
+}
+```
+
+### Mounting It In Code
+
+If code mounting is enough, call this after `AgentLoop` is initialized:
+
+```go
+hook := myhooks.NewExampleLoggerHook(myhooks.ExampleLoggerHookOptions{
+ LogFile: "/tmp/picoclaw-hook-example-logger.log",
+ LogEvents: true,
+})
+
+if err := al.MountHook(agent.NamedHook("example-logger", hook)); err != nil {
+ panic(err)
+}
+```
+
+### If You Also Want Config Mounting
+
+The hook system supports builtin hooks, but that requires you to compile the factory into your binary. In practice, that means you need registration code like this alongside the hook definition above:
+
+```go
+package myhooks
+
+import (
+ "context"
+ "encoding/json"
+ "fmt"
+
+ "github.com/sipeed/picoclaw/pkg/agent"
+ "github.com/sipeed/picoclaw/pkg/config"
+)
+
+func init() {
+ if err := agent.RegisterBuiltinHook("example_logger", func(
+ ctx context.Context,
+ spec config.BuiltinHookConfig,
+ ) (any, error) {
+ _ = ctx
+
+ var opts ExampleLoggerHookOptions
+ if len(spec.Config) > 0 {
+ if err := json.Unmarshal(spec.Config, &opts); err != nil {
+ return nil, fmt.Errorf("decode example_logger config: %w", err)
+ }
+ }
+ return NewExampleLoggerHook(opts), nil
+ }); err != nil {
+ panic(err)
+ }
+}
+```
+
+Only after you register that builtin will the following config work:
+
+```json
+{
+ "hooks": {
+ "enabled": true,
+ "builtins": {
+ "example_logger": {
+ "enabled": true,
+ "priority": 10,
+ "config": {
+ "log_file": "/tmp/picoclaw-hook-example-logger.log",
+ "log_events": true
+ }
+ }
+ }
+ }
+}
+```
+
+### How To Observe It
+
+- If `log_file` is set, each hook call is appended as JSON Lines
+- If `log_file` is not set, the hook still writes summaries to the gateway log
+- Requests that only hit the LLM path usually show `before_llm` and `after_llm`
+- Requests that trigger tools usually also show `before_tool`, `approve_tool`, and `after_tool`
+- If `log_events=true`, you will also see `event`
+
+Typical log lines:
+
+```json
+{"ts":"2026-03-21T14:10:00Z","stage":"before_tool","meta":{"session_key":"session-1"},"payload":{"tool":"echo_text","arguments":{"text":"hello"}},"decision":{"action":"continue"}}
+{"ts":"2026-03-21T14:10:00Z","stage":"approve_tool","meta":{"session_key":"session-1"},"payload":{"tool":"echo_text","arguments":{"text":"hello"}},"decision":{"approved":true}}
+```
+
+If you only see `before_llm` and `after_llm`, that usually means the request did not trigger any tool call, not that the hook failed to mount.
+
+## Python Process-Hook Example
+
+The following script is a minimal process-hook example. It uses only the Python standard library and supports:
+
+1. `hook.hello`
+2. `hook.event`
+3. `hook.before_tool`
+4. `hook.approve_tool`
+
+It only records activity. It does not rewrite or deny anything.
+
+Save it to any local path, for example `/tmp/review_gate.py`:
+
+```python
+#!/usr/bin/env python3
+from __future__ import annotations
+
+import json
+import os
+import signal
+import sys
+from datetime import datetime, timezone
+from typing import Any
+
+LOG_EVENTS = os.getenv("PICOCLAW_HOOK_LOG_EVENTS", "1").lower() not in {"0", "false", "no"}
+LOG_FILE = os.getenv("PICOCLAW_HOOK_LOG_FILE", "").strip()
+
+
+def append_log(entry: dict[str, Any]) -> None:
+ if not LOG_FILE:
+ return
+
+ payload = {
+ "ts": datetime.now(timezone.utc).isoformat(),
+ **entry,
+ }
+ try:
+ log_dir = os.path.dirname(LOG_FILE)
+ if log_dir:
+ os.makedirs(log_dir, exist_ok=True)
+ with open(LOG_FILE, "a", encoding="utf-8") as handle:
+ handle.write(json.dumps(payload, ensure_ascii=True) + "\n")
+ except OSError as exc:
+ log_stderr(f"failed to write hook log file {LOG_FILE}: {exc}")
+
+
+def send_response(message_id: int, result: Any | None = None, error: str | None = None) -> None:
+ payload: dict[str, Any] = {
+ "jsonrpc": "2.0",
+ "id": message_id,
+ }
+ if error is not None:
+ payload["error"] = {"code": -32000, "message": error}
+ else:
+ payload["result"] = result if result is not None else {}
+
+ append_log({
+ "direction": "out",
+ "id": message_id,
+ "response": payload.get("result"),
+ "error": payload.get("error"),
+ })
+
+ try:
+ sys.stdout.write(json.dumps(payload, ensure_ascii=True) + "\n")
+ sys.stdout.flush()
+ except BrokenPipeError:
+ raise SystemExit(0) from None
+
+
+def log_stderr(message: str) -> None:
+ try:
+ sys.stderr.write(message + "\n")
+ sys.stderr.flush()
+ except BrokenPipeError:
+ raise SystemExit(0) from None
+
+
+def handle_shutdown_signal(signum: int, _frame: Any) -> None:
+ raise KeyboardInterrupt(f"received signal {signum}")
+
+
+def handle_before_tool(params: dict[str, Any]) -> dict[str, Any]:
+ _ = params
+ return {"action": "continue"}
+
+
+def handle_approve_tool(params: dict[str, Any]) -> dict[str, Any]:
+ _ = params
+ return {"approved": True}
+
+
+def handle_request(method: str, params: dict[str, Any]) -> dict[str, Any]:
+ if method == "hook.hello":
+ return {"ok": True, "name": "python-review-gate"}
+ if method == "hook.before_tool":
+ return handle_before_tool(params)
+ if method == "hook.approve_tool":
+ return handle_approve_tool(params)
+ if method == "hook.before_llm":
+ return {"action": "continue"}
+ if method == "hook.after_llm":
+ return {"action": "continue"}
+ if method == "hook.after_tool":
+ return {"action": "continue"}
+ raise KeyError(f"method not found: {method}")
+
+
+def main() -> int:
+ try:
+ for raw_line in sys.stdin:
+ line = raw_line.strip()
+ if not line:
+ continue
+
+ try:
+ message = json.loads(line)
+ except json.JSONDecodeError as exc:
+ log_stderr(f"failed to decode request: {exc}")
+ append_log({
+ "direction": "in",
+ "decode_error": str(exc),
+ "raw": line,
+ })
+ continue
+
+ method = message.get("method")
+ message_id = message.get("id", 0)
+ params = message.get("params") or {}
+ if not isinstance(params, dict):
+ params = {}
+
+ append_log({
+ "direction": "in",
+ "id": message_id,
+ "method": method,
+ "params": params,
+ "notification": not bool(message_id),
+ })
+
+ if not message_id:
+ if method == "hook.event" and LOG_EVENTS:
+ log_stderr(f"observed event: {params.get('Kind')}")
+ continue
+
+ try:
+ result = handle_request(str(method or ""), params)
+ except KeyError as exc:
+ send_response(int(message_id), error=str(exc))
+ continue
+ except Exception as exc:
+ send_response(int(message_id), error=f"unexpected error: {exc}")
+ continue
+
+ send_response(int(message_id), result=result)
+ except KeyboardInterrupt:
+ return 0
+
+ return 0
+
+
+if __name__ == "__main__":
+ signal.signal(signal.SIGINT, handle_shutdown_signal)
+ signal.signal(signal.SIGTERM, handle_shutdown_signal)
+ raise SystemExit(main())
+```
+
+### Configuration
+
+```json
+{
+ "hooks": {
+ "enabled": true,
+ "processes": {
+ "py_review_gate": {
+ "enabled": true,
+ "priority": 100,
+ "transport": "stdio",
+ "command": [
+ "python3",
+ "/abs/path/to/review_gate.py"
+ ],
+ "observe": [
+ "tool_exec_start",
+ "tool_exec_end",
+ "tool_exec_skipped"
+ ],
+ "intercept": [
+ "before_tool",
+ "approve_tool"
+ ],
+ "env": {
+ "PICOCLAW_HOOK_LOG_FILE": "/tmp/picoclaw-hook-review-gate.log"
+ }
+ }
+ }
+ }
+}
+```
+
+### Environment Variables
+
+- `PICOCLAW_HOOK_LOG_EVENTS`
+ Whether to write `hook.event` summaries to `stderr`, enabled by default
+- `PICOCLAW_HOOK_LOG_FILE`
+ Path to an external log file. When set, the script appends inbound hook requests, notifications, and outbound responses as JSON Lines
+
+Note: `PICOCLAW_HOOK_LOG_FILE` has no default. If you do not set it, the script does not write any file logs.
+
+### How To Confirm It Received Hooks
+
+Watch two places:
+
+- Gateway logs
+ Useful for confirming that the host successfully started the process and for seeing event summaries written to `stderr`
+- `PICOCLAW_HOOK_LOG_FILE`
+ Useful for seeing the exact requests the script received and the exact responses it returned
+
+Typical interpretation:
+
+- Only `hook.hello`
+ The process started and completed the handshake, but no business hook request has arrived yet
+- `hook.event`
+ The `observe` configuration is working
+- `hook.before_tool`
+ The `intercept: ["before_tool", ...]` configuration is working
+- `hook.approve_tool`
+ The approval hook path is working
+
+Because this example never rewrites or denies, the expected responses look like:
+
+```json
+{"direction":"out","id":7,"response":{"action":"continue"},"error":null}
+{"direction":"out","id":8,"response":{"approved":true},"error":null}
+```
+
+A complete sample:
+
+```json
+{"ts":"2026-03-21T14:12:00+00:00","direction":"in","id":1,"method":"hook.hello","params":{"name":"py_review_gate","version":1,"modes":["observe","tool","approve"]},"notification":false}
+{"ts":"2026-03-21T14:12:00+00:00","direction":"out","id":1,"response":{"ok":true,"name":"python-review-gate"},"error":null}
+{"ts":"2026-03-21T14:12:05+00:00","direction":"in","id":0,"method":"hook.event","params":{"Kind":"tool_exec_start"},"notification":true}
+{"ts":"2026-03-21T14:12:05+00:00","direction":"in","id":7,"method":"hook.before_tool","params":{"tool":"echo_text","arguments":{"text":"hello"}},"notification":false}
+{"ts":"2026-03-21T14:12:05+00:00","direction":"out","id":7,"response":{"action":"continue"},"error":null}
+```
+
+Additional notes:
+
+- Timestamps are UTC
+- `notification=true` means it was a notification such as `hook.event`, which does not expect a response
+- `id` increases within a single hook process; if the process restarts, the counter starts over
+
+## Process-Hook Protocol
+
+Current process hooks use `JSON-RPC over stdio`:
+
+- PicoClaw starts the external process
+- Requests and responses are exchanged as one JSON message per line
+- `hook.event` is a notification and does not need a response
+- `hook.before_llm`, `hook.after_llm`, `hook.before_tool`, `hook.after_tool`, and `hook.approve_tool` are request/response calls
+
+The host does not currently accept new RPCs initiated by the process hook. In practice, that means an external hook can only respond to PicoClaw calls; it cannot call back into the host to send channel messages.
+
+## Configuration Fields
+
+### `hooks.builtins.`
+
+- `enabled`
+- `priority`
+- `config`
+
+### `hooks.processes.`
+
+- `enabled`
+- `priority`
+- `transport`
+ Currently only `stdio` is supported
+- `command`
+- `dir`
+- `env`
+- `observe`
+- `intercept`
+
+## Troubleshooting
+
+If a hook looks like it is not firing, check these in order:
+
+1. `hooks.enabled`
+2. Whether the target builtin or process hook is `enabled`
+3. Whether the process-hook `command` path is correct
+4. Whether you are watching the correct log file
+5. Whether the current request actually reached the stage you care about
+6. Whether `observe` or `intercept` contains the hook point you want
+
+A practical minimal troubleshooting pair is:
+
+- Use the Python process-hook example from this document to validate the external protocol
+- Use the Go in-process example from this document to validate the host-side chain
+
+If the Python side shows `hook.hello` but no business hook requests, the protocol is usually fine; the current request simply did not trigger the stage you expected.
+
+## Scope And Limits
+
+The current hook system is best suited for:
+
+- LLM request rewriting
+- Tool argument normalization
+- Pre-execution tool approval
+- Auditing and observability
+
+It is not yet well suited for:
+
+- External hooks actively sending channel messages
+- Suspending a turn and waiting for human approval replies
+- Full inbound/outbound message interception across the whole platform
+
+If you want a real human approval workflow, use hooks as the approval entry point and keep the state machine plus channel interaction in a separate `ApprovalManager`.
diff --git a/docs/hooks/README.zh.md b/docs/hooks/README.zh.md
new file mode 100644
index 000000000..46c7c9392
--- /dev/null
+++ b/docs/hooks/README.zh.md
@@ -0,0 +1,679 @@
+# Hook 系统使用说明
+
+这份文档对应当前仓库里已经实现的 hook 系统,而不是设计草案。
+
+当前实现支持两类挂载方式:
+
+1. 进程内 hook
+2. 进程外 process hook(`JSON-RPC over stdio`)
+
+当前仓库不再内置示例代码文件。下面的 Go / Python 示例都直接写在本文档里;如果你要使用它们,需要先复制到你自己的文件路径。
+
+## 支持的 hook 类型
+
+| 类型 | 接口 | 作用阶段 | 能否改写 |
+| --- | --- | --- | --- |
+| 观察型 | `EventObserver` | EventBus 广播事件时 | 否 |
+| LLM 拦截型 | `LLMInterceptor` | `before_llm` / `after_llm` | 是 |
+| Tool 拦截型 | `ToolInterceptor` | `before_tool` / `after_tool` | 是 |
+| Tool 审批型 | `ToolApprover` | `approve_tool` | 否,返回批准/拒绝 |
+
+当前公开的同步点位只有:
+
+- `before_llm`
+- `after_llm`
+- `before_tool`
+- `after_tool`
+- `approve_tool`
+
+其余 lifecycle 通过事件形式只读暴露。
+
+## 执行顺序
+
+HookManager 的排序规则是:
+
+1. 先执行进程内 hook
+2. 再执行 process hook
+3. 同一来源内按 `priority` 从小到大
+4. 若 `priority` 相同,再按名字排序
+
+## 超时
+
+当前配置在 `hooks.defaults` 中统一设置:
+
+- `observer_timeout_ms`
+- `interceptor_timeout_ms`
+- `approval_timeout_ms`
+
+注意:当前实现还没有单个 process hook 自己的 `timeout_ms` 字段,超时配置是全局默认值。
+
+## 快速开始
+
+如果你的目标只是先把当前 hook 流程跑通并观察到实际请求,最省事的是先用下面的 Python process hook 示例:
+
+1. 打开 `hooks.enabled`
+2. 把下面文档里的 Python 示例保存到本地文件,例如 `/tmp/review_gate.py`
+3. 给它配置 `PICOCLAW_HOOK_LOG_FILE`
+4. 重启 gateway
+5. 用 `tail -f` 观察日志文件
+
+例如:
+
+```json
+{
+ "hooks": {
+ "enabled": true,
+ "processes": {
+ "py_review_gate": {
+ "enabled": true,
+ "priority": 100,
+ "transport": "stdio",
+ "command": [
+ "python3",
+ "/tmp/review_gate.py"
+ ],
+ "observe": [
+ "tool_exec_start",
+ "tool_exec_end",
+ "tool_exec_skipped"
+ ],
+ "intercept": [
+ "before_tool",
+ "approve_tool"
+ ],
+ "env": {
+ "PICOCLAW_HOOK_LOG_FILE": "/tmp/picoclaw-hook-review-gate.log"
+ }
+ }
+ }
+ }
+}
+```
+
+观察方式:
+
+```bash
+tail -f /tmp/picoclaw-hook-review-gate.log
+```
+
+如果你是在开发 PicoClaw 本体,而不是只想验证协议,那么再看后面的 Go in-process 示例。
+
+## 两个示例的定位
+
+- Go in-process 示例
+ 适合验证宿主内的 hook 链路、理解 `MountHook()` 和各个同步点位
+- Python process 示例
+ 适合理解 `JSON-RPC over stdio` 协议、确认宿主和外部进程之间的消息来回是否正常
+
+这两个示例都刻意保持为“只记录、不改写、不拒绝”的安全模式。它们的目的不是提供策略能力,而是帮你观察当前 hook 系统。
+
+## Go 进程内示例
+
+下面这段代码是一个最小的“记录型” in-process hook。它实现了:
+
+1. `EventObserver`
+2. `LLMInterceptor`
+3. `ToolInterceptor`
+4. `ToolApprover`
+
+它只记录,不改写请求,也不拒绝工具。
+
+你可以把它保存成你自己的 Go 文件,例如 `pkg/myhooks/example_logger.go`:
+
+```go
+package myhooks
+
+import (
+ "context"
+ "encoding/json"
+ "os"
+ "path/filepath"
+ "strings"
+ "sync"
+ "time"
+
+ "github.com/sipeed/picoclaw/pkg/agent"
+ "github.com/sipeed/picoclaw/pkg/logger"
+)
+
+type ExampleLoggerHookOptions struct {
+ LogFile string `json:"log_file,omitempty"`
+ LogEvents bool `json:"log_events,omitempty"`
+}
+
+type ExampleLoggerHook struct {
+ logFile string
+ logEvents bool
+ mu sync.Mutex
+}
+
+func NewExampleLoggerHook(opts ExampleLoggerHookOptions) *ExampleLoggerHook {
+ return &ExampleLoggerHook{
+ logFile: strings.TrimSpace(opts.LogFile),
+ logEvents: opts.LogEvents,
+ }
+}
+
+func (h *ExampleLoggerHook) OnEvent(ctx context.Context, evt agent.Event) error {
+ _ = ctx
+ if h == nil || !h.logEvents {
+ return nil
+ }
+ h.record("event", evt.Meta, map[string]any{
+ "event": evt.Kind.String(),
+ "payload": evt.Payload,
+ }, nil)
+ return nil
+}
+
+func (h *ExampleLoggerHook) BeforeLLM(
+ ctx context.Context,
+ req *agent.LLMHookRequest,
+) (*agent.LLMHookRequest, agent.HookDecision, error) {
+ _ = ctx
+ h.record("before_llm", req.Meta, req, agent.HookDecision{Action: agent.HookActionContinue})
+ return req, agent.HookDecision{Action: agent.HookActionContinue}, nil
+}
+
+func (h *ExampleLoggerHook) AfterLLM(
+ ctx context.Context,
+ resp *agent.LLMHookResponse,
+) (*agent.LLMHookResponse, agent.HookDecision, error) {
+ _ = ctx
+ h.record("after_llm", resp.Meta, resp, agent.HookDecision{Action: agent.HookActionContinue})
+ return resp, agent.HookDecision{Action: agent.HookActionContinue}, nil
+}
+
+func (h *ExampleLoggerHook) BeforeTool(
+ ctx context.Context,
+ call *agent.ToolCallHookRequest,
+) (*agent.ToolCallHookRequest, agent.HookDecision, error) {
+ _ = ctx
+ h.record("before_tool", call.Meta, call, agent.HookDecision{Action: agent.HookActionContinue})
+ return call, agent.HookDecision{Action: agent.HookActionContinue}, nil
+}
+
+func (h *ExampleLoggerHook) AfterTool(
+ ctx context.Context,
+ result *agent.ToolResultHookResponse,
+) (*agent.ToolResultHookResponse, agent.HookDecision, error) {
+ _ = ctx
+ h.record("after_tool", result.Meta, result, agent.HookDecision{Action: agent.HookActionContinue})
+ return result, agent.HookDecision{Action: agent.HookActionContinue}, nil
+}
+
+func (h *ExampleLoggerHook) ApproveTool(
+ ctx context.Context,
+ req *agent.ToolApprovalRequest,
+) (agent.ApprovalDecision, error) {
+ _ = ctx
+ decision := agent.ApprovalDecision{Approved: true}
+ h.record("approve_tool", req.Meta, req, decision)
+ return decision, nil
+}
+
+func (h *ExampleLoggerHook) record(stage string, meta agent.EventMeta, payload any, decision any) {
+ logger.InfoCF("hooks", "Example hook observed", map[string]any{
+ "stage": stage,
+ })
+ if h == nil || h.logFile == "" {
+ return
+ }
+
+ entry := map[string]any{
+ "ts": time.Now().UTC(),
+ "stage": stage,
+ "meta": meta,
+ "payload": payload,
+ "decision": decision,
+ }
+
+ body, err := json.Marshal(entry)
+ if err != nil {
+ logger.WarnCF("hooks", "Example hook log encode failed", map[string]any{
+ "stage": stage,
+ "error": err.Error(),
+ })
+ return
+ }
+
+ h.mu.Lock()
+ defer h.mu.Unlock()
+
+ if dir := filepath.Dir(h.logFile); dir != "" && dir != "." {
+ if err := os.MkdirAll(dir, 0o755); err != nil {
+ logger.WarnCF("hooks", "Example hook log mkdir failed", map[string]any{
+ "stage": stage,
+ "path": h.logFile,
+ "error": err.Error(),
+ })
+ return
+ }
+ }
+
+ file, err := os.OpenFile(h.logFile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0o644)
+ if err != nil {
+ logger.WarnCF("hooks", "Example hook log open failed", map[string]any{
+ "stage": stage,
+ "path": h.logFile,
+ "error": err.Error(),
+ })
+ return
+ }
+ defer func() { _ = file.Close() }()
+
+ if _, err := file.Write(append(body, '\n')); err != nil {
+ logger.WarnCF("hooks", "Example hook log write failed", map[string]any{
+ "stage": stage,
+ "path": h.logFile,
+ "error": err.Error(),
+ })
+ }
+}
+```
+
+### 如何挂载
+
+如果你只需要代码挂载,直接在 `AgentLoop` 初始化后调用:
+
+```go
+hook := myhooks.NewExampleLoggerHook(myhooks.ExampleLoggerHookOptions{
+ LogFile: "/tmp/picoclaw-hook-example-logger.log",
+ LogEvents: true,
+})
+
+if err := al.MountHook(agent.NamedHook("example-logger", hook)); err != nil {
+ panic(err)
+}
+```
+
+### 如果你还想用配置挂载
+
+当前 hook 系统支持 builtin hook,但这要求你自己把 factory 编进二进制。也就是说,下面这段注册代码需要和上面的 hook 定义一起放进你的工程里:
+
+```go
+package myhooks
+
+import (
+ "context"
+ "encoding/json"
+ "fmt"
+
+ "github.com/sipeed/picoclaw/pkg/agent"
+ "github.com/sipeed/picoclaw/pkg/config"
+)
+
+func init() {
+ if err := agent.RegisterBuiltinHook("example_logger", func(
+ ctx context.Context,
+ spec config.BuiltinHookConfig,
+ ) (any, error) {
+ _ = ctx
+
+ var opts ExampleLoggerHookOptions
+ if len(spec.Config) > 0 {
+ if err := json.Unmarshal(spec.Config, &opts); err != nil {
+ return nil, fmt.Errorf("decode example_logger config: %w", err)
+ }
+ }
+ return NewExampleLoggerHook(opts), nil
+ }); err != nil {
+ panic(err)
+ }
+}
+```
+
+只有在你自己注册了 builtin 之后,下面的配置才会生效:
+
+```json
+{
+ "hooks": {
+ "enabled": true,
+ "builtins": {
+ "example_logger": {
+ "enabled": true,
+ "priority": 10,
+ "config": {
+ "log_file": "/tmp/picoclaw-hook-example-logger.log",
+ "log_events": true
+ }
+ }
+ }
+ }
+}
+```
+
+### 如何观察它是否生效
+
+- 如果设置了 `log_file`,它会把每次 hook 调用按 JSON Lines 写入文件
+- 如果没有设置 `log_file`,它仍然会把摘要写到 gateway 日志
+- 普通只走 LLM 的请求,通常会看到 `before_llm` 和 `after_llm`
+- 触发工具调用的请求,通常还会看到 `before_tool`、`approve_tool`、`after_tool`
+- 如果 `log_events=true`,还会额外看到 `event`
+
+典型日志:
+
+```json
+{"ts":"2026-03-21T14:10:00Z","stage":"before_tool","meta":{"session_key":"session-1"},"payload":{"tool":"echo_text","arguments":{"text":"hello"}},"decision":{"action":"continue"}}
+{"ts":"2026-03-21T14:10:00Z","stage":"approve_tool","meta":{"session_key":"session-1"},"payload":{"tool":"echo_text","arguments":{"text":"hello"}},"decision":{"approved":true}}
+```
+
+如果你只看到了 `before_llm` / `after_llm`,没有看到 tool 相关阶段,通常不是 hook 没挂上,而是这次请求本身没有触发工具调用。
+
+## Python process hook 示例
+
+下面这段脚本是一个最小的 `process hook` 示例。它只使用 Python 标准库,支持:
+
+1. `hook.hello`
+2. `hook.event`
+3. `hook.before_tool`
+4. `hook.approve_tool`
+
+它默认只记录,不改写,也不拒绝。
+
+你可以把它保存到任意本地路径,例如 `/tmp/review_gate.py`:
+
+```python
+#!/usr/bin/env python3
+from __future__ import annotations
+
+import json
+import os
+import signal
+import sys
+from datetime import datetime, timezone
+from typing import Any
+
+LOG_EVENTS = os.getenv("PICOCLAW_HOOK_LOG_EVENTS", "1").lower() not in {"0", "false", "no"}
+LOG_FILE = os.getenv("PICOCLAW_HOOK_LOG_FILE", "").strip()
+
+
+def append_log(entry: dict[str, Any]) -> None:
+ if not LOG_FILE:
+ return
+
+ payload = {
+ "ts": datetime.now(timezone.utc).isoformat(),
+ **entry,
+ }
+ try:
+ log_dir = os.path.dirname(LOG_FILE)
+ if log_dir:
+ os.makedirs(log_dir, exist_ok=True)
+ with open(LOG_FILE, "a", encoding="utf-8") as handle:
+ handle.write(json.dumps(payload, ensure_ascii=True) + "\n")
+ except OSError as exc:
+ log_stderr(f"failed to write hook log file {LOG_FILE}: {exc}")
+
+
+def send_response(message_id: int, result: Any | None = None, error: str | None = None) -> None:
+ payload: dict[str, Any] = {
+ "jsonrpc": "2.0",
+ "id": message_id,
+ }
+ if error is not None:
+ payload["error"] = {"code": -32000, "message": error}
+ else:
+ payload["result"] = result if result is not None else {}
+
+ append_log({
+ "direction": "out",
+ "id": message_id,
+ "response": payload.get("result"),
+ "error": payload.get("error"),
+ })
+
+ try:
+ sys.stdout.write(json.dumps(payload, ensure_ascii=True) + "\n")
+ sys.stdout.flush()
+ except BrokenPipeError:
+ raise SystemExit(0) from None
+
+
+def log_stderr(message: str) -> None:
+ try:
+ sys.stderr.write(message + "\n")
+ sys.stderr.flush()
+ except BrokenPipeError:
+ raise SystemExit(0) from None
+
+
+def handle_shutdown_signal(signum: int, _frame: Any) -> None:
+ raise KeyboardInterrupt(f"received signal {signum}")
+
+
+def handle_before_tool(params: dict[str, Any]) -> dict[str, Any]:
+ _ = params
+ return {"action": "continue"}
+
+
+def handle_approve_tool(params: dict[str, Any]) -> dict[str, Any]:
+ _ = params
+ return {"approved": True}
+
+
+def handle_request(method: str, params: dict[str, Any]) -> dict[str, Any]:
+ if method == "hook.hello":
+ return {"ok": True, "name": "python-review-gate"}
+ if method == "hook.before_tool":
+ return handle_before_tool(params)
+ if method == "hook.approve_tool":
+ return handle_approve_tool(params)
+ if method == "hook.before_llm":
+ return {"action": "continue"}
+ if method == "hook.after_llm":
+ return {"action": "continue"}
+ if method == "hook.after_tool":
+ return {"action": "continue"}
+ raise KeyError(f"method not found: {method}")
+
+
+def main() -> int:
+ try:
+ for raw_line in sys.stdin:
+ line = raw_line.strip()
+ if not line:
+ continue
+
+ try:
+ message = json.loads(line)
+ except json.JSONDecodeError as exc:
+ log_stderr(f"failed to decode request: {exc}")
+ append_log({
+ "direction": "in",
+ "decode_error": str(exc),
+ "raw": line,
+ })
+ continue
+
+ method = message.get("method")
+ message_id = message.get("id", 0)
+ params = message.get("params") or {}
+ if not isinstance(params, dict):
+ params = {}
+
+ append_log({
+ "direction": "in",
+ "id": message_id,
+ "method": method,
+ "params": params,
+ "notification": not bool(message_id),
+ })
+
+ if not message_id:
+ if method == "hook.event" and LOG_EVENTS:
+ log_stderr(f"observed event: {params.get('Kind')}")
+ continue
+
+ try:
+ result = handle_request(str(method or ""), params)
+ except KeyError as exc:
+ send_response(int(message_id), error=str(exc))
+ continue
+ except Exception as exc:
+ send_response(int(message_id), error=f"unexpected error: {exc}")
+ continue
+
+ send_response(int(message_id), result=result)
+ except KeyboardInterrupt:
+ return 0
+
+ return 0
+
+
+if __name__ == "__main__":
+ signal.signal(signal.SIGINT, handle_shutdown_signal)
+ signal.signal(signal.SIGTERM, handle_shutdown_signal)
+ raise SystemExit(main())
+```
+
+### 如何配置
+
+```json
+{
+ "hooks": {
+ "enabled": true,
+ "processes": {
+ "py_review_gate": {
+ "enabled": true,
+ "priority": 100,
+ "transport": "stdio",
+ "command": [
+ "python3",
+ "/abs/path/to/review_gate.py"
+ ],
+ "observe": [
+ "tool_exec_start",
+ "tool_exec_end",
+ "tool_exec_skipped"
+ ],
+ "intercept": [
+ "before_tool",
+ "approve_tool"
+ ],
+ "env": {
+ "PICOCLAW_HOOK_LOG_FILE": "/tmp/picoclaw-hook-review-gate.log"
+ }
+ }
+ }
+ }
+}
+```
+
+### 环境变量
+
+- `PICOCLAW_HOOK_LOG_EVENTS`
+ 是否把 `hook.event` 写到 `stderr`,默认开启
+- `PICOCLAW_HOOK_LOG_FILE`
+ 外部日志文件路径。设置后,脚本会把收到的 hook 请求、notification 和返回结果按 JSON Lines 追加到该文件
+
+注意:`PICOCLAW_HOOK_LOG_FILE` 没有默认值。不设置时,脚本不会自动落盘日志。
+
+### 如何确认它收到了 hook
+
+推荐同时看两个地方:
+
+- gateway 日志
+ 用来观察宿主是否成功启动了外部进程,以及脚本写到 `stderr` 的事件摘要
+- `PICOCLAW_HOOK_LOG_FILE`
+ 用来观察脚本实际收到了什么请求、返回了什么响应
+
+典型判断方式:
+
+- 只看到 `hook.hello`
+ 说明进程启动并完成握手了,但还没有新的业务 hook 请求真正打进来
+- 看到 `hook.event`
+ 说明 `observe` 配置生效了
+- 看到 `hook.before_tool`
+ 说明 `intercept: ["before_tool", ...]` 生效了
+- 看到 `hook.approve_tool`
+ 说明审批 hook 生效了
+
+这份示例脚本不会改写任何参数,也不会拒绝工具,所以你应该看到的典型返回是:
+
+```json
+{"direction":"out","id":7,"response":{"action":"continue"},"error":null}
+{"direction":"out","id":8,"response":{"approved":true},"error":null}
+```
+
+一组完整样例:
+
+```json
+{"ts":"2026-03-21T14:12:00+00:00","direction":"in","id":1,"method":"hook.hello","params":{"name":"py_review_gate","version":1,"modes":["observe","tool","approve"]},"notification":false}
+{"ts":"2026-03-21T14:12:00+00:00","direction":"out","id":1,"response":{"ok":true,"name":"python-review-gate"},"error":null}
+{"ts":"2026-03-21T14:12:05+00:00","direction":"in","id":0,"method":"hook.event","params":{"Kind":"tool_exec_start"},"notification":true}
+{"ts":"2026-03-21T14:12:05+00:00","direction":"in","id":7,"method":"hook.before_tool","params":{"tool":"echo_text","arguments":{"text":"hello"}},"notification":false}
+{"ts":"2026-03-21T14:12:05+00:00","direction":"out","id":7,"response":{"action":"continue"},"error":null}
+```
+
+补充说明:
+
+- 时间戳是 UTC,不是本地时区
+- `notification=true` 表示这是 `hook.event` 这类不需要响应的通知
+- `id` 会随着当前进程内的请求递增;如果 hook 进程重启,计数会重新开始
+
+## Process Hook 协议约定
+
+当前 process hook 使用 `JSON-RPC over stdio`:
+
+- PicoClaw 启动外部进程
+- 请求和响应都按“一行一个 JSON 消息”传输
+- `hook.event` 是 notification,不需要响应
+- `hook.before_llm` / `hook.after_llm` / `hook.before_tool` / `hook.after_tool` / `hook.approve_tool` 是 request/response
+
+当前宿主不会接受 process hook 主动发起的新 RPC。也就是说,外部 hook 现在只能“响应 PicoClaw 的调用”,不能反向调用宿主去发送 channel 消息。
+
+## 配置字段
+
+### `hooks.builtins.`
+
+- `enabled`
+- `priority`
+- `config`
+
+### `hooks.processes.`
+
+- `enabled`
+- `priority`
+- `transport`
+ 当前只支持 `stdio`
+- `command`
+- `dir`
+- `env`
+- `observe`
+- `intercept`
+
+## 排查建议
+
+当你觉得“hook 没触发”时,优先按这个顺序排查:
+
+1. `hooks.enabled` 是否为 `true`
+2. 对应的 builtin/process hook 是否 `enabled`
+3. process hook 的 `command` 路径是否正确
+4. 你看的是否是正确的日志文件
+5. 当前请求是否真的走到了对应阶段
+6. `observe` / `intercept` 是否包含了你想看的点位
+
+一个很实用的最小排查组合是:
+
+- 先用文档里的 Python process 示例确认外部协议没问题
+- 再用文档里的 Go in-process 示例确认宿主内的 hook 链路没问题
+
+如果前者有 `hook.hello` 但没有业务请求,通常不是协议挂了,而是当前这次请求没有真正触发对应的 hook 点位。
+
+## 适用边界
+
+当前 hook 系统最适合做这些事:
+
+- LLM 请求改写
+- 工具参数规范化
+- 工具执行前审批
+- 审计和观测
+
+当前还不适合直接承载这些需求:
+
+- 外部 hook 主动发 channel 消息
+- 挂起 turn 并等待人工审批回复
+- inbound/outbound 全链路消息拦截
+
+如果你要做人审流转,推荐把 hook 作为审批入口,把审批状态机和 channel 交互放到独立的 `ApprovalManager`。
diff --git a/docs/ja/chat-apps.md b/docs/ja/chat-apps.md
index 997a064ff..789c0125f 100644
--- a/docs/ja/chat-apps.md
+++ b/docs/ja/chat-apps.md
@@ -15,6 +15,7 @@ PicoClaw は複数のチャットプラットフォームをサポートして
| **Telegram** | ⭐ 簡単 | 推奨、音声テキスト変換対応、ロングポーリング(公開 IP 不要) | [ドキュメント](../channels/telegram/README.ja.md) |
| **Discord** | ⭐ 簡単 | Socket Mode、グループ/DM 対応、Bot エコシステム充実 | [ドキュメント](../channels/discord/README.ja.md) |
| **WhatsApp** | ⭐ 簡単 | ネイティブ (QR スキャン) または Bridge URL | [ドキュメント](#whatsapp) |
+| **微信 (Weixin)** | ⭐ 簡単 | ネイティブ QR スキャン(Tencent iLink API)| [ドキュメント](#weixin) |
| **Slack** | ⭐ 簡単 | **Socket Mode** (公開 IP 不要)、エンタープライズ対応 | [ドキュメント](../channels/slack/README.ja.md) |
| **Matrix** | ⭐⭐ 中程度 | フェデレーションプロトコル、セルフホスト対応 | [ドキュメント](../channels/matrix/README.ja.md) |
| **QQ** | ⭐⭐ 中程度 | 公式ボット API、中国コミュニティ向け | [ドキュメント](../channels/qq/README.ja.md) |
@@ -22,13 +23,14 @@ PicoClaw は複数のチャットプラットフォームをサポートして
| **LINE** | ⭐⭐⭐ やや難 | HTTPS Webhook が必要 | [ドキュメント](../channels/line/README.ja.md) |
| **WeCom (企業微信)** | ⭐⭐⭐ やや難 | グループ Bot (Webhook)、カスタムアプリ (API)、AI Bot 対応 | [Bot](../channels/wecom/wecom_bot/README.ja.md) / [App](../channels/wecom/wecom_app/README.ja.md) / [AI Bot](../channels/wecom/wecom_aibot/README.ja.md) |
| **Feishu (飛書)** | ⭐⭐⭐ やや難 | エンタープライズコラボレーション、機能豊富 | [ドキュメント](../channels/feishu/README.ja.md) |
-| **IRC** | ⭐⭐ 中程度 | サーバー + TLS 設定 | - |
+| **IRC** | ⭐⭐ 中程度 | サーバー + TLS 設定 | [ドキュメント](#irc) |
| **OneBot** | ⭐⭐ 中程度 | NapCat/Go-CQHTTP 互換、コミュニティエコシステム充実 | [ドキュメント](../channels/onebot/README.ja.md) |
| **MaixCam** | ⭐ 簡単 | Sipeed AI カメラハードウェア統合チャネル | [ドキュメント](../channels/maixcam/README.ja.md) |
| **Pico** | ⭐ 簡単 | PicoClaw ネイティブプロトコルチャネル | |
---
+Telegram(推奨)
@@ -69,6 +71,7 @@ Telegram 側はコマンドメニュー登録機能を保持し、汎用コマ
+Discord
@@ -143,6 +146,7 @@ picoclaw gateway
+WhatsApp(ネイティブ whatsmeow)
@@ -170,6 +174,43 @@ PicoClaw は 2 つの WhatsApp 接続方式をサポートしています:
+
+
+微信 (Weixin)
+
+PicoClaw は Tencent iLink 公式 API を使用して WeChat 個人アカウントへの接続をサポートしています。
+
+**1. ログイン**
+
+インタラクティブな QR ログインフローを実行します:
+```bash
+picoclaw onboard weixin
+```
+WeChat モバイルアプリで表示された QR コードをスキャンしてください。ログイン成功後、トークンが設定ファイルに保存されます。
+
+**2. 設定**
+
+(オプション)ボットと会話できるユーザーを制限するために `allow_from` に WeChat ユーザー ID を追加します:
+```json
+{
+ "channels": {
+ "weixin": {
+ "enabled": true,
+ "token": "YOUR_TOKEN",
+ "allow_from": ["YOUR_USER_ID"]
+ }
+ }
+}
+```
+
+**3. 実行**
+```bash
+picoclaw gateway
+```
+
+
+
+Matrix
@@ -204,6 +245,7 @@ picoclaw gateway
+QQ
@@ -245,6 +287,7 @@ QQ 開放プラットフォームでは、OpenClaw 互換ボットのワンク
+Slack
@@ -278,6 +321,7 @@ picoclaw gateway
+IRC
@@ -311,6 +355,7 @@ picoclaw gateway
+DingTalk
@@ -345,6 +390,7 @@ picoclaw gateway
+LINE
@@ -393,6 +439,7 @@ picoclaw gateway
+Feishu (飛書)
@@ -434,6 +481,7 @@ picoclaw gateway
+WeCom (企業微信)
@@ -548,6 +596,7 @@ picoclaw gateway
+OneBot(OneBot プロトコル経由の QQ)
@@ -586,6 +635,7 @@ picoclaw gateway
+MaixCam
diff --git a/docs/ja/configuration.md b/docs/ja/configuration.md
index 215b35d54..35676809e 100644
--- a/docs/ja/configuration.md
+++ b/docs/ja/configuration.md
@@ -256,3 +256,109 @@ Agent は 30 分ごと(設定可能)にこのファイルを読み取り、
- `PICOCLAW_HEARTBEAT_ENABLED=false` で無効化
- `PICOCLAW_HEARTBEAT_INTERVAL=60` で間隔を変更
+
+#### サブ Agent の通信フロー
+
+```
+ハートビート起動
+ ↓
+Agent が HEARTBEAT.md を読む
+ ↓
+長時間タスク:spawn サブ Agent
+ ↓ ↓
+次のタスクへ継続 サブ Agent が独立して動作
+ ↓ ↓
+全タスク完了 サブ Agent が "message" ツールを使用
+ ↓ ↓
+HEARTBEAT_OK を返信 ユーザーが直接結果を受信
+```
+
+### Providers
+
+> [!NOTE]
+> Groq は Whisper による無料音声文字起こしを提供します。設定すると、任意のチャンネルの音声メッセージが Agent レベルで自動的に文字起こしされます。
+
+| Provider | 用途 | API キー取得 |
+| ------------ | --------------------------------------- | ------------------------------------------------------------ |
+| `gemini` | LLM(Gemini 直接) | [aistudio.google.com](https://aistudio.google.com) |
+| `zhipu` | LLM(Zhipu 直接) | [bigmodel.cn](https://bigmodel.cn) |
+| `volcengine` | LLM(Volcengine 直接) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) |
+| `openrouter` | LLM(推奨、全モデルにアクセス可能) | [openrouter.ai](https://openrouter.ai) |
+| `anthropic` | LLM(Claude 直接) | [console.anthropic.com](https://console.anthropic.com) |
+| `openai` | LLM(GPT 直接) | [platform.openai.com](https://platform.openai.com) |
+| `deepseek` | LLM(DeepSeek 直接) | [platform.deepseek.com](https://platform.deepseek.com) |
+| `qwen` | LLM(Qwen 直接) | [dashscope.console.aliyun.com](https://dashscope.console.aliyun.com) |
+| `groq` | LLM + **音声文字起こし**(Whisper) | [console.groq.com](https://console.groq.com) |
+| `cerebras` | LLM(Cerebras 直接) | [cerebras.ai](https://cerebras.ai) |
+| `vivgrid` | LLM(Vivgrid 直接) | [vivgrid.com](https://vivgrid.com) |
+
+### モデル設定 (model_list)
+
+> **新機能:** PicoClaw は**モデル中心**の設定アプローチを採用しました。`vendor/model` 形式(例:`zhipu/glm-4.7`)を指定するだけで新しい Provider を追加できます — **コード変更不要!**
+
+#### サポートされている全 Vendor
+
+| Vendor | `model` プレフィックス | デフォルト API Base | プロトコル | API Key |
+| ----------------------- | ---------------------- | --------------------------------------------------- | ---------- | ---------------------------------------------------------------- |
+| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [取得](https://platform.openai.com) |
+| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [取得](https://console.anthropic.com) |
+| **智谱 AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [取得](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) |
+| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [取得](https://platform.deepseek.com) |
+| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [取得](https://aistudio.google.com/api-keys) |
+| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [取得](https://console.groq.com) |
+| **通義千問 (Qwen)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [取得](https://dashscope.console.aliyun.com) |
+| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | ローカル(キー不要) |
+| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [取得](https://openrouter.ai/keys) |
+| **VolcEngine (Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [取得](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) |
+| **Antigravity** | `antigravity/` | Google Cloud | Custom | OAuth のみ |
+
+#### ロードバランシング
+
+同じモデル名に複数のエンドポイントを設定すると、PicoClaw が自動的にラウンドロビンします:
+
+```json
+{
+ "model_list": [
+ { "model_name": "gpt-5.4", "model": "openai/gpt-5.4", "api_base": "https://api1.example.com/v1", "api_key": "sk-key1" },
+ { "model_name": "gpt-5.4", "model": "openai/gpt-5.4", "api_base": "https://api2.example.com/v1", "api_key": "sk-key2" }
+ ]
+}
+```
+
+#### 旧 `providers` 設定からの移行
+
+旧 `providers` 設定は**非推奨**ですが後方互換性のためサポートされています。[docs/migration/model-list-migration.md](../migration/model-list-migration.md) を参照してください。
+
+### Provider アーキテクチャ
+
+PicoClaw はプロトコルファミリーで Provider をルーティングします:
+
+- **OpenAI 互換**:OpenRouter、Groq、Zhipu、vLLM スタイルのエンドポイントなど。
+- **Anthropic**:Claude ネイティブ API の動作。
+- **Codex/OAuth**:OpenAI OAuth/トークン認証ルート。
+
+### スケジュールタスク / リマインダー
+
+PicoClaw は `cron` ツールを通じて cron スタイルのスケジュールタスクをサポートします。
+
+```json
+{
+ "tools": {
+ "cron": {
+ "enabled": true,
+ "exec_timeout_minutes": 5
+ }
+ }
+}
+```
+
+スケジュールタスクは再起動後も `~/.picoclaw/workspace/cron/` に保存されます。
+
+### 高度なトピック
+
+| トピック | 説明 |
+| -------- | ---- |
+| [Hook システム](../hooks/README.md) | イベント駆動 Hook:オブザーバー、インターセプター、承認 Hook |
+| [Steering](../steering.md) | 実行中の Agent ループにメッセージを注入 |
+| [SubTurn](../subturn.md) | サブ Agent の調整、並行制御、ライフサイクル |
+| [コンテキスト管理](../agent-refactor/context.md) | コンテキスト境界検出、圧縮戦略 |
diff --git a/docs/ja/tools_configuration.md b/docs/ja/tools_configuration.md
index c40e58538..c946bf088 100644
--- a/docs/ja/tools_configuration.md
+++ b/docs/ja/tools_configuration.md
@@ -41,14 +41,6 @@ Web ツールはウェブ検索とフェッチに使用されます。
| `fetch_limit_bytes` | int | 10485760 | 取得するウェブページペイロードの最大サイズ(バイト単位、デフォルトは10MB)。 |
| `format` | string | "plaintext" | 取得コンテンツの出力形式。オプション:`plaintext` または `markdown`(推奨)。 |
-### Brave
-
-| 設定項目 | 型 | デフォルト | 説明 |
-|---------------|--------|------------|-----------------------|
-| `enabled` | bool | false | Brave 検索を有効にする |
-| `api_key` | string | - | Brave Search API キー |
-| `max_results` | int | 5 | 最大結果数 |
-
### DuckDuckGo
| 設定項目 | 型 | デフォルト | 説明 |
@@ -56,13 +48,73 @@ Web ツールはウェブ検索とフェッチに使用されます。
| `enabled` | bool | true | DuckDuckGo 検索を有効にする |
| `max_results` | int | 5 | 最大結果数 |
+### Baidu Search
+
+| 設定項目 | 型 | デフォルト | 説明 |
+|---------------|--------|-----------------------------------------------------------------|-------------------------------|
+| `enabled` | bool | false | Baidu 検索を有効にする |
+| `api_key` | string | - | Qianfan API キー |
+| `base_url` | string | `https://qianfan.baidubce.com/v2/ai_search/web_search` | Baidu Search API URL |
+| `max_results` | int | 10 | 最大結果数 |
+
+```json
+{
+ "tools": {
+ "web": {
+ "baidu_search": {
+ "enabled": true,
+ "api_key": "YOUR_BAIDU_QIANFAN_API_KEY",
+ "max_results": 10
+ }
+ }
+ }
+}
+```
+
### Perplexity
| 設定項目 | 型 | デフォルト | 説明 |
|---------------|--------|------------|---------------------------|
-| `enabled` | bool | false | Perplexity 検索を有効にする |
-| `api_key` | string | - | Perplexity API キー |
-| `max_results` | int | 5 | 最大結果数 |
+| `enabled` | bool | false | Perplexity 検索を有効にする |
+| `api_key` | string | - | Perplexity API キー |
+| `api_keys` | string[] | - | 複数の Perplexity API キー(ローテーション用、`api_key` より優先) |
+| `max_results` | int | 5 | 最大結果数 |
+
+### Brave
+
+| 設定項目 | 型 | デフォルト | 説明 |
+|---------------|--------|------------|-----------------------|
+| `enabled` | bool | false | Brave 検索を有効にする |
+| `api_key` | string | - | Brave Search API キー |
+| `api_keys` | string[] | - | 複数の Brave Search API キー(ローテーション用、`api_key` より優先) |
+| `max_results` | int | 5 | 最大結果数 |
+
+### Tavily
+
+| 設定項目 | 型 | デフォルト | 説明 |
+|---------------|--------|------------|-----------------------------------|
+| `enabled` | bool | false | Tavily 検索を有効にする |
+| `api_key` | string | - | Tavily API キー |
+| `base_url` | string | - | カスタム Tavily API ベース URL |
+| `max_results` | int | 0 | 最大結果数(0 = デフォルト) |
+
+### SearXNG
+
+| 設定項目 | 型 | デフォルト | 説明 |
+|---------------|--------|--------------------------|---------------------------|
+| `enabled` | bool | false | SearXNG 検索を有効にする |
+| `base_url` | string | `http://localhost:8888` | SearXNG インスタンス URL |
+| `max_results` | int | 5 | 最大結果数 |
+
+### GLM Search
+
+| 設定項目 | 型 | デフォルト | 説明 |
+|-----------------|--------|------------------------------------------------------|---------------------------|
+| `enabled` | bool | false | GLM Search を有効にする |
+| `api_key` | string | - | GLM API キー |
+| `base_url` | string | `https://open.bigmodel.cn/api/paas/v4/web_search` | GLM Search API URL |
+| `search_engine` | string | `search_std` | 検索エンジンタイプ |
+| `max_results` | int | 5 | 最大結果数 |
## Exec ツール
diff --git a/docs/providers.md b/docs/providers.md
index dde1814fb..3a740d3b8 100644
--- a/docs/providers.md
+++ b/docs/providers.md
@@ -5,7 +5,7 @@
### Providers
> [!NOTE]
-> Groq provides free voice transcription via Whisper. If configured, audio messages from any channel will be automatically transcribed at the agent level.
+> Voice transcription can use a configured multimodal model via `voice.model_name`. Groq Whisper remains available as a fallback when no voice model is configured.
| Provider | Purpose | Get API Key |
| ------------ | --------------------------------------- | ------------------------------------------------------------ |
@@ -101,6 +101,33 @@ This design also enables **multi-agent support** with flexible provider selectio
}
```
+#### Voice Transcription
+
+You can configure a dedicated model for audio transcription with `voice.model_name`. This lets you reuse existing multimodal providers that support audio input instead of relying only on Groq.
+
+If `voice.model_name` is not configured, PicoClaw will continue to fall back to Groq transcription when a Groq API key is available.
+
+```json
+{
+ "model_list": [
+ {
+ "model_name": "voice-gemini",
+ "model": "gemini/gemini-2.5-flash",
+ "api_key": "your-gemini-key"
+ }
+ ],
+ "voice": {
+ "model_name": "voice-gemini",
+ "echo_transcription": false
+ },
+ "providers": {
+ "groq": {
+ "api_key": "gsk_xxx"
+ }
+ }
+}
+```
+
#### Vendor-Specific Examples
**OpenAI**
@@ -344,6 +371,10 @@ picoclaw agent -m "Hello"
"api_key": "gsk_xxx"
}
},
+ "voice": {
+ "model_name": "voice-gemini",
+ "echo_transcription": false
+ },
"channels": {
"telegram": {
"enabled": true,
diff --git a/docs/pt-br/chat-apps.md b/docs/pt-br/chat-apps.md
index 08ef292fa..4fa59b1b2 100644
--- a/docs/pt-br/chat-apps.md
+++ b/docs/pt-br/chat-apps.md
@@ -13,6 +13,7 @@ Converse com seu picoclaw através do Telegram, Discord, WhatsApp, Matrix, QQ, D
| **Telegram** | ⭐ Fácil | Recomendado, voz para texto, long polling (sem IP público) | [Documentação](../channels/telegram/README.pt-br.md) |
| **Discord** | ⭐ Fácil | Socket Mode, suporte a grupos/DM, ecossistema bot rico | [Documentação](../channels/discord/README.pt-br.md) |
| **WhatsApp** | ⭐ Fácil | Nativo (scan QR) ou Bridge URL | [Documentação](#whatsapp) |
+| **Weixin** | ⭐ Fácil | Scan QR nativo (API Tencent iLink) | [Documentação](#weixin) |
| **Slack** | ⭐ Fácil | **Socket Mode** (sem IP público), empresarial | [Documentação](../channels/slack/README.pt-br.md) |
| **Matrix** | ⭐⭐ Médio | Protocolo federado, suporte a auto-hospedagem | [Documentação](../channels/matrix/README.pt-br.md) |
| **QQ** | ⭐⭐ Médio | API bot oficial, comunidade chinesa | [Documentação](../channels/qq/README.pt-br.md) |
@@ -20,11 +21,12 @@ Converse com seu picoclaw através do Telegram, Discord, WhatsApp, Matrix, QQ, D
| **LINE** | ⭐⭐⭐ Avançado | HTTPS Webhook obrigatório | [Documentação](../channels/line/README.pt-br.md) |
| **WeCom (企业微信)** | ⭐⭐⭐ Avançado | Bot de grupo (Webhook), app personalizado (API), AI Bot | [Bot](../channels/wecom/wecom_bot/README.pt-br.md) / [App](../channels/wecom/wecom_app/README.pt-br.md) / [AI Bot](../channels/wecom/wecom_aibot/README.pt-br.md) |
| **Feishu (飞书)** | ⭐⭐⭐ Avançado | Colaboração empresarial, rico em recursos | [Documentação](../channels/feishu/README.pt-br.md) |
-| **IRC** | ⭐⭐ Médio | Servidor + configuração TLS | - |
+| **IRC** | ⭐⭐ Médio | Servidor + configuração TLS | [Documentação](#irc) |
| **OneBot** | ⭐⭐ Médio | Compatível com NapCat/Go-CQHTTP, ecossistema comunitário | [Documentação](../channels/onebot/README.pt-br.md) |
| **MaixCam** | ⭐ Fácil | Canal de integração de hardware para câmeras AI Sipeed | [Documentação](../channels/maixcam/README.pt-br.md) |
| **Pico** | ⭐ Fácil | Canal de protocolo nativo PicoClaw | |
+Telegram (Recomendado)
@@ -65,6 +67,7 @@ Se o registro de comandos falhar (erros transitórios de rede/API), o canal aind
+Discord
@@ -138,6 +141,7 @@ picoclaw gateway
+WhatsApp (nativo via whatsmeow)
@@ -165,6 +169,43 @@ Se `session_store_path` estiver vazio, a sessão é armazenada em `/w
+
+
+Weixin (WeChat Pessoal)
+
+O PicoClaw suporta conexão com sua conta pessoal do WeChat usando a API oficial Tencent iLink.
+
+**1. Login**
+
+Execute o fluxo de login interativo por QR code:
+```bash
+picoclaw onboard weixin
+```
+Escaneie o QR code exibido com seu aplicativo WeChat mobile. Após o login bem-sucedido, o token é salvo na sua configuração.
+
+**2. Configurar**
+
+(Opcional) Adicione seu ID de usuário WeChat em `allow_from` para restringir quem pode enviar mensagens ao bot:
+```json
+{
+ "channels": {
+ "weixin": {
+ "enabled": true,
+ "token": "YOUR_TOKEN",
+ "allow_from": ["YOUR_USER_ID"]
+ }
+ }
+}
+```
+
+**3. Executar**
+```bash
+picoclaw gateway
+```
+
+
+
+QQ
@@ -206,6 +247,7 @@ Se preferir criar o bot manualmente:
+DingTalk
@@ -240,6 +282,7 @@ picoclaw gateway
+MaixCam
@@ -262,6 +305,7 @@ picoclaw gateway
+Matrix
@@ -296,6 +340,7 @@ Para opções completas (`device_id`, `join_on_invite`, `group_trigger`, `placeh
+LINE
@@ -344,6 +389,7 @@ picoclaw gateway
+WeCom (企业微信)
@@ -457,6 +503,7 @@ picoclaw gateway
+Feishu (Lark)
@@ -498,6 +545,7 @@ Para opções completas, veja o [Guia de Configuração do Canal Feishu](../chan
+Slack
@@ -531,6 +579,7 @@ picoclaw gateway
+IRC
@@ -564,6 +613,7 @@ O bot se conectará ao servidor IRC e entrará nos canais especificados.
+OneBot (QQ via protocolo OneBot)
diff --git a/docs/pt-br/configuration.md b/docs/pt-br/configuration.md
index ee14ca724..ff3ce2b34 100644
--- a/docs/pt-br/configuration.md
+++ b/docs/pt-br/configuration.md
@@ -216,4 +216,149 @@ Para tarefas de longa duração (busca na web, chamadas de API), use a ferrament
```markdown
# Tarefas Periódicas
+
+## Tarefas Rápidas (responder diretamente)
+
+- Informar a hora atual
+
+## Tarefas Longas (usar spawn para assíncrono)
+
+- Pesquisar notícias de IA na web e resumir
+- Verificar e-mails e reportar mensagens importantes
```
+
+**Comportamentos principais:**
+
+| Funcionalidade | Descrição |
+| ---------------- | ------------------------------------------------------------------ |
+| **spawn** | Cria subagente assíncrono, não bloqueia o heartbeat |
+| **Contexto independente** | Subagente tem seu próprio contexto, sem histórico de sessão |
+| **message tool** | Subagente comunica diretamente com o usuário via message tool |
+| **Não-bloqueante** | Após o spawn, o heartbeat continua para a próxima tarefa |
+
+#### Fluxo de Comunicação do Subagente
+
+```
+Heartbeat disparado
+ ↓
+Agent lê HEARTBEAT.md
+ ↓
+Tarefa longa: spawn subagente
+ ↓ ↓
+Continua próxima tarefa Subagente trabalha independentemente
+ ↓ ↓
+Todas tarefas concluídas Subagente usa ferramenta "message"
+ ↓ ↓
+Responde HEARTBEAT_OK Usuário recebe resultado diretamente
+```
+
+**Configuração:**
+
+```json
+{
+ "heartbeat": {
+ "enabled": true,
+ "interval": 30
+ }
+}
+```
+
+| Opção | Padrão | Descrição |
+| ---------- | ------ | -------------------------------------- |
+| `enabled` | `true` | Ativar/desativar heartbeat |
+| `interval` | `30` | Intervalo em minutos (mínimo: 5) |
+
+**Variáveis de ambiente:**
+
+* `PICOCLAW_HEARTBEAT_ENABLED=false` para desativar
+* `PICOCLAW_HEARTBEAT_INTERVAL=60` para alterar o intervalo
+
+### Providers
+
+> [!NOTE]
+> O Groq fornece transcrição de voz gratuita via Whisper. Se configurado, mensagens de áudio de qualquer canal serão automaticamente transcritas no nível do agente.
+
+| Provider | Finalidade | Obter API Key |
+| ------------ | --------------------------------------- | ------------------------------------------------------------ |
+| `gemini` | LLM (Gemini direto) | [aistudio.google.com](https://aistudio.google.com) |
+| `zhipu` | LLM (Zhipu direto) | [bigmodel.cn](https://bigmodel.cn) |
+| `volcengine` | LLM (Volcengine direto) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) |
+| `openrouter` | LLM (recomendado, acesso a todos modelos) | [openrouter.ai](https://openrouter.ai) |
+| `anthropic` | LLM (Claude direto) | [console.anthropic.com](https://console.anthropic.com) |
+| `openai` | LLM (GPT direto) | [platform.openai.com](https://platform.openai.com) |
+| `deepseek` | LLM (DeepSeek direto) | [platform.deepseek.com](https://platform.deepseek.com) |
+| `qwen` | LLM (Qwen direto) | [dashscope.console.aliyun.com](https://dashscope.console.aliyun.com) |
+| `groq` | LLM + **Transcrição de voz** (Whisper) | [console.groq.com](https://console.groq.com) |
+| `cerebras` | LLM (Cerebras direto) | [cerebras.ai](https://cerebras.ai) |
+| `vivgrid` | LLM (Vivgrid direto) | [vivgrid.com](https://vivgrid.com) |
+
+### Configuração de Modelos (model_list)
+
+> **Novidade:** PicoClaw agora usa uma abordagem **centrada no modelo**. Basta especificar o formato `vendor/model` (ex.: `zhipu/glm-4.7`) para adicionar novos providers — **sem alterações de código!**
+
+#### Todos os Vendors Suportados
+
+| Vendor | Prefixo `model` | API Base padrão | Protocolo | API Key |
+| ----------------------- | --------------- | --------------------------------------------------- | --------- | ---------------------------------------------------------------- |
+| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [Obter](https://platform.openai.com) |
+| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [Obter](https://console.anthropic.com) |
+| **智谱 AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [Obter](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) |
+| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [Obter](https://platform.deepseek.com) |
+| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [Obter](https://aistudio.google.com/api-keys) |
+| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [Obter](https://console.groq.com) |
+| **通义千问 (Qwen)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [Obter](https://dashscope.console.aliyun.com) |
+| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | Local (sem chave) |
+| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [Obter](https://openrouter.ai/keys) |
+| **VolcEngine (Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [Obter](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) |
+| **Antigravity** | `antigravity/` | Google Cloud | Custom | Somente OAuth |
+
+#### Balanceamento de Carga
+
+Configure múltiplos endpoints para o mesmo nome de modelo — PicoClaw fará round-robin automaticamente:
+
+```json
+{
+ "model_list": [
+ { "model_name": "gpt-5.4", "model": "openai/gpt-5.4", "api_base": "https://api1.example.com/v1", "api_key": "sk-key1" },
+ { "model_name": "gpt-5.4", "model": "openai/gpt-5.4", "api_base": "https://api2.example.com/v1", "api_key": "sk-key2" }
+ ]
+}
+```
+
+#### Migração da Configuração Legada `providers`
+
+A configuração antiga `providers` está **depreciada** mas ainda é suportada. Veja [docs/migration/model-list-migration.md](../migration/model-list-migration.md).
+
+### Arquitetura de Providers
+
+PicoClaw roteia providers por família de protocolo:
+
+- **Compatível com OpenAI**: OpenRouter, Groq, Zhipu, endpoints vLLM e a maioria dos outros.
+- **Anthropic**: Comportamento nativo da API Claude.
+- **Codex/OAuth**: Rota de autenticação OAuth/token OpenAI.
+
+### Tarefas Agendadas / Lembretes
+
+PicoClaw suporta tarefas agendadas via ferramenta `cron`.
+
+```json
+{
+ "tools": {
+ "cron": {
+ "enabled": true,
+ "exec_timeout_minutes": 5
+ }
+ }
+}
+```
+
+As tarefas agendadas persistem após reinicializações em `~/.picoclaw/workspace/cron/`.
+
+### Tópicos Avançados
+
+| Tópico | Descrição |
+| ------ | --------- |
+| [Sistema de Hooks](../hooks/README.md) | Hooks orientados a eventos: observadores, interceptores, hooks de aprovação |
+| [Steering](../steering.md) | Injetar mensagens em um loop de agente em execução |
+| [SubTurn](../subturn.md) | Coordenação de subagentes, controle de concorrência, ciclo de vida |
+| [Gerenciamento de Contexto](../agent-refactor/context.md) | Detecção de limites de contexto, compressão |
diff --git a/docs/pt-br/tools_configuration.md b/docs/pt-br/tools_configuration.md
index 2cc4f3999..feec3c3d8 100644
--- a/docs/pt-br/tools_configuration.md
+++ b/docs/pt-br/tools_configuration.md
@@ -41,14 +41,6 @@ Configurações gerais para busca e processamento de conteúdo de páginas web.
| `fetch_limit_bytes` | int | 10485760 | Tamanho máximo do payload da página web a ser buscado, em bytes (padrão é 10MB). |
| `format` | string | "plaintext" | Formato de saída do conteúdo buscado. Opções: `plaintext` ou `markdown` (recomendado). |
-### Brave
-
-| Config | Tipo | Padrão | Descrição |
-|---------------|--------|--------|----------------------------|
-| `enabled` | bool | false | Habilitar pesquisa Brave |
-| `api_key` | string | - | Chave API do Brave Search |
-| `max_results` | int | 5 | Número máximo de resultados |
-
### DuckDuckGo
| Config | Tipo | Padrão | Descrição |
@@ -56,13 +48,73 @@ Configurações gerais para busca e processamento de conteúdo de páginas web.
| `enabled` | bool | true | Habilitar pesquisa DuckDuckGo |
| `max_results` | int | 5 | Número máximo de resultados |
+### Baidu Search
+
+| Config | Tipo | Padrão | Descrição |
+|---------------|--------|-----------------------------------------------------------------|------------------------------------|
+| `enabled` | bool | false | Habilitar pesquisa Baidu |
+| `api_key` | string | - | Chave API Qianfan |
+| `base_url` | string | `https://qianfan.baidubce.com/v2/ai_search/web_search` | URL da API Baidu Search |
+| `max_results` | int | 10 | Número máximo de resultados |
+
+```json
+{
+ "tools": {
+ "web": {
+ "baidu_search": {
+ "enabled": true,
+ "api_key": "YOUR_BAIDU_QIANFAN_API_KEY",
+ "max_results": 10
+ }
+ }
+ }
+}
+```
+
### Perplexity
| Config | Tipo | Padrão | Descrição |
|---------------|--------|--------|--------------------------------|
-| `enabled` | bool | false | Habilitar pesquisa Perplexity |
-| `api_key` | string | - | Chave API do Perplexity |
-| `max_results` | int | 5 | Número máximo de resultados |
+| `enabled` | bool | false | Habilitar pesquisa Perplexity |
+| `api_key` | string | - | Chave API do Perplexity |
+| `api_keys` | string[] | - | Várias chaves API do Perplexity para rotação (prioridade sobre `api_key`) |
+| `max_results` | int | 5 | Número máximo de resultados |
+
+### Brave
+
+| Config | Tipo | Padrão | Descrição |
+|---------------|--------|--------|----------------------------|
+| `enabled` | bool | false | Habilitar pesquisa Brave |
+| `api_key` | string | - | Chave API única do Brave Search |
+| `api_keys` | string[] | - | Várias chaves API do Brave para rotação (prioridade sobre `api_key`) |
+| `max_results` | int | 5 | Número máximo de resultados |
+
+### Tavily
+
+| Config | Tipo | Padrão | Descrição |
+|---------------|--------|--------|------------------------------------|
+| `enabled` | bool | false | Habilitar pesquisa Tavily |
+| `api_key` | string | - | Chave API do Tavily |
+| `base_url` | string | - | URL base personalizada do Tavily |
+| `max_results` | int | 0 | Número máximo de resultados (0 = padrão) |
+
+### SearXNG
+
+| Config | Tipo | Padrão | Descrição |
+|---------------|--------|--------------------------|--------------------------------|
+| `enabled` | bool | false | Habilitar pesquisa SearXNG |
+| `base_url` | string | `http://localhost:8888` | URL da instância SearXNG |
+| `max_results` | int | 5 | Número máximo de resultados |
+
+### GLM Search
+
+| Config | Tipo | Padrão | Descrição |
+|-----------------|--------|------------------------------------------------------|----------------------------|
+| `enabled` | bool | false | Habilitar GLM Search |
+| `api_key` | string | - | Chave API GLM |
+| `base_url` | string | `https://open.bigmodel.cn/api/paas/v4/web_search` | URL da API GLM Search |
+| `search_engine` | string | `search_std` | Tipo de motor de busca |
+| `max_results` | int | 5 | Número máximo de resultados |
## Ferramenta Exec
diff --git a/docs/steering.md b/docs/steering.md
new file mode 100644
index 000000000..63294ac5f
--- /dev/null
+++ b/docs/steering.md
@@ -0,0 +1,199 @@
+# Steering
+
+Steering allows injecting messages into an already-running agent loop, interrupting it between tool calls without waiting for the entire cycle to complete.
+
+## How it works
+
+When the agent is executing a sequence of tool calls (e.g. the model requested 3 tools in a single turn), steering checks the queue **after each tool** completes. If it finds queued messages:
+
+1. The remaining tools are **skipped** and receive `"Skipped due to queued user message."` as their result
+2. The steering messages are **injected into the conversation context**
+3. The model is called again with the updated context, including the user's steering message
+
+```
+User ──► Steer("change approach")
+ │
+Agent Loop ▼
+ ├─ tool[0] ✔ (executed)
+ ├─ [polling] → steering found!
+ ├─ tool[1] ✘ (skipped)
+ ├─ tool[2] ✘ (skipped)
+ └─ new LLM turn with steering message
+```
+
+## Scoped queues
+
+Steering is now isolated per resolved session scope, not stored in a single
+global queue.
+
+- The active turn writes and reads from its own scope key (usually the routed session key such as `agent::...`)
+- `Steer()` still works outside an active turn through a legacy fallback queue
+- `Continue()` first dequeues messages for the requested session scope, then falls back to the legacy queue for backwards compatibility
+
+This prevents a message arriving from another chat, DM peer, or routed agent
+session from being injected into the wrong conversation.
+
+## Configuration
+
+In `config.json`, under `agents.defaults`:
+
+```json
+{
+ "agents": {
+ "defaults": {
+ "steering_mode": "one-at-a-time"
+ }
+ }
+}
+```
+
+### Modes
+
+| Value | Behavior |
+|-------|----------|
+| `"one-at-a-time"` | **(default)** Dequeues only one message per polling cycle. If there are 3 messages in the queue, they are processed one at a time across 3 successive iterations. |
+| `"all"` | Drains the entire queue in a single poll. All pending messages are injected into the context together. |
+
+The environment variable `PICOCLAW_AGENTS_DEFAULTS_STEERING_MODE` can be used as an alternative.
+
+## Go API
+
+### Steer — Send a steering message
+
+```go
+err := agentLoop.Steer(providers.Message{
+ Role: "user",
+ Content: "change direction, focus on X instead",
+})
+if err != nil {
+ // Queue is full (MaxQueueSize=10) or not initialized
+}
+```
+
+The message is enqueued in a thread-safe manner. Returns an error if the queue is full or not initialized. It will be picked up at the next polling point (after the current tool finishes).
+
+### SteeringMode / SetSteeringMode
+
+```go
+// Read the current mode
+mode := agentLoop.SteeringMode() // SteeringOneAtATime | SteeringAll
+
+// Change it at runtime
+agentLoop.SetSteeringMode(agent.SteeringAll)
+```
+
+### Continue — Resume an idle agent
+
+When the agent is idle (it has finished processing and its last message was from the assistant), `Continue` checks if there are steering messages in the queue and uses them to start a new cycle:
+
+```go
+response, err := agentLoop.Continue(ctx, sessionKey, channel, chatID)
+if err != nil {
+ // Error (e.g. "no default agent available")
+}
+if response == "" {
+ // No steering messages in queue, the agent stays idle
+}
+```
+
+`Continue` internally uses `SkipInitialSteeringPoll: true` to avoid double-dequeuing the same messages (since it already extracted them and passes them directly as input).
+
+`Continue` also resolves the target agent from the provided session key, so
+agent-scoped sessions continue on the correct agent instead of always using
+the default one.
+
+## Polling points in the loop
+
+Steering is checked at the following points in the agent cycle:
+
+1. **At loop start** — before the first LLM call, to catch messages enqueued during setup
+2. **After every tool completes** — including the first and the last. If steering is found and there are remaining tools, they are all skipped immediately
+3. **After a direct LLM response** — if a new steering message arrived while the model was generating a non-tool response, the loop continues instead of returning a stale answer
+4. **Right before the turn is finalized** — if steering arrived at the very end of the turn, the agent immediately starts a continuation turn instead of leaving the message orphaned in the queue
+
+## Why remaining tools are skipped
+
+When a steering message is detected, all remaining tools in the batch are skipped rather than executed. The alternative — let all tools finish and inject the steering message afterwards — was considered and rejected. Here is why.
+
+### Preventing unwanted side effects
+
+Tools can have **irreversible side effects**. If the user says "no, wait" while the agent is mid-batch, executing the remaining tools means those side effects happen anyway:
+
+| Tool batch | Steering message | With skip | Without skip |
+|---|---|---|---|
+| `[web_search, send_email]` | "don't send it" | Email **not** sent | Email sent, damage done |
+| `[query_db, write_file, spawn_agent]` | "use another database" | Only the query runs | File written + subagent spawned, all wasted |
+| `[search₁, search₂, search₃, write_file]` | user changes topic entirely | 1 search | 3 searches + file write, all irrelevant |
+
+### Avoiding wasted time
+
+Tools that take seconds (web fetches, API calls, database queries) would all run to completion before the agent sees the user's correction. In a batch of 3 tools each taking 3-4 seconds, that's 10+ seconds of work that will be discarded.
+
+With skipping, the agent reacts as soon as the current tool finishes — typically within a few seconds instead of waiting for the entire batch.
+
+### The LLM gets full context
+
+Skipped tools receive an explicit error result (`"Skipped due to queued user message."`), so the model knows exactly which actions were not performed. It can then decide whether to re-execute them with the new context, or take a different path entirely.
+
+### Trade-off: sequential execution
+
+Skipping requires tools to run **sequentially** (the previous implementation ran them in parallel). This introduces latency when the LLM requests multiple independent tools in a single turn. In practice, most batches contain 1-2 tools, so the impact is minimal compared to the benefit of being able to stop unwanted actions.
+
+## Skipped tool result format
+
+When steering interrupts a batch, each tool that was not executed receives a `tool` result with:
+
+```
+Content: "Skipped due to queued user message."
+```
+
+This is saved to the session via `AddFullMessage` and sent to the model, so it is aware that some requested actions were not performed.
+
+## Full flow example
+
+```
+1. User: "search for info on X, write a file, and send me a message"
+
+2. LLM responds with 3 tool calls: [web_search, write_file, message]
+
+3. web_search is executed → result saved
+
+4. [polling] → User called Steer("no, search for Y instead")
+
+5. write_file is skipped → "Skipped due to queued user message."
+ message is skipped → "Skipped due to queued user message."
+
+6. Message "search for Y instead" injected into context
+
+7. LLM receives the full updated context and responds accordingly
+```
+
+## Automatic bus drain
+
+When the agent loop (`Run()`) starts processing a message, it spawns a background goroutine that keeps consuming new inbound messages from the bus. These messages are automatically redirected into the steering queue via `Steer()`. This means:
+
+- Users on any channel (Telegram, Discord, etc.) don't need to do anything special — their messages are automatically captured as steering when the agent is busy
+- Audio messages are transcribed before being steered, so the agent receives text. If transcription fails, the original (non-transcribed) message is steered as-is
+- Only messages that resolve to the **same steering scope** as the active turn are redirected. Messages for other chats/sessions are requeued onto the inbound bus so they can be processed normally
+- `system` inbound messages are not treated as steering input
+- When `processMessage` finishes, the drain goroutine is canceled and normal message consumption resumes
+
+## Steering with media
+
+Steering messages can include `Media` refs, just like normal inbound user
+messages.
+
+- The original `media://` refs are preserved in session history via `AddFullMessage`
+- Before the next provider call, steering messages go through the normal media resolution pipeline
+- Image refs are converted to data URLs for multimodal providers; non-image refs are resolved the same way as standard inbound media
+
+This applies both to in-turn steering and to idle-session continuation through
+`Continue()`.
+
+## Notes
+
+- Steering **does not interrupt** a tool that is currently executing. It waits for the current tool to finish, then checks the queue.
+- With `one-at-a-time` mode, if multiple messages are enqueued rapidly, they will be processed one per iteration. This gives the model the opportunity to react to each message individually.
+- With `all` mode, all pending messages are combined into a single injection. Useful when you want the agent to receive all the context at once.
+- The steering queue has a maximum capacity of 10 messages (`MaxQueueSize`). `Steer()` returns an error when the queue is full. In the bus drain path, the error is logged as a warning and the message is effectively dropped.
+- Manual `Steer()` calls made outside an active turn still go to the legacy fallback queue, so older integrations keep working.
diff --git a/docs/subturn.md b/docs/subturn.md
new file mode 100644
index 000000000..b84c06627
--- /dev/null
+++ b/docs/subturn.md
@@ -0,0 +1,279 @@
+# 🔄 SubTurn Mechanism
+
+> Back to [README](../README.md)
+
+## Overview
+
+The `SubTurn` mechanism is a core feature in PicoClaw that allows tools to spawn isolated, nested agent loops to handle complex sub-tasks.
+
+By using a SubTurn, an agent can break down a problem and run a separate LLM invocation in an independent, ephemeral session. This ensures that intermediate reasoning, background tasks, or sub-agent outputs do not pollute the main conversation history.
+
+## Core Capabilities
+
+- **Context Isolation**: Each SubTurn uses an `ephemeralSessionStore`. Its message history does not leak into the parent task and is destroyed upon completion. The ephemeral session holds at most **50 messages**; older messages are automatically truncated when this limit is reached.
+- **Depth & Concurrency Limits**: Prevents infinite loops and resource exhaustion.
+ - **Maximum Depth**: Up to 3 nested levels.
+ - **Maximum Concurrency**: Up to 5 concurrent sub-turns per parent turn (managed via a semaphore with a 30-second timeout).
+- **Context Protection**: Supports soft context limits (`MaxContextRunes`). It proactively truncates old messages (while preserving system prompts and recent context) before hitting the provider's hard context window limit.
+- **Error Recovery**: Automatically detects and recovers from provider context length exceeded errors and truncation errors by compressing history and retrying.
+
+## Configuration (`SubTurnConfig`)
+
+When spawning a SubTurn, you must provide a `SubTurnConfig`:
+
+| Field | Type | Description |
+| :--- | :--- | :--- |
+| `Model` | `string` | The LLM model to use for the sub-turn (e.g., `gpt-4o-mini`). **Required.** |
+| `Tools` | `[]tools.Tool` | Tools granted to the sub-turn. If empty, it inherits the parent's tools. |
+| `SystemPrompt` | `string` | The task description for the sub-turn. Sent as the first user message to the LLM (not as a system prompt override). |
+| `ActualSystemPrompt` | `string` | Optional explicit system prompt to replace the agent's default. Leave empty to inherit the parent agent's system prompt. |
+| `MaxTokens` | `int` | Maximum tokens for the generated response. |
+| `Async` | `bool` | Controls the result delivery mode (Synchronous vs. Asynchronous). |
+| `Critical` | `bool` | If `true`, the sub-turn continues running even if the parent finishes gracefully. |
+| `Timeout` | `time.Duration` | Maximum execution time (default: 5 minutes). |
+| `MaxContextRunes`| `int` | Soft context limit. `0` = auto-calculate (75% of model's context window, recommended), `-1` = no limit (disable soft truncation, rely only on hard context error recovery), `>0` = use specified rune limit. |
+
+> **Note:** The `Async` flag does **not** make the call non-blocking. It only controls whether the result is also delivered to the parent's `pendingResults` channel. Both modes block the caller until the sub-turn completes. For true non-blocking execution, the caller must spawn the sub-turn in a separate goroutine.
+
+## Execution Modes
+
+### Synchronous (`Async: false`)
+
+This is the standard mode where the caller needs the result immediately to proceed.
+
+- The caller blocks until the sub-turn completes.
+- The result is **only** returned directly via the function return value.
+- It is **not** delivered to the parent's pending results channel.
+
+**Example:**
+```go
+cfg := agent.SubTurnConfig{
+ Model: "gpt-4o-mini",
+ SystemPrompt: "Analyze the provided codebase...",
+ Async: false,
+}
+result, err := agent.SpawnSubTurn(ctx, cfg)
+// Process result immediately
+```
+
+### Asynchronous (`Async: true`)
+
+Used for "fire-and-forget" operations or parallel processing where the parent turn collects results later.
+
+- The result is delivered to the parent turn's `pendingResults` channel.
+- The result is **also** returned via the function return value (for consistency).
+- The parent's Agent Loop will poll this channel in subsequent iterations and automatically inject the results into the ongoing conversation context as `[SubTurn Result]`.
+
+**Example:**
+```go
+cfg := agent.SubTurnConfig{
+ Model: "gpt-4o-mini",
+ SystemPrompt: "Run a background security scan...",
+ Async: true,
+}
+result, err := agent.SpawnSubTurn(ctx, cfg)
+// The result will also be injected into the parent loop later via channel
+```
+
+## Error Recovery and Retries
+
+SubTurns implement automatic retry mechanisms for transient errors:
+
+| Error Type | Max Retries | Recovery Action |
+|:-----------|:------------|:----------------|
+| Context Length Exceeded | 2 | Force compress history and retry |
+| Response Truncated (`finish_reason="truncated"`) | 2 | Inject recovery prompt and retry |
+
+### Truncation Recovery
+When the LLM response is truncated (`finish_reason="truncated"`), SubTurn automatically:
+1. Detects the truncation from `turnState.lastFinishReason`
+2. Injects a recovery prompt: "Your previous response was truncated due to length. Please provide a shorter, complete response..."
+3. Retries up to 2 times
+
+### Context Error Recovery
+When the provider returns a context length error (e.g., `context_length_exceeded`):
+1. Force compresses the message history (drops oldest 50% of conversation)
+2. Retries with the compressed context
+3. Up to 2 retries before failing
+
+## Lifecycle and Cancellation
+
+SubTurns operate within an independent context but maintain a structural link to their parent `turnState`.
+
+### Graceful Parent Finish
+When the parent task finishes naturally (`Finish(false)`):
+- **Non-critical** sub-turns receive a signal to exit gracefully without throwing an error.
+- **Critical** (`Critical: true`) sub-turns continue running in the background. Once finished, their results are emitted as **Orphan Results** so the data is not lost.
+
+### Hard Abort
+When the parent task is forcefully aborted (e.g., user interrupts with `/stop`):
+- A cascading cancellation is triggered, instantly terminating all child and grandchild sub-turns.
+- The root turn's session history rolls back to the snapshot taken at turn start (`initialHistoryLength`), preventing dirty context. SubTurns are not affected by this rollback as they use ephemeral sessions that are discarded anyway.
+
+## Agent Loop Integration
+
+### Bus Draining During Processing
+
+When a message enters the `Run()` loop, the agent starts a `drainBusToSteering` goroutine before calling `processMessage`. This goroutine runs concurrently with the entire processing lifecycle and continuously consumes any new inbound messages from the bus, redirecting them into the **steering queue** instead of dropping them.
+
+This ensures that if a user sends a follow-up message while the agent is processing (including during SubTurn execution), the message is not lost — it will be picked up between tool call iterations via `dequeueSteeringMessages`.
+
+The drain goroutine stops automatically when `processMessage` returns (via a cancellable context).
+
+### Pending Result Polling
+
+The agent loop polls for async SubTurn results at two points per iteration:
+1. **Before the LLM call**: injects any arrived results as `[SubTurn Result]` messages into the conversation context.
+2. **After all tool executions**: polls again during the tool loop to catch results that arrived during tool execution.
+3. **After the final iteration**: one last poll before the turn ends to avoid losing late-arriving results.
+
+### Turn State Tracking
+
+All active root turns are registered in `AgentLoop.activeTurnStates` (`sync.Map`, keyed by session key). This allows `HardAbort` and `/subagents` observability commands to find and operate on active turns.
+
+## Event Bus Integration
+
+SubTurns emit specific events to the PicoClaw `EventBus` for observability and debugging:
+
+| Event Kind | When Emitted | Payload |
+|:------|:-------------|:--------|
+| `subturn_spawn` | Sub-turn successfully initialized | `SubTurnSpawnPayload{AgentID, Label, ParentTurnID}` |
+| `subturn_end` | Sub-turn finishes (success or error) | `SubTurnEndPayload{AgentID, Status}` |
+| `subturn_result_delivered` | Async result successfully delivered to parent | `SubTurnResultDeliveredPayload{TargetChannel, TargetChatID, ContentLen}` |
+| `subturn_orphan` | Result cannot be delivered (parent finished or channel full) | `SubTurnOrphanPayload{ParentTurnID, ChildTurnID, Reason}` |
+
+## API Reference
+
+### SpawnSubTurn (Public Entry Point)
+
+```go
+func SpawnSubTurn(ctx context.Context, cfg SubTurnConfig) (*tools.ToolResult, error)
+```
+
+This is the exported package-level entry point for agent-internal code (e.g., tests, direct invocations). It retrieves `AgentLoop` and `turnState` from context and delegates to the internal `spawnSubTurn`.
+
+**Requirements:**
+- `AgentLoop` must be injected into context via `WithAgentLoop()`
+- Parent `turnState` must exist in context (automatically set when called from tools)
+
+**Returns:**
+- `*tools.ToolResult`: Contains `ForLLM` field with the sub-turn's output
+- `error`: One of the defined error types or context errors
+
+### AgentLoopSpawner (Interface Implementation)
+
+```go
+type AgentLoopSpawner struct { al *AgentLoop }
+
+func (s *AgentLoopSpawner) SpawnSubTurn(ctx context.Context, cfg tools.SubTurnConfig) (*tools.ToolResult, error)
+```
+
+This implements the `tools.SubTurnSpawner` interface for use by tools that need to spawn sub-turns without a direct import of the `agent` package (avoiding circular dependencies). It converts `tools.SubTurnConfig` → `agent.SubTurnConfig` before delegating to the internal `spawnSubTurn`.
+
+### NewSubTurnSpawner
+
+```go
+func NewSubTurnSpawner(al *AgentLoop) *AgentLoopSpawner
+```
+
+Creates a new spawner instance for the given AgentLoop. Pass the returned value to `SpawnTool.SetSpawner()` or `SubagentTool.SetSpawner()` during tool registration.
+
+### Continue
+
+```go
+func (al *AgentLoop) Continue(ctx context.Context, sessionKey string) error
+```
+
+Resumes an idle agent turn by injecting any queued steering messages as a new LLM iteration. Used when the agent is waiting and a deferred steering message needs to be processed without a new inbound message arriving.
+
+## Context Propagation
+
+SubTurn relies on context values for proper operation:
+
+| Context Key | Purpose |
+|:------------|:--------|
+| `agentLoopKey` | Stores `*AgentLoop` for tool access and SubTurn spawning |
+| `turnStateKey` | Stores `*turnState` for hierarchy tracking and result delivery |
+
+### Injecting Dependencies
+
+```go
+// Before calling tools that may spawn SubTurns
+ctx = WithAgentLoop(ctx, agentLoop)
+ctx = withTurnState(ctx, turnState)
+```
+
+### Independent Child Context
+
+**Important**: The child SubTurn uses an **independent context** derived from `context.Background()`, not from the parent context. This design choice:
+
+- Allows critical SubTurns to continue after parent cancellation
+- Prevents parent timeout from affecting child execution
+- Child has its own timeout for self-protection (`Timeout` config or 5 minutes default)
+
+## Error Types
+
+| Error | Condition |
+|:------|:----------|
+| `ErrDepthLimitExceeded` | SubTurn depth exceeds 3 levels |
+| `ErrInvalidSubTurnConfig` | Required field `Model` is empty |
+| `ErrConcurrencyTimeout` | All 5 concurrency slots occupied for 30+ seconds |
+| Context errors | Parent context cancelled during semaphore acquisition |
+
+## Thread Safety
+
+SubTurns are designed for concurrent execution:
+
+- **Parent-child relationships**: Managed under mutex (`parentTS.mu.Lock()`)
+- **Active turn tracking**: Uses `sync.Map` for concurrent access to `activeTurnStates`
+- **ID generation**: Uses `atomic.Int64` for unique SubTurn IDs (format: `subturn-N`, globally monotonic per `AgentLoop` instance)
+- **Result delivery**: Reads parent state under lock, releases before channel send (small race window acceptable)
+
+## Orphan Results
+
+An orphan result occurs when:
+1. Parent turn finishes before the SubTurn completes
+2. The `pendingResults` channel is full (buffer size: 16)
+
+When a result becomes orphan:
+- `SubTurnOrphanResultEvent` is emitted to EventBus
+- The result is **NOT** delivered to the LLM context
+- External systems can listen to this event for custom handling
+
+### Preventing Orphan Results
+- Use `Critical: true` for important SubTurns that must complete
+- Monitor `SubTurnOrphanResultEvent` for observability
+- Consider the 16-buffer limit when spawning many async SubTurns
+
+## Tool Inheritance
+
+### When `cfg.Tools` is empty:
+- SubTurn inherits **all** tools from the parent agent
+- Tools are registered in a new `ToolRegistry` instance
+- Tool TTL is managed independently from parent
+
+### When `cfg.Tools` is specified:
+- Only the specified tools are available to the SubTurn
+- Parent tools are **NOT** merged
+- Use this to restrict SubTurn capabilities for security or focus
+
+**Example - Restricted SubTurn:**
+```go
+cfg := agent.SubTurnConfig{
+ Model: "gpt-4o-mini",
+ Tools: []tools.Tool{readOnlyTool}, // Only read-only access
+ SystemPrompt: "Analyze the file structure...",
+}
+```
+
+## Reference
+
+| Constant | Value |
+|:---------|:------|
+| `maxSubTurnDepth` | 3 |
+| `maxConcurrentSubTurns` | 5 |
+| `concurrencyTimeout` | 30s |
+| `defaultSubTurnTimeout` | 5m |
+| `maxEphemeralHistorySize` | 50 messages |
+| `pendingResults` buffer | 16 |
+| `MaxContextRunes` default | 75% of model context window |
diff --git a/docs/tools_configuration.md b/docs/tools_configuration.md
index d0160050d..0528fe714 100644
--- a/docs/tools_configuration.md
+++ b/docs/tools_configuration.md
@@ -55,6 +55,31 @@ General settings for fetching and processing webpage content.
| `enabled` | bool | true | Enable DuckDuckGo search |
| `max_results` | int | 5 | Maximum number of results |
+### Baidu Search
+
+Baidu Search uses the [Qianfan AI Search API](https://cloud.baidu.com/doc/qianfan-api/s/Wmbq4z7e5), which is AI-powered and optimized for Chinese-language queries.
+
+| Config | Type | Default | Description |
+|---------------|--------|------------------------------------------------------------------|---------------------------|
+| `enabled` | bool | false | Enable Baidu Search |
+| `api_key` | string | - | Qianfan API key |
+| `base_url` | string | `https://qianfan.baidubce.com/v2/ai_search/web_search` | Baidu Search API URL |
+| `max_results` | int | 10 | Maximum number of results |
+
+```json
+{
+ "tools": {
+ "web": {
+ "baidu_search": {
+ "enabled": true,
+ "api_key": "YOUR_BAIDU_QIANFAN_API_KEY",
+ "max_results": 10
+ }
+ }
+ }
+}
+```
+
### Perplexity
| Config | Type | Default | Description |
diff --git a/docs/vi/chat-apps.md b/docs/vi/chat-apps.md
index 3680fed69..d907e5e91 100644
--- a/docs/vi/chat-apps.md
+++ b/docs/vi/chat-apps.md
@@ -13,6 +13,7 @@ Trò chuyện với picoclaw của bạn qua Telegram, Discord, WhatsApp, Matrix
| **Telegram** | ⭐ Dễ | Khuyến nghị, chuyển giọng nói thành văn bản, long polling (không cần IP công khai) | [Tài liệu](../channels/telegram/README.vi.md) |
| **Discord** | ⭐ Dễ | Socket Mode, hỗ trợ nhóm/DM, hệ sinh thái bot phong phú | [Tài liệu](../channels/discord/README.vi.md) |
| **WhatsApp** | ⭐ Dễ | Bản địa (quét QR) hoặc Bridge URL | [Tài liệu](#whatsapp) |
+| **Weixin** | ⭐ Dễ | Quét QR gốc (API Tencent iLink) | [Tài liệu](#weixin) |
| **Slack** | ⭐ Dễ | **Socket Mode** (không cần IP công khai), doanh nghiệp | [Tài liệu](../channels/slack/README.vi.md) |
| **Matrix** | ⭐⭐ Trung bình | Giao thức liên kết, hỗ trợ tự lưu trữ | [Tài liệu](../channels/matrix/README.vi.md) |
| **QQ** | ⭐⭐ Trung bình | API bot chính thức, cộng đồng Trung Quốc | [Tài liệu](../channels/qq/README.vi.md) |
@@ -20,11 +21,12 @@ Trò chuyện với picoclaw của bạn qua Telegram, Discord, WhatsApp, Matrix
| **LINE** | ⭐⭐⭐ Nâng cao | Yêu cầu HTTPS Webhook | [Tài liệu](../channels/line/README.vi.md) |
| **WeCom (企业微信)** | ⭐⭐⭐ Nâng cao | Bot nhóm (Webhook), ứng dụng tùy chỉnh (API), AI Bot | [Bot](../channels/wecom/wecom_bot/README.vi.md) / [App](../channels/wecom/wecom_app/README.vi.md) / [AI Bot](../channels/wecom/wecom_aibot/README.vi.md) |
| **Feishu (飞书)** | ⭐⭐⭐ Nâng cao | Cộng tác doanh nghiệp, nhiều tính năng | [Tài liệu](../channels/feishu/README.vi.md) |
-| **IRC** | ⭐⭐ Trung bình | Máy chủ + cấu hình TLS | - |
+| **IRC** | ⭐⭐ Trung bình | Máy chủ + cấu hình TLS | [Tài liệu](#irc) |
| **OneBot** | ⭐⭐ Trung bình | Tương thích NapCat/Go-CQHTTP, hệ sinh thái cộng đồng | [Tài liệu](../channels/onebot/README.vi.md) |
| **MaixCam** | ⭐ Dễ | Kênh tích hợp phần cứng cho camera AI Sipeed | [Tài liệu](../channels/maixcam/README.vi.md) |
| **Pico** | ⭐ Dễ | Kênh giao thức bản địa PicoClaw | |
+Telegram (Khuyến nghị)
@@ -65,6 +67,7 @@ Nếu đăng ký lệnh thất bại (lỗi tạm thời mạng/API), kênh vẫ
+Discord
@@ -138,6 +141,7 @@ picoclaw gateway
+WhatsApp (native qua whatsmeow)
@@ -165,6 +169,43 @@ Nếu `session_store_path` trống, phiên được lưu tại `/what
+
+
+Weixin (WeChat Cá nhân)
+
+PicoClaw hỗ trợ kết nối với tài khoản WeChat cá nhân của bạn thông qua API chính thức Tencent iLink.
+
+**1. Đăng nhập**
+
+Chạy luồng đăng nhập QR tương tác:
+```bash
+picoclaw onboard weixin
+```
+Quét mã QR được in ra bằng ứng dụng WeChat trên điện thoại. Sau khi đăng nhập thành công, token sẽ được lưu vào cấu hình.
+
+**2. Cấu hình**
+
+(Tùy chọn) Thêm ID người dùng WeChat vào `allow_from` để giới hạn ai có thể nhắn tin với bot:
+```json
+{
+ "channels": {
+ "weixin": {
+ "enabled": true,
+ "token": "YOUR_TOKEN",
+ "allow_from": ["YOUR_USER_ID"]
+ }
+ }
+}
+```
+
+**3. Chạy**
+```bash
+picoclaw gateway
+```
+
+
+
+QQ
@@ -206,6 +247,7 @@ Nếu bạn muốn tạo bot thủ công:
+DingTalk
@@ -240,6 +282,7 @@ picoclaw gateway
+MaixCam
@@ -262,6 +305,7 @@ picoclaw gateway
+Matrix
@@ -296,6 +340,7 @@ picoclaw gateway
+LINE
@@ -344,6 +389,7 @@ picoclaw gateway
+WeCom (企业微信)
@@ -458,6 +504,7 @@ picoclaw gateway
+Feishu (Lark)
@@ -499,6 +546,7 @@ Mở Feishu, tìm tên bot của bạn và bắt đầu trò chuyện. Bạn cũ
+Slack
@@ -532,6 +580,7 @@ picoclaw gateway
+IRC
@@ -565,6 +614,7 @@ Bot sẽ kết nối đến máy chủ IRC và tham gia các kênh đã chỉ đ
+OneBot (QQ qua giao thức OneBot)
diff --git a/docs/vi/configuration.md b/docs/vi/configuration.md
index a21929359..fecadc6ff 100644
--- a/docs/vi/configuration.md
+++ b/docs/vi/configuration.md
@@ -216,4 +216,149 @@ Cho tác vụ chạy lâu (tìm kiếm web, gọi API), sử dụng công cụ `
```markdown
# Tác Vụ Định Kỳ
+
+## Tác Vụ Nhanh (trả lời trực tiếp)
+
+- Báo giờ hiện tại
+
+## Tác Vụ Dài (dùng spawn cho bất đồng bộ)
+
+- Tìm kiếm tin tức AI trên web và tóm tắt
+- Kiểm tra email và báo cáo tin nhắn quan trọng
```
+
+**Hành vi chính:**
+
+| Tính năng | Mô tả |
+| ---------------- | ------------------------------------------------------------------ |
+| **spawn** | Tạo subagent bất đồng bộ, không chặn heartbeat |
+| **Ngữ cảnh độc lập** | Subagent có ngữ cảnh riêng, không có lịch sử phiên |
+| **message tool** | Subagent giao tiếp trực tiếp với người dùng qua message tool |
+| **Không chặn** | Sau khi spawn, heartbeat tiếp tục tác vụ tiếp theo |
+
+#### Luồng Giao Tiếp Của Subagent
+
+```
+Heartbeat kích hoạt
+ ↓
+Agent đọc HEARTBEAT.md
+ ↓
+Tác vụ dài: spawn subagent
+ ↓ ↓
+Tiếp tục tác vụ tiếp theo Subagent hoạt động độc lập
+ ↓ ↓
+Hoàn thành tất cả tác vụ Subagent dùng công cụ "message"
+ ↓ ↓
+Trả lời HEARTBEAT_OK Người dùng nhận kết quả trực tiếp
+```
+
+**Cấu hình:**
+
+```json
+{
+ "heartbeat": {
+ "enabled": true,
+ "interval": 30
+ }
+}
+```
+
+| Tùy chọn | Mặc định | Mô tả |
+| ---------- | -------- | -------------------------------------- |
+| `enabled` | `true` | Bật/tắt heartbeat |
+| `interval` | `30` | Khoảng thời gian kiểm tra tính bằng phút (tối thiểu: 5) |
+
+**Biến môi trường:**
+
+* `PICOCLAW_HEARTBEAT_ENABLED=false` để tắt
+* `PICOCLAW_HEARTBEAT_INTERVAL=60` để thay đổi khoảng thời gian
+
+### Providers
+
+> [!NOTE]
+> Groq cung cấp chuyển đổi giọng nói thành văn bản miễn phí qua Whisper. Nếu được cấu hình, tin nhắn âm thanh từ bất kỳ kênh nào sẽ được tự động chuyển đổi ở cấp độ agent.
+
+| Provider | Mục đích | Lấy API Key |
+| ------------ | --------------------------------------- | ------------------------------------------------------------ |
+| `gemini` | LLM (Gemini trực tiếp) | [aistudio.google.com](https://aistudio.google.com) |
+| `zhipu` | LLM (Zhipu trực tiếp) | [bigmodel.cn](https://bigmodel.cn) |
+| `volcengine` | LLM (Volcengine trực tiếp) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) |
+| `openrouter` | LLM (khuyến nghị, truy cập tất cả mô hình) | [openrouter.ai](https://openrouter.ai) |
+| `anthropic` | LLM (Claude trực tiếp) | [console.anthropic.com](https://console.anthropic.com) |
+| `openai` | LLM (GPT trực tiếp) | [platform.openai.com](https://platform.openai.com) |
+| `deepseek` | LLM (DeepSeek trực tiếp) | [platform.deepseek.com](https://platform.deepseek.com) |
+| `qwen` | LLM (Qwen trực tiếp) | [dashscope.console.aliyun.com](https://dashscope.console.aliyun.com) |
+| `groq` | LLM + **Chuyển đổi giọng nói** (Whisper)| [console.groq.com](https://console.groq.com) |
+| `cerebras` | LLM (Cerebras trực tiếp) | [cerebras.ai](https://cerebras.ai) |
+| `vivgrid` | LLM (Vivgrid trực tiếp) | [vivgrid.com](https://vivgrid.com) |
+
+### Cấu Hình Mô Hình (model_list)
+
+> **Tính năng mới:** PicoClaw hiện sử dụng cách tiếp cận **lấy mô hình làm trung tâm**. Chỉ cần chỉ định định dạng `vendor/model` (ví dụ: `zhipu/glm-4.7`) để thêm provider mới — **không cần thay đổi code!**
+
+#### Tất Cả Vendor Được Hỗ Trợ
+
+| Vendor | Tiền tố `model` | API Base mặc định | Giao thức | API Key |
+| ----------------------- | --------------- | --------------------------------------------------- | --------- | ---------------------------------------------------------------- |
+| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [Lấy](https://platform.openai.com) |
+| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [Lấy](https://console.anthropic.com) |
+| **智谱 AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [Lấy](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) |
+| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [Lấy](https://platform.deepseek.com) |
+| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [Lấy](https://aistudio.google.com/api-keys) |
+| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [Lấy](https://console.groq.com) |
+| **通义千问 (Qwen)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [Lấy](https://dashscope.console.aliyun.com) |
+| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | Cục bộ (không cần key) |
+| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [Lấy](https://openrouter.ai/keys) |
+| **VolcEngine (Doubao)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [Lấy](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) |
+| **Antigravity** | `antigravity/` | Google Cloud | Custom | Chỉ OAuth |
+
+#### Cân Bằng Tải
+
+Cấu hình nhiều endpoint cho cùng tên mô hình — PicoClaw sẽ tự động round-robin:
+
+```json
+{
+ "model_list": [
+ { "model_name": "gpt-5.4", "model": "openai/gpt-5.4", "api_base": "https://api1.example.com/v1", "api_key": "sk-key1" },
+ { "model_name": "gpt-5.4", "model": "openai/gpt-5.4", "api_base": "https://api2.example.com/v1", "api_key": "sk-key2" }
+ ]
+}
+```
+
+#### Di Chuyển Từ Cấu Hình `providers` Cũ
+
+Cấu hình `providers` cũ đã **bị deprecated** nhưng vẫn được hỗ trợ. Xem [docs/migration/model-list-migration.md](../migration/model-list-migration.md).
+
+### Kiến Trúc Provider
+
+PicoClaw định tuyến provider theo họ giao thức:
+
+- **Tương thích OpenAI**: OpenRouter, Groq, Zhipu, endpoint kiểu vLLM và hầu hết các provider khác.
+- **Anthropic**: Hành vi API Claude gốc.
+- **Codex/OAuth**: Tuyến xác thực OAuth/token OpenAI.
+
+### Tác Vụ Đã Lên Lịch / Nhắc Nhở
+
+PicoClaw hỗ trợ tác vụ theo lịch qua công cụ `cron`.
+
+```json
+{
+ "tools": {
+ "cron": {
+ "enabled": true,
+ "exec_timeout_minutes": 5
+ }
+ }
+}
+```
+
+Tác vụ đã lên lịch được lưu trữ bền vững sau khi khởi động lại tại `~/.picoclaw/workspace/cron/`.
+
+### Chủ Đề Nâng Cao
+
+| Chủ đề | Mô tả |
+| ------ | ----- |
+| [Hệ Thống Hook](../hooks/README.md) | Hook hướng sự kiện: observer, interceptor, approval hook |
+| [Steering](../steering.md) | Chèn tin nhắn vào vòng lặp agent đang chạy |
+| [SubTurn](../subturn.md) | Điều phối subagent, kiểm soát đồng thời, vòng đời |
+| [Quản Lý Ngữ Cảnh](../agent-refactor/context.md) | Phát hiện ranh giới ngữ cảnh, nén |
diff --git a/docs/vi/tools_configuration.md b/docs/vi/tools_configuration.md
index 76a336186..55e7699eb 100644
--- a/docs/vi/tools_configuration.md
+++ b/docs/vi/tools_configuration.md
@@ -41,14 +41,6 @@ Cài đặt chung để tải và xử lý nội dung trang web.
| `fetch_limit_bytes` | int | 10485760 | Kích thước tối đa của payload trang web cần tải, tính bằng byte (mặc định là 10MB). |
| `format` | string | "plaintext" | Định dạng đầu ra của nội dung đã tải. Tùy chọn: `plaintext` hoặc `markdown` (khuyến nghị). |
-### Brave
-
-| Cấu hình | Kiểu | Mặc định | Mô tả |
-|----------------|--------|----------|----------------------------|
-| `enabled` | bool | false | Bật tìm kiếm Brave |
-| `api_key` | string | - | Khóa API Brave Search |
-| `max_results` | int | 5 | Số kết quả tối đa |
-
### DuckDuckGo
| Cấu hình | Kiểu | Mặc định | Mô tả |
@@ -56,13 +48,73 @@ Cài đặt chung để tải và xử lý nội dung trang web.
| `enabled` | bool | true | Bật tìm kiếm DuckDuckGo |
| `max_results` | int | 5 | Số kết quả tối đa |
+### Baidu Search
+
+| Cấu hình | Kiểu | Mặc định | Mô tả |
+|----------------|--------|-----------------------------------------------------------------|------------------------------------|
+| `enabled` | bool | false | Bật tìm kiếm Baidu |
+| `api_key` | string | - | Khóa API Qianfan |
+| `base_url` | string | `https://qianfan.baidubce.com/v2/ai_search/web_search` | URL API Baidu Search |
+| `max_results` | int | 10 | Số kết quả tối đa |
+
+```json
+{
+ "tools": {
+ "web": {
+ "baidu_search": {
+ "enabled": true,
+ "api_key": "YOUR_BAIDU_QIANFAN_API_KEY",
+ "max_results": 10
+ }
+ }
+ }
+}
+```
+
### Perplexity
| Cấu hình | Kiểu | Mặc định | Mô tả |
|----------------|--------|----------|-------------------------------|
-| `enabled` | bool | false | Bật tìm kiếm Perplexity |
-| `api_key` | string | - | Khóa API Perplexity |
-| `max_results` | int | 5 | Số kết quả tối đa |
+| `enabled` | bool | false | Bật tìm kiếm Perplexity |
+| `api_key` | string | - | Khóa API Perplexity |
+| `api_keys` | string[] | - | Nhiều khóa API Perplexity để xoay vòng (ưu tiên hơn `api_key`) |
+| `max_results` | int | 5 | Số kết quả tối đa |
+
+### Brave
+
+| Cấu hình | Kiểu | Mặc định | Mô tả |
+|----------------|--------|----------|----------------------------|
+| `enabled` | bool | false | Bật tìm kiếm Brave |
+| `api_key` | string | - | Khóa API Brave Search |
+| `api_keys` | string[] | - | Nhiều khóa API Brave Search để xoay vòng (ưu tiên hơn `api_key`) |
+| `max_results` | int | 5 | Số kết quả tối đa |
+
+### Tavily
+
+| Cấu hình | Kiểu | Mặc định | Mô tả |
+|----------------|--------|----------|------------------------------------|
+| `enabled` | bool | false | Bật tìm kiếm Tavily |
+| `api_key` | string | - | Khóa API Tavily |
+| `base_url` | string | - | URL cơ sở Tavily tùy chỉnh |
+| `max_results` | int | 0 | Số kết quả tối đa (0 = mặc định) |
+
+### SearXNG
+
+| Cấu hình | Kiểu | Mặc định | Mô tả |
+|----------------|--------|--------------------------|----------------------------|
+| `enabled` | bool | false | Bật tìm kiếm SearXNG |
+| `base_url` | string | `http://localhost:8888` | URL phiên bản SearXNG |
+| `max_results` | int | 5 | Số kết quả tối đa |
+
+### GLM Search
+
+| Cấu hình | Kiểu | Mặc định | Mô tả |
+|------------------|--------|------------------------------------------------------|----------------------------|
+| `enabled` | bool | false | Bật GLM Search |
+| `api_key` | string | - | Khóa API GLM |
+| `base_url` | string | `https://open.bigmodel.cn/api/paas/v4/web_search` | URL API GLM Search |
+| `search_engine` | string | `search_std` | Loại công cụ tìm kiếm |
+| `max_results` | int | 5 | Số kết quả tối đa |
## Công cụ Exec
diff --git a/docs/zh/chat-apps.md b/docs/zh/chat-apps.md
index 2d6e55c3d..026acf404 100644
--- a/docs/zh/chat-apps.md
+++ b/docs/zh/chat-apps.md
@@ -15,7 +15,7 @@ PicoClaw 支持多种聊天平台,使您的 Agent 能够连接到任何地方
| **Telegram** | ⭐ 简单 | 推荐,支持语音转文字,长轮询无需公网 | [查看文档](../channels/telegram/README.zh.md) |
| **Discord** | ⭐ 简单 | Socket Mode,支持群组/私信,Bot 生态成熟 | [查看文档](../channels/discord/README.zh.md) |
| **WhatsApp** | ⭐ 简单 | 原生 (QR 扫码) 或 Bridge URL | [查看文档](#whatsapp) |
-| **Weixin** | ⭐ 简单 | 原生扫码登录 (腾讯 iLink API) | [查看文档](../channels/weixin/README.zh.md) |
+| **微信 (Weixin)** | ⭐ 简单 | 原生扫码(腾讯 iLink API) | [查看文档](#weixin) |
| **Slack** | ⭐ 简单 | **Socket Mode** (无需公网 IP),企业级支持 | [查看文档](../channels/slack/README.zh.md) |
| **Matrix** | ⭐⭐ 中等 | 联邦协议,支持自建 homeserver 与公开服务器 | [查看文档](../channels/matrix/README.zh.md) |
| **QQ** | ⭐⭐ 中等 | 官方机器人 API,适合国内社群 | [查看文档](../channels/qq/README.zh.md) |
@@ -23,13 +23,14 @@ PicoClaw 支持多种聊天平台,使您的 Agent 能够连接到任何地方
| **LINE** | ⭐⭐⭐ 较难 | 需要 HTTPS Webhook | [查看文档](../channels/line/README.zh.md) |
| **企业微信 (WeCom)** | ⭐⭐⭐ 较难 | 支持群机器人(Webhook)、自建应用(API)和智能机器人(AI Bot) | [Bot 文档](../channels/wecom/wecom_bot/README.zh.md) / [App 文档](../channels/wecom/wecom_app/README.zh.md) / [AI Bot 文档](../channels/wecom/wecom_aibot/README.zh.md) |
| **飞书 (Feishu)** | ⭐⭐⭐ 较难 | 企业级协作,功能丰富 | [查看文档](../channels/feishu/README.zh.md) |
-| **IRC** | ⭐⭐ 中等 | 服务器 + TLS 配置 | - |
+| **IRC** | ⭐⭐ 中等 | 服务器 + TLS 配置 | [查看文档](#irc) |
| **OneBot** | ⭐⭐ 中等 | 兼容 NapCat/Go-CQHTTP,社区生态丰富 | [查看文档](../channels/onebot/README.zh.md) |
| **MaixCam** | ⭐ 简单 | 专为 AI 摄像头设计的硬件集成通道 | [查看文档](../channels/maixcam/README.zh.md) |
| **Pico** | ⭐ 简单 | PicoClaw 原生协议通道 | |
---
+Telegram(推荐)
@@ -70,6 +71,7 @@ Telegram 侧保留的是命令菜单注册能力;通用命令的实际执行
+Discord
@@ -144,6 +146,7 @@ picoclaw gateway
+WhatsApp(原生 whatsmeow)
@@ -171,27 +174,30 @@ PicoClaw 支持两种 WhatsApp 连接方式:
+
-Weixin (微信个人号)
+微信 (Weixin)
-PicoClaw 支持使用腾讯官方 iLink API 连接您的个人微信账号。
+PicoClaw 通过腾讯 iLink 官方 API 支持连接微信个人号。
**1. 登录**
+
运行交互式扫码登录流程:
```bash
picoclaw onboard weixin
```
-在终端扫描打印出的二维码。登录成功后,Token 将自动保存到您的配置文件中。
+用微信手机端扫描打印出的二维码。登录成功后,token 会自动保存到配置文件。
**2. 配置**
-(可选)更新 `allow_from` 填写微信 User ID,以限制哪些用户可以给机器人发消息:
+
+(可选)在 `allow_from` 中填入你的微信用户 ID,限制可以与机器人对话的用户:
```json
{
"channels": {
"weixin": {
"enabled": true,
- "token": "你的_TOKEN",
- "allow_from": ["你的_USER_ID"]
+ "token": "YOUR_TOKEN",
+ "allow_from": ["YOUR_USER_ID"]
}
}
}
@@ -204,6 +210,7 @@ picoclaw gateway
+Matrix
@@ -238,6 +245,7 @@ picoclaw gateway
+QQ
@@ -279,6 +287,7 @@ QQ 开放平台提供了一键创建 OpenClaw 兼容机器人的页面:
+Slack
@@ -312,6 +321,7 @@ picoclaw gateway
+IRC
@@ -345,6 +355,7 @@ Bot 将连接到 IRC 服务器并加入指定的频道。
+钉钉 (DingTalk)
@@ -379,6 +390,7 @@ picoclaw gateway
+LINE
@@ -427,6 +439,7 @@ picoclaw gateway
+飞书 (Feishu)
@@ -468,6 +481,7 @@ picoclaw gateway
+企业微信 (WeCom)
@@ -582,6 +596,7 @@ picoclaw gateway
+OneBot(通过 OneBot 协议连接 QQ)
@@ -620,6 +635,7 @@ picoclaw gateway
+MaixCam
diff --git a/docs/zh/configuration.md b/docs/zh/configuration.md
index 68fb1fd1a..11aa4f176 100644
--- a/docs/zh/configuration.md
+++ b/docs/zh/configuration.md
@@ -256,3 +256,356 @@ Agent 将每隔 30 分钟(可配置)读取此文件,并使用可用工具
- `PICOCLAW_HEARTBEAT_ENABLED=false` 禁用
- `PICOCLAW_HEARTBEAT_INTERVAL=60` 更改间隔
+
+#### 子 Agent 通信流程
+
+```
+心跳触发
+ ↓
+Agent 读取 HEARTBEAT.md
+ ↓
+遇到耗时任务:spawn 子 Agent
+ ↓ ↓
+继续处理下一个任务 子 Agent 独立运行
+ ↓ ↓
+所有任务完成 子 Agent 使用 "message" 工具
+ ↓ ↓
+回复 HEARTBEAT_OK 用户直接收到结果
+```
+
+子 Agent 拥有工具访问权限(message、web_search 等),可以独立与用户通信,无需经过主 Agent。
+
+### Providers(模型提供商)
+
+> [!NOTE]
+> Groq 通过 Whisper 提供免费语音转录。配置后,任意渠道的语音消息都会在 Agent 层自动转录为文字。
+
+| 提供商 | 用途 | 获取 API Key |
+| ------------ | --------------------------------------- | ------------------------------------------------------------ |
+| `gemini` | LLM(Gemini 直连) | [aistudio.google.com](https://aistudio.google.com) |
+| `zhipu` | LLM(智谱直连) | [bigmodel.cn](https://bigmodel.cn) |
+| `volcengine` | LLM(火山引擎直连) | [volcengine.com](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) |
+| `openrouter` | LLM(推荐,可访问所有模型) | [openrouter.ai](https://openrouter.ai) |
+| `anthropic` | LLM(Claude 直连) | [console.anthropic.com](https://console.anthropic.com) |
+| `openai` | LLM(GPT 直连) | [platform.openai.com](https://platform.openai.com) |
+| `deepseek` | LLM(DeepSeek 直连) | [platform.deepseek.com](https://platform.deepseek.com) |
+| `qwen` | LLM(通义千问直连) | [dashscope.console.aliyun.com](https://dashscope.console.aliyun.com) |
+| `groq` | LLM + **语音转录**(Whisper) | [console.groq.com](https://console.groq.com) |
+| `cerebras` | LLM(Cerebras 直连) | [cerebras.ai](https://cerebras.ai) |
+| `vivgrid` | LLM(Vivgrid 直连) | [vivgrid.com](https://vivgrid.com) |
+
+### 模型配置 (model_list)
+
+> **新特性:** PicoClaw 现在采用**以模型为中心**的配置方式。只需指定 `vendor/model` 格式(例如 `zhipu/glm-4.7`)即可接入新提供商——**无需修改任何代码!**
+
+这一设计同时支持**多 Agent**场景,灵活选择提供商:
+
+- **不同 Agent 使用不同提供商**:每个 Agent 可以使用独立的 LLM 提供商
+- **模型降级**:配置主模型和备用模型,提升可用性
+- **负载均衡**:将请求分发到多个端点
+- **集中管理**:在一处管理所有提供商配置
+
+#### 所有支持的厂商
+
+| 厂商 | `model` 前缀 | 默认 API Base | 协议 | API Key |
+| ----------------------- | ----------------- | --------------------------------------------------- | --------- | ---------------------------------------------------------------- |
+| **OpenAI** | `openai/` | `https://api.openai.com/v1` | OpenAI | [获取](https://platform.openai.com) |
+| **Anthropic** | `anthropic/` | `https://api.anthropic.com/v1` | Anthropic | [获取](https://console.anthropic.com) |
+| **智谱 AI (GLM)** | `zhipu/` | `https://open.bigmodel.cn/api/paas/v4` | OpenAI | [获取](https://open.bigmodel.cn/usercenter/proj-mgmt/apikeys) |
+| **DeepSeek** | `deepseek/` | `https://api.deepseek.com/v1` | OpenAI | [获取](https://platform.deepseek.com) |
+| **Google Gemini** | `gemini/` | `https://generativelanguage.googleapis.com/v1beta` | OpenAI | [获取](https://aistudio.google.com/api-keys) |
+| **Groq** | `groq/` | `https://api.groq.com/openai/v1` | OpenAI | [获取](https://console.groq.com) |
+| **Moonshot** | `moonshot/` | `https://api.moonshot.cn/v1` | OpenAI | [获取](https://platform.moonshot.cn) |
+| **通义千问 (Qwen)** | `qwen/` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | OpenAI | [获取](https://dashscope.console.aliyun.com) |
+| **NVIDIA** | `nvidia/` | `https://integrate.api.nvidia.com/v1` | OpenAI | [获取](https://build.nvidia.com) |
+| **Ollama** | `ollama/` | `http://localhost:11434/v1` | OpenAI | 本地(无需 Key) |
+| **OpenRouter** | `openrouter/` | `https://openrouter.ai/api/v1` | OpenAI | [获取](https://openrouter.ai/keys) |
+| **LiteLLM Proxy** | `litellm/` | `http://localhost:4000/v1` | OpenAI | 你的 LiteLLM 代理 Key |
+| **VLLM** | `vllm/` | `http://localhost:8000/v1` | OpenAI | 本地 |
+| **Cerebras** | `cerebras/` | `https://api.cerebras.ai/v1` | OpenAI | [获取](https://cerebras.ai) |
+| **火山引擎 (豆包)** | `volcengine/` | `https://ark.cn-beijing.volces.com/api/v3` | OpenAI | [获取](https://www.volcengine.com/activity/codingplan?utm_campaign=PicoClaw&utm_content=PicoClaw&utm_medium=devrel&utm_source=OWO&utm_term=PicoClaw) |
+| **神算云** | `shengsuanyun/` | `https://router.shengsuanyun.com/api/v1` | OpenAI | — |
+| **BytePlus** | `byteplus/` | `https://ark.ap-southeast.bytepluses.com/api/v3` | OpenAI | [获取](https://www.byteplus.com) |
+| **Vivgrid** | `vivgrid/` | `https://api.vivgrid.com/v1` | OpenAI | [获取](https://vivgrid.com) |
+| **LongCat** | `longcat/` | `https://api.longcat.chat/openai` | OpenAI | [获取](https://longcat.chat/platform) |
+| **ModelScope (魔搭)** | `modelscope/` | `https://api-inference.modelscope.cn/v1` | OpenAI | [获取](https://modelscope.cn/my/tokens) |
+| **Antigravity** | `antigravity/` | Google Cloud | Custom | 仅 OAuth |
+| **GitHub Copilot** | `github-copilot/` | `localhost:4321` | gRPC | — |
+
+#### 基础配置
+
+```json
+{
+ "model_list": [
+ {
+ "model_name": "ark-code-latest",
+ "model": "volcengine/ark-code-latest",
+ "api_key": "sk-your-api-key"
+ },
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_key": "sk-your-openai-key"
+ },
+ {
+ "model_name": "claude-sonnet-4.6",
+ "model": "anthropic/claude-sonnet-4.6",
+ "api_key": "sk-ant-your-key"
+ },
+ {
+ "model_name": "glm-4.7",
+ "model": "zhipu/glm-4.7",
+ "api_key": "your-zhipu-key"
+ }
+ ],
+ "agents": {
+ "defaults": {
+ "model": "gpt-5.4"
+ }
+ }
+}
+```
+
+#### 各厂商配置示例
+
+
+OpenAI
+
+```json
+{
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_key": "sk-..."
+}
+```
+
+
+
+
+火山引擎(豆包)
+
+```json
+{
+ "model_name": "ark-code-latest",
+ "model": "volcengine/ark-code-latest",
+ "api_key": "sk-..."
+}
+```
+
+
+
+
+智谱 AI (GLM)
+
+```json
+{
+ "model_name": "glm-4.7",
+ "model": "zhipu/glm-4.7",
+ "api_key": "your-key"
+}
+```
+
+
+
+
+DeepSeek
+
+```json
+{
+ "model_name": "deepseek-chat",
+ "model": "deepseek/deepseek-chat",
+ "api_key": "sk-..."
+}
+```
+
+
+
+
+Anthropic
+
+```json
+{
+ "model_name": "claude-sonnet-4.6",
+ "model": "anthropic/claude-sonnet-4.6",
+ "api_key": "sk-ant-your-key"
+}
+```
+
+> 运行 `picoclaw auth login --provider anthropic` 粘贴 API Token。
+
+如需直连 Anthropic 原生接口(不兼容 OpenAI 格式的端点):
+
+```json
+{
+ "model_name": "claude-opus-4-6",
+ "model": "anthropic-messages/claude-opus-4-6",
+ "api_key": "sk-ant-your-key",
+ "api_base": "https://api.anthropic.com"
+}
+```
+
+> 当端点不支持 OpenAI 兼容格式(`/v1/chat/completions`),需要 Anthropic 原生 `/v1/messages` 时使用 `anthropic-messages`。
+
+
+
+
+Ollama(本地)
+
+```json
+{
+ "model_name": "llama3",
+ "model": "ollama/llama3"
+}
+```
+
+
+
+
+自定义代理 / LiteLLM
+
+```json
+{
+ "model_name": "my-custom-model",
+ "model": "openai/custom-model",
+ "api_base": "https://my-proxy.com/v1",
+ "api_key": "sk-..."
+}
+```
+
+PicoClaw 只剥离最外层的 `litellm/` 前缀再发送请求,因此 `litellm/lite-gpt4` 发送 `lite-gpt4`,而 `litellm/openai/gpt-4o` 发送 `openai/gpt-4o`。
+
+
+
+#### 负载均衡
+
+为同一模型名称配置多个端点,PicoClaw 会自动轮询:
+
+```json
+{
+ "model_list": [
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_base": "https://api1.example.com/v1",
+ "api_key": "sk-key1"
+ },
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_base": "https://api2.example.com/v1",
+ "api_key": "sk-key2"
+ }
+ ]
+}
+```
+
+#### 从旧版 `providers` 配置迁移
+
+旧版 `providers` 配置**已废弃**,但仍向后兼容。完整迁移指南见 [docs/migration/model-list-migration.md](../migration/model-list-migration.md)。
+
+### Provider 架构
+
+PicoClaw 按协议族路由提供商:
+
+- **OpenAI 兼容**:OpenRouter、Groq、智谱、vLLM 风格端点及大多数其他提供商。
+- **Anthropic**:Claude 原生 API 行为。
+- **Codex/OAuth**:OpenAI OAuth/Token 认证路由。
+
+这使运行时保持轻量,同时让接入新的 OpenAI 兼容后端基本只需配置 `api_base` + `api_key`。
+
+
+智谱(旧版 providers 格式)
+
+```json
+{
+ "agents": {
+ "defaults": {
+ "workspace": "~/.picoclaw/workspace",
+ "model": "glm-4.7",
+ "max_tokens": 8192,
+ "temperature": 0.7,
+ "max_tool_iterations": 20
+ }
+ },
+ "providers": {
+ "zhipu": {
+ "api_key": "Your API Key",
+ "api_base": "https://open.bigmodel.cn/api/paas/v4"
+ }
+ }
+}
+```
+
+
+
+
+完整配置示例
+
+```json
+{
+ "agents": {
+ "defaults": {
+ "model": "anthropic/claude-opus-4-5"
+ }
+ },
+ "session": {
+ "dm_scope": "per-channel-peer",
+ "backlog_limit": 20
+ },
+ "providers": {
+ "openrouter": {
+ "api_key": "sk-or-v1-xxx"
+ },
+ "groq": {
+ "api_key": "gsk_xxx"
+ }
+ },
+ "channels": {
+ "telegram": {
+ "enabled": true,
+ "token": "123456:ABC...",
+ "allow_from": ["123456789"]
+ }
+ },
+ "tools": {
+ "web": {
+ "duckduckgo": {
+ "enabled": true,
+ "max_results": 5
+ }
+ }
+ },
+ "heartbeat": {
+ "enabled": true,
+ "interval": 30
+ }
+}
+```
+
+
+
+### 定时任务 / 提醒
+
+PicoClaw 通过 `cron` 工具支持 cron 风格的定时任务。Agent 可以设置、列出和取消在指定时间触发的提醒或周期性任务。
+
+```json
+{
+ "tools": {
+ "cron": {
+ "enabled": true,
+ "exec_timeout_minutes": 5
+ }
+ }
+}
+```
+
+定时任务在重启后持久保存,存储于 `~/.picoclaw/workspace/cron/`。
+
+### 进阶主题
+
+| 主题 | 说明 |
+| ---- | ---- |
+| [Hook 系统](../hooks/README.zh.md) | 事件驱动 Hook:观察者、拦截器、审批 Hook |
+| [Steering](../steering.md) | 在工具调用间向运行中的 Agent 注入消息 |
+| [SubTurn](../subturn.md) | 子 Agent 协调、并发控制、生命周期管理 |
+| [上下文管理](../agent-refactor/context.md) | 上下文边界检测、主动预算检查、压缩策略 |
diff --git a/docs/zh/providers.md b/docs/zh/providers.md
index 9092e7dfe..e7b323ebf 100644
--- a/docs/zh/providers.md
+++ b/docs/zh/providers.md
@@ -5,7 +5,7 @@
### 提供商 (Providers)
> [!NOTE]
-> Groq 通过 Whisper 提供免费的语音转录。如果配置了 Groq,任意渠道的音频消息都将在 Agent 层面自动转录为文字。
+> 语音转录现在可以通过 `voice.model_name` 指定的多模态模型完成;如果未配置语音模型,Groq Whisper 仍可作为回退方案。
| 提供商 | 用途 | 获取 API Key |
| -------------------- | ---------------------------- | -------------------------------------------------------------------- |
@@ -99,6 +99,33 @@
}
```
+#### 语音转录
+
+你可以通过 `voice.model_name` 为语音转录指定一个专用模型。这样可以直接复用已经配置好的、支持音频输入的多模态 provider,而不必只依赖 Groq。
+
+如果没有配置 `voice.model_name`,且存在 Groq API Key,PicoClaw 会继续回退到 Groq 转录。
+
+```json
+{
+ "model_list": [
+ {
+ "model_name": "voice-gemini",
+ "model": "gemini/gemini-2.5-flash",
+ "api_key": "your-gemini-key"
+ }
+ ],
+ "voice": {
+ "model_name": "voice-gemini",
+ "echo_transcription": false
+ },
+ "providers": {
+ "groq": {
+ "api_key": "gsk_xxx"
+ }
+ }
+}
+```
+
#### 各厂商配置示例
**OpenAI**
@@ -342,6 +369,10 @@ picoclaw agent -m "你好"
"api_key": "gsk_xxx"
}
},
+ "voice": {
+ "model_name": "voice-gemini",
+ "echo_transcription": false
+ },
"channels": {
"telegram": {
"enabled": true,
diff --git a/docs/zh/tools_configuration.md b/docs/zh/tools_configuration.md
index f13448952..a3816a35a 100644
--- a/docs/zh/tools_configuration.md
+++ b/docs/zh/tools_configuration.md
@@ -41,30 +41,30 @@ Web 工具用于网页搜索和抓取。
| `fetch_limit_bytes` | int | 10485760 | 抓取网页负载的最大大小,单位为字节(默认 10MB)。 |
| `format` | string | "plaintext" | 抓取内容的输出格式。选项:`plaintext` 或 `markdown`(推荐)。 |
-### Brave
+### 百度搜索
-| 配置项 | 类型 | 默认值 | 描述 |
-|---------------|----------|--------|------------------------------------------------|
-| `enabled` | bool | false | 启用 Brave 搜索 |
-| `api_key` | string | - | Brave Search API 密钥 |
-| `api_keys` | string[] | - | 多个 API 密钥轮换(优先于 `api_key`) |
-| `max_results` | int | 5 | 最大结果数 |
+使用[千帆 AI 搜索 API](https://cloud.baidu.com/doc/qianfan-api/s/Wmbq4z7e5),国内访问稳定,中文搜索效果好。
-### DuckDuckGo
+| 配置项 | 类型 | 默认值 | 描述 |
+|---------------|--------|----------------------------------------------------------------|-----------------------|
+| `enabled` | bool | false | 启用百度搜索 |
+| `api_key` | string | - | 千帆 API 密钥 |
+| `base_url` | string | `https://qianfan.baidubce.com/v2/ai_search/web_search` | 百度搜索 API URL |
+| `max_results` | int | 10 | 最大结果数 |
-| 配置项 | 类型 | 默认值 | 描述 |
-|---------------|------|--------|-----------------------|
-| `enabled` | bool | true | 启用 DuckDuckGo 搜索 |
-| `max_results` | int | 5 | 最大结果数 |
-
-### Perplexity
-
-| 配置项 | 类型 | 默认值 | 描述 |
-|---------------|----------|--------|------------------------------------------------|
-| `enabled` | bool | false | 启用 Perplexity 搜索 |
-| `api_key` | string | - | Perplexity API 密钥 |
-| `api_keys` | string[] | - | 多个 API 密钥轮换(优先于 `api_key`) |
-| `max_results` | int | 5 | 最大结果数 |
+```json
+{
+ "tools": {
+ "web": {
+ "baidu_search": {
+ "enabled": true,
+ "api_key": "YOUR_BAIDU_QIANFAN_API_KEY",
+ "max_results": 10
+ }
+ }
+ }
+}
+```
### Tavily
@@ -75,14 +75,6 @@ Web 工具用于网页搜索和抓取。
| `base_url` | string | - | 自定义 Tavily API 基础 URL |
| `max_results` | int | 0 | 最大结果数(0 = 默认) |
-### SearXNG
-
-| 配置项 | 类型 | 默认值 | 描述 |
-|---------------|--------|--------------------------|-----------------------|
-| `enabled` | bool | false | 启用 SearXNG 搜索 |
-| `base_url` | string | `http://localhost:8888` | SearXNG 实例 URL |
-| `max_results` | int | 5 | 最大结果数 |
-
### GLM Search
| 配置项 | 类型 | 默认值 | 描述 |
@@ -93,6 +85,45 @@ Web 工具用于网页搜索和抓取。
| `search_engine` | string | `search_std` | 搜索引擎类型 |
| `max_results` | int | 5 | 最大结果数 |
+### DuckDuckGo
+
+> ⚠️ 国内访问困难,建议搭配代理使用。
+
+| 配置项 | 类型 | 默认值 | 描述 |
+|---------------|------|--------|-----------------------|
+| `enabled` | bool | true | 启用 DuckDuckGo 搜索 |
+| `max_results` | int | 5 | 最大结果数 |
+
+### Perplexity
+
+> ⚠️ 国内访问困难,建议搭配代理使用。
+
+| 配置项 | 类型 | 默认值 | 描述 |
+|---------------|----------|--------|------------------------------------------------|
+| `enabled` | bool | false | 启用 Perplexity 搜索 |
+| `api_key` | string | - | Perplexity API 密钥 |
+| `api_keys` | string[] | - | 多个 API 密钥轮换(优先于 `api_key`) |
+| `max_results` | int | 5 | 最大结果数 |
+
+### Brave
+
+> ⚠️ 国内访问困难,建议搭配代理使用。
+
+| 配置项 | 类型 | 默认值 | 描述 |
+|---------------|----------|--------|------------------------------------------------|
+| `enabled` | bool | false | 启用 Brave 搜索 |
+| `api_key` | string | - | Brave Search API 密钥 |
+| `api_keys` | string[] | - | 多个 API 密钥轮换(优先于 `api_key`) |
+| `max_results` | int | 5 | 最大结果数 |
+
+### SearXNG
+
+| 配置项 | 类型 | 默认值 | 描述 |
+|---------------|--------|--------------------------|-----------------------|
+| `enabled` | bool | false | 启用 SearXNG 搜索 |
+| `base_url` | string | `http://localhost:8888` | SearXNG 实例 URL |
+| `max_results` | int | 5 | 最大结果数 |
+
### 其他 Web 设置
| 配置项 | 类型 | 默认值 | 描述 |
diff --git a/go.mod b/go.mod
index cfc930d37..d283f7f5e 100644
--- a/go.mod
+++ b/go.mod
@@ -3,8 +3,8 @@ module github.com/sipeed/picoclaw
go 1.25.8
require (
- github.com/BurntSushi/toml v1.6.0
fyne.io/systray v1.12.0
+ github.com/BurntSushi/toml v1.6.0
github.com/adhocore/gronx v1.19.6
github.com/anthropics/anthropic-sdk-go v1.26.0
github.com/bwmarrin/discordgo v0.29.0
diff --git a/pkg/agent/context.go b/pkg/agent/context.go
index 8db8f0b5e..36ee5dce4 100644
--- a/pkg/agent/context.go
+++ b/pkg/agent/context.go
@@ -12,6 +12,7 @@ import (
"sync"
"time"
+ "github.com/sipeed/picoclaw/pkg"
"github.com/sipeed/picoclaw/pkg/config"
"github.com/sipeed/picoclaw/pkg/logger"
"github.com/sipeed/picoclaw/pkg/providers"
@@ -59,7 +60,7 @@ func getGlobalConfigDir() string {
if err != nil {
return ""
}
- return filepath.Join(home, ".picoclaw")
+ return filepath.Join(home, pkg.DefaultPicoClawHome)
}
func NewContextBuilder(workspace string) *ContextBuilder {
@@ -222,13 +223,10 @@ func (cb *ContextBuilder) InvalidateCache() {
// invalidation (bootstrap files + memory). Skill roots are handled separately
// because they require both directory-level and recursive file-level checks.
func (cb *ContextBuilder) sourcePaths() []string {
- return []string{
- filepath.Join(cb.workspace, "AGENTS.md"),
- filepath.Join(cb.workspace, "SOUL.md"),
- filepath.Join(cb.workspace, "USER.md"),
- filepath.Join(cb.workspace, "IDENTITY.md"),
- filepath.Join(cb.workspace, "memory", "MEMORY.md"),
- }
+ agentDefinition := cb.LoadAgentDefinition()
+ paths := agentDefinition.trackedPaths(cb.workspace)
+ paths = append(paths, filepath.Join(cb.workspace, "memory", "MEMORY.md"))
+ return uniquePaths(paths)
}
// skillRoots returns all skill root directories that can affect
@@ -432,18 +430,32 @@ func skillFilesChangedSince(skillRoots []string, filesAtCache map[string]time.Ti
}
func (cb *ContextBuilder) LoadBootstrapFiles() string {
- bootstrapFiles := []string{
- "AGENTS.md",
- "SOUL.md",
- "USER.md",
- "IDENTITY.md",
+ var sb strings.Builder
+
+ agentDefinition := cb.LoadAgentDefinition()
+ if agentDefinition.Agent != nil {
+ label := string(agentDefinition.Source)
+ if label == "" {
+ label = relativeWorkspacePath(cb.workspace, agentDefinition.Agent.Path)
+ }
+ fmt.Fprintf(&sb, "## %s\n\n%s\n\n", label, agentDefinition.Agent.Body)
+ }
+ if agentDefinition.Soul != nil {
+ fmt.Fprintf(
+ &sb,
+ "## %s\n\n%s\n\n",
+ relativeWorkspacePath(cb.workspace, agentDefinition.Soul.Path),
+ agentDefinition.Soul.Content,
+ )
+ }
+ if agentDefinition.User != nil {
+ fmt.Fprintf(&sb, "## %s\n\n%s\n\n", "USER.md", agentDefinition.User.Content)
}
- var sb strings.Builder
- for _, filename := range bootstrapFiles {
- filePath := filepath.Join(cb.workspace, filename)
+ if agentDefinition.Source != AgentDefinitionSourceAgent {
+ filePath := filepath.Join(cb.workspace, "IDENTITY.md")
if data, err := os.ReadFile(filePath); err == nil {
- fmt.Fprintf(&sb, "## %s\n\n%s\n\n", filename, data)
+ fmt.Fprintf(&sb, "## %s\n\n%s\n\n", "IDENTITY.md", data)
}
}
diff --git a/pkg/agent/context_budget.go b/pkg/agent/context_budget.go
new file mode 100644
index 000000000..c87695c7a
--- /dev/null
+++ b/pkg/agent/context_budget.go
@@ -0,0 +1,176 @@
+// PicoClaw - Ultra-lightweight personal AI agent
+// License: MIT
+//
+// Copyright (c) 2026 PicoClaw contributors
+
+package agent
+
+import (
+ "encoding/json"
+ "unicode/utf8"
+
+ "github.com/sipeed/picoclaw/pkg/providers"
+)
+
+// parseTurnBoundaries returns the starting index of each Turn in the history.
+// A Turn is a complete "user input → LLM iterations → final response" cycle
+// (as defined in #1316). Each Turn begins at a user message and extends
+// through all subsequent assistant/tool messages until the next user message.
+//
+// Cutting at a Turn boundary guarantees that no tool-call sequence
+// (assistant+ToolCalls → tool results) is split across the cut.
+func parseTurnBoundaries(history []providers.Message) []int {
+ var starts []int
+ for i, msg := range history {
+ if msg.Role == "user" {
+ starts = append(starts, i)
+ }
+ }
+ return starts
+}
+
+// isSafeBoundary reports whether index is a valid Turn boundary — i.e.,
+// a position where the kept portion (history[index:]) begins at a user
+// message, so no tool-call sequence is torn apart.
+func isSafeBoundary(history []providers.Message, index int) bool {
+ if index <= 0 || index >= len(history) {
+ return true
+ }
+ return history[index].Role == "user"
+}
+
+// findSafeBoundary locates the nearest Turn boundary to targetIndex.
+// It prefers the boundary at or before targetIndex (preserving more recent
+// context). Falls back to the nearest boundary after targetIndex, and
+// returns targetIndex unchanged only when no Turn boundary exists at all.
+func findSafeBoundary(history []providers.Message, targetIndex int) int {
+ if len(history) == 0 {
+ return 0
+ }
+ if targetIndex <= 0 {
+ return 0
+ }
+ if targetIndex >= len(history) {
+ return len(history)
+ }
+
+ turns := parseTurnBoundaries(history)
+ if len(turns) == 0 {
+ return targetIndex
+ }
+
+ // Find the last Turn boundary at or before targetIndex.
+ // Prefer backward: keeps more recent messages.
+ backward := -1
+ for _, t := range turns {
+ if t <= targetIndex {
+ backward = t
+ }
+ }
+ if backward > 0 {
+ return backward
+ }
+
+ // No valid Turn boundary before target (or only at index 0 which
+ // would keep everything). Use the first Turn after targetIndex.
+ for _, t := range turns {
+ if t > targetIndex {
+ return t
+ }
+ }
+
+ // No Turn boundary after targetIndex either. The only boundary is at
+ // index 0, meaning the entire history is a single Turn. Return 0 to
+ // signal that safe compression is not possible — callers check for
+ // mid <= 0 and skip compression in that case.
+ return 0
+}
+
+// estimateMessageTokens estimates the token count for a single message,
+// including Content, ReasoningContent, ToolCalls arguments, ToolCallID
+// metadata, and Media items. Uses a heuristic of 2.5 characters per token.
+func estimateMessageTokens(msg providers.Message) int {
+ chars := utf8.RuneCountInString(msg.Content)
+
+ // ReasoningContent (extended thinking / chain-of-thought) can be
+ // substantial and is stored in session history via AddFullMessage.
+ if msg.ReasoningContent != "" {
+ chars += utf8.RuneCountInString(msg.ReasoningContent)
+ }
+
+ for _, tc := range msg.ToolCalls {
+ chars += len(tc.ID) + len(tc.Type)
+ if tc.Function != nil {
+ // Count function name + arguments (the wire format for most providers).
+ // tc.Name mirrors tc.Function.Name — count only once to avoid double-counting.
+ chars += len(tc.Function.Name) + len(tc.Function.Arguments)
+ } else {
+ // Fallback: some provider formats use top-level Name without Function.
+ chars += len(tc.Name)
+ }
+ }
+
+ if msg.ToolCallID != "" {
+ chars += len(msg.ToolCallID)
+ }
+
+ // Per-message overhead for role label, JSON structure, separators.
+ const messageOverhead = 12
+ chars += messageOverhead
+
+ tokens := chars * 2 / 5
+
+ // Media items (images, files) are serialized by provider adapters into
+ // multipart or image_url payloads. Add a fixed per-item token estimate
+ // directly (not through the chars heuristic) since actual cost depends
+ // on resolution and provider-specific image tokenization.
+ const mediaTokensPerItem = 256
+ tokens += len(msg.Media) * mediaTokensPerItem
+
+ return tokens
+}
+
+// estimateToolDefsTokens estimates the total token cost of tool definitions
+// as they appear in the LLM request. Each tool's name, description, and
+// JSON schema parameters contribute to the context window budget.
+func estimateToolDefsTokens(defs []providers.ToolDefinition) int {
+ if len(defs) == 0 {
+ return 0
+ }
+
+ totalChars := 0
+ for _, d := range defs {
+ totalChars += len(d.Function.Name) + len(d.Function.Description)
+
+ if d.Function.Parameters != nil {
+ if paramJSON, err := json.Marshal(d.Function.Parameters); err == nil {
+ totalChars += len(paramJSON)
+ }
+ }
+
+ // Per-tool overhead: type field, JSON structure, separators.
+ totalChars += 20
+ }
+
+ return totalChars * 2 / 5
+}
+
+// isOverContextBudget checks whether the assembled messages plus tool definitions
+// and output reserve would exceed the model's context window. This enables
+// proactive compression before calling the LLM, rather than reacting to 400 errors.
+func isOverContextBudget(
+ contextWindow int,
+ messages []providers.Message,
+ toolDefs []providers.ToolDefinition,
+ maxTokens int,
+) bool {
+ msgTokens := 0
+ for _, m := range messages {
+ msgTokens += estimateMessageTokens(m)
+ }
+
+ toolTokens := estimateToolDefsTokens(toolDefs)
+ total := msgTokens + toolTokens + maxTokens
+
+ return total > contextWindow
+}
diff --git a/pkg/agent/context_budget_test.go b/pkg/agent/context_budget_test.go
new file mode 100644
index 000000000..870f0fbe6
--- /dev/null
+++ b/pkg/agent/context_budget_test.go
@@ -0,0 +1,826 @@
+package agent
+
+import (
+ "fmt"
+ "strings"
+ "testing"
+
+ "github.com/sipeed/picoclaw/pkg/providers"
+)
+
+// msgUser creates a user message.
+func msgUser(content string) providers.Message {
+ return providers.Message{Role: "user", Content: content}
+}
+
+// msgAssistant creates a plain assistant message (no tool calls).
+func msgAssistant(content string) providers.Message {
+ return providers.Message{Role: "assistant", Content: content}
+}
+
+// msgAssistantTC creates an assistant message with tool calls.
+func msgAssistantTC(toolIDs ...string) providers.Message {
+ tcs := make([]providers.ToolCall, len(toolIDs))
+ for i, id := range toolIDs {
+ tcs[i] = providers.ToolCall{
+ ID: id,
+ Type: "function",
+ Name: "tool_" + id,
+ Function: &providers.FunctionCall{
+ Name: "tool_" + id,
+ Arguments: `{"key":"value"}`,
+ },
+ }
+ }
+ return providers.Message{Role: "assistant", ToolCalls: tcs}
+}
+
+// msgTool creates a tool result message.
+func msgTool(callID, content string) providers.Message {
+ return providers.Message{Role: "tool", ToolCallID: callID, Content: content}
+}
+
+func TestParseTurnBoundaries(t *testing.T) {
+ tests := []struct {
+ name string
+ history []providers.Message
+ want []int
+ }{
+ {
+ name: "empty history",
+ history: nil,
+ want: nil,
+ },
+ {
+ name: "simple exchange",
+ history: []providers.Message{
+ msgUser("q1"),
+ msgAssistant("a1"),
+ msgUser("q2"),
+ msgAssistant("a2"),
+ },
+ want: []int{0, 2},
+ },
+ {
+ name: "tool-call Turn",
+ history: []providers.Message{
+ msgUser("search"),
+ msgAssistantTC("tc1"),
+ msgTool("tc1", "result"),
+ msgAssistant("found it"),
+ msgUser("thanks"),
+ msgAssistant("welcome"),
+ },
+ want: []int{0, 4},
+ },
+ {
+ name: "chained tool calls in single Turn",
+ history: []providers.Message{
+ msgUser("save and notify"),
+ msgAssistantTC("tc_save"),
+ msgTool("tc_save", "saved"),
+ msgAssistantTC("tc_notify"),
+ msgTool("tc_notify", "notified"),
+ msgAssistant("done"),
+ },
+ want: []int{0},
+ },
+ {
+ name: "no user messages",
+ history: []providers.Message{
+ msgAssistant("a1"),
+ msgAssistant("a2"),
+ },
+ want: nil,
+ },
+ {
+ name: "leading non-user messages",
+ history: []providers.Message{
+ msgAssistantTC("tc1"),
+ msgTool("tc1", "r1"),
+ msgAssistant("greeting"),
+ msgUser("hello"),
+ msgAssistant("hi"),
+ },
+ want: []int{3},
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ got := parseTurnBoundaries(tt.history)
+ if len(got) != len(tt.want) {
+ t.Errorf("parseTurnBoundaries() = %v, want %v", got, tt.want)
+ return
+ }
+ for i := range got {
+ if got[i] != tt.want[i] {
+ t.Errorf("parseTurnBoundaries()[%d] = %d, want %d", i, got[i], tt.want[i])
+ }
+ }
+ })
+ }
+}
+
+func TestIsSafeBoundary(t *testing.T) {
+ tests := []struct {
+ name string
+ history []providers.Message
+ index int
+ want bool
+ }{
+ {
+ name: "empty history, index 0",
+ history: nil,
+ index: 0,
+ want: true,
+ },
+ {
+ name: "single user message, index 0",
+ history: []providers.Message{msgUser("hi")},
+ index: 0,
+ want: true,
+ },
+ {
+ name: "single user message, index 1 (end)",
+ history: []providers.Message{msgUser("hi")},
+ index: 1,
+ want: true,
+ },
+ {
+ name: "at user message",
+ history: []providers.Message{
+ msgAssistant("hello"),
+ msgUser("how are you"),
+ msgAssistant("fine"),
+ },
+ index: 1,
+ want: true,
+ },
+ {
+ name: "at assistant without tool calls",
+ history: []providers.Message{
+ msgUser("hello"),
+ msgAssistant("response"),
+ msgUser("follow up"),
+ },
+ index: 1,
+ want: false,
+ },
+ {
+ name: "at assistant with tool calls",
+ history: []providers.Message{
+ msgUser("search something"),
+ msgAssistantTC("tc1"),
+ msgTool("tc1", "result"),
+ msgAssistant("here is what I found"),
+ },
+ index: 1,
+ want: false,
+ },
+ {
+ name: "at tool result",
+ history: []providers.Message{
+ msgUser("do something"),
+ msgAssistantTC("tc1"),
+ msgTool("tc1", "done"),
+ msgAssistant("completed"),
+ },
+ index: 2,
+ want: false,
+ },
+ {
+ name: "negative index",
+ history: []providers.Message{
+ msgUser("hello"),
+ },
+ index: -1,
+ want: true,
+ },
+ {
+ name: "index beyond length",
+ history: []providers.Message{
+ msgUser("hello"),
+ },
+ index: 5,
+ want: true,
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ got := isSafeBoundary(tt.history, tt.index)
+ if got != tt.want {
+ t.Errorf("isSafeBoundary(history, %d) = %v, want %v", tt.index, got, tt.want)
+ }
+ })
+ }
+}
+
+func TestFindSafeBoundary(t *testing.T) {
+ tests := []struct {
+ name string
+ history []providers.Message
+ targetIndex int
+ want int
+ }{
+ {
+ name: "empty history",
+ history: nil,
+ targetIndex: 0,
+ want: 0,
+ },
+ {
+ name: "target at 0",
+ history: []providers.Message{msgUser("hi")},
+ targetIndex: 0,
+ want: 0,
+ },
+ {
+ name: "target beyond length",
+ history: []providers.Message{msgUser("hi")},
+ targetIndex: 5,
+ want: 1,
+ },
+ {
+ name: "target already at user message",
+ history: []providers.Message{
+ msgUser("q1"),
+ msgAssistant("a1"),
+ msgUser("q2"),
+ msgAssistant("a2"),
+ },
+ targetIndex: 2,
+ want: 2,
+ },
+ {
+ name: "target at assistant, scan backward finds user",
+ history: []providers.Message{
+ msgUser("q1"),
+ msgAssistant("a1"),
+ msgUser("q2"),
+ msgAssistant("a2"),
+ msgUser("q3"),
+ },
+ targetIndex: 3, // assistant "a2"
+ want: 2, // backward to user "q2"
+ },
+ {
+ name: "target inside tool sequence, scan backward finds user",
+ history: []providers.Message{
+ msgUser("q1"),
+ msgAssistant("a1"),
+ msgUser("q2"),
+ msgAssistantTC("tc1", "tc2"),
+ msgTool("tc1", "r1"),
+ msgTool("tc2", "r2"),
+ msgAssistant("summary"),
+ msgUser("q3"),
+ },
+ targetIndex: 4, // tool result "r1"
+ want: 2, // backward: 3=assistant+TC (not safe), 2=user → safe
+ },
+ {
+ name: "target inside tool sequence, backward finds user before chain",
+ history: []providers.Message{
+ msgUser("q1"),
+ msgAssistant("a1"),
+ msgUser("q2"),
+ msgAssistantTC("tc1", "tc2"),
+ msgTool("tc1", "r1"),
+ msgTool("tc2", "r2"),
+ msgAssistant("summary"),
+ msgUser("q3"),
+ },
+ targetIndex: 5, // tool result "r2"
+ want: 2, // backward: 4=tool, 3=assistant+TC, 2=user → safe
+ },
+ {
+ name: "no backward user, scan forward finds one",
+ history: []providers.Message{
+ msgAssistantTC("tc1"),
+ msgTool("tc1", "r1"),
+ msgAssistant("a1"),
+ msgUser("q1"),
+ },
+ targetIndex: 1, // tool result
+ want: 3, // forward to user "q1"
+ },
+ {
+ name: "multi-step tool chain preserves atomicity",
+ history: []providers.Message{
+ msgUser("q1"),
+ msgAssistant("a1"),
+ msgUser("q2"),
+ msgAssistantTC("tc1"),
+ msgTool("tc1", "r1"),
+ msgAssistantTC("tc2"),
+ msgTool("tc2", "r2"),
+ msgAssistant("final"),
+ msgUser("q3"),
+ msgAssistant("a3"),
+ },
+ targetIndex: 5, // second assistant+TC
+ want: 2, // backward: 4=tool, 3=assistant+TC, 2=user → safe
+ },
+ {
+ name: "all non-user messages returns target unchanged",
+ history: []providers.Message{
+ msgAssistant("a1"),
+ msgAssistant("a2"),
+ msgAssistant("a3"),
+ },
+ targetIndex: 1,
+ want: 1,
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ got := findSafeBoundary(tt.history, tt.targetIndex)
+ if got != tt.want {
+ t.Errorf("findSafeBoundary(history, %d) = %d, want %d",
+ tt.targetIndex, got, tt.want)
+ }
+ })
+ }
+}
+
+func TestFindSafeBoundary_SingleTurnReturnsZero(t *testing.T) {
+ // A single Turn with no subsequent user message. The only Turn boundary
+ // is at index 0; cutting anywhere else would split the Turn's tool
+ // sequence. findSafeBoundary must return 0 so callers skip compression.
+ history := []providers.Message{
+ msgUser("do everything"), // 0 ← only Turn boundary
+ msgAssistantTC("tc1"), // 1
+ msgTool("tc1", "result"), // 2
+ msgAssistant("all done"), // 3
+ }
+
+ got := findSafeBoundary(history, 2)
+ if got != 0 {
+ t.Errorf("findSafeBoundary(single_turn, 2) = %d, want 0 (cannot split single Turn)", got)
+ }
+}
+
+func TestFindSafeBoundary_BackwardScanSkipsToolSequence(t *testing.T) {
+ // A long tool-call chain: user → assistant+TC → tool → tool → ... → assistant → user
+ // Target is inside the chain; boundary should skip the entire chain backward.
+ history := []providers.Message{
+ msgUser("start"), // 0
+ msgAssistant("before chain"), // 1
+ msgUser("trigger"), // 2 ← expected safe boundary
+ msgAssistantTC("t1", "t2", "t3"), // 3
+ msgTool("t1", "r1"), // 4
+ msgTool("t2", "r2"), // 5
+ msgTool("t3", "r3"), // 6
+ msgAssistantTC("t4"), // 7
+ msgTool("t4", "r4"), // 8
+ msgAssistant("chain done"), // 9
+ msgUser("next"), // 10
+ }
+
+ // Target at index 6 (middle of tool results)
+ got := findSafeBoundary(history, 6)
+ if got != 2 {
+ t.Errorf("findSafeBoundary(history, 6) = %d, want 2 (user before chain)", got)
+ }
+}
+
+func TestEstimateMessageTokens(t *testing.T) {
+ tests := []struct {
+ name string
+ msg providers.Message
+ want int // minimum expected tokens (exact value depends on overhead)
+ }{
+ {
+ name: "plain user message",
+ msg: msgUser("Hello, world!"),
+ want: 1, // at least some tokens
+ },
+ {
+ name: "empty message still has overhead",
+ msg: providers.Message{Role: "user"},
+ want: 1, // message overhead alone
+ },
+ {
+ name: "assistant with tool calls",
+ msg: msgAssistantTC("tc_123"),
+ want: 1,
+ },
+ {
+ name: "tool result with ID",
+ msg: msgTool("call_abc", "Here is the search result with lots of content"),
+ want: 1,
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ got := estimateMessageTokens(tt.msg)
+ if got < tt.want {
+ t.Errorf("estimateMessageTokens() = %d, want >= %d", got, tt.want)
+ }
+ })
+ }
+}
+
+func TestEstimateMessageTokens_ToolCallsContribute(t *testing.T) {
+ plain := msgAssistant("thinking")
+ withTC := providers.Message{
+ Role: "assistant",
+ Content: "thinking",
+ ToolCalls: []providers.ToolCall{
+ {
+ ID: "call_1",
+ Type: "function",
+ Name: "web_search",
+ Function: &providers.FunctionCall{
+ Name: "web_search",
+ Arguments: `{"query":"picoclaw agent framework","max_results":5}`,
+ },
+ },
+ },
+ }
+
+ plainTokens := estimateMessageTokens(plain)
+ withTCTokens := estimateMessageTokens(withTC)
+
+ if withTCTokens <= plainTokens {
+ t.Errorf("message with ToolCalls (%d tokens) should exceed plain message (%d tokens)",
+ withTCTokens, plainTokens)
+ }
+}
+
+func TestEstimateMessageTokens_MultibyteContent(t *testing.T) {
+ // Multi-byte characters (e.g. emoji, accented letters) are single runes
+ // but may map to different token counts. The heuristic should still produce
+ // reasonable estimates via RuneCountInString.
+ msg := msgUser("caf\u00e9 na\u00efve r\u00e9sum\u00e9 \u00fcber stra\u00dfe")
+ tokens := estimateMessageTokens(msg)
+ if tokens <= 0 {
+ t.Errorf("multibyte message should produce positive token count, got %d", tokens)
+ }
+}
+
+func TestEstimateMessageTokens_LargeArguments(t *testing.T) {
+ // Simulate a tool call with large JSON arguments.
+ largeArgs := fmt.Sprintf(`{"content":"%s"}`, strings.Repeat("x", 5000))
+ msg := providers.Message{
+ Role: "assistant",
+ ToolCalls: []providers.ToolCall{
+ {
+ ID: "call_large",
+ Type: "function",
+ Name: "write_file",
+ Function: &providers.FunctionCall{
+ Name: "write_file",
+ Arguments: largeArgs,
+ },
+ },
+ },
+ }
+
+ tokens := estimateMessageTokens(msg)
+ // 5000+ chars → at least 2000 tokens with the 2.5 char/token heuristic
+ if tokens < 2000 {
+ t.Errorf("large tool call arguments should produce significant token count, got %d", tokens)
+ }
+}
+
+func TestEstimateMessageTokens_ReasoningContent(t *testing.T) {
+ plain := msgAssistant("result")
+ withReasoning := providers.Message{
+ Role: "assistant",
+ Content: "result",
+ ReasoningContent: strings.Repeat("thinking step ", 200),
+ }
+
+ plainTokens := estimateMessageTokens(plain)
+ reasoningTokens := estimateMessageTokens(withReasoning)
+
+ if reasoningTokens <= plainTokens {
+ t.Errorf("message with ReasoningContent (%d tokens) should exceed plain message (%d tokens)",
+ reasoningTokens, plainTokens)
+ }
+}
+
+func TestEstimateMessageTokens_MediaItems(t *testing.T) {
+ plain := msgUser("describe this")
+ withMedia := providers.Message{
+ Role: "user",
+ Content: "describe this",
+ Media: []string{"media://img1.png", "media://img2.png"},
+ }
+
+ plainTokens := estimateMessageTokens(plain)
+ mediaTokens := estimateMessageTokens(withMedia)
+
+ if mediaTokens <= plainTokens {
+ t.Errorf("message with Media (%d tokens) should exceed plain message (%d tokens)",
+ mediaTokens, plainTokens)
+ }
+
+ // Each media item should add exactly 256 tokens (not run through chars*2/5).
+ expectedDelta := 256 * 2
+ actualDelta := mediaTokens - plainTokens
+ if actualDelta != expectedDelta {
+ t.Errorf("2 media items should add %d tokens, got delta %d", expectedDelta, actualDelta)
+ }
+}
+
+// --- estimateToolDefsTokens tests ---
+
+func TestEstimateToolDefsTokens(t *testing.T) {
+ tests := []struct {
+ name string
+ defs []providers.ToolDefinition
+ want int // minimum expected tokens
+ }{
+ {
+ name: "empty tool list",
+ defs: nil,
+ want: 0,
+ },
+ {
+ name: "single tool with params",
+ defs: []providers.ToolDefinition{
+ {
+ Type: "function",
+ Function: providers.ToolFunctionDefinition{
+ Name: "web_search",
+ Description: "Search the web for information",
+ Parameters: map[string]any{
+ "type": "object",
+ "properties": map[string]any{
+ "query": map[string]any{"type": "string"},
+ },
+ "required": []any{"query"},
+ },
+ },
+ },
+ },
+ want: 1,
+ },
+ {
+ name: "tool without params",
+ defs: []providers.ToolDefinition{
+ {
+ Type: "function",
+ Function: providers.ToolFunctionDefinition{
+ Name: "list_dir",
+ Description: "List directory contents",
+ },
+ },
+ },
+ want: 1,
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ got := estimateToolDefsTokens(tt.defs)
+ if got < tt.want {
+ t.Errorf("estimateToolDefsTokens() = %d, want >= %d", got, tt.want)
+ }
+ })
+ }
+}
+
+func TestEstimateToolDefsTokens_ScalesWithCount(t *testing.T) {
+ makeTool := func(name string) providers.ToolDefinition {
+ return providers.ToolDefinition{
+ Type: "function",
+ Function: providers.ToolFunctionDefinition{
+ Name: name,
+ Description: "A test tool that does something useful",
+ Parameters: map[string]any{
+ "type": "object",
+ "properties": map[string]any{
+ "input": map[string]any{"type": "string", "description": "Input value"},
+ },
+ },
+ },
+ }
+ }
+
+ one := estimateToolDefsTokens([]providers.ToolDefinition{makeTool("tool_a")})
+ three := estimateToolDefsTokens([]providers.ToolDefinition{
+ makeTool("tool_a"), makeTool("tool_b"), makeTool("tool_c"),
+ })
+
+ if three <= one {
+ t.Errorf("3 tools (%d tokens) should exceed 1 tool (%d tokens)", three, one)
+ }
+}
+
+// --- isOverContextBudget tests ---
+
+func TestIsOverContextBudget(t *testing.T) {
+ systemMsg := providers.Message{Role: "system", Content: strings.Repeat("x", 1000)}
+ userMsg := msgUser("hello")
+ smallHistory := []providers.Message{systemMsg, msgUser("q1"), msgAssistant("a1"), userMsg}
+
+ tools := []providers.ToolDefinition{
+ {
+ Type: "function",
+ Function: providers.ToolFunctionDefinition{
+ Name: "test_tool",
+ Description: "A test tool",
+ Parameters: map[string]any{"type": "object"},
+ },
+ },
+ }
+
+ tests := []struct {
+ name string
+ contextWindow int
+ messages []providers.Message
+ toolDefs []providers.ToolDefinition
+ maxTokens int
+ want bool
+ }{
+ {
+ name: "within budget",
+ contextWindow: 100000,
+ messages: smallHistory,
+ toolDefs: tools,
+ maxTokens: 4096,
+ want: false,
+ },
+ {
+ name: "over budget with small window",
+ contextWindow: 100, // very small window
+ messages: smallHistory,
+ toolDefs: tools,
+ maxTokens: 4096,
+ want: true,
+ },
+ {
+ name: "large max_tokens eats budget",
+ contextWindow: 2000,
+ messages: smallHistory,
+ toolDefs: tools,
+ maxTokens: 1800, // leaves almost no room
+ want: true,
+ },
+ {
+ name: "empty messages within budget",
+ contextWindow: 10000,
+ messages: nil,
+ toolDefs: nil,
+ maxTokens: 4096,
+ want: false,
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ got := isOverContextBudget(tt.contextWindow, tt.messages, tt.toolDefs, tt.maxTokens)
+ if got != tt.want {
+ t.Errorf("isOverContextBudget() = %v, want %v", got, tt.want)
+ }
+ })
+ }
+}
+
+// --- Tests reflecting actual session data shape ---
+// Session history never contains system messages. The system prompt is
+// built dynamically by BuildMessages. These tests use realistic history
+// shapes: user/assistant/tool only, with tool chains and reasoning content.
+
+func TestFindSafeBoundary_SessionHistoryNoSystem(t *testing.T) {
+ // Real session history starts with a user message, not a system message.
+ history := []providers.Message{
+ msgUser("hello"), // 0
+ msgAssistant("hi there"), // 1
+ msgUser("search for X"), // 2
+ msgAssistantTC("tc1"), // 3
+ msgTool("tc1", "found X"), // 4
+ msgAssistant("here is X"), // 5
+ msgUser("thanks"), // 6
+ msgAssistant("you're welcome"), // 7
+ }
+
+ // Mid-point is 4 (tool result). Should snap backward to 2 (user).
+ got := findSafeBoundary(history, 4)
+ if got != 2 {
+ t.Errorf("findSafeBoundary(session_history, 4) = %d, want 2", got)
+ }
+}
+
+func TestFindSafeBoundary_SessionWithChainedTools(t *testing.T) {
+ // Session with chained tool calls (save then notify).
+ history := []providers.Message{
+ msgUser("save and notify"), // 0
+ msgAssistantTC("tc_save"), // 1
+ msgTool("tc_save", "saved"), // 2
+ msgAssistantTC("tc_notify"), // 3
+ msgTool("tc_notify", "notified"), // 4
+ msgAssistant("done"), // 5
+ msgUser("check status"), // 6
+ msgAssistant("all good"), // 7
+ }
+
+ // Target at 3 (inside chain). Should find user at 0, but backward
+ // scan stops at i>0, so forward scan finds user at 6.
+ // Actually: backward from 3: 2=tool (no), 1=assistantTC (no). Forward: 4=tool, 5=asst, 6=user ✓
+ got := findSafeBoundary(history, 3)
+ if got != 6 {
+ t.Errorf("findSafeBoundary(chained_tools, 3) = %d, want 6", got)
+ }
+}
+
+func TestEstimateMessageTokens_WithReasoningAndMedia(t *testing.T) {
+ // Message with all fields populated — mirrors what AddFullMessage stores.
+ msg := providers.Message{
+ Role: "assistant",
+ Content: "Here is the analysis.",
+ ReasoningContent: strings.Repeat("Let me think about this carefully. ", 50),
+ ToolCalls: []providers.ToolCall{
+ {
+ ID: "call_1",
+ Type: "function",
+ Name: "analyze",
+ Function: &providers.FunctionCall{
+ Name: "analyze",
+ Arguments: `{"data":"sample","depth":3}`,
+ },
+ },
+ },
+ }
+
+ tokens := estimateMessageTokens(msg)
+
+ // ReasoningContent alone is ~1700 chars → ~680 tokens.
+ // Content + TC + overhead adds more. Should be well above 500.
+ if tokens < 500 {
+ t.Errorf("message with reasoning+toolcalls should have significant tokens, got %d", tokens)
+ }
+
+ // Compare without reasoning to ensure it's counted.
+ msgNoReasoning := msg
+ msgNoReasoning.ReasoningContent = ""
+ tokensNoReasoning := estimateMessageTokens(msgNoReasoning)
+
+ if tokens <= tokensNoReasoning {
+ t.Errorf("reasoning content should add tokens: with=%d, without=%d", tokens, tokensNoReasoning)
+ }
+}
+
+func TestIsOverContextBudget_RealisticSession(t *testing.T) {
+ // Simulate what BuildMessages produces: system + session history + current user.
+ // System message is built by BuildMessages, not stored in session.
+ systemMsg := providers.Message{
+ Role: "system",
+ Content: strings.Repeat("system prompt content ", 100),
+ }
+ sessionHistory := []providers.Message{
+ msgUser("first question"),
+ msgAssistant("first answer"),
+ msgUser("use tool X"),
+ {
+ Role: "assistant",
+ Content: "I'll use tool X",
+ ToolCalls: []providers.ToolCall{
+ {
+ ID: "tc1", Type: "function", Name: "tool_x",
+ Function: &providers.FunctionCall{
+ Name: "tool_x",
+ Arguments: `{"query":"test","verbose":true}`,
+ },
+ },
+ },
+ },
+ {Role: "tool", Content: strings.Repeat("result data ", 200), ToolCallID: "tc1"},
+ msgAssistant("Here are the results from tool X."),
+ }
+ currentUser := msgUser("follow up question")
+
+ // Assemble as BuildMessages would.
+ messages := make([]providers.Message, 0, 1+len(sessionHistory)+1)
+ messages = append(messages, systemMsg)
+ messages = append(messages, sessionHistory...)
+ messages = append(messages, currentUser)
+
+ tools := []providers.ToolDefinition{
+ {
+ Type: "function",
+ Function: providers.ToolFunctionDefinition{
+ Name: "tool_x",
+ Description: "A useful tool",
+ Parameters: map[string]any{"type": "object"},
+ },
+ },
+ }
+
+ // With a large context window, should be within budget.
+ if isOverContextBudget(131072, messages, tools, 32768) {
+ t.Error("realistic session should be within 131072 context window")
+ }
+
+ // With a tiny context window, should exceed budget.
+ if !isOverContextBudget(500, messages, tools, 32768) {
+ t.Error("realistic session should exceed 500 context window")
+ }
+}
diff --git a/pkg/agent/context_cache_test.go b/pkg/agent/context_cache_test.go
index c26976c3c..81a1534b9 100644
--- a/pkg/agent/context_cache_test.go
+++ b/pkg/agent/context_cache_test.go
@@ -37,7 +37,7 @@ func setupWorkspace(t *testing.T, files map[string]string) string {
// Codex (only reads last system message as instructions).
func TestSingleSystemMessage(t *testing.T) {
tmpDir := setupWorkspace(t, map[string]string{
- "IDENTITY.md": "# Identity\nTest agent.",
+ "AGENT.md": "# Agent\nTest agent.",
})
defer os.RemoveAll(tmpDir)
@@ -202,10 +202,10 @@ func TestMtimeAutoInvalidation(t *testing.T) {
}{
{
name: "bootstrap file change",
- file: "IDENTITY.md",
- contentV1: "# Original Identity",
- contentV2: "# Updated Identity",
- checkField: "Updated Identity",
+ file: "AGENT.md",
+ contentV1: "# Original Agent",
+ contentV2: "# Updated Agent",
+ checkField: "Updated Agent",
},
{
name: "memory file change",
@@ -280,7 +280,7 @@ func TestMtimeAutoInvalidation(t *testing.T) {
// even when source files haven't changed (useful for tests and reload commands).
func TestExplicitInvalidateCache(t *testing.T) {
tmpDir := setupWorkspace(t, map[string]string{
- "IDENTITY.md": "# Test Identity",
+ "AGENT.md": "# Test Agent",
})
defer os.RemoveAll(tmpDir)
@@ -307,8 +307,8 @@ func TestExplicitInvalidateCache(t *testing.T) {
// when no files change (regression test for issue #607).
func TestCacheStability(t *testing.T) {
tmpDir := setupWorkspace(t, map[string]string{
- "IDENTITY.md": "# Identity\nContent",
- "SOUL.md": "# Soul\nContent",
+ "AGENT.md": "# Agent\nContent",
+ "SOUL.md": "# Soul\nContent",
})
defer os.RemoveAll(tmpDir)
@@ -607,7 +607,7 @@ description: delete-me-v1
// Run with: go test -race ./pkg/agent/ -run TestConcurrentBuildSystemPromptWithCache
func TestConcurrentBuildSystemPromptWithCache(t *testing.T) {
tmpDir := setupWorkspace(t, map[string]string{
- "IDENTITY.md": "# Identity\nConcurrency test agent.",
+ "AGENT.md": "# Agent\nConcurrency test agent.",
"SOUL.md": "# Soul\nBe helpful.",
"memory/MEMORY.md": "# Memory\nUser prefers Go.",
"skills/demo/SKILL.md": "---\nname: demo\ndescription: \"demo skill\"\n---\n# Demo",
@@ -714,7 +714,7 @@ func BenchmarkBuildMessagesWithCache(b *testing.B) {
os.MkdirAll(filepath.Join(tmpDir, "memory"), 0o755)
os.MkdirAll(filepath.Join(tmpDir, "skills"), 0o755)
- for _, name := range []string{"IDENTITY.md", "SOUL.md", "USER.md"} {
+ for _, name := range []string{"AGENT.md", "SOUL.md"} {
os.WriteFile(filepath.Join(tmpDir, name), []byte(strings.Repeat("Content.\n", 10)), 0o644)
}
diff --git a/pkg/agent/definition.go b/pkg/agent/definition.go
new file mode 100644
index 000000000..cf73d607c
--- /dev/null
+++ b/pkg/agent/definition.go
@@ -0,0 +1,255 @@
+package agent
+
+import (
+ "os"
+ "path/filepath"
+ "slices"
+ "strings"
+
+ "github.com/gomarkdown/markdown/parser"
+ "gopkg.in/yaml.v3"
+
+ "github.com/sipeed/picoclaw/pkg/logger"
+)
+
+// AgentDefinitionSource identifies which agent bootstrap file produced the definition.
+type AgentDefinitionSource string
+
+const (
+ // AgentDefinitionSourceAgent indicates the new AGENT.md format.
+ AgentDefinitionSourceAgent AgentDefinitionSource = "AGENT.md"
+ // AgentDefinitionSourceAgents indicates the legacy AGENTS.md format.
+ AgentDefinitionSourceAgents AgentDefinitionSource = "AGENTS.md"
+)
+
+// AgentFrontmatter holds machine-readable AGENT.md configuration.
+//
+// Known fields are exposed directly for convenience. Fields keeps the full
+// parsed frontmatter so future refactors can read additional keys without
+// changing the loader contract again.
+type AgentFrontmatter struct {
+ Name string `json:"name"`
+ Description string `json:"description"`
+ Tools []string `json:"tools,omitempty"`
+ Model string `json:"model,omitempty"`
+ MaxTurns *int `json:"maxTurns,omitempty"`
+ Skills []string `json:"skills,omitempty"`
+ MCPServers []string `json:"mcpServers,omitempty"`
+ Fields map[string]any `json:"fields,omitempty"`
+}
+
+// AgentPromptDefinition represents the parsed AGENT.md or AGENTS.md prompt file.
+type AgentPromptDefinition struct {
+ Path string `json:"path"`
+ Raw string `json:"raw"`
+ Body string `json:"body"`
+ RawFrontmatter string `json:"raw_frontmatter,omitempty"`
+ Frontmatter AgentFrontmatter `json:"frontmatter"`
+}
+
+// SoulDefinition represents the resolved SOUL.md file linked to the agent.
+type SoulDefinition struct {
+ Path string `json:"path"`
+ Content string `json:"content"`
+}
+
+// UserDefinition represents the resolved USER.md file linked to the workspace.
+type UserDefinition struct {
+ Path string `json:"path"`
+ Content string `json:"content"`
+}
+
+// AgentContextDefinition captures the workspace agent definition in a runtime-friendly shape.
+type AgentContextDefinition struct {
+ Source AgentDefinitionSource `json:"source,omitempty"`
+ Agent *AgentPromptDefinition `json:"agent,omitempty"`
+ Soul *SoulDefinition `json:"soul,omitempty"`
+ User *UserDefinition `json:"user,omitempty"`
+}
+
+// LoadAgentDefinition parses the workspace agent bootstrap files.
+//
+// It prefers the new AGENT.md format and its paired SOUL.md file. When the
+// structured files are absent, it falls back to the legacy AGENTS.md layout so
+// the current runtime can transition incrementally.
+func (cb *ContextBuilder) LoadAgentDefinition() AgentContextDefinition {
+ return loadAgentDefinition(cb.workspace)
+}
+
+func loadAgentDefinition(workspace string) AgentContextDefinition {
+ definition := AgentContextDefinition{}
+ definition.User = loadUserDefinition(workspace)
+ agentPath := filepath.Join(workspace, string(AgentDefinitionSourceAgent))
+ if content, err := os.ReadFile(agentPath); err == nil {
+ prompt := parseAgentPromptDefinition(agentPath, string(content))
+ definition.Source = AgentDefinitionSourceAgent
+ definition.Agent = &prompt
+ soulPath := filepath.Join(workspace, "SOUL.md")
+ if content, err := os.ReadFile(soulPath); err == nil {
+ definition.Soul = &SoulDefinition{
+ Path: soulPath,
+ Content: string(content),
+ }
+ }
+ return definition
+ }
+
+ legacyPath := filepath.Join(workspace, string(AgentDefinitionSourceAgents))
+ if content, err := os.ReadFile(legacyPath); err == nil {
+ definition.Source = AgentDefinitionSourceAgents
+ definition.Agent = &AgentPromptDefinition{
+ Path: legacyPath,
+ Raw: string(content),
+ Body: string(content),
+ }
+ }
+
+ defaultSoulPath := filepath.Join(workspace, "SOUL.md")
+ if definition.Source != "" || fileExists(defaultSoulPath) {
+ if content, err := os.ReadFile(defaultSoulPath); err == nil {
+ definition.Soul = &SoulDefinition{
+ Path: defaultSoulPath,
+ Content: string(content),
+ }
+ }
+ }
+
+ return definition
+}
+
+func (definition AgentContextDefinition) trackedPaths(workspace string) []string {
+ paths := []string{
+ filepath.Join(workspace, string(AgentDefinitionSourceAgent)),
+ filepath.Join(workspace, "SOUL.md"),
+ filepath.Join(workspace, "USER.md"),
+ }
+ if definition.Source != AgentDefinitionSourceAgent {
+ paths = append(paths,
+ filepath.Join(workspace, string(AgentDefinitionSourceAgents)),
+ filepath.Join(workspace, "IDENTITY.md"),
+ )
+ }
+ return uniquePaths(paths)
+}
+
+func loadUserDefinition(workspace string) *UserDefinition {
+ userPath := filepath.Join(workspace, "USER.md")
+ if content, err := os.ReadFile(userPath); err == nil {
+ return &UserDefinition{
+ Path: userPath,
+ Content: string(content),
+ }
+ }
+
+ return nil
+}
+
+func parseAgentPromptDefinition(path, content string) AgentPromptDefinition {
+ frontmatter, body := splitAgentFrontmatter(content)
+ return AgentPromptDefinition{
+ Path: path,
+ Raw: content,
+ Body: body,
+ RawFrontmatter: frontmatter,
+ Frontmatter: parseAgentFrontmatter(path, frontmatter),
+ }
+}
+
+func parseAgentFrontmatter(path, frontmatter string) AgentFrontmatter {
+ frontmatter = strings.TrimSpace(frontmatter)
+ if frontmatter == "" {
+ return AgentFrontmatter{}
+ }
+
+ rawFields := make(map[string]any)
+ if err := yaml.Unmarshal([]byte(frontmatter), &rawFields); err != nil {
+ logger.WarnCF("agent", "Failed to parse AGENT.md frontmatter", map[string]any{
+ "path": path,
+ "error": err.Error(),
+ })
+ return AgentFrontmatter{}
+ }
+
+ var typed struct {
+ Name string `yaml:"name"`
+ Description string `yaml:"description"`
+ Tools []string `yaml:"tools"`
+ Model string `yaml:"model"`
+ MaxTurns *int `yaml:"maxTurns"`
+ Skills []string `yaml:"skills"`
+ MCPServers []string `yaml:"mcpServers"`
+ }
+ if err := yaml.Unmarshal([]byte(frontmatter), &typed); err != nil {
+ logger.WarnCF("agent", "Failed to decode AGENT.md frontmatter fields", map[string]any{
+ "path": path,
+ "error": err.Error(),
+ })
+ return AgentFrontmatter{}
+ }
+
+ return AgentFrontmatter{
+ Name: strings.TrimSpace(typed.Name),
+ Description: strings.TrimSpace(typed.Description),
+ Tools: append([]string(nil), typed.Tools...),
+ Model: strings.TrimSpace(typed.Model),
+ MaxTurns: typed.MaxTurns,
+ Skills: append([]string(nil), typed.Skills...),
+ MCPServers: append([]string(nil), typed.MCPServers...),
+ Fields: rawFields,
+ }
+}
+
+func splitAgentFrontmatter(content string) (frontmatter, body string) {
+ normalized := string(parser.NormalizeNewlines([]byte(content)))
+ lines := strings.Split(normalized, "\n")
+ if len(lines) == 0 || lines[0] != "---" {
+ return "", content
+ }
+
+ end := -1
+ for i := 1; i < len(lines); i++ {
+ if lines[i] == "---" {
+ end = i
+ break
+ }
+ }
+ if end == -1 {
+ return "", content
+ }
+
+ frontmatter = strings.Join(lines[1:end], "\n")
+ body = strings.Join(lines[end+1:], "\n")
+ body = strings.TrimLeft(body, "\n")
+ return frontmatter, body
+}
+
+func relativeWorkspacePath(workspace, path string) string {
+ if strings.TrimSpace(path) == "" {
+ return ""
+ }
+ relativePath, err := filepath.Rel(workspace, path)
+ if err == nil && relativePath != "." && !strings.HasPrefix(relativePath, "..") {
+ return filepath.ToSlash(relativePath)
+ }
+ return filepath.Clean(path)
+}
+
+func uniquePaths(paths []string) []string {
+ result := make([]string, 0, len(paths))
+ for _, path := range paths {
+ if strings.TrimSpace(path) == "" {
+ continue
+ }
+ cleaned := filepath.Clean(path)
+ if slices.Contains(result, cleaned) {
+ continue
+ }
+ result = append(result, cleaned)
+ }
+ return result
+}
+
+func fileExists(path string) bool {
+ _, err := os.Stat(path)
+ return err == nil
+}
diff --git a/pkg/agent/definition_test.go b/pkg/agent/definition_test.go
new file mode 100644
index 000000000..5ee996967
--- /dev/null
+++ b/pkg/agent/definition_test.go
@@ -0,0 +1,302 @@
+package agent
+
+import (
+ "os"
+ "path/filepath"
+ "strings"
+ "testing"
+ "time"
+)
+
+func TestLoadAgentDefinitionParsesFrontmatterAndSoul(t *testing.T) {
+ tmpDir := setupWorkspace(t, map[string]string{
+ "AGENT.md": `---
+name: pico
+description: Structured agent
+model: claude-3-7-sonnet
+tools:
+ - shell
+ - search
+maxTurns: 8
+skills:
+ - review
+ - search-docs
+mcpServers:
+ - github
+metadata:
+ mode: strict
+---
+# Agent
+
+Act directly and use tools first.
+`,
+ "SOUL.md": "# Soul\nStay precise.",
+ })
+ defer cleanupWorkspace(t, tmpDir)
+
+ cb := NewContextBuilder(tmpDir)
+ definition := cb.LoadAgentDefinition()
+
+ if definition.Source != AgentDefinitionSourceAgent {
+ t.Fatalf("expected source %q, got %q", AgentDefinitionSourceAgent, definition.Source)
+ }
+ if definition.Agent == nil {
+ t.Fatal("expected AGENT.md definition to be loaded")
+ }
+ if definition.Agent.Body == "" || !strings.Contains(definition.Agent.Body, "Act directly") {
+ t.Fatalf("expected AGENT.md body to be preserved, got %q", definition.Agent.Body)
+ }
+ if definition.Agent.Frontmatter.Name != "pico" {
+ t.Fatalf("expected name to be parsed, got %q", definition.Agent.Frontmatter.Name)
+ }
+ if definition.Agent.Frontmatter.Model != "claude-3-7-sonnet" {
+ t.Fatalf("expected model to be parsed, got %q", definition.Agent.Frontmatter.Model)
+ }
+ if len(definition.Agent.Frontmatter.Tools) != 2 {
+ t.Fatalf("expected tools to be parsed, got %v", definition.Agent.Frontmatter.Tools)
+ }
+ if definition.Agent.Frontmatter.MaxTurns == nil || *definition.Agent.Frontmatter.MaxTurns != 8 {
+ t.Fatalf("expected maxTurns to be parsed, got %v", definition.Agent.Frontmatter.MaxTurns)
+ }
+ if len(definition.Agent.Frontmatter.Skills) != 2 {
+ t.Fatalf("expected skills to be parsed, got %v", definition.Agent.Frontmatter.Skills)
+ }
+ if len(definition.Agent.Frontmatter.MCPServers) != 1 || definition.Agent.Frontmatter.MCPServers[0] != "github" {
+ t.Fatalf("expected mcpServers to be parsed, got %v", definition.Agent.Frontmatter.MCPServers)
+ }
+ if definition.Agent.Frontmatter.Fields["metadata"] == nil {
+ t.Fatal("expected arbitrary frontmatter fields to remain available")
+ }
+
+ if definition.Soul == nil {
+ t.Fatal("expected SOUL.md to be loaded")
+ }
+ if !strings.Contains(definition.Soul.Content, "Stay precise") {
+ t.Fatalf("expected soul content to be loaded, got %q", definition.Soul.Content)
+ }
+ if definition.Soul.Path != filepath.Join(tmpDir, "SOUL.md") {
+ t.Fatalf("expected default SOUL.md path, got %q", definition.Soul.Path)
+ }
+}
+
+func TestLoadAgentDefinitionFallsBackToLegacyAgentsMarkdown(t *testing.T) {
+ tmpDir := setupWorkspace(t, map[string]string{
+ "AGENTS.md": "# Legacy Agent\nKeep compatibility.",
+ "SOUL.md": "# Soul\nLegacy soul.",
+ })
+ defer cleanupWorkspace(t, tmpDir)
+
+ cb := NewContextBuilder(tmpDir)
+ definition := cb.LoadAgentDefinition()
+
+ if definition.Source != AgentDefinitionSourceAgents {
+ t.Fatalf("expected source %q, got %q", AgentDefinitionSourceAgents, definition.Source)
+ }
+ if definition.Agent == nil {
+ t.Fatal("expected AGENTS.md to be loaded")
+ }
+ if definition.Agent.RawFrontmatter != "" {
+ t.Fatalf("legacy AGENTS.md should not have frontmatter, got %q", definition.Agent.RawFrontmatter)
+ }
+ if !strings.Contains(definition.Agent.Body, "Keep compatibility") {
+ t.Fatalf("expected legacy body to be preserved, got %q", definition.Agent.Body)
+ }
+ if definition.Soul == nil || !strings.Contains(definition.Soul.Content, "Legacy soul") {
+ t.Fatal("expected default SOUL.md to be loaded for legacy format")
+ }
+}
+
+func TestLoadAgentDefinitionLoadsWorkspaceUserMarkdown(t *testing.T) {
+ tmpDir := setupWorkspace(t, map[string]string{
+ "AGENT.md": "# Agent\nStructured agent.",
+ "USER.md": "# User\nWorkspace preferences.",
+ })
+ defer cleanupWorkspace(t, tmpDir)
+
+ cb := NewContextBuilder(tmpDir)
+ definition := cb.LoadAgentDefinition()
+
+ if definition.User == nil {
+ t.Fatal("expected USER.md to be loaded")
+ }
+ if definition.User.Path != filepath.Join(tmpDir, "USER.md") {
+ t.Fatalf("expected workspace USER.md path, got %q", definition.User.Path)
+ }
+ if !strings.Contains(definition.User.Content, "Workspace preferences") {
+ t.Fatalf("expected workspace USER.md content, got %q", definition.User.Content)
+ }
+}
+
+func TestLoadAgentDefinitionInvalidFrontmatterFallsBackToEmptyStructuredFields(t *testing.T) {
+ tmpDir := setupWorkspace(t, map[string]string{
+ "AGENT.md": `---
+name: pico
+tools:
+ - shell
+ broken
+---
+# Agent
+
+Keep going.
+`,
+ })
+ defer cleanupWorkspace(t, tmpDir)
+
+ cb := NewContextBuilder(tmpDir)
+ definition := cb.LoadAgentDefinition()
+
+ if definition.Agent == nil {
+ t.Fatal("expected AGENT.md definition to be loaded")
+ }
+ if !strings.Contains(definition.Agent.Body, "Keep going.") {
+ t.Fatalf("expected AGENT.md body to be preserved, got %q", definition.Agent.Body)
+ }
+ if definition.Agent.Frontmatter.Name != "" ||
+ definition.Agent.Frontmatter.Description != "" ||
+ definition.Agent.Frontmatter.Model != "" ||
+ definition.Agent.Frontmatter.MaxTurns != nil ||
+ len(definition.Agent.Frontmatter.Tools) != 0 ||
+ len(definition.Agent.Frontmatter.Skills) != 0 ||
+ len(definition.Agent.Frontmatter.MCPServers) != 0 ||
+ len(definition.Agent.Frontmatter.Fields) != 0 {
+ t.Fatalf("expected invalid frontmatter to decode as empty struct, got %+v", definition.Agent.Frontmatter)
+ }
+}
+
+func TestLoadBootstrapFilesUsesAgentBodyNotFrontmatter(t *testing.T) {
+ tmpDir := setupWorkspace(t, map[string]string{
+ "AGENT.md": `---
+name: pico
+model: codex-mini
+---
+# Agent
+
+Follow the body prompt.
+`,
+ "SOUL.md": "# Soul\nSpeak plainly.",
+ "IDENTITY.md": "# Identity\nWorkspace identity.",
+ })
+ defer cleanupWorkspace(t, tmpDir)
+
+ cb := NewContextBuilder(tmpDir)
+ bootstrap := cb.LoadBootstrapFiles()
+
+ if !strings.Contains(bootstrap, "Follow the body prompt") {
+ t.Fatalf("expected AGENT.md body in bootstrap, got %q", bootstrap)
+ }
+ if !strings.Contains(bootstrap, "Speak plainly") {
+ t.Fatalf("expected resolved soul content in bootstrap, got %q", bootstrap)
+ }
+ if strings.Contains(bootstrap, "name: pico") {
+ t.Fatalf("bootstrap should not expose raw frontmatter, got %q", bootstrap)
+ }
+ if strings.Contains(bootstrap, "model: codex-mini") {
+ t.Fatalf("bootstrap should not expose raw frontmatter, got %q", bootstrap)
+ }
+ if !strings.Contains(bootstrap, "SOUL.md") {
+ t.Fatalf("expected bootstrap to label SOUL.md, got %q", bootstrap)
+ }
+ if strings.Contains(bootstrap, "Workspace identity") {
+ t.Fatalf("structured bootstrap should ignore IDENTITY.md, got %q", bootstrap)
+ }
+}
+
+func TestLoadBootstrapFilesIncludesWorkspaceUserMarkdown(t *testing.T) {
+ tmpDir := setupWorkspace(t, map[string]string{
+ "AGENT.md": "# Agent\nFollow the new structure.",
+ "SOUL.md": "# Soul\nSpeak plainly.",
+ "USER.md": "# User\nShared profile.",
+ })
+ defer cleanupWorkspace(t, tmpDir)
+
+ cb := NewContextBuilder(tmpDir)
+ bootstrap := cb.LoadBootstrapFiles()
+
+ if !strings.Contains(bootstrap, "Shared profile") {
+ t.Fatalf("expected workspace USER.md in bootstrap, got %q", bootstrap)
+ }
+ if !strings.Contains(bootstrap, "## USER.md") {
+ t.Fatalf("expected USER.md heading in bootstrap, got %q", bootstrap)
+ }
+}
+
+func TestStructuredAgentIgnoresIdentityChanges(t *testing.T) {
+ tmpDir := setupWorkspace(t, map[string]string{
+ "AGENT.md": "# Agent\nFollow the new structure.",
+ "SOUL.md": "# Soul\nVersion one.",
+ "IDENTITY.md": "# Identity\nLegacy identity.",
+ })
+ defer cleanupWorkspace(t, tmpDir)
+
+ cb := NewContextBuilder(tmpDir)
+
+ promptV1 := cb.BuildSystemPromptWithCache()
+ if strings.Contains(promptV1, "Legacy identity") {
+ t.Fatalf("structured prompt should not include IDENTITY.md, got %q", promptV1)
+ }
+
+ identityPath := filepath.Join(tmpDir, "IDENTITY.md")
+ if err := os.WriteFile(identityPath, []byte("# Identity\nVersion two."), 0o644); err != nil {
+ t.Fatal(err)
+ }
+ future := time.Now().Add(2 * time.Second)
+ if err := os.Chtimes(identityPath, future, future); err != nil {
+ t.Fatal(err)
+ }
+
+ cb.systemPromptMutex.RLock()
+ changed := cb.sourceFilesChangedLocked()
+ cb.systemPromptMutex.RUnlock()
+ if changed {
+ t.Fatal("IDENTITY.md should not invalidate cache for structured agent definitions")
+ }
+
+ promptV2 := cb.BuildSystemPromptWithCache()
+ if promptV1 != promptV2 {
+ t.Fatal("structured prompt should remain stable after IDENTITY.md changes")
+ }
+}
+
+func TestStructuredAgentUserChangesInvalidateCache(t *testing.T) {
+ tmpDir := setupWorkspace(t, map[string]string{
+ "AGENT.md": "# Agent\nFollow the new structure.",
+ "SOUL.md": "# Soul\nVersion one.",
+ "USER.md": "# User\nInitial workspace preferences.",
+ })
+ defer cleanupWorkspace(t, tmpDir)
+
+ cb := NewContextBuilder(tmpDir)
+
+ promptV1 := cb.BuildSystemPromptWithCache()
+ if !strings.Contains(promptV1, "Initial workspace preferences") {
+ t.Fatalf("expected workspace USER.md in prompt, got %q", promptV1)
+ }
+
+ userPath := filepath.Join(tmpDir, "USER.md")
+ if err := os.WriteFile(userPath, []byte("# User\nUpdated workspace preferences."), 0o644); err != nil {
+ t.Fatal(err)
+ }
+ future := time.Now().Add(2 * time.Second)
+ if err := os.Chtimes(userPath, future, future); err != nil {
+ t.Fatal(err)
+ }
+
+ cb.systemPromptMutex.RLock()
+ changed := cb.sourceFilesChangedLocked()
+ cb.systemPromptMutex.RUnlock()
+ if !changed {
+ t.Fatal("workspace USER.md changes should invalidate cache")
+ }
+
+ promptV2 := cb.BuildSystemPromptWithCache()
+ if !strings.Contains(promptV2, "Updated workspace preferences") {
+ t.Fatalf("expected updated workspace USER.md in prompt, got %q", promptV2)
+ }
+}
+
+func cleanupWorkspace(t *testing.T, path string) {
+ t.Helper()
+ if err := os.RemoveAll(path); err != nil {
+ t.Fatalf("failed to clean up workspace %s: %v", path, err)
+ }
+}
diff --git a/pkg/agent/eventbus.go b/pkg/agent/eventbus.go
new file mode 100644
index 000000000..546d8436d
--- /dev/null
+++ b/pkg/agent/eventbus.go
@@ -0,0 +1,121 @@
+package agent
+
+import (
+ "sync"
+ "sync/atomic"
+ "time"
+)
+
+const defaultEventSubscriberBuffer = 16
+
+// EventSubscription identifies a subscriber channel returned by EventBus.Subscribe.
+type EventSubscription struct {
+ ID uint64
+ C <-chan Event
+}
+
+type eventSubscriber struct {
+ ch chan Event
+}
+
+// EventBus is a lightweight multi-subscriber broadcaster for agent-loop events.
+type EventBus struct {
+ mu sync.RWMutex
+ subs map[uint64]eventSubscriber
+ nextID uint64
+ closed bool
+ dropped [eventKindCount]atomic.Int64
+}
+
+// NewEventBus creates a new in-process event broadcaster.
+func NewEventBus() *EventBus {
+ return &EventBus{
+ subs: make(map[uint64]eventSubscriber),
+ }
+}
+
+// Subscribe registers a new subscriber with the requested channel buffer size.
+// A non-positive buffer uses the default size.
+func (b *EventBus) Subscribe(buffer int) EventSubscription {
+ if buffer <= 0 {
+ buffer = defaultEventSubscriberBuffer
+ }
+
+ b.mu.Lock()
+ defer b.mu.Unlock()
+
+ if b.closed {
+ ch := make(chan Event)
+ close(ch)
+ return EventSubscription{C: ch}
+ }
+
+ b.nextID++
+ id := b.nextID
+ ch := make(chan Event, buffer)
+ b.subs[id] = eventSubscriber{ch: ch}
+ return EventSubscription{ID: id, C: ch}
+}
+
+// Unsubscribe removes a subscriber and closes its channel.
+func (b *EventBus) Unsubscribe(id uint64) {
+ b.mu.Lock()
+ defer b.mu.Unlock()
+
+ sub, ok := b.subs[id]
+ if !ok {
+ return
+ }
+
+ delete(b.subs, id)
+ close(sub.ch)
+}
+
+// Emit broadcasts an event to all current subscribers without blocking.
+// When a subscriber channel is full, the event is dropped for that subscriber.
+func (b *EventBus) Emit(evt Event) {
+ if evt.Time.IsZero() {
+ evt.Time = time.Now()
+ }
+
+ b.mu.RLock()
+ defer b.mu.RUnlock()
+
+ if b.closed {
+ return
+ }
+
+ for _, sub := range b.subs {
+ select {
+ case sub.ch <- evt:
+ default:
+ if evt.Kind < eventKindCount {
+ b.dropped[evt.Kind].Add(1)
+ }
+ }
+ }
+}
+
+// Dropped returns the number of dropped events for a given kind.
+func (b *EventBus) Dropped(kind EventKind) int64 {
+ if kind >= eventKindCount {
+ return 0
+ }
+ return b.dropped[kind].Load()
+}
+
+// Close closes all subscriber channels and stops future broadcasts.
+func (b *EventBus) Close() {
+ b.mu.Lock()
+ defer b.mu.Unlock()
+
+ if b.closed {
+ return
+ }
+
+ b.closed = true
+ for id, sub := range b.subs {
+ close(sub.ch)
+ delete(b.subs, id)
+ }
+}
diff --git a/pkg/agent/eventbus_test.go b/pkg/agent/eventbus_test.go
new file mode 100644
index 000000000..19a1ea9eb
--- /dev/null
+++ b/pkg/agent/eventbus_test.go
@@ -0,0 +1,684 @@
+package agent
+
+import (
+ "context"
+ "os"
+ "slices"
+ "testing"
+ "time"
+
+ "github.com/sipeed/picoclaw/pkg/bus"
+ "github.com/sipeed/picoclaw/pkg/config"
+ "github.com/sipeed/picoclaw/pkg/providers"
+ "github.com/sipeed/picoclaw/pkg/tools"
+)
+
+func TestEventBus_SubscribeEmitUnsubscribeClose(t *testing.T) {
+ eventBus := NewEventBus()
+ sub := eventBus.Subscribe(1)
+
+ eventBus.Emit(Event{
+ Kind: EventKindTurnStart,
+ Meta: EventMeta{TurnID: "turn-1"},
+ })
+
+ select {
+ case evt := <-sub.C:
+ if evt.Kind != EventKindTurnStart {
+ t.Fatalf("expected %v, got %v", EventKindTurnStart, evt.Kind)
+ }
+ if evt.Meta.TurnID != "turn-1" {
+ t.Fatalf("expected turn id turn-1, got %q", evt.Meta.TurnID)
+ }
+ case <-time.After(time.Second):
+ t.Fatal("timed out waiting for event")
+ }
+
+ eventBus.Unsubscribe(sub.ID)
+ if _, ok := <-sub.C; ok {
+ t.Fatal("expected subscriber channel to be closed after unsubscribe")
+ }
+
+ eventBus.Close()
+ closedSub := eventBus.Subscribe(1)
+ if _, ok := <-closedSub.C; ok {
+ t.Fatal("expected closed bus to return a closed subscriber channel")
+ }
+}
+
+func TestEventBus_DropsWhenSubscriberIsFull(t *testing.T) {
+ eventBus := NewEventBus()
+ sub := eventBus.Subscribe(1)
+ defer eventBus.Unsubscribe(sub.ID)
+
+ start := time.Now()
+ for i := 0; i < 1000; i++ {
+ eventBus.Emit(Event{Kind: EventKindLLMRequest})
+ }
+
+ if elapsed := time.Since(start); elapsed > 100*time.Millisecond {
+ t.Fatalf("Emit took too long with a blocked subscriber: %s", elapsed)
+ }
+
+ if got := eventBus.Dropped(EventKindLLMRequest); got != 999 {
+ t.Fatalf("expected 999 dropped events, got %d", got)
+ }
+}
+
+type scriptedToolProvider struct {
+ calls int
+}
+
+func (m *scriptedToolProvider) Chat(
+ ctx context.Context,
+ messages []providers.Message,
+ toolDefs []providers.ToolDefinition,
+ model string,
+ opts map[string]any,
+) (*providers.LLMResponse, error) {
+ m.calls++
+ if m.calls == 1 {
+ return &providers.LLMResponse{
+ ToolCalls: []providers.ToolCall{
+ {
+ ID: "call-1",
+ Name: "mock_custom",
+ Arguments: map[string]any{"task": "ping"},
+ },
+ },
+ }, nil
+ }
+
+ return &providers.LLMResponse{
+ Content: "done",
+ }, nil
+}
+
+func (m *scriptedToolProvider) GetDefaultModel() string {
+ return "scripted-tool-model"
+}
+
+func TestAgentLoop_EmitsMinimalTurnEvents(t *testing.T) {
+ tmpDir, err := os.MkdirTemp("", "agent-eventbus-*")
+ if err != nil {
+ t.Fatalf("failed to create temp dir: %v", err)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ }
+
+ msgBus := bus.NewMessageBus()
+ provider := &scriptedToolProvider{}
+ al := NewAgentLoop(cfg, msgBus, provider)
+ al.RegisterTool(&mockCustomTool{})
+ defaultAgent := al.registry.GetDefaultAgent()
+ if defaultAgent == nil {
+ t.Fatal("expected default agent")
+ }
+
+ sub := al.SubscribeEvents(16)
+ defer al.UnsubscribeEvents(sub.ID)
+
+ response, err := al.runAgentLoop(context.Background(), defaultAgent, processOptions{
+ SessionKey: "session-1",
+ Channel: "cli",
+ ChatID: "direct",
+ UserMessage: "run tool",
+ DefaultResponse: defaultResponse,
+ EnableSummary: false,
+ SendResponse: false,
+ })
+ if err != nil {
+ t.Fatalf("runAgentLoop failed: %v", err)
+ }
+ if response != "done" {
+ t.Fatalf("expected final response 'done', got %q", response)
+ }
+
+ events := collectEventStream(sub.C)
+ if len(events) != 8 {
+ t.Fatalf("expected 8 events, got %d", len(events))
+ }
+
+ kinds := make([]EventKind, 0, len(events))
+ for _, evt := range events {
+ kinds = append(kinds, evt.Kind)
+ }
+
+ expectedKinds := []EventKind{
+ EventKindTurnStart,
+ EventKindLLMRequest,
+ EventKindLLMResponse,
+ EventKindToolExecStart,
+ EventKindToolExecEnd,
+ EventKindLLMRequest,
+ EventKindLLMResponse,
+ EventKindTurnEnd,
+ }
+ if !slices.Equal(kinds, expectedKinds) {
+ t.Fatalf("unexpected event sequence: got %v want %v", kinds, expectedKinds)
+ }
+
+ turnID := events[0].Meta.TurnID
+ for i, evt := range events {
+ if evt.Meta.TurnID != turnID {
+ t.Fatalf("event %d has mismatched turn id %q, want %q", i, evt.Meta.TurnID, turnID)
+ }
+ if evt.Meta.SessionKey != "session-1" {
+ t.Fatalf("event %d has session key %q, want session-1", i, evt.Meta.SessionKey)
+ }
+ }
+
+ startPayload, ok := events[0].Payload.(TurnStartPayload)
+ if !ok {
+ t.Fatalf("expected TurnStartPayload, got %T", events[0].Payload)
+ }
+ if startPayload.UserMessage != "run tool" {
+ t.Fatalf("expected user message 'run tool', got %q", startPayload.UserMessage)
+ }
+
+ toolStartPayload, ok := events[3].Payload.(ToolExecStartPayload)
+ if !ok {
+ t.Fatalf("expected ToolExecStartPayload, got %T", events[3].Payload)
+ }
+ if toolStartPayload.Tool != "mock_custom" {
+ t.Fatalf("expected tool name mock_custom, got %q", toolStartPayload.Tool)
+ }
+
+ toolEndPayload, ok := events[4].Payload.(ToolExecEndPayload)
+ if !ok {
+ t.Fatalf("expected ToolExecEndPayload, got %T", events[4].Payload)
+ }
+ if toolEndPayload.Tool != "mock_custom" {
+ t.Fatalf("expected tool end payload for mock_custom, got %q", toolEndPayload.Tool)
+ }
+ if toolEndPayload.IsError {
+ t.Fatal("expected mock_custom tool to succeed")
+ }
+
+ turnEndPayload, ok := events[len(events)-1].Payload.(TurnEndPayload)
+ if !ok {
+ t.Fatalf("expected TurnEndPayload, got %T", events[len(events)-1].Payload)
+ }
+ if turnEndPayload.Status != TurnEndStatusCompleted {
+ t.Fatalf("expected completed turn, got %q", turnEndPayload.Status)
+ }
+ if turnEndPayload.Iterations != 2 {
+ t.Fatalf("expected 2 iterations, got %d", turnEndPayload.Iterations)
+ }
+}
+
+func TestAgentLoop_EmitsSteeringAndSkippedToolEvents(t *testing.T) {
+ tmpDir, err := os.MkdirTemp("", "agent-eventbus-steering-*")
+ if err != nil {
+ t.Fatalf("failed to create temp dir: %v", err)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ }
+
+ tool1ExecCh := make(chan struct{})
+ tool1 := &slowTool{name: "tool_one", duration: 50 * time.Millisecond, execCh: tool1ExecCh}
+ tool2 := &slowTool{name: "tool_two", duration: 50 * time.Millisecond}
+
+ provider := &toolCallProvider{
+ toolCalls: []providers.ToolCall{
+ {
+ ID: "call_1",
+ Type: "function",
+ Name: "tool_one",
+ Function: &providers.FunctionCall{
+ Name: "tool_one",
+ Arguments: "{}",
+ },
+ Arguments: map[string]any{},
+ },
+ {
+ ID: "call_2",
+ Type: "function",
+ Name: "tool_two",
+ Function: &providers.FunctionCall{
+ Name: "tool_two",
+ Arguments: "{}",
+ },
+ Arguments: map[string]any{},
+ },
+ },
+ finalResp: "steered response",
+ }
+
+ msgBus := bus.NewMessageBus()
+ al := NewAgentLoop(cfg, msgBus, provider)
+ al.RegisterTool(tool1)
+ al.RegisterTool(tool2)
+
+ sub := al.SubscribeEvents(32)
+ defer al.UnsubscribeEvents(sub.ID)
+
+ resultCh := make(chan string, 1)
+ go func() {
+ resp, _ := al.ProcessDirectWithChannel(context.Background(), "do something", "test-session", "test", "chat1")
+ resultCh <- resp
+ }()
+
+ select {
+ case <-tool1ExecCh:
+ case <-time.After(2 * time.Second):
+ t.Fatal("timeout waiting for tool_one to start")
+ }
+
+ if err := al.Steer(providers.Message{Role: "user", Content: "change course"}); err != nil {
+ t.Fatalf("Steer failed: %v", err)
+ }
+
+ select {
+ case resp := <-resultCh:
+ if resp != "steered response" {
+ t.Fatalf("expected steered response, got %q", resp)
+ }
+ case <-time.After(5 * time.Second):
+ t.Fatal("timeout waiting for steered response")
+ }
+
+ events := collectEventStream(sub.C)
+ steeringEvt, ok := findEvent(events, EventKindSteeringInjected)
+ if !ok {
+ t.Fatal("expected steering injected event")
+ }
+ steeringPayload, ok := steeringEvt.Payload.(SteeringInjectedPayload)
+ if !ok {
+ t.Fatalf("expected SteeringInjectedPayload, got %T", steeringEvt.Payload)
+ }
+ if steeringPayload.Count != 1 {
+ t.Fatalf("expected 1 steering message, got %d", steeringPayload.Count)
+ }
+
+ skippedEvt, ok := findEvent(events, EventKindToolExecSkipped)
+ if !ok {
+ t.Fatal("expected skipped tool event")
+ }
+ skippedPayload, ok := skippedEvt.Payload.(ToolExecSkippedPayload)
+ if !ok {
+ t.Fatalf("expected ToolExecSkippedPayload, got %T", skippedEvt.Payload)
+ }
+ if skippedPayload.Tool != "tool_two" {
+ t.Fatalf("expected skipped tool_two, got %q", skippedPayload.Tool)
+ }
+
+ interruptEvt, ok := findEvent(events, EventKindInterruptReceived)
+ if !ok {
+ t.Fatal("expected interrupt received event")
+ }
+ interruptPayload, ok := interruptEvt.Payload.(InterruptReceivedPayload)
+ if !ok {
+ t.Fatalf("expected InterruptReceivedPayload, got %T", interruptEvt.Payload)
+ }
+ if interruptPayload.Role != "user" {
+ t.Fatalf("expected interrupt role user, got %q", interruptPayload.Role)
+ }
+ if interruptPayload.Kind != InterruptKindSteering {
+ t.Fatalf("expected steering interrupt kind, got %q", interruptPayload.Kind)
+ }
+ if interruptPayload.ContentLen != len("change course") {
+ t.Fatalf("expected interrupt content len %d, got %d", len("change course"), interruptPayload.ContentLen)
+ }
+}
+
+func TestAgentLoop_EmitsContextCompressEventOnRetry(t *testing.T) {
+ tmpDir, err := os.MkdirTemp("", "agent-eventbus-compress-*")
+ if err != nil {
+ t.Fatalf("failed to create temp dir: %v", err)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ }
+
+ contextErr := stringError("InvalidParameter: Total tokens of image and text exceed max message tokens")
+ provider := &failFirstMockProvider{
+ failures: 1,
+ failError: contextErr,
+ successResp: "Recovered from context error",
+ }
+ msgBus := bus.NewMessageBus()
+ al := NewAgentLoop(cfg, msgBus, provider)
+ defaultAgent := al.registry.GetDefaultAgent()
+ if defaultAgent == nil {
+ t.Fatal("expected default agent")
+ }
+
+ defaultAgent.Sessions.SetHistory("session-1", []providers.Message{
+ {Role: "user", Content: "Old message 1"},
+ {Role: "assistant", Content: "Old response 1"},
+ {Role: "user", Content: "Old message 2"},
+ {Role: "assistant", Content: "Old response 2"},
+ {Role: "user", Content: "Trigger message"},
+ })
+
+ sub := al.SubscribeEvents(16)
+ defer al.UnsubscribeEvents(sub.ID)
+
+ resp, err := al.runAgentLoop(context.Background(), defaultAgent, processOptions{
+ SessionKey: "session-1",
+ Channel: "cli",
+ ChatID: "direct",
+ UserMessage: "Trigger message",
+ DefaultResponse: defaultResponse,
+ EnableSummary: false,
+ SendResponse: false,
+ })
+ if err != nil {
+ t.Fatalf("runAgentLoop failed: %v", err)
+ }
+ if resp != "Recovered from context error" {
+ t.Fatalf("expected retry success, got %q", resp)
+ }
+
+ events := collectEventStream(sub.C)
+ retryEvt, ok := findEvent(events, EventKindLLMRetry)
+ if !ok {
+ t.Fatal("expected llm retry event")
+ }
+ retryPayload, ok := retryEvt.Payload.(LLMRetryPayload)
+ if !ok {
+ t.Fatalf("expected LLMRetryPayload, got %T", retryEvt.Payload)
+ }
+ if retryPayload.Reason != "context_limit" {
+ t.Fatalf("expected context_limit retry reason, got %q", retryPayload.Reason)
+ }
+ if retryPayload.Attempt != 1 {
+ t.Fatalf("expected retry attempt 1, got %d", retryPayload.Attempt)
+ }
+
+ compressEvt, ok := findEvent(events, EventKindContextCompress)
+ if !ok {
+ t.Fatal("expected context compress event")
+ }
+ payload, ok := compressEvt.Payload.(ContextCompressPayload)
+ if !ok {
+ t.Fatalf("expected ContextCompressPayload, got %T", compressEvt.Payload)
+ }
+ if payload.Reason != ContextCompressReasonRetry {
+ t.Fatalf("expected retry compress reason, got %q", payload.Reason)
+ }
+ if payload.DroppedMessages == 0 {
+ t.Fatal("expected dropped messages to be recorded")
+ }
+}
+
+func TestAgentLoop_EmitsSessionSummarizeEvent(t *testing.T) {
+ tmpDir, err := os.MkdirTemp("", "agent-eventbus-summary-*")
+ if err != nil {
+ t.Fatalf("failed to create temp dir: %v", err)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ ContextWindow: 8000,
+ SummarizeMessageThreshold: 2,
+ SummarizeTokenPercent: 75,
+ },
+ },
+ }
+
+ msgBus := bus.NewMessageBus()
+ al := NewAgentLoop(cfg, msgBus, &simpleMockProvider{response: "summary text"})
+ defaultAgent := al.registry.GetDefaultAgent()
+ if defaultAgent == nil {
+ t.Fatal("expected default agent")
+ }
+
+ defaultAgent.Sessions.SetHistory("session-1", []providers.Message{
+ {Role: "user", Content: "Question one"},
+ {Role: "assistant", Content: "Answer one"},
+ {Role: "user", Content: "Question two"},
+ {Role: "assistant", Content: "Answer two"},
+ {Role: "user", Content: "Question three"},
+ {Role: "assistant", Content: "Answer three"},
+ })
+
+ sub := al.SubscribeEvents(16)
+ defer al.UnsubscribeEvents(sub.ID)
+
+ turnScope := al.newTurnEventScope(defaultAgent.ID, "session-1")
+ al.summarizeSession(defaultAgent, "session-1", turnScope)
+
+ events := collectEventStream(sub.C)
+ summaryEvt, ok := findEvent(events, EventKindSessionSummarize)
+ if !ok {
+ t.Fatal("expected session summarize event")
+ }
+ payload, ok := summaryEvt.Payload.(SessionSummarizePayload)
+ if !ok {
+ t.Fatalf("expected SessionSummarizePayload, got %T", summaryEvt.Payload)
+ }
+ if payload.SummaryLen == 0 {
+ t.Fatal("expected non-empty summary length")
+ }
+}
+
+func TestAgentLoop_EmitsFollowUpQueuedEvent(t *testing.T) {
+ tmpDir, err := os.MkdirTemp("", "agent-eventbus-followup-*")
+ if err != nil {
+ t.Fatalf("failed to create temp dir: %v", err)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ }
+
+ provider := &toolCallProvider{
+ toolCalls: []providers.ToolCall{
+ {
+ ID: "call_async_1",
+ Type: "function",
+ Name: "async_followup",
+ Function: &providers.FunctionCall{
+ Name: "async_followup",
+ Arguments: "{}",
+ },
+ Arguments: map[string]any{},
+ },
+ },
+ finalResp: "async launched",
+ }
+
+ msgBus := bus.NewMessageBus()
+ al := NewAgentLoop(cfg, msgBus, provider)
+ doneCh := make(chan struct{})
+ al.RegisterTool(&asyncFollowUpTool{
+ name: "async_followup",
+ followUpText: "background result",
+ completionSig: doneCh,
+ })
+ defaultAgent := al.registry.GetDefaultAgent()
+ if defaultAgent == nil {
+ t.Fatal("expected default agent")
+ }
+
+ sub := al.SubscribeEvents(32)
+ defer al.UnsubscribeEvents(sub.ID)
+
+ resp, err := al.runAgentLoop(context.Background(), defaultAgent, processOptions{
+ SessionKey: "session-1",
+ Channel: "cli",
+ ChatID: "direct",
+ UserMessage: "run async tool",
+ DefaultResponse: defaultResponse,
+ EnableSummary: false,
+ SendResponse: false,
+ })
+ if err != nil {
+ t.Fatalf("runAgentLoop failed: %v", err)
+ }
+ if resp != "async launched" {
+ t.Fatalf("expected final response 'async launched', got %q", resp)
+ }
+
+ select {
+ case <-doneCh:
+ case <-time.After(2 * time.Second):
+ t.Fatal("timeout waiting for async tool completion")
+ }
+
+ followUpEvt := waitForEvent(t, sub.C, 2*time.Second, func(evt Event) bool {
+ return evt.Kind == EventKindFollowUpQueued
+ })
+ payload, ok := followUpEvt.Payload.(FollowUpQueuedPayload)
+ if !ok {
+ t.Fatalf("expected FollowUpQueuedPayload, got %T", followUpEvt.Payload)
+ }
+ if payload.SourceTool != "async_followup" {
+ t.Fatalf("expected source tool async_followup, got %q", payload.SourceTool)
+ }
+ if payload.Channel != "cli" {
+ t.Fatalf("expected channel cli, got %q", payload.Channel)
+ }
+ if payload.ChatID != "direct" {
+ t.Fatalf("expected chat id direct, got %q", payload.ChatID)
+ }
+ if payload.ContentLen != len("background result") {
+ t.Fatalf("expected content len %d, got %d", len("background result"), payload.ContentLen)
+ }
+ if followUpEvt.Meta.SessionKey != "session-1" {
+ t.Fatalf("expected session key session-1, got %q", followUpEvt.Meta.SessionKey)
+ }
+ if followUpEvt.Meta.TurnID == "" {
+ t.Fatal("expected follow-up event to include turn id")
+ }
+}
+
+func collectEventStream(ch <-chan Event) []Event {
+ var events []Event
+ for {
+ select {
+ case evt, ok := <-ch:
+ if !ok {
+ return events
+ }
+ events = append(events, evt)
+ default:
+ return events
+ }
+ }
+}
+
+func waitForEvent(t *testing.T, ch <-chan Event, timeout time.Duration, match func(Event) bool) Event {
+ t.Helper()
+
+ timer := time.NewTimer(timeout)
+ defer timer.Stop()
+
+ for {
+ select {
+ case evt, ok := <-ch:
+ if !ok {
+ t.Fatal("event stream closed before expected event arrived")
+ }
+ if match(evt) {
+ return evt
+ }
+ case <-timer.C:
+ t.Fatal("timed out waiting for expected event")
+ }
+ }
+}
+
+func findEvent(events []Event, kind EventKind) (Event, bool) {
+ for _, evt := range events {
+ if evt.Kind == kind {
+ return evt, true
+ }
+ }
+ return Event{}, false
+}
+
+type stringError string
+
+func (e stringError) Error() string {
+ return string(e)
+}
+
+type asyncFollowUpTool struct {
+ name string
+ followUpText string
+ completionSig chan struct{}
+}
+
+func (t *asyncFollowUpTool) Name() string {
+ return t.name
+}
+
+func (t *asyncFollowUpTool) Description() string {
+ return "async follow-up tool for testing"
+}
+
+func (t *asyncFollowUpTool) Parameters() map[string]any {
+ return map[string]any{
+ "type": "object",
+ "properties": map[string]any{},
+ }
+}
+
+func (t *asyncFollowUpTool) Execute(ctx context.Context, args map[string]any) *tools.ToolResult {
+ return tools.AsyncResult("async follow-up scheduled")
+}
+
+func (t *asyncFollowUpTool) ExecuteAsync(
+ ctx context.Context,
+ args map[string]any,
+ cb tools.AsyncCallback,
+) *tools.ToolResult {
+ go func() {
+ cb(ctx, &tools.ToolResult{ForLLM: t.followUpText})
+ if t.completionSig != nil {
+ close(t.completionSig)
+ }
+ }()
+ return tools.AsyncResult("async follow-up scheduled")
+}
+
+var (
+ _ tools.Tool = (*mockCustomTool)(nil)
+ _ tools.AsyncExecutor = (*asyncFollowUpTool)(nil)
+)
diff --git a/pkg/agent/events.go b/pkg/agent/events.go
new file mode 100644
index 000000000..f4562b360
--- /dev/null
+++ b/pkg/agent/events.go
@@ -0,0 +1,271 @@
+package agent
+
+import (
+ "fmt"
+ "time"
+)
+
+// EventKind identifies a structured agent-loop event.
+type EventKind uint8
+
+const (
+ // EventKindTurnStart is emitted when a turn begins processing.
+ EventKindTurnStart EventKind = iota
+ // EventKindTurnEnd is emitted when a turn finishes, successfully or with an error.
+ EventKindTurnEnd
+ // EventKindLLMRequest is emitted before a provider chat request is made.
+ EventKindLLMRequest
+ // EventKindLLMDelta is emitted when a streaming provider yields a partial delta.
+ EventKindLLMDelta
+ // EventKindLLMResponse is emitted after a provider chat response is received.
+ EventKindLLMResponse
+ // EventKindLLMRetry is emitted when an LLM request is retried.
+ EventKindLLMRetry
+ // EventKindContextCompress is emitted when session history is forcibly compressed.
+ EventKindContextCompress
+ // EventKindSessionSummarize is emitted when asynchronous summarization completes.
+ EventKindSessionSummarize
+ // EventKindToolExecStart is emitted immediately before a tool executes.
+ EventKindToolExecStart
+ // EventKindToolExecEnd is emitted immediately after a tool finishes executing.
+ EventKindToolExecEnd
+ // EventKindToolExecSkipped is emitted when a queued tool call is skipped.
+ EventKindToolExecSkipped
+ // EventKindSteeringInjected is emitted when queued steering is injected into context.
+ EventKindSteeringInjected
+ // EventKindFollowUpQueued is emitted when an async tool queues a follow-up system message.
+ EventKindFollowUpQueued
+ // EventKindInterruptReceived is emitted when a soft interrupt message is accepted.
+ EventKindInterruptReceived
+ // EventKindSubTurnSpawn is emitted when a sub-turn is spawned.
+ EventKindSubTurnSpawn
+ // EventKindSubTurnEnd is emitted when a sub-turn finishes.
+ EventKindSubTurnEnd
+ // EventKindSubTurnResultDelivered is emitted when a sub-turn result is delivered.
+ EventKindSubTurnResultDelivered
+ // EventKindSubTurnOrphan is emitted when a sub-turn result cannot be delivered.
+ EventKindSubTurnOrphan
+ // EventKindError is emitted when a turn encounters an execution error.
+ EventKindError
+
+ eventKindCount
+)
+
+var eventKindNames = [...]string{
+ "turn_start",
+ "turn_end",
+ "llm_request",
+ "llm_delta",
+ "llm_response",
+ "llm_retry",
+ "context_compress",
+ "session_summarize",
+ "tool_exec_start",
+ "tool_exec_end",
+ "tool_exec_skipped",
+ "steering_injected",
+ "follow_up_queued",
+ "interrupt_received",
+ "subturn_spawn",
+ "subturn_end",
+ "subturn_result_delivered",
+ "subturn_orphan",
+ "error",
+}
+
+// String returns the stable string form of an EventKind.
+func (k EventKind) String() string {
+ if k >= eventKindCount {
+ return fmt.Sprintf("event_kind(%d)", k)
+ }
+ return eventKindNames[k]
+}
+
+// Event is the structured envelope broadcast by the agent EventBus.
+type Event struct {
+ Kind EventKind
+ Time time.Time
+ Meta EventMeta
+ Payload any
+}
+
+// EventMeta contains correlation fields shared by all agent-loop events.
+type EventMeta struct {
+ AgentID string
+ TurnID string
+ ParentTurnID string
+ SessionKey string
+ Iteration int
+ TracePath string
+ Source string
+}
+
+// TurnEndStatus describes the terminal state of a turn.
+type TurnEndStatus string
+
+const (
+ // TurnEndStatusCompleted indicates the turn finished normally.
+ TurnEndStatusCompleted TurnEndStatus = "completed"
+ // TurnEndStatusError indicates the turn ended because of an error.
+ TurnEndStatusError TurnEndStatus = "error"
+ // TurnEndStatusAborted indicates the turn was hard-aborted and rolled back.
+ TurnEndStatusAborted TurnEndStatus = "aborted"
+)
+
+// TurnStartPayload describes the start of a turn.
+type TurnStartPayload struct {
+ Channel string
+ ChatID string
+ UserMessage string
+ MediaCount int
+}
+
+// TurnEndPayload describes the completion of a turn.
+type TurnEndPayload struct {
+ Status TurnEndStatus
+ Iterations int
+ Duration time.Duration
+ FinalContentLen int
+}
+
+// LLMRequestPayload describes an outbound LLM request.
+type LLMRequestPayload struct {
+ Model string
+ MessagesCount int
+ ToolsCount int
+ MaxTokens int
+ Temperature float64
+}
+
+// LLMResponsePayload describes an inbound LLM response.
+type LLMResponsePayload struct {
+ ContentLen int
+ ToolCalls int
+ HasReasoning bool
+}
+
+// LLMDeltaPayload describes a streamed LLM delta.
+type LLMDeltaPayload struct {
+ ContentDeltaLen int
+ ReasoningDeltaLen int
+}
+
+// LLMRetryPayload describes a retry of an LLM request.
+type LLMRetryPayload struct {
+ Attempt int
+ MaxRetries int
+ Reason string
+ Error string
+ Backoff time.Duration
+}
+
+// ContextCompressReason identifies why emergency compression ran.
+type ContextCompressReason string
+
+const (
+ // ContextCompressReasonProactive indicates compression before the first LLM call.
+ ContextCompressReasonProactive ContextCompressReason = "proactive_budget"
+ // ContextCompressReasonRetry indicates compression during context-error retry handling.
+ ContextCompressReasonRetry ContextCompressReason = "llm_retry"
+)
+
+// ContextCompressPayload describes a forced history compression.
+type ContextCompressPayload struct {
+ Reason ContextCompressReason
+ DroppedMessages int
+ RemainingMessages int
+}
+
+// SessionSummarizePayload describes a completed async session summarization.
+type SessionSummarizePayload struct {
+ SummarizedMessages int
+ KeptMessages int
+ SummaryLen int
+ OmittedOversized bool
+}
+
+// ToolExecStartPayload describes a tool execution request.
+type ToolExecStartPayload struct {
+ Tool string
+ Arguments map[string]any
+}
+
+// ToolExecEndPayload describes the outcome of a tool execution.
+type ToolExecEndPayload struct {
+ Tool string
+ Duration time.Duration
+ ForLLMLen int
+ ForUserLen int
+ IsError bool
+ Async bool
+}
+
+// ToolExecSkippedPayload describes a skipped tool call.
+type ToolExecSkippedPayload struct {
+ Tool string
+ Reason string
+}
+
+// SteeringInjectedPayload describes steering messages appended before the next LLM call.
+type SteeringInjectedPayload struct {
+ Count int
+ TotalContentLen int
+}
+
+// FollowUpQueuedPayload describes an async follow-up queued back into the inbound bus.
+type FollowUpQueuedPayload struct {
+ SourceTool string
+ Channel string
+ ChatID string
+ ContentLen int
+}
+
+type InterruptKind string
+
+const (
+ InterruptKindSteering InterruptKind = "steering"
+ InterruptKindGraceful InterruptKind = "graceful"
+ InterruptKindHard InterruptKind = "hard_abort"
+)
+
+// InterruptReceivedPayload describes accepted turn-control input.
+type InterruptReceivedPayload struct {
+ Kind InterruptKind
+ Role string
+ ContentLen int
+ QueueDepth int
+ HintLen int
+}
+
+// SubTurnSpawnPayload describes the creation of a child turn.
+type SubTurnSpawnPayload struct {
+ AgentID string
+ Label string
+ ParentTurnID string
+}
+
+// SubTurnEndPayload describes the completion of a child turn.
+type SubTurnEndPayload struct {
+ AgentID string
+ Status string
+}
+
+// SubTurnResultDeliveredPayload describes delivery of a sub-turn result.
+type SubTurnResultDeliveredPayload struct {
+ TargetChannel string
+ TargetChatID string
+ ContentLen int
+}
+
+// SubTurnOrphanPayload describes a sub-turn result that could not be delivered.
+type SubTurnOrphanPayload struct {
+ ParentTurnID string
+ ChildTurnID string
+ Reason string
+}
+
+// ErrorPayload describes an execution error inside the agent loop.
+type ErrorPayload struct {
+ Stage string
+ Message string
+}
diff --git a/pkg/agent/hook_mount.go b/pkg/agent/hook_mount.go
new file mode 100644
index 000000000..c92145f1f
--- /dev/null
+++ b/pkg/agent/hook_mount.go
@@ -0,0 +1,317 @@
+package agent
+
+import (
+ "context"
+ "fmt"
+ "sort"
+ "sync"
+ "time"
+
+ "github.com/sipeed/picoclaw/pkg/config"
+)
+
+type hookRuntime struct {
+ initOnce sync.Once
+ mu sync.Mutex
+ initErr error
+ mounted []string
+}
+
+func (r *hookRuntime) setInitErr(err error) {
+ r.mu.Lock()
+ r.initErr = err
+ r.mu.Unlock()
+}
+
+func (r *hookRuntime) getInitErr() error {
+ r.mu.Lock()
+ defer r.mu.Unlock()
+ return r.initErr
+}
+
+func (r *hookRuntime) setMounted(names []string) {
+ r.mu.Lock()
+ r.mounted = append([]string(nil), names...)
+ r.mu.Unlock()
+}
+
+func (r *hookRuntime) reset(al *AgentLoop) {
+ r.mu.Lock()
+ names := append([]string(nil), r.mounted...)
+ r.mounted = nil
+ r.initErr = nil
+ r.initOnce = sync.Once{}
+ r.mu.Unlock()
+
+ for _, name := range names {
+ al.UnmountHook(name)
+ }
+}
+
+// BuiltinHookFactory constructs an in-process hook from config.
+type BuiltinHookFactory func(ctx context.Context, spec config.BuiltinHookConfig) (any, error)
+
+var (
+ builtinHookRegistryMu sync.RWMutex
+ builtinHookRegistry = map[string]BuiltinHookFactory{}
+)
+
+// RegisterBuiltinHook registers a named in-process hook factory for config-driven mounting.
+func RegisterBuiltinHook(name string, factory BuiltinHookFactory) error {
+ if name == "" {
+ return fmt.Errorf("builtin hook name is required")
+ }
+ if factory == nil {
+ return fmt.Errorf("builtin hook %q factory is nil", name)
+ }
+
+ builtinHookRegistryMu.Lock()
+ defer builtinHookRegistryMu.Unlock()
+
+ if _, exists := builtinHookRegistry[name]; exists {
+ return fmt.Errorf("builtin hook %q is already registered", name)
+ }
+ builtinHookRegistry[name] = factory
+ return nil
+}
+
+func unregisterBuiltinHook(name string) {
+ if name == "" {
+ return
+ }
+ builtinHookRegistryMu.Lock()
+ delete(builtinHookRegistry, name)
+ builtinHookRegistryMu.Unlock()
+}
+
+func lookupBuiltinHook(name string) (BuiltinHookFactory, bool) {
+ builtinHookRegistryMu.RLock()
+ defer builtinHookRegistryMu.RUnlock()
+
+ factory, ok := builtinHookRegistry[name]
+ return factory, ok
+}
+
+func configureHookManagerFromConfig(hm *HookManager, cfg *config.Config) {
+ if hm == nil || cfg == nil {
+ return
+ }
+ hm.ConfigureTimeouts(
+ hookTimeoutFromMS(cfg.Hooks.Defaults.ObserverTimeoutMS),
+ hookTimeoutFromMS(cfg.Hooks.Defaults.InterceptorTimeoutMS),
+ hookTimeoutFromMS(cfg.Hooks.Defaults.ApprovalTimeoutMS),
+ )
+}
+
+func hookTimeoutFromMS(ms int) time.Duration {
+ if ms <= 0 {
+ return 0
+ }
+ return time.Duration(ms) * time.Millisecond
+}
+
+func (al *AgentLoop) ensureHooksInitialized(ctx context.Context) error {
+ if al == nil || al.cfg == nil || al.hooks == nil {
+ return nil
+ }
+
+ al.hookRuntime.initOnce.Do(func() {
+ al.hookRuntime.setInitErr(al.loadConfiguredHooks(ctx))
+ })
+
+ return al.hookRuntime.getInitErr()
+}
+
+func (al *AgentLoop) loadConfiguredHooks(ctx context.Context) (err error) {
+ if al == nil || al.cfg == nil || !al.cfg.Hooks.Enabled {
+ return nil
+ }
+
+ mounted := make([]string, 0)
+ defer func() {
+ if err != nil {
+ for _, name := range mounted {
+ al.UnmountHook(name)
+ }
+ return
+ }
+ al.hookRuntime.setMounted(mounted)
+ }()
+
+ builtinNames := enabledBuiltinHookNames(al.cfg.Hooks.Builtins)
+ for _, name := range builtinNames {
+ spec := al.cfg.Hooks.Builtins[name]
+ factory, ok := lookupBuiltinHook(name)
+ if !ok {
+ return fmt.Errorf("builtin hook %q is not registered", name)
+ }
+
+ hook, factoryErr := factory(ctx, spec)
+ if factoryErr != nil {
+ return fmt.Errorf("build builtin hook %q: %w", name, factoryErr)
+ }
+ if err := al.MountHook(HookRegistration{
+ Name: name,
+ Priority: spec.Priority,
+ Source: HookSourceInProcess,
+ Hook: hook,
+ }); err != nil {
+ return fmt.Errorf("mount builtin hook %q: %w", name, err)
+ }
+ mounted = append(mounted, name)
+ }
+
+ processNames := enabledProcessHookNames(al.cfg.Hooks.Processes)
+ for _, name := range processNames {
+ spec := al.cfg.Hooks.Processes[name]
+ opts, buildErr := processHookOptionsFromConfig(spec)
+ if buildErr != nil {
+ return fmt.Errorf("configure process hook %q: %w", name, buildErr)
+ }
+
+ processHook, buildErr := NewProcessHook(ctx, name, opts)
+ if buildErr != nil {
+ return fmt.Errorf("start process hook %q: %w", name, buildErr)
+ }
+ if err := al.MountHook(HookRegistration{
+ Name: name,
+ Priority: spec.Priority,
+ Source: HookSourceProcess,
+ Hook: processHook,
+ }); err != nil {
+ _ = processHook.Close()
+ return fmt.Errorf("mount process hook %q: %w", name, err)
+ }
+ mounted = append(mounted, name)
+ }
+
+ return nil
+}
+
+func enabledBuiltinHookNames(specs map[string]config.BuiltinHookConfig) []string {
+ if len(specs) == 0 {
+ return nil
+ }
+
+ names := make([]string, 0, len(specs))
+ for name, spec := range specs {
+ if spec.Enabled {
+ names = append(names, name)
+ }
+ }
+ sort.Strings(names)
+ return names
+}
+
+func enabledProcessHookNames(specs map[string]config.ProcessHookConfig) []string {
+ if len(specs) == 0 {
+ return nil
+ }
+
+ names := make([]string, 0, len(specs))
+ for name, spec := range specs {
+ if spec.Enabled {
+ names = append(names, name)
+ }
+ }
+ sort.Strings(names)
+ return names
+}
+
+func processHookOptionsFromConfig(spec config.ProcessHookConfig) (ProcessHookOptions, error) {
+ transport := spec.Transport
+ if transport == "" {
+ transport = "stdio"
+ }
+ if transport != "stdio" {
+ return ProcessHookOptions{}, fmt.Errorf("unsupported transport %q", transport)
+ }
+ if len(spec.Command) == 0 {
+ return ProcessHookOptions{}, fmt.Errorf("command is required")
+ }
+
+ opts := ProcessHookOptions{
+ Command: append([]string(nil), spec.Command...),
+ Dir: spec.Dir,
+ Env: processHookEnvFromMap(spec.Env),
+ }
+
+ observeKinds, observeEnabled, err := processHookObserveKindsFromConfig(spec.Observe)
+ if err != nil {
+ return ProcessHookOptions{}, err
+ }
+ opts.Observe = observeEnabled
+ opts.ObserveKinds = observeKinds
+
+ for _, intercept := range spec.Intercept {
+ switch intercept {
+ case "before_llm", "after_llm":
+ opts.InterceptLLM = true
+ case "before_tool", "after_tool":
+ opts.InterceptTool = true
+ case "approve_tool":
+ opts.ApproveTool = true
+ case "":
+ continue
+ default:
+ return ProcessHookOptions{}, fmt.Errorf("unsupported intercept %q", intercept)
+ }
+ }
+
+ if !opts.Observe && !opts.InterceptLLM && !opts.InterceptTool && !opts.ApproveTool {
+ return ProcessHookOptions{}, fmt.Errorf("no hook modes enabled")
+ }
+
+ return opts, nil
+}
+
+func processHookEnvFromMap(envMap map[string]string) []string {
+ if len(envMap) == 0 {
+ return nil
+ }
+
+ keys := make([]string, 0, len(envMap))
+ for key := range envMap {
+ keys = append(keys, key)
+ }
+ sort.Strings(keys)
+
+ env := make([]string, 0, len(keys))
+ for _, key := range keys {
+ env = append(env, key+"="+envMap[key])
+ }
+ return env
+}
+
+func processHookObserveKindsFromConfig(observe []string) ([]string, bool, error) {
+ if len(observe) == 0 {
+ return nil, false, nil
+ }
+
+ validKinds := validHookEventKinds()
+ normalized := make([]string, 0, len(observe))
+ for _, kind := range observe {
+ switch kind {
+ case "", "*", "all":
+ return nil, true, nil
+ default:
+ if _, ok := validKinds[kind]; !ok {
+ return nil, false, fmt.Errorf("unsupported observe event %q", kind)
+ }
+ normalized = append(normalized, kind)
+ }
+ }
+
+ if len(normalized) == 0 {
+ return nil, false, nil
+ }
+ return normalized, true, nil
+}
+
+func validHookEventKinds() map[string]struct{} {
+ kinds := make(map[string]struct{}, int(eventKindCount))
+ for kind := EventKind(0); kind < eventKindCount; kind++ {
+ kinds[kind.String()] = struct{}{}
+ }
+ return kinds
+}
diff --git a/pkg/agent/hook_mount_test.go b/pkg/agent/hook_mount_test.go
new file mode 100644
index 000000000..85d8f5c11
--- /dev/null
+++ b/pkg/agent/hook_mount_test.go
@@ -0,0 +1,179 @@
+package agent
+
+import (
+ "context"
+ "encoding/json"
+ "path/filepath"
+ "testing"
+
+ "github.com/sipeed/picoclaw/pkg/bus"
+ "github.com/sipeed/picoclaw/pkg/config"
+)
+
+type builtinAutoHookConfig struct {
+ Model string `json:"model"`
+ Suffix string `json:"suffix"`
+}
+
+type builtinAutoHook struct {
+ model string
+ suffix string
+}
+
+func (h *builtinAutoHook) BeforeLLM(
+ ctx context.Context,
+ req *LLMHookRequest,
+) (*LLMHookRequest, HookDecision, error) {
+ next := req.Clone()
+ next.Model = h.model
+ return next, HookDecision{Action: HookActionModify}, nil
+}
+
+func (h *builtinAutoHook) AfterLLM(
+ ctx context.Context,
+ resp *LLMHookResponse,
+) (*LLMHookResponse, HookDecision, error) {
+ next := resp.Clone()
+ if next.Response != nil {
+ next.Response.Content += h.suffix
+ }
+ return next, HookDecision{Action: HookActionModify}, nil
+}
+
+func newConfiguredHookLoop(t *testing.T, provider *llmHookTestProvider, hooks config.HooksConfig) *AgentLoop {
+ t.Helper()
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: t.TempDir(),
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ Hooks: hooks,
+ }
+
+ return NewAgentLoop(cfg, bus.NewMessageBus(), provider)
+}
+
+func TestAgentLoop_ProcessDirectWithChannel_AutoMountsBuiltinHook(t *testing.T) {
+ const hookName = "test-auto-builtin-hook"
+
+ if err := RegisterBuiltinHook(hookName, func(
+ ctx context.Context,
+ spec config.BuiltinHookConfig,
+ ) (any, error) {
+ var hookCfg builtinAutoHookConfig
+ if len(spec.Config) > 0 {
+ if err := json.Unmarshal(spec.Config, &hookCfg); err != nil {
+ return nil, err
+ }
+ }
+ return &builtinAutoHook{
+ model: hookCfg.Model,
+ suffix: hookCfg.Suffix,
+ }, nil
+ }); err != nil {
+ t.Fatalf("RegisterBuiltinHook failed: %v", err)
+ }
+ t.Cleanup(func() {
+ unregisterBuiltinHook(hookName)
+ })
+
+ rawCfg, err := json.Marshal(builtinAutoHookConfig{
+ Model: "builtin-model",
+ Suffix: "|builtin",
+ })
+ if err != nil {
+ t.Fatalf("json.Marshal failed: %v", err)
+ }
+
+ provider := &llmHookTestProvider{}
+ al := newConfiguredHookLoop(t, provider, config.HooksConfig{
+ Enabled: true,
+ Builtins: map[string]config.BuiltinHookConfig{
+ hookName: {
+ Enabled: true,
+ Config: rawCfg,
+ },
+ },
+ })
+ defer al.Close()
+
+ resp, err := al.ProcessDirectWithChannel(context.Background(), "hello", "session-1", "cli", "direct")
+ if err != nil {
+ t.Fatalf("ProcessDirectWithChannel failed: %v", err)
+ }
+ if resp != "provider content|builtin" {
+ t.Fatalf("expected builtin-hooked content, got %q", resp)
+ }
+
+ provider.mu.Lock()
+ lastModel := provider.lastModel
+ provider.mu.Unlock()
+ if lastModel != "builtin-model" {
+ t.Fatalf("expected builtin model, got %q", lastModel)
+ }
+}
+
+func TestAgentLoop_ProcessDirectWithChannel_AutoMountsProcessHook(t *testing.T) {
+ provider := &llmHookTestProvider{}
+ eventLog := filepath.Join(t.TempDir(), "events.log")
+
+ al := newConfiguredHookLoop(t, provider, config.HooksConfig{
+ Enabled: true,
+ Processes: map[string]config.ProcessHookConfig{
+ "ipc-auto": {
+ Enabled: true,
+ Command: processHookHelperCommand(),
+ Env: map[string]string{
+ "PICOCLAW_HOOK_HELPER": "1",
+ "PICOCLAW_HOOK_MODE": "rewrite",
+ "PICOCLAW_HOOK_EVENT_LOG": eventLog,
+ },
+ Observe: []string{"turn_end"},
+ Intercept: []string{"before_llm", "after_llm"},
+ },
+ },
+ })
+ defer al.Close()
+
+ resp, err := al.ProcessDirectWithChannel(context.Background(), "hello", "session-1", "cli", "direct")
+ if err != nil {
+ t.Fatalf("ProcessDirectWithChannel failed: %v", err)
+ }
+ if resp != "provider content|ipc" {
+ t.Fatalf("expected process-hooked content, got %q", resp)
+ }
+
+ provider.mu.Lock()
+ lastModel := provider.lastModel
+ provider.mu.Unlock()
+ if lastModel != "process-model" {
+ t.Fatalf("expected process model, got %q", lastModel)
+ }
+
+ waitForFileContains(t, eventLog, "turn_end")
+}
+
+func TestAgentLoop_ProcessDirectWithChannel_InvalidConfiguredHookFails(t *testing.T) {
+ provider := &llmHookTestProvider{}
+ al := newConfiguredHookLoop(t, provider, config.HooksConfig{
+ Enabled: true,
+ Processes: map[string]config.ProcessHookConfig{
+ "bad-hook": {
+ Enabled: true,
+ Command: processHookHelperCommand(),
+ Intercept: []string{"not_supported"},
+ },
+ },
+ })
+ defer al.Close()
+
+ _, err := al.ProcessDirectWithChannel(context.Background(), "hello", "session-1", "cli", "direct")
+ if err == nil {
+ t.Fatal("expected invalid configured hook error")
+ }
+}
diff --git a/pkg/agent/hook_process.go b/pkg/agent/hook_process.go
new file mode 100644
index 000000000..e5632913d
--- /dev/null
+++ b/pkg/agent/hook_process.go
@@ -0,0 +1,511 @@
+package agent
+
+import (
+ "bufio"
+ "context"
+ "encoding/json"
+ "fmt"
+ "io"
+ "os"
+ "os/exec"
+ "sync"
+ "sync/atomic"
+ "time"
+
+ "github.com/sipeed/picoclaw/pkg/logger"
+)
+
+const (
+ processHookJSONRPCVersion = "2.0"
+ processHookReadBufferSize = 1024 * 1024
+ processHookCloseTimeout = 2 * time.Second
+)
+
+type ProcessHookOptions struct {
+ Command []string
+ Dir string
+ Env []string
+ Observe bool
+ ObserveKinds []string
+ InterceptLLM bool
+ InterceptTool bool
+ ApproveTool bool
+}
+
+type ProcessHook struct {
+ name string
+ opts ProcessHookOptions
+
+ cmd *exec.Cmd
+ stdin io.WriteCloser
+ observeKinds map[string]struct{}
+
+ writeMu sync.Mutex
+
+ pendingMu sync.Mutex
+ pending map[uint64]chan processHookRPCMessage
+ nextID atomic.Uint64
+
+ closed atomic.Bool
+ done chan struct{}
+ closeErr error
+ closeMu sync.Mutex
+ closeOnce sync.Once
+}
+
+type processHookRPCMessage struct {
+ JSONRPC string `json:"jsonrpc,omitempty"`
+ ID uint64 `json:"id,omitempty"`
+ Method string `json:"method,omitempty"`
+ Params json.RawMessage `json:"params,omitempty"`
+ Result json.RawMessage `json:"result,omitempty"`
+ Error *processHookRPCError `json:"error,omitempty"`
+}
+
+type processHookRPCError struct {
+ Code int `json:"code"`
+ Message string `json:"message"`
+}
+
+type processHookHelloParams struct {
+ Name string `json:"name"`
+ Version int `json:"version"`
+ Modes []string `json:"modes,omitempty"`
+}
+
+type processHookDecisionResponse struct {
+ Action HookAction `json:"action"`
+ Reason string `json:"reason,omitempty"`
+}
+
+type processHookBeforeLLMResponse struct {
+ processHookDecisionResponse
+ Request *LLMHookRequest `json:"request,omitempty"`
+}
+
+type processHookAfterLLMResponse struct {
+ processHookDecisionResponse
+ Response *LLMHookResponse `json:"response,omitempty"`
+}
+
+type processHookBeforeToolResponse struct {
+ processHookDecisionResponse
+ Call *ToolCallHookRequest `json:"call,omitempty"`
+}
+
+type processHookAfterToolResponse struct {
+ processHookDecisionResponse
+ Result *ToolResultHookResponse `json:"result,omitempty"`
+}
+
+func NewProcessHook(ctx context.Context, name string, opts ProcessHookOptions) (*ProcessHook, error) {
+ if len(opts.Command) == 0 {
+ return nil, fmt.Errorf("process hook command is required")
+ }
+
+ cmd := exec.Command(opts.Command[0], opts.Command[1:]...)
+ cmd.Dir = opts.Dir
+ if len(opts.Env) > 0 {
+ cmd.Env = append(os.Environ(), opts.Env...)
+ }
+ stdin, err := cmd.StdinPipe()
+ if err != nil {
+ return nil, fmt.Errorf("create process hook stdin: %w", err)
+ }
+ stdout, err := cmd.StdoutPipe()
+ if err != nil {
+ return nil, fmt.Errorf("create process hook stdout: %w", err)
+ }
+ stderr, err := cmd.StderrPipe()
+ if err != nil {
+ return nil, fmt.Errorf("create process hook stderr: %w", err)
+ }
+ if err := cmd.Start(); err != nil {
+ return nil, fmt.Errorf("start process hook: %w", err)
+ }
+
+ ph := &ProcessHook{
+ name: name,
+ opts: opts,
+ cmd: cmd,
+ stdin: stdin,
+ observeKinds: newProcessHookObserveKinds(opts.ObserveKinds),
+ pending: make(map[uint64]chan processHookRPCMessage),
+ done: make(chan struct{}),
+ }
+
+ go ph.readLoop(stdout)
+ go ph.readStderr(stderr)
+ go ph.waitLoop()
+
+ helloCtx := ctx
+ if helloCtx == nil {
+ var cancel context.CancelFunc
+ helloCtx, cancel = context.WithTimeout(context.Background(), 5*time.Second)
+ defer cancel()
+ }
+ if err := ph.hello(helloCtx); err != nil {
+ _ = ph.Close()
+ return nil, err
+ }
+
+ return ph, nil
+}
+
+func (ph *ProcessHook) Close() error {
+ if ph == nil {
+ return nil
+ }
+
+ ph.closeOnce.Do(func() {
+ ph.closed.Store(true)
+ if ph.stdin != nil {
+ _ = ph.stdin.Close()
+ }
+
+ select {
+ case <-ph.done:
+ case <-time.After(processHookCloseTimeout):
+ if ph.cmd != nil && ph.cmd.Process != nil {
+ _ = ph.cmd.Process.Kill()
+ }
+ <-ph.done
+ }
+ })
+
+ ph.closeMu.Lock()
+ defer ph.closeMu.Unlock()
+ return ph.closeErr
+}
+
+func (ph *ProcessHook) OnEvent(ctx context.Context, evt Event) error {
+ if ph == nil || !ph.opts.Observe {
+ return nil
+ }
+ if len(ph.observeKinds) > 0 {
+ if _, ok := ph.observeKinds[evt.Kind.String()]; !ok {
+ return nil
+ }
+ }
+ return ph.notify(ctx, "hook.event", evt)
+}
+
+func (ph *ProcessHook) BeforeLLM(
+ ctx context.Context,
+ req *LLMHookRequest,
+) (*LLMHookRequest, HookDecision, error) {
+ if ph == nil || !ph.opts.InterceptLLM {
+ return req, HookDecision{Action: HookActionContinue}, nil
+ }
+
+ var resp processHookBeforeLLMResponse
+ if err := ph.call(ctx, "hook.before_llm", req, &resp); err != nil {
+ return nil, HookDecision{}, err
+ }
+ if resp.Request == nil {
+ resp.Request = req
+ }
+ return resp.Request, HookDecision{Action: resp.Action, Reason: resp.Reason}, nil
+}
+
+func (ph *ProcessHook) AfterLLM(
+ ctx context.Context,
+ resp *LLMHookResponse,
+) (*LLMHookResponse, HookDecision, error) {
+ if ph == nil || !ph.opts.InterceptLLM {
+ return resp, HookDecision{Action: HookActionContinue}, nil
+ }
+
+ var result processHookAfterLLMResponse
+ if err := ph.call(ctx, "hook.after_llm", resp, &result); err != nil {
+ return nil, HookDecision{}, err
+ }
+ if result.Response == nil {
+ result.Response = resp
+ }
+ return result.Response, HookDecision{Action: result.Action, Reason: result.Reason}, nil
+}
+
+func (ph *ProcessHook) BeforeTool(
+ ctx context.Context,
+ call *ToolCallHookRequest,
+) (*ToolCallHookRequest, HookDecision, error) {
+ if ph == nil || !ph.opts.InterceptTool {
+ return call, HookDecision{Action: HookActionContinue}, nil
+ }
+
+ var resp processHookBeforeToolResponse
+ if err := ph.call(ctx, "hook.before_tool", call, &resp); err != nil {
+ return nil, HookDecision{}, err
+ }
+ if resp.Call == nil {
+ resp.Call = call
+ }
+ return resp.Call, HookDecision{Action: resp.Action, Reason: resp.Reason}, nil
+}
+
+func (ph *ProcessHook) AfterTool(
+ ctx context.Context,
+ result *ToolResultHookResponse,
+) (*ToolResultHookResponse, HookDecision, error) {
+ if ph == nil || !ph.opts.InterceptTool {
+ return result, HookDecision{Action: HookActionContinue}, nil
+ }
+
+ var resp processHookAfterToolResponse
+ if err := ph.call(ctx, "hook.after_tool", result, &resp); err != nil {
+ return nil, HookDecision{}, err
+ }
+ if resp.Result == nil {
+ resp.Result = result
+ }
+ return resp.Result, HookDecision{Action: resp.Action, Reason: resp.Reason}, nil
+}
+
+func (ph *ProcessHook) ApproveTool(ctx context.Context, req *ToolApprovalRequest) (ApprovalDecision, error) {
+ if ph == nil || !ph.opts.ApproveTool {
+ return ApprovalDecision{Approved: true}, nil
+ }
+
+ var resp ApprovalDecision
+ if err := ph.call(ctx, "hook.approve_tool", req, &resp); err != nil {
+ return ApprovalDecision{}, err
+ }
+ return resp, nil
+}
+
+func (ph *ProcessHook) hello(ctx context.Context) error {
+ modes := make([]string, 0, 4)
+ if ph.opts.Observe {
+ modes = append(modes, "observe")
+ }
+ if ph.opts.InterceptLLM {
+ modes = append(modes, "llm")
+ }
+ if ph.opts.InterceptTool {
+ modes = append(modes, "tool")
+ }
+ if ph.opts.ApproveTool {
+ modes = append(modes, "approve")
+ }
+
+ var result map[string]any
+ return ph.call(ctx, "hook.hello", processHookHelloParams{
+ Name: ph.name,
+ Version: 1,
+ Modes: modes,
+ }, &result)
+}
+
+func (ph *ProcessHook) notify(ctx context.Context, method string, params any) error {
+ msg := processHookRPCMessage{
+ JSONRPC: processHookJSONRPCVersion,
+ Method: method,
+ }
+ if params != nil {
+ body, err := json.Marshal(params)
+ if err != nil {
+ return err
+ }
+ msg.Params = body
+ }
+ return ph.send(ctx, msg)
+}
+
+func (ph *ProcessHook) call(ctx context.Context, method string, params any, out any) error {
+ if ph.closed.Load() {
+ return fmt.Errorf("process hook %q is closed", ph.name)
+ }
+
+ id := ph.nextID.Add(1)
+ respCh := make(chan processHookRPCMessage, 1)
+ ph.pendingMu.Lock()
+ ph.pending[id] = respCh
+ ph.pendingMu.Unlock()
+
+ msg := processHookRPCMessage{
+ JSONRPC: processHookJSONRPCVersion,
+ ID: id,
+ Method: method,
+ }
+ if params != nil {
+ body, err := json.Marshal(params)
+ if err != nil {
+ ph.removePending(id)
+ return err
+ }
+ msg.Params = body
+ }
+
+ if err := ph.send(ctx, msg); err != nil {
+ ph.removePending(id)
+ return err
+ }
+
+ select {
+ case resp, ok := <-respCh:
+ if !ok {
+ return fmt.Errorf("process hook %q closed while waiting for %s", ph.name, method)
+ }
+ if resp.Error != nil {
+ return fmt.Errorf("process hook %q %s failed: %s", ph.name, method, resp.Error.Message)
+ }
+ if out != nil && len(resp.Result) > 0 {
+ if err := json.Unmarshal(resp.Result, out); err != nil {
+ return fmt.Errorf("decode process hook %q %s result: %w", ph.name, method, err)
+ }
+ }
+ return nil
+ case <-ctx.Done():
+ ph.removePending(id)
+ return ctx.Err()
+ }
+}
+
+func (ph *ProcessHook) send(ctx context.Context, msg processHookRPCMessage) error {
+ body, err := json.Marshal(msg)
+ if err != nil {
+ return err
+ }
+ body = append(body, '\n')
+
+ ph.writeMu.Lock()
+ defer ph.writeMu.Unlock()
+
+ if ph.closed.Load() {
+ return fmt.Errorf("process hook %q is closed", ph.name)
+ }
+
+ done := make(chan error, 1)
+ go func() {
+ _, writeErr := ph.stdin.Write(body)
+ done <- writeErr
+ }()
+
+ select {
+ case err := <-done:
+ if err != nil {
+ return fmt.Errorf("write process hook %q message: %w", ph.name, err)
+ }
+ return nil
+ case <-ctx.Done():
+ return ctx.Err()
+ }
+}
+
+func (ph *ProcessHook) readLoop(stdout io.Reader) {
+ scanner := bufio.NewScanner(stdout)
+ scanner.Buffer(make([]byte, 0, 64*1024), processHookReadBufferSize)
+
+ for scanner.Scan() {
+ var msg processHookRPCMessage
+ if err := json.Unmarshal(scanner.Bytes(), &msg); err != nil {
+ logger.WarnCF("hooks", "Failed to decode process hook message", map[string]any{
+ "hook": ph.name,
+ "error": err.Error(),
+ })
+ continue
+ }
+ if msg.ID == 0 {
+ continue
+ }
+ ph.pendingMu.Lock()
+ respCh, ok := ph.pending[msg.ID]
+ if ok {
+ delete(ph.pending, msg.ID)
+ }
+ ph.pendingMu.Unlock()
+ if ok {
+ respCh <- msg
+ close(respCh)
+ }
+ }
+}
+
+func (ph *ProcessHook) readStderr(stderr io.Reader) {
+ scanner := bufio.NewScanner(stderr)
+ scanner.Buffer(make([]byte, 0, 16*1024), processHookReadBufferSize)
+ for scanner.Scan() {
+ logger.WarnCF("hooks", "Process hook stderr", map[string]any{
+ "hook": ph.name,
+ "stderr": scanner.Text(),
+ })
+ }
+}
+
+func (ph *ProcessHook) waitLoop() {
+ err := ph.cmd.Wait()
+ ph.closeMu.Lock()
+ ph.closeErr = err
+ ph.closeMu.Unlock()
+ ph.failPending(err)
+ close(ph.done)
+}
+
+func (ph *ProcessHook) failPending(err error) {
+ ph.pendingMu.Lock()
+ defer ph.pendingMu.Unlock()
+
+ msg := processHookRPCMessage{
+ Error: &processHookRPCError{
+ Code: -32000,
+ Message: "process exited",
+ },
+ }
+ if err != nil {
+ msg.Error.Message = err.Error()
+ }
+
+ for id, ch := range ph.pending {
+ delete(ph.pending, id)
+ ch <- msg
+ close(ch)
+ }
+}
+
+func (ph *ProcessHook) removePending(id uint64) {
+ ph.pendingMu.Lock()
+ defer ph.pendingMu.Unlock()
+
+ if ch, ok := ph.pending[id]; ok {
+ delete(ph.pending, id)
+ close(ch)
+ }
+}
+
+func (al *AgentLoop) MountProcessHook(ctx context.Context, name string, opts ProcessHookOptions) error {
+ if al == nil {
+ return fmt.Errorf("agent loop is nil")
+ }
+ processHook, err := NewProcessHook(ctx, name, opts)
+ if err != nil {
+ return err
+ }
+ if err := al.MountHook(HookRegistration{
+ Name: name,
+ Source: HookSourceProcess,
+ Hook: processHook,
+ }); err != nil {
+ _ = processHook.Close()
+ return err
+ }
+ return nil
+}
+
+func newProcessHookObserveKinds(kinds []string) map[string]struct{} {
+ if len(kinds) == 0 {
+ return nil
+ }
+
+ normalized := make(map[string]struct{}, len(kinds))
+ for _, kind := range kinds {
+ if kind == "" {
+ continue
+ }
+ normalized[kind] = struct{}{}
+ }
+ if len(normalized) == 0 {
+ return nil
+ }
+ return normalized
+}
diff --git a/pkg/agent/hook_process_test.go b/pkg/agent/hook_process_test.go
new file mode 100644
index 000000000..50f89811f
--- /dev/null
+++ b/pkg/agent/hook_process_test.go
@@ -0,0 +1,339 @@
+package agent
+
+import (
+ "bufio"
+ "context"
+ "encoding/json"
+ "fmt"
+ "os"
+ "path/filepath"
+ "strings"
+ "testing"
+ "time"
+
+ "github.com/sipeed/picoclaw/pkg/providers"
+)
+
+func TestProcessHook_HelperProcess(t *testing.T) {
+ if os.Getenv("PICOCLAW_HOOK_HELPER") != "1" {
+ return
+ }
+ if err := runProcessHookHelper(); err != nil {
+ fmt.Fprintln(os.Stderr, err.Error())
+ os.Exit(1)
+ }
+ os.Exit(0)
+}
+
+func TestAgentLoop_MountProcessHook_LLMAndObserver(t *testing.T) {
+ provider := &llmHookTestProvider{}
+ al, agent, cleanup := newHookTestLoop(t, provider)
+ defer cleanup()
+
+ eventLog := filepath.Join(t.TempDir(), "events.log")
+ if err := al.MountProcessHook(context.Background(), "ipc-llm", ProcessHookOptions{
+ Command: processHookHelperCommand(),
+ Env: processHookHelperEnv("rewrite", eventLog),
+ Observe: true,
+ InterceptLLM: true,
+ }); err != nil {
+ t.Fatalf("MountProcessHook failed: %v", err)
+ }
+
+ resp, err := al.runAgentLoop(context.Background(), agent, processOptions{
+ SessionKey: "session-1",
+ Channel: "cli",
+ ChatID: "direct",
+ UserMessage: "hello",
+ DefaultResponse: defaultResponse,
+ EnableSummary: false,
+ SendResponse: false,
+ })
+ if err != nil {
+ t.Fatalf("runAgentLoop failed: %v", err)
+ }
+ if resp != "provider content|ipc" {
+ t.Fatalf("expected process-hooked llm content, got %q", resp)
+ }
+
+ provider.mu.Lock()
+ lastModel := provider.lastModel
+ provider.mu.Unlock()
+ if lastModel != "process-model" {
+ t.Fatalf("expected process model, got %q", lastModel)
+ }
+
+ waitForFileContains(t, eventLog, "turn_end")
+}
+
+func TestAgentLoop_MountProcessHook_ToolRewrite(t *testing.T) {
+ provider := &toolHookProvider{}
+ al, agent, cleanup := newHookTestLoop(t, provider)
+ defer cleanup()
+
+ al.RegisterTool(&echoTextTool{})
+ if err := al.MountProcessHook(context.Background(), "ipc-tool", ProcessHookOptions{
+ Command: processHookHelperCommand(),
+ Env: processHookHelperEnv("rewrite", ""),
+ InterceptTool: true,
+ }); err != nil {
+ t.Fatalf("MountProcessHook failed: %v", err)
+ }
+
+ resp, err := al.runAgentLoop(context.Background(), agent, processOptions{
+ SessionKey: "session-1",
+ Channel: "cli",
+ ChatID: "direct",
+ UserMessage: "run tool",
+ DefaultResponse: defaultResponse,
+ EnableSummary: false,
+ SendResponse: false,
+ })
+ if err != nil {
+ t.Fatalf("runAgentLoop failed: %v", err)
+ }
+ if resp != "ipc:ipc" {
+ t.Fatalf("expected rewritten process-hook tool result, got %q", resp)
+ }
+}
+
+type blockedToolProvider struct {
+ calls int
+}
+
+func (p *blockedToolProvider) Chat(
+ ctx context.Context,
+ messages []providers.Message,
+ tools []providers.ToolDefinition,
+ model string,
+ opts map[string]any,
+) (*providers.LLMResponse, error) {
+ p.calls++
+ if p.calls == 1 {
+ return &providers.LLMResponse{
+ ToolCalls: []providers.ToolCall{
+ {
+ ID: "call-1",
+ Name: "blocked_tool",
+ Arguments: map[string]any{},
+ },
+ },
+ }, nil
+ }
+
+ return &providers.LLMResponse{
+ Content: messages[len(messages)-1].Content,
+ }, nil
+}
+
+func (p *blockedToolProvider) GetDefaultModel() string {
+ return "blocked-tool-provider"
+}
+
+func TestAgentLoop_MountProcessHook_ApprovalDeny(t *testing.T) {
+ provider := &blockedToolProvider{}
+ al, agent, cleanup := newHookTestLoop(t, provider)
+ defer cleanup()
+
+ if err := al.MountProcessHook(context.Background(), "ipc-approval", ProcessHookOptions{
+ Command: processHookHelperCommand(),
+ Env: processHookHelperEnv("deny", ""),
+ ApproveTool: true,
+ }); err != nil {
+ t.Fatalf("MountProcessHook failed: %v", err)
+ }
+
+ sub := al.SubscribeEvents(16)
+ defer al.UnsubscribeEvents(sub.ID)
+
+ resp, err := al.runAgentLoop(context.Background(), agent, processOptions{
+ SessionKey: "session-1",
+ Channel: "cli",
+ ChatID: "direct",
+ UserMessage: "run blocked tool",
+ DefaultResponse: defaultResponse,
+ EnableSummary: false,
+ SendResponse: false,
+ })
+ if err != nil {
+ t.Fatalf("runAgentLoop failed: %v", err)
+ }
+
+ expected := "Tool execution denied by approval hook: blocked by ipc hook"
+ if resp != expected {
+ t.Fatalf("expected %q, got %q", expected, resp)
+ }
+
+ events := collectEventStream(sub.C)
+ skippedEvt, ok := findEvent(events, EventKindToolExecSkipped)
+ if !ok {
+ t.Fatal("expected tool skipped event")
+ }
+ payload, ok := skippedEvt.Payload.(ToolExecSkippedPayload)
+ if !ok {
+ t.Fatalf("expected ToolExecSkippedPayload, got %T", skippedEvt.Payload)
+ }
+ if payload.Reason != expected {
+ t.Fatalf("expected reason %q, got %q", expected, payload.Reason)
+ }
+}
+
+func processHookHelperCommand() []string {
+ return []string{os.Args[0], "-test.run=TestProcessHook_HelperProcess", "--"}
+}
+
+func processHookHelperEnv(mode, eventLog string) []string {
+ env := []string{
+ "PICOCLAW_HOOK_HELPER=1",
+ "PICOCLAW_HOOK_MODE=" + mode,
+ }
+ if eventLog != "" {
+ env = append(env, "PICOCLAW_HOOK_EVENT_LOG="+eventLog)
+ }
+ return env
+}
+
+func waitForFileContains(t *testing.T, path, substring string) {
+ t.Helper()
+
+ deadline := time.Now().Add(3 * time.Second)
+ for time.Now().Before(deadline) {
+ data, err := os.ReadFile(path)
+ if err == nil && strings.Contains(string(data), substring) {
+ return
+ }
+ time.Sleep(20 * time.Millisecond)
+ }
+
+ data, _ := os.ReadFile(path)
+ t.Fatalf("timed out waiting for %q in %s; current content: %q", substring, path, string(data))
+}
+
+func runProcessHookHelper() error {
+ mode := os.Getenv("PICOCLAW_HOOK_MODE")
+ eventLog := os.Getenv("PICOCLAW_HOOK_EVENT_LOG")
+
+ scanner := bufio.NewScanner(os.Stdin)
+ scanner.Buffer(make([]byte, 0, 64*1024), processHookReadBufferSize)
+ encoder := json.NewEncoder(os.Stdout)
+
+ for scanner.Scan() {
+ var msg processHookRPCMessage
+ if err := json.Unmarshal(scanner.Bytes(), &msg); err != nil {
+ return err
+ }
+
+ if msg.ID == 0 {
+ if msg.Method == "hook.event" && eventLog != "" {
+ var evt map[string]any
+ if err := json.Unmarshal(msg.Params, &evt); err == nil {
+ if rawKind, ok := evt["Kind"].(float64); ok {
+ kind := EventKind(rawKind)
+ _ = os.WriteFile(eventLog, []byte(kind.String()+"\n"), 0o644)
+ }
+ }
+ }
+ continue
+ }
+
+ result, rpcErr := handleProcessHookRequest(mode, msg)
+ resp := processHookRPCMessage{
+ JSONRPC: processHookJSONRPCVersion,
+ ID: msg.ID,
+ }
+ if rpcErr != nil {
+ resp.Error = rpcErr
+ } else if result != nil {
+ body, err := json.Marshal(result)
+ if err != nil {
+ return err
+ }
+ resp.Result = body
+ } else {
+ resp.Result = []byte("{}")
+ }
+
+ if err := encoder.Encode(resp); err != nil {
+ return err
+ }
+ }
+
+ return scanner.Err()
+}
+
+func handleProcessHookRequest(mode string, msg processHookRPCMessage) (any, *processHookRPCError) {
+ switch msg.Method {
+ case "hook.hello":
+ return map[string]any{"ok": true}, nil
+ case "hook.before_llm":
+ if mode != "rewrite" {
+ return map[string]any{"action": HookActionContinue}, nil
+ }
+ var req map[string]any
+ _ = json.Unmarshal(msg.Params, &req)
+ req["model"] = "process-model"
+ return map[string]any{
+ "action": HookActionModify,
+ "request": req,
+ }, nil
+ case "hook.after_llm":
+ if mode != "rewrite" {
+ return map[string]any{"action": HookActionContinue}, nil
+ }
+ var resp map[string]any
+ _ = json.Unmarshal(msg.Params, &resp)
+ if rawResponse, ok := resp["response"].(map[string]any); ok {
+ if content, ok := rawResponse["content"].(string); ok {
+ rawResponse["content"] = content + "|ipc"
+ }
+ }
+ return map[string]any{
+ "action": HookActionModify,
+ "response": resp,
+ }, nil
+ case "hook.before_tool":
+ if mode != "rewrite" {
+ return map[string]any{"action": HookActionContinue}, nil
+ }
+ var call map[string]any
+ _ = json.Unmarshal(msg.Params, &call)
+ rawArgs, ok := call["arguments"].(map[string]any)
+ if !ok || rawArgs == nil {
+ rawArgs = map[string]any{}
+ }
+ rawArgs["text"] = "ipc"
+ call["arguments"] = rawArgs
+ return map[string]any{
+ "action": HookActionModify,
+ "call": call,
+ }, nil
+ case "hook.after_tool":
+ if mode != "rewrite" {
+ return map[string]any{"action": HookActionContinue}, nil
+ }
+ var result map[string]any
+ _ = json.Unmarshal(msg.Params, &result)
+ if rawResult, ok := result["result"].(map[string]any); ok {
+ if forLLM, ok := rawResult["for_llm"].(string); ok {
+ rawResult["for_llm"] = "ipc:" + forLLM
+ }
+ }
+ return map[string]any{
+ "action": HookActionModify,
+ "result": result,
+ }, nil
+ case "hook.approve_tool":
+ if mode == "deny" {
+ return ApprovalDecision{
+ Approved: false,
+ Reason: "blocked by ipc hook",
+ }, nil
+ }
+ return ApprovalDecision{Approved: true}, nil
+ default:
+ return nil, &processHookRPCError{
+ Code: -32601,
+ Message: "method not found",
+ }
+ }
+}
diff --git a/pkg/agent/hooks.go b/pkg/agent/hooks.go
new file mode 100644
index 000000000..c1ef58ffd
--- /dev/null
+++ b/pkg/agent/hooks.go
@@ -0,0 +1,809 @@
+package agent
+
+import (
+ "context"
+ "fmt"
+ "io"
+ "sort"
+ "sync"
+ "time"
+
+ "github.com/sipeed/picoclaw/pkg/logger"
+ "github.com/sipeed/picoclaw/pkg/providers"
+ "github.com/sipeed/picoclaw/pkg/tools"
+)
+
+const (
+ defaultHookObserverTimeout = 500 * time.Millisecond
+ defaultHookInterceptorTimeout = 5 * time.Second
+ defaultHookApprovalTimeout = 60 * time.Second
+ hookObserverBufferSize = 64
+)
+
+type HookAction string
+
+const (
+ HookActionContinue HookAction = "continue"
+ HookActionModify HookAction = "modify"
+ HookActionDenyTool HookAction = "deny_tool"
+ HookActionAbortTurn HookAction = "abort_turn"
+ HookActionHardAbort HookAction = "hard_abort"
+)
+
+type HookDecision struct {
+ Action HookAction `json:"action"`
+ Reason string `json:"reason,omitempty"`
+}
+
+func (d HookDecision) normalizedAction() HookAction {
+ if d.Action == "" {
+ return HookActionContinue
+ }
+ return d.Action
+}
+
+type ApprovalDecision struct {
+ Approved bool `json:"approved"`
+ Reason string `json:"reason,omitempty"`
+}
+
+type HookSource uint8
+
+const (
+ HookSourceInProcess HookSource = iota
+ HookSourceProcess
+)
+
+type HookRegistration struct {
+ Name string
+ Priority int
+ Source HookSource
+ Hook any
+}
+
+func NamedHook(name string, hook any) HookRegistration {
+ return HookRegistration{
+ Name: name,
+ Source: HookSourceInProcess,
+ Hook: hook,
+ }
+}
+
+type EventObserver interface {
+ OnEvent(ctx context.Context, evt Event) error
+}
+
+type LLMInterceptor interface {
+ BeforeLLM(ctx context.Context, req *LLMHookRequest) (*LLMHookRequest, HookDecision, error)
+ AfterLLM(ctx context.Context, resp *LLMHookResponse) (*LLMHookResponse, HookDecision, error)
+}
+
+type ToolInterceptor interface {
+ BeforeTool(ctx context.Context, call *ToolCallHookRequest) (*ToolCallHookRequest, HookDecision, error)
+ AfterTool(ctx context.Context, result *ToolResultHookResponse) (*ToolResultHookResponse, HookDecision, error)
+}
+
+type ToolApprover interface {
+ ApproveTool(ctx context.Context, req *ToolApprovalRequest) (ApprovalDecision, error)
+}
+
+type LLMHookRequest struct {
+ Meta EventMeta `json:"meta"`
+ Model string `json:"model"`
+ Messages []providers.Message `json:"messages,omitempty"`
+ Tools []providers.ToolDefinition `json:"tools,omitempty"`
+ Options map[string]any `json:"options,omitempty"`
+ Channel string `json:"channel,omitempty"`
+ ChatID string `json:"chat_id,omitempty"`
+ GracefulTerminal bool `json:"graceful_terminal,omitempty"`
+}
+
+func (r *LLMHookRequest) Clone() *LLMHookRequest {
+ if r == nil {
+ return nil
+ }
+ cloned := *r
+ cloned.Messages = cloneProviderMessages(r.Messages)
+ cloned.Tools = cloneToolDefinitions(r.Tools)
+ cloned.Options = cloneStringAnyMap(r.Options)
+ return &cloned
+}
+
+type LLMHookResponse struct {
+ Meta EventMeta `json:"meta"`
+ Model string `json:"model"`
+ Response *providers.LLMResponse `json:"response,omitempty"`
+ Channel string `json:"channel,omitempty"`
+ ChatID string `json:"chat_id,omitempty"`
+}
+
+func (r *LLMHookResponse) Clone() *LLMHookResponse {
+ if r == nil {
+ return nil
+ }
+ cloned := *r
+ cloned.Response = cloneLLMResponse(r.Response)
+ return &cloned
+}
+
+type ToolCallHookRequest struct {
+ Meta EventMeta `json:"meta"`
+ Tool string `json:"tool"`
+ Arguments map[string]any `json:"arguments,omitempty"`
+ Channel string `json:"channel,omitempty"`
+ ChatID string `json:"chat_id,omitempty"`
+}
+
+func (r *ToolCallHookRequest) Clone() *ToolCallHookRequest {
+ if r == nil {
+ return nil
+ }
+ cloned := *r
+ cloned.Arguments = cloneStringAnyMap(r.Arguments)
+ return &cloned
+}
+
+type ToolApprovalRequest struct {
+ Meta EventMeta `json:"meta"`
+ Tool string `json:"tool"`
+ Arguments map[string]any `json:"arguments,omitempty"`
+ Channel string `json:"channel,omitempty"`
+ ChatID string `json:"chat_id,omitempty"`
+}
+
+func (r *ToolApprovalRequest) Clone() *ToolApprovalRequest {
+ if r == nil {
+ return nil
+ }
+ cloned := *r
+ cloned.Arguments = cloneStringAnyMap(r.Arguments)
+ return &cloned
+}
+
+type ToolResultHookResponse struct {
+ Meta EventMeta `json:"meta"`
+ Tool string `json:"tool"`
+ Arguments map[string]any `json:"arguments,omitempty"`
+ Result *tools.ToolResult `json:"result,omitempty"`
+ Duration time.Duration `json:"duration"`
+ Channel string `json:"channel,omitempty"`
+ ChatID string `json:"chat_id,omitempty"`
+}
+
+func (r *ToolResultHookResponse) Clone() *ToolResultHookResponse {
+ if r == nil {
+ return nil
+ }
+ cloned := *r
+ cloned.Arguments = cloneStringAnyMap(r.Arguments)
+ cloned.Result = cloneToolResult(r.Result)
+ return &cloned
+}
+
+type HookManager struct {
+ eventBus *EventBus
+ observerTimeout time.Duration
+ interceptorTimeout time.Duration
+ approvalTimeout time.Duration
+
+ mu sync.RWMutex
+ hooks map[string]HookRegistration
+ ordered []HookRegistration
+
+ sub EventSubscription
+ done chan struct{}
+ closeOnce sync.Once
+}
+
+func NewHookManager(eventBus *EventBus) *HookManager {
+ hm := &HookManager{
+ eventBus: eventBus,
+ observerTimeout: defaultHookObserverTimeout,
+ interceptorTimeout: defaultHookInterceptorTimeout,
+ approvalTimeout: defaultHookApprovalTimeout,
+ hooks: make(map[string]HookRegistration),
+ done: make(chan struct{}),
+ }
+
+ if eventBus == nil {
+ close(hm.done)
+ return hm
+ }
+
+ hm.sub = eventBus.Subscribe(hookObserverBufferSize)
+ go hm.dispatchEvents()
+ return hm
+}
+
+func (hm *HookManager) Close() {
+ if hm == nil {
+ return
+ }
+
+ hm.closeOnce.Do(func() {
+ if hm.eventBus != nil {
+ hm.eventBus.Unsubscribe(hm.sub.ID)
+ }
+ <-hm.done
+ hm.closeAllHooks()
+ })
+}
+
+func (hm *HookManager) ConfigureTimeouts(observer, interceptor, approval time.Duration) {
+ if hm == nil {
+ return
+ }
+ if observer > 0 {
+ hm.observerTimeout = observer
+ }
+ if interceptor > 0 {
+ hm.interceptorTimeout = interceptor
+ }
+ if approval > 0 {
+ hm.approvalTimeout = approval
+ }
+}
+
+func (hm *HookManager) Mount(reg HookRegistration) error {
+ if hm == nil {
+ return fmt.Errorf("hook manager is nil")
+ }
+ if reg.Name == "" {
+ return fmt.Errorf("hook name is required")
+ }
+ if reg.Hook == nil {
+ return fmt.Errorf("hook %q is nil", reg.Name)
+ }
+
+ hm.mu.Lock()
+ defer hm.mu.Unlock()
+
+ if existing, ok := hm.hooks[reg.Name]; ok {
+ closeHookIfPossible(existing.Hook)
+ }
+ hm.hooks[reg.Name] = reg
+ hm.rebuildOrdered()
+ return nil
+}
+
+func (hm *HookManager) Unmount(name string) {
+ if hm == nil || name == "" {
+ return
+ }
+
+ hm.mu.Lock()
+ defer hm.mu.Unlock()
+
+ if existing, ok := hm.hooks[name]; ok {
+ closeHookIfPossible(existing.Hook)
+ }
+ delete(hm.hooks, name)
+ hm.rebuildOrdered()
+}
+
+func (hm *HookManager) dispatchEvents() {
+ defer close(hm.done)
+
+ for evt := range hm.sub.C {
+ for _, reg := range hm.snapshotHooks() {
+ observer, ok := reg.Hook.(EventObserver)
+ if !ok {
+ continue
+ }
+ hm.runObserver(reg.Name, observer, evt)
+ }
+ }
+}
+
+func (hm *HookManager) BeforeLLM(ctx context.Context, req *LLMHookRequest) (*LLMHookRequest, HookDecision) {
+ if hm == nil || req == nil {
+ return req, HookDecision{Action: HookActionContinue}
+ }
+
+ current := req.Clone()
+ for _, reg := range hm.snapshotHooks() {
+ interceptor, ok := reg.Hook.(LLMInterceptor)
+ if !ok {
+ continue
+ }
+
+ next, decision, ok := hm.callBeforeLLM(ctx, reg.Name, interceptor, current.Clone())
+ if !ok {
+ continue
+ }
+
+ switch decision.normalizedAction() {
+ case HookActionContinue, HookActionModify:
+ if next != nil {
+ current = next
+ }
+ case HookActionAbortTurn, HookActionHardAbort:
+ return current, decision
+ default:
+ hm.logUnsupportedAction(reg.Name, "before_llm", decision.Action)
+ }
+ }
+ return current, HookDecision{Action: HookActionContinue}
+}
+
+func (hm *HookManager) AfterLLM(ctx context.Context, resp *LLMHookResponse) (*LLMHookResponse, HookDecision) {
+ if hm == nil || resp == nil {
+ return resp, HookDecision{Action: HookActionContinue}
+ }
+
+ current := resp.Clone()
+ for _, reg := range hm.snapshotHooks() {
+ interceptor, ok := reg.Hook.(LLMInterceptor)
+ if !ok {
+ continue
+ }
+
+ next, decision, ok := hm.callAfterLLM(ctx, reg.Name, interceptor, current.Clone())
+ if !ok {
+ continue
+ }
+
+ switch decision.normalizedAction() {
+ case HookActionContinue, HookActionModify:
+ if next != nil {
+ current = next
+ }
+ case HookActionAbortTurn, HookActionHardAbort:
+ return current, decision
+ default:
+ hm.logUnsupportedAction(reg.Name, "after_llm", decision.Action)
+ }
+ }
+ return current, HookDecision{Action: HookActionContinue}
+}
+
+func (hm *HookManager) BeforeTool(
+ ctx context.Context,
+ call *ToolCallHookRequest,
+) (*ToolCallHookRequest, HookDecision) {
+ if hm == nil || call == nil {
+ return call, HookDecision{Action: HookActionContinue}
+ }
+
+ current := call.Clone()
+ for _, reg := range hm.snapshotHooks() {
+ interceptor, ok := reg.Hook.(ToolInterceptor)
+ if !ok {
+ continue
+ }
+
+ next, decision, ok := hm.callBeforeTool(ctx, reg.Name, interceptor, current.Clone())
+ if !ok {
+ continue
+ }
+
+ switch decision.normalizedAction() {
+ case HookActionContinue, HookActionModify:
+ if next != nil {
+ current = next
+ }
+ case HookActionDenyTool, HookActionAbortTurn, HookActionHardAbort:
+ return current, decision
+ default:
+ hm.logUnsupportedAction(reg.Name, "before_tool", decision.Action)
+ }
+ }
+ return current, HookDecision{Action: HookActionContinue}
+}
+
+func (hm *HookManager) AfterTool(
+ ctx context.Context,
+ result *ToolResultHookResponse,
+) (*ToolResultHookResponse, HookDecision) {
+ if hm == nil || result == nil {
+ return result, HookDecision{Action: HookActionContinue}
+ }
+
+ current := result.Clone()
+ for _, reg := range hm.snapshotHooks() {
+ interceptor, ok := reg.Hook.(ToolInterceptor)
+ if !ok {
+ continue
+ }
+
+ next, decision, ok := hm.callAfterTool(ctx, reg.Name, interceptor, current.Clone())
+ if !ok {
+ continue
+ }
+
+ switch decision.normalizedAction() {
+ case HookActionContinue, HookActionModify:
+ if next != nil {
+ current = next
+ }
+ case HookActionAbortTurn, HookActionHardAbort:
+ return current, decision
+ default:
+ hm.logUnsupportedAction(reg.Name, "after_tool", decision.Action)
+ }
+ }
+ return current, HookDecision{Action: HookActionContinue}
+}
+
+func (hm *HookManager) ApproveTool(ctx context.Context, req *ToolApprovalRequest) ApprovalDecision {
+ if hm == nil || req == nil {
+ return ApprovalDecision{Approved: true}
+ }
+
+ for _, reg := range hm.snapshotHooks() {
+ approver, ok := reg.Hook.(ToolApprover)
+ if !ok {
+ continue
+ }
+
+ decision, ok := hm.callApproveTool(ctx, reg.Name, approver, req.Clone())
+ if !ok {
+ return ApprovalDecision{
+ Approved: false,
+ Reason: fmt.Sprintf("tool approval hook %q failed", reg.Name),
+ }
+ }
+ if !decision.Approved {
+ return decision
+ }
+ }
+
+ return ApprovalDecision{Approved: true}
+}
+
+func (hm *HookManager) rebuildOrdered() {
+ hm.ordered = hm.ordered[:0]
+ for _, reg := range hm.hooks {
+ hm.ordered = append(hm.ordered, reg)
+ }
+ sort.SliceStable(hm.ordered, func(i, j int) bool {
+ if hm.ordered[i].Source != hm.ordered[j].Source {
+ return hm.ordered[i].Source < hm.ordered[j].Source
+ }
+ if hm.ordered[i].Priority == hm.ordered[j].Priority {
+ return hm.ordered[i].Name < hm.ordered[j].Name
+ }
+ return hm.ordered[i].Priority < hm.ordered[j].Priority
+ })
+}
+
+func (hm *HookManager) snapshotHooks() []HookRegistration {
+ hm.mu.RLock()
+ defer hm.mu.RUnlock()
+
+ snapshot := make([]HookRegistration, len(hm.ordered))
+ copy(snapshot, hm.ordered)
+ return snapshot
+}
+
+func (hm *HookManager) closeAllHooks() {
+ hm.mu.Lock()
+ defer hm.mu.Unlock()
+
+ for name, reg := range hm.hooks {
+ closeHookIfPossible(reg.Hook)
+ delete(hm.hooks, name)
+ }
+ hm.ordered = nil
+}
+
+func (hm *HookManager) runObserver(name string, observer EventObserver, evt Event) {
+ ctx, cancel := context.WithTimeout(context.Background(), hm.observerTimeout)
+ defer cancel()
+
+ done := make(chan error, 1)
+ go func() {
+ done <- observer.OnEvent(ctx, evt)
+ }()
+
+ select {
+ case err := <-done:
+ if err != nil {
+ logger.WarnCF("hooks", "Event observer failed", map[string]any{
+ "hook": name,
+ "event": evt.Kind.String(),
+ "error": err.Error(),
+ })
+ }
+ case <-ctx.Done():
+ logger.WarnCF("hooks", "Event observer timed out", map[string]any{
+ "hook": name,
+ "event": evt.Kind.String(),
+ "timeout_ms": hm.observerTimeout.Milliseconds(),
+ })
+ }
+}
+
+func (hm *HookManager) callBeforeLLM(
+ parent context.Context,
+ name string,
+ interceptor LLMInterceptor,
+ req *LLMHookRequest,
+) (*LLMHookRequest, HookDecision, bool) {
+ return runInterceptorHook(
+ parent,
+ hm.interceptorTimeout,
+ name,
+ "before_llm",
+ func(ctx context.Context) (*LLMHookRequest, HookDecision, error) {
+ return interceptor.BeforeLLM(ctx, req)
+ },
+ )
+}
+
+func (hm *HookManager) callAfterLLM(
+ parent context.Context,
+ name string,
+ interceptor LLMInterceptor,
+ resp *LLMHookResponse,
+) (*LLMHookResponse, HookDecision, bool) {
+ return runInterceptorHook(
+ parent,
+ hm.interceptorTimeout,
+ name,
+ "after_llm",
+ func(ctx context.Context) (*LLMHookResponse, HookDecision, error) {
+ return interceptor.AfterLLM(ctx, resp)
+ },
+ )
+}
+
+func (hm *HookManager) callBeforeTool(
+ parent context.Context,
+ name string,
+ interceptor ToolInterceptor,
+ call *ToolCallHookRequest,
+) (*ToolCallHookRequest, HookDecision, bool) {
+ return runInterceptorHook(
+ parent,
+ hm.interceptorTimeout,
+ name,
+ "before_tool",
+ func(ctx context.Context) (*ToolCallHookRequest, HookDecision, error) {
+ return interceptor.BeforeTool(ctx, call)
+ },
+ )
+}
+
+func (hm *HookManager) callAfterTool(
+ parent context.Context,
+ name string,
+ interceptor ToolInterceptor,
+ resultView *ToolResultHookResponse,
+) (*ToolResultHookResponse, HookDecision, bool) {
+ return runInterceptorHook(
+ parent,
+ hm.interceptorTimeout,
+ name,
+ "after_tool",
+ func(ctx context.Context) (*ToolResultHookResponse, HookDecision, error) {
+ return interceptor.AfterTool(ctx, resultView)
+ },
+ )
+}
+
+func (hm *HookManager) callApproveTool(
+ parent context.Context,
+ name string,
+ approver ToolApprover,
+ req *ToolApprovalRequest,
+) (ApprovalDecision, bool) {
+ return runApprovalHook(
+ parent,
+ hm.approvalTimeout,
+ name,
+ "approve_tool",
+ func(ctx context.Context) (ApprovalDecision, error) {
+ return approver.ApproveTool(ctx, req)
+ },
+ )
+}
+
+func runInterceptorHook[T any](
+ parent context.Context,
+ timeout time.Duration,
+ name string,
+ stage string,
+ fn func(ctx context.Context) (T, HookDecision, error),
+) (T, HookDecision, bool) {
+ var zero T
+
+ ctx, cancel := context.WithTimeout(parent, timeout)
+ defer cancel()
+
+ type result struct {
+ value T
+ decision HookDecision
+ err error
+ }
+ done := make(chan result, 1)
+ go func() {
+ value, decision, err := fn(ctx)
+ done <- result{value: value, decision: decision, err: err}
+ }()
+
+ select {
+ case res := <-done:
+ if res.err != nil {
+ logger.WarnCF("hooks", "Interceptor hook failed", map[string]any{
+ "hook": name,
+ "stage": stage,
+ "error": res.err.Error(),
+ })
+ return zero, HookDecision{}, false
+ }
+ return res.value, res.decision, true
+ case <-ctx.Done():
+ logger.WarnCF("hooks", "Interceptor hook timed out", map[string]any{
+ "hook": name,
+ "stage": stage,
+ "timeout_ms": timeout.Milliseconds(),
+ })
+ return zero, HookDecision{}, false
+ }
+}
+
+func runApprovalHook(
+ parent context.Context,
+ timeout time.Duration,
+ name string,
+ stage string,
+ fn func(ctx context.Context) (ApprovalDecision, error),
+) (ApprovalDecision, bool) {
+ ctx, cancel := context.WithTimeout(parent, timeout)
+ defer cancel()
+
+ type result struct {
+ decision ApprovalDecision
+ err error
+ }
+ done := make(chan result, 1)
+ go func() {
+ decision, err := fn(ctx)
+ done <- result{decision: decision, err: err}
+ }()
+
+ select {
+ case res := <-done:
+ if res.err != nil {
+ logger.WarnCF("hooks", "Approval hook failed", map[string]any{
+ "hook": name,
+ "stage": stage,
+ "error": res.err.Error(),
+ })
+ return ApprovalDecision{}, false
+ }
+ return res.decision, true
+ case <-ctx.Done():
+ logger.WarnCF("hooks", "Approval hook timed out", map[string]any{
+ "hook": name,
+ "stage": stage,
+ "timeout_ms": timeout.Milliseconds(),
+ })
+ return ApprovalDecision{
+ Approved: false,
+ Reason: fmt.Sprintf("tool approval hook %q timed out", name),
+ }, true
+ }
+}
+
+func (hm *HookManager) logUnsupportedAction(name, stage string, action HookAction) {
+ logger.WarnCF("hooks", "Hook returned unsupported action for stage", map[string]any{
+ "hook": name,
+ "stage": stage,
+ "action": action,
+ })
+}
+
+func cloneProviderMessages(messages []providers.Message) []providers.Message {
+ if len(messages) == 0 {
+ return nil
+ }
+
+ cloned := make([]providers.Message, len(messages))
+ for i, msg := range messages {
+ cloned[i] = msg
+ if len(msg.Media) > 0 {
+ cloned[i].Media = append([]string(nil), msg.Media...)
+ }
+ if len(msg.SystemParts) > 0 {
+ cloned[i].SystemParts = append([]providers.ContentBlock(nil), msg.SystemParts...)
+ }
+ if len(msg.ToolCalls) > 0 {
+ cloned[i].ToolCalls = cloneProviderToolCalls(msg.ToolCalls)
+ }
+ }
+ return cloned
+}
+
+func cloneProviderToolCalls(calls []providers.ToolCall) []providers.ToolCall {
+ if len(calls) == 0 {
+ return nil
+ }
+
+ cloned := make([]providers.ToolCall, len(calls))
+ for i, call := range calls {
+ cloned[i] = call
+ if call.Function != nil {
+ fn := *call.Function
+ cloned[i].Function = &fn
+ }
+ if call.Arguments != nil {
+ cloned[i].Arguments = cloneStringAnyMap(call.Arguments)
+ }
+ if call.ExtraContent != nil {
+ extra := *call.ExtraContent
+ if call.ExtraContent.Google != nil {
+ google := *call.ExtraContent.Google
+ extra.Google = &google
+ }
+ cloned[i].ExtraContent = &extra
+ }
+ }
+ return cloned
+}
+
+func cloneToolDefinitions(defs []providers.ToolDefinition) []providers.ToolDefinition {
+ if len(defs) == 0 {
+ return nil
+ }
+
+ cloned := make([]providers.ToolDefinition, len(defs))
+ for i, def := range defs {
+ cloned[i] = def
+ cloned[i].Function.Parameters = cloneStringAnyMap(def.Function.Parameters)
+ }
+ return cloned
+}
+
+func cloneLLMResponse(resp *providers.LLMResponse) *providers.LLMResponse {
+ if resp == nil {
+ return nil
+ }
+ cloned := *resp
+ cloned.ToolCalls = cloneProviderToolCalls(resp.ToolCalls)
+ if len(resp.ReasoningDetails) > 0 {
+ cloned.ReasoningDetails = append(cloned.ReasoningDetails[:0:0], resp.ReasoningDetails...)
+ }
+ if resp.Usage != nil {
+ usage := *resp.Usage
+ cloned.Usage = &usage
+ }
+ return &cloned
+}
+
+func cloneStringAnyMap(src map[string]any) map[string]any {
+ if len(src) == 0 {
+ return nil
+ }
+
+ cloned := make(map[string]any, len(src))
+ for k, v := range src {
+ cloned[k] = v
+ }
+ return cloned
+}
+
+func cloneToolResult(result *tools.ToolResult) *tools.ToolResult {
+ if result == nil {
+ return nil
+ }
+
+ cloned := *result
+ if len(result.Media) > 0 {
+ cloned.Media = append([]string(nil), result.Media...)
+ }
+ return &cloned
+}
+
+func closeHookIfPossible(hook any) {
+ closer, ok := hook.(io.Closer)
+ if !ok {
+ return
+ }
+ if err := closer.Close(); err != nil {
+ logger.WarnCF("hooks", "Failed to close hook", map[string]any{
+ "error": err.Error(),
+ })
+ }
+}
diff --git a/pkg/agent/hooks_test.go b/pkg/agent/hooks_test.go
new file mode 100644
index 000000000..49e1b1784
--- /dev/null
+++ b/pkg/agent/hooks_test.go
@@ -0,0 +1,345 @@
+package agent
+
+import (
+ "context"
+ "os"
+ "sync"
+ "testing"
+ "time"
+
+ "github.com/sipeed/picoclaw/pkg/bus"
+ "github.com/sipeed/picoclaw/pkg/config"
+ "github.com/sipeed/picoclaw/pkg/providers"
+ "github.com/sipeed/picoclaw/pkg/tools"
+)
+
+func newHookTestLoop(
+ t *testing.T,
+ provider providers.LLMProvider,
+) (*AgentLoop, *AgentInstance, func()) {
+ t.Helper()
+
+ tmpDir, err := os.MkdirTemp("", "agent-hooks-*")
+ if err != nil {
+ t.Fatalf("failed to create temp dir: %v", err)
+ }
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ }
+
+ al := NewAgentLoop(cfg, bus.NewMessageBus(), provider)
+ agent := al.registry.GetDefaultAgent()
+ if agent == nil {
+ t.Fatal("expected default agent")
+ }
+
+ return al, agent, func() {
+ al.Close()
+ _ = os.RemoveAll(tmpDir)
+ }
+}
+
+func TestHookManager_SortsInProcessBeforeProcess(t *testing.T) {
+ hm := NewHookManager(nil)
+ defer hm.Close()
+
+ if err := hm.Mount(HookRegistration{
+ Name: "process",
+ Priority: -10,
+ Source: HookSourceProcess,
+ Hook: struct{}{},
+ }); err != nil {
+ t.Fatalf("mount process hook: %v", err)
+ }
+ if err := hm.Mount(HookRegistration{
+ Name: "in-process",
+ Priority: 100,
+ Source: HookSourceInProcess,
+ Hook: struct{}{},
+ }); err != nil {
+ t.Fatalf("mount in-process hook: %v", err)
+ }
+
+ ordered := hm.snapshotHooks()
+ if len(ordered) != 2 {
+ t.Fatalf("expected 2 hooks, got %d", len(ordered))
+ }
+ if ordered[0].Name != "in-process" {
+ t.Fatalf("expected in-process hook first, got %q", ordered[0].Name)
+ }
+ if ordered[1].Name != "process" {
+ t.Fatalf("expected process hook second, got %q", ordered[1].Name)
+ }
+}
+
+type llmHookTestProvider struct {
+ mu sync.Mutex
+ lastModel string
+}
+
+func (p *llmHookTestProvider) Chat(
+ ctx context.Context,
+ messages []providers.Message,
+ tools []providers.ToolDefinition,
+ model string,
+ opts map[string]any,
+) (*providers.LLMResponse, error) {
+ p.mu.Lock()
+ p.lastModel = model
+ p.mu.Unlock()
+
+ return &providers.LLMResponse{
+ Content: "provider content",
+ }, nil
+}
+
+func (p *llmHookTestProvider) GetDefaultModel() string {
+ return "llm-hook-provider"
+}
+
+type llmObserverHook struct {
+ eventCh chan Event
+}
+
+func (h *llmObserverHook) OnEvent(ctx context.Context, evt Event) error {
+ if evt.Kind == EventKindTurnEnd {
+ select {
+ case h.eventCh <- evt:
+ default:
+ }
+ }
+ return nil
+}
+
+func (h *llmObserverHook) BeforeLLM(
+ ctx context.Context,
+ req *LLMHookRequest,
+) (*LLMHookRequest, HookDecision, error) {
+ next := req.Clone()
+ next.Model = "hook-model"
+ return next, HookDecision{Action: HookActionModify}, nil
+}
+
+func (h *llmObserverHook) AfterLLM(
+ ctx context.Context,
+ resp *LLMHookResponse,
+) (*LLMHookResponse, HookDecision, error) {
+ next := resp.Clone()
+ next.Response.Content = "hooked content"
+ return next, HookDecision{Action: HookActionModify}, nil
+}
+
+func TestAgentLoop_Hooks_ObserverAndLLMInterceptor(t *testing.T) {
+ provider := &llmHookTestProvider{}
+ al, agent, cleanup := newHookTestLoop(t, provider)
+ defer cleanup()
+
+ hook := &llmObserverHook{eventCh: make(chan Event, 1)}
+ if err := al.MountHook(NamedHook("llm-observer", hook)); err != nil {
+ t.Fatalf("MountHook failed: %v", err)
+ }
+
+ resp, err := al.runAgentLoop(context.Background(), agent, processOptions{
+ SessionKey: "session-1",
+ Channel: "cli",
+ ChatID: "direct",
+ UserMessage: "hello",
+ DefaultResponse: defaultResponse,
+ EnableSummary: false,
+ SendResponse: false,
+ })
+ if err != nil {
+ t.Fatalf("runAgentLoop failed: %v", err)
+ }
+ if resp != "hooked content" {
+ t.Fatalf("expected hooked content, got %q", resp)
+ }
+
+ provider.mu.Lock()
+ lastModel := provider.lastModel
+ provider.mu.Unlock()
+ if lastModel != "hook-model" {
+ t.Fatalf("expected model hook-model, got %q", lastModel)
+ }
+
+ select {
+ case evt := <-hook.eventCh:
+ if evt.Kind != EventKindTurnEnd {
+ t.Fatalf("expected turn end event, got %v", evt.Kind)
+ }
+ case <-time.After(2 * time.Second):
+ t.Fatal("timed out waiting for hook observer event")
+ }
+}
+
+type toolHookProvider struct {
+ mu sync.Mutex
+ calls int
+}
+
+func (p *toolHookProvider) Chat(
+ ctx context.Context,
+ messages []providers.Message,
+ tools []providers.ToolDefinition,
+ model string,
+ opts map[string]any,
+) (*providers.LLMResponse, error) {
+ p.mu.Lock()
+ defer p.mu.Unlock()
+
+ p.calls++
+ if p.calls == 1 {
+ return &providers.LLMResponse{
+ ToolCalls: []providers.ToolCall{
+ {
+ ID: "call-1",
+ Name: "echo_text",
+ Arguments: map[string]any{"text": "original"},
+ },
+ },
+ }, nil
+ }
+
+ last := messages[len(messages)-1]
+ return &providers.LLMResponse{
+ Content: last.Content,
+ }, nil
+}
+
+func (p *toolHookProvider) GetDefaultModel() string {
+ return "tool-hook-provider"
+}
+
+type echoTextTool struct{}
+
+func (t *echoTextTool) Name() string {
+ return "echo_text"
+}
+
+func (t *echoTextTool) Description() string {
+ return "echo a text argument"
+}
+
+func (t *echoTextTool) Parameters() map[string]any {
+ return map[string]any{
+ "type": "object",
+ "properties": map[string]any{
+ "text": map[string]any{
+ "type": "string",
+ },
+ },
+ }
+}
+
+func (t *echoTextTool) Execute(ctx context.Context, args map[string]any) *tools.ToolResult {
+ text, _ := args["text"].(string)
+ return tools.SilentResult(text)
+}
+
+type toolRewriteHook struct{}
+
+func (h *toolRewriteHook) BeforeTool(
+ ctx context.Context,
+ call *ToolCallHookRequest,
+) (*ToolCallHookRequest, HookDecision, error) {
+ next := call.Clone()
+ next.Arguments["text"] = "modified"
+ return next, HookDecision{Action: HookActionModify}, nil
+}
+
+func (h *toolRewriteHook) AfterTool(
+ ctx context.Context,
+ result *ToolResultHookResponse,
+) (*ToolResultHookResponse, HookDecision, error) {
+ next := result.Clone()
+ next.Result.ForLLM = "after:" + next.Result.ForLLM
+ return next, HookDecision{Action: HookActionModify}, nil
+}
+
+func TestAgentLoop_Hooks_ToolInterceptorCanRewrite(t *testing.T) {
+ provider := &toolHookProvider{}
+ al, agent, cleanup := newHookTestLoop(t, provider)
+ defer cleanup()
+
+ al.RegisterTool(&echoTextTool{})
+ if err := al.MountHook(NamedHook("tool-rewrite", &toolRewriteHook{})); err != nil {
+ t.Fatalf("MountHook failed: %v", err)
+ }
+
+ resp, err := al.runAgentLoop(context.Background(), agent, processOptions{
+ SessionKey: "session-1",
+ Channel: "cli",
+ ChatID: "direct",
+ UserMessage: "run tool",
+ DefaultResponse: defaultResponse,
+ EnableSummary: false,
+ SendResponse: false,
+ })
+ if err != nil {
+ t.Fatalf("runAgentLoop failed: %v", err)
+ }
+ if resp != "after:modified" {
+ t.Fatalf("expected rewritten tool result, got %q", resp)
+ }
+}
+
+type denyApprovalHook struct{}
+
+func (h *denyApprovalHook) ApproveTool(ctx context.Context, req *ToolApprovalRequest) (ApprovalDecision, error) {
+ return ApprovalDecision{
+ Approved: false,
+ Reason: "blocked",
+ }, nil
+}
+
+func TestAgentLoop_Hooks_ToolApproverCanDeny(t *testing.T) {
+ provider := &toolHookProvider{}
+ al, agent, cleanup := newHookTestLoop(t, provider)
+ defer cleanup()
+
+ al.RegisterTool(&echoTextTool{})
+ if err := al.MountHook(NamedHook("deny-approval", &denyApprovalHook{})); err != nil {
+ t.Fatalf("MountHook failed: %v", err)
+ }
+
+ sub := al.SubscribeEvents(16)
+ defer al.UnsubscribeEvents(sub.ID)
+
+ resp, err := al.runAgentLoop(context.Background(), agent, processOptions{
+ SessionKey: "session-1",
+ Channel: "cli",
+ ChatID: "direct",
+ UserMessage: "run tool",
+ DefaultResponse: defaultResponse,
+ EnableSummary: false,
+ SendResponse: false,
+ })
+ if err != nil {
+ t.Fatalf("runAgentLoop failed: %v", err)
+ }
+ expected := "Tool execution denied by approval hook: blocked"
+ if resp != expected {
+ t.Fatalf("expected %q, got %q", expected, resp)
+ }
+
+ events := collectEventStream(sub.C)
+ skippedEvt, ok := findEvent(events, EventKindToolExecSkipped)
+ if !ok {
+ t.Fatal("expected tool skipped event")
+ }
+ payload, ok := skippedEvt.Payload.(ToolExecSkippedPayload)
+ if !ok {
+ t.Fatalf("expected ToolExecSkippedPayload, got %T", skippedEvt.Payload)
+ }
+ if payload.Reason != expected {
+ t.Fatalf("expected skipped reason %q, got %q", expected, payload.Reason)
+ }
+}
diff --git a/pkg/agent/instance.go b/pkg/agent/instance.go
index 355e78a33..34d401186 100644
--- a/pkg/agent/instance.go
+++ b/pkg/agent/instance.go
@@ -130,6 +130,17 @@ func NewAgentInstance(
maxTokens = 8192
}
+ contextWindow := defaults.ContextWindow
+ if contextWindow == 0 {
+ // Default heuristic: 4x the output token limit.
+ // Most models have context windows well above their output limits
+ // (e.g., GPT-4o 128k ctx / 16k out, Claude 200k ctx / 8k out).
+ // 4x is a conservative lower bound that avoids premature
+ // summarization while remaining safe — the reactive
+ // forceCompression handles any overshoot.
+ contextWindow = maxTokens * 4
+ }
+
temperature := 0.7
if defaults.Temperature != nil {
temperature = *defaults.Temperature
@@ -182,7 +193,7 @@ func NewAgentInstance(
MaxTokens: maxTokens,
Temperature: temperature,
ThinkingLevel: thinkingLevel,
- ContextWindow: maxTokens,
+ ContextWindow: contextWindow,
SummarizeMessageThreshold: summarizeMessageThreshold,
SummarizeTokenPercent: summarizeTokenPercent,
Provider: provider,
diff --git a/pkg/agent/instance_test.go b/pkg/agent/instance_test.go
index b3318ad1f..e073cb929 100644
--- a/pkg/agent/instance_test.go
+++ b/pkg/agent/instance_test.go
@@ -22,7 +22,7 @@ func TestNewAgentInstance_UsesDefaultsTemperatureAndMaxTokens(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 1234,
MaxToolIterations: 5,
},
@@ -54,7 +54,7 @@ func TestNewAgentInstance_DefaultsTemperatureWhenZero(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 1234,
MaxToolIterations: 5,
},
@@ -83,7 +83,7 @@ func TestNewAgentInstance_DefaultsTemperatureWhenUnset(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 1234,
MaxToolIterations: 5,
},
@@ -137,10 +137,10 @@ func TestNewAgentInstance_ResolveCandidatesFromModelListAlias(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: tt.aliasName,
+ ModelName: tt.aliasName,
},
},
- ModelList: []config.ModelConfig{
+ ModelList: []*config.ModelConfig{
{
ModelName: tt.aliasName,
Model: tt.modelName,
diff --git a/pkg/agent/loop.go b/pkg/agent/loop.go
index ed5c73afc..c837d8d70 100644
--- a/pkg/agent/loop.go
+++ b/pkg/agent/loop.go
@@ -17,7 +17,6 @@ import (
"sync"
"sync/atomic"
"time"
- "unicode/utf8"
"github.com/sipeed/picoclaw/pkg/bus"
"github.com/sipeed/picoclaw/pkg/channels"
@@ -36,10 +35,17 @@ import (
)
type AgentLoop struct {
- bus *bus.MessageBus
- cfg *config.Config
- registry *AgentRegistry
- state *state.Manager
+ // Core dependencies
+ bus *bus.MessageBus
+ cfg *config.Config
+ registry *AgentRegistry
+ state *state.Manager
+
+ // Event system (from Incoming)
+ eventBus *EventBus
+ hooks *HookManager
+
+ // Runtime state
running atomic.Bool
summarizing sync.Map
fallback *providers.FallbackChain
@@ -48,25 +54,43 @@ type AgentLoop struct {
transcriber voice.Transcriber
cmdRegistry *commands.Registry
mcp mcpRuntime
+ hookRuntime hookRuntime
+ steering *steeringQueue
mu sync.RWMutex
- reloadFunc func() error
- // Track active requests for safe provider cleanup
+
+ // Concurrent turn management (from HEAD)
+ activeTurnStates sync.Map // key: sessionKey (string), value: *turnState
+ subTurnCounter atomic.Int64 // Counter for generating unique SubTurn IDs
+
+ // Turn tracking (from Incoming)
+ turnSeq atomic.Uint64
activeRequests sync.WaitGroup
+
+ reloadFunc func() error
}
// processOptions configures how a message is processed
type processOptions struct {
- SessionKey string // Session identifier for history/context
- Channel string // Target channel for tool execution
- ChatID string // Target chat ID for tool execution
- SenderID string // Current sender ID for dynamic context
- SenderDisplayName string // Current sender display name for dynamic context
- UserMessage string // User message content (may include prefix)
- Media []string // media:// refs from inbound message
- DefaultResponse string // Response when LLM returns empty
- EnableSummary bool // Whether to trigger summarization
- SendResponse bool // Whether to send response via bus
- NoHistory bool // If true, don't load session history (for heartbeat)
+ SessionKey string // Session identifier for history/context
+ Channel string // Target channel for tool execution
+ ChatID string // Target chat ID for tool execution
+ SenderID string // Current sender ID for dynamic context
+ SenderDisplayName string // Current sender display name for dynamic context
+ UserMessage string // User message content (may include prefix)
+ SystemPromptOverride string // Override the default system prompt (Used by SubTurns)
+ Media []string // media:// refs from inbound message
+ InitialSteeringMessages []providers.Message // Steering messages from refactor/agent
+ DefaultResponse string // Response when LLM returns empty
+ EnableSummary bool // Whether to trigger summarization
+ SendResponse bool // Whether to send response via bus
+ NoHistory bool // If true, don't load session history (for heartbeat)
+ SkipInitialSteeringPoll bool // If true, skip the steering poll at loop start (used by Continue)
+}
+
+type continuationTarget struct {
+ SessionKey string
+ Channel string
+ ChatID string
}
const (
@@ -87,9 +111,6 @@ func NewAgentLoop(
) *AgentLoop {
registry := NewAgentRegistry(cfg, provider)
- // Register shared tools to all agents
- registerSharedTools(cfg, msgBus, registry, provider)
-
// Set up shared fallback chain
cooldown := providers.NewCooldownTracker()
fallbackChain := providers.NewFallbackChain(cooldown)
@@ -101,21 +122,30 @@ func NewAgentLoop(
stateManager = state.NewManager(defaultAgent.Workspace)
}
+ eventBus := NewEventBus()
al := &AgentLoop{
bus: msgBus,
cfg: cfg,
registry: registry,
state: stateManager,
+ eventBus: eventBus,
summarizing: sync.Map{},
fallback: fallbackChain,
cmdRegistry: commands.NewRegistry(commands.BuiltinDefinitions()),
+ steering: newSteeringQueue(parseSteeringMode(cfg.Agents.Defaults.SteeringMode)),
}
+ al.hooks = NewHookManager(eventBus)
+ configureHookManagerFromConfig(al.hooks, cfg)
+
+ // Register shared tools to all agents (now that al is created)
+ registerSharedTools(al, cfg, msgBus, registry, provider)
return al
}
// registerSharedTools registers tools that are shared across all agents (web, message, spawn).
func registerSharedTools(
+ al *AgentLoop,
cfg *config.Config,
msgBus *bus.MessageBus,
registry *AgentRegistry,
@@ -131,30 +161,37 @@ func registerSharedTools(
if cfg.Tools.IsToolEnabled("web") {
searchTool, err := tools.NewWebSearchTool(tools.WebSearchToolOptions{
- BraveAPIKeys: config.MergeAPIKeys(cfg.Tools.Web.Brave.APIKey, cfg.Tools.Web.Brave.APIKeys),
- BraveMaxResults: cfg.Tools.Web.Brave.MaxResults,
- BraveEnabled: cfg.Tools.Web.Brave.Enabled,
- TavilyAPIKeys: config.MergeAPIKeys(cfg.Tools.Web.Tavily.APIKey, cfg.Tools.Web.Tavily.APIKeys),
+ BraveAPIKeys: config.MergeAPIKeys(cfg.Tools.Web.Brave.APIKey(), cfg.Tools.Web.Brave.APIKeys()),
+ BraveMaxResults: cfg.Tools.Web.Brave.MaxResults,
+ BraveEnabled: cfg.Tools.Web.Brave.Enabled,
+ TavilyAPIKeys: config.MergeAPIKeys(
+ cfg.Tools.Web.Tavily.APIKey(),
+ cfg.Tools.Web.Tavily.APIKeys(),
+ ),
TavilyBaseURL: cfg.Tools.Web.Tavily.BaseURL,
TavilyMaxResults: cfg.Tools.Web.Tavily.MaxResults,
TavilyEnabled: cfg.Tools.Web.Tavily.Enabled,
DuckDuckGoMaxResults: cfg.Tools.Web.DuckDuckGo.MaxResults,
DuckDuckGoEnabled: cfg.Tools.Web.DuckDuckGo.Enabled,
PerplexityAPIKeys: config.MergeAPIKeys(
- cfg.Tools.Web.Perplexity.APIKey,
- cfg.Tools.Web.Perplexity.APIKeys,
+ cfg.Tools.Web.Perplexity.APIKey(),
+ cfg.Tools.Web.Perplexity.APIKeys(),
),
- PerplexityMaxResults: cfg.Tools.Web.Perplexity.MaxResults,
- PerplexityEnabled: cfg.Tools.Web.Perplexity.Enabled,
- SearXNGBaseURL: cfg.Tools.Web.SearXNG.BaseURL,
- SearXNGMaxResults: cfg.Tools.Web.SearXNG.MaxResults,
- SearXNGEnabled: cfg.Tools.Web.SearXNG.Enabled,
- GLMSearchAPIKey: cfg.Tools.Web.GLMSearch.APIKey,
- GLMSearchBaseURL: cfg.Tools.Web.GLMSearch.BaseURL,
- GLMSearchEngine: cfg.Tools.Web.GLMSearch.SearchEngine,
- GLMSearchMaxResults: cfg.Tools.Web.GLMSearch.MaxResults,
- GLMSearchEnabled: cfg.Tools.Web.GLMSearch.Enabled,
- Proxy: cfg.Tools.Web.Proxy,
+ PerplexityMaxResults: cfg.Tools.Web.Perplexity.MaxResults,
+ PerplexityEnabled: cfg.Tools.Web.Perplexity.Enabled,
+ SearXNGBaseURL: cfg.Tools.Web.SearXNG.BaseURL,
+ SearXNGMaxResults: cfg.Tools.Web.SearXNG.MaxResults,
+ SearXNGEnabled: cfg.Tools.Web.SearXNG.Enabled,
+ GLMSearchAPIKey: cfg.Tools.Web.GLMSearch.APIKey(),
+ GLMSearchBaseURL: cfg.Tools.Web.GLMSearch.BaseURL,
+ GLMSearchEngine: cfg.Tools.Web.GLMSearch.SearchEngine,
+ GLMSearchMaxResults: cfg.Tools.Web.GLMSearch.MaxResults,
+ GLMSearchEnabled: cfg.Tools.Web.GLMSearch.Enabled,
+ BaiduSearchAPIKey: cfg.Tools.Web.BaiduSearch.APIKey(),
+ BaiduSearchBaseURL: cfg.Tools.Web.BaiduSearch.BaseURL,
+ BaiduSearchMaxResults: cfg.Tools.Web.BaiduSearch.MaxResults,
+ BaiduSearchEnabled: cfg.Tools.Web.BaiduSearch.Enabled,
+ Proxy: cfg.Tools.Web.Proxy,
})
if err != nil {
logger.ErrorCF("agent", "Failed to create web search tool", map[string]any{"error": err.Error()})
@@ -216,9 +253,20 @@ func registerSharedTools(
find_skills_enable := cfg.Tools.IsToolEnabled("find_skills")
install_skills_enable := cfg.Tools.IsToolEnabled("install_skill")
if skills_enabled && (find_skills_enable || install_skills_enable) {
+ clawHubConfig := cfg.Tools.Skills.Registries.ClawHub
registryMgr := skills.NewRegistryManagerFromConfig(skills.RegistryConfig{
MaxConcurrentSearches: cfg.Tools.Skills.MaxConcurrentSearches,
- ClawHub: skills.ClawHubConfig(cfg.Tools.Skills.Registries.ClawHub),
+ ClawHub: skills.ClawHubConfig{
+ Enabled: clawHubConfig.Enabled,
+ BaseURL: clawHubConfig.BaseURL,
+ AuthToken: clawHubConfig.AuthToken(),
+ SearchPath: clawHubConfig.SearchPath,
+ SkillsPath: clawHubConfig.SkillsPath,
+ DownloadPath: clawHubConfig.DownloadPath,
+ Timeout: clawHubConfig.Timeout,
+ MaxZipSize: clawHubConfig.MaxZipSize,
+ MaxResponseSize: clawHubConfig.MaxResponseSize,
+ },
})
if find_skills_enable {
@@ -241,6 +289,67 @@ func registerSharedTools(
if (spawnEnabled || spawnStatusEnabled) && cfg.Tools.IsToolEnabled("subagent") {
subagentManager := tools.NewSubagentManager(provider, agent.Model, agent.Workspace)
subagentManager.SetLLMOptions(agent.MaxTokens, agent.Temperature)
+
+ // Set the spawner that links into AgentLoop's turnState
+ subagentManager.SetSpawner(func(
+ ctx context.Context,
+ task, label, targetAgentID string,
+ tls *tools.ToolRegistry,
+ maxTokens int,
+ temperature float64,
+ hasMaxTokens, hasTemperature bool,
+ ) (*tools.ToolResult, error) {
+ // 1. Recover parent Turn State from Context
+ parentTS := turnStateFromContext(ctx)
+ if parentTS == nil {
+ // Fallback: If no turnState exists in context, create an isolated ad-hoc root turn state
+ // so that the tool can still function outside of an agent loop (e.g. tests, raw invocations).
+ parentTS = &turnState{
+ ctx: ctx,
+ turnID: "adhoc-root",
+ depth: 0,
+ session: nil, // Ephemeral session not needed for adhoc spawn
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, 5),
+ }
+ }
+
+ // 2. Build Tools slice from registry
+ var tlSlice []tools.Tool
+ for _, name := range tls.List() {
+ if t, ok := tls.Get(name); ok {
+ tlSlice = append(tlSlice, t)
+ }
+ }
+
+ // 3. System Prompt
+ systemPrompt := "You are a subagent. Complete the given task independently and report the result.\n" +
+ "You have access to tools - use them as needed to complete your task.\n" +
+ "After completing the task, provide a clear summary of what was done.\n\n" +
+ "Task: " + task
+
+ // 4. Resolve Model
+ modelToUse := agent.Model
+ if targetAgentID != "" {
+ if targetAgent, ok := al.GetRegistry().GetAgent(targetAgentID); ok {
+ modelToUse = targetAgent.Model
+ }
+ }
+
+ // 5. Build SubTurnConfig
+ cfg := SubTurnConfig{
+ Model: modelToUse,
+ Tools: tlSlice,
+ SystemPrompt: systemPrompt,
+ }
+ if hasMaxTokens {
+ cfg.MaxTokens = maxTokens
+ }
+
+ // 6. Spawn SubTurn
+ return spawnSubTurn(ctx, al, parentTS, cfg)
+ })
+
// Clone the parent's tool registry so subagents can use all
// tools registered so far (file, web, etc.) but NOT spawn/
// spawn_status which are added below — preventing recursive
@@ -248,11 +357,18 @@ func registerSharedTools(
subagentManager.SetTools(agent.Tools.Clone())
if spawnEnabled {
spawnTool := tools.NewSpawnTool(subagentManager)
+ spawnTool.SetSpawner(NewSubTurnSpawner(al))
currentAgentID := agentID
spawnTool.SetAllowlistChecker(func(targetAgentID string) bool {
return registry.CanSpawnSubagent(currentAgentID, targetAgentID)
})
+
agent.Tools.Register(spawnTool)
+
+ // Also register the synchronous subagent tool
+ subagentTool := tools.NewSubagentTool(subagentManager)
+ subagentTool.SetSpawner(NewSubTurnSpawner(al))
+ agent.Tools.Register(subagentTool)
}
if spawnStatusEnabled {
agent.Tools.Register(tools.NewSpawnStatusTool(subagentManager))
@@ -266,6 +382,9 @@ func registerSharedTools(
func (al *AgentLoop) Run(ctx context.Context) error {
al.running.Store(true)
+ if err := al.ensureHooksInitialized(ctx); err != nil {
+ return err
+ }
if err := al.ensureMCPInitialized(ctx); err != nil {
return err
}
@@ -278,6 +397,17 @@ func (al *AgentLoop) Run(ctx context.Context) error {
if !ok {
return nil
}
+
+ // Start a goroutine that drains the bus while processMessage is
+ // running. Only messages that resolve to the active turn scope are
+ // redirected into steering; other inbound messages are requeued.
+ drainCancel := func() {}
+ if activeScope, activeAgentID, ok := al.resolveSteeringTarget(msg); ok {
+ drainCtx, cancel := context.WithCancel(ctx)
+ drainCancel = cancel
+ go al.drainBusToSteering(drainCtx, activeScope, activeAgentID)
+ }
+
// Process message
func() {
defer func() {
@@ -298,43 +428,95 @@ func (al *AgentLoop) Run(ctx context.Context) error {
// }
// }()
+ drainCanceled := false
+ cancelDrain := func() {
+ if drainCanceled {
+ return
+ }
+ drainCancel()
+ drainCanceled = true
+ }
+ defer cancelDrain()
+
response, err := al.processMessage(ctx, msg)
if err != nil {
response = fmt.Sprintf("Error processing message: %v", err)
}
+ finalResponse := response
- if response != "" {
- // Check if the message tool already sent a response during this round.
- // If so, skip publishing to avoid duplicate messages to the user.
- // Use default agent's tools to check (message tool is shared).
- alreadySent := false
- defaultAgent := al.GetRegistry().GetDefaultAgent()
- if defaultAgent != nil {
- if tool, ok := defaultAgent.Tools.Get("message"); ok {
- if mt, ok := tool.(*tools.MessageTool); ok {
- alreadySent = mt.HasSentInRound()
- }
- }
- }
- if !alreadySent {
- al.bus.PublishOutbound(ctx, bus.OutboundMessage{
- Channel: msg.Channel,
- ChatID: msg.ChatID,
- Content: response,
+ target, targetErr := al.buildContinuationTarget(msg)
+ if targetErr != nil {
+ logger.WarnCF("agent", "Failed to build steering continuation target",
+ map[string]any{
+ "channel": msg.Channel,
+ "error": targetErr.Error(),
})
- logger.InfoCF("agent", "Published outbound response",
- map[string]any{
- "channel": msg.Channel,
- "chat_id": msg.ChatID,
- "content_len": len(response),
- })
- } else {
- logger.DebugCF(
- "agent",
- "Skipped outbound (message tool already sent)",
- map[string]any{"channel": msg.Channel},
- )
+ return
+ }
+ if target == nil {
+ cancelDrain()
+ if finalResponse != "" {
+ al.publishResponseIfNeeded(ctx, msg.Channel, msg.ChatID, finalResponse)
}
+ return
+ }
+
+ for al.pendingSteeringCountForScope(target.SessionKey) > 0 {
+ logger.InfoCF("agent", "Continuing queued steering after turn end",
+ map[string]any{
+ "channel": target.Channel,
+ "chat_id": target.ChatID,
+ "session_key": target.SessionKey,
+ "queue_depth": al.pendingSteeringCountForScope(target.SessionKey),
+ })
+
+ continued, continueErr := al.Continue(ctx, target.SessionKey, target.Channel, target.ChatID)
+ if continueErr != nil {
+ logger.WarnCF("agent", "Failed to continue queued steering",
+ map[string]any{
+ "channel": target.Channel,
+ "chat_id": target.ChatID,
+ "error": continueErr.Error(),
+ })
+ return
+ }
+ if continued == "" {
+ return
+ }
+
+ finalResponse = continued
+ }
+
+ cancelDrain()
+
+ for al.pendingSteeringCountForScope(target.SessionKey) > 0 {
+ logger.InfoCF("agent", "Draining steering queued during turn shutdown",
+ map[string]any{
+ "channel": target.Channel,
+ "chat_id": target.ChatID,
+ "session_key": target.SessionKey,
+ "queue_depth": al.pendingSteeringCountForScope(target.SessionKey),
+ })
+
+ continued, continueErr := al.Continue(ctx, target.SessionKey, target.Channel, target.ChatID)
+ if continueErr != nil {
+ logger.WarnCF("agent", "Failed to continue queued steering after shutdown drain",
+ map[string]any{
+ "channel": target.Channel,
+ "chat_id": target.ChatID,
+ "error": continueErr.Error(),
+ })
+ return
+ }
+ if continued == "" {
+ break
+ }
+
+ finalResponse = continued
+ }
+
+ if finalResponse != "" {
+ al.publishResponseIfNeeded(ctx, target.Channel, target.ChatID, finalResponse)
}
}()
default:
@@ -345,10 +527,135 @@ func (al *AgentLoop) Run(ctx context.Context) error {
return nil
}
+// drainBusToSteering consumes inbound messages and redirects messages from the
+// active scope into the steering queue. Messages from other scopes are requeued
+// so they can be processed normally after the active turn. It drains all
+// immediately available messages, blocking for the first one until ctx is done.
+func (al *AgentLoop) drainBusToSteering(ctx context.Context, activeScope, activeAgentID string) {
+ blocking := true
+ for {
+ var msg bus.InboundMessage
+
+ if blocking {
+ // Block waiting for the first available message or ctx cancellation.
+ select {
+ case <-ctx.Done():
+ return
+ case m, ok := <-al.bus.InboundChan():
+ if !ok {
+ return
+ }
+ msg = m
+ }
+ } else {
+ // Non-blocking: drain any remaining queued messages, return when empty.
+ select {
+ case m, ok := <-al.bus.InboundChan():
+ if !ok {
+ return
+ }
+ msg = m
+ default:
+ return
+ }
+ }
+ blocking = false
+
+ msgScope, _, scopeOK := al.resolveSteeringTarget(msg)
+ if !scopeOK || msgScope != activeScope {
+ if err := al.requeueInboundMessage(msg); err != nil {
+ logger.WarnCF("agent", "Failed to requeue non-steering inbound message", map[string]any{
+ "error": err.Error(),
+ "channel": msg.Channel,
+ "sender_id": msg.SenderID,
+ })
+ }
+ continue
+ }
+
+ // Transcribe audio if needed before steering, so the agent sees text.
+ msg, _ = al.transcribeAudioInMessage(ctx, msg)
+
+ logger.InfoCF("agent", "Redirecting inbound message to steering queue",
+ map[string]any{
+ "channel": msg.Channel,
+ "sender_id": msg.SenderID,
+ "content_len": len(msg.Content),
+ "scope": activeScope,
+ })
+
+ if err := al.enqueueSteeringMessage(activeScope, activeAgentID, providers.Message{
+ Role: "user",
+ Content: msg.Content,
+ Media: append([]string(nil), msg.Media...),
+ }); err != nil {
+ logger.WarnCF("agent", "Failed to steer message, will be lost",
+ map[string]any{
+ "error": err.Error(),
+ "channel": msg.Channel,
+ })
+ }
+ }
+}
+
func (al *AgentLoop) Stop() {
al.running.Store(false)
}
+func (al *AgentLoop) publishResponseIfNeeded(ctx context.Context, channel, chatID, response string) {
+ if response == "" {
+ return
+ }
+
+ alreadySent := false
+ defaultAgent := al.GetRegistry().GetDefaultAgent()
+ if defaultAgent != nil {
+ if tool, ok := defaultAgent.Tools.Get("message"); ok {
+ if mt, ok := tool.(*tools.MessageTool); ok {
+ alreadySent = mt.HasSentInRound()
+ }
+ }
+ }
+
+ if alreadySent {
+ logger.DebugCF(
+ "agent",
+ "Skipped outbound (message tool already sent)",
+ map[string]any{"channel": channel},
+ )
+ return
+ }
+
+ al.bus.PublishOutbound(ctx, bus.OutboundMessage{
+ Channel: channel,
+ ChatID: chatID,
+ Content: response,
+ })
+ logger.InfoCF("agent", "Published outbound response",
+ map[string]any{
+ "channel": channel,
+ "chat_id": chatID,
+ "content_len": len(response),
+ })
+}
+
+func (al *AgentLoop) buildContinuationTarget(msg bus.InboundMessage) (*continuationTarget, error) {
+ if msg.Channel == "system" {
+ return nil, nil
+ }
+
+ route, _, err := al.resolveMessageRoute(msg)
+ if err != nil {
+ return nil, err
+ }
+
+ return &continuationTarget{
+ SessionKey: resolveScopeKey(route, msg.SessionKey),
+ Channel: msg.Channel,
+ ChatID: msg.ChatID,
+ }, nil
+}
+
// Close releases resources held by agent session stores. Call after Stop.
func (al *AgentLoop) Close() {
mcpManager := al.mcp.takeManager()
@@ -363,6 +670,232 @@ func (al *AgentLoop) Close() {
}
al.GetRegistry().Close()
+ if al.hooks != nil {
+ al.hooks.Close()
+ }
+ if al.eventBus != nil {
+ al.eventBus.Close()
+ }
+}
+
+// MountHook registers an in-process hook on the agent loop.
+func (al *AgentLoop) MountHook(reg HookRegistration) error {
+ if al == nil || al.hooks == nil {
+ return fmt.Errorf("hook manager is not initialized")
+ }
+ return al.hooks.Mount(reg)
+}
+
+// UnmountHook removes a previously registered in-process hook.
+func (al *AgentLoop) UnmountHook(name string) {
+ if al == nil || al.hooks == nil {
+ return
+ }
+ al.hooks.Unmount(name)
+}
+
+// SubscribeEvents registers a subscriber for agent-loop events.
+func (al *AgentLoop) SubscribeEvents(buffer int) EventSubscription {
+ if al == nil || al.eventBus == nil {
+ ch := make(chan Event)
+ close(ch)
+ return EventSubscription{C: ch}
+ }
+ return al.eventBus.Subscribe(buffer)
+}
+
+// UnsubscribeEvents removes a previously registered event subscriber.
+func (al *AgentLoop) UnsubscribeEvents(id uint64) {
+ if al == nil || al.eventBus == nil {
+ return
+ }
+ al.eventBus.Unsubscribe(id)
+}
+
+// EventDrops returns the number of dropped events for the given kind.
+func (al *AgentLoop) EventDrops(kind EventKind) int64 {
+ if al == nil || al.eventBus == nil {
+ return 0
+ }
+ return al.eventBus.Dropped(kind)
+}
+
+type turnEventScope struct {
+ agentID string
+ sessionKey string
+ turnID string
+}
+
+func (al *AgentLoop) newTurnEventScope(agentID, sessionKey string) turnEventScope {
+ seq := al.turnSeq.Add(1)
+ return turnEventScope{
+ agentID: agentID,
+ sessionKey: sessionKey,
+ turnID: fmt.Sprintf("%s-turn-%d", agentID, seq),
+ }
+}
+
+func (ts turnEventScope) meta(iteration int, source, tracePath string) EventMeta {
+ return EventMeta{
+ AgentID: ts.agentID,
+ TurnID: ts.turnID,
+ SessionKey: ts.sessionKey,
+ Iteration: iteration,
+ Source: source,
+ TracePath: tracePath,
+ }
+}
+
+func (al *AgentLoop) emitEvent(kind EventKind, meta EventMeta, payload any) {
+ evt := Event{
+ Kind: kind,
+ Meta: meta,
+ Payload: payload,
+ }
+
+ if al == nil || al.eventBus == nil {
+ return
+ }
+
+ al.logEvent(evt)
+
+ al.eventBus.Emit(evt)
+}
+
+func cloneEventArguments(args map[string]any) map[string]any {
+ if len(args) == 0 {
+ return nil
+ }
+
+ cloned := make(map[string]any, len(args))
+ for k, v := range args {
+ cloned[k] = v
+ }
+ return cloned
+}
+
+func (al *AgentLoop) hookAbortError(ts *turnState, stage string, decision HookDecision) error {
+ reason := decision.Reason
+ if reason == "" {
+ reason = "hook requested turn abort"
+ }
+
+ err := fmt.Errorf("hook aborted turn during %s: %s", stage, reason)
+ al.emitEvent(
+ EventKindError,
+ ts.eventMeta("hooks", "turn.error"),
+ ErrorPayload{
+ Stage: "hook." + stage,
+ Message: err.Error(),
+ },
+ )
+ return err
+}
+
+func hookDeniedToolContent(prefix, reason string) string {
+ if reason == "" {
+ return prefix
+ }
+ return prefix + ": " + reason
+}
+
+func (al *AgentLoop) logEvent(evt Event) {
+ fields := map[string]any{
+ "event_kind": evt.Kind.String(),
+ "agent_id": evt.Meta.AgentID,
+ "turn_id": evt.Meta.TurnID,
+ "session_key": evt.Meta.SessionKey,
+ "iteration": evt.Meta.Iteration,
+ }
+
+ if evt.Meta.TracePath != "" {
+ fields["trace"] = evt.Meta.TracePath
+ }
+ if evt.Meta.Source != "" {
+ fields["source"] = evt.Meta.Source
+ }
+
+ switch payload := evt.Payload.(type) {
+ case TurnStartPayload:
+ fields["channel"] = payload.Channel
+ fields["chat_id"] = payload.ChatID
+ fields["user_len"] = len(payload.UserMessage)
+ fields["media_count"] = payload.MediaCount
+ case TurnEndPayload:
+ fields["status"] = payload.Status
+ fields["iterations_total"] = payload.Iterations
+ fields["duration_ms"] = payload.Duration.Milliseconds()
+ fields["final_len"] = payload.FinalContentLen
+ case LLMRequestPayload:
+ fields["model"] = payload.Model
+ fields["messages"] = payload.MessagesCount
+ fields["tools"] = payload.ToolsCount
+ fields["max_tokens"] = payload.MaxTokens
+ case LLMDeltaPayload:
+ fields["content_delta_len"] = payload.ContentDeltaLen
+ fields["reasoning_delta_len"] = payload.ReasoningDeltaLen
+ case LLMResponsePayload:
+ fields["content_len"] = payload.ContentLen
+ fields["tool_calls"] = payload.ToolCalls
+ fields["has_reasoning"] = payload.HasReasoning
+ case LLMRetryPayload:
+ fields["attempt"] = payload.Attempt
+ fields["max_retries"] = payload.MaxRetries
+ fields["reason"] = payload.Reason
+ fields["error"] = payload.Error
+ fields["backoff_ms"] = payload.Backoff.Milliseconds()
+ case ContextCompressPayload:
+ fields["reason"] = payload.Reason
+ fields["dropped_messages"] = payload.DroppedMessages
+ fields["remaining_messages"] = payload.RemainingMessages
+ case SessionSummarizePayload:
+ fields["summarized_messages"] = payload.SummarizedMessages
+ fields["kept_messages"] = payload.KeptMessages
+ fields["summary_len"] = payload.SummaryLen
+ fields["omitted_oversized"] = payload.OmittedOversized
+ case ToolExecStartPayload:
+ fields["tool"] = payload.Tool
+ fields["args_count"] = len(payload.Arguments)
+ case ToolExecEndPayload:
+ fields["tool"] = payload.Tool
+ fields["duration_ms"] = payload.Duration.Milliseconds()
+ fields["for_llm_len"] = payload.ForLLMLen
+ fields["for_user_len"] = payload.ForUserLen
+ fields["is_error"] = payload.IsError
+ fields["async"] = payload.Async
+ case ToolExecSkippedPayload:
+ fields["tool"] = payload.Tool
+ fields["reason"] = payload.Reason
+ case SteeringInjectedPayload:
+ fields["count"] = payload.Count
+ fields["total_content_len"] = payload.TotalContentLen
+ case FollowUpQueuedPayload:
+ fields["source_tool"] = payload.SourceTool
+ fields["channel"] = payload.Channel
+ fields["chat_id"] = payload.ChatID
+ fields["content_len"] = payload.ContentLen
+ case InterruptReceivedPayload:
+ fields["interrupt_kind"] = payload.Kind
+ fields["role"] = payload.Role
+ fields["content_len"] = payload.ContentLen
+ fields["queue_depth"] = payload.QueueDepth
+ fields["hint_len"] = payload.HintLen
+ case SubTurnSpawnPayload:
+ fields["child_agent_id"] = payload.AgentID
+ fields["label"] = payload.Label
+ case SubTurnEndPayload:
+ fields["child_agent_id"] = payload.AgentID
+ fields["status"] = payload.Status
+ case SubTurnResultDeliveredPayload:
+ fields["target_channel"] = payload.TargetChannel
+ fields["target_chat_id"] = payload.TargetChatID
+ fields["content_len"] = payload.ContentLen
+ case ErrorPayload:
+ fields["stage"] = payload.Stage
+ fields["error"] = payload.Message
+ }
+
+ logger.InfoCF("eventbus", fmt.Sprintf("Agent event: %s", evt.Kind.String()), fields)
}
func (al *AgentLoop) RegisterTool(tool tools.Tool) {
@@ -432,7 +965,7 @@ func (al *AgentLoop) ReloadProviderAndConfig(
}
// Ensure shared tools are re-registered on the new registry
- registerSharedTools(cfg, al.bus, registry, provider)
+ registerSharedTools(al, cfg, al.bus, registry, provider)
// Atomically swap the config and registry under write lock
// This ensures readers see a consistent pair
@@ -448,6 +981,9 @@ func (al *AgentLoop) ReloadProviderAndConfig(
al.mu.Unlock()
+ al.hookRuntime.reset(al)
+ configureHookManagerFromConfig(al.hooks, cfg)
+
// Close old provider after releasing the lock
// This prevents blocking readers while closing
if oldProvider, ok := extractProvider(oldRegistry); ok {
@@ -667,6 +1203,9 @@ func (al *AgentLoop) ProcessDirectWithChannel(
ctx context.Context,
content, sessionKey, channel, chatID string,
) (string, error) {
+ if err := al.ensureHooksInitialized(ctx); err != nil {
+ return "", err
+ }
if err := al.ensureMCPInitialized(ctx); err != nil {
return "", err
}
@@ -688,6 +1227,13 @@ func (al *AgentLoop) ProcessHeartbeat(
ctx context.Context,
content, channel, chatID string,
) (string, error) {
+ if err := al.ensureHooksInitialized(ctx); err != nil {
+ return "", err
+ }
+ if err := al.ensureMCPInitialized(ctx); err != nil {
+ return "", err
+ }
+
agent := al.GetRegistry().GetDefaultAgent()
if agent == nil {
return "", fmt.Errorf("no default agent for heartbeat")
@@ -814,6 +1360,32 @@ func resolveScopeKey(route routing.ResolvedRoute, msgSessionKey string) string {
return route.SessionKey
}
+func (al *AgentLoop) resolveSteeringTarget(msg bus.InboundMessage) (string, string, bool) {
+ if msg.Channel == "system" {
+ return "", "", false
+ }
+
+ route, agent, err := al.resolveMessageRoute(msg)
+ if err != nil || agent == nil {
+ return "", "", false
+ }
+
+ return resolveScopeKey(route, msg.SessionKey), agent.ID, true
+}
+
+func (al *AgentLoop) requeueInboundMessage(msg bus.InboundMessage) error {
+ if al.bus == nil {
+ return nil
+ }
+ pubCtx, cancel := context.WithTimeout(context.Background(), time.Second)
+ defer cancel()
+ return al.bus.PublishOutbound(pubCtx, bus.OutboundMessage{
+ Channel: msg.Channel,
+ ChatID: msg.ChatID,
+ Content: msg.Content,
+ })
+}
+
func (al *AgentLoop) processSystemMessage(
ctx context.Context,
msg bus.InboundMessage,
@@ -879,99 +1451,64 @@ func (al *AgentLoop) processSystemMessage(
})
}
-// runAgentLoop is the core message processing logic.
+// runAgentLoop remains the top-level shell that starts a turn and publishes
+// any post-turn work. runTurn owns the full turn lifecycle.
func (al *AgentLoop) runAgentLoop(
ctx context.Context,
agent *AgentInstance,
opts processOptions,
) (string, error) {
- // 0. Record last channel for heartbeat notifications (skip internal channels and cli)
- if opts.Channel != "" && opts.ChatID != "" {
- if !constants.IsInternalChannel(opts.Channel) {
- channelKey := fmt.Sprintf("%s:%s", opts.Channel, opts.ChatID)
- if err := al.RecordLastChannel(channelKey); err != nil {
- logger.WarnCF(
- "agent",
- "Failed to record last channel",
- map[string]any{"error": err.Error()},
- )
- }
+ // Record last channel for heartbeat notifications (skip internal channels and cli)
+ if opts.Channel != "" && opts.ChatID != "" && !constants.IsInternalChannel(opts.Channel) {
+ channelKey := fmt.Sprintf("%s:%s", opts.Channel, opts.ChatID)
+ if err := al.RecordLastChannel(channelKey); err != nil {
+ logger.WarnCF(
+ "agent",
+ "Failed to record last channel",
+ map[string]any{"error": err.Error()},
+ )
}
}
- // 1. Build messages (skip history for heartbeat)
- var history []providers.Message
- var summary string
- if !opts.NoHistory {
- history = agent.Sessions.GetHistory(opts.SessionKey)
- summary = agent.Sessions.GetSummary(opts.SessionKey)
- }
- messages := agent.ContextBuilder.BuildMessages(
- history,
- summary,
- opts.UserMessage,
- opts.Media,
- opts.Channel,
- opts.ChatID,
- opts.SenderID,
- opts.SenderDisplayName,
- )
-
- // Resolve media:// refs: images→base64 data URLs, non-images→local paths in content
- cfg := al.GetConfig()
- maxMediaSize := cfg.Agents.Defaults.GetMaxMediaSize()
- messages = resolveMediaRefs(messages, al.mediaStore, maxMediaSize)
-
- // 2. Save user message to session
- agent.Sessions.AddMessage(opts.SessionKey, "user", opts.UserMessage)
-
- // 3. Run LLM iteration loop
- finalContent, iteration, err := al.runLLMIteration(ctx, agent, messages, opts)
+ ts := newTurnState(agent, opts, al.newTurnEventScope(agent.ID, opts.SessionKey))
+ result, err := al.runTurn(ctx, ts)
if err != nil {
return "", err
}
+ if result.status == TurnEndStatusAborted {
+ return "", nil
+ }
- // If last tool had ForUser content and we already sent it, we might not need to send final response
- // This is controlled by the tool's Silent flag and ForUser content
-
- // 4. Handle empty response
- if finalContent == "" {
- if iteration >= agent.MaxIterations && agent.MaxIterations > 0 {
- finalContent = toolLimitResponse
- } else {
- finalContent = opts.DefaultResponse
+ for _, followUp := range result.followUps {
+ if pubErr := al.bus.PublishInbound(ctx, followUp); pubErr != nil {
+ logger.WarnCF("agent", "Failed to publish follow-up after turn",
+ map[string]any{
+ "turn_id": ts.turnID,
+ "error": pubErr.Error(),
+ })
}
}
- // 5. Save final assistant message to session
- agent.Sessions.AddMessage(opts.SessionKey, "assistant", finalContent)
- agent.Sessions.Save(opts.SessionKey)
-
- // 6. Optional: summarization
- if opts.EnableSummary {
- al.maybeSummarize(agent, opts.SessionKey, opts.Channel, opts.ChatID)
- }
-
- // 7. Optional: send response via bus
- if opts.SendResponse {
+ if opts.SendResponse && result.finalContent != "" {
al.bus.PublishOutbound(ctx, bus.OutboundMessage{
Channel: opts.Channel,
ChatID: opts.ChatID,
- Content: finalContent,
+ Content: result.finalContent,
})
}
- // 8. Log response
- responsePreview := utils.Truncate(finalContent, 120)
- logger.InfoCF("agent", fmt.Sprintf("Response: %s", responsePreview),
- map[string]any{
- "agent_id": agent.ID,
- "session_key": opts.SessionKey,
- "iterations": iteration,
- "final_length": len(finalContent),
- })
+ if result.finalContent != "" {
+ responsePreview := utils.Truncate(result.finalContent, 120)
+ logger.InfoCF("agent", fmt.Sprintf("Response: %s", responsePreview),
+ map[string]any{
+ "agent_id": agent.ID,
+ "session_key": opts.SessionKey,
+ "iterations": ts.currentIteration(),
+ "final_length": len(result.finalContent),
+ })
+ }
- return finalContent, nil
+ return result.finalContent, nil
}
func (al *AgentLoop) targetReasoningChannelID(channelName string) (chatID string) {
@@ -1030,121 +1567,331 @@ func (al *AgentLoop) handleReasoning(
}
}
-// runLLMIteration executes the LLM call loop with tool handling.
-// Returns (finalContent, iteration, error).
-func (al *AgentLoop) runLLMIteration(
- ctx context.Context,
- agent *AgentInstance,
- messages []providers.Message,
- opts processOptions,
-) (string, int, error) {
- iteration := 0
- var finalContent string
+func (al *AgentLoop) runTurn(ctx context.Context, ts *turnState) (turnResult, error) {
+ turnCtx, turnCancel := context.WithCancel(ctx)
+ defer turnCancel()
+ ts.setTurnCancel(turnCancel)
- // Check if both the provider and channel support streaming
- streamProvider, providerCanStream := agent.Provider.(providers.StreamingProvider)
- var streamer bus.Streamer
- if providerCanStream && !opts.NoHistory && !constants.IsInternalChannel(opts.Channel) {
- streamer, _ = al.bus.GetStreamer(ctx, opts.Channel, opts.ChatID)
+ // Inject turnState and AgentLoop into context so tools (e.g. spawn) can retrieve them.
+ turnCtx = withTurnState(turnCtx, ts)
+ turnCtx = WithAgentLoop(turnCtx, al)
+
+ al.registerActiveTurn(ts)
+ defer al.clearActiveTurn(ts)
+
+ turnStatus := TurnEndStatusCompleted
+ defer func() {
+ al.emitEvent(
+ EventKindTurnEnd,
+ ts.eventMeta("runTurn", "turn.end"),
+ TurnEndPayload{
+ Status: turnStatus,
+ Iterations: ts.currentIteration(),
+ Duration: time.Since(ts.startedAt),
+ FinalContentLen: ts.finalContentLen(),
+ },
+ )
+ }()
+
+ al.emitEvent(
+ EventKindTurnStart,
+ ts.eventMeta("runTurn", "turn.start"),
+ TurnStartPayload{
+ Channel: ts.channel,
+ ChatID: ts.chatID,
+ UserMessage: ts.userMessage,
+ MediaCount: len(ts.media),
+ },
+ )
+
+ var history []providers.Message
+ var summary string
+ if !ts.opts.NoHistory {
+ history = ts.agent.Sessions.GetHistory(ts.sessionKey)
+ summary = ts.agent.Sessions.GetSummary(ts.sessionKey)
+ }
+ ts.captureRestorePoint(history, summary)
+
+ messages := ts.agent.ContextBuilder.BuildMessages(
+ history,
+ summary,
+ ts.userMessage,
+ ts.media,
+ ts.channel,
+ ts.chatID,
+ ts.opts.SenderID,
+ ts.opts.SenderDisplayName,
+ )
+
+ cfg := al.GetConfig()
+ maxMediaSize := cfg.Agents.Defaults.GetMaxMediaSize()
+ messages = resolveMediaRefs(messages, al.mediaStore, maxMediaSize)
+
+ if !ts.opts.NoHistory {
+ toolDefs := ts.agent.Tools.ToProviderDefs()
+ if isOverContextBudget(ts.agent.ContextWindow, messages, toolDefs, ts.agent.MaxTokens) {
+ logger.WarnCF("agent", "Proactive compression: context budget exceeded before LLM call",
+ map[string]any{"session_key": ts.sessionKey})
+ if compression, ok := al.forceCompression(ts.agent, ts.sessionKey); ok {
+ al.emitEvent(
+ EventKindContextCompress,
+ ts.eventMeta("runTurn", "turn.context.compress"),
+ ContextCompressPayload{
+ Reason: ContextCompressReasonProactive,
+ DroppedMessages: compression.DroppedMessages,
+ RemainingMessages: compression.RemainingMessages,
+ },
+ )
+ ts.refreshRestorePointFromSession(ts.agent)
+ }
+ newHistory := ts.agent.Sessions.GetHistory(ts.sessionKey)
+ newSummary := ts.agent.Sessions.GetSummary(ts.sessionKey)
+ messages = ts.agent.ContextBuilder.BuildMessages(
+ newHistory, newSummary, ts.userMessage,
+ ts.media, ts.channel, ts.chatID,
+ ts.opts.SenderID, ts.opts.SenderDisplayName,
+ )
+ messages = resolveMediaRefs(messages, al.mediaStore, maxMediaSize)
+ }
}
- // Determine effective model tier for this conversation turn.
- // selectCandidates evaluates routing once and the decision is sticky for
- // all tool-follow-up iterations within the same turn so that a multi-step
- // tool chain doesn't switch models mid-way through.
- activeCandidates, activeModel := al.selectCandidates(agent, opts.UserMessage, messages)
+ // Save user message to session (from Incoming)
+ if !ts.opts.NoHistory && (strings.TrimSpace(ts.userMessage) != "" || len(ts.media) > 0) {
+ rootMsg := providers.Message{
+ Role: "user",
+ Content: ts.userMessage,
+ Media: append([]string(nil), ts.media...),
+ }
+ if len(rootMsg.Media) > 0 {
+ ts.agent.Sessions.AddFullMessage(ts.sessionKey, rootMsg)
+ } else {
+ ts.agent.Sessions.AddMessage(ts.sessionKey, rootMsg.Role, rootMsg.Content)
+ }
+ ts.recordPersistedMessage(rootMsg)
+ }
- for iteration < agent.MaxIterations {
- iteration++
+ activeCandidates, activeModel := al.selectCandidates(ts.agent, ts.userMessage, messages)
+ pendingMessages := append([]providers.Message(nil), ts.opts.InitialSteeringMessages...)
+ var finalContent string
+
+turnLoop:
+ for ts.currentIteration() < ts.agent.MaxIterations || len(pendingMessages) > 0 || func() bool {
+ graceful, _ := ts.gracefulInterruptRequested()
+ return graceful
+ }() {
+ if ts.hardAbortRequested() {
+ turnStatus = TurnEndStatusAborted
+ return al.abortTurn(ts)
+ }
+
+ iteration := ts.currentIteration() + 1
+ ts.setIteration(iteration)
+ ts.setPhase(TurnPhaseRunning)
+
+ if iteration > 1 {
+ if steerMsgs := al.dequeueSteeringMessagesForScope(ts.sessionKey); len(steerMsgs) > 0 {
+ pendingMessages = append(pendingMessages, steerMsgs...)
+ }
+ } else if !ts.opts.SkipInitialSteeringPoll {
+ if steerMsgs := al.dequeueSteeringMessagesForScopeWithFallback(ts.sessionKey); len(steerMsgs) > 0 {
+ pendingMessages = append(pendingMessages, steerMsgs...)
+ }
+ }
+
+ // Check if parent turn has ended (SubTurn support from HEAD)
+ if ts.parentTurnState != nil && ts.IsParentEnded() {
+ if !ts.critical {
+ logger.InfoCF("agent", "Parent turn ended, non-critical SubTurn exiting gracefully", map[string]any{
+ "agent_id": ts.agentID,
+ "iteration": iteration,
+ "turn_id": ts.turnID,
+ })
+ break
+ }
+ logger.InfoCF("agent", "Parent turn ended, critical SubTurn continues running", map[string]any{
+ "agent_id": ts.agentID,
+ "iteration": iteration,
+ "turn_id": ts.turnID,
+ })
+ }
+
+ // Poll for pending SubTurn results (from HEAD)
+ if ts.pendingResults != nil {
+ select {
+ case result, ok := <-ts.pendingResults:
+ if ok && result != nil && result.ForLLM != "" {
+ msg := providers.Message{Role: "user", Content: fmt.Sprintf("[SubTurn Result] %s", result.ForLLM)}
+ pendingMessages = append(pendingMessages, msg)
+ }
+ default:
+ // No results available
+ }
+ }
+
+ // Inject pending steering messages
+ if len(pendingMessages) > 0 {
+ resolvedPending := resolveMediaRefs(pendingMessages, al.mediaStore, maxMediaSize)
+ totalContentLen := 0
+ for i, pm := range pendingMessages {
+ messages = append(messages, resolvedPending[i])
+ totalContentLen += len(pm.Content)
+ if !ts.opts.NoHistory {
+ ts.agent.Sessions.AddFullMessage(ts.sessionKey, pm)
+ ts.recordPersistedMessage(pm)
+ }
+ logger.InfoCF("agent", "Injected steering message into context",
+ map[string]any{
+ "agent_id": ts.agent.ID,
+ "iteration": iteration,
+ "content_len": len(pm.Content),
+ "media_count": len(pm.Media),
+ })
+ }
+ al.emitEvent(
+ EventKindSteeringInjected,
+ ts.eventMeta("runTurn", "turn.steering.injected"),
+ SteeringInjectedPayload{
+ Count: len(pendingMessages),
+ TotalContentLen: totalContentLen,
+ },
+ )
+ pendingMessages = nil
+ }
logger.DebugCF("agent", "LLM iteration",
map[string]any{
- "agent_id": agent.ID,
+ "agent_id": ts.agent.ID,
"iteration": iteration,
- "max": agent.MaxIterations,
+ "max": ts.agent.MaxIterations,
})
- // Build tool definitions
- providerToolDefs := agent.Tools.ToProviderDefs()
+ gracefulTerminal, _ := ts.gracefulInterruptRequested()
+ providerToolDefs := ts.agent.Tools.ToProviderDefs()
- // Determine whether the provider's native web search should replace
- // the client-side web_search tool for this request. Only enable when web
- // search is actually enabled and registered (so users who disabled web
- // access do not get provider-side search or billing).
- _, hasWebSearch := agent.Tools.Get("web_search")
+ // Native web search support (from HEAD)
+ _, hasWebSearch := ts.agent.Tools.Get("web_search")
useNativeSearch := al.cfg.Tools.Web.PreferNative &&
- isNativeSearchProvider(agent.Provider) &&
- hasWebSearch
+ hasWebSearch &&
+ func() bool {
+ // Check if provider supports native search
+ if ns, ok := ts.agent.Provider.(interface{ SupportsNativeSearch() bool }); ok {
+ return ns.SupportsNativeSearch()
+ }
+ return false
+ }()
if useNativeSearch {
- providerToolDefs = filterClientWebSearch(providerToolDefs)
+ // Filter out client-side web_search tool
+ filtered := make([]providers.ToolDefinition, 0, len(providerToolDefs))
+ for _, td := range providerToolDefs {
+ if td.Function.Name != "web_search" {
+ filtered = append(filtered, td)
+ }
+ }
+ providerToolDefs = filtered
}
- // Log LLM request details
- logger.DebugCF("agent", "LLM request",
- map[string]any{
- "agent_id": agent.ID,
- "iteration": iteration,
- "model": activeModel,
- "messages_count": len(messages),
- "tools_count": len(providerToolDefs),
- "native_search": useNativeSearch,
- "max_tokens": agent.MaxTokens,
- "temperature": agent.Temperature,
- "system_prompt_len": len(messages[0].Content),
- })
-
- // Log full messages (detailed)
- logger.DebugCF("agent", "Full LLM request",
- map[string]any{
- "iteration": iteration,
- "messages_json": formatMessagesForLog(messages),
- "tools_json": formatToolsForLog(providerToolDefs),
- })
-
- // Call LLM with fallback chain if multiple candidates are configured.
- var response *providers.LLMResponse
- var err error
+ callMessages := messages
+ if gracefulTerminal {
+ callMessages = append(append([]providers.Message(nil), messages...), ts.interruptHintMessage())
+ providerToolDefs = nil
+ ts.markGracefulTerminalUsed()
+ }
llmOpts := map[string]any{
- "max_tokens": agent.MaxTokens,
- "temperature": agent.Temperature,
- "prompt_cache_key": agent.ID,
+ "max_tokens": ts.agent.MaxTokens,
+ "temperature": ts.agent.Temperature,
+ "prompt_cache_key": ts.agent.ID,
}
if useNativeSearch {
llmOpts["native_search"] = true
}
- // parseThinkingLevel guarantees ThinkingOff for empty/unknown values,
- // so checking != ThinkingOff is sufficient.
- if agent.ThinkingLevel != ThinkingOff {
- if tc, ok := agent.Provider.(providers.ThinkingCapable); ok && tc.SupportsThinking() {
- llmOpts["thinking_level"] = string(agent.ThinkingLevel)
+ if ts.agent.ThinkingLevel != ThinkingOff {
+ if tc, ok := ts.agent.Provider.(providers.ThinkingCapable); ok && tc.SupportsThinking() {
+ llmOpts["thinking_level"] = string(ts.agent.ThinkingLevel)
} else {
logger.WarnCF("agent", "thinking_level is set but current provider does not support it, ignoring",
- map[string]any{"agent_id": agent.ID, "thinking_level": string(agent.ThinkingLevel)})
+ map[string]any{"agent_id": ts.agent.ID, "thinking_level": string(ts.agent.ThinkingLevel)})
}
}
- callLLM := func() (*providers.LLMResponse, error) {
+ llmModel := activeModel
+ if al.hooks != nil {
+ llmReq, decision := al.hooks.BeforeLLM(turnCtx, &LLMHookRequest{
+ Meta: ts.eventMeta("runTurn", "turn.llm.request"),
+ Model: llmModel,
+ Messages: callMessages,
+ Tools: providerToolDefs,
+ Options: llmOpts,
+ Channel: ts.channel,
+ ChatID: ts.chatID,
+ GracefulTerminal: gracefulTerminal,
+ })
+ switch decision.normalizedAction() {
+ case HookActionContinue, HookActionModify:
+ if llmReq != nil {
+ llmModel = llmReq.Model
+ callMessages = llmReq.Messages
+ providerToolDefs = llmReq.Tools
+ llmOpts = llmReq.Options
+ }
+ case HookActionAbortTurn:
+ turnStatus = TurnEndStatusError
+ return turnResult{}, al.hookAbortError(ts, "before_llm", decision)
+ case HookActionHardAbort:
+ _ = ts.requestHardAbort()
+ turnStatus = TurnEndStatusAborted
+ return al.abortTurn(ts)
+ }
+ }
+
+ al.emitEvent(
+ EventKindLLMRequest,
+ ts.eventMeta("runTurn", "turn.llm.request"),
+ LLMRequestPayload{
+ Model: llmModel,
+ MessagesCount: len(callMessages),
+ ToolsCount: len(providerToolDefs),
+ MaxTokens: ts.agent.MaxTokens,
+ Temperature: ts.agent.Temperature,
+ },
+ )
+
+ logger.DebugCF("agent", "LLM request",
+ map[string]any{
+ "agent_id": ts.agent.ID,
+ "iteration": iteration,
+ "model": llmModel,
+ "messages_count": len(callMessages),
+ "tools_count": len(providerToolDefs),
+ "max_tokens": ts.agent.MaxTokens,
+ "temperature": ts.agent.Temperature,
+ "system_prompt_len": len(callMessages[0].Content),
+ })
+ logger.DebugCF("agent", "Full LLM request",
+ map[string]any{
+ "iteration": iteration,
+ "messages_json": formatMessagesForLog(callMessages),
+ "tools_json": formatToolsForLog(providerToolDefs),
+ })
+
+ callLLM := func(messagesForCall []providers.Message, toolDefsForCall []providers.ToolDefinition) (*providers.LLMResponse, error) {
+ providerCtx, providerCancel := context.WithCancel(turnCtx)
+ ts.setProviderCancel(providerCancel)
+ defer func() {
+ providerCancel()
+ ts.clearProviderCancel(providerCancel)
+ }()
+
al.activeRequests.Add(1)
defer al.activeRequests.Done()
- // Use streaming when available (streamer obtained, provider supports it)
- if streamer != nil && streamProvider != nil {
- return streamProvider.ChatStream(
- ctx, messages, providerToolDefs, activeModel, llmOpts,
- func(accumulated string) {
- streamer.Update(ctx, accumulated)
- },
- )
- }
-
if len(activeCandidates) > 1 && al.fallback != nil {
fbResult, fbErr := al.fallback.Execute(
- ctx,
+ providerCtx,
activeCandidates,
func(ctx context.Context, provider, model string) (*providers.LLMResponse, error) {
- return agent.Provider.Chat(ctx, messages, providerToolDefs, model, llmOpts)
+ return ts.agent.Provider.Chat(ctx, messagesForCall, toolDefsForCall, model, llmOpts)
},
)
if fbErr != nil {
@@ -1155,32 +1902,34 @@ func (al *AgentLoop) runLLMIteration(
"agent",
fmt.Sprintf("Fallback: succeeded with %s/%s after %d attempts",
fbResult.Provider, fbResult.Model, len(fbResult.Attempts)+1),
- map[string]any{"agent_id": agent.ID, "iteration": iteration},
+ map[string]any{"agent_id": ts.agent.ID, "iteration": iteration},
)
}
return fbResult.Response, nil
}
- return agent.Provider.Chat(ctx, messages, providerToolDefs, activeModel, llmOpts)
+ return ts.agent.Provider.Chat(providerCtx, messagesForCall, toolDefsForCall, llmModel, llmOpts)
}
- // Retry loop for context/token errors
+ var response *providers.LLMResponse
+ var err error
maxRetries := 2
for retry := 0; retry <= maxRetries; retry++ {
- response, err = callLLM()
+ response, err = callLLM(callMessages, providerToolDefs)
if err == nil {
break
}
+ if ts.hardAbortRequested() && errors.Is(err, context.Canceled) {
+ turnStatus = TurnEndStatusAborted
+ return al.abortTurn(ts)
+ }
errMsg := strings.ToLower(err.Error())
-
- // Check if this is a network/HTTP timeout — not a context window error.
isTimeoutError := errors.Is(err, context.DeadlineExceeded) ||
strings.Contains(errMsg, "deadline exceeded") ||
strings.Contains(errMsg, "client.timeout") ||
strings.Contains(errMsg, "timed out") ||
strings.Contains(errMsg, "timeout exceeded")
- // Detect real context window / token limit errors, excluding network timeouts.
isContextError := !isTimeoutError && (strings.Contains(errMsg, "context_length_exceeded") ||
strings.Contains(errMsg, "context window") ||
strings.Contains(errMsg, "maximum context length") ||
@@ -1193,16 +1942,44 @@ func (al *AgentLoop) runLLMIteration(
if isTimeoutError && retry < maxRetries {
backoff := time.Duration(retry+1) * 5 * time.Second
+ al.emitEvent(
+ EventKindLLMRetry,
+ ts.eventMeta("runTurn", "turn.llm.retry"),
+ LLMRetryPayload{
+ Attempt: retry + 1,
+ MaxRetries: maxRetries,
+ Reason: "timeout",
+ Error: err.Error(),
+ Backoff: backoff,
+ },
+ )
logger.WarnCF("agent", "Timeout error, retrying after backoff", map[string]any{
"error": err.Error(),
"retry": retry,
"backoff": backoff.String(),
})
- time.Sleep(backoff)
+ if sleepErr := sleepWithContext(turnCtx, backoff); sleepErr != nil {
+ if ts.hardAbortRequested() {
+ turnStatus = TurnEndStatusAborted
+ return al.abortTurn(ts)
+ }
+ err = sleepErr
+ break
+ }
continue
}
- if isContextError && retry < maxRetries {
+ if isContextError && retry < maxRetries && !ts.opts.NoHistory {
+ al.emitEvent(
+ EventKindLLMRetry,
+ ts.eventMeta("runTurn", "turn.llm.retry"),
+ LLMRetryPayload{
+ Attempt: retry + 1,
+ MaxRetries: maxRetries,
+ Reason: "context_limit",
+ Error: err.Error(),
+ },
+ )
logger.WarnCF(
"agent",
"Context window error detected, attempting compression",
@@ -1212,104 +1989,164 @@ func (al *AgentLoop) runLLMIteration(
},
)
- if retry == 0 && !constants.IsInternalChannel(opts.Channel) {
+ if retry == 0 && !constants.IsInternalChannel(ts.channel) {
al.bus.PublishOutbound(ctx, bus.OutboundMessage{
- Channel: opts.Channel,
- ChatID: opts.ChatID,
+ Channel: ts.channel,
+ ChatID: ts.chatID,
Content: "Context window exceeded. Compressing history and retrying...",
})
}
- al.forceCompression(agent, opts.SessionKey)
- newHistory := agent.Sessions.GetHistory(opts.SessionKey)
- newSummary := agent.Sessions.GetSummary(opts.SessionKey)
- messages = agent.ContextBuilder.BuildMessages(
+ if compression, ok := al.forceCompression(ts.agent, ts.sessionKey); ok {
+ al.emitEvent(
+ EventKindContextCompress,
+ ts.eventMeta("runTurn", "turn.context.compress"),
+ ContextCompressPayload{
+ Reason: ContextCompressReasonRetry,
+ DroppedMessages: compression.DroppedMessages,
+ RemainingMessages: compression.RemainingMessages,
+ },
+ )
+ ts.refreshRestorePointFromSession(ts.agent)
+ }
+
+ newHistory := ts.agent.Sessions.GetHistory(ts.sessionKey)
+ newSummary := ts.agent.Sessions.GetSummary(ts.sessionKey)
+ messages = ts.agent.ContextBuilder.BuildMessages(
newHistory, newSummary, "",
- nil, opts.Channel, opts.ChatID, opts.SenderID, opts.SenderDisplayName,
+ nil, ts.channel, ts.chatID,
+ "", "", // Empty SenderID and SenderDisplayName for retry
)
+ callMessages = messages
+ if gracefulTerminal {
+ callMessages = append(append([]providers.Message(nil), messages...), ts.interruptHintMessage())
+ }
continue
}
break
}
if err != nil {
+ turnStatus = TurnEndStatusError
+ al.emitEvent(
+ EventKindError,
+ ts.eventMeta("runTurn", "turn.error"),
+ ErrorPayload{
+ Stage: "llm",
+ Message: err.Error(),
+ },
+ )
logger.ErrorCF("agent", "LLM call failed",
map[string]any{
- "agent_id": agent.ID,
+ "agent_id": ts.agent.ID,
"iteration": iteration,
- "model": activeModel,
+ "model": llmModel,
"error": err.Error(),
})
- return "", iteration, fmt.Errorf("LLM call failed after retries: %w", err)
+ return turnResult{}, fmt.Errorf("LLM call failed after retries: %w", err)
+ }
+
+ if al.hooks != nil {
+ llmResp, decision := al.hooks.AfterLLM(turnCtx, &LLMHookResponse{
+ Meta: ts.eventMeta("runTurn", "turn.llm.response"),
+ Model: llmModel,
+ Response: response,
+ Channel: ts.channel,
+ ChatID: ts.chatID,
+ })
+ switch decision.normalizedAction() {
+ case HookActionContinue, HookActionModify:
+ if llmResp != nil && llmResp.Response != nil {
+ response = llmResp.Response
+ }
+ case HookActionAbortTurn:
+ turnStatus = TurnEndStatusError
+ return turnResult{}, al.hookAbortError(ts, "after_llm", decision)
+ case HookActionHardAbort:
+ _ = ts.requestHardAbort()
+ turnStatus = TurnEndStatusAborted
+ return al.abortTurn(ts)
+ }
+ }
+
+ // Save finishReason to turnState for SubTurn truncation detection
+ if innerTS := turnStateFromContext(ctx); innerTS != nil {
+ innerTS.SetLastFinishReason(response.FinishReason)
+ // Save usage for token budget tracking
+ if response.Usage != nil {
+ innerTS.SetLastUsage(response.Usage)
+ }
}
go al.handleReasoning(
- ctx,
+ turnCtx,
response.Reasoning,
- opts.Channel,
- al.targetReasoningChannelID(opts.Channel),
+ ts.channel,
+ al.targetReasoningChannelID(ts.channel),
+ )
+ al.emitEvent(
+ EventKindLLMResponse,
+ ts.eventMeta("runTurn", "turn.llm.response"),
+ LLMResponsePayload{
+ ContentLen: len(response.Content),
+ ToolCalls: len(response.ToolCalls),
+ HasReasoning: response.Reasoning != "" || response.ReasoningContent != "",
+ },
)
logger.DebugCF("agent", "LLM response",
map[string]any{
- "agent_id": agent.ID,
+ "agent_id": ts.agent.ID,
"iteration": iteration,
"content_chars": len(response.Content),
"tool_calls": len(response.ToolCalls),
"reasoning": response.Reasoning,
- "target_channel": al.targetReasoningChannelID(opts.Channel),
- "channel": opts.Channel,
+ "target_channel": al.targetReasoningChannelID(ts.channel),
+ "channel": ts.channel,
})
- // Check if no tool calls - then check reasoning content if any
- if len(response.ToolCalls) == 0 {
- finalContent = response.Content
- if finalContent == "" && response.ReasoningContent != "" {
- finalContent = response.ReasoningContent
- }
- // If we were streaming, finalize the message (sends the permanent message)
- if streamer != nil {
- if err := streamer.Finalize(ctx, finalContent); err != nil {
- logger.WarnCF("agent", "Stream finalize failed", map[string]any{
- "error": err.Error(),
+ if len(response.ToolCalls) == 0 || gracefulTerminal {
+ responseContent := response.Content
+ if responseContent == "" && response.ReasoningContent != "" {
+ responseContent = response.ReasoningContent
+ }
+ if steerMsgs := al.dequeueSteeringMessagesForScope(ts.sessionKey); len(steerMsgs) > 0 {
+ logger.InfoCF("agent", "Steering arrived after direct LLM response; continuing turn",
+ map[string]any{
+ "agent_id": ts.agent.ID,
+ "iteration": iteration,
+ "steering_count": len(steerMsgs),
})
- }
+ pendingMessages = append(pendingMessages, steerMsgs...)
+ continue
}
-
+ finalContent = responseContent
logger.InfoCF("agent", "LLM response without tool calls (direct answer)",
map[string]any{
- "agent_id": agent.ID,
+ "agent_id": ts.agent.ID,
"iteration": iteration,
"content_chars": len(finalContent),
- "streamed": streamer != nil,
})
break
}
- // Tool calls detected — cancel any active stream (draft auto-expires)
- if streamer != nil {
- streamer.Cancel(ctx)
- }
-
normalizedToolCalls := make([]providers.ToolCall, 0, len(response.ToolCalls))
for _, tc := range response.ToolCalls {
normalizedToolCalls = append(normalizedToolCalls, providers.NormalizeToolCall(tc))
}
- // Log tool calls
toolNames := make([]string, 0, len(normalizedToolCalls))
for _, tc := range normalizedToolCalls {
toolNames = append(toolNames, tc.Name)
}
logger.InfoCF("agent", "LLM requested tool calls",
map[string]any{
- "agent_id": agent.ID,
+ "agent_id": ts.agent.ID,
"tools": toolNames,
"count": len(normalizedToolCalls),
"iteration": iteration,
})
- // Build assistant message with tool calls
assistantMsg := providers.Message{
Role: "assistant",
Content: response.Content,
@@ -1317,13 +2154,11 @@ func (al *AgentLoop) runLLMIteration(
}
for _, tc := range normalizedToolCalls {
argumentsJSON, _ := json.Marshal(tc.Arguments)
- // Copy ExtraContent to ensure thought_signature is persisted for Gemini 3
extraContent := tc.ExtraContent
thoughtSignature := ""
if tc.Function != nil {
thoughtSignature = tc.Function.ThoughtSignature
}
-
assistantMsg.ToolCalls = append(assistantMsg.ToolCalls, providers.ToolCall{
ID: tc.ID,
Type: "function",
@@ -1338,127 +2173,249 @@ func (al *AgentLoop) runLLMIteration(
})
}
messages = append(messages, assistantMsg)
-
- // Save assistant message with tool calls to session
- agent.Sessions.AddFullMessage(opts.SessionKey, assistantMsg)
-
- // Execute tool calls in parallel
- type indexedAgentResult struct {
- result *tools.ToolResult
- tc providers.ToolCall
+ if !ts.opts.NoHistory {
+ ts.agent.Sessions.AddFullMessage(ts.sessionKey, assistantMsg)
+ ts.recordPersistedMessage(assistantMsg)
}
- agentResults := make([]indexedAgentResult, len(normalizedToolCalls))
- var wg sync.WaitGroup
-
+ ts.setPhase(TurnPhaseTools)
for i, tc := range normalizedToolCalls {
- agentResults[i].tc = tc
+ if ts.hardAbortRequested() {
+ turnStatus = TurnEndStatusAborted
+ return al.abortTurn(ts)
+ }
- wg.Add(1)
- go func(idx int, tc providers.ToolCall) {
- defer wg.Done()
+ toolName := tc.Name
+ toolArgs := cloneStringAnyMap(tc.Arguments)
- argsJSON, _ := json.Marshal(tc.Arguments)
- argsPreview := utils.Truncate(string(argsJSON), 200)
- logger.InfoCF("agent", fmt.Sprintf("Tool call: %s(%s)", tc.Name, argsPreview),
- map[string]any{
- "agent_id": agent.ID,
- "tool": tc.Name,
- "iteration": iteration,
- })
-
- // Send tool feedback to chat channel if enabled
- if al.cfg.Agents.Defaults.IsToolFeedbackEnabled() && opts.Channel != "" {
- feedbackPreview := utils.Truncate(
- string(argsJSON),
- al.cfg.Agents.Defaults.GetToolFeedbackMaxArgsLength(),
+ if al.hooks != nil {
+ toolReq, decision := al.hooks.BeforeTool(turnCtx, &ToolCallHookRequest{
+ Meta: ts.eventMeta("runTurn", "turn.tool.before"),
+ Tool: toolName,
+ Arguments: toolArgs,
+ Channel: ts.channel,
+ ChatID: ts.chatID,
+ })
+ switch decision.normalizedAction() {
+ case HookActionContinue, HookActionModify:
+ if toolReq != nil {
+ toolName = toolReq.Tool
+ toolArgs = toolReq.Arguments
+ }
+ case HookActionDenyTool:
+ denyContent := hookDeniedToolContent("Tool execution denied by hook", decision.Reason)
+ al.emitEvent(
+ EventKindToolExecSkipped,
+ ts.eventMeta("runTurn", "turn.tool.skipped"),
+ ToolExecSkippedPayload{
+ Tool: toolName,
+ Reason: denyContent,
+ },
)
- feedbackMsg := fmt.Sprintf("\U0001f527 `%s`\n```\n%s\n```", tc.Name, feedbackPreview)
- fbCtx, fbCancel := context.WithTimeout(ctx, 3*time.Second)
- _ = al.bus.PublishOutbound(fbCtx, bus.OutboundMessage{
- Channel: opts.Channel,
- ChatID: opts.ChatID,
- Content: feedbackMsg,
- })
- fbCancel()
+ deniedMsg := providers.Message{
+ Role: "tool",
+ Content: denyContent,
+ ToolCallID: tc.ID,
+ }
+ messages = append(messages, deniedMsg)
+ if !ts.opts.NoHistory {
+ ts.agent.Sessions.AddFullMessage(ts.sessionKey, deniedMsg)
+ ts.recordPersistedMessage(deniedMsg)
+ }
+ continue
+ case HookActionAbortTurn:
+ turnStatus = TurnEndStatusError
+ return turnResult{}, al.hookAbortError(ts, "before_tool", decision)
+ case HookActionHardAbort:
+ _ = ts.requestHardAbort()
+ turnStatus = TurnEndStatusAborted
+ return al.abortTurn(ts)
}
+ }
- // Create async callback for tools that implement AsyncExecutor.
- // When the background work completes, this publishes the result
- // as an inbound system message so processSystemMessage routes it
- // back to the user via the normal agent loop.
- asyncCallback := func(_ context.Context, result *tools.ToolResult) {
- // Send ForUser content directly to the user (immediate feedback),
- // mirroring the synchronous tool execution path.
- if !result.Silent && result.ForUser != "" {
- outCtx, outCancel := context.WithTimeout(context.Background(), 5*time.Second)
- defer outCancel()
- _ = al.bus.PublishOutbound(outCtx, bus.OutboundMessage{
- Channel: opts.Channel,
- ChatID: opts.ChatID,
- Content: result.ForUser,
- })
+ if al.hooks != nil {
+ approval := al.hooks.ApproveTool(turnCtx, &ToolApprovalRequest{
+ Meta: ts.eventMeta("runTurn", "turn.tool.approve"),
+ Tool: toolName,
+ Arguments: toolArgs,
+ Channel: ts.channel,
+ ChatID: ts.chatID,
+ })
+ if !approval.Approved {
+ denyContent := hookDeniedToolContent("Tool execution denied by approval hook", approval.Reason)
+ al.emitEvent(
+ EventKindToolExecSkipped,
+ ts.eventMeta("runTurn", "turn.tool.skipped"),
+ ToolExecSkippedPayload{
+ Tool: toolName,
+ Reason: denyContent,
+ },
+ )
+ deniedMsg := providers.Message{
+ Role: "tool",
+ Content: denyContent,
+ ToolCallID: tc.ID,
}
-
- // Determine content for the agent loop (ForLLM or error).
- content := result.ForLLM
- if content == "" && result.Err != nil {
- content = result.Err.Error()
+ messages = append(messages, deniedMsg)
+ if !ts.opts.NoHistory {
+ ts.agent.Sessions.AddFullMessage(ts.sessionKey, deniedMsg)
+ ts.recordPersistedMessage(deniedMsg)
}
- if content == "" {
- return
- }
-
- logger.InfoCF("agent", "Async tool completed, publishing result",
- map[string]any{
- "tool": tc.Name,
- "content_len": len(content),
- "channel": opts.Channel,
- })
-
- pubCtx, pubCancel := context.WithTimeout(context.Background(), 5*time.Second)
- defer pubCancel()
- _ = al.bus.PublishInbound(pubCtx, bus.InboundMessage{
- Channel: "system",
- SenderID: fmt.Sprintf("async:%s", tc.Name),
- ChatID: fmt.Sprintf("%s:%s", opts.Channel, opts.ChatID),
- Content: content,
- })
+ continue
}
+ }
- toolResult := agent.Tools.ExecuteWithContext(
- ctx,
- tc.Name,
- tc.Arguments,
- opts.Channel,
- opts.ChatID,
- asyncCallback,
+ argsJSON, _ := json.Marshal(toolArgs)
+ argsPreview := utils.Truncate(string(argsJSON), 200)
+ logger.InfoCF("agent", fmt.Sprintf("Tool call: %s(%s)", toolName, argsPreview),
+ map[string]any{
+ "agent_id": ts.agent.ID,
+ "tool": toolName,
+ "iteration": iteration,
+ })
+ al.emitEvent(
+ EventKindToolExecStart,
+ ts.eventMeta("runTurn", "turn.tool.start"),
+ ToolExecStartPayload{
+ Tool: toolName,
+ Arguments: cloneEventArguments(toolArgs),
+ },
+ )
+
+ // Send tool feedback to chat channel if enabled (from HEAD)
+ if al.cfg.Agents.Defaults.IsToolFeedbackEnabled() && ts.channel != "" {
+ feedbackPreview := utils.Truncate(
+ string(argsJSON),
+ al.cfg.Agents.Defaults.GetToolFeedbackMaxArgsLength(),
)
- agentResults[idx].result = toolResult
- }(i, tc)
- }
- wg.Wait()
+ feedbackMsg := fmt.Sprintf("\U0001f527 `%s`\n```\n%s\n```", tc.Name, feedbackPreview)
+ fbCtx, fbCancel := context.WithTimeout(turnCtx, 3*time.Second)
+ _ = al.bus.PublishOutbound(fbCtx, bus.OutboundMessage{
+ Channel: ts.channel,
+ ChatID: ts.chatID,
+ Content: feedbackMsg,
+ })
+ fbCancel()
+ }
- // Process results in original order (send to user, save to session)
- for _, r := range agentResults {
- // Send ForUser content to user immediately if not Silent
- if !r.result.Silent && r.result.ForUser != "" && opts.SendResponse {
+ toolCallID := tc.ID
+ toolIteration := iteration
+ asyncToolName := toolName
+ asyncCallback := func(_ context.Context, result *tools.ToolResult) {
+ // Send ForUser content directly to the user (immediate feedback),
+ // mirroring the synchronous tool execution path.
+ if !result.Silent && result.ForUser != "" {
+ outCtx, outCancel := context.WithTimeout(context.Background(), 5*time.Second)
+ defer outCancel()
+ _ = al.bus.PublishOutbound(outCtx, bus.OutboundMessage{
+ Channel: ts.channel,
+ ChatID: ts.chatID,
+ Content: result.ForUser,
+ })
+ }
+
+ // Determine content for the agent loop (ForLLM or error).
+ content := result.ForLLM
+ if content == "" && result.Err != nil {
+ content = result.Err.Error()
+ }
+ if content == "" {
+ return
+ }
+
+ logger.InfoCF("agent", "Async tool completed, publishing result",
+ map[string]any{
+ "tool": asyncToolName,
+ "content_len": len(content),
+ "channel": ts.channel,
+ })
+ al.emitEvent(
+ EventKindFollowUpQueued,
+ ts.scope.meta(toolIteration, "runTurn", "turn.follow_up.queued"),
+ FollowUpQueuedPayload{
+ SourceTool: asyncToolName,
+ Channel: ts.channel,
+ ChatID: ts.chatID,
+ ContentLen: len(content),
+ },
+ )
+
+ pubCtx, pubCancel := context.WithTimeout(context.Background(), 5*time.Second)
+ defer pubCancel()
+ _ = al.bus.PublishInbound(pubCtx, bus.InboundMessage{
+ Channel: "system",
+ SenderID: fmt.Sprintf("async:%s", asyncToolName),
+ ChatID: fmt.Sprintf("%s:%s", ts.channel, ts.chatID),
+ Content: content,
+ })
+ }
+
+ toolStart := time.Now()
+ toolResult := ts.agent.Tools.ExecuteWithContext(
+ turnCtx,
+ toolName,
+ toolArgs,
+ ts.channel,
+ ts.chatID,
+ asyncCallback,
+ )
+ toolDuration := time.Since(toolStart)
+
+ if ts.hardAbortRequested() {
+ turnStatus = TurnEndStatusAborted
+ return al.abortTurn(ts)
+ }
+
+ if al.hooks != nil {
+ toolResp, decision := al.hooks.AfterTool(turnCtx, &ToolResultHookResponse{
+ Meta: ts.eventMeta("runTurn", "turn.tool.after"),
+ Tool: toolName,
+ Arguments: toolArgs,
+ Result: toolResult,
+ Duration: toolDuration,
+ Channel: ts.channel,
+ ChatID: ts.chatID,
+ })
+ switch decision.normalizedAction() {
+ case HookActionContinue, HookActionModify:
+ if toolResp != nil {
+ if toolResp.Tool != "" {
+ toolName = toolResp.Tool
+ }
+ if toolResp.Result != nil {
+ toolResult = toolResp.Result
+ }
+ }
+ case HookActionAbortTurn:
+ turnStatus = TurnEndStatusError
+ return turnResult{}, al.hookAbortError(ts, "after_tool", decision)
+ case HookActionHardAbort:
+ _ = ts.requestHardAbort()
+ turnStatus = TurnEndStatusAborted
+ return al.abortTurn(ts)
+ }
+ }
+
+ if toolResult == nil {
+ toolResult = tools.ErrorResult("hook returned nil tool result")
+ }
+
+ if !toolResult.Silent && toolResult.ForUser != "" && ts.opts.SendResponse {
al.bus.PublishOutbound(ctx, bus.OutboundMessage{
- Channel: opts.Channel,
- ChatID: opts.ChatID,
- Content: r.result.ForUser,
+ Channel: ts.channel,
+ ChatID: ts.chatID,
+ Content: toolResult.ForUser,
})
logger.DebugCF("agent", "Sent tool result to user",
map[string]any{
- "tool": r.tc.Name,
- "content_len": len(r.result.ForUser),
+ "tool": toolName,
+ "content_len": len(toolResult.ForUser),
})
}
- // If tool returned media refs, publish them as outbound media
- if len(r.result.Media) > 0 {
- parts := make([]bus.MediaPart, 0, len(r.result.Media))
- for _, ref := range r.result.Media {
+ if len(toolResult.Media) > 0 {
+ parts := make([]bus.MediaPart, 0, len(toolResult.Media))
+ for _, ref := range toolResult.Media {
part := bus.MediaPart{Ref: ref}
if al.mediaStore != nil {
if _, meta, err := al.mediaStore.ResolveWithMeta(ref); err == nil {
@@ -1470,42 +2427,195 @@ func (al *AgentLoop) runLLMIteration(
parts = append(parts, part)
}
al.bus.PublishOutboundMedia(ctx, bus.OutboundMediaMessage{
- Channel: opts.Channel,
- ChatID: opts.ChatID,
+ Channel: ts.channel,
+ ChatID: ts.chatID,
Parts: parts,
})
}
- // Determine content for LLM based on tool result
- contentForLLM := r.result.ForLLM
- if contentForLLM == "" && r.result.Err != nil {
- contentForLLM = r.result.Err.Error()
+ contentForLLM := toolResult.ForLLM
+ if contentForLLM == "" && toolResult.Err != nil {
+ contentForLLM = toolResult.Err.Error()
}
toolResultMsg := providers.Message{
Role: "tool",
Content: contentForLLM,
- ToolCallID: r.tc.ID,
+ ToolCallID: toolCallID,
}
+ al.emitEvent(
+ EventKindToolExecEnd,
+ ts.eventMeta("runTurn", "turn.tool.end"),
+ ToolExecEndPayload{
+ Tool: toolName,
+ Duration: toolDuration,
+ ForLLMLen: len(contentForLLM),
+ ForUserLen: len(toolResult.ForUser),
+ IsError: toolResult.IsError,
+ Async: toolResult.Async,
+ },
+ )
messages = append(messages, toolResultMsg)
+ if !ts.opts.NoHistory {
+ ts.agent.Sessions.AddFullMessage(ts.sessionKey, toolResultMsg)
+ ts.recordPersistedMessage(toolResultMsg)
+ }
- // Save tool result message to session
- agent.Sessions.AddFullMessage(opts.SessionKey, toolResultMsg)
+ if steerMsgs := al.dequeueSteeringMessagesForScope(ts.sessionKey); len(steerMsgs) > 0 {
+ pendingMessages = append(pendingMessages, steerMsgs...)
+ }
+
+ skipReason := ""
+ skipMessage := ""
+ if len(pendingMessages) > 0 {
+ skipReason = "queued user steering message"
+ skipMessage = "Skipped due to queued user message."
+ } else if gracefulPending, _ := ts.gracefulInterruptRequested(); gracefulPending {
+ skipReason = "graceful interrupt requested"
+ skipMessage = "Skipped due to graceful interrupt."
+ }
+
+ if skipReason != "" {
+ remaining := len(normalizedToolCalls) - i - 1
+ if remaining > 0 {
+ logger.InfoCF("agent", "Turn checkpoint: skipping remaining tools",
+ map[string]any{
+ "agent_id": ts.agent.ID,
+ "completed": i + 1,
+ "skipped": remaining,
+ "reason": skipReason,
+ })
+ for j := i + 1; j < len(normalizedToolCalls); j++ {
+ skippedTC := normalizedToolCalls[j]
+ al.emitEvent(
+ EventKindToolExecSkipped,
+ ts.eventMeta("runTurn", "turn.tool.skipped"),
+ ToolExecSkippedPayload{
+ Tool: skippedTC.Name,
+ Reason: skipReason,
+ },
+ )
+ skippedMsg := providers.Message{
+ Role: "tool",
+ Content: skipMessage,
+ ToolCallID: skippedTC.ID,
+ }
+ messages = append(messages, skippedMsg)
+ if !ts.opts.NoHistory {
+ ts.agent.Sessions.AddFullMessage(ts.sessionKey, skippedMsg)
+ ts.recordPersistedMessage(skippedMsg)
+ }
+ }
+ }
+ break
+ }
+
+ // Also poll for any SubTurn results that arrived during tool execution.
+ if ts.pendingResults != nil {
+ select {
+ case result, ok := <-ts.pendingResults:
+ if ok && result != nil && result.ForLLM != "" {
+ msg := providers.Message{Role: "user", Content: fmt.Sprintf("[SubTurn Result] %s", result.ForLLM)}
+ messages = append(messages, msg)
+ ts.agent.Sessions.AddFullMessage(ts.sessionKey, msg)
+ }
+ default:
+ // No results available
+ }
+ }
}
- // Tick down TTL of discovered tools after processing tool results.
- // Only reached when tool calls were made (the loop continues);
- // the break on no-tool-call responses skips this.
- // NOTE: This is safe because processMessage is sequential per agent.
- // If per-agent concurrency is added, TTL consistency between
- // ToProviderDefs and Get must be re-evaluated.
- agent.Tools.TickTTL()
+ ts.agent.Tools.TickTTL()
logger.DebugCF("agent", "TTL tick after tool execution", map[string]any{
- "agent_id": agent.ID, "iteration": iteration,
+ "agent_id": ts.agent.ID, "iteration": iteration,
})
}
- return finalContent, iteration, nil
+ if steerMsgs := al.dequeueSteeringMessagesForScope(ts.sessionKey); len(steerMsgs) > 0 {
+ logger.InfoCF("agent", "Steering arrived after turn completion; continuing turn before finalizing",
+ map[string]any{
+ "agent_id": ts.agent.ID,
+ "steering_count": len(steerMsgs),
+ "session_key": ts.sessionKey,
+ })
+ pendingMessages = append(pendingMessages, steerMsgs...)
+ finalContent = ""
+ goto turnLoop
+ }
+
+ if ts.hardAbortRequested() {
+ turnStatus = TurnEndStatusAborted
+ return al.abortTurn(ts)
+ }
+
+ if finalContent == "" {
+ if ts.currentIteration() >= ts.agent.MaxIterations && ts.agent.MaxIterations > 0 {
+ finalContent = toolLimitResponse
+ } else {
+ finalContent = ts.opts.DefaultResponse
+ }
+ }
+
+ ts.setPhase(TurnPhaseFinalizing)
+ ts.setFinalContent(finalContent)
+ if !ts.opts.NoHistory {
+ finalMsg := providers.Message{Role: "assistant", Content: finalContent}
+ ts.agent.Sessions.AddMessage(ts.sessionKey, finalMsg.Role, finalMsg.Content)
+ ts.recordPersistedMessage(finalMsg)
+ if err := ts.agent.Sessions.Save(ts.sessionKey); err != nil {
+ turnStatus = TurnEndStatusError
+ al.emitEvent(
+ EventKindError,
+ ts.eventMeta("runTurn", "turn.error"),
+ ErrorPayload{
+ Stage: "session_save",
+ Message: err.Error(),
+ },
+ )
+ return turnResult{}, err
+ }
+ }
+
+ if ts.opts.EnableSummary {
+ al.maybeSummarize(ts.agent, ts.sessionKey, ts.scope)
+ }
+
+ ts.setPhase(TurnPhaseCompleted)
+ return turnResult{
+ finalContent: finalContent,
+ status: turnStatus,
+ followUps: append([]bus.InboundMessage(nil), ts.followUps...),
+ }, nil
+}
+
+func (al *AgentLoop) abortTurn(ts *turnState) (turnResult, error) {
+ ts.setPhase(TurnPhaseAborted)
+ if !ts.opts.NoHistory {
+ if err := ts.restoreSession(ts.agent); err != nil {
+ al.emitEvent(
+ EventKindError,
+ ts.eventMeta("abortTurn", "turn.error"),
+ ErrorPayload{
+ Stage: "session_restore",
+ Message: err.Error(),
+ },
+ )
+ return turnResult{}, err
+ }
+ }
+ return turnResult{status: TurnEndStatusAborted}, nil
+}
+
+func sleepWithContext(ctx context.Context, d time.Duration) error {
+ timer := time.NewTimer(d)
+ defer timer.Stop()
+
+ select {
+ case <-ctx.Done():
+ return ctx.Err()
+ case <-timer.C:
+ return nil
+ }
}
// selectCandidates returns the model candidates and resolved model name to use
@@ -1547,7 +2657,7 @@ func (al *AgentLoop) selectCandidates(
}
// maybeSummarize triggers summarization if the session history exceeds thresholds.
-func (al *AgentLoop) maybeSummarize(agent *AgentInstance, sessionKey, channel, chatID string) {
+func (al *AgentLoop) maybeSummarize(agent *AgentInstance, sessionKey string, turnScope turnEventScope) {
newHistory := agent.Sessions.GetHistory(sessionKey)
tokenEstimate := al.estimateTokens(newHistory)
threshold := agent.ContextWindow * agent.SummarizeTokenPercent / 100
@@ -1558,63 +2668,91 @@ func (al *AgentLoop) maybeSummarize(agent *AgentInstance, sessionKey, channel, c
go func() {
defer al.summarizing.Delete(summarizeKey)
logger.Debug("Memory threshold reached. Optimizing conversation history...")
- al.summarizeSession(agent, sessionKey)
+ al.summarizeSession(agent, sessionKey, turnScope)
}()
}
}
}
+type compressionResult struct {
+ DroppedMessages int
+ RemainingMessages int
+}
+
// forceCompression aggressively reduces context when the limit is hit.
-// It drops the oldest 50% of messages (keeping system prompt and last user message).
-func (al *AgentLoop) forceCompression(agent *AgentInstance, sessionKey string) {
+// It drops the oldest ~50% of Turns (a Turn is a complete user→LLM→response
+// cycle, as defined in #1316), so tool-call sequences are never split.
+//
+// If the history is a single Turn with no safe split point, the function
+// falls back to keeping only the most recent user message. This breaks
+// Turn atomicity as a last resort to avoid a context-exceeded loop.
+//
+// Session history contains only user/assistant/tool messages — the system
+// prompt is built dynamically by BuildMessages and is NOT stored here.
+// The compression note is recorded in the session summary so that
+// BuildMessages can include it in the next system prompt.
+func (al *AgentLoop) forceCompression(agent *AgentInstance, sessionKey string) (compressionResult, bool) {
history := agent.Sessions.GetHistory(sessionKey)
- if len(history) <= 4 {
- return
+ if len(history) <= 2 {
+ return compressionResult{}, false
}
- // Keep system prompt (usually [0]) and the very last message (user's trigger)
- // We want to drop the oldest half of the *conversation*
- // Assuming [0] is system, [1:] is conversation
- conversation := history[1 : len(history)-1]
- if len(conversation) == 0 {
- return
+ // Split at a Turn boundary so no tool-call sequence is torn apart.
+ // parseTurnBoundaries gives us the start of each Turn; we drop the
+ // oldest half of Turns and keep the most recent ones.
+ turns := parseTurnBoundaries(history)
+ var mid int
+ if len(turns) >= 2 {
+ mid = turns[len(turns)/2]
+ } else {
+ // Fewer than 2 Turns — fall back to message-level midpoint
+ // aligned to the nearest Turn boundary.
+ mid = findSafeBoundary(history, len(history)/2)
+ }
+ var keptHistory []providers.Message
+ if mid <= 0 {
+ // No safe Turn boundary — the entire history is a single Turn
+ // (e.g. one user message followed by a massive tool response).
+ // Keeping everything would leave the agent stuck in a context-
+ // exceeded loop, so fall back to keeping only the most recent
+ // user message. This breaks Turn atomicity as a last resort.
+ for i := len(history) - 1; i >= 0; i-- {
+ if history[i].Role == "user" {
+ keptHistory = []providers.Message{history[i]}
+ break
+ }
+ }
+ } else {
+ keptHistory = history[mid:]
}
- // Helper to find the mid-point of the conversation
- mid := len(conversation) / 2
+ droppedCount := len(history) - len(keptHistory)
- // New history structure:
- // 1. System Prompt (with compression note appended)
- // 2. Second half of conversation
- // 3. Last message
-
- droppedCount := mid
- keptConversation := conversation[mid:]
-
- newHistory := make([]providers.Message, 0, 1+len(keptConversation)+1)
-
- // Append compression note to the original system prompt instead of adding a new system message
- // This avoids having two consecutive system messages which some APIs (like Zhipu) reject
+ // Record compression in the session summary so BuildMessages includes it
+ // in the system prompt. We do not modify history messages themselves.
+ existingSummary := agent.Sessions.GetSummary(sessionKey)
compressionNote := fmt.Sprintf(
- "\n\n[System Note: Emergency compression dropped %d oldest messages due to context limit]",
+ "[Emergency compression dropped %d oldest messages due to context limit]",
droppedCount,
)
- enhancedSystemPrompt := history[0]
- enhancedSystemPrompt.Content = enhancedSystemPrompt.Content + compressionNote
- newHistory = append(newHistory, enhancedSystemPrompt)
+ if existingSummary != "" {
+ compressionNote = existingSummary + "\n\n" + compressionNote
+ }
+ agent.Sessions.SetSummary(sessionKey, compressionNote)
- newHistory = append(newHistory, keptConversation...)
- newHistory = append(newHistory, history[len(history)-1]) // Last message
-
- // Update session
- agent.Sessions.SetHistory(sessionKey, newHistory)
+ agent.Sessions.SetHistory(sessionKey, keptHistory)
agent.Sessions.Save(sessionKey)
logger.WarnCF("agent", "Forced compression executed", map[string]any{
"session_key": sessionKey,
"dropped_msgs": droppedCount,
- "new_count": len(newHistory),
+ "new_count": len(keptHistory),
})
+
+ return compressionResult{
+ DroppedMessages: droppedCount,
+ RemainingMessages: len(keptHistory),
+ }, true
}
// GetStartupInfo returns information about loaded tools and skills for logging.
@@ -1706,19 +2844,25 @@ func formatToolsForLog(toolDefs []providers.ToolDefinition) string {
}
// summarizeSession summarizes the conversation history for a session.
-func (al *AgentLoop) summarizeSession(agent *AgentInstance, sessionKey string) {
+func (al *AgentLoop) summarizeSession(agent *AgentInstance, sessionKey string, turnScope turnEventScope) {
ctx, cancel := context.WithTimeout(context.Background(), 120*time.Second)
defer cancel()
history := agent.Sessions.GetHistory(sessionKey)
summary := agent.Sessions.GetSummary(sessionKey)
- // Keep last 4 messages for continuity
+ // Keep the most recent Turns for continuity, aligned to a Turn boundary
+ // so that no tool-call sequence is split.
if len(history) <= 4 {
return
}
- toSummarize := history[:len(history)-4]
+ safeCut := findSafeBoundary(history, len(history)-4)
+ if safeCut <= 0 {
+ return
+ }
+ keepCount := len(history) - safeCut
+ toSummarize := history[:safeCut]
// Oversized Message Guard
maxMessageTokens := agent.ContextWindow / 2
@@ -1783,8 +2927,18 @@ func (al *AgentLoop) summarizeSession(agent *AgentInstance, sessionKey string) {
if finalSummary != "" {
agent.Sessions.SetSummary(sessionKey, finalSummary)
- agent.Sessions.TruncateHistory(sessionKey, 4)
+ agent.Sessions.TruncateHistory(sessionKey, keepCount)
agent.Sessions.Save(sessionKey)
+ al.emitEvent(
+ EventKindSessionSummarize,
+ turnScope.meta(0, "summarizeSession", "turn.session.summarize"),
+ SessionSummarizePayload{
+ SummarizedMessages: len(validMessages),
+ KeptMessages: keepCount,
+ SummaryLen: len(finalSummary),
+ OmittedOversized: omitted,
+ },
+ )
}
}
@@ -1921,15 +3075,14 @@ func (al *AgentLoop) summarizeBatch(
}
// estimateTokens estimates the number of tokens in a message list.
-// Uses a safe heuristic of 2.5 characters per token to account for CJK and other
-// overheads better than the previous 3 chars/token.
+// Counts Content, ToolCalls arguments, and ToolCallID metadata so that
+// tool-heavy conversations are not systematically undercounted.
func (al *AgentLoop) estimateTokens(messages []providers.Message) int {
- totalChars := 0
+ total := 0
for _, m := range messages {
- totalChars += utf8.RuneCountInString(m.Content)
+ total += estimateMessageTokens(m)
}
- // 2.5 chars per token = totalChars * 2 / 5
- return totalChars * 2 / 5
+ return total
}
func (al *AgentLoop) handleCommand(
@@ -1988,6 +3141,13 @@ func (al *AgentLoop) buildCommandsRuntime(agent *AgentInstance, opts *processOpt
}
return al.channelManager.GetEnabledChannels()
},
+ GetActiveTurn: func() any {
+ info := al.GetActiveTurn()
+ if info == nil {
+ return nil
+ }
+ return info
+ },
SwitchChannel: func(value string) error {
if al.channelManager == nil {
return fmt.Errorf("channel manager not initialized")
diff --git a/pkg/agent/loop_test.go b/pkg/agent/loop_test.go
index 28eab03db..6cc5fe981 100644
--- a/pkg/agent/loop_test.go
+++ b/pkg/agent/loop_test.go
@@ -67,7 +67,7 @@ func newTestAgentLoop(
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 4096,
MaxToolIterations: 10,
},
@@ -90,7 +90,7 @@ func TestProcessMessage_IncludesCurrentSenderInDynamicContext(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 4096,
MaxToolIterations: 10,
},
@@ -179,7 +179,7 @@ func TestNewAgentLoop_StateInitialized(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 4096,
MaxToolIterations: 10,
},
@@ -215,7 +215,7 @@ func TestToolRegistry_ToolRegistration(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 4096,
MaxToolIterations: 10,
},
@@ -272,7 +272,7 @@ func TestToolRegistry_GetDefinitions(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 4096,
MaxToolIterations: 10,
},
@@ -308,7 +308,7 @@ func TestAgentLoop_GetStartupInfo(t *testing.T) {
cfg := config.DefaultConfig()
cfg.Agents.Defaults.Workspace = tmpDir
- cfg.Agents.Defaults.Model = "test-model"
+ cfg.Agents.Defaults.ModelName = "test-model"
cfg.Agents.Defaults.MaxTokens = 4096
cfg.Agents.Defaults.MaxToolIterations = 10
@@ -352,7 +352,7 @@ func TestAgentLoop_Stop(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 4096,
MaxToolIterations: 10,
},
@@ -558,7 +558,7 @@ func TestProcessMessage_UsesRouteSessionKey(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 4096,
MaxToolIterations: 10,
},
@@ -614,7 +614,7 @@ func TestProcessMessage_CommandOutcomes(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 4096,
MaxToolIterations: 10,
},
@@ -694,26 +694,34 @@ func TestProcessMessage_SwitchModelShowModelConsistency(t *testing.T) {
Defaults: config.AgentDefaults{
Workspace: tmpDir,
Provider: "openai",
- Model: "local",
+ ModelName: "local",
MaxTokens: 4096,
MaxToolIterations: 10,
},
},
- ModelList: []config.ModelConfig{
+ ModelList: []*config.ModelConfig{
{
ModelName: "local",
Model: "openai/local-model",
- APIKey: "test-key",
APIBase: "https://local.example.invalid/v1",
},
{
ModelName: "deepseek",
Model: "openrouter/deepseek/deepseek-v3.2",
- APIKey: "test-key",
APIBase: "https://openrouter.ai/api/v1",
},
},
}
+ cfg.WithSecurity(&config.SecurityConfig{
+ ModelList: map[string]config.ModelSecurityEntry{
+ "local": {
+ APIKeys: []string{"test-key"},
+ },
+ "deepseek": {
+ APIKeys: []string{"test-key"},
+ },
+ },
+ })
msgBus := bus.NewMessageBus()
provider := &countingMockProvider{response: "LLM reply"}
@@ -765,20 +773,26 @@ func TestProcessMessage_SwitchModelRejectsUnknownAlias(t *testing.T) {
Defaults: config.AgentDefaults{
Workspace: tmpDir,
Provider: "openai",
- Model: "local",
+ ModelName: "local",
MaxTokens: 4096,
MaxToolIterations: 10,
},
},
- ModelList: []config.ModelConfig{
+ ModelList: []*config.ModelConfig{
{
ModelName: "local",
Model: "openai/local-model",
- APIKey: "test-key",
APIBase: "https://local.example.invalid/v1",
},
},
}
+ cfg.WithSecurity(&config.SecurityConfig{
+ ModelList: map[string]config.ModelSecurityEntry{
+ "local": {
+ APIKeys: []string{"test-key"},
+ },
+ },
+ })
msgBus := bus.NewMessageBus()
provider := &countingMockProvider{response: "LLM reply"}
@@ -840,26 +854,34 @@ func TestProcessMessage_SwitchModelRoutesSubsequentRequestsToSelectedProvider(t
Defaults: config.AgentDefaults{
Workspace: tmpDir,
Provider: "openai",
- Model: "local",
+ ModelName: "local",
MaxTokens: 4096,
MaxToolIterations: 10,
},
},
- ModelList: []config.ModelConfig{
+ ModelList: []*config.ModelConfig{
{
ModelName: "local",
Model: "openai/Qwen3.5-35B-A3B",
- APIKey: "local-key",
APIBase: localServer.URL,
},
{
ModelName: "deepseek",
Model: "openrouter/deepseek/deepseek-v3.2",
- APIKey: "remote-key",
APIBase: remoteServer.URL,
},
},
}
+ cfg.WithSecurity(&config.SecurityConfig{
+ ModelList: map[string]config.ModelSecurityEntry{
+ "local": {
+ APIKeys: []string{"local-key"},
+ },
+ "deepseek": {
+ APIKeys: []string{"remote-key"},
+ },
+ },
+ })
msgBus := bus.NewMessageBus()
provider, _, err := providers.CreateProvider(cfg)
@@ -946,7 +968,7 @@ func TestToolResult_SilentToolDoesNotSendUserMessage(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 4096,
MaxToolIterations: 10,
},
@@ -988,7 +1010,7 @@ func TestToolResult_UserFacingToolDoesSendMessage(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 4096,
MaxToolIterations: 10,
},
@@ -1059,7 +1081,7 @@ func TestAgentLoop_ContextExhaustionRetry(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 4096,
MaxToolIterations: 10,
},
@@ -1078,11 +1100,11 @@ func TestAgentLoop_ContextExhaustionRetry(t *testing.T) {
al := NewAgentLoop(cfg, msgBus, provider)
- // Inject some history to simulate a full context
+ // Inject some history to simulate a full context.
+ // Session history only stores user/assistant/tool messages — the system
+ // prompt is built dynamically by BuildMessages and is NOT stored here.
sessionKey := "test-session-context"
- // Create dummy history
history := []providers.Message{
- {Role: "system", Content: "System prompt"},
{Role: "user", Content: "Old message 1"},
{Role: "assistant", Content: "Old response 1"},
{Role: "user", Content: "Old message 2"},
@@ -1120,12 +1142,11 @@ func TestAgentLoop_ContextExhaustionRetry(t *testing.T) {
// Check final history length
finalHistory := defaultAgent.Sessions.GetHistory(sessionKey)
// We verify that the history has been modified (compressed)
- // Original length: 6
- // Expected behavior: compression drops ~50% of history (mid slice)
- // We can assert that the length is NOT what it would be without compression.
- // Without compression: 6 + 1 (new user msg) + 1 (assistant msg) = 8
- if len(finalHistory) >= 8 {
- t.Errorf("Expected history to be compressed (len < 8), got %d", len(finalHistory))
+ // Original length: 5
+ // Expected behavior: compression drops ~50% of Turns
+ // Without compression: 5 + 1 (new user msg) + 1 (assistant msg) = 7
+ if len(finalHistory) >= 7 {
+ t.Errorf("Expected history to be compressed (len < 7), got %d", len(finalHistory))
}
}
@@ -1140,7 +1161,7 @@ func TestAgentLoop_EmptyModelResponseUsesAccurateFallback(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 4096,
MaxToolIterations: 3,
},
@@ -1171,7 +1192,7 @@ func TestAgentLoop_ToolLimitUsesDedicatedFallback(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 4096,
MaxToolIterations: 1,
},
@@ -1228,7 +1249,7 @@ func TestProcessDirectWithChannel_TriggersMCPInitialization(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 4096,
MaxToolIterations: 10,
},
@@ -1280,7 +1301,7 @@ func TestTargetReasoningChannelID_AllChannels(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 4096,
MaxToolIterations: 10,
},
@@ -1350,7 +1371,7 @@ func TestHandleReasoning(t *testing.T) {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: tmpDir,
- Model: "test-model",
+ ModelName: "test-model",
MaxTokens: 4096,
MaxToolIterations: 10,
},
diff --git a/pkg/agent/registry_test.go b/pkg/agent/registry_test.go
index 518bb441f..b173ef967 100644
--- a/pkg/agent/registry_test.go
+++ b/pkg/agent/registry_test.go
@@ -29,7 +29,7 @@ func testCfg(agents []config.AgentConfig) *config.Config {
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: "/tmp/picoclaw-test-registry",
- Model: "gpt-4",
+ ModelName: "gpt-4",
MaxTokens: 8192,
MaxToolIterations: 10,
},
diff --git a/pkg/agent/steering.go b/pkg/agent/steering.go
new file mode 100644
index 000000000..ad6613e8c
--- /dev/null
+++ b/pkg/agent/steering.go
@@ -0,0 +1,503 @@
+package agent
+
+import (
+ "context"
+ "fmt"
+ "strings"
+ "sync"
+
+ "github.com/sipeed/picoclaw/pkg/logger"
+ "github.com/sipeed/picoclaw/pkg/providers"
+ "github.com/sipeed/picoclaw/pkg/routing"
+ "github.com/sipeed/picoclaw/pkg/tools"
+)
+
+// SteeringMode controls how queued steering messages are dequeued.
+type SteeringMode string
+
+const (
+ // SteeringOneAtATime dequeues only the first queued message per poll.
+ SteeringOneAtATime SteeringMode = "one-at-a-time"
+ // SteeringAll drains the entire queue in a single poll.
+ SteeringAll SteeringMode = "all"
+ // MaxQueueSize number of possible messages in the Steering Queue
+ MaxQueueSize = 10
+ // manualSteeringScope is the legacy fallback queue used when no active
+ // turn/session scope is available.
+ manualSteeringScope = "__manual__"
+)
+
+// parseSteeringMode normalizes a config string into a SteeringMode.
+func parseSteeringMode(s string) SteeringMode {
+ switch s {
+ case "all":
+ return SteeringAll
+ default:
+ return SteeringOneAtATime
+ }
+}
+
+// steeringQueue is a thread-safe queue of user messages that can be injected
+// into a running agent loop to interrupt it between tool calls.
+type steeringQueue struct {
+ mu sync.Mutex
+ queues map[string][]providers.Message
+ mode SteeringMode
+}
+
+func newSteeringQueue(mode SteeringMode) *steeringQueue {
+ return &steeringQueue{
+ queues: make(map[string][]providers.Message),
+ mode: mode,
+ }
+}
+
+func normalizeSteeringScope(scope string) string {
+ scope = strings.TrimSpace(scope)
+ if scope == "" {
+ return manualSteeringScope
+ }
+ return scope
+}
+
+// push enqueues a steering message in the legacy fallback scope.
+func (sq *steeringQueue) push(msg providers.Message) error {
+ return sq.pushScope(manualSteeringScope, msg)
+}
+
+// pushScope enqueues a steering message for the provided scope.
+func (sq *steeringQueue) pushScope(scope string, msg providers.Message) error {
+ sq.mu.Lock()
+ defer sq.mu.Unlock()
+
+ scope = normalizeSteeringScope(scope)
+ queue := sq.queues[scope]
+ if len(queue) >= MaxQueueSize {
+ return fmt.Errorf("steering queue is full")
+ }
+ sq.queues[scope] = append(queue, msg)
+ return nil
+}
+
+// dequeue removes and returns pending steering messages from the legacy
+// fallback scope according to the configured mode.
+func (sq *steeringQueue) dequeue() []providers.Message {
+ return sq.dequeueScope(manualSteeringScope)
+}
+
+// dequeueScope removes and returns pending steering messages for the provided
+// scope according to the configured mode.
+func (sq *steeringQueue) dequeueScope(scope string) []providers.Message {
+ sq.mu.Lock()
+ defer sq.mu.Unlock()
+
+ return sq.dequeueLocked(normalizeSteeringScope(scope))
+}
+
+// dequeueScopeWithFallback drains the scoped queue first and falls back to the
+// legacy manual scope for backwards compatibility.
+func (sq *steeringQueue) dequeueScopeWithFallback(scope string) []providers.Message {
+ sq.mu.Lock()
+ defer sq.mu.Unlock()
+
+ scope = strings.TrimSpace(scope)
+ if scope != "" {
+ if msgs := sq.dequeueLocked(scope); len(msgs) > 0 {
+ return msgs
+ }
+ }
+
+ return sq.dequeueLocked(manualSteeringScope)
+}
+
+func (sq *steeringQueue) dequeueLocked(scope string) []providers.Message {
+ queue := sq.queues[scope]
+ if len(queue) == 0 {
+ return nil
+ }
+
+ switch sq.mode {
+ case SteeringAll:
+ msgs := append([]providers.Message(nil), queue...)
+ delete(sq.queues, scope)
+ return msgs
+ default:
+ msg := queue[0]
+ queue[0] = providers.Message{} // Clear reference for GC
+ queue = queue[1:]
+ if len(queue) == 0 {
+ delete(sq.queues, scope)
+ } else {
+ sq.queues[scope] = queue
+ }
+ return []providers.Message{msg}
+ }
+}
+
+// len returns the number of queued messages across all scopes.
+func (sq *steeringQueue) len() int {
+ sq.mu.Lock()
+ defer sq.mu.Unlock()
+
+ total := 0
+ for _, queue := range sq.queues {
+ total += len(queue)
+ }
+ return total
+}
+
+// lenScope returns the number of queued messages for a specific scope.
+func (sq *steeringQueue) lenScope(scope string) int {
+ sq.mu.Lock()
+ defer sq.mu.Unlock()
+ return len(sq.queues[normalizeSteeringScope(scope)])
+}
+
+// setMode updates the steering mode.
+func (sq *steeringQueue) setMode(mode SteeringMode) {
+ sq.mu.Lock()
+ defer sq.mu.Unlock()
+ sq.mode = mode
+}
+
+// getMode returns the current steering mode.
+func (sq *steeringQueue) getMode() SteeringMode {
+ sq.mu.Lock()
+ defer sq.mu.Unlock()
+ return sq.mode
+}
+
+// Steer enqueues a user message to be injected into the currently running
+// agent loop. The message will be picked up after the current tool finishes
+// executing, causing any remaining tool calls in the batch to be skipped.
+func (al *AgentLoop) Steer(msg providers.Message) error {
+ scope := ""
+ agentID := ""
+ if ts := al.getAnyActiveTurnState(); ts != nil {
+ scope = ts.sessionKey
+ agentID = ts.agentID
+ }
+ return al.enqueueSteeringMessage(scope, agentID, msg)
+}
+
+func (al *AgentLoop) enqueueSteeringMessage(scope, agentID string, msg providers.Message) error {
+ if al.steering == nil {
+ return fmt.Errorf("steering queue is not initialized")
+ }
+
+ if err := al.steering.pushScope(scope, msg); err != nil {
+ logger.WarnCF("agent", "Failed to enqueue steering message", map[string]any{
+ "error": err.Error(),
+ "role": msg.Role,
+ "scope": normalizeSteeringScope(scope),
+ })
+ return err
+ }
+
+ queueDepth := al.steering.lenScope(scope)
+ logger.DebugCF("agent", "Steering message enqueued", map[string]any{
+ "role": msg.Role,
+ "content_len": len(msg.Content),
+ "media_count": len(msg.Media),
+ "queue_len": queueDepth,
+ "scope": normalizeSteeringScope(scope),
+ })
+
+ meta := EventMeta{
+ Source: "Steer",
+ TracePath: "turn.interrupt.received",
+ }
+ if ts := al.getAnyActiveTurnState(); ts != nil {
+ meta = ts.eventMeta("Steer", "turn.interrupt.received")
+ } else {
+ if strings.TrimSpace(agentID) != "" {
+ meta.AgentID = agentID
+ }
+ normalizedScope := normalizeSteeringScope(scope)
+ if normalizedScope != manualSteeringScope {
+ meta.SessionKey = normalizedScope
+ }
+ if meta.AgentID == "" {
+ if registry := al.GetRegistry(); registry != nil {
+ if agent := registry.GetDefaultAgent(); agent != nil {
+ meta.AgentID = agent.ID
+ }
+ }
+ }
+ }
+
+ al.emitEvent(
+ EventKindInterruptReceived,
+ meta,
+ InterruptReceivedPayload{
+ Kind: InterruptKindSteering,
+ Role: msg.Role,
+ ContentLen: len(msg.Content),
+ QueueDepth: queueDepth,
+ },
+ )
+
+ return nil
+}
+
+// SteeringMode returns the current steering mode.
+func (al *AgentLoop) SteeringMode() SteeringMode {
+ if al.steering == nil {
+ return SteeringOneAtATime
+ }
+ return al.steering.getMode()
+}
+
+// SetSteeringMode updates the steering mode.
+func (al *AgentLoop) SetSteeringMode(mode SteeringMode) {
+ if al.steering == nil {
+ return
+ }
+ al.steering.setMode(mode)
+}
+
+// dequeueSteeringMessages is the internal method called by the agent loop
+// to poll for steering messages in the legacy fallback scope.
+func (al *AgentLoop) dequeueSteeringMessages() []providers.Message {
+ if al.steering == nil {
+ return nil
+ }
+ return al.steering.dequeue()
+}
+
+func (al *AgentLoop) dequeueSteeringMessagesForScope(scope string) []providers.Message {
+ if al.steering == nil {
+ return nil
+ }
+ return al.steering.dequeueScope(scope)
+}
+
+func (al *AgentLoop) dequeueSteeringMessagesForScopeWithFallback(scope string) []providers.Message {
+ if al.steering == nil {
+ return nil
+ }
+ return al.steering.dequeueScopeWithFallback(scope)
+}
+
+func (al *AgentLoop) pendingSteeringCountForScope(scope string) int {
+ if al.steering == nil {
+ return 0
+ }
+ return al.steering.lenScope(scope)
+}
+
+func (al *AgentLoop) continueWithSteeringMessages(
+ ctx context.Context,
+ agent *AgentInstance,
+ sessionKey, channel, chatID string,
+ steeringMsgs []providers.Message,
+) (string, error) {
+ return al.runAgentLoop(ctx, agent, processOptions{
+ SessionKey: sessionKey,
+ Channel: channel,
+ ChatID: chatID,
+ DefaultResponse: defaultResponse,
+ EnableSummary: true,
+ SendResponse: false,
+ InitialSteeringMessages: steeringMsgs,
+ SkipInitialSteeringPoll: true,
+ })
+}
+
+func (al *AgentLoop) agentForSession(sessionKey string) *AgentInstance {
+ registry := al.GetRegistry()
+ if registry == nil {
+ return nil
+ }
+
+ if parsed := routing.ParseAgentSessionKey(sessionKey); parsed != nil {
+ if agent, ok := registry.GetAgent(parsed.AgentID); ok {
+ return agent
+ }
+ }
+
+ return registry.GetDefaultAgent()
+}
+
+// Continue resumes an idle agent by dequeuing any pending steering messages
+// and running them through the agent loop. This is used when the agent's last
+// message was from the assistant (i.e., it has stopped processing) and the
+// user has since enqueued steering messages.
+//
+// If no steering messages are pending, it returns an empty string.
+func (al *AgentLoop) Continue(ctx context.Context, sessionKey, channel, chatID string) (string, error) {
+ if active := al.GetActiveTurn(); active != nil {
+ return "", fmt.Errorf("turn %s is still active", active.TurnID)
+ }
+ if err := al.ensureHooksInitialized(ctx); err != nil {
+ return "", err
+ }
+ if err := al.ensureMCPInitialized(ctx); err != nil {
+ return "", err
+ }
+
+ steeringMsgs := al.dequeueSteeringMessagesForScopeWithFallback(sessionKey)
+ if len(steeringMsgs) == 0 {
+ return "", nil
+ }
+
+ agent := al.agentForSession(sessionKey)
+ if agent == nil {
+ return "", fmt.Errorf("no agent available for session %q", sessionKey)
+ }
+
+ if tool, ok := agent.Tools.Get("message"); ok {
+ if resetter, ok := tool.(interface{ ResetSentInRound() }); ok {
+ resetter.ResetSentInRound()
+ }
+ }
+
+ return al.continueWithSteeringMessages(ctx, agent, sessionKey, channel, chatID, steeringMsgs)
+}
+
+func (al *AgentLoop) InterruptGraceful(hint string) error {
+ ts := al.getAnyActiveTurnState()
+ if ts == nil {
+ return fmt.Errorf("no active turn")
+ }
+ if !ts.requestGracefulInterrupt(hint) {
+ return fmt.Errorf("turn %s cannot accept graceful interrupt", ts.turnID)
+ }
+
+ al.emitEvent(
+ EventKindInterruptReceived,
+ ts.eventMeta("InterruptGraceful", "turn.interrupt.received"),
+ InterruptReceivedPayload{
+ Kind: InterruptKindGraceful,
+ HintLen: len(hint),
+ },
+ )
+
+ return nil
+}
+
+func (al *AgentLoop) InterruptHard() error {
+ ts := al.getAnyActiveTurnState()
+ if ts == nil {
+ return fmt.Errorf("no active turn")
+ }
+ if !ts.requestHardAbort() {
+ return fmt.Errorf("turn %s is already aborting", ts.turnID)
+ }
+
+ al.emitEvent(
+ EventKindInterruptReceived,
+ ts.eventMeta("InterruptHard", "turn.interrupt.received"),
+ InterruptReceivedPayload{
+ Kind: InterruptKindHard,
+ },
+ )
+
+ return nil
+}
+
+// ====================== SubTurn Result Polling ======================
+
+// dequeuePendingSubTurnResults polls the SubTurn result channel for the given
+// session and returns all available results without blocking.
+// Returns nil if no active turn state exists for this session.
+func (al *AgentLoop) dequeuePendingSubTurnResults(sessionKey string) []*tools.ToolResult {
+ tsInterface, ok := al.activeTurnStates.Load(sessionKey)
+ if !ok {
+ return nil
+ }
+ ts, ok := tsInterface.(*turnState)
+ if !ok {
+ return nil
+ }
+
+ var results []*tools.ToolResult
+ for {
+ select {
+ case result, ok := <-ts.pendingResults:
+ if !ok {
+ return results
+ }
+ if result != nil {
+ results = append(results, result)
+ }
+ default:
+ return results
+ }
+ }
+}
+
+// ====================== Hard Abort ======================
+
+// HardAbort immediately cancels the running agent loop for the given session,
+// cascading the cancellation to all child SubTurns. This is a destructive operation
+// that terminates execution without waiting for graceful cleanup.
+//
+// Use this when the user explicitly requests immediate termination (e.g., "stop now", "abort").
+// For graceful interruption that allows the agent to finish the current tool and summarize,
+// use Steer() instead.
+func (al *AgentLoop) HardAbort(sessionKey string) error {
+ tsInterface, ok := al.activeTurnStates.Load(sessionKey)
+ if !ok {
+ return fmt.Errorf("no active turn state found for session %s", sessionKey)
+ }
+
+ ts, ok := tsInterface.(*turnState)
+ if !ok {
+ return fmt.Errorf("invalid turn state type for session %s", sessionKey)
+ }
+
+ logger.InfoCF("agent", "Hard abort triggered", map[string]any{
+ "session_key": sessionKey,
+ "turn_id": ts.turnID,
+ "depth": ts.depth,
+ "initial_history_length": ts.initialHistoryLength,
+ })
+
+ // IMPORTANT: Trigger cascading cancellation FIRST to stop all child SubTurns
+ // from adding more messages to the session. This prevents race conditions
+ // where rollback happens while children are still writing.
+ // Use isHardAbort=true for hard abort to immediately cancel all children.
+ ts.Finish(true)
+
+ // Roll back session history to the state before the turn started.
+ if ts.session != nil {
+ history := ts.session.GetHistory(sessionKey)
+ if ts.initialHistoryLength < len(history) {
+ ts.session.SetHistory(sessionKey, history[:ts.initialHistoryLength])
+ }
+ }
+
+ return nil
+}
+
+// ====================== Follow-Up Injection ======================
+
+// InjectFollowUp enqueues a message to be automatically processed after the current
+// turn completes. Unlike Steer(), which interrupts the current execution, InjectFollowUp
+// waits for the current turn to finish naturally before processing the message.
+//
+// This is useful for:
+// - Automated workflows that need to chain multiple turns
+// - Background tasks that should run after the main task completes
+// - Scheduled follow-up actions
+//
+// The message will be processed via Continue() when the agent becomes idle.
+func (al *AgentLoop) InjectFollowUp(msg providers.Message) error {
+ // InjectFollowUp uses the same steering queue mechanism as Steer(),
+ // but the semantic difference is in when it's called:
+ // - Steer() is called during active execution to interrupt
+ // - InjectFollowUp() is called when planning future work
+ //
+ // Both end up in the same queue and are processed by Continue()
+ // when the agent is idle.
+ return al.Steer(msg)
+}
+
+// ====================== API Aliases for Design Document Compatibility ======================
+
+// InjectSteering is an alias for Steer() to match the design document naming.
+// It injects a steering message into the currently running agent loop.
+func (al *AgentLoop) InjectSteering(msg providers.Message) error {
+ return al.Steer(msg)
+}
diff --git a/pkg/agent/steering_test.go b/pkg/agent/steering_test.go
new file mode 100644
index 000000000..75ba9861d
--- /dev/null
+++ b/pkg/agent/steering_test.go
@@ -0,0 +1,1591 @@
+package agent
+
+import (
+ "context"
+ "encoding/json"
+ "fmt"
+ "os"
+ "path/filepath"
+ "reflect"
+ "strings"
+ "sync"
+ "testing"
+ "time"
+
+ "github.com/sipeed/picoclaw/pkg/bus"
+ "github.com/sipeed/picoclaw/pkg/config"
+ "github.com/sipeed/picoclaw/pkg/media"
+ "github.com/sipeed/picoclaw/pkg/providers"
+ "github.com/sipeed/picoclaw/pkg/routing"
+ "github.com/sipeed/picoclaw/pkg/tools"
+)
+
+// --- steeringQueue unit tests ---
+
+func TestSteeringQueue_PushDequeue_OneAtATime(t *testing.T) {
+ sq := newSteeringQueue(SteeringOneAtATime)
+
+ sq.push(providers.Message{Role: "user", Content: "msg1"})
+ sq.push(providers.Message{Role: "user", Content: "msg2"})
+ sq.push(providers.Message{Role: "user", Content: "msg3"})
+
+ if sq.len() != 3 {
+ t.Fatalf("expected 3 messages, got %d", sq.len())
+ }
+
+ msgs := sq.dequeue()
+ if len(msgs) != 1 {
+ t.Fatalf("expected 1 message in one-at-a-time mode, got %d", len(msgs))
+ }
+ if msgs[0].Content != "msg1" {
+ t.Fatalf("expected 'msg1', got %q", msgs[0].Content)
+ }
+ if sq.len() != 2 {
+ t.Fatalf("expected 2 remaining, got %d", sq.len())
+ }
+
+ msgs = sq.dequeue()
+ if len(msgs) != 1 || msgs[0].Content != "msg2" {
+ t.Fatalf("expected 'msg2', got %v", msgs)
+ }
+
+ msgs = sq.dequeue()
+ if len(msgs) != 1 || msgs[0].Content != "msg3" {
+ t.Fatalf("expected 'msg3', got %v", msgs)
+ }
+
+ msgs = sq.dequeue()
+ if msgs != nil {
+ t.Fatalf("expected nil from empty queue, got %v", msgs)
+ }
+}
+
+func TestSteeringQueue_PushDequeue_All(t *testing.T) {
+ sq := newSteeringQueue(SteeringAll)
+
+ sq.push(providers.Message{Role: "user", Content: "msg1"})
+ sq.push(providers.Message{Role: "user", Content: "msg2"})
+ sq.push(providers.Message{Role: "user", Content: "msg3"})
+
+ msgs := sq.dequeue()
+ if len(msgs) != 3 {
+ t.Fatalf("expected 3 messages in all mode, got %d", len(msgs))
+ }
+ if msgs[0].Content != "msg1" || msgs[1].Content != "msg2" || msgs[2].Content != "msg3" {
+ t.Fatalf("unexpected messages: %v", msgs)
+ }
+
+ if sq.len() != 0 {
+ t.Fatalf("expected 0 remaining, got %d", sq.len())
+ }
+
+ msgs = sq.dequeue()
+ if msgs != nil {
+ t.Fatalf("expected nil from empty queue, got %v", msgs)
+ }
+}
+
+func TestSteeringQueue_EmptyDequeue(t *testing.T) {
+ sq := newSteeringQueue(SteeringOneAtATime)
+ if msgs := sq.dequeue(); msgs != nil {
+ t.Fatalf("expected nil, got %v", msgs)
+ }
+}
+
+func TestSteeringQueue_SetMode(t *testing.T) {
+ sq := newSteeringQueue(SteeringOneAtATime)
+ if sq.getMode() != SteeringOneAtATime {
+ t.Fatalf("expected one-at-a-time, got %v", sq.getMode())
+ }
+
+ sq.setMode(SteeringAll)
+ if sq.getMode() != SteeringAll {
+ t.Fatalf("expected all, got %v", sq.getMode())
+ }
+
+ // Push two messages and verify all-mode drains them
+ sq.push(providers.Message{Role: "user", Content: "a"})
+ sq.push(providers.Message{Role: "user", Content: "b"})
+
+ msgs := sq.dequeue()
+ if len(msgs) != 2 {
+ t.Fatalf("expected 2 messages after mode switch, got %d", len(msgs))
+ }
+}
+
+func TestSteeringQueue_ConcurrentAccess(t *testing.T) {
+ sq := newSteeringQueue(SteeringOneAtATime)
+
+ var wg sync.WaitGroup
+ const n = MaxQueueSize
+
+ // Push from multiple goroutines
+ for i := 0; i < n; i++ {
+ wg.Add(1)
+ go func(i int) {
+ defer wg.Done()
+ sq.push(providers.Message{Role: "user", Content: fmt.Sprintf("msg%d", i)})
+ }(i)
+ }
+ wg.Wait()
+
+ if sq.len() != n {
+ t.Fatalf("expected %d messages, got %d", n, sq.len())
+ }
+
+ // Drain from multiple goroutines
+ var drained int
+ var mu sync.Mutex
+ for i := 0; i < n; i++ {
+ wg.Add(1)
+ go func() {
+ defer wg.Done()
+ if msgs := sq.dequeue(); len(msgs) > 0 {
+ mu.Lock()
+ drained += len(msgs)
+ mu.Unlock()
+ }
+ }()
+ }
+ wg.Wait()
+
+ if drained != n {
+ t.Fatalf("expected to drain %d messages, got %d", n, drained)
+ }
+}
+
+func TestSteeringQueue_Overflow(t *testing.T) {
+ sq := newSteeringQueue(SteeringOneAtATime)
+
+ // Fill the queue up to its maximum capacity
+ for i := 0; i < MaxQueueSize; i++ {
+ err := sq.push(providers.Message{Role: "user", Content: fmt.Sprintf("msg%d", i)})
+ if err != nil {
+ t.Fatalf("unexpected error pushing message %d: %v", i, err)
+ }
+ }
+
+ // Sanity check: ensure the queue is actually full
+ if sq.len() != MaxQueueSize {
+ t.Fatalf("expected queue length %d, got %d", MaxQueueSize, sq.len())
+ }
+
+ // Attempt to push one more message, which MUST fail
+ err := sq.push(providers.Message{Role: "user", Content: "overflow_msg"})
+
+ // Assert the error happened and is the exact one we expect
+ if err == nil {
+ t.Fatal("expected an error when pushing to a full queue, but got nil")
+ }
+
+ expectedErr := "steering queue is full"
+ if err.Error() != expectedErr {
+ t.Errorf("expected error message %q, got %q", expectedErr, err.Error())
+ }
+}
+
+func TestParseSteeringMode(t *testing.T) {
+ tests := []struct {
+ input string
+ expected SteeringMode
+ }{
+ {"", SteeringOneAtATime},
+ {"one-at-a-time", SteeringOneAtATime},
+ {"all", SteeringAll},
+ {"unknown", SteeringOneAtATime},
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.input, func(t *testing.T) {
+ if got := parseSteeringMode(tt.input); got != tt.expected {
+ t.Fatalf("parseSteeringMode(%q) = %v, want %v", tt.input, got, tt.expected)
+ }
+ })
+ }
+}
+
+// --- AgentLoop steering integration tests ---
+
+func TestAgentLoop_Steer_Enqueues(t *testing.T) {
+ al, cfg, msgBus, provider, cleanup := newTestAgentLoop(t)
+ defer cleanup()
+
+ if cfg == nil {
+ t.Fatal("expected config to be initialized")
+ }
+ if msgBus == nil {
+ t.Fatal("expected message bus to be initialized")
+ }
+ if provider == nil {
+ t.Fatal("expected provider to be initialized")
+ }
+
+ al.Steer(providers.Message{Role: "user", Content: "interrupt me"})
+
+ if al.steering.len() != 1 {
+ t.Fatalf("expected 1 steering message, got %d", al.steering.len())
+ }
+
+ msgs := al.dequeueSteeringMessages()
+ if len(msgs) != 1 || msgs[0].Content != "interrupt me" {
+ t.Fatalf("unexpected dequeued message: %v", msgs)
+ }
+}
+
+func TestAgentLoop_SteeringMode_GetSet(t *testing.T) {
+ al, cfg, msgBus, provider, cleanup := newTestAgentLoop(t)
+ defer cleanup()
+
+ if cfg == nil {
+ t.Fatal("expected config to be initialized")
+ }
+ if msgBus == nil {
+ t.Fatal("expected message bus to be initialized")
+ }
+ if provider == nil {
+ t.Fatal("expected provider to be initialized")
+ }
+
+ if al.SteeringMode() != SteeringOneAtATime {
+ t.Fatalf("expected default mode one-at-a-time, got %v", al.SteeringMode())
+ }
+
+ al.SetSteeringMode(SteeringAll)
+ if al.SteeringMode() != SteeringAll {
+ t.Fatalf("expected all mode, got %v", al.SteeringMode())
+ }
+}
+
+func TestAgentLoop_SteeringMode_ConfiguredFromConfig(t *testing.T) {
+ tmpDir, err := os.MkdirTemp("", "agent-test-*")
+ if err != nil {
+ t.Fatalf("Failed to create temp dir: %v", err)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ SteeringMode: "all",
+ },
+ },
+ }
+
+ msgBus := bus.NewMessageBus()
+ provider := &mockProvider{}
+ al := NewAgentLoop(cfg, msgBus, provider)
+
+ if al.SteeringMode() != SteeringAll {
+ t.Fatalf("expected 'all' mode from config, got %v", al.SteeringMode())
+ }
+}
+
+func TestAgentLoop_Continue_NoMessages(t *testing.T) {
+ al, cfg, msgBus, provider, cleanup := newTestAgentLoop(t)
+ defer cleanup()
+
+ if cfg == nil {
+ t.Fatal("expected config to be initialized")
+ }
+ if msgBus == nil {
+ t.Fatal("expected message bus to be initialized")
+ }
+ if provider == nil {
+ t.Fatal("expected provider to be initialized")
+ }
+
+ resp, err := al.Continue(context.Background(), "test-session", "test", "chat1")
+ if err != nil {
+ t.Fatalf("unexpected error: %v", err)
+ }
+ if resp != "" {
+ t.Fatalf("expected empty response for no steering messages, got %q", resp)
+ }
+}
+
+func TestAgentLoop_Continue_WithMessages(t *testing.T) {
+ tmpDir, err := os.MkdirTemp("", "agent-test-*")
+ if err != nil {
+ t.Fatalf("Failed to create temp dir: %v", err)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ }
+
+ msgBus := bus.NewMessageBus()
+ provider := &simpleMockProvider{response: "continued response"}
+ al := NewAgentLoop(cfg, msgBus, provider)
+
+ al.Steer(providers.Message{Role: "user", Content: "new direction"})
+
+ resp, err := al.Continue(context.Background(), "test-session", "test", "chat1")
+ if err != nil {
+ t.Fatalf("unexpected error: %v", err)
+ }
+ if resp != "continued response" {
+ t.Fatalf("expected 'continued response', got %q", resp)
+ }
+}
+
+func TestDrainBusToSteering_RequeuesDifferentScopeMessage(t *testing.T) {
+ tmpDir, err := os.MkdirTemp("", "agent-test-*")
+ if err != nil {
+ t.Fatalf("Failed to create temp dir: %v", err)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ Session: config.SessionConfig{
+ DMScope: "per-peer",
+ },
+ }
+
+ msgBus := bus.NewMessageBus()
+ al := NewAgentLoop(cfg, msgBus, &mockProvider{})
+
+ activeMsg := bus.InboundMessage{
+ Channel: "telegram",
+ SenderID: "user1",
+ ChatID: "chat1",
+ Content: "active turn",
+ Peer: bus.Peer{
+ Kind: "direct",
+ ID: "user1",
+ },
+ }
+ activeScope, activeAgentID, ok := al.resolveSteeringTarget(activeMsg)
+ if !ok {
+ t.Fatal("expected active message to resolve to a steering scope")
+ }
+
+ otherMsg := bus.InboundMessage{
+ Channel: "telegram",
+ SenderID: "user2",
+ ChatID: "chat2",
+ Content: "other session",
+ Peer: bus.Peer{
+ Kind: "direct",
+ ID: "user2",
+ },
+ }
+ otherScope, _, ok := al.resolveSteeringTarget(otherMsg)
+ if !ok {
+ t.Fatal("expected other message to resolve to a steering scope")
+ }
+ if otherScope == activeScope {
+ t.Fatalf("expected different steering scopes, got same scope %q", activeScope)
+ }
+
+ if err := msgBus.PublishInbound(context.Background(), otherMsg); err != nil {
+ t.Fatalf("PublishInbound failed: %v", err)
+ }
+
+ ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+ defer cancel()
+
+ done := make(chan struct{})
+ go func() {
+ al.drainBusToSteering(ctx, activeScope, activeAgentID)
+ close(done)
+ }()
+
+ select {
+ case <-done:
+ case <-time.After(2 * time.Second):
+ t.Fatal("timeout waiting for drainBusToSteering to stop")
+ }
+
+ if msgs := al.dequeueSteeringMessagesForScope(activeScope); len(msgs) != 0 {
+ t.Fatalf("expected no steering messages for active scope, got %v", msgs)
+ }
+
+ select {
+ case <-ctx.Done():
+ t.Fatalf("timeout waiting for requeued message on outbound bus")
+ case requeued := <-msgBus.OutboundChan():
+ if requeued.Channel != otherMsg.Channel || requeued.ChatID != otherMsg.ChatID ||
+ requeued.Content != otherMsg.Content {
+ t.Fatalf("requeued message mismatch: got %+v want %+v", requeued, otherMsg)
+ }
+ }
+}
+
+// slowTool simulates a tool that takes some time to execute.
+type slowTool struct {
+ name string
+ duration time.Duration
+ execCh chan struct{} // closed when Execute starts
+}
+
+func (t *slowTool) Name() string { return t.name }
+func (t *slowTool) Description() string { return "slow tool for testing" }
+func (t *slowTool) Parameters() map[string]any {
+ return map[string]any{
+ "type": "object",
+ "properties": map[string]any{},
+ }
+}
+
+func (t *slowTool) Execute(ctx context.Context, args map[string]any) *tools.ToolResult {
+ if t.execCh != nil {
+ close(t.execCh)
+ }
+ time.Sleep(t.duration)
+ return tools.SilentResult(fmt.Sprintf("executed %s", t.name))
+}
+
+// toolCallProvider returns an LLM response with tool calls on the first call,
+// then a direct response on subsequent calls.
+type toolCallProvider struct {
+ mu sync.Mutex
+ calls int
+ toolCalls []providers.ToolCall
+ finalResp string
+}
+
+func (m *toolCallProvider) Chat(
+ ctx context.Context,
+ messages []providers.Message,
+ tools []providers.ToolDefinition,
+ model string,
+ opts map[string]any,
+) (*providers.LLMResponse, error) {
+ m.mu.Lock()
+ defer m.mu.Unlock()
+ m.calls++
+
+ if m.calls == 1 && len(m.toolCalls) > 0 {
+ return &providers.LLMResponse{
+ Content: "",
+ ToolCalls: m.toolCalls,
+ }, nil
+ }
+
+ return &providers.LLMResponse{
+ Content: m.finalResp,
+ ToolCalls: []providers.ToolCall{},
+ }, nil
+}
+
+func (m *toolCallProvider) GetDefaultModel() string {
+ return "tool-call-mock"
+}
+
+type gracefulCaptureProvider struct {
+ mu sync.Mutex
+ calls int
+ toolCalls []providers.ToolCall
+ finalResp string
+ terminalMessages []providers.Message
+ terminalToolsCount int
+}
+
+func (p *gracefulCaptureProvider) Chat(
+ ctx context.Context,
+ messages []providers.Message,
+ tools []providers.ToolDefinition,
+ model string,
+ opts map[string]any,
+) (*providers.LLMResponse, error) {
+ p.mu.Lock()
+ defer p.mu.Unlock()
+ p.calls++
+
+ if p.calls == 1 {
+ return &providers.LLMResponse{
+ ToolCalls: p.toolCalls,
+ }, nil
+ }
+
+ p.terminalMessages = append([]providers.Message(nil), messages...)
+ p.terminalToolsCount = len(tools)
+ return &providers.LLMResponse{
+ Content: p.finalResp,
+ }, nil
+}
+
+func (p *gracefulCaptureProvider) GetDefaultModel() string {
+ return "graceful-capture-mock"
+}
+
+type lateSteeringProvider struct {
+ mu sync.Mutex
+ calls int
+ firstCallStarted chan struct{}
+ releaseFirstCall chan struct{}
+ firstStartOnce sync.Once
+ secondCallMessages []providers.Message
+}
+
+func (p *lateSteeringProvider) Chat(
+ ctx context.Context,
+ messages []providers.Message,
+ tools []providers.ToolDefinition,
+ model string,
+ opts map[string]any,
+) (*providers.LLMResponse, error) {
+ p.mu.Lock()
+ p.calls++
+ call := p.calls
+ p.mu.Unlock()
+
+ if call == 1 {
+ p.firstStartOnce.Do(func() { close(p.firstCallStarted) })
+ <-p.releaseFirstCall
+ return &providers.LLMResponse{Content: "first response"}, nil
+ }
+
+ p.mu.Lock()
+ p.secondCallMessages = append([]providers.Message(nil), messages...)
+ p.mu.Unlock()
+ return &providers.LLMResponse{Content: "continued response"}, nil
+}
+
+func (p *lateSteeringProvider) GetDefaultModel() string {
+ return "late-steering-mock"
+}
+
+type blockingDirectProvider struct {
+ mu sync.Mutex
+ calls int
+ firstStarted chan struct{}
+ releaseFirst chan struct{}
+ firstResp string
+ finalResp string
+}
+
+func (p *blockingDirectProvider) Chat(
+ ctx context.Context,
+ messages []providers.Message,
+ tools []providers.ToolDefinition,
+ model string,
+ opts map[string]any,
+) (*providers.LLMResponse, error) {
+ p.mu.Lock()
+ p.calls++
+ call := p.calls
+ firstStarted := p.firstStarted
+ releaseFirst := p.releaseFirst
+ firstResp := p.firstResp
+ finalResp := p.finalResp
+ if call == 1 && p.firstStarted != nil {
+ close(p.firstStarted)
+ p.firstStarted = nil
+ }
+ p.mu.Unlock()
+
+ if call == 1 {
+ select {
+ case <-releaseFirst:
+ case <-ctx.Done():
+ return nil, ctx.Err()
+ }
+ return &providers.LLMResponse{Content: firstResp}, nil
+ }
+
+ _ = firstStarted
+ return &providers.LLMResponse{Content: finalResp}, nil
+}
+
+func (p *blockingDirectProvider) GetDefaultModel() string {
+ return "blocking-direct-mock"
+}
+
+type interruptibleTool struct {
+ name string
+ started chan struct{}
+ once sync.Once
+}
+
+func (t *interruptibleTool) Name() string { return t.name }
+func (t *interruptibleTool) Description() string { return "interruptible tool for testing" }
+func (t *interruptibleTool) Parameters() map[string]any {
+ return map[string]any{
+ "type": "object",
+ "properties": map[string]any{},
+ }
+}
+
+func (t *interruptibleTool) Execute(ctx context.Context, args map[string]any) *tools.ToolResult {
+ if t.started != nil {
+ t.once.Do(func() { close(t.started) })
+ }
+ <-ctx.Done()
+ return tools.ErrorResult(ctx.Err().Error()).WithError(ctx.Err())
+}
+
+func TestAgentLoop_Steering_SkipsRemainingTools(t *testing.T) {
+ tmpDir, err := os.MkdirTemp("", "agent-test-*")
+ if err != nil {
+ t.Fatalf("Failed to create temp dir: %v", err)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ }
+
+ tool1ExecCh := make(chan struct{})
+ tool1 := &slowTool{name: "tool_one", duration: 50 * time.Millisecond, execCh: tool1ExecCh}
+ tool2 := &slowTool{name: "tool_two", duration: 50 * time.Millisecond}
+
+ provider := &toolCallProvider{
+ toolCalls: []providers.ToolCall{
+ {
+ ID: "call_1",
+ Type: "function",
+ Name: "tool_one",
+ Function: &providers.FunctionCall{
+ Name: "tool_one",
+ Arguments: "{}",
+ },
+ Arguments: map[string]any{},
+ },
+ {
+ ID: "call_2",
+ Type: "function",
+ Name: "tool_two",
+ Function: &providers.FunctionCall{
+ Name: "tool_two",
+ Arguments: "{}",
+ },
+ Arguments: map[string]any{},
+ },
+ },
+ finalResp: "steered response",
+ }
+
+ msgBus := bus.NewMessageBus()
+ al := NewAgentLoop(cfg, msgBus, provider)
+ al.RegisterTool(tool1)
+ al.RegisterTool(tool2)
+
+ // Start processing in a goroutine
+ type result struct {
+ resp string
+ err error
+ }
+ resultCh := make(chan result, 1)
+
+ go func() {
+ resp, err := al.ProcessDirectWithChannel(
+ context.Background(),
+ "do something",
+ "test-session",
+ "test",
+ "chat1",
+ )
+ resultCh <- result{resp, err}
+ }()
+
+ // Wait for tool_one to start executing, then enqueue a steering message
+ select {
+ case <-tool1ExecCh:
+ // tool_one has started executing
+ case <-time.After(2 * time.Second):
+ t.Fatal("timeout waiting for tool_one to start")
+ }
+
+ al.Steer(providers.Message{Role: "user", Content: "change course"})
+
+ // Get the result
+ select {
+ case r := <-resultCh:
+ if r.err != nil {
+ t.Fatalf("unexpected error: %v", r.err)
+ }
+ if r.resp != "steered response" {
+ t.Fatalf("expected 'steered response', got %q", r.resp)
+ }
+ case <-time.After(5 * time.Second):
+ t.Fatal("timeout waiting for agent loop to complete")
+ }
+
+ // The provider should have been called twice:
+ // 1. first call returned tool calls
+ // 2. second call (after steering) returned the final response
+ provider.mu.Lock()
+ calls := provider.calls
+ provider.mu.Unlock()
+ if calls != 2 {
+ t.Fatalf("expected 2 provider calls, got %d", calls)
+ }
+}
+
+func TestAgentLoop_Steering_InitialPoll(t *testing.T) {
+ tmpDir, err := os.MkdirTemp("", "agent-test-*")
+ if err != nil {
+ t.Fatalf("Failed to create temp dir: %v", err)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ }
+
+ // Provider that captures messages it receives
+ var capturedMessages []providers.Message
+ var capMu sync.Mutex
+ provider := &capturingMockProvider{
+ response: "ack",
+ captureFn: func(msgs []providers.Message) {
+ capMu.Lock()
+ capturedMessages = make([]providers.Message, len(msgs))
+ copy(capturedMessages, msgs)
+ capMu.Unlock()
+ },
+ }
+
+ msgBus := bus.NewMessageBus()
+ al := NewAgentLoop(cfg, msgBus, provider)
+
+ // Enqueue a steering message before processing starts
+ al.Steer(providers.Message{Role: "user", Content: "pre-enqueued steering"})
+
+ // Process a normal message - the initial steering poll should inject the steering message
+ _, err = al.ProcessDirectWithChannel(
+ context.Background(),
+ "initial message",
+ "test-session",
+ "test",
+ "chat1",
+ )
+ if err != nil {
+ t.Fatalf("unexpected error: %v", err)
+ }
+
+ // The steering message should have been injected into the conversation
+ capMu.Lock()
+ msgs := capturedMessages
+ capMu.Unlock()
+
+ // Look for the steering message in the captured messages
+ found := false
+ for _, m := range msgs {
+ if m.Content == "pre-enqueued steering" {
+ found = true
+ break
+ }
+ }
+ if !found {
+ t.Fatal("expected steering message to be injected into conversation context")
+ }
+}
+
+func TestAgentLoop_Run_AutoContinuesLateSteeringMessage(t *testing.T) {
+ tmpDir, err := os.MkdirTemp("", "agent-test-*")
+ if err != nil {
+ t.Fatalf("Failed to create temp dir: %v", err)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ }
+
+ msgBus := bus.NewMessageBus()
+ provider := &lateSteeringProvider{
+ firstCallStarted: make(chan struct{}),
+ releaseFirstCall: make(chan struct{}),
+ }
+ al := NewAgentLoop(cfg, msgBus, provider)
+
+ runCtx, cancelRun := context.WithCancel(context.Background())
+ defer cancelRun()
+
+ runErrCh := make(chan error, 1)
+ go func() {
+ runErrCh <- al.Run(runCtx)
+ }()
+
+ first := bus.InboundMessage{
+ Channel: "test",
+ SenderID: "user1",
+ ChatID: "chat1",
+ Content: "first message",
+ Peer: bus.Peer{
+ Kind: "direct",
+ ID: "user1",
+ },
+ }
+ late := bus.InboundMessage{
+ Channel: "test",
+ SenderID: "user1",
+ ChatID: "chat1",
+ Content: "late append",
+ Peer: bus.Peer{
+ Kind: "direct",
+ ID: "user1",
+ },
+ }
+
+ pubCtx, pubCancel := context.WithTimeout(context.Background(), 2*time.Second)
+ defer pubCancel()
+ if err := msgBus.PublishInbound(pubCtx, first); err != nil {
+ t.Fatalf("publish first inbound: %v", err)
+ }
+
+ select {
+ case <-provider.firstCallStarted:
+ case <-time.After(2 * time.Second):
+ t.Fatal("timeout waiting for first provider call to start")
+ }
+
+ if err := msgBus.PublishInbound(pubCtx, late); err != nil {
+ t.Fatalf("publish late inbound: %v", err)
+ }
+
+ close(provider.releaseFirstCall)
+
+ subCtx, subCancel := context.WithTimeout(context.Background(), 5*time.Second)
+ defer subCancel()
+
+ var out1 bus.OutboundMessage
+ select {
+ case out1 = <-msgBus.OutboundChan():
+ case <-subCtx.Done():
+ t.Fatal("expected outbound response")
+ }
+ if out1.Content != "continued response" {
+ t.Fatalf("expected continued response, got %q", out1.Content)
+ }
+
+ noExtraCtx, cancelNoExtra := context.WithTimeout(context.Background(), 200*time.Millisecond)
+ defer cancelNoExtra()
+ select {
+ case out2 := <-msgBus.OutboundChan():
+ t.Fatalf("expected stale direct response to be suppressed, got extra outbound %q", out2.Content)
+ case <-noExtraCtx.Done():
+ }
+
+ cancelRun()
+ select {
+ case err := <-runErrCh:
+ if err != nil {
+ t.Fatalf("Run returned error: %v", err)
+ }
+ case <-time.After(2 * time.Second):
+ t.Fatal("timeout waiting for Run to stop")
+ }
+
+ provider.mu.Lock()
+ calls := provider.calls
+ secondMessages := append([]providers.Message(nil), provider.secondCallMessages...)
+ provider.mu.Unlock()
+
+ if calls != 2 {
+ t.Fatalf("expected 2 provider calls, got %d", calls)
+ }
+
+ foundLateMessage := false
+ for _, msg := range secondMessages {
+ if msg.Role == "user" && msg.Content == "late append" {
+ foundLateMessage = true
+ break
+ }
+ }
+ if !foundLateMessage {
+ t.Fatal("expected queued late message to be processed in an automatic follow-up turn")
+ }
+}
+
+func TestAgentLoop_Steering_DirectResponseContinuesWithQueuedMessage(t *testing.T) {
+ tmpDir, err := os.MkdirTemp("", "agent-test-*")
+ if err != nil {
+ t.Fatalf("Failed to create temp dir: %v", err)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ }
+
+ sessionKey := routing.BuildAgentMainSessionKey(routing.DefaultAgentID)
+ provider := &blockingDirectProvider{
+ firstStarted: make(chan struct{}),
+ releaseFirst: make(chan struct{}),
+ firstResp: "stale direct response",
+ finalResp: "fresh response after steering",
+ }
+
+ msgBus := bus.NewMessageBus()
+ al := NewAgentLoop(cfg, msgBus, provider)
+
+ resultCh := make(chan struct {
+ resp string
+ err error
+ }, 1)
+ go func() {
+ resp, err := al.ProcessDirectWithChannel(
+ context.Background(),
+ "initial request",
+ sessionKey,
+ "test",
+ "chat1",
+ )
+ resultCh <- struct {
+ resp string
+ err error
+ }{resp: resp, err: err}
+ }()
+
+ select {
+ case <-provider.firstStarted:
+ case <-time.After(2 * time.Second):
+ t.Fatal("timeout waiting for first LLM call to start")
+ }
+
+ if err := al.Steer(providers.Message{Role: "user", Content: "follow-up instruction"}); err != nil {
+ t.Fatalf("Steer failed: %v", err)
+ }
+ close(provider.releaseFirst)
+
+ select {
+ case result := <-resultCh:
+ if result.err != nil {
+ t.Fatalf("unexpected error: %v", result.err)
+ }
+ if result.resp != "fresh response after steering" {
+ t.Fatalf("expected refreshed response, got %q", result.resp)
+ }
+ case <-time.After(5 * time.Second):
+ t.Fatal("timeout waiting for ProcessDirectWithChannel")
+ }
+
+ provider.mu.Lock()
+ calls := provider.calls
+ provider.mu.Unlock()
+ if calls != 2 {
+ t.Fatalf("expected 2 provider calls, got %d", calls)
+ }
+
+ if msgs := al.dequeueSteeringMessagesForScope(sessionKey); len(msgs) != 0 {
+ t.Fatalf("expected steering queue to be empty after continuation, got %v", msgs)
+ }
+}
+
+func TestAgentLoop_Continue_PreservesSteeringMedia(t *testing.T) {
+ tmpDir, err := os.MkdirTemp("", "agent-test-*")
+ if err != nil {
+ t.Fatalf("Failed to create temp dir: %v", err)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ }
+
+ store := media.NewFileMediaStore()
+ pngPath := filepath.Join(tmpDir, "steer.png")
+ pngHeader := []byte{
+ 0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A,
+ 0x00, 0x00, 0x00, 0x0D,
+ 0x49, 0x48, 0x44, 0x52,
+ 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x08, 0x02,
+ 0x00, 0x00, 0x00,
+ 0x90, 0x77, 0x53, 0xDE,
+ }
+ if err = os.WriteFile(pngPath, pngHeader, 0o644); err != nil {
+ t.Fatalf("WriteFile failed: %v", err)
+ }
+ ref, err := store.Store(pngPath, media.MediaMeta{Filename: "steer.png", ContentType: "image/png"}, "test")
+ if err != nil {
+ t.Fatalf("Store failed: %v", err)
+ }
+
+ var capturedMessages []providers.Message
+ var capMu sync.Mutex
+ provider := &capturingMockProvider{
+ response: "ack",
+ captureFn: func(msgs []providers.Message) {
+ capMu.Lock()
+ defer capMu.Unlock()
+ capturedMessages = append([]providers.Message(nil), msgs...)
+ },
+ }
+
+ sessionKey := routing.BuildAgentMainSessionKey(routing.DefaultAgentID)
+ msgBus := bus.NewMessageBus()
+ al := NewAgentLoop(cfg, msgBus, provider)
+ al.SetMediaStore(store)
+
+ if err = al.Steer(providers.Message{
+ Role: "user",
+ Content: "describe this image",
+ Media: []string{ref},
+ }); err != nil {
+ t.Fatalf("Steer failed: %v", err)
+ }
+
+ resp, err := al.Continue(context.Background(), sessionKey, "test", "chat1")
+ if err != nil {
+ t.Fatalf("Continue failed: %v", err)
+ }
+ if resp != "ack" {
+ t.Fatalf("expected ack, got %q", resp)
+ }
+
+ capMu.Lock()
+ msgs := append([]providers.Message(nil), capturedMessages...)
+ capMu.Unlock()
+
+ foundResolvedMedia := false
+ for _, msg := range msgs {
+ if msg.Role != "user" || msg.Content != "describe this image" || len(msg.Media) != 1 {
+ continue
+ }
+ if strings.HasPrefix(msg.Media[0], "data:image/png;base64,") {
+ foundResolvedMedia = true
+ break
+ }
+ }
+ if !foundResolvedMedia {
+ t.Fatal("expected continue path to inject steering media into the provider request")
+ }
+
+ defaultAgent := al.registry.GetDefaultAgent()
+ if defaultAgent == nil {
+ t.Fatal("expected default agent")
+ }
+ history := defaultAgent.Sessions.GetHistory(sessionKey)
+ foundOriginalRef := false
+ for _, msg := range history {
+ if msg.Role == "user" && len(msg.Media) == 1 && msg.Media[0] == ref {
+ foundOriginalRef = true
+ break
+ }
+ }
+ if !foundOriginalRef {
+ t.Fatal("expected original steering media ref to be preserved in session history")
+ }
+}
+
+func TestAgentLoop_InterruptGraceful_UsesTerminalNoToolCall(t *testing.T) {
+ tmpDir, err := os.MkdirTemp("", "agent-test-*")
+ if err != nil {
+ t.Fatalf("Failed to create temp dir: %v", err)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ }
+
+ tool1ExecCh := make(chan struct{})
+ tool1 := &slowTool{name: "tool_one", duration: 50 * time.Millisecond, execCh: tool1ExecCh}
+ tool2 := &slowTool{name: "tool_two", duration: 50 * time.Millisecond}
+
+ provider := &gracefulCaptureProvider{
+ toolCalls: []providers.ToolCall{
+ {
+ ID: "call_1",
+ Type: "function",
+ Name: "tool_one",
+ Function: &providers.FunctionCall{
+ Name: "tool_one",
+ Arguments: "{}",
+ },
+ Arguments: map[string]any{},
+ },
+ {
+ ID: "call_2",
+ Type: "function",
+ Name: "tool_two",
+ Function: &providers.FunctionCall{
+ Name: "tool_two",
+ Arguments: "{}",
+ },
+ Arguments: map[string]any{},
+ },
+ },
+ finalResp: "graceful summary",
+ }
+
+ msgBus := bus.NewMessageBus()
+ al := NewAgentLoop(cfg, msgBus, provider)
+ al.RegisterTool(tool1)
+ al.RegisterTool(tool2)
+ sessionKey := routing.BuildAgentMainSessionKey(routing.DefaultAgentID)
+
+ sub := al.SubscribeEvents(32)
+ defer al.UnsubscribeEvents(sub.ID)
+
+ type result struct {
+ resp string
+ err error
+ }
+ resultCh := make(chan result, 1)
+ go func() {
+ resp, err := al.ProcessDirectWithChannel(
+ context.Background(),
+ "do something",
+ sessionKey,
+ "test",
+ "chat1",
+ )
+ resultCh <- result{resp: resp, err: err}
+ }()
+
+ select {
+ case <-tool1ExecCh:
+ case <-time.After(2 * time.Second):
+ t.Fatal("timeout waiting for tool_one to start")
+ }
+
+ active := al.GetActiveTurn()
+ if active == nil {
+ t.Fatal("expected active turn while tool is running")
+ }
+ if active.SessionKey != sessionKey {
+ t.Fatalf("expected active session %q, got %q", sessionKey, active.SessionKey)
+ }
+ if active.Channel != "test" || active.ChatID != "chat1" {
+ t.Fatalf("unexpected active turn target: %#v", active)
+ }
+
+ if err := al.InterruptGraceful("wrap it up"); err != nil {
+ t.Fatalf("InterruptGraceful failed: %v", err)
+ }
+
+ select {
+ case r := <-resultCh:
+ if r.err != nil {
+ t.Fatalf("unexpected error: %v", r.err)
+ }
+ if r.resp != "graceful summary" {
+ t.Fatalf("expected graceful summary, got %q", r.resp)
+ }
+ case <-time.After(5 * time.Second):
+ t.Fatal("timeout waiting for graceful interrupt result")
+ }
+
+ if active := al.GetActiveTurn(); active != nil {
+ t.Fatalf("expected no active turn after completion, got %#v", active)
+ }
+
+ provider.mu.Lock()
+ terminalMessages := append([]providers.Message(nil), provider.terminalMessages...)
+ terminalToolsCount := provider.terminalToolsCount
+ calls := provider.calls
+ provider.mu.Unlock()
+
+ if calls != 2 {
+ t.Fatalf("expected 2 provider calls, got %d", calls)
+ }
+ if terminalToolsCount != 0 {
+ t.Fatalf("expected graceful terminal call to disable tools, got %d tool defs", terminalToolsCount)
+ }
+
+ foundHint := false
+ foundSkipped := false
+ expectedHint := "Interrupt requested. Stop scheduling tools and provide a short final summary.\n\n" +
+ "Interrupt hint: wrap it up"
+ for _, msg := range terminalMessages {
+ if msg.Role == "user" && msg.Content == expectedHint {
+ foundHint = true
+ }
+ if msg.Role == "tool" && msg.ToolCallID == "call_2" && msg.Content == "Skipped due to graceful interrupt." {
+ foundSkipped = true
+ }
+ }
+ if !foundHint {
+ t.Fatal("expected graceful terminal call to include interrupt hint message")
+ }
+ if !foundSkipped {
+ t.Fatal("expected remaining tool to be marked as skipped after graceful interrupt")
+ }
+
+ events := collectEventStream(sub.C)
+ interruptEvt, ok := findEvent(events, EventKindInterruptReceived)
+ if !ok {
+ t.Fatal("expected interrupt received event")
+ }
+ interruptPayload, ok := interruptEvt.Payload.(InterruptReceivedPayload)
+ if !ok {
+ t.Fatalf("expected InterruptReceivedPayload, got %T", interruptEvt.Payload)
+ }
+ if interruptPayload.Kind != InterruptKindGraceful {
+ t.Fatalf("expected graceful interrupt payload, got %q", interruptPayload.Kind)
+ }
+
+ turnEndEvt, ok := findEvent(events, EventKindTurnEnd)
+ if !ok {
+ t.Fatal("expected turn end event")
+ }
+ turnEndPayload, ok := turnEndEvt.Payload.(TurnEndPayload)
+ if !ok {
+ t.Fatalf("expected TurnEndPayload, got %T", turnEndEvt.Payload)
+ }
+ if turnEndPayload.Status != TurnEndStatusCompleted {
+ t.Fatalf("expected completed turn after graceful interrupt, got %q", turnEndPayload.Status)
+ }
+}
+
+func TestAgentLoop_InterruptHard_RestoresSession(t *testing.T) {
+ tmpDir, err := os.MkdirTemp("", "agent-test-*")
+ if err != nil {
+ t.Fatalf("Failed to create temp dir: %v", err)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ }
+
+ msgBus := bus.NewMessageBus()
+ provider := &toolCallProvider{
+ toolCalls: []providers.ToolCall{
+ {
+ ID: "call_1",
+ Type: "function",
+ Name: "cancel_tool",
+ Function: &providers.FunctionCall{
+ Name: "cancel_tool",
+ Arguments: "{}",
+ },
+ Arguments: map[string]any{},
+ },
+ },
+ finalResp: "should not happen",
+ }
+
+ al := NewAgentLoop(cfg, msgBus, provider)
+ started := make(chan struct{})
+ al.RegisterTool(&interruptibleTool{name: "cancel_tool", started: started})
+ sessionKey := routing.BuildAgentMainSessionKey(routing.DefaultAgentID)
+
+ defaultAgent := al.registry.GetDefaultAgent()
+ if defaultAgent == nil {
+ t.Fatal("expected default agent")
+ }
+
+ originalHistory := []providers.Message{
+ {Role: "user", Content: "before"},
+ {Role: "assistant", Content: "after"},
+ }
+ defaultAgent.Sessions.SetHistory(sessionKey, originalHistory)
+
+ sub := al.SubscribeEvents(16)
+ defer al.UnsubscribeEvents(sub.ID)
+
+ type result struct {
+ resp string
+ err error
+ }
+ resultCh := make(chan result, 1)
+ go func() {
+ resp, err := al.ProcessDirectWithChannel(
+ context.Background(),
+ "do work",
+ sessionKey,
+ "test",
+ "chat1",
+ )
+ resultCh <- result{resp: resp, err: err}
+ }()
+
+ select {
+ case <-started:
+ case <-time.After(2 * time.Second):
+ t.Fatal("timeout waiting for interruptible tool to start")
+ }
+
+ if active := al.GetActiveTurn(); active == nil {
+ t.Fatal("expected active turn before hard abort")
+ }
+
+ if err := al.InterruptHard(); err != nil {
+ t.Fatalf("InterruptHard failed: %v", err)
+ }
+
+ select {
+ case r := <-resultCh:
+ if r.err != nil {
+ t.Fatalf("unexpected error: %v", r.err)
+ }
+ if r.resp != "" {
+ t.Fatalf("expected no final response after hard abort, got %q", r.resp)
+ }
+ case <-time.After(5 * time.Second):
+ t.Fatal("timeout waiting for hard abort result")
+ }
+
+ if active := al.GetActiveTurn(); active != nil {
+ t.Fatalf("expected no active turn after hard abort, got %#v", active)
+ }
+
+ finalHistory := defaultAgent.Sessions.GetHistory(sessionKey)
+ if !reflect.DeepEqual(finalHistory, originalHistory) {
+ t.Fatalf("expected history rollback after hard abort, got %#v", finalHistory)
+ }
+
+ events := collectEventStream(sub.C)
+ interruptEvt, ok := findEvent(events, EventKindInterruptReceived)
+ if !ok {
+ t.Fatal("expected interrupt received event")
+ }
+ interruptPayload, ok := interruptEvt.Payload.(InterruptReceivedPayload)
+ if !ok {
+ t.Fatalf("expected InterruptReceivedPayload, got %T", interruptEvt.Payload)
+ }
+ if interruptPayload.Kind != InterruptKindHard {
+ t.Fatalf("expected hard interrupt payload, got %q", interruptPayload.Kind)
+ }
+
+ turnEndEvt, ok := findEvent(events, EventKindTurnEnd)
+ if !ok {
+ t.Fatal("expected turn end event")
+ }
+ turnEndPayload, ok := turnEndEvt.Payload.(TurnEndPayload)
+ if !ok {
+ t.Fatalf("expected TurnEndPayload, got %T", turnEndEvt.Payload)
+ }
+ if turnEndPayload.Status != TurnEndStatusAborted {
+ t.Fatalf("expected aborted turn, got %q", turnEndPayload.Status)
+ }
+}
+
+// capturingMockProvider captures messages sent to Chat for inspection.
+type capturingMockProvider struct {
+ response string
+ calls int
+ captureFn func([]providers.Message)
+}
+
+func (m *capturingMockProvider) Chat(
+ ctx context.Context,
+ messages []providers.Message,
+ tools []providers.ToolDefinition,
+ model string,
+ opts map[string]any,
+) (*providers.LLMResponse, error) {
+ m.calls++
+ if m.captureFn != nil {
+ m.captureFn(messages)
+ }
+ return &providers.LLMResponse{
+ Content: m.response,
+ ToolCalls: []providers.ToolCall{},
+ }, nil
+}
+
+func (m *capturingMockProvider) GetDefaultModel() string {
+ return "capturing-mock"
+}
+
+func TestAgentLoop_Steering_SkippedToolsHaveErrorResults(t *testing.T) {
+ tmpDir, err := os.MkdirTemp("", "agent-test-*")
+ if err != nil {
+ t.Fatalf("Failed to create temp dir: %v", err)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: tmpDir,
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ }
+
+ execCh := make(chan struct{})
+ tool1 := &slowTool{name: "slow_tool", duration: 50 * time.Millisecond, execCh: execCh}
+ tool2 := &slowTool{name: "skipped_tool", duration: 50 * time.Millisecond}
+
+ // Provider that captures messages on the second call (after tools)
+ var secondCallMessages []providers.Message
+ var capMu sync.Mutex
+ callCount := 0
+
+ provider := &toolCallProvider{
+ toolCalls: []providers.ToolCall{
+ {
+ ID: "call_1",
+ Type: "function",
+ Name: "slow_tool",
+ Function: &providers.FunctionCall{
+ Name: "slow_tool",
+ Arguments: "{}",
+ },
+ Arguments: map[string]any{},
+ },
+ {
+ ID: "call_2",
+ Type: "function",
+ Name: "skipped_tool",
+ Function: &providers.FunctionCall{
+ Name: "skipped_tool",
+ Arguments: "{}",
+ },
+ Arguments: map[string]any{},
+ },
+ },
+ finalResp: "done",
+ }
+
+ // Wrap provider to capture messages on second call
+ wrappedProvider := &wrappingProvider{
+ inner: provider,
+ onChat: func(msgs []providers.Message) {
+ capMu.Lock()
+ callCount++
+ if callCount >= 2 {
+ secondCallMessages = make([]providers.Message, len(msgs))
+ copy(secondCallMessages, msgs)
+ }
+ capMu.Unlock()
+ },
+ }
+
+ msgBus := bus.NewMessageBus()
+ al := NewAgentLoop(cfg, msgBus, wrappedProvider)
+ al.RegisterTool(tool1)
+ al.RegisterTool(tool2)
+
+ resultCh := make(chan string, 1)
+ go func() {
+ resp, _ := al.ProcessDirectWithChannel(
+ context.Background(), "go", "test-session", "test", "chat1",
+ )
+ resultCh <- resp
+ }()
+
+ <-execCh
+ al.Steer(providers.Message{Role: "user", Content: "interrupt!"})
+
+ select {
+ case <-resultCh:
+ case <-time.After(5 * time.Second):
+ t.Fatal("timeout")
+ }
+
+ // Check that the skipped tool result message is in the conversation
+ capMu.Lock()
+ msgs := secondCallMessages
+ capMu.Unlock()
+
+ foundSkipped := false
+ for _, m := range msgs {
+ if m.Role == "tool" && m.ToolCallID == "call_2" && m.Content == "Skipped due to queued user message." {
+ foundSkipped = true
+ break
+ }
+ }
+ if !foundSkipped {
+ // Log what we actually got
+ for i, m := range msgs {
+ t.Logf("msg[%d]: role=%s toolCallID=%s content=%s", i, m.Role, m.ToolCallID, truncate(m.Content, 80))
+ }
+ t.Fatal("expected skipped tool result for call_2")
+ }
+}
+
+func truncate(s string, n int) string {
+ if len(s) <= n {
+ return s
+ }
+ return s[:n] + "..."
+}
+
+// wrappingProvider wraps another provider to hook into Chat calls.
+type wrappingProvider struct {
+ inner providers.LLMProvider
+ onChat func([]providers.Message)
+}
+
+func (w *wrappingProvider) Chat(
+ ctx context.Context,
+ messages []providers.Message,
+ tools []providers.ToolDefinition,
+ model string,
+ opts map[string]any,
+) (*providers.LLMResponse, error) {
+ if w.onChat != nil {
+ w.onChat(messages)
+ }
+ return w.inner.Chat(ctx, messages, tools, model, opts)
+}
+
+func (w *wrappingProvider) GetDefaultModel() string {
+ return w.inner.GetDefaultModel()
+}
+
+// Ensure NormalizeToolCall handles our test tool calls.
+func init() {
+ // This is a no-op init; we just need the tool call tests to work
+ // with the proper argument serialization.
+ _ = json.Marshal
+}
diff --git a/pkg/agent/subturn.go b/pkg/agent/subturn.go
new file mode 100644
index 000000000..f5ba412ab
--- /dev/null
+++ b/pkg/agent/subturn.go
@@ -0,0 +1,671 @@
+package agent
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "sync"
+ "sync/atomic"
+ "time"
+
+ "github.com/sipeed/picoclaw/pkg/logger"
+ "github.com/sipeed/picoclaw/pkg/providers"
+ "github.com/sipeed/picoclaw/pkg/tools"
+)
+
+// ====================== Config & Constants ======================
+const (
+ // Default values for SubTurn configuration (used when config is not set or is zero)
+ defaultMaxSubTurnDepth = 3
+ defaultMaxConcurrentSubTurns = 5
+ defaultConcurrencyTimeout = 30 * time.Second
+ defaultSubTurnTimeout = 5 * time.Minute
+ // maxEphemeralHistorySize limits the number of messages stored in ephemeral sessions.
+ // This prevents memory accumulation in long-running sub-turns.
+ maxEphemeralHistorySize = 50
+)
+
+var (
+ ErrDepthLimitExceeded = errors.New("sub-turn depth limit exceeded")
+ ErrInvalidSubTurnConfig = errors.New("invalid sub-turn config")
+ ErrConcurrencyTimeout = errors.New("timeout waiting for concurrency slot")
+)
+
+// getSubTurnConfig returns the effective SubTurn configuration with defaults applied.
+func (al *AgentLoop) getSubTurnConfig() subTurnRuntimeConfig {
+ cfg := al.cfg.Agents.Defaults.SubTurn
+
+ maxDepth := cfg.MaxDepth
+ if maxDepth <= 0 {
+ maxDepth = defaultMaxSubTurnDepth
+ }
+
+ maxConcurrent := cfg.MaxConcurrent
+ if maxConcurrent <= 0 {
+ maxConcurrent = defaultMaxConcurrentSubTurns
+ }
+
+ concurrencyTimeout := time.Duration(cfg.ConcurrencyTimeoutSec) * time.Second
+ if concurrencyTimeout <= 0 {
+ concurrencyTimeout = defaultConcurrencyTimeout
+ }
+
+ defaultTimeout := time.Duration(cfg.DefaultTimeoutMinutes) * time.Minute
+ if defaultTimeout <= 0 {
+ defaultTimeout = defaultSubTurnTimeout
+ }
+
+ return subTurnRuntimeConfig{
+ maxDepth: maxDepth,
+ maxConcurrent: maxConcurrent,
+ concurrencyTimeout: concurrencyTimeout,
+ defaultTimeout: defaultTimeout,
+ defaultTokenBudget: cfg.DefaultTokenBudget,
+ }
+}
+
+// subTurnRuntimeConfig holds the effective runtime configuration for SubTurn execution.
+type subTurnRuntimeConfig struct {
+ maxDepth int
+ maxConcurrent int
+ concurrencyTimeout time.Duration
+ defaultTimeout time.Duration
+ defaultTokenBudget int
+}
+
+// ====================== SubTurn Config ======================
+
+// SubTurnConfig configures the execution of a child sub-turn.
+//
+// Usage Examples:
+//
+// Synchronous sub-turn (Async=false):
+//
+// cfg := SubTurnConfig{
+// Model: "gpt-4o-mini",
+// SystemPrompt: "Analyze this code",
+// Async: false, // Result returned immediately
+// }
+// result, err := SpawnSubTurn(ctx, cfg)
+// // Use result directly here
+// processResult(result)
+//
+// Asynchronous sub-turn (Async=true):
+//
+// cfg := SubTurnConfig{
+// Model: "gpt-4o-mini",
+// SystemPrompt: "Background analysis",
+// Async: true, // Result delivered to channel
+// }
+// result, err := SpawnSubTurn(ctx, cfg)
+// // Result also available in parent's pendingResults channel
+// // Parent turn will poll and process it in a later iteration
+type SubTurnConfig struct {
+ Model string
+ Tools []tools.Tool
+ SystemPrompt string
+ MaxTokens int
+
+ // Async controls the result delivery mechanism:
+ //
+ // When Async = false (synchronous sub-turn):
+ // - The caller blocks until the sub-turn completes
+ // - The result is ONLY returned via the function return value
+ // - The result is NOT delivered to the parent's pendingResults channel
+ // - This prevents double delivery: caller gets result immediately, no need for channel
+ // - Use case: When the caller needs the result immediately to continue execution
+ // - Example: A tool that needs to process the sub-turn result before returning
+ //
+ // When Async = true (asynchronous sub-turn):
+ // - The sub-turn runs in the background (still blocks the caller, but semantically async)
+ // - The result is delivered to the parent's pendingResults channel
+ // - The result is ALSO returned via the function return value (for consistency)
+ // - The parent turn can poll pendingResults in later iterations to process results
+ // - Use case: Fire-and-forget operations, or when results are processed in batches
+ // - Example: Spawning multiple sub-turns in parallel and collecting results later
+ //
+ // IMPORTANT: The Async flag does NOT make the call non-blocking. It only controls
+ // whether the result is delivered via the channel. For true non-blocking execution,
+ // the caller must spawn the sub-turn in a separate goroutine.
+ Async bool
+
+ // Critical indicates this SubTurn's result is important and should continue
+ // running even after the parent turn finishes gracefully.
+ //
+ // When parent finishes gracefully (Finish(false)):
+ // - Critical=true: SubTurn continues running, delivers result as orphan
+ // - Critical=false: SubTurn exits gracefully without error
+ //
+ // When parent finishes with hard abort (Finish(true)):
+ // - All SubTurns are canceled regardless of Critical flag
+ Critical bool
+
+ // Timeout is the maximum duration for this SubTurn.
+ // If the SubTurn runs longer than this, it will be canceled.
+ // Default is 5 minutes (defaultSubTurnTimeout) if not specified.
+ Timeout time.Duration
+
+ // MaxContextRunes limits the context size (in runes) passed to the SubTurn.
+ // This prevents context window overflow by truncating message history before LLM calls.
+ //
+ // Values:
+ // 0 = Auto-calculate based on model's ContextWindow * 0.75 (default, recommended)
+ // -1 = No limit (disable soft truncation, rely only on hard context errors)
+ // >0 = Use specified rune limit
+ //
+ // The soft limit acts as a first line of defense before hitting the provider's
+ // hard context window limit. When exceeded, older messages are intelligently
+ // truncated while preserving system messages and recent context.
+ MaxContextRunes int
+
+ // ActualSystemPrompt is injected as the true 'system' role message for the childAgent.
+ // The legacy SystemPrompt field is actually used as the first 'user' message (task description).
+ ActualSystemPrompt string
+
+ // InitialMessages preloads the ephemeral session history before the agent loop starts.
+ // Used by evaluator-optimizer patterns to pass the full worker context across multiple iterations.
+ InitialMessages []providers.Message
+
+ // InitialTokenBudget is a shared atomic counter for tracking remaining tokens.
+ // If set, the SubTurn will inherit this budget and deduct tokens after each LLM call.
+ // If nil, the SubTurn will inherit the parent's tokenBudget (if any).
+ // Used by team tool to enforce token limits across all team members.
+ InitialTokenBudget *atomic.Int64
+
+ // Can be extended with temperature, topP, etc.
+}
+
+// ====================== Context Keys ======================
+type agentLoopKeyType struct{}
+
+var agentLoopKey = agentLoopKeyType{}
+
+// WithAgentLoop injects AgentLoop into context for tool access
+func WithAgentLoop(ctx context.Context, al *AgentLoop) context.Context {
+ return context.WithValue(ctx, agentLoopKey, al)
+}
+
+// AgentLoopFromContext retrieves AgentLoop from context
+func AgentLoopFromContext(ctx context.Context) *AgentLoop {
+ al, _ := ctx.Value(agentLoopKey).(*AgentLoop)
+ return al
+}
+
+// ====================== Helper Functions ======================
+
+func (al *AgentLoop) generateSubTurnID() string {
+ return fmt.Sprintf("subturn-%d", al.subTurnCounter.Add(1))
+}
+
+// ====================== Core Function: spawnSubTurn ======================
+
+// AgentLoopSpawner implements tools.SubTurnSpawner interface.
+// This allows tools to spawn sub-turns without circular dependency.
+type AgentLoopSpawner struct {
+ al *AgentLoop
+}
+
+// SpawnSubTurn implements tools.SubTurnSpawner interface.
+func (s *AgentLoopSpawner) SpawnSubTurn(
+ ctx context.Context,
+ cfg tools.SubTurnConfig,
+) (*tools.ToolResult, error) {
+ parentTS := turnStateFromContext(ctx)
+ if parentTS == nil {
+ return nil, errors.New(
+ "parent turnState not found in context - cannot spawn sub-turn outside of a turn",
+ )
+ }
+
+ // Convert tools.SubTurnConfig to agent.SubTurnConfig
+ agentCfg := SubTurnConfig{
+ Model: cfg.Model,
+ Tools: cfg.Tools,
+ SystemPrompt: cfg.SystemPrompt,
+ ActualSystemPrompt: cfg.ActualSystemPrompt,
+ InitialMessages: cfg.InitialMessages,
+ InitialTokenBudget: cfg.InitialTokenBudget,
+ MaxTokens: cfg.MaxTokens,
+ Async: cfg.Async,
+ Critical: cfg.Critical,
+ Timeout: cfg.Timeout,
+ MaxContextRunes: cfg.MaxContextRunes,
+ }
+
+ return spawnSubTurn(ctx, s.al, parentTS, agentCfg)
+}
+
+// NewSubTurnSpawner creates a SubTurnSpawner for the given AgentLoop.
+func NewSubTurnSpawner(al *AgentLoop) *AgentLoopSpawner {
+ return &AgentLoopSpawner{al: al}
+}
+
+// SpawnSubTurn is the exported entry point for tools to spawn sub-turns.
+// It retrieves AgentLoop and parent turnState from context and delegates to spawnSubTurn.
+func SpawnSubTurn(ctx context.Context, cfg SubTurnConfig) (*tools.ToolResult, error) {
+ al := AgentLoopFromContext(ctx)
+ if al == nil {
+ return nil, errors.New(
+ "AgentLoop not found in context - ensure context is properly initialized",
+ )
+ }
+
+ parentTS := turnStateFromContext(ctx)
+ if parentTS == nil {
+ return nil, errors.New(
+ "parent turnState not found in context - cannot spawn sub-turn outside of a turn",
+ )
+ }
+
+ return spawnSubTurn(ctx, al, parentTS, cfg)
+}
+
+func spawnSubTurn(
+ ctx context.Context,
+ al *AgentLoop,
+ parentTS *turnState,
+ cfg SubTurnConfig,
+) (result *tools.ToolResult, err error) {
+ // Get effective SubTurn configuration
+ rtCfg := al.getSubTurnConfig()
+
+ // 0. Acquire concurrency semaphore FIRST to ensure it's released even if early validation fails.
+ // Blocks if parent already has maxConcurrentSubTurns running, with a timeout to prevent indefinite blocking.
+ // Also respects context cancellation so we don't block forever if parent is aborted.
+ // NOTE: The semaphore is released immediately after runTurn completes (not in a defer) to
+ // ensure it is freed before the cleanup phase (async result delivery), which may block on
+ // a full pendingResults channel. Holding the semaphore through cleanup would allow the
+ // parent's goroutine to be blocked waiting for a semaphore slot while child turns are
+ // blocked delivering results — a deadlock.
+ var semAcquired bool
+ if parentTS.concurrencySem != nil {
+ // Create a timeout context for semaphore acquisition
+ timeoutCtx, cancel := context.WithTimeout(ctx, rtCfg.concurrencyTimeout)
+ defer cancel()
+
+ select {
+ case parentTS.concurrencySem <- struct{}{}:
+ semAcquired = true
+ defer func() {
+ if semAcquired {
+ <-parentTS.concurrencySem
+ }
+ }()
+ case <-timeoutCtx.Done():
+ // Check parent context first - if it was canceled, propagate that error
+ if ctx.Err() != nil {
+ return nil, ctx.Err()
+ }
+ // Otherwise it's our timeout
+ return nil, fmt.Errorf("%w: all %d slots occupied for %v",
+ ErrConcurrencyTimeout, rtCfg.maxConcurrent, rtCfg.concurrencyTimeout)
+ }
+ }
+
+ // 1. Depth limit check
+ if parentTS.depth >= rtCfg.maxDepth {
+ logger.WarnCF("subturn", "Depth limit exceeded", map[string]any{
+ "parent_id": parentTS.turnID,
+ "depth": parentTS.depth,
+ "max_depth": rtCfg.maxDepth,
+ })
+ return nil, ErrDepthLimitExceeded
+ }
+
+ // 2. Config validation
+ if cfg.Model == "" {
+ return nil, ErrInvalidSubTurnConfig
+ }
+
+ // 3. Determine timeout for child SubTurn
+ timeout := cfg.Timeout
+ if timeout <= 0 {
+ timeout = rtCfg.defaultTimeout
+ }
+
+ // 4. Create INDEPENDENT child context (not derived from parent ctx).
+ // This allows the child to continue running after parent finishes gracefully.
+ // The child has its own timeout for self-protection.
+ childCtx, cancel := context.WithTimeout(context.Background(), timeout)
+ defer cancel()
+
+ childID := al.generateSubTurnID()
+
+ // Get the agent instance from parent, falling back to the default agent.
+ // Wrap it in a shallow copy that uses an ephemeral (in-memory only) session store
+ // so that child turns never pollute or persist to the parent's session history.
+ baseAgent := parentTS.agent
+ if baseAgent == nil {
+ baseAgent = al.registry.GetDefaultAgent()
+ }
+ if baseAgent == nil {
+ return nil, errors.New("parent turnState has no agent instance")
+ }
+ ephemeralStore := newEphemeralSession(nil)
+ agent := *baseAgent // shallow copy
+ agent.Sessions = ephemeralStore
+ // Clone the tool registry so child turn's tool registrations
+ // don't pollute the parent's registry.
+ if baseAgent.Tools != nil {
+ agent.Tools = baseAgent.Tools.Clone()
+ }
+
+ // Create processOptions for the child turn
+ opts := processOptions{
+ SessionKey: childID,
+ Channel: parentTS.channel,
+ ChatID: parentTS.chatID,
+ SenderID: parentTS.opts.SenderID,
+ SenderDisplayName: parentTS.opts.SenderDisplayName,
+ UserMessage: cfg.SystemPrompt, // Task description becomes the first user message
+ SystemPromptOverride: cfg.ActualSystemPrompt,
+ Media: nil,
+ InitialSteeringMessages: cfg.InitialMessages,
+ DefaultResponse: "",
+ EnableSummary: false,
+ SendResponse: false,
+ NoHistory: true, // SubTurns don't use session history
+ SkipInitialSteeringPoll: true,
+ }
+
+ // Create event scope for the child turn
+ scope := al.newTurnEventScope(agent.ID, childID)
+
+ // Create child turnState using the new API
+ childTS := newTurnState(&agent, opts, scope)
+
+ // Set SubTurn-specific fields
+ childTS.cancelFunc = cancel
+ childTS.critical = cfg.Critical
+ childTS.depth = parentTS.depth + 1
+ childTS.parentTurnID = parentTS.turnID
+ childTS.parentTurnState = parentTS
+ childTS.pendingResults = make(chan *tools.ToolResult, 16)
+ childTS.concurrencySem = make(chan struct{}, rtCfg.maxConcurrent)
+ childTS.al = al // back-ref for hard abort cascade
+ childTS.session = ephemeralStore // same store as agent.Sessions
+
+ // Token budget initialization/inheritance
+ // If InitialTokenBudget is explicitly provided (e.g., by team tool), use it.
+ // Otherwise, inherit from parent's tokenBudget (for nested SubTurns).
+ if cfg.InitialTokenBudget != nil {
+ childTS.tokenBudget = cfg.InitialTokenBudget
+ } else if parentTS.tokenBudget != nil {
+ childTS.tokenBudget = parentTS.tokenBudget
+ } else if rtCfg.defaultTokenBudget > 0 {
+ // Apply default token budget from config if no budget is set
+ budget := &atomic.Int64{}
+ budget.Store(int64(rtCfg.defaultTokenBudget))
+ childTS.tokenBudget = budget
+ }
+
+ // IMPORTANT: Put childTS into childCtx so that code inside runTurn can retrieve it
+ childCtx = withTurnState(childCtx, childTS)
+ childCtx = WithAgentLoop(childCtx, al) // Propagate AgentLoop to child turn
+
+ childTS.ctx = childCtx
+
+ // Register child turn state so GetAllActiveTurns/Subagents can find it
+ al.activeTurnStates.Store(childID, childTS)
+ defer al.activeTurnStates.Delete(childID)
+
+ // 5. Establish parent-child relationship (thread-safe)
+ parentTS.mu.Lock()
+ parentTS.childTurnIDs = append(parentTS.childTurnIDs, childID)
+ parentTS.mu.Unlock()
+
+ // 6. Emit Spawn event
+ al.emitEvent(EventKindSubTurnSpawn,
+ childTS.eventMeta("spawnSubTurn", "subturn.spawn"),
+ SubTurnSpawnPayload{
+ AgentID: childTS.agentID,
+ Label: childID,
+ ParentTurnID: parentTS.turnID,
+ },
+ )
+
+ // 7. Defer cleanup: deliver result (for async), emit End event, and recover from panics
+ defer func() {
+ if r := recover(); r != nil {
+ err = fmt.Errorf("subturn panicked: %v", r)
+ result = nil
+ logger.ErrorCF("subturn", "SubTurn panicked", map[string]any{
+ "child_id": childID,
+ "parent_id": parentTS.turnID,
+ "panic": r,
+ })
+ }
+
+ // Result Delivery Strategy (Async vs Sync)
+ if cfg.Async {
+ deliverSubTurnResult(al, parentTS, childID, result)
+ }
+
+ status := "completed"
+ if err != nil {
+ status = "error"
+ }
+ al.emitEvent(EventKindSubTurnEnd,
+ childTS.eventMeta("spawnSubTurn", "subturn.end"),
+ SubTurnEndPayload{
+ AgentID: childTS.agentID,
+ Status: status,
+ },
+ )
+ }()
+
+ // 8. Execute sub-turn via the real agent loop.
+ turnRes, turnErr := al.runTurn(childCtx, childTS)
+
+ // Release the concurrency semaphore immediately after runTurn completes,
+ // before the cleanup defer runs. This prevents a deadlock where:
+ // - All semaphore slots are held by sub-turns in their cleanup phase
+ // - Cleanup blocks on a full pendingResults channel
+ // - The parent goroutine is blocked waiting for a semaphore slot
+ // - The parent cannot consume pendingResults because it is blocked on the semaphore
+ if semAcquired {
+ <-parentTS.concurrencySem
+ semAcquired = false // prevent the defer from double-releasing
+ }
+
+ // Convert turnResult to tools.ToolResult
+ if turnErr != nil {
+ err = turnErr
+ result = &tools.ToolResult{
+ Err: turnErr,
+ ForLLM: fmt.Sprintf("SubTurn failed: %v", turnErr),
+ }
+ } else {
+ result = &tools.ToolResult{
+ ForLLM: turnRes.finalContent,
+ ForUser: turnRes.finalContent,
+ }
+ }
+
+ return result, err
+}
+
+// ====================== Result Delivery ======================
+
+// deliverSubTurnResult delivers a sub-turn result to the parent turn's pendingResults channel.
+//
+// IMPORTANT: This function is ONLY called for asynchronous sub-turns (Async=true).
+// For synchronous sub-turns (Async=false), results are returned directly via the function
+// return value to avoid double delivery.
+//
+// Delivery behavior:
+// - If parent turn is still running: attempts to deliver to pendingResults channel
+// - If channel is full: emits SubTurnOrphanResultEvent (result is lost from channel but tracked)
+// - If parent turn has finished: emits SubTurnOrphanResultEvent (late arrival)
+//
+// Thread safety:
+// - Reads parent state under lock, then releases lock before channel send
+// - Small race window exists but is acceptable (worst case: result becomes orphan)
+//
+// Event emissions:
+// - SubTurnResultDeliveredEvent: successful delivery to channel
+// - SubTurnOrphanResultEvent: delivery failed (parent finished or channel full)
+func deliverSubTurnResult(al *AgentLoop, parentTS *turnState, childID string, result *tools.ToolResult) {
+ // Let GC clean up the pendingResults channel; parent Finish will no longer close it.
+ // We use defer/recover to catch any unlikely channel panics if it were ever closed.
+ defer func() {
+ if r := recover(); r != nil {
+ logger.WarnCF("subturn", "recovered panic sending to pendingResults", map[string]any{
+ "parent_id": parentTS.turnID,
+ "child_id": childID,
+ "recover": r,
+ })
+ if result != nil && al != nil {
+ al.emitEvent(EventKindSubTurnOrphan,
+ parentTS.eventMeta("deliverSubTurnResult", "subturn.orphan"),
+ SubTurnOrphanPayload{ParentTurnID: parentTS.turnID, ChildTurnID: childID, Reason: "panic"},
+ )
+ }
+ }
+ }()
+ parentTS.mu.Lock()
+ isFinished := parentTS.isFinished.Load()
+ resultChan := parentTS.pendingResults
+ parentTS.mu.Unlock()
+
+ // If parent turn has already finished, treat this as an orphan result
+ if isFinished || resultChan == nil {
+ if result != nil && al != nil {
+ al.emitEvent(EventKindSubTurnOrphan,
+ parentTS.eventMeta("deliverSubTurnResult", "subturn.orphan"),
+ SubTurnOrphanPayload{ParentTurnID: parentTS.turnID, ChildTurnID: childID, Reason: "parent_finished"},
+ )
+ }
+ return
+ }
+
+ // Parent Turn is still running → attempt to deliver result
+ // We use a select statement with parentTS.Finished() to ensure that if the
+ // parent turn finishes while we are waiting to send the result (e.g. channel
+ // is full), we don't leak this goroutine by blocking forever.
+ select {
+ case resultChan <- result:
+ // Successfully delivered
+ if al != nil {
+ al.emitEvent(EventKindSubTurnResultDelivered,
+ parentTS.eventMeta("deliverSubTurnResult", "subturn.result_delivered"),
+ SubTurnResultDeliveredPayload{ContentLen: len(result.ForLLM)},
+ )
+ }
+ case <-parentTS.Finished():
+ // Parent finished while we were waiting to deliver.
+ // The result cannot be delivered to the LLM, so it becomes an orphan.
+ logger.WarnCF("subturn", "parent finished before result could be delivered", map[string]any{
+ "parent_id": parentTS.turnID,
+ "child_id": childID,
+ })
+ if result != nil && al != nil {
+ al.emitEvent(
+ EventKindSubTurnOrphan,
+ parentTS.eventMeta("deliverSubTurnResult", "subturn.orphan"),
+ SubTurnOrphanPayload{
+ ParentTurnID: parentTS.turnID,
+ ChildTurnID: childID,
+ Reason: "parent_finished_waiting",
+ },
+ )
+ }
+ }
+}
+
+// ====================== Other Types ======================
+
+// ephemeralSessionStore is an in-memory session.SessionStore used by SubTurns.
+// It does not persist to disk and auto-truncates history to maxEphemeralHistorySize.
+type ephemeralSessionStore struct {
+ mu sync.Mutex
+ history []providers.Message
+ summary string
+}
+
+func newEphemeralSession(initial []providers.Message) ephemeralSessionStoreIface {
+ s := &ephemeralSessionStore{}
+ if len(initial) > 0 {
+ s.history = append(s.history, initial...)
+ }
+ return s
+}
+
+// ephemeralSessionStoreIface is satisfied by *ephemeralSessionStore.
+// Declared so newEphemeralSession can return a typed interface.
+type ephemeralSessionStoreIface interface {
+ AddMessage(sessionKey, role, content string)
+ AddFullMessage(sessionKey string, msg providers.Message)
+ GetHistory(key string) []providers.Message
+ GetSummary(key string) string
+ SetSummary(key, summary string)
+ SetHistory(key string, history []providers.Message)
+ TruncateHistory(key string, keepLast int)
+ Save(key string) error
+ Close() error
+}
+
+func (e *ephemeralSessionStore) AddMessage(_, role, content string) {
+ e.mu.Lock()
+ defer e.mu.Unlock()
+ e.history = append(e.history, providers.Message{Role: role, Content: content})
+ e.truncateLocked()
+}
+
+func (e *ephemeralSessionStore) AddFullMessage(_ string, msg providers.Message) {
+ e.mu.Lock()
+ defer e.mu.Unlock()
+ e.history = append(e.history, msg)
+ e.truncateLocked()
+}
+
+func (e *ephemeralSessionStore) GetHistory(_ string) []providers.Message {
+ e.mu.Lock()
+ defer e.mu.Unlock()
+ out := make([]providers.Message, len(e.history))
+ copy(out, e.history)
+ return out
+}
+
+func (e *ephemeralSessionStore) GetSummary(_ string) string {
+ e.mu.Lock()
+ defer e.mu.Unlock()
+ return e.summary
+}
+
+func (e *ephemeralSessionStore) SetSummary(_, summary string) {
+ e.mu.Lock()
+ defer e.mu.Unlock()
+ e.summary = summary
+}
+
+func (e *ephemeralSessionStore) SetHistory(_ string, history []providers.Message) {
+ e.mu.Lock()
+ defer e.mu.Unlock()
+ e.history = make([]providers.Message, len(history))
+ copy(e.history, history)
+ e.truncateLocked()
+}
+
+func (e *ephemeralSessionStore) TruncateHistory(_ string, keepLast int) {
+ e.mu.Lock()
+ defer e.mu.Unlock()
+ if keepLast <= 0 {
+ e.history = nil
+ return
+ }
+
+ if keepLast >= len(e.history) {
+ return
+ }
+ e.history = e.history[len(e.history)-keepLast:]
+}
+
+func (e *ephemeralSessionStore) Save(_ string) error { return nil }
+func (e *ephemeralSessionStore) Close() error { return nil }
+
+func (e *ephemeralSessionStore) truncateLocked() {
+ if len(e.history) > maxEphemeralHistorySize {
+ e.history = e.history[len(e.history)-maxEphemeralHistorySize:]
+ }
+}
diff --git a/pkg/agent/subturn_test.go b/pkg/agent/subturn_test.go
new file mode 100644
index 000000000..6a2ba835d
--- /dev/null
+++ b/pkg/agent/subturn_test.go
@@ -0,0 +1,2067 @@
+package agent
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "sync"
+ "testing"
+ "time"
+
+ "github.com/sipeed/picoclaw/pkg/bus"
+ "github.com/sipeed/picoclaw/pkg/config"
+ "github.com/sipeed/picoclaw/pkg/providers"
+ "github.com/sipeed/picoclaw/pkg/tools"
+)
+
+// Test constants (use defaults from subturn.go)
+const (
+ testMaxConcurrentSubTurns = defaultMaxConcurrentSubTurns
+)
+
+// ====================== Test Helper: Event Collector ======================
+type eventCollector struct {
+ mu sync.Mutex
+ events []Event
+}
+
+func newEventCollector(t *testing.T, al *AgentLoop) (*eventCollector, func()) {
+ t.Helper()
+ c := &eventCollector{}
+ sub := al.SubscribeEvents(16)
+ done := make(chan struct{})
+ go func() {
+ defer close(done)
+ for evt := range sub.C {
+ c.mu.Lock()
+ c.events = append(c.events, evt)
+ c.mu.Unlock()
+ }
+ }()
+ cleanup := func() {
+ al.UnsubscribeEvents(sub.ID)
+ <-done
+ }
+ return c, cleanup
+}
+
+func (c *eventCollector) hasEventOfKind(kind EventKind) bool {
+ c.mu.Lock()
+ defer c.mu.Unlock()
+ for _, e := range c.events {
+ if e.Kind == kind {
+ return true
+ }
+ }
+ return false
+}
+
+// ====================== Main Test Function ======================
+func TestSpawnSubTurn(t *testing.T) {
+ tests := []struct {
+ name string
+ parentDepth int
+ config SubTurnConfig
+ wantErr error
+ wantSpawn bool
+ wantEnd bool
+ wantDepthFail bool
+ }{
+ {
+ name: "Basic success path - Single layer sub-turn",
+ parentDepth: 0,
+ config: SubTurnConfig{
+ Model: "gpt-4o-mini",
+ Tools: []tools.Tool{}, // At least one tool
+ },
+ wantErr: nil,
+ wantSpawn: true,
+ wantEnd: true,
+ },
+ {
+ name: "Nested 2 layers - Normal",
+ parentDepth: 1,
+ config: SubTurnConfig{
+ Model: "gpt-4o-mini",
+ Tools: []tools.Tool{},
+ },
+ wantErr: nil,
+ wantSpawn: true,
+ wantEnd: true,
+ },
+ {
+ name: "Depth limit triggered - 4th layer fails",
+ parentDepth: 3,
+ config: SubTurnConfig{
+ Model: "gpt-4o-mini",
+ Tools: []tools.Tool{},
+ },
+ wantErr: ErrDepthLimitExceeded,
+ wantSpawn: false,
+ wantEnd: false,
+ wantDepthFail: true,
+ },
+ {
+ name: "Invalid config - Empty Model",
+ parentDepth: 0,
+ config: SubTurnConfig{
+ Model: "",
+ Tools: []tools.Tool{},
+ },
+ wantErr: ErrInvalidSubTurnConfig,
+ wantSpawn: false,
+ wantEnd: false,
+ },
+ }
+
+ al, _, _, provider, cleanup := newTestAgentLoop(t)
+ _ = provider
+ defer cleanup()
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ // Prepare parent Turn
+ parent := &turnState{
+ ctx: context.Background(),
+ turnID: "parent-1",
+ depth: tt.parentDepth,
+ childTurnIDs: []string{},
+ pendingResults: make(chan *tools.ToolResult, 10),
+ session: &ephemeralSessionStore{},
+ agent: al.registry.GetDefaultAgent(),
+ }
+
+ // Subscribe to real EventBus to capture events
+ collector, collectCleanup := newEventCollector(t, al)
+ defer collectCleanup()
+
+ // Execute spawnSubTurn
+ result, err := spawnSubTurn(context.Background(), al, parent, tt.config)
+
+ // Assert errors
+ if tt.wantErr != nil {
+ if err == nil || err != tt.wantErr {
+ t.Errorf("expected error %v, got %v", tt.wantErr, err)
+ }
+ return
+ }
+ if err != nil {
+ t.Errorf("unexpected error: %v", err)
+ return
+ }
+
+ // Verify result
+ if result == nil {
+ t.Error("expected non-nil result")
+ }
+
+ // Verify event emission
+ time.Sleep(10 * time.Millisecond) // let event goroutine flush
+ if tt.wantSpawn {
+ if !collector.hasEventOfKind(EventKindSubTurnSpawn) {
+ t.Error("SubTurnSpawnEvent not emitted")
+ }
+ }
+ if tt.wantEnd {
+ if !collector.hasEventOfKind(EventKindSubTurnEnd) {
+ t.Error("SubTurnEndEvent not emitted")
+ }
+ }
+
+ // Verify turn tree
+ if len(parent.childTurnIDs) == 0 && !tt.wantDepthFail {
+ t.Error("child Turn not added to parent.childTurnIDs")
+ }
+
+ // For synchronous calls (Async=false, the default), result is returned directly
+ // and should NOT be in pendingResults. The result was already verified above.
+ // Only async calls (Async=true) would place results in pendingResults.
+ })
+ }
+}
+
+// ====================== Extra Independent Test: Ephemeral Session Isolation ======================
+func TestSpawnSubTurn_EphemeralSessionIsolation(t *testing.T) {
+ al, _, _, provider, cleanup := newTestAgentLoop(t)
+ _ = provider
+ defer cleanup()
+
+ // Parent uses its own ephemeral store pre-seeded with one message
+ parentSession := &ephemeralSessionStore{}
+ parentSession.AddMessage("", "user", "parent msg")
+ parent := &turnState{
+ ctx: context.Background(),
+ turnID: "parent-1",
+ depth: 0,
+ pendingResults: make(chan *tools.ToolResult, 4),
+ concurrencySem: make(chan struct{}, testMaxConcurrentSubTurns),
+ session: parentSession,
+ }
+
+ cfg := SubTurnConfig{Model: "gpt-4o-mini", Tools: []tools.Tool{}}
+
+ originalParentLen := len(parentSession.GetHistory(""))
+
+ _, _ = spawnSubTurn(context.Background(), al, parent, cfg)
+
+ // Parent session must be untouched — child used its own store
+ if got := len(parentSession.GetHistory("")); got != originalParentLen {
+ t.Errorf("parent session polluted: expected %d messages, got %d", originalParentLen, got)
+ }
+
+ // The child's agent.Sessions must NOT be the same pointer as the parent's session.
+ // We verify this indirectly: spawnSubTurn stores childTS in activeTurnStates during
+ // execution (deleted on return), so we can't easily grab childTS after the call.
+ // Instead, confirm that the child session is a distinct ephemeralSessionStore by
+ // checking the parent session key is only used by the parent store.
+ // If isolation is correct, parent.session.GetHistory(childID) is always empty
+ // (the child never wrote to the parent store).
+ al.activeTurnStates.Range(func(k, v any) bool {
+ // No active turns should remain after spawnSubTurn returns
+ t.Errorf("unexpected active turn state left after spawnSubTurn: key=%v", k)
+ return true
+ })
+}
+
+// ====================== Extra Independent Test: Result Delivery Path (Async) ======================
+func TestSpawnSubTurn_ResultDelivery(t *testing.T) {
+ al, _, _, provider, cleanup := newTestAgentLoop(t)
+ _ = provider
+ defer cleanup()
+
+ parent := &turnState{
+ ctx: context.Background(),
+ turnID: "parent-1",
+ depth: 0,
+ pendingResults: make(chan *tools.ToolResult, 1),
+ session: &ephemeralSessionStore{},
+ }
+
+ // Set Async=true to test async result delivery via pendingResults channel
+ cfg := SubTurnConfig{Model: "gpt-4o-mini", Tools: []tools.Tool{}, Async: true}
+
+ _, _ = spawnSubTurn(context.Background(), al, parent, cfg)
+
+ // Check if pendingResults received the result (only for async calls)
+ select {
+ case res := <-parent.pendingResults:
+ if res == nil {
+ t.Error("received nil result in pendingResults")
+ }
+ default:
+ t.Error("result did not enter pendingResults for async call")
+ }
+}
+
+// ====================== Extra Independent Test: Result Delivery Path (Sync) ======================
+func TestSpawnSubTurn_ResultDeliverySync(t *testing.T) {
+ al, _, _, provider, cleanup := newTestAgentLoop(t)
+ _ = provider
+ defer cleanup()
+
+ parent := &turnState{
+ ctx: context.Background(),
+ turnID: "parent-sync-1",
+ depth: 0,
+ pendingResults: make(chan *tools.ToolResult, 1),
+ session: &ephemeralSessionStore{},
+ }
+
+ // Sync call (Async=false, the default) - result should be returned directly
+ cfg := SubTurnConfig{Model: "gpt-4o-mini", Tools: []tools.Tool{}, Async: false}
+
+ result, err := spawnSubTurn(context.Background(), al, parent, cfg)
+ if err != nil {
+ t.Fatalf("unexpected error: %v", err)
+ }
+
+ // Result should be returned directly
+ if result == nil {
+ t.Error("expected non-nil result from sync call")
+ }
+
+ // pendingResults should NOT contain the result (no double delivery)
+ select {
+ case <-parent.pendingResults:
+ t.Error("sync call should not place result in pendingResults (double delivery)")
+ default:
+ // Expected - channel should be empty
+ }
+}
+
+// ====================== Extra Independent Test: Orphan Result Routing ======================
+func TestSpawnSubTurn_OrphanResultRouting(t *testing.T) {
+ al, _, _, provider, cleanup := newTestAgentLoop(t)
+ _ = provider
+ defer cleanup()
+
+ collector, collectCleanup := newEventCollector(t, al)
+ defer collectCleanup()
+
+ parentCtx, cancelParent := context.WithCancel(context.Background())
+ parent := &turnState{
+ ctx: parentCtx,
+ cancelFunc: cancelParent,
+ turnID: "parent-1",
+ depth: 0,
+ pendingResults: make(chan *tools.ToolResult, 1),
+ session: &ephemeralSessionStore{},
+ }
+
+ // Simulate parent finishing before child delivers result
+ parent.Finish(false)
+
+ // Call deliverSubTurnResult directly to simulate a delayed child
+ deliverSubTurnResult(al, parent, "delayed-child", &tools.ToolResult{ForLLM: "late result"})
+
+ time.Sleep(10 * time.Millisecond) // let event goroutine flush
+ // Verify Orphan event is emitted
+ if !collector.hasEventOfKind(EventKindSubTurnOrphan) {
+ t.Error("SubTurnOrphanResultEvent not emitted for finished parent")
+ }
+
+ // Verify history is NOT polluted
+ if len(parent.session.GetHistory("")) != 0 {
+ t.Error("Parent history was polluted by orphan result")
+ }
+}
+
+// ====================== Extra Independent Test: Result Channel Registration ======================
+func TestSubTurnResultChannelRegistration(t *testing.T) {
+ al, _, _, provider, cleanup := newTestAgentLoop(t)
+ _ = provider
+ defer cleanup()
+
+ parent := &turnState{
+ ctx: context.Background(),
+ turnID: "parent-reg-1",
+ depth: 0,
+ pendingResults: make(chan *tools.ToolResult, 4),
+ session: &ephemeralSessionStore{},
+ }
+
+ cfg := SubTurnConfig{Model: "gpt-4o-mini", Tools: []tools.Tool{}}
+
+ // Before spawn: channel should not be registered
+ if results := al.dequeuePendingSubTurnResults(parent.turnID); results != nil {
+ t.Error("expected no channel before spawnSubTurn")
+ }
+
+ _, _ = spawnSubTurn(context.Background(), al, parent, cfg)
+}
+
+// ====================== Extra Independent Test: Dequeue Pending SubTurn Results ======================
+func TestDequeuePendingSubTurnResults(t *testing.T) {
+ al, _, _, provider, cleanup := newTestAgentLoop(t)
+ _ = provider
+ defer cleanup()
+
+ sessionKey := "test-session-dequeue"
+
+ // Empty (no turnState registered) returns nil
+ if results := al.dequeuePendingSubTurnResults(sessionKey); len(results) != 0 {
+ t.Errorf("expected empty results, got %d", len(results))
+ }
+
+ // Register a turnState so dequeuePendingSubTurnResults can find it
+ ts := &turnState{
+ ctx: context.Background(),
+ turnID: sessionKey,
+ depth: 0,
+ session: &ephemeralSessionStore{},
+ pendingResults: make(chan *tools.ToolResult, 4),
+ }
+ al.activeTurnStates.Store(sessionKey, ts)
+ defer al.activeTurnStates.Delete(sessionKey)
+
+ // Put 3 results in
+ ts.pendingResults <- &tools.ToolResult{ForLLM: "result-1"}
+ ts.pendingResults <- &tools.ToolResult{ForLLM: "result-2"}
+ ts.pendingResults <- &tools.ToolResult{ForLLM: "result-3"}
+
+ results := al.dequeuePendingSubTurnResults(sessionKey)
+ if len(results) != 3 {
+ t.Errorf("expected 3 results, got %d", len(results))
+ }
+ if results[0].ForLLM != "result-1" || results[2].ForLLM != "result-3" {
+ t.Error("results order or content mismatch")
+ }
+
+ // Channel should be drained now
+ if results := al.dequeuePendingSubTurnResults(sessionKey); len(results) != 0 {
+ t.Errorf("expected empty after drain, got %d", len(results))
+ }
+
+ // After removing from activeTurnStates, returns nil
+ al.activeTurnStates.Delete(sessionKey)
+ if results := al.dequeuePendingSubTurnResults(sessionKey); results != nil {
+ t.Error("expected nil for unregistered session")
+ }
+}
+
+// ====================== Extra Independent Test: Concurrency Semaphore ======================
+func TestSubTurnConcurrencySemaphore(t *testing.T) {
+ al, _, _, provider, cleanup := newTestAgentLoop(t)
+ _ = provider
+ defer cleanup()
+
+ parent := &turnState{
+ ctx: context.Background(),
+ turnID: "parent-concurrency",
+ depth: 0,
+ pendingResults: make(chan *tools.ToolResult, 10),
+ session: &ephemeralSessionStore{},
+ concurrencySem: make(chan struct{}, 2), // Only allow 2 concurrent children
+ }
+
+ cfg := SubTurnConfig{Model: "gpt-4o-mini", Tools: []tools.Tool{}}
+
+ // Spawn 2 children — should succeed immediately
+ done := make(chan bool, 3)
+ for i := 0; i < 2; i++ {
+ go func() {
+ _, _ = spawnSubTurn(context.Background(), al, parent, cfg)
+ done <- true
+ }()
+ }
+
+ // Wait a bit to ensure the first 2 are running
+ // (In real scenario they'd be blocked in runTurn, but mockProvider returns immediately)
+ // So we just verify the semaphore doesn't block when under limit
+ <-done
+ <-done
+
+ // Verify semaphore is now full (2/2 slots used, but they already released)
+ // Since mockProvider returns immediately, semaphore is already released
+ // So we can't easily test blocking without a real long-running operation
+
+ // Instead, verify that semaphore exists and has correct capacity
+ if cap(parent.concurrencySem) != 2 {
+ t.Errorf("expected semaphore capacity 2, got %d", cap(parent.concurrencySem))
+ }
+}
+
+// ====================== Extra Independent Test: Hard Abort Cascading ======================
+func TestHardAbortCascading(t *testing.T) {
+ al, _, _, provider, cleanup := newTestAgentLoop(t)
+ _ = provider
+ defer cleanup()
+
+ sessionKey := "test-session-abort"
+
+ // Root turn with its own independent context (not derived from child)
+ rootCtx, rootCancel := context.WithCancel(context.Background())
+ rootTS := &turnState{
+ ctx: rootCtx,
+ cancelFunc: rootCancel,
+ turnID: sessionKey,
+ depth: 0,
+ session: &ephemeralSessionStore{},
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, 5),
+ al: al,
+ }
+ al.activeTurnStates.Store(sessionKey, rootTS)
+ defer al.activeTurnStates.Delete(sessionKey)
+
+ // Child turn with an INDEPENDENT context (simulates spawnSubTurn behavior:
+ // context.WithTimeout(context.Background(), ...) — NOT derived from parent).
+ // Cascade must therefore happen via childTurnIDs traversal, not Go context tree.
+ childCtx, childCancel := context.WithCancel(context.Background())
+ childID := "child-independent"
+ childTS := &turnState{
+ ctx: childCtx,
+ cancelFunc: childCancel,
+ turnID: childID,
+ pendingResults: make(chan *tools.ToolResult, 4),
+ al: al,
+ }
+ al.activeTurnStates.Store(childID, childTS)
+ defer al.activeTurnStates.Delete(childID)
+
+ // Wire child into root's childTurnIDs (as spawnSubTurn would do)
+ rootTS.childTurnIDs = append(rootTS.childTurnIDs, childID)
+
+ // Verify neither context is canceled yet
+ select {
+ case <-rootTS.ctx.Done():
+ t.Fatal("root context should not be canceled yet")
+ default:
+ }
+ select {
+ case <-childTS.ctx.Done():
+ t.Fatal("child context should not be canceled yet (independent context)")
+ default:
+ }
+
+ // Trigger Hard Abort via al.HardAbort (goes through steering.go → Finish(true))
+ err := al.HardAbort(sessionKey)
+ if err != nil {
+ t.Fatalf("HardAbort failed: %v", err)
+ }
+
+ // Root context must be canceled
+ select {
+ case <-rootTS.ctx.Done():
+ default:
+ t.Error("root context should be canceled after HardAbort")
+ }
+
+ // Child context must be canceled via childTurnIDs cascade, NOT via Go context tree
+ select {
+ case <-childTS.ctx.Done():
+ default:
+ t.Error("child context should be canceled via childTurnIDs cascade")
+ }
+
+ // HardAbort on non-existent session should return an error
+ if err := al.HardAbort("non-existent-session"); err == nil {
+ t.Error("expected error for non-existent session")
+ }
+}
+
+// TestHardAbortSessionRollback verifies that HardAbort rolls back session history
+// to the state before the turn started, discarding all messages added during the turn.
+func TestHardAbortSessionRollback(t *testing.T) {
+ al, _, _, provider, cleanup := newTestAgentLoop(t)
+ _ = provider
+ defer cleanup()
+
+ // Create a session with initial history
+ sess := &ephemeralSessionStore{
+ history: []providers.Message{
+ {Role: "user", Content: "initial message 1"},
+ {Role: "assistant", Content: "initial response 1"},
+ },
+ }
+
+ // Create a root turnState with initialHistoryLength = 2
+ rootTS := &turnState{
+ ctx: context.Background(),
+ turnID: "test-session",
+ depth: 0,
+ session: sess,
+ initialHistoryLength: 2, // Snapshot: 2 messages
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, 5),
+ }
+
+ // Register the turn state
+ al.activeTurnStates.Store("test-session", rootTS)
+
+ // Simulate adding messages during the turn (e.g., user input + assistant response)
+ sess.AddMessage("", "user", "new user message")
+ sess.AddMessage("", "assistant", "new assistant response")
+
+ // Verify history grew to 4 messages
+ if len(sess.GetHistory("")) != 4 {
+ t.Fatalf("expected 4 messages before abort, got %d", len(sess.GetHistory("")))
+ }
+
+ // Trigger HardAbort
+ err := al.HardAbort("test-session")
+ if err != nil {
+ t.Fatalf("HardAbort failed: %v", err)
+ }
+
+ // Verify history rolled back to initial 2 messages
+ finalHistory := sess.GetHistory("")
+ if len(finalHistory) != 2 {
+ t.Errorf("expected history to rollback to 2 messages, got %d", len(finalHistory))
+ }
+
+ // Verify the content matches the initial state
+ if finalHistory[0].Content != "initial message 1" || finalHistory[1].Content != "initial response 1" {
+ t.Error("history content does not match initial state after rollback")
+ }
+}
+
+// TestNestedSubTurnHierarchy verifies that nested SubTurns maintain correct
+// parent-child relationships and depth tracking when recursively calling runAgentLoop.
+func TestNestedSubTurnHierarchy(t *testing.T) {
+ al, _, _, provider, cleanup := newTestAgentLoop(t)
+ _ = provider
+ defer cleanup()
+
+ // Track spawned turns and their depths
+ type turnInfo struct {
+ parentID string
+ childID string
+ }
+ var spawnedTurns []turnInfo
+ var mu sync.Mutex
+
+ // Subscribe to real EventBus to capture spawn events
+ sub := al.SubscribeEvents(16)
+ defer al.UnsubscribeEvents(sub.ID)
+ go func() {
+ for evt := range sub.C {
+ if evt.Kind == EventKindSubTurnSpawn {
+ p, _ := evt.Payload.(SubTurnSpawnPayload)
+ mu.Lock()
+ spawnedTurns = append(spawnedTurns, turnInfo{
+ parentID: p.ParentTurnID,
+ childID: p.Label,
+ })
+ mu.Unlock()
+ }
+ }
+ }()
+
+ // Create a root turn
+ rootSession := &ephemeralSessionStore{}
+ rootTS := &turnState{
+ ctx: context.Background(),
+ turnID: "root-turn",
+ depth: 0,
+ session: rootSession,
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, 5),
+ }
+
+ // Spawn a child (depth 1)
+ childCfg := SubTurnConfig{Model: "gpt-4o-mini"}
+ _, err := spawnSubTurn(context.Background(), al, rootTS, childCfg)
+ if err != nil {
+ t.Fatalf("failed to spawn child: %v", err)
+ }
+
+ time.Sleep(10 * time.Millisecond) // let event goroutine flush
+
+ // Verify we captured the spawn event
+ mu.Lock()
+ if len(spawnedTurns) != 1 {
+ t.Fatalf("expected 1 spawn event, got %d", len(spawnedTurns))
+ }
+ if spawnedTurns[0].parentID != "root-turn" {
+ t.Errorf("expected parent ID 'root-turn', got %s", spawnedTurns[0].parentID)
+ }
+ mu.Unlock()
+
+ // Verify root turn has the child in its childTurnIDs
+ rootTS.mu.Lock()
+ if len(rootTS.childTurnIDs) != 1 {
+ t.Errorf("expected root to have 1 child, got %d", len(rootTS.childTurnIDs))
+ }
+ rootTS.mu.Unlock()
+}
+
+// TestDeliverSubTurnResultNoDeadlock verifies that deliverSubTurnResult doesn't
+// deadlock when multiple goroutines are accessing the parent turnState concurrently.
+func TestDeliverSubTurnResultNoDeadlock(t *testing.T) {
+ parent := &turnState{
+ ctx: context.Background(),
+ turnID: "parent-deadlock-test",
+ depth: 0,
+ pendingResults: make(chan *tools.ToolResult, 2), // Small buffer to test blocking
+ }
+
+ // Simulate multiple child turns delivering results concurrently
+ var wg sync.WaitGroup
+ numChildren := 10
+
+ for i := 0; i < numChildren; i++ {
+ wg.Add(1)
+ go func(id int) {
+ defer wg.Done()
+ result := &tools.ToolResult{ForLLM: fmt.Sprintf("result-%d", id)}
+ deliverSubTurnResult(nil, parent, fmt.Sprintf("child-%d", id), result)
+ }(i)
+ }
+
+ // Concurrently read from the channel to prevent blocking
+ // and to actually retrieve the matched number of results
+ go func() {
+ for i := 0; i < numChildren; i++ {
+ select {
+ case <-parent.pendingResults:
+ case <-time.After(5 * time.Second):
+ t.Error("timeout waiting for result")
+ return
+ }
+ }
+ }()
+
+ // Wait for all deliveries to complete (with timeout)
+ done := make(chan struct{})
+ go func() {
+ wg.Wait()
+ close(done)
+ }()
+
+ select {
+ case <-done:
+ // Success - no deadlock
+ case <-time.After(3 * time.Second):
+ t.Fatal("deadlock detected: deliverSubTurnResult blocked")
+ }
+}
+
+// TestHardAbortOrderOfOperations verifies that HardAbort calls Finish() before
+// rolling back session history, minimizing the race window where new messages
+// could be added after rollback.
+func TestHardAbortOrderOfOperations(t *testing.T) {
+ al, _, _, provider, cleanup := newTestAgentLoop(t)
+ _ = provider
+ defer cleanup()
+
+ sess := &ephemeralSessionStore{
+ history: []providers.Message{
+ {Role: "user", Content: "initial message"},
+ {Role: "assistant", Content: "response 1"},
+ {Role: "user", Content: "follow-up"},
+ },
+ }
+
+ ctx, cancel := context.WithCancel(context.Background())
+ defer cancel()
+
+ rootTS := &turnState{
+ ctx: ctx,
+ cancelFunc: cancel,
+ turnID: "test-session-order",
+ depth: 0,
+ session: sess,
+ initialHistoryLength: 1, // Snapshot: 1 message
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, 5),
+ }
+
+ al.activeTurnStates.Store("test-session-order", rootTS)
+
+ // Trigger HardAbort
+ err := al.HardAbort("test-session-order")
+ if err != nil {
+ t.Fatalf("HardAbort failed: %v", err)
+ }
+
+ // Verify context was canceled (Finish() was called)
+ select {
+ case <-rootTS.ctx.Done():
+ // Good - context was canceled
+ default:
+ t.Error("expected context to be canceled after HardAbort")
+ }
+
+ // Verify history was rolled back
+ finalHistory := sess.GetHistory("")
+ if len(finalHistory) != 1 {
+ t.Errorf("expected history to rollback to 1 message, got %d", len(finalHistory))
+ }
+
+ if finalHistory[0].Content != "initial message" {
+ t.Error("history content does not match initial state after rollback")
+ }
+}
+
+// TestFinishedChannelClosedState verifies that Finish() closes the Finished() channel
+// so that child turns can safely abort waiting.
+func TestFinishedChannelClosedState(t *testing.T) {
+ ctx, cancel := context.WithCancel(context.Background())
+ defer cancel()
+
+ ts := &turnState{
+ ctx: ctx,
+ cancelFunc: cancel,
+ turnID: "test-finished-channel",
+ depth: 0,
+ pendingResults: make(chan *tools.ToolResult, 2),
+ }
+
+ // Verify Finished channel is blocking initially
+ select {
+ case <-ts.Finished():
+ t.Fatal("finished channel should block initially")
+ default:
+ // Good
+ }
+
+ // Call Finish() with graceful finish
+ ts.Finish(false)
+
+ // Verify Finished channel is closed
+ select {
+ case _, ok := <-ts.Finished():
+ if ok {
+ t.Error("expected Finished() channel to be closed after Finish()")
+ }
+ default:
+ t.Fatal("expected <-ts.Finished() to not block")
+ }
+
+ // Verify Finish() is idempotent
+ ts.Finish(false) // Should not panic
+
+ // Verify deliverSubTurnResult correctly uses Finished() channel and treats as orphan
+ result := &tools.ToolResult{ForLLM: "late result"}
+ deliverSubTurnResult(nil, ts, "child-1", result) // Will emit orphan due to <-ts.Finished() case
+}
+
+// TestFinalPollCapturesLateResults verifies that the final poll before Finish()
+// captures results that arrive after the last iteration poll.
+func TestFinalPollCapturesLateResults(t *testing.T) {
+ al, _, _, provider, cleanup := newTestAgentLoop(t)
+ _ = provider
+ defer cleanup()
+
+ sessionKey := "test-session-final-poll"
+
+ // Register a turnState
+ ts := &turnState{
+ ctx: context.Background(),
+ turnID: sessionKey,
+ depth: 0,
+ session: &ephemeralSessionStore{},
+ pendingResults: make(chan *tools.ToolResult, 4),
+ }
+ al.activeTurnStates.Store(sessionKey, ts)
+ defer al.activeTurnStates.Delete(sessionKey)
+
+ // Simulate results arriving after last iteration poll
+ ts.pendingResults <- &tools.ToolResult{ForLLM: "result 1"}
+ ts.pendingResults <- &tools.ToolResult{ForLLM: "result 2"}
+
+ // Dequeue should capture both results
+ results := al.dequeuePendingSubTurnResults(sessionKey)
+
+ if len(results) != 2 {
+ t.Errorf("expected 2 results, got %d", len(results))
+ }
+
+ // Verify channel is now empty
+ results = al.dequeuePendingSubTurnResults(sessionKey)
+ if len(results) != 0 {
+ t.Errorf("expected 0 results on second poll, got %d", len(results))
+ }
+}
+
+// TestSpawnSubTurn_PanicRecovery verifies that even if runTurn panics,
+// the result is still delivered for async calls and SubTurnEndEvent is emitted.
+func TestSpawnSubTurn_PanicRecovery(t *testing.T) {
+ // Create a panic provider
+ panicProvider := &panicMockProvider{}
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Workspace: t.TempDir(),
+ ModelName: "test-model",
+ MaxTokens: 4096,
+ MaxToolIterations: 10,
+ },
+ },
+ }
+ al := NewAgentLoop(cfg, bus.NewMessageBus(), panicProvider)
+
+ parent := &turnState{
+ ctx: context.Background(),
+ turnID: "parent-panic",
+ depth: 0,
+ pendingResults: make(chan *tools.ToolResult, 1),
+ session: &ephemeralSessionStore{},
+ }
+
+ collector, collectCleanup := newEventCollector(t, al)
+ defer collectCleanup()
+
+ // Test async call - result should still be delivered via channel
+ asyncCfg := SubTurnConfig{Model: "gpt-4o-mini", Tools: []tools.Tool{}, Async: true}
+ result, err := spawnSubTurn(context.Background(), al, parent, asyncCfg)
+
+ // Should return error from panic recovery
+ if err == nil {
+ t.Error("expected error from panic recovery")
+ }
+
+ // Result should be nil because panic occurred before runTurn could return
+ if result != nil {
+ t.Error("expected nil result after panic")
+ }
+
+ time.Sleep(10 * time.Millisecond) // let event goroutine flush
+ // SubTurnEndEvent should still be emitted
+ if !collector.hasEventOfKind(EventKindSubTurnEnd) {
+ t.Error("SubTurnEndEvent not emitted after panic")
+ }
+
+ // For async call, result should still be delivered to channel (even if nil)
+ select {
+ case res := <-parent.pendingResults:
+ // Result was delivered (nil due to panic)
+ _ = res
+ default:
+ t.Error("async result should be delivered to channel even after panic")
+ }
+}
+
+// panicMockProvider is a mock provider that always panics
+type panicMockProvider struct{}
+
+func (m *panicMockProvider) Chat(
+ ctx context.Context,
+ messages []providers.Message,
+ tools []providers.ToolDefinition,
+ model string,
+ opts map[string]any,
+) (*providers.LLMResponse, error) {
+ panic("intentional panic for testing")
+}
+
+func (m *panicMockProvider) GetDefaultModel() string {
+ return "panic-model"
+}
+
+// ====================== Public API Tests ======================
+
+// simpleMockProviderAPI for testing public APIs
+type simpleMockProviderAPI struct {
+ response string
+}
+
+func (m *simpleMockProviderAPI) Chat(
+ ctx context.Context,
+ messages []providers.Message,
+ toolDefs []providers.ToolDefinition,
+ model string,
+ options map[string]any,
+) (*providers.LLMResponse, error) {
+ return &providers.LLMResponse{
+ Content: m.response,
+ }, nil
+}
+
+func (m *simpleMockProviderAPI) GetDefaultModel() string {
+ return "gpt-4o-mini"
+}
+
+// TestGetActiveTurn verifies that GetActiveTurn returns correct turn information
+func TestGetActiveTurn(t *testing.T) {
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ ModelName: "gpt-4o-mini",
+ Provider: "mock",
+ },
+ },
+ }
+ al := NewAgentLoop(cfg, nil, &simpleMockProviderAPI{response: "ok"})
+
+ // Create a root turn state
+ rootCtx := context.Background()
+ rootTS := &turnState{
+ ctx: rootCtx,
+ turnID: "root-turn",
+ parentTurnID: "",
+ depth: 0,
+ childTurnIDs: []string{},
+ session: newEphemeralSession(nil),
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, testMaxConcurrentSubTurns),
+ }
+
+ sessionKey := "test-session"
+ al.activeTurnStates.Store(sessionKey, rootTS)
+ defer al.activeTurnStates.Delete(sessionKey)
+
+ // Test: GetActiveTurn should return turn info
+ info := al.GetActiveTurnBySession(sessionKey)
+ if info == nil {
+ t.Fatal("GetActiveTurn returned nil for active session")
+ }
+
+ if info.TurnID != "root-turn" {
+ t.Errorf("Expected TurnID 'root-turn', got %q", info.TurnID)
+ }
+
+ if info.Depth != 0 {
+ t.Errorf("Expected Depth 0, got %d", info.Depth)
+ }
+
+ if info.ParentTurnID != "" {
+ t.Errorf("Expected empty ParentTurnID, got %q", info.ParentTurnID)
+ }
+
+ if len(info.ChildTurnIDs) != 0 {
+ t.Errorf("Expected 0 child turns, got %d", len(info.ChildTurnIDs))
+ }
+
+ // Test: GetActiveTurn should return nil for non-existent session
+ nonExistentInfo := al.GetActiveTurnBySession("non-existent-session")
+ if nonExistentInfo != nil {
+ t.Error("GetActiveTurn should return nil for non-existent session")
+ }
+}
+
+// TestGetActiveTurn_WithChildren verifies that child turn IDs are correctly reported
+func TestGetActiveTurn_WithChildren(t *testing.T) {
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ ModelName: "gpt-4o-mini",
+ Provider: "mock",
+ },
+ },
+ }
+ al := NewAgentLoop(cfg, nil, &simpleMockProviderAPI{response: "ok"})
+
+ rootCtx := context.Background()
+ rootTS := &turnState{
+ ctx: rootCtx,
+ turnID: "root-turn",
+ parentTurnID: "",
+ depth: 0,
+ childTurnIDs: []string{"child-1", "child-2"},
+ session: newEphemeralSession(nil),
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, testMaxConcurrentSubTurns),
+ }
+
+ sessionKey := "test-session-with-children"
+ al.activeTurnStates.Store(sessionKey, rootTS)
+ defer al.activeTurnStates.Delete(sessionKey)
+
+ info := al.GetActiveTurnBySession(sessionKey)
+ if info == nil {
+ t.Fatal("GetActiveTurn returned nil")
+ }
+
+ if len(info.ChildTurnIDs) != 2 {
+ t.Fatalf("Expected 2 child turns, got %d", len(info.ChildTurnIDs))
+ }
+
+ if info.ChildTurnIDs[0] != "child-1" || info.ChildTurnIDs[1] != "child-2" {
+ t.Errorf("Child turn IDs mismatch: got %v", info.ChildTurnIDs)
+ }
+}
+
+// TestTurnStateInfo_ThreadSafety verifies that Info() is thread-safe
+func TestTurnStateInfo_ThreadSafety(t *testing.T) {
+ rootCtx := context.Background()
+ ts := &turnState{
+ ctx: rootCtx,
+ turnID: "test-turn",
+ parentTurnID: "parent",
+ depth: 1,
+ childTurnIDs: []string{},
+ session: newEphemeralSession(nil),
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, testMaxConcurrentSubTurns),
+ }
+
+ // Concurrently read Info() and modify childTurnIDs
+ done := make(chan bool)
+ go func() {
+ for i := 0; i < 100; i++ {
+ ts.mu.Lock()
+ ts.childTurnIDs = append(ts.childTurnIDs, "child")
+ ts.mu.Unlock()
+ }
+ done <- true
+ }()
+
+ go func() {
+ for i := 0; i < 100; i++ {
+ info := ts.snapshot()
+ if info.TurnID == "" {
+ t.Error("snapshot() returned empty TurnID")
+ }
+ }
+ done <- true
+ }()
+
+ <-done
+ <-done
+}
+
+// TestInjectFollowUp verifies that InjectFollowUp enqueues messages
+func TestInjectFollowUp(t *testing.T) {
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ ModelName: "gpt-4o-mini",
+ Provider: "mock",
+ },
+ },
+ }
+
+ al := NewAgentLoop(cfg, nil, &simpleMockProviderAPI{response: "ok"})
+
+ msg := providers.Message{
+ Role: "user",
+ Content: "Follow-up task",
+ }
+
+ err := al.InjectFollowUp(msg)
+ if err != nil {
+ t.Fatalf("InjectFollowUp failed: %v", err)
+ }
+
+ // Verify message was enqueued
+ if al.steering.len() != 1 {
+ t.Errorf("Expected 1 message in queue, got %d", al.steering.len())
+ }
+}
+
+// TestAPIAliases verifies that API aliases work correctly
+func TestAPIAliases(t *testing.T) {
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ ModelName: "gpt-4o-mini",
+ Provider: "mock",
+ },
+ },
+ }
+
+ al := NewAgentLoop(cfg, nil, &simpleMockProviderAPI{response: "ok"})
+
+ msg := providers.Message{
+ Role: "user",
+ Content: "Test message",
+ }
+
+ // Test InterruptGraceful: requires active turn, so error is expected here
+ _ = al.InterruptGraceful(msg.Content)
+
+ // Test InjectSteering (enqueues a steering message)
+ err := al.InjectSteering(msg)
+ if err != nil {
+ t.Errorf("InjectSteering failed: %v", err)
+ }
+
+ // Also enqueue via Steer to verify second message
+ err = al.Steer(msg)
+ if err != nil {
+ t.Errorf("Steer failed: %v", err)
+ }
+
+ // Verify both messages were enqueued
+ if al.steering.len() != 2 {
+ t.Errorf("Expected 2 messages in queue, got %d", al.steering.len())
+ }
+}
+
+// TestInterruptHard_Alias verifies that InterruptHard is an alias for HardAbort
+func TestInterruptHard_Alias(t *testing.T) {
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ ModelName: "gpt-4o-mini",
+ Provider: "mock",
+ },
+ },
+ }
+ al := NewAgentLoop(cfg, nil, &simpleMockProviderAPI{response: "ok"})
+
+ rootCtx := context.Background()
+ rootTS := &turnState{
+ ctx: rootCtx,
+ turnID: "test-turn",
+ depth: 0,
+ session: newEphemeralSession(nil),
+ initialHistoryLength: 0,
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, testMaxConcurrentSubTurns),
+ }
+
+ sessionKey := "test-session-interrupt"
+ al.activeTurnStates.Store(sessionKey, rootTS)
+
+ // Test InterruptHard (alias for HardAbort)
+ err := al.InterruptHard()
+ if err != nil {
+ t.Errorf("InterruptHard failed: %v", err)
+ }
+
+ // Verify turn was finished (removed from activeTurnStates)
+ info := al.GetActiveTurnBySession(sessionKey)
+ _ = info // turn may still be in map briefly; hard abort sets isFinished on the state
+}
+
+// TestFinish_ConcurrentCalls verifies that calling Finish() concurrently from multiple
+// goroutines is safe and doesn't cause panics or double-close errors.
+func TestFinish_ConcurrentCalls(t *testing.T) {
+ ctx := context.Background()
+ parentTS := &turnState{
+ ctx: ctx,
+ turnID: "parent-concurrent-finish",
+ depth: 0,
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, testMaxConcurrentSubTurns),
+ }
+ parentTS.ctx, parentTS.cancelFunc = context.WithCancel(ctx)
+
+ // Launch multiple goroutines that all call Finish() concurrently
+ const numGoroutines = 10
+ var wg sync.WaitGroup
+ wg.Add(numGoroutines)
+
+ for i := 0; i < numGoroutines; i++ {
+ go func() {
+ defer wg.Done()
+ // This should not panic, even when called concurrently
+ parentTS.Finish(false)
+ }()
+ }
+
+ wg.Wait()
+
+ // Verify the Finished() channel is closed
+ select {
+ case _, ok := <-parentTS.Finished():
+ if ok {
+ t.Error("Expected Finished() channel to be closed")
+ }
+ default:
+ t.Error("Expected Finished() channel to be closed and readable without blocking")
+ }
+
+ // Verify isFinished is set
+ parentTS.mu.Lock()
+ if !parentTS.isFinished.Load() {
+ t.Error("Expected isFinished to be true")
+ }
+ parentTS.mu.Unlock()
+}
+
+// TestDeliverSubTurnResult_RaceWithFinish verifies that deliverSubTurnResult handles
+// the race condition where Finish() is called while results are being delivered.
+func TestDeliverSubTurnResult_RaceWithFinish(t *testing.T) {
+ al, _, _, _, cleanup := newTestAgentLoop(t) //nolint:dogsled
+ defer cleanup()
+
+ // Collect events via real EventBus
+ var mu sync.Mutex
+ var deliveredCount, orphanCount int
+ sub := al.SubscribeEvents(64)
+ defer al.UnsubscribeEvents(sub.ID)
+ go func() {
+ for evt := range sub.C {
+ mu.Lock()
+ switch evt.Kind {
+ case EventKindSubTurnResultDelivered:
+ deliveredCount++
+ case EventKindSubTurnOrphan:
+ orphanCount++
+ }
+ mu.Unlock()
+ }
+ }()
+
+ ctx := context.Background()
+ parentTS := &turnState{
+ ctx: ctx,
+ turnID: "parent-race-test",
+ depth: 0,
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, testMaxConcurrentSubTurns),
+ }
+ parentTS.ctx, parentTS.cancelFunc = context.WithCancel(ctx)
+
+ // Launch goroutines that deliver results while another goroutine calls Finish()
+ const numResults = 20
+ var wg sync.WaitGroup
+ wg.Add(numResults + 1)
+
+ // Goroutine that calls Finish() after a short delay
+ go func() {
+ defer wg.Done()
+ time.Sleep(5 * time.Millisecond)
+ parentTS.Finish(false)
+ }()
+
+ // Goroutines that deliver results
+ for i := 0; i < numResults; i++ {
+ go func(id int) {
+ defer wg.Done()
+ result := &tools.ToolResult{
+ ForLLM: fmt.Sprintf("result-%d", id),
+ }
+ // This should not panic, even if Finish() is called concurrently
+ deliverSubTurnResult(al, parentTS, fmt.Sprintf("child-%d", id), result)
+ }(i)
+ }
+
+ wg.Wait()
+ time.Sleep(20 * time.Millisecond) // let event goroutine flush
+
+ // Get final counts
+ mu.Lock()
+ finalDelivered := deliveredCount
+ finalOrphan := orphanCount
+ mu.Unlock()
+
+ t.Logf("Delivered: %d, Orphan: %d, Total: %d", finalDelivered, finalOrphan, finalDelivered+finalOrphan)
+
+ // With the new drainPendingResults behavior, the total events may be >= numResults
+ // because Finish() drains remaining results from the channel and emits them as orphans.
+ // So we expect:
+ // - Some results were delivered successfully (before Finish())
+ // - Some results became orphans (after Finish() or channel full)
+ // - Some results were in the channel when Finish() was called and got drained as orphans
+ // The total should be at least numResults (could be more due to drain)
+ if finalDelivered+finalOrphan < numResults {
+ t.Errorf("Expected at least %d total events, got %d delivered + %d orphan = %d",
+ numResults, finalDelivered, finalOrphan, finalDelivered+finalOrphan)
+ }
+
+ // Should have at least some orphan results (those that arrived after Finish() or were drained)
+ if finalOrphan == 0 {
+ t.Error("Expected at least some orphan results after Finish()")
+ }
+}
+
+// TestConcurrencySemaphore_Timeout verifies that spawning sub-turns times out
+// when all concurrency slots are occupied for too long.
+// Note: This test uses a shorter timeout by temporarily modifying the constant.
+func TestConcurrencySemaphore_Timeout(t *testing.T) {
+ // This test would take 30 seconds with the default timeout.
+ // Instead, we'll test the mechanism by verifying the timeout context is created correctly.
+ // A full integration test with actual timeout would be too slow for unit tests.
+
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Provider: "mock",
+ },
+ },
+ }
+ msgBus := bus.NewMessageBus()
+ provider := &simpleMockProviderAPI{}
+ al := NewAgentLoop(cfg, msgBus, provider)
+
+ ctx := context.Background()
+ parentTS := &turnState{
+ ctx: ctx,
+ turnID: "parent-timeout-test",
+ depth: 0,
+ session: newEphemeralSession(nil),
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, testMaxConcurrentSubTurns),
+ }
+ parentTS.ctx, parentTS.cancelFunc = context.WithCancel(ctx)
+ defer parentTS.Finish(false)
+
+ // Fill all concurrency slots
+ for i := 0; i < testMaxConcurrentSubTurns; i++ {
+ parentTS.concurrencySem <- struct{}{}
+ }
+
+ // Create a context with a very short timeout for testing
+ testCtx, cancel := context.WithTimeout(ctx, 100*time.Millisecond)
+ defer cancel()
+
+ // Now try to spawn a sub-turn with the short timeout context
+ subTurnCfg := SubTurnConfig{
+ Model: "gpt-4o-mini",
+ Async: false,
+ }
+
+ start := time.Now()
+ _, err := spawnSubTurn(testCtx, al, parentTS, subTurnCfg)
+ elapsed := time.Since(start)
+
+ // Should get a timeout error (either from our timeout context or the internal one)
+ if err == nil {
+ t.Error("Expected timeout error, got nil")
+ }
+
+ // The error should be related to context cancellation or timeout
+ if !errors.Is(err, context.DeadlineExceeded) && !errors.Is(err, ErrConcurrencyTimeout) {
+ t.Logf("Got error: %v (type: %T)", err, err)
+ // This is acceptable - the error might be wrapped
+ }
+
+ // Should timeout quickly (within a reasonable margin)
+ if elapsed > 2*time.Second {
+ t.Errorf("Timeout took too long: %v", elapsed)
+ }
+
+ t.Logf("Timeout occurred after %v with error: %v", elapsed, err)
+
+ // Clean up - drain the semaphore
+ for i := 0; i < testMaxConcurrentSubTurns; i++ {
+ <-parentTS.concurrencySem
+ }
+}
+
+// TestEphemeralSession_AutoTruncate verifies that ephemeral sessions automatically
+// truncate their history to prevent memory accumulation.
+func TestEphemeralSession_AutoTruncate(t *testing.T) {
+ store := newEphemeralSession(nil).(*ephemeralSessionStore)
+
+ // Add more messages than the limit
+ for i := 0; i < maxEphemeralHistorySize+20; i++ {
+ store.AddMessage("test", "user", fmt.Sprintf("message-%d", i))
+ }
+
+ // Verify history is truncated to the limit
+ history := store.GetHistory("test")
+ if len(history) != maxEphemeralHistorySize {
+ t.Errorf("Expected history length %d, got %d", maxEphemeralHistorySize, len(history))
+ }
+
+ // Verify we kept the most recent messages
+ lastMsg := history[len(history)-1]
+ expectedContent := fmt.Sprintf("message-%d", maxEphemeralHistorySize+20-1)
+ if lastMsg.Content != expectedContent {
+ t.Errorf("Expected last message to be %q, got %q", expectedContent, lastMsg.Content)
+ }
+
+ // Verify the oldest messages were discarded
+ firstMsg := history[0]
+ expectedFirstContent := fmt.Sprintf("message-%d", 20) // First 20 were discarded
+ if firstMsg.Content != expectedFirstContent {
+ t.Errorf("Expected first message to be %q, got %q", expectedFirstContent, firstMsg.Content)
+ }
+}
+
+// TestContextWrapping_SingleLayer verifies that we only create one context layer
+// in spawnSubTurn, not multiple redundant layers.
+func TestContextWrapping_SingleLayer(t *testing.T) {
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Provider: "mock",
+ },
+ },
+ }
+ msgBus := bus.NewMessageBus()
+ provider := &simpleMockProviderAPI{}
+ al := NewAgentLoop(cfg, msgBus, provider)
+
+ ctx := context.Background()
+ parentTS := &turnState{
+ ctx: ctx,
+ turnID: "parent-context-test",
+ depth: 0,
+ session: newEphemeralSession(nil),
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, testMaxConcurrentSubTurns),
+ }
+ parentTS.ctx, parentTS.cancelFunc = context.WithCancel(ctx)
+ defer parentTS.Finish(false)
+
+ // Spawn a sub-turn
+ subTurnCfg := SubTurnConfig{
+ Model: "gpt-4o-mini",
+ Async: false,
+ }
+
+ result, err := spawnSubTurn(ctx, al, parentTS, subTurnCfg)
+ if err != nil {
+ t.Fatalf("spawnSubTurn failed: %v", err)
+ }
+
+ if result == nil {
+ t.Error("Expected non-nil result")
+ }
+
+ // Verify the child turn was created with a cancel function
+ // (This is implicit - if the test passes without hanging, the context management is correct)
+ t.Log("Context wrapping test passed - no redundant layers detected")
+}
+
+// TestSyncSubTurn_NoChannelDelivery verifies that synchronous sub-turns
+// do NOT deliver results to the pendingResults channel (only return directly).
+func TestSyncSubTurn_NoChannelDelivery(t *testing.T) {
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Provider: "mock",
+ },
+ },
+ }
+ msgBus := bus.NewMessageBus()
+ provider := &simpleMockProviderAPI{}
+ al := NewAgentLoop(cfg, msgBus, provider)
+
+ ctx := context.Background()
+ parentTS := &turnState{
+ ctx: ctx,
+ turnID: "parent-sync-test",
+ depth: 0,
+ session: newEphemeralSession(nil),
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, testMaxConcurrentSubTurns),
+ }
+ parentTS.ctx, parentTS.cancelFunc = context.WithCancel(ctx)
+ defer parentTS.Finish(false)
+
+ // Spawn a SYNCHRONOUS sub-turn (Async=false)
+ subTurnCfg := SubTurnConfig{
+ Model: "gpt-4o-mini",
+ Async: false, // Synchronous - should NOT deliver to channel
+ }
+
+ result, err := spawnSubTurn(ctx, al, parentTS, subTurnCfg)
+ if err != nil {
+ t.Fatalf("spawnSubTurn failed: %v", err)
+ }
+
+ if result == nil {
+ t.Error("Expected non-nil result from synchronous sub-turn")
+ }
+
+ // Verify the pendingResults channel is EMPTY
+ // (synchronous sub-turns should not deliver to channel)
+ select {
+ case r := <-parentTS.pendingResults:
+ t.Errorf("Expected empty channel for sync sub-turn, but got result: %v", r)
+ default:
+ // Expected: channel is empty
+ t.Log("Verified: synchronous sub-turn did not deliver to channel")
+ }
+
+ // Verify channel length is 0
+ if len(parentTS.pendingResults) != 0 {
+ t.Errorf("Expected channel length 0, got %d", len(parentTS.pendingResults))
+ }
+}
+
+// TestAsyncSubTurn_ChannelDelivery verifies that asynchronous sub-turns
+// DO deliver results to the pendingResults channel.
+func TestAsyncSubTurn_ChannelDelivery(t *testing.T) {
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Provider: "mock",
+ },
+ },
+ }
+ msgBus := bus.NewMessageBus()
+ provider := &simpleMockProviderAPI{}
+ al := NewAgentLoop(cfg, msgBus, provider)
+
+ ctx := context.Background()
+ parentTS := &turnState{
+ ctx: ctx,
+ turnID: "parent-async-test",
+ depth: 0,
+ session: newEphemeralSession(nil),
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, testMaxConcurrentSubTurns),
+ }
+ parentTS.ctx, parentTS.cancelFunc = context.WithCancel(ctx)
+ defer parentTS.Finish(false)
+
+ // Spawn an ASYNCHRONOUS sub-turn (Async=true)
+ subTurnCfg := SubTurnConfig{
+ Model: "gpt-4o-mini",
+ Async: true, // Asynchronous - SHOULD deliver to channel
+ }
+
+ result, err := spawnSubTurn(ctx, al, parentTS, subTurnCfg)
+ if err != nil {
+ t.Fatalf("spawnSubTurn failed: %v", err)
+ }
+
+ if result == nil {
+ t.Error("Expected non-nil result from asynchronous sub-turn")
+ }
+
+ // Verify the pendingResults channel has the result
+ select {
+ case r := <-parentTS.pendingResults:
+ if r == nil {
+ t.Error("Expected non-nil result from channel")
+ }
+ t.Log("Verified: asynchronous sub-turn delivered to channel")
+ case <-time.After(100 * time.Millisecond):
+ t.Error("Expected result in channel for async sub-turn, but channel was empty")
+ }
+}
+
+// TestGrandchildAbort_CascadingCancellation verifies that when a grandparent turn
+// is hard aborted, the cancellation cascades down to grandchild turns.
+func TestGrandchildAbort_CascadingCancellation(t *testing.T) {
+ al, _, _, provider, cleanup := newTestAgentLoop(t)
+ _ = provider
+ defer cleanup()
+
+ // Three independent contexts — none derived from another.
+ // Cascade must happen exclusively through childTurnIDs traversal in Finish(true).
+ gpCtx, gpCancel := context.WithCancel(context.Background())
+ parentCtx, parentCancel := context.WithCancel(context.Background())
+ childCtx, childCancel := context.WithCancel(context.Background())
+
+ childTS := &turnState{
+ ctx: childCtx,
+ cancelFunc: childCancel,
+ turnID: "grandchild",
+ al: al,
+ }
+ parentTS := &turnState{
+ ctx: parentCtx,
+ cancelFunc: parentCancel,
+ turnID: "parent",
+ childTurnIDs: []string{"grandchild"},
+ al: al,
+ }
+ grandparentTS := &turnState{
+ ctx: gpCtx,
+ cancelFunc: gpCancel,
+ turnID: "grandparent",
+ depth: 0,
+ session: newEphemeralSession(nil),
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, testMaxConcurrentSubTurns),
+ childTurnIDs: []string{"parent"},
+ al: al,
+ }
+
+ al.activeTurnStates.Store("grandparent", grandparentTS)
+ al.activeTurnStates.Store("parent", parentTS)
+ al.activeTurnStates.Store("grandchild", childTS)
+ defer al.activeTurnStates.Delete("grandparent")
+ defer al.activeTurnStates.Delete("parent")
+ defer al.activeTurnStates.Delete("grandchild")
+
+ // All contexts must be active before the abort
+ for _, ctx := range []context.Context{gpCtx, parentCtx, childCtx} {
+ select {
+ case <-ctx.Done():
+ t.Fatal("context should not be canceled yet")
+ default:
+ }
+ }
+
+ // Hard abort the grandparent — should cascade to parent and grandchild
+ grandparentTS.Finish(true)
+
+ time.Sleep(10 * time.Millisecond)
+
+ select {
+ case <-gpCtx.Done():
+ t.Log("Grandparent context canceled (expected)")
+ default:
+ t.Error("Grandparent context should be canceled")
+ }
+ select {
+ case <-parentCtx.Done():
+ t.Log("Parent context canceled via cascade (expected)")
+ default:
+ t.Error("Parent context should be canceled via childTurnIDs cascade")
+ }
+ select {
+ case <-childCtx.Done():
+ t.Log("Grandchild context canceled via cascade (expected)")
+ default:
+ t.Error("Grandchild context should be canceled via childTurnIDs cascade")
+ }
+}
+
+// TestSpawnDuringAbort_RaceCondition verifies behavior when trying to spawn
+// a sub-turn while the parent is being aborted.
+func TestSpawnDuringAbort_RaceCondition(t *testing.T) {
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Provider: "mock",
+ },
+ },
+ }
+ msgBus := bus.NewMessageBus()
+ provider := &simpleMockProviderAPI{}
+ al := NewAgentLoop(cfg, msgBus, provider)
+
+ ctx := context.Background()
+ parentTS := &turnState{
+ ctx: ctx,
+ turnID: "parent-abort-race",
+ depth: 0,
+ session: newEphemeralSession(nil),
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, testMaxConcurrentSubTurns),
+ }
+ parentTS.ctx, parentTS.cancelFunc = context.WithCancel(ctx)
+
+ var wg sync.WaitGroup
+ wg.Add(2)
+
+ var spawnErr error
+
+ // Goroutine 1: Try to spawn a sub-turn
+ go func() {
+ defer wg.Done()
+ subTurnCfg := SubTurnConfig{
+ Model: "gpt-4o-mini",
+ Async: false,
+ }
+ _, err := spawnSubTurn(parentTS.ctx, al, parentTS, subTurnCfg)
+ spawnErr = err
+ }()
+
+ // Goroutine 2: Abort the parent almost immediately
+ go func() {
+ defer wg.Done()
+ time.Sleep(1 * time.Millisecond)
+ parentTS.Finish(false)
+ }()
+
+ wg.Wait()
+
+ // The spawn should either succeed (if it started before abort)
+ // or fail with context canceled error (if abort happened first)
+ if spawnErr != nil {
+ if errors.Is(spawnErr, context.Canceled) {
+ t.Logf("Spawn failed with expected context cancellation: %v", spawnErr)
+ } else {
+ t.Logf("Spawn failed with error: %v", spawnErr)
+ }
+ } else {
+ t.Log("Spawn succeeded before abort")
+ }
+
+ // The important thing is that it doesn't panic or deadlock
+ t.Log("Race condition handled gracefully - no panic or deadlock")
+}
+
+// ====================== Slow SubTurn Cancellation Test ======================
+
+// slowMockProvider simulates a slow LLM call that takes a long time to complete.
+// This is used to test the scenario where a parent turn finishes before the child SubTurn.
+type slowMockProvider struct {
+ delay time.Duration
+}
+
+func (m *slowMockProvider) Chat(
+ ctx context.Context,
+ messages []providers.Message,
+ toolDefs []providers.ToolDefinition,
+ model string,
+ options map[string]any,
+) (*providers.LLMResponse, error) {
+ select {
+ case <-time.After(m.delay):
+ // Completed normally after delay
+ return &providers.LLMResponse{
+ Content: "slow response completed",
+ }, nil
+ case <-ctx.Done():
+ // Context was canceled while waiting
+ return nil, ctx.Err()
+ }
+}
+
+func (m *slowMockProvider) GetDefaultModel() string {
+ return "slow-model"
+}
+
+// TestAsyncSubTurn_ParentFinishesEarly simulates the scenario where:
+// 1. Parent spawns an async SubTurn that takes a long time
+// 2. Parent finishes quickly
+// 3. SubTurn should be canceled with context canceled error
+func TestAsyncSubTurn_ParentFinishesEarly(t *testing.T) {
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Provider: "mock",
+ },
+ },
+ }
+ msgBus := bus.NewMessageBus()
+ provider := &slowMockProvider{delay: 5 * time.Second} // SubTurn takes 5 seconds
+ al := NewAgentLoop(cfg, msgBus, provider)
+
+ // Capture events via real EventBus
+ var mu sync.Mutex
+ var events []Event
+ sub := al.SubscribeEvents(32)
+ defer al.UnsubscribeEvents(sub.ID)
+ go func() {
+ for evt := range sub.C {
+ mu.Lock()
+ events = append(events, evt)
+ mu.Unlock()
+ }
+ }()
+
+ ctx := context.Background()
+ parentTS := &turnState{
+ ctx: ctx,
+ turnID: "parent-fast",
+ depth: 0,
+ session: newEphemeralSession(nil),
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, testMaxConcurrentSubTurns),
+ }
+ parentTS.ctx, parentTS.cancelFunc = context.WithCancel(ctx)
+
+ var subTurnErr error
+ var subTurnResult *tools.ToolResult
+ var wg sync.WaitGroup
+
+ // Spawn async SubTurn in a goroutine (it will be slow)
+ wg.Add(1)
+ go func() {
+ defer wg.Done()
+ subTurnCfg := SubTurnConfig{
+ Model: "slow-model",
+ Async: true, // Asynchronous SubTurn
+ }
+ subTurnResult, subTurnErr = spawnSubTurn(parentTS.ctx, al, parentTS, subTurnCfg)
+ }()
+
+ // Parent finishes quickly (after 100ms), while SubTurn is still running
+ time.Sleep(100 * time.Millisecond)
+ t.Log("Parent finishing early...")
+ parentTS.Finish(false)
+
+ // Wait for SubTurn to complete (or be canceled)
+ wg.Wait()
+
+ // Check the result
+ t.Logf("SubTurn error: %v", subTurnErr)
+ t.Logf("SubTurn result: %v", subTurnResult)
+
+ if subTurnErr != nil {
+ if errors.Is(subTurnErr, context.Canceled) {
+ t.Log("✓ SubTurn was canceled as expected (context canceled)")
+ } else {
+ t.Logf("SubTurn failed with other error: %v", subTurnErr)
+ }
+ } else {
+ t.Log("SubTurn completed before parent finished (unlikely but possible)")
+ }
+
+ // Log captured events
+ mu.Lock()
+ t.Logf("Captured %d events:", len(events))
+ for i, e := range events {
+ t.Logf(" Event %d: %s", i+1, e.Kind)
+ }
+ mu.Unlock()
+}
+
+// TestAsyncSubTurn_ParentWaitsForChild simulates the scenario where:
+// 1. Parent spawns an async SubTurn that takes some time
+// 2. Parent WAITS for SubTurn to complete before finishing
+// 3. Both should complete successfully
+func TestAsyncSubTurn_ParentWaitsForChild(t *testing.T) {
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Provider: "mock",
+ },
+ },
+ }
+ msgBus := bus.NewMessageBus()
+ provider := &slowMockProvider{delay: 200 * time.Millisecond} // SubTurn takes 200ms
+ al := NewAgentLoop(cfg, msgBus, provider)
+
+ ctx := context.Background()
+ parentTS := &turnState{
+ ctx: ctx,
+ turnID: "parent-wait",
+ depth: 0,
+ session: newEphemeralSession(nil),
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, testMaxConcurrentSubTurns),
+ }
+ parentTS.ctx, parentTS.cancelFunc = context.WithCancel(ctx)
+
+ var subTurnErr error
+ var subTurnResult *tools.ToolResult
+ var wg sync.WaitGroup
+
+ // Spawn async SubTurn in a goroutine
+ wg.Add(1)
+ go func() {
+ defer wg.Done()
+ subTurnCfg := SubTurnConfig{
+ Model: "slow-model",
+ Async: true,
+ }
+ subTurnResult, subTurnErr = spawnSubTurn(parentTS.ctx, al, parentTS, subTurnCfg)
+ }()
+
+ // Parent WAITS for SubTurn to complete
+ t.Log("Parent waiting for SubTurn...")
+ wg.Wait()
+ t.Log("SubTurn completed, parent now finishing")
+
+ // Now parent can finish safely
+ parentTS.Finish(false)
+
+ // Check the result
+ if subTurnErr != nil {
+ if errors.Is(subTurnErr, context.Canceled) {
+ t.Errorf("SubTurn should NOT have been canceled: %v", subTurnErr)
+ } else {
+ t.Logf("SubTurn failed with error: %v", subTurnErr)
+ }
+ } else {
+ t.Log("✓ SubTurn completed successfully")
+ if subTurnResult != nil {
+ t.Logf("SubTurn result: %s", subTurnResult.ForLLM)
+ }
+ }
+
+ // Check channel delivery
+ select {
+ case r := <-parentTS.pendingResults:
+ if r != nil {
+ t.Logf("✓ Result delivered to channel: %s", r.ForLLM)
+ }
+ case <-time.After(100 * time.Millisecond):
+ t.Log("No result in channel (expected since we waited)")
+ }
+}
+
+// ====================== Graceful vs Hard Finish Tests ======================
+
+// TestFinish_GracefulVsHard verifies the behavior difference between:
+// - Finish(false): graceful finish, signals parentEnded but doesn't cancel children
+// - Finish(true): hard abort, immediately cancels all children
+func TestFinish_GracefulVsHard(t *testing.T) {
+ // Test 1: Graceful finish should set parentEnded but not cancel context
+ t.Run("Graceful_SetsParentEnded", func(t *testing.T) {
+ ctx, cancel := context.WithCancel(context.Background())
+ defer cancel()
+
+ ts := &turnState{
+ ctx: ctx,
+ turnID: "graceful-test",
+ depth: 0,
+ pendingResults: make(chan *tools.ToolResult, 16),
+ }
+ ts.ctx, ts.cancelFunc = context.WithCancel(ctx)
+
+ // Finish gracefully
+ ts.Finish(false)
+
+ // Verify parentEnded is set
+ if !ts.parentEnded.Load() {
+ t.Error("parentEnded should be true after graceful finish")
+ }
+
+ // Verify context is NOT canceled (for graceful finish, children continue)
+ // Note: In graceful mode, we don't call cancelFunc()
+ // But since we're using WithCancel on the same ctx, it might be canceled
+ // Let's check that the context is still valid for a moment
+ time.Sleep(10 * time.Millisecond)
+ // Context might be canceled by the deferred cancel() in test, which is fine
+ })
+
+ // Test 2: Hard abort should cancel context immediately
+ t.Run("Hard_CancelsContext", func(t *testing.T) {
+ ctx := context.Background()
+
+ ts := &turnState{
+ ctx: ctx,
+ turnID: "hard-test",
+ depth: 0,
+ pendingResults: make(chan *tools.ToolResult, 16),
+ }
+ ts.ctx, ts.cancelFunc = context.WithCancel(ctx)
+
+ // Finish with hard abort
+ ts.Finish(true)
+
+ // Verify context is canceled
+ select {
+ case <-ts.ctx.Done():
+ t.Log("✓ Context canceled after hard abort")
+ default:
+ t.Error("Context should be canceled after hard abort")
+ }
+ })
+
+ // Test 3: IsParentEnded returns correct value
+ t.Run("IsParentEnded", func(t *testing.T) {
+ ctx := context.Background()
+
+ parentTS := &turnState{
+ ctx: ctx,
+ turnID: "parent-isended-test",
+ depth: 0,
+ pendingResults: make(chan *tools.ToolResult, 16),
+ }
+ parentTS.ctx, parentTS.cancelFunc = context.WithCancel(ctx)
+
+ childTS := &turnState{
+ ctx: ctx,
+ turnID: "child-isended-test",
+ depth: 1,
+ parentTurnState: parentTS,
+ pendingResults: make(chan *tools.ToolResult, 16),
+ }
+
+ // Before parent finishes
+ if childTS.IsParentEnded() {
+ t.Error("IsParentEnded should be false before parent finishes")
+ }
+
+ // Finish parent gracefully
+ parentTS.Finish(false)
+
+ // After parent finishes
+ if !childTS.IsParentEnded() {
+ t.Error("IsParentEnded should be true after parent finishes gracefully")
+ }
+ })
+}
+
+// TestSubTurn_IndependentContext verifies that SubTurns use independent contexts
+// that don't get canceled when the parent finishes gracefully.
+func TestSubTurn_IndependentContext(t *testing.T) {
+ cfg := &config.Config{
+ Agents: config.AgentsConfig{
+ Defaults: config.AgentDefaults{
+ Provider: "mock",
+ },
+ },
+ }
+ msgBus := bus.NewMessageBus()
+ provider := &slowMockProvider{delay: 500 * time.Millisecond}
+ al := NewAgentLoop(cfg, msgBus, provider)
+
+ ctx := context.Background()
+ parentTS := &turnState{
+ ctx: ctx,
+ turnID: "parent-independent",
+ depth: 0,
+ session: newEphemeralSession(nil),
+ pendingResults: make(chan *tools.ToolResult, 16),
+ concurrencySem: make(chan struct{}, testMaxConcurrentSubTurns),
+ }
+ parentTS.ctx, parentTS.cancelFunc = context.WithCancel(ctx)
+
+ var subTurnErr error
+ var wg sync.WaitGroup
+
+ // Spawn SubTurn with Critical=true (should continue after parent finishes)
+ wg.Add(1)
+ go func() {
+ defer wg.Done()
+ subTurnCfg := SubTurnConfig{
+ Model: "slow-model",
+ Async: true,
+ Critical: true, // Critical SubTurn should continue
+ }
+ _, subTurnErr = spawnSubTurn(parentTS.ctx, al, parentTS, subTurnCfg)
+ }()
+
+ // Let SubTurn start
+ time.Sleep(50 * time.Millisecond)
+
+ // Parent finishes gracefully (should NOT cancel SubTurn)
+ parentTS.Finish(false)
+ t.Log("Parent finished gracefully, SubTurn should continue")
+
+ // Wait for SubTurn to complete
+ wg.Wait()
+
+ // SubTurn should complete without context canceled error
+ // (because it uses independent context now)
+ if subTurnErr != nil {
+ t.Logf("SubTurn error: %v", subTurnErr)
+ // The error might be context.DeadlineExceeded if timeout is too short
+ // but should NOT be context.Canceled from parent
+ if errors.Is(subTurnErr, context.Canceled) {
+ t.Error("SubTurn should not be canceled by parent's graceful finish")
+ }
+ } else {
+ t.Log("✓ SubTurn completed successfully (independent context)")
+ }
+}
diff --git a/pkg/agent/turn.go b/pkg/agent/turn.go
new file mode 100644
index 000000000..e4970c519
--- /dev/null
+++ b/pkg/agent/turn.go
@@ -0,0 +1,481 @@
+package agent
+
+import (
+ "context"
+ "reflect"
+ "sync"
+ "sync/atomic"
+ "time"
+
+ "github.com/sipeed/picoclaw/pkg/bus"
+ "github.com/sipeed/picoclaw/pkg/providers"
+ "github.com/sipeed/picoclaw/pkg/session"
+ "github.com/sipeed/picoclaw/pkg/tools"
+)
+
+type TurnPhase string
+
+const (
+ TurnPhaseSetup TurnPhase = "setup"
+ TurnPhaseRunning TurnPhase = "running"
+ TurnPhaseTools TurnPhase = "tools"
+ TurnPhaseFinalizing TurnPhase = "finalizing"
+ TurnPhaseCompleted TurnPhase = "completed"
+ TurnPhaseAborted TurnPhase = "aborted"
+)
+
+type ActiveTurnInfo struct {
+ TurnID string
+ AgentID string
+ SessionKey string
+ Channel string
+ ChatID string
+ UserMessage string
+ Phase TurnPhase
+ Iteration int
+ StartedAt time.Time
+ Depth int
+ ParentTurnID string
+ ChildTurnIDs []string
+}
+
+type turnResult struct {
+ finalContent string
+ status TurnEndStatus
+ followUps []bus.InboundMessage
+}
+
+type turnState struct {
+ mu sync.RWMutex
+
+ agent *AgentInstance
+ opts processOptions
+ scope turnEventScope
+
+ turnID string
+ agentID string
+ sessionKey string
+
+ channel string
+ chatID string
+ userMessage string
+ media []string
+
+ phase TurnPhase
+ iteration int
+ startedAt time.Time
+ finalContent string
+
+ followUps []bus.InboundMessage
+
+ gracefulInterrupt bool
+ gracefulInterruptHint string
+ gracefulTerminalUsed bool
+ hardAbort bool
+ providerCancel context.CancelFunc
+ turnCancel context.CancelFunc
+
+ restorePointHistory []providers.Message
+ restorePointSummary string
+ persistedMessages []providers.Message
+
+ // SubTurn support (from HEAD)
+ depth int // SubTurn depth (0 for root turn)
+ parentTurnID string // Parent turn ID (empty for root turn)
+ childTurnIDs []string // Child turn IDs
+ pendingResults chan *tools.ToolResult // Channel for SubTurn results
+ concurrencySem chan struct{} // Semaphore for limiting concurrent SubTurns
+ isFinished atomic.Bool // Whether this turn has finished
+ session session.SessionStore // Session store reference
+ initialHistoryLength int // Snapshot of history length at turn start
+
+ // Additional SubTurn fields
+ ctx context.Context // Context for this turn
+ cancelFunc context.CancelFunc // Cancel function for this turn's context
+ critical bool // Whether this SubTurn should continue after parent ends
+ parentTurnState *turnState // Reference to parent turnState
+ parentEnded atomic.Bool // Whether parent has ended
+ closeOnce sync.Once // Ensures pendingResults channel is closed once
+ finishedChan chan struct{} // Closed when turn finishes
+
+ // Token budget tracking
+ tokenBudget *atomic.Int64 // Shared token budget counter
+ lastFinishReason string // Last LLM finish_reason
+ lastUsage *providers.UsageInfo // Last LLM usage info
+
+ // Back-reference to the owning AgentLoop (set for SubTurns only, used for hard abort cascade)
+ al *AgentLoop
+}
+
+func newTurnState(agent *AgentInstance, opts processOptions, scope turnEventScope) *turnState {
+ ts := &turnState{
+ agent: agent,
+ opts: opts,
+ scope: scope,
+ turnID: scope.turnID,
+ agentID: agent.ID,
+ sessionKey: opts.SessionKey,
+ channel: opts.Channel,
+ chatID: opts.ChatID,
+ userMessage: opts.UserMessage,
+ media: append([]string(nil), opts.Media...),
+ phase: TurnPhaseSetup,
+ startedAt: time.Now(),
+ }
+
+ // Bind session store and capture initial history length for rollback logic
+ if agent != nil && agent.Sessions != nil {
+ ts.session = agent.Sessions
+ ts.initialHistoryLength = len(agent.Sessions.GetHistory(opts.SessionKey))
+ }
+
+ return ts
+}
+
+func (al *AgentLoop) registerActiveTurn(ts *turnState) {
+ al.activeTurnStates.Store(ts.sessionKey, ts)
+}
+
+func (al *AgentLoop) clearActiveTurn(ts *turnState) {
+ al.activeTurnStates.Delete(ts.sessionKey)
+}
+
+func (al *AgentLoop) getActiveTurnState(sessionKey string) *turnState {
+ if val, ok := al.activeTurnStates.Load(sessionKey); ok {
+ return val.(*turnState)
+ }
+ return nil
+}
+
+// getAnyActiveTurnState returns any active turn state (for backward compatibility)
+func (al *AgentLoop) getAnyActiveTurnState() *turnState {
+ var firstTS *turnState
+ al.activeTurnStates.Range(func(key, value any) bool {
+ firstTS = value.(*turnState)
+ return false // stop after first
+ })
+ return firstTS
+}
+
+func (al *AgentLoop) GetActiveTurn() *ActiveTurnInfo {
+ // For backward compatibility, return the first active turn found
+ // In the new architecture, there can be multiple concurrent turns
+ var firstTS *turnState
+ al.activeTurnStates.Range(func(key, value any) bool {
+ firstTS = value.(*turnState)
+ return false // stop after first
+ })
+ if firstTS == nil {
+ return nil
+ }
+ info := firstTS.snapshot()
+ return &info
+}
+
+func (al *AgentLoop) GetActiveTurnBySession(sessionKey string) *ActiveTurnInfo {
+ ts := al.getActiveTurnState(sessionKey)
+ if ts == nil {
+ return nil
+ }
+ info := ts.snapshot()
+ return &info
+}
+
+func (ts *turnState) snapshot() ActiveTurnInfo {
+ ts.mu.RLock()
+ defer ts.mu.RUnlock()
+
+ return ActiveTurnInfo{
+ TurnID: ts.turnID,
+ AgentID: ts.agentID,
+ SessionKey: ts.sessionKey,
+ Channel: ts.channel,
+ ChatID: ts.chatID,
+ UserMessage: ts.userMessage,
+ Phase: ts.phase,
+ Iteration: ts.iteration,
+ StartedAt: ts.startedAt,
+ Depth: ts.depth,
+ ParentTurnID: ts.parentTurnID,
+ ChildTurnIDs: append([]string(nil), ts.childTurnIDs...),
+ }
+}
+
+func (ts *turnState) setPhase(phase TurnPhase) {
+ ts.mu.Lock()
+ defer ts.mu.Unlock()
+ ts.phase = phase
+}
+
+func (ts *turnState) setIteration(iteration int) {
+ ts.mu.Lock()
+ defer ts.mu.Unlock()
+ ts.iteration = iteration
+}
+
+func (ts *turnState) currentIteration() int {
+ ts.mu.RLock()
+ defer ts.mu.RUnlock()
+ return ts.iteration
+}
+
+func (ts *turnState) setFinalContent(content string) {
+ ts.mu.Lock()
+ defer ts.mu.Unlock()
+ ts.finalContent = content
+}
+
+func (ts *turnState) finalContentLen() int {
+ ts.mu.RLock()
+ defer ts.mu.RUnlock()
+ return len(ts.finalContent)
+}
+
+func (ts *turnState) setTurnCancel(cancel context.CancelFunc) {
+ ts.mu.Lock()
+ defer ts.mu.Unlock()
+ ts.turnCancel = cancel
+}
+
+func (ts *turnState) setProviderCancel(cancel context.CancelFunc) {
+ ts.mu.Lock()
+ defer ts.mu.Unlock()
+ ts.providerCancel = cancel
+}
+
+func (ts *turnState) clearProviderCancel(_ context.CancelFunc) {
+ ts.mu.Lock()
+ defer ts.mu.Unlock()
+ ts.providerCancel = nil
+}
+
+func (ts *turnState) requestGracefulInterrupt(hint string) bool {
+ ts.mu.Lock()
+ defer ts.mu.Unlock()
+ if ts.hardAbort {
+ return false
+ }
+ ts.gracefulInterrupt = true
+ ts.gracefulInterruptHint = hint
+ return true
+}
+
+func (ts *turnState) gracefulInterruptRequested() (bool, string) {
+ ts.mu.RLock()
+ defer ts.mu.RUnlock()
+ return ts.gracefulInterrupt && !ts.gracefulTerminalUsed, ts.gracefulInterruptHint
+}
+
+func (ts *turnState) markGracefulTerminalUsed() {
+ ts.mu.Lock()
+ defer ts.mu.Unlock()
+ ts.gracefulTerminalUsed = true
+}
+
+func (ts *turnState) requestHardAbort() bool {
+ ts.mu.Lock()
+ if ts.hardAbort {
+ ts.mu.Unlock()
+ return false
+ }
+ ts.hardAbort = true
+ turnCancel := ts.turnCancel
+ providerCancel := ts.providerCancel
+ ts.mu.Unlock()
+
+ if providerCancel != nil {
+ providerCancel()
+ }
+ if turnCancel != nil {
+ turnCancel()
+ }
+ return true
+}
+
+func (ts *turnState) hardAbortRequested() bool {
+ ts.mu.RLock()
+ defer ts.mu.RUnlock()
+ return ts.hardAbort
+}
+
+func (ts *turnState) eventMeta(source, tracePath string) EventMeta {
+ snap := ts.snapshot()
+ return EventMeta{
+ AgentID: snap.AgentID,
+ TurnID: snap.TurnID,
+ SessionKey: snap.SessionKey,
+ Iteration: snap.Iteration,
+ Source: source,
+ TracePath: tracePath,
+ }
+}
+
+func (ts *turnState) captureRestorePoint(history []providers.Message, summary string) {
+ ts.mu.Lock()
+ defer ts.mu.Unlock()
+ ts.restorePointHistory = append([]providers.Message(nil), history...)
+ ts.restorePointSummary = summary
+}
+
+func (ts *turnState) recordPersistedMessage(msg providers.Message) {
+ ts.mu.Lock()
+ defer ts.mu.Unlock()
+ ts.persistedMessages = append(ts.persistedMessages, msg)
+}
+
+func (ts *turnState) refreshRestorePointFromSession(agent *AgentInstance) {
+ history := agent.Sessions.GetHistory(ts.sessionKey)
+ summary := agent.Sessions.GetSummary(ts.sessionKey)
+
+ ts.mu.RLock()
+ persisted := append([]providers.Message(nil), ts.persistedMessages...)
+ ts.mu.RUnlock()
+
+ if matched := matchingTurnMessageTail(history, persisted); matched > 0 {
+ history = append([]providers.Message(nil), history[:len(history)-matched]...)
+ }
+
+ ts.captureRestorePoint(history, summary)
+}
+
+func (ts *turnState) restoreSession(agent *AgentInstance) error {
+ ts.mu.RLock()
+ history := append([]providers.Message(nil), ts.restorePointHistory...)
+ summary := ts.restorePointSummary
+ ts.mu.RUnlock()
+
+ agent.Sessions.SetHistory(ts.sessionKey, history)
+ agent.Sessions.SetSummary(ts.sessionKey, summary)
+ return agent.Sessions.Save(ts.sessionKey)
+}
+
+func matchingTurnMessageTail(history, persisted []providers.Message) int {
+ maxMatch := min(len(history), len(persisted))
+ for size := maxMatch; size > 0; size-- {
+ if reflect.DeepEqual(history[len(history)-size:], persisted[len(persisted)-size:]) {
+ return size
+ }
+ }
+ return 0
+}
+
+func (ts *turnState) interruptHintMessage() providers.Message {
+ _, hint := ts.gracefulInterruptRequested()
+ content := "Interrupt requested. Stop scheduling tools and provide a short final summary."
+ if hint != "" {
+ content += "\n\nInterrupt hint: " + hint
+ }
+ return providers.Message{
+ Role: "user",
+ Content: content,
+ }
+}
+
+// SubTurn-related methods
+
+// Finish marks the turn as finished and closes the pendingResults channel
+func (ts *turnState) Finish(isHardAbort bool) {
+ ts.isFinished.Store(true)
+
+ // Close pendingResults channel exactly once
+ ts.closeOnce.Do(func() {
+ if ts.pendingResults != nil {
+ close(ts.pendingResults)
+ }
+ ts.mu.Lock()
+ if ts.finishedChan == nil {
+ ts.finishedChan = make(chan struct{})
+ }
+ close(ts.finishedChan)
+ ts.mu.Unlock()
+ })
+
+ // If this is a graceful finish (not hard abort), signal to children
+ if !isHardAbort && ts.parentTurnState == nil {
+ // This is a root turn finishing gracefully
+ ts.parentEnded.Store(true)
+ }
+
+ // Cancel the turn context
+ if ts.cancelFunc != nil {
+ ts.cancelFunc()
+ }
+
+ // Hard abort cascades to all child turns
+ if isHardAbort && ts.al != nil {
+ ts.mu.RLock()
+ children := append([]string(nil), ts.childTurnIDs...)
+ ts.mu.RUnlock()
+ for _, childID := range children {
+ if val, ok := ts.al.activeTurnStates.Load(childID); ok {
+ val.(*turnState).Finish(true)
+ }
+ }
+ }
+}
+
+// Finished returns whether the turn has finished
+func (ts *turnState) Finished() chan struct{} {
+ ts.mu.Lock()
+ defer ts.mu.Unlock()
+ if ts.finishedChan == nil {
+ ts.finishedChan = make(chan struct{})
+ }
+ return ts.finishedChan
+}
+
+// IsParentEnded checks if the parent turn has ended
+func (ts *turnState) IsParentEnded() bool {
+ if ts.parentTurnState == nil {
+ return false
+ }
+ return ts.parentTurnState.parentEnded.Load()
+}
+
+// GetLastFinishReason returns the last LLM finish_reason
+func (ts *turnState) GetLastFinishReason() string {
+ ts.mu.RLock()
+ defer ts.mu.RUnlock()
+ return ts.lastFinishReason
+}
+
+// SetLastFinishReason sets the last LLM finish_reason
+func (ts *turnState) SetLastFinishReason(reason string) {
+ ts.mu.Lock()
+ defer ts.mu.Unlock()
+ ts.lastFinishReason = reason
+}
+
+// GetLastUsage returns the last LLM usage info
+func (ts *turnState) GetLastUsage() *providers.UsageInfo {
+ ts.mu.RLock()
+ defer ts.mu.RUnlock()
+ return ts.lastUsage
+}
+
+// SetLastUsage sets the last LLM usage info
+func (ts *turnState) SetLastUsage(usage *providers.UsageInfo) {
+ ts.mu.Lock()
+ defer ts.mu.Unlock()
+ ts.lastUsage = usage
+}
+
+// Context helper functions for SubTurn
+
+type turnStateKeyType struct{}
+
+var turnStateKey = turnStateKeyType{}
+
+func withTurnState(ctx context.Context, ts *turnState) context.Context {
+ return context.WithValue(ctx, turnStateKey, ts)
+}
+
+func turnStateFromContext(ctx context.Context) *turnState {
+ ts, _ := ctx.Value(turnStateKey).(*turnState)
+ return ts
+}
+
+// TurnStateFromContext retrieves turnState from context (exported for tools)
+func TurnStateFromContext(ctx context.Context) *turnState {
+ return turnStateFromContext(ctx)
+}
diff --git a/pkg/auth/store.go b/pkg/auth/store.go
index f7813ca57..8a878d553 100644
--- a/pkg/auth/store.go
+++ b/pkg/auth/store.go
@@ -6,6 +6,7 @@ import (
"path/filepath"
"time"
+ "github.com/sipeed/picoclaw/pkg"
"github.com/sipeed/picoclaw/pkg/config"
"github.com/sipeed/picoclaw/pkg/fileutil"
)
@@ -44,7 +45,7 @@ func authFilePath() string {
return filepath.Join(home, "auth.json")
}
home, _ := os.UserHomeDir()
- return filepath.Join(home, ".picoclaw", "auth.json")
+ return filepath.Join(home, pkg.DefaultPicoClawHome, "auth.json")
}
func LoadStore() (*AuthStore, error) {
diff --git a/pkg/channels/dingtalk/dingtalk.go b/pkg/channels/dingtalk/dingtalk.go
index c03122892..7ac2c073f 100644
--- a/pkg/channels/dingtalk/dingtalk.go
+++ b/pkg/channels/dingtalk/dingtalk.go
@@ -36,7 +36,7 @@ type DingTalkChannel struct {
// NewDingTalkChannel creates a new DingTalk channel instance
func NewDingTalkChannel(cfg config.DingTalkConfig, messageBus *bus.MessageBus) (*DingTalkChannel, error) {
- if cfg.ClientID == "" || cfg.ClientSecret == "" {
+ if cfg.ClientID == "" || cfg.ClientSecret() == "" {
return nil, fmt.Errorf("dingtalk client_id and client_secret are required")
}
@@ -53,7 +53,7 @@ func NewDingTalkChannel(cfg config.DingTalkConfig, messageBus *bus.MessageBus) (
BaseChannel: base,
config: cfg,
clientID: cfg.ClientID,
- clientSecret: cfg.ClientSecret,
+ clientSecret: cfg.ClientSecret(),
}, nil
}
diff --git a/pkg/channels/discord/discord.go b/pkg/channels/discord/discord.go
index 83a04907c..3b5b4f8bb 100644
--- a/pkg/channels/discord/discord.go
+++ b/pkg/channels/discord/discord.go
@@ -53,7 +53,7 @@ func NewDiscordChannel(cfg config.DiscordConfig, bus *bus.MessageBus) (*DiscordC
discordgo.LogDebug: logger.DEBUG,
}).Log
- session, err := discordgo.New("Bot " + cfg.Token)
+ session, err := discordgo.New("Bot " + cfg.Token())
if err != nil {
return nil, fmt.Errorf("failed to create discord session: %w", err)
}
@@ -396,8 +396,9 @@ func (c *DiscordChannel) handleMessage(s *discordgo.Session, m *discordgo.Messag
storeMedia := func(localPath, filename string) string {
if store := c.GetMediaStore(); store != nil {
ref, err := store.Store(localPath, media.MediaMeta{
- Filename: filename,
- Source: "discord",
+ Filename: filename,
+ Source: "discord",
+ CleanupPolicy: media.CleanupPolicyDeleteOnCleanup,
}, scope)
if err == nil {
return ref
diff --git a/pkg/channels/feishu/feishu_64.go b/pkg/channels/feishu/feishu_64.go
index 37a74718a..0ab70649f 100644
--- a/pkg/channels/feishu/feishu_64.go
+++ b/pkg/channels/feishu/feishu_64.go
@@ -63,14 +63,14 @@ func NewFeishuChannel(cfg config.FeishuConfig, bus *bus.MessageBus) (*FeishuChan
BaseChannel: base,
config: cfg,
tokenCache: tc,
- client: lark.NewClient(cfg.AppID, cfg.AppSecret, opts...),
+ client: lark.NewClient(cfg.AppID, cfg.AppSecret(), opts...),
}
ch.SetOwner(ch)
return ch, nil
}
func (c *FeishuChannel) Start(ctx context.Context) error {
- if c.config.AppID == "" || c.config.AppSecret == "" {
+ if c.config.AppID == "" || c.config.AppSecret() == "" {
return fmt.Errorf("feishu app_id or app_secret is empty")
}
@@ -81,7 +81,7 @@ func (c *FeishuChannel) Start(ctx context.Context) error {
})
}
- dispatcher := larkdispatcher.NewEventDispatcher(c.config.VerificationToken, c.config.EncryptKey).
+ dispatcher := larkdispatcher.NewEventDispatcher(c.config.VerificationToken(), c.config.EncryptKey()).
OnP2MessageReceiveV1(c.handleMessageReceive)
runCtx, cancel := context.WithCancel(ctx)
@@ -94,7 +94,7 @@ func (c *FeishuChannel) Start(ctx context.Context) error {
}
c.wsClient = larkws.NewClient(
c.config.AppID,
- c.config.AppSecret,
+ c.config.AppSecret(),
larkws.WithEventHandler(dispatcher),
larkws.WithDomain(domain),
)
@@ -725,8 +725,9 @@ func (c *FeishuChannel) downloadResource(
out.Close()
ref, err := store.Store(localPath, media.MediaMeta{
- Filename: filename,
- Source: "feishu",
+ Filename: filename,
+ Source: "feishu",
+ CleanupPolicy: media.CleanupPolicyDeleteOnCleanup,
}, scope)
if err != nil {
logger.ErrorCF("feishu", "Failed to store downloaded resource", map[string]any{
diff --git a/pkg/channels/irc/handler.go b/pkg/channels/irc/handler.go
index aca4ddd11..3fe9548f4 100644
--- a/pkg/channels/irc/handler.go
+++ b/pkg/channels/irc/handler.go
@@ -17,8 +17,8 @@ import (
// onConnect is called after a successful connection (and on reconnect).
func (c *IRCChannel) onConnect(conn *ircevent.Connection) {
// NickServ auth (only if SASL is not configured)
- if c.config.NickServPassword != "" && c.config.SASLUser == "" {
- conn.Privmsg("NickServ", "IDENTIFY "+c.config.NickServPassword)
+ if c.config.NickServPassword() != "" && c.config.SASLUser == "" {
+ conn.Privmsg("NickServ", "IDENTIFY "+c.config.NickServPassword())
}
// Join configured channels
diff --git a/pkg/channels/irc/irc.go b/pkg/channels/irc/irc.go
index 28c59b540..289ce2c9b 100644
--- a/pkg/channels/irc/irc.go
+++ b/pkg/channels/irc/irc.go
@@ -68,7 +68,7 @@ func (c *IRCChannel) Start(ctx context.Context) error {
Nick: c.config.Nick,
User: user,
RealName: realName,
- Password: c.config.Password,
+ Password: c.config.Password(),
UseTLS: c.config.TLS,
RequestCaps: caps,
QuitMessage: "Goodbye",
@@ -83,9 +83,9 @@ func (c *IRCChannel) Start(ctx context.Context) error {
}
// SASL auth (takes priority over NickServ)
- if c.config.SASLUser != "" && c.config.SASLPassword != "" {
+ if c.config.SASLUser != "" && c.config.SASLPassword() != "" {
conn.SASLLogin = c.config.SASLUser
- conn.SASLPassword = c.config.SASLPassword
+ conn.SASLPassword = c.config.SASLPassword()
}
// Register event handlers
diff --git a/pkg/channels/line/line.go b/pkg/channels/line/line.go
index 56ba02183..4eaadae70 100644
--- a/pkg/channels/line/line.go
+++ b/pkg/channels/line/line.go
@@ -62,7 +62,7 @@ type LINEChannel struct {
// NewLINEChannel creates a new LINE channel instance.
func NewLINEChannel(cfg config.LINEConfig, messageBus *bus.MessageBus) (*LINEChannel, error) {
- if cfg.ChannelSecret == "" || cfg.ChannelAccessToken == "" {
+ if cfg.ChannelSecret() == "" || cfg.ChannelAccessToken() == "" {
return nil, fmt.Errorf("line channel_secret and channel_access_token are required")
}
@@ -110,7 +110,7 @@ func (c *LINEChannel) fetchBotInfo() error {
if err != nil {
return err
}
- req.Header.Set("Authorization", "Bearer "+c.config.ChannelAccessToken)
+ req.Header.Set("Authorization", "Bearer "+c.config.ChannelAccessToken())
resp, err := c.infoClient.Do(req)
if err != nil {
@@ -216,7 +216,7 @@ func (c *LINEChannel) verifySignature(body []byte, signature string) bool {
return false
}
- mac := hmac.New(sha256.New, []byte(c.config.ChannelSecret))
+ mac := hmac.New(sha256.New, []byte(c.config.ChannelSecret()))
mac.Write(body)
expected := base64.StdEncoding.EncodeToString(mac.Sum(nil))
@@ -301,8 +301,9 @@ func (c *LINEChannel) processEvent(event lineEvent) {
storeMedia := func(localPath, filename string) string {
if store := c.GetMediaStore(); store != nil {
ref, err := store.Store(localPath, media.MediaMeta{
- Filename: filename,
- Source: "line",
+ Filename: filename,
+ Source: "line",
+ CleanupPolicy: media.CleanupPolicyDeleteOnCleanup,
}, scope)
if err == nil {
return ref
@@ -654,7 +655,7 @@ func (c *LINEChannel) callAPI(ctx context.Context, endpoint string, payload any)
}
req.Header.Set("Content-Type", "application/json")
- req.Header.Set("Authorization", "Bearer "+c.config.ChannelAccessToken)
+ req.Header.Set("Authorization", "Bearer "+c.config.ChannelAccessToken())
resp, err := c.apiClient.Do(req)
if err != nil {
@@ -679,7 +680,7 @@ func (c *LINEChannel) downloadContent(messageID, filename string) string {
return utils.DownloadFile(url, filename, utils.DownloadOptions{
LoggerPrefix: "line",
ExtraHeaders: map[string]string{
- "Authorization": "Bearer " + c.config.ChannelAccessToken,
+ "Authorization": "Bearer " + c.config.ChannelAccessToken(),
},
})
}
diff --git a/pkg/channels/manager.go b/pkg/channels/manager.go
index dd0b129e4..f04d989a3 100644
--- a/pkg/channels/manager.go
+++ b/pkg/channels/manager.go
@@ -319,7 +319,7 @@ func (m *Manager) initChannel(name, displayName string) {
func (m *Manager) initChannels(channels *config.ChannelsConfig) error {
logger.InfoC("channels", "Initializing channel manager")
- if channels.Telegram.Enabled && channels.Telegram.Token != "" {
+ if channels.Telegram.Enabled && channels.Telegram.Token() != "" {
m.initChannel("telegram", "Telegram")
}
@@ -336,7 +336,7 @@ func (m *Manager) initChannels(channels *config.ChannelsConfig) error {
m.initChannel("feishu", "Feishu")
}
- if channels.Discord.Enabled && channels.Discord.Token != "" {
+ if channels.Discord.Enabled && channels.Discord.Token() != "" {
m.initChannel("discord", "Discord")
}
@@ -352,18 +352,18 @@ func (m *Manager) initChannels(channels *config.ChannelsConfig) error {
m.initChannel("dingtalk", "DingTalk")
}
- if channels.Slack.Enabled && channels.Slack.BotToken != "" {
+ if channels.Slack.Enabled && channels.Slack.BotToken() != "" {
m.initChannel("slack", "Slack")
}
if channels.Matrix.Enabled &&
m.config.Channels.Matrix.Homeserver != "" &&
m.config.Channels.Matrix.UserID != "" &&
- m.config.Channels.Matrix.AccessToken != "" {
+ m.config.Channels.Matrix.AccessToken() != "" {
m.initChannel("matrix", "Matrix")
}
- if channels.LINE.Enabled && channels.LINE.ChannelAccessToken != "" {
+ if channels.LINE.Enabled && channels.LINE.ChannelAccessToken() != "" {
m.initChannel("line", "LINE")
}
@@ -371,13 +371,12 @@ func (m *Manager) initChannels(channels *config.ChannelsConfig) error {
m.initChannel("onebot", "OneBot")
}
- if channels.WeCom.Enabled && channels.WeCom.Token != "" {
+ if channels.WeCom.Enabled && channels.WeCom.Token() != "" {
m.initChannel("wecom", "WeCom")
}
- if m.config.Channels.WeComAIBot.Enabled &&
- ((m.config.Channels.WeComAIBot.BotID != "" && m.config.Channels.WeComAIBot.Secret != "") ||
- m.config.Channels.WeComAIBot.Token != "") {
+ if channels.WeComAIBot.Enabled && (channels.WeComAIBot.Token() != "" ||
+ (channels.WeComAIBot.Secret() != "" && channels.WeComAIBot.BotID != "")) {
m.initChannel("wecom_aibot", "WeCom AI Bot")
}
@@ -385,11 +384,11 @@ func (m *Manager) initChannels(channels *config.ChannelsConfig) error {
m.initChannel("wecom_app", "WeCom App")
}
- if channels.Weixin.Enabled && channels.Weixin.Token != "" {
+ if channels.Weixin.Enabled && channels.Weixin.Token() != "" {
m.initChannel("weixin", "Weixin")
}
- if channels.Pico.Enabled && channels.Pico.Token != "" {
+ if channels.Pico.Enabled && channels.Pico.Token() != "" {
m.initChannel("pico", "Pico")
}
diff --git a/pkg/channels/manager_channel.go b/pkg/channels/manager_channel.go
index 57cb05412..86572e336 100644
--- a/pkg/channels/manager_channel.go
+++ b/pkg/channels/manager_channel.go
@@ -21,6 +21,7 @@ func toChannelHashes(cfg *config.Config) map[string]string {
if !value["enabled"].(bool) {
continue
}
+ hiddenValues(key, value, ch)
valueBytes, _ := json.Marshal(value)
hash := md5.Sum(valueBytes)
result[key] = hex.EncodeToString(hash[:])
@@ -29,6 +30,49 @@ func toChannelHashes(cfg *config.Config) map[string]string {
return result
}
+func hiddenValues(key string, value map[string]any, ch config.ChannelsConfig) {
+ switch key {
+ case "pico":
+ value["token"] = ch.Pico.Token()
+ case "telegram":
+ value["token"] = ch.Telegram.Token()
+ case "discord":
+ value["token"] = ch.Discord.Token()
+ case "slack":
+ value["bot_token"] = ch.Slack.BotToken()
+ value["app_token"] = ch.Slack.AppToken()
+ case "matrix":
+ value["token"] = ch.Matrix.AccessToken()
+ case "onebot":
+ value["token"] = ch.OneBot.AccessToken()
+ case "line":
+ value["token"] = ch.LINE.ChannelAccessToken()
+ value["secret"] = ch.LINE.ChannelSecret()
+ case "wecom":
+ value["token"] = ch.WeCom.Token()
+ value["key"] = ch.WeCom.EncodingAESKey()
+ case "wecom_app":
+ value["token"] = ch.WeComApp.Token()
+ value["secret"] = ch.WeComApp.CorpSecret()
+ case "wecom_aibot":
+ value["token"] = ch.WeComAIBot.Token()
+ value["key"] = ch.WeComAIBot.EncodingAESKey()
+ value["secret"] = ch.WeComAIBot.Secret()
+ case "dingtalk":
+ value["secret"] = ch.QQ.AppSecret()
+ case "qq":
+ value["secret"] = ch.DingTalk.ClientSecret()
+ case "irc":
+ value["password"] = ch.IRC.Password()
+ value["serv_password"] = ch.IRC.NickServPassword()
+ value["sasl_password"] = ch.IRC.SASLPassword()
+ case "feishu":
+ value["app_secret"] = ch.Feishu.AppSecret()
+ value["encrypt_key"] = ch.Feishu.EncryptKey()
+ value["verification_token"] = ch.Feishu.VerificationToken()
+ }
+}
+
func compareChannels(old, news map[string]string) (added, removed []string) {
for key, newHash := range news {
if oldHash, ok := old[key]; ok {
@@ -82,5 +126,61 @@ func toChannelConfig(cfg *config.Config, list []string) (*config.ChannelsConfig,
return nil, err
}
+ updateKeys(result, &ch)
+
return result, nil
}
+
+func updateKeys(newcfg, old *config.ChannelsConfig) {
+ if newcfg.Pico.Enabled {
+ newcfg.Pico.SetToken(old.Pico.Token())
+ }
+ if newcfg.Telegram.Enabled {
+ newcfg.Telegram.SetToken(old.Telegram.Token())
+ }
+ if newcfg.Discord.Enabled {
+ newcfg.Discord.SetToken(old.Discord.Token())
+ }
+ if newcfg.Slack.Enabled {
+ newcfg.Slack.SetBotToken(old.Slack.BotToken())
+ newcfg.Slack.SetAppToken(old.Slack.AppToken())
+ }
+ if newcfg.Matrix.Enabled {
+ newcfg.Matrix.SetAccessToken(old.Matrix.AccessToken())
+ }
+ if newcfg.OneBot.Enabled {
+ newcfg.OneBot.SetAccessToken(old.OneBot.AccessToken())
+ }
+ if newcfg.LINE.Enabled {
+ newcfg.LINE.SetChannelAccessToken(old.LINE.ChannelAccessToken())
+ newcfg.LINE.SetChannelSecret(old.LINE.ChannelSecret())
+ }
+ if newcfg.WeCom.Enabled {
+ newcfg.WeCom.SetToken(old.WeCom.Token())
+ newcfg.WeCom.SetEncodingAESKey(old.WeCom.EncodingAESKey())
+ }
+ if newcfg.WeComApp.Enabled {
+ newcfg.WeComApp.SetToken(old.WeComApp.Token())
+ newcfg.WeComApp.SetCorpSecret(old.WeComApp.CorpSecret())
+ }
+ if newcfg.WeComAIBot.Enabled {
+ newcfg.WeComAIBot.SetToken(old.WeComAIBot.Token())
+ newcfg.WeComAIBot.SetEncodingAESKey(old.WeComAIBot.EncodingAESKey())
+ }
+ if newcfg.DingTalk.Enabled {
+ newcfg.DingTalk.SetClientSecret(old.DingTalk.ClientSecret())
+ }
+ if newcfg.QQ.Enabled {
+ newcfg.QQ.SetAppSecret(old.QQ.AppSecret())
+ }
+ if newcfg.IRC.Enabled {
+ newcfg.IRC.SetPassword(old.IRC.Password())
+ newcfg.IRC.SetNickServPassword(old.IRC.NickServPassword())
+ newcfg.IRC.SetSASLPassword(old.IRC.SASLPassword())
+ }
+ if newcfg.Feishu.Enabled {
+ newcfg.Feishu.SetAppSecret(old.Feishu.AppSecret())
+ newcfg.Feishu.SetEncryptKey(old.Feishu.EncryptKey())
+ newcfg.Feishu.SetVerificationToken(old.Feishu.VerificationToken())
+ }
+}
diff --git a/pkg/channels/manager_channel_test.go b/pkg/channels/manager_channel_test.go
index 651764c4f..e17dcf17d 100644
--- a/pkg/channels/manager_channel_test.go
+++ b/pkg/channels/manager_channel_test.go
@@ -31,7 +31,7 @@ func TestToChannelHashes(t *testing.T) {
added, removed = compareChannels(results2, results3)
assert.EqualValues(t, []string{"dingtalk"}, removed)
assert.EqualValues(t, []string{"telegram"}, added)
- cfg3.Channels.Telegram.Token = "114314"
+ cfg3.Channels.Telegram.SetToken("114314")
results4 := toChannelHashes(cfg3)
assert.Equal(t, 1, len(results4))
logger.Debugf("results4: %v", results4)
@@ -41,11 +41,11 @@ func TestToChannelHashes(t *testing.T) {
cc, err := toChannelConfig(cfg3, added)
assert.NoError(t, err)
logger.Debugf("cc: %#v", cc.Telegram)
- assert.Equal(t, "114314", cc.Telegram.Token)
+ assert.Equal(t, "114314", cc.Telegram.Token())
assert.Equal(t, true, cc.Telegram.Enabled)
cc, err = toChannelConfig(cfg2, added)
assert.NoError(t, err)
logger.Debugf("cc: %#v", cc.Telegram)
- assert.Equal(t, "", cc.Telegram.Token)
+ assert.Equal(t, "", cc.Telegram.Token())
assert.Equal(t, false, cc.Telegram.Enabled)
}
diff --git a/pkg/channels/matrix/matrix.go b/pkg/channels/matrix/matrix.go
index 4cbe95c5c..98c607d0b 100644
--- a/pkg/channels/matrix/matrix.go
+++ b/pkg/channels/matrix/matrix.go
@@ -186,7 +186,7 @@ type MatrixChannel struct {
func NewMatrixChannel(cfg config.MatrixConfig, messageBus *bus.MessageBus) (*MatrixChannel, error) {
homeserver := strings.TrimSpace(cfg.Homeserver)
userID := strings.TrimSpace(cfg.UserID)
- accessToken := strings.TrimSpace(cfg.AccessToken)
+ accessToken := strings.TrimSpace(cfg.AccessToken())
if homeserver == "" {
return nil, fmt.Errorf("matrix homeserver is required")
}
@@ -692,6 +692,9 @@ func (c *MatrixChannel) extractInboundMedia(
func (c *MatrixChannel) storeMedia(localPath string, meta media.MediaMeta, scope string) string {
if store := c.GetMediaStore(); store != nil {
+ if meta.CleanupPolicy == "" {
+ meta.CleanupPolicy = media.CleanupPolicyDeleteOnCleanup
+ }
ref, err := store.Store(localPath, meta, scope)
if err == nil {
return ref
diff --git a/pkg/channels/onebot/onebot.go b/pkg/channels/onebot/onebot.go
index 62a9eb34a..048be48eb 100644
--- a/pkg/channels/onebot/onebot.go
+++ b/pkg/channels/onebot/onebot.go
@@ -184,8 +184,8 @@ func (c *OneBotChannel) connect() error {
dialer.HandshakeTimeout = 10 * time.Second
header := make(map[string][]string)
- if c.config.AccessToken != "" {
- header["Authorization"] = []string{"Bearer " + c.config.AccessToken}
+ if c.config.AccessToken() != "" {
+ header["Authorization"] = []string{"Bearer " + c.config.AccessToken()}
}
conn, resp, err := dialer.Dial(c.config.WSUrl, header)
@@ -749,8 +749,9 @@ func (c *OneBotChannel) parseMessageSegments(
storeFile := func(localPath, filename string) string {
if store != nil {
ref, err := store.Store(localPath, media.MediaMeta{
- Filename: filename,
- Source: "onebot",
+ Filename: filename,
+ Source: "onebot",
+ CleanupPolicy: media.CleanupPolicyDeleteOnCleanup,
}, scope)
if err == nil {
return ref
diff --git a/pkg/channels/pico/pico.go b/pkg/channels/pico/pico.go
index 77e7bbdb6..86ce98b06 100644
--- a/pkg/channels/pico/pico.go
+++ b/pkg/channels/pico/pico.go
@@ -64,7 +64,7 @@ type PicoChannel struct {
// NewPicoChannel creates a new Pico Protocol channel.
func NewPicoChannel(cfg config.PicoConfig, messageBus *bus.MessageBus) (*PicoChannel, error) {
- if cfg.Token == "" {
+ if cfg.Token() == "" {
return nil, fmt.Errorf("pico token is required")
}
@@ -297,7 +297,7 @@ func (c *PicoChannel) handleWebSocket(w http.ResponseWriter, r *http.Request) {
// 2. Sec-WebSocket-Protocol "token." (for browsers that can't set headers)
// 3. Query parameter "token" (only when AllowTokenQuery is on)
func (c *PicoChannel) authenticate(r *http.Request) bool {
- token := c.config.Token
+ token := c.config.Token()
if token == "" {
return false
}
@@ -328,7 +328,7 @@ func (c *PicoChannel) authenticate(r *http.Request) bool {
// matchedSubprotocol returns the "token." subprotocol that matches
// the configured token, or "" if none do.
func (c *PicoChannel) matchedSubprotocol(r *http.Request) string {
- token := c.config.Token
+ token := c.config.Token()
for _, proto := range websocket.Subprotocols(r) {
if after, ok := strings.CutPrefix(proto, "token."); ok && after == token {
return proto
diff --git a/pkg/channels/qq/audio_duration.go b/pkg/channels/qq/audio_duration.go
new file mode 100644
index 000000000..28a9b2e83
--- /dev/null
+++ b/pkg/channels/qq/audio_duration.go
@@ -0,0 +1,231 @@
+package qq
+
+import (
+ "encoding/binary"
+ "io"
+ "os"
+ "path/filepath"
+ "strings"
+ "time"
+)
+
+const qqVoiceMaxDuration = 60 * time.Second
+
+func qqAudioDuration(localPath, filename, contentType string) (time.Duration, bool, error) {
+ if localPath == "" {
+ return 0, false, nil
+ }
+
+ switch qqAudioDurationFormat(localPath, filename, contentType) {
+ case "wav":
+ return qqWAVDuration(localPath)
+ case "ogg":
+ return qqOggDuration(localPath)
+ default:
+ return 0, false, nil
+ }
+}
+
+func qqAudioDurationFormat(localPath, filename, contentType string) string {
+ contentType = strings.ToLower(contentType)
+
+ switch {
+ case strings.HasPrefix(contentType, "audio/wav"), strings.HasPrefix(contentType, "audio/x-wav"):
+ return "wav"
+ case strings.HasPrefix(contentType, "audio/ogg"),
+ contentType == "application/ogg",
+ contentType == "application/x-ogg":
+ return "ogg"
+ }
+
+ switch filepath.Ext(strings.ToLower(filename)) {
+ case ".wav":
+ return "wav"
+ case ".ogg", ".opus":
+ return "ogg"
+ }
+
+ switch filepath.Ext(strings.ToLower(localPath)) {
+ case ".wav":
+ return "wav"
+ case ".ogg", ".opus":
+ return "ogg"
+ }
+
+ return ""
+}
+
+func qqWAVDuration(localPath string) (time.Duration, bool, error) {
+ file, err := os.Open(localPath)
+ if err != nil {
+ return 0, false, err
+ }
+ defer file.Close()
+
+ var header [12]byte
+ if _, err := io.ReadFull(file, header[:]); err != nil {
+ return 0, false, err
+ }
+
+ var order binary.ByteOrder
+ switch string(header[:4]) {
+ case "RIFF":
+ order = binary.LittleEndian
+ case "RIFX":
+ order = binary.BigEndian
+ default:
+ return 0, false, nil
+ }
+
+ if string(header[8:12]) != "WAVE" {
+ return 0, false, nil
+ }
+
+ var byteRate uint32
+ var dataSize uint32
+ var foundFmt bool
+ var foundData bool
+
+ for {
+ var chunkHeader [8]byte
+ if _, err := io.ReadFull(file, chunkHeader[:]); err != nil {
+ if err == io.EOF {
+ break
+ }
+ return 0, false, err
+ }
+
+ chunkSize := order.Uint32(chunkHeader[4:8])
+ switch string(chunkHeader[:4]) {
+ case "fmt ":
+ chunkData := make([]byte, chunkSize)
+ if _, err := io.ReadFull(file, chunkData); err != nil {
+ return 0, false, err
+ }
+ if len(chunkData) >= 12 {
+ byteRate = order.Uint32(chunkData[8:12])
+ foundFmt = true
+ }
+ case "data":
+ dataSize = chunkSize
+ foundData = true
+ if _, err := io.CopyN(io.Discard, file, int64(chunkSize)); err != nil {
+ return 0, false, err
+ }
+ default:
+ if _, err := io.CopyN(io.Discard, file, int64(chunkSize)); err != nil {
+ return 0, false, err
+ }
+ }
+
+ if chunkSize%2 == 1 {
+ if _, err := io.CopyN(io.Discard, file, 1); err != nil {
+ return 0, false, err
+ }
+ }
+
+ if foundFmt && foundData {
+ break
+ }
+ }
+
+ if !foundFmt || !foundData || byteRate == 0 {
+ return 0, false, nil
+ }
+
+ durationNS := int64(dataSize) * int64(time.Second) / int64(byteRate)
+ return time.Duration(durationNS), true, nil
+}
+
+func qqOggDuration(localPath string) (time.Duration, bool, error) {
+ file, err := os.Open(localPath)
+ if err != nil {
+ return 0, false, err
+ }
+ defer file.Close()
+
+ var firstPacket []byte
+ var codec string
+ var sampleRate uint32
+ var lastGranule uint64
+ var haveGranule bool
+
+ for {
+ var header [27]byte
+ if _, err := io.ReadFull(file, header[:]); err != nil {
+ if err == io.EOF {
+ break
+ }
+ return 0, false, err
+ }
+
+ if string(header[:4]) != "OggS" {
+ return 0, false, nil
+ }
+
+ pageSegments := int(header[26])
+ segments := make([]byte, pageSegments)
+ if _, err := io.ReadFull(file, segments); err != nil {
+ return 0, false, err
+ }
+
+ payloadLen := 0
+ for _, segLen := range segments {
+ payloadLen += int(segLen)
+ }
+
+ payload := make([]byte, payloadLen)
+ if _, err := io.ReadFull(file, payload); err != nil {
+ return 0, false, err
+ }
+
+ granule := binary.LittleEndian.Uint64(header[6:14])
+ if granule != ^uint64(0) {
+ lastGranule = granule
+ haveGranule = true
+ }
+
+ if codec == "" {
+ offset := 0
+ for _, segLen := range segments {
+ firstPacket = append(firstPacket, payload[offset:offset+int(segLen)]...)
+ offset += int(segLen)
+ if segLen < 255 {
+ codec, sampleRate = qqParseOggCodec(firstPacket)
+ break
+ }
+ }
+ }
+ }
+
+ if !haveGranule || codec == "" {
+ return 0, false, nil
+ }
+
+ switch codec {
+ case "opus":
+ return time.Duration(lastGranule) * time.Second / 48000, true, nil
+ case "vorbis":
+ if sampleRate == 0 {
+ return 0, false, nil
+ }
+ return time.Duration(lastGranule) * time.Second / time.Duration(sampleRate), true, nil
+ default:
+ return 0, false, nil
+ }
+}
+
+func qqParseOggCodec(packet []byte) (string, uint32) {
+ if len(packet) >= 8 && string(packet[:8]) == "OpusHead" {
+ return "opus", 48000
+ }
+
+ if len(packet) >= 16 && packet[0] == 0x01 && string(packet[1:7]) == "vorbis" {
+ sampleRate := binary.LittleEndian.Uint32(packet[12:16])
+ if sampleRate > 0 {
+ return "vorbis", sampleRate
+ }
+ }
+
+ return "", 0
+}
diff --git a/pkg/channels/qq/qq.go b/pkg/channels/qq/qq.go
index 1a48369f8..cd66964dd 100644
--- a/pkg/channels/qq/qq.go
+++ b/pkg/channels/qq/qq.go
@@ -98,7 +98,7 @@ func NewQQChannel(cfg config.QQConfig, messageBus *bus.MessageBus) (*QQChannel,
}
func (c *QQChannel) Start(ctx context.Context) error {
- if c.config.AppID == "" || c.config.AppSecret == "" {
+ if c.config.AppID == "" || c.config.AppSecret() == "" {
return fmt.Errorf("QQ app_id and app_secret not configured")
}
@@ -112,7 +112,7 @@ func (c *QQChannel) Start(ctx context.Context) error {
// create token source
credentials := &token.QQBotCredentials{
AppID: c.config.AppID,
- AppSecret: c.config.AppSecret,
+ AppSecret: c.config.AppSecret(),
}
c.tokenSource = token.NewQQBotTokenSource(credentials)
@@ -387,12 +387,11 @@ func (c *QQChannel) uploadMedia(
}
func (c *QQChannel) buildMediaUpload(part bus.MediaPart) (*qqMediaUpload, error) {
- payload := &qqMediaUpload{
- FileType: qqFileType(part.Type),
- }
+ payload := &qqMediaUpload{}
mediaRef := part.Ref
if isHTTPURL(mediaRef) {
+ payload.FileType = qqFileType(c.outboundMediaType(part, ""))
payload.URL = mediaRef
return payload, nil
}
@@ -402,15 +401,23 @@ func (c *QQChannel) buildMediaUpload(part bus.MediaPart) (*qqMediaUpload, error)
return nil, fmt.Errorf("no media store available: %w", channels.ErrSendFailed)
}
- resolved, err := store.Resolve(part.Ref)
+ resolved, meta, err := store.ResolveWithMeta(part.Ref)
if err != nil {
return nil, fmt.Errorf("qq resolve media ref %q: %v: %w", part.Ref, err, channels.ErrSendFailed)
}
+ if part.Filename == "" {
+ part.Filename = meta.Filename
+ }
+ if part.ContentType == "" {
+ part.ContentType = meta.ContentType
+ }
if isHTTPURL(resolved) {
+ payload.FileType = qqFileType(c.outboundMediaType(part, ""))
payload.URL = resolved
return payload, nil
}
+ payload.FileType = qqFileType(c.outboundMediaType(part, resolved))
if limitBytes := c.maxBase64FileSizeBytes(); limitBytes > 0 {
info, statErr := os.Stat(resolved)
@@ -437,6 +444,48 @@ func (c *QQChannel) buildMediaUpload(part bus.MediaPart) (*qqMediaUpload, error)
return payload, nil
}
+func (c *QQChannel) outboundMediaType(part bus.MediaPart, localPath string) string {
+ if part.Type != "audio" {
+ return part.Type
+ }
+
+ if localPath == "" {
+ logger.InfoCF("qq", "Sending audio as file because duration is unavailable", map[string]any{
+ "ref": part.Ref,
+ "filename": part.Filename,
+ })
+ return "file"
+ }
+
+ duration, ok, err := qqAudioDuration(localPath, part.Filename, part.ContentType)
+ if err != nil {
+ logger.WarnCF("qq", "Failed to detect audio duration, sending as file", map[string]any{
+ "ref": part.Ref,
+ "filename": part.Filename,
+ "error": err.Error(),
+ })
+ return "file"
+ }
+ if !ok {
+ logger.InfoCF("qq", "Sending audio as file because duration is unavailable", map[string]any{
+ "ref": part.Ref,
+ "filename": part.Filename,
+ })
+ return "file"
+ }
+ if duration > qqVoiceMaxDuration {
+ logger.InfoCF("qq", "Sending audio as file because it exceeds QQ voice limit", map[string]any{
+ "ref": part.Ref,
+ "filename": part.Filename,
+ "duration_seconds": duration.Seconds(),
+ "limit_seconds": qqVoiceMaxDuration.Seconds(),
+ })
+ return "file"
+ }
+
+ return "audio"
+}
+
func (c *QQChannel) sendUploadedMedia(
ctx context.Context,
chatKind, chatID string,
@@ -670,9 +719,10 @@ func (c *QQChannel) extractInboundAttachments(
storeMedia := func(localPath string, attachment *dto.MessageAttachment) string {
if store := c.GetMediaStore(); store != nil {
ref, err := store.Store(localPath, media.MediaMeta{
- Filename: qqAttachmentFilename(attachment),
- ContentType: attachment.ContentType,
- Source: "qq",
+ Filename: qqAttachmentFilename(attachment),
+ ContentType: attachment.ContentType,
+ Source: "qq",
+ CleanupPolicy: media.CleanupPolicyDeleteOnCleanup,
}, scope)
if err == nil {
return ref
diff --git a/pkg/channels/qq/qq_test.go b/pkg/channels/qq/qq_test.go
index 3cb3d39bd..108965c00 100644
--- a/pkg/channels/qq/qq_test.go
+++ b/pkg/channels/qq/qq_test.go
@@ -1,8 +1,10 @@
package qq
import (
+ "bytes"
"context"
"encoding/base64"
+ "encoding/binary"
"encoding/json"
"errors"
"os"
@@ -264,6 +266,142 @@ func TestSendMedia_UploadsLocalFileAsBase64(t *testing.T) {
}
}
+func TestSendMedia_AudioAt60SecondsUsesVoiceUpload(t *testing.T) {
+ assertAudioWAVUploadType(t, 60*time.Second, 3)
+}
+
+func TestSendMedia_AudioOver60SecondsFallsBackToFileUpload(t *testing.T) {
+ assertAudioWAVUploadType(t, 61*time.Second, 4)
+}
+
+func assertAudioWAVUploadType(t *testing.T, duration time.Duration, wantFileType uint64) {
+ t.Helper()
+
+ messageBus := bus.NewMessageBus()
+ store := media.NewFileMediaStore()
+
+ localPath := writeWAVFile(t, t.TempDir(), "voice.wav", duration)
+ ref, err := store.Store(localPath, media.MediaMeta{
+ Filename: "voice.wav",
+ ContentType: "audio/wav",
+ }, "qq:test")
+ if err != nil {
+ t.Fatalf("Store() error = %v", err)
+ }
+
+ api := &fakeQQAPI{
+ transportResp: mustJSON(t, dto.Message{FileInfo: []byte("file-info")}),
+ }
+ ch := &QQChannel{
+ BaseChannel: channels.NewBaseChannel("qq", nil, messageBus, nil),
+ api: api,
+ dedup: make(map[string]time.Time),
+ done: make(chan struct{}),
+ ctx: context.Background(),
+ }
+ ch.SetRunning(true)
+ ch.SetMediaStore(store)
+ ch.chatType.Store("group-1", "group")
+
+ err = ch.SendMedia(context.Background(), bus.OutboundMediaMessage{
+ ChatID: "group-1",
+ Parts: []bus.MediaPart{{
+ Type: "audio",
+ Ref: ref,
+ }},
+ })
+ if err != nil {
+ t.Fatalf("SendMedia() error = %v", err)
+ }
+
+ if len(api.transportCalls) != 1 {
+ t.Fatalf("transportCalls = %d, want 1", len(api.transportCalls))
+ }
+ if api.transportCalls[0].body.FileType != wantFileType {
+ t.Fatalf("upload file_type = %d, want %d", api.transportCalls[0].body.FileType, wantFileType)
+ }
+}
+
+func TestSendMedia_RemoteAudioFallsBackToFileUpload(t *testing.T) {
+ messageBus := bus.NewMessageBus()
+ api := &fakeQQAPI{
+ transportResp: mustJSON(t, dto.Message{FileInfo: []byte("remote-file-info")}),
+ }
+ ch := &QQChannel{
+ BaseChannel: channels.NewBaseChannel("qq", nil, messageBus, nil),
+ api: api,
+ dedup: make(map[string]time.Time),
+ done: make(chan struct{}),
+ ctx: context.Background(),
+ }
+ ch.SetRunning(true)
+ ch.chatType.Store("user-1", "direct")
+
+ err := ch.SendMedia(context.Background(), bus.OutboundMediaMessage{
+ ChatID: "user-1",
+ Parts: []bus.MediaPart{{
+ Type: "audio",
+ Ref: "https://cdn.example.com/voice.ogg",
+ }},
+ })
+ if err != nil {
+ t.Fatalf("SendMedia() error = %v", err)
+ }
+
+ if len(api.transportCalls) != 1 {
+ t.Fatalf("transportCalls = %d, want 1", len(api.transportCalls))
+ }
+ if api.transportCalls[0].body.FileType != 4 {
+ t.Fatalf("upload file_type = %d, want 4", api.transportCalls[0].body.FileType)
+ }
+}
+
+func TestSendMedia_LocalAudioWithUnknownDurationFallsBackToFileUpload(t *testing.T) {
+ messageBus := bus.NewMessageBus()
+ store := media.NewFileMediaStore()
+
+ localPath := writeTempFile(t, t.TempDir(), "voice.mp3", []byte("not-a-real-mp3"))
+ ref, err := store.Store(localPath, media.MediaMeta{
+ Filename: "voice.mp3",
+ ContentType: "audio/mpeg",
+ }, "qq:test")
+ if err != nil {
+ t.Fatalf("Store() error = %v", err)
+ }
+
+ api := &fakeQQAPI{
+ transportResp: mustJSON(t, dto.Message{FileInfo: []byte("file-info")}),
+ }
+ ch := &QQChannel{
+ BaseChannel: channels.NewBaseChannel("qq", nil, messageBus, nil),
+ api: api,
+ dedup: make(map[string]time.Time),
+ done: make(chan struct{}),
+ ctx: context.Background(),
+ }
+ ch.SetRunning(true)
+ ch.SetMediaStore(store)
+ ch.chatType.Store("group-1", "group")
+
+ err = ch.SendMedia(context.Background(), bus.OutboundMediaMessage{
+ ChatID: "group-1",
+ Parts: []bus.MediaPart{{
+ Type: "audio",
+ Ref: ref,
+ }},
+ })
+ if err != nil {
+ t.Fatalf("SendMedia() error = %v", err)
+ }
+
+ if len(api.transportCalls) != 1 {
+ t.Fatalf("transportCalls = %d, want 1", len(api.transportCalls))
+ }
+ if api.transportCalls[0].body.FileType != 4 {
+ t.Fatalf("upload file_type = %d, want 4", api.transportCalls[0].body.FileType)
+ }
+}
+
func TestSendMedia_UsesRemoteURLUploadForC2C(t *testing.T) {
messageBus := bus.NewMessageBus()
api := &fakeQQAPI{
@@ -494,3 +632,53 @@ func writeTempFile(t *testing.T, dir, name string, content []byte) string {
}
return path
}
+
+func writeWAVFile(t *testing.T, dir, name string, duration time.Duration) string {
+ t.Helper()
+
+ const (
+ sampleRate = 8000
+ numChannels = 1
+ bitsPerSample = 8
+ )
+
+ dataSize := uint32(duration / time.Second * sampleRate * numChannels * (bitsPerSample / 8))
+ byteRate := uint32(sampleRate * numChannels * (bitsPerSample / 8))
+ blockAlign := uint16(numChannels * (bitsPerSample / 8))
+
+ var buf bytes.Buffer
+ buf.WriteString("RIFF")
+ if err := binary.Write(&buf, binary.LittleEndian, uint32(36)+dataSize); err != nil {
+ t.Fatalf("binary.Write(riff size) error = %v", err)
+ }
+ buf.WriteString("WAVE")
+ buf.WriteString("fmt ")
+ if err := binary.Write(&buf, binary.LittleEndian, uint32(16)); err != nil {
+ t.Fatalf("binary.Write(fmt chunk size) error = %v", err)
+ }
+ if err := binary.Write(&buf, binary.LittleEndian, uint16(1)); err != nil {
+ t.Fatalf("binary.Write(audio format) error = %v", err)
+ }
+ if err := binary.Write(&buf, binary.LittleEndian, uint16(numChannels)); err != nil {
+ t.Fatalf("binary.Write(channels) error = %v", err)
+ }
+ if err := binary.Write(&buf, binary.LittleEndian, uint32(sampleRate)); err != nil {
+ t.Fatalf("binary.Write(sample rate) error = %v", err)
+ }
+ if err := binary.Write(&buf, binary.LittleEndian, byteRate); err != nil {
+ t.Fatalf("binary.Write(byte rate) error = %v", err)
+ }
+ if err := binary.Write(&buf, binary.LittleEndian, blockAlign); err != nil {
+ t.Fatalf("binary.Write(block align) error = %v", err)
+ }
+ if err := binary.Write(&buf, binary.LittleEndian, uint16(bitsPerSample)); err != nil {
+ t.Fatalf("binary.Write(bits per sample) error = %v", err)
+ }
+ buf.WriteString("data")
+ if err := binary.Write(&buf, binary.LittleEndian, dataSize); err != nil {
+ t.Fatalf("binary.Write(data size) error = %v", err)
+ }
+ buf.Write(make([]byte, dataSize))
+
+ return writeTempFile(t, dir, name, buf.Bytes())
+}
diff --git a/pkg/channels/slack/slack.go b/pkg/channels/slack/slack.go
index 3ee849621..f03283ea4 100644
--- a/pkg/channels/slack/slack.go
+++ b/pkg/channels/slack/slack.go
@@ -37,13 +37,13 @@ type slackMessageRef struct {
}
func NewSlackChannel(cfg config.SlackConfig, messageBus *bus.MessageBus) (*SlackChannel, error) {
- if cfg.BotToken == "" || cfg.AppToken == "" {
+ if cfg.BotToken() == "" || cfg.AppToken() == "" {
return nil, fmt.Errorf("slack bot_token and app_token are required")
}
api := slack.New(
- cfg.BotToken,
- slack.OptionAppLevelToken(cfg.AppToken),
+ cfg.BotToken(),
+ slack.OptionAppLevelToken(cfg.AppToken()),
)
socketClient := socketmode.New(api)
@@ -327,8 +327,9 @@ func (c *SlackChannel) handleMessageEvent(ev *slackevents.MessageEvent) {
storeMedia := func(localPath, filename string) string {
if store := c.GetMediaStore(); store != nil {
ref, err := store.Store(localPath, media.MediaMeta{
- Filename: filename,
- Source: "slack",
+ Filename: filename,
+ Source: "slack",
+ CleanupPolicy: media.CleanupPolicyDeleteOnCleanup,
}, scope)
if err == nil {
return ref
@@ -515,7 +516,7 @@ func (c *SlackChannel) downloadSlackFile(file slack.File) string {
return utils.DownloadFile(downloadURL, file.Name, utils.DownloadOptions{
LoggerPrefix: "slack",
ExtraHeaders: map[string]string{
- "Authorization": "Bearer " + c.config.BotToken,
+ "Authorization": "Bearer " + c.config.BotToken(),
},
})
}
diff --git a/pkg/channels/slack/slack_test.go b/pkg/channels/slack/slack_test.go
index 30e0d2d73..23a7ee5c4 100644
--- a/pkg/channels/slack/slack_test.go
+++ b/pkg/channels/slack/slack_test.go
@@ -102,10 +102,8 @@ func TestNewSlackChannel(t *testing.T) {
msgBus := bus.NewMessageBus()
t.Run("missing bot token", func(t *testing.T) {
- cfg := config.SlackConfig{
- BotToken: "",
- AppToken: "xapp-test",
- }
+ cfg := config.SlackConfig{}
+ cfg.SetAppToken("xapp-test")
_, err := NewSlackChannel(cfg, msgBus)
if err == nil {
t.Error("expected error for missing bot_token, got nil")
@@ -113,10 +111,8 @@ func TestNewSlackChannel(t *testing.T) {
})
t.Run("missing app token", func(t *testing.T) {
- cfg := config.SlackConfig{
- BotToken: "xoxb-test",
- AppToken: "",
- }
+ cfg := config.SlackConfig{}
+ cfg.SetBotToken("xoxb-test")
_, err := NewSlackChannel(cfg, msgBus)
if err == nil {
t.Error("expected error for missing app_token, got nil")
@@ -125,10 +121,10 @@ func TestNewSlackChannel(t *testing.T) {
t.Run("valid config", func(t *testing.T) {
cfg := config.SlackConfig{
- BotToken: "xoxb-test",
- AppToken: "xapp-test",
AllowFrom: []string{"U123"},
}
+ cfg.SetBotToken("xoxb-test")
+ cfg.SetAppToken("xapp-test")
ch, err := NewSlackChannel(cfg, msgBus)
if err != nil {
t.Fatalf("unexpected error: %v", err)
@@ -147,10 +143,10 @@ func TestSlackChannelIsAllowed(t *testing.T) {
t.Run("empty allowlist allows all", func(t *testing.T) {
cfg := config.SlackConfig{
- BotToken: "xoxb-test",
- AppToken: "xapp-test",
AllowFrom: []string{},
}
+ cfg.SetBotToken("xoxb-test")
+ cfg.SetAppToken("xapp-test")
ch, _ := NewSlackChannel(cfg, msgBus)
if !ch.IsAllowed("U_ANYONE") {
t.Error("empty allowlist should allow all users")
@@ -159,10 +155,10 @@ func TestSlackChannelIsAllowed(t *testing.T) {
t.Run("allowlist restricts users", func(t *testing.T) {
cfg := config.SlackConfig{
- BotToken: "xoxb-test",
- AppToken: "xapp-test",
AllowFrom: []string{"U_ALLOWED"},
}
+ cfg.SetBotToken("xoxb-test")
+ cfg.SetAppToken("xapp-test")
ch, _ := NewSlackChannel(cfg, msgBus)
if !ch.IsAllowed("U_ALLOWED") {
t.Error("allowed user should pass allowlist check")
diff --git a/pkg/channels/telegram/telegram.go b/pkg/channels/telegram/telegram.go
index 3eb89c636..f62d6d008 100644
--- a/pkg/channels/telegram/telegram.go
+++ b/pkg/channels/telegram/telegram.go
@@ -83,7 +83,7 @@ func NewTelegramChannel(cfg *config.Config, bus *bus.MessageBus) (*TelegramChann
}
opts = append(opts, telego.WithLogger(logger.NewLogger("telego")))
- bot, err := telego.NewBot(telegramCfg.Token, opts...)
+ bot, err := telego.NewBot(telegramCfg.Token(), opts...)
if err != nil {
return nil, fmt.Errorf("failed to create telegram bot: %w", err)
}
@@ -561,8 +561,9 @@ func (c *TelegramChannel) handleMessage(ctx context.Context, message *telego.Mes
storeMedia := func(localPath, filename string) string {
if store := c.GetMediaStore(); store != nil {
ref, err := store.Store(localPath, media.MediaMeta{
- Filename: filename,
- Source: "telegram",
+ Filename: filename,
+ Source: "telegram",
+ CleanupPolicy: media.CleanupPolicyDeleteOnCleanup,
}, scope)
if err == nil {
return ref
diff --git a/pkg/channels/wecom/aibot.go b/pkg/channels/wecom/aibot.go
index 2264b8492..c5e148185 100644
--- a/pkg/channels/wecom/aibot.go
+++ b/pkg/channels/wecom/aibot.go
@@ -139,7 +139,7 @@ type WeComAIBotEncryptedResponse struct {
}
// NewWeComAIBotChannel creates a WeCom AI Bot channel instance.
-// If cfg.BotID and cfg.Secret are both set, it returns a WeComAIBotWSChannel
+// If cfg.BotID and cfg.secret are both set, it returns a WeComAIBotWSChannel
// using the WebSocket long-connection API.
// Otherwise it returns the webhook-mode WeComAIBotChannel (requires Token +
// EncodingAESKey).
@@ -147,13 +147,13 @@ func NewWeComAIBotChannel(
cfg config.WeComAIBotConfig,
messageBus *bus.MessageBus,
) (channels.Channel, error) {
- // WebSocket long-connection mode takes priority when BotID + Secret are set.
- if cfg.BotID != "" && cfg.Secret != "" {
- logger.InfoC("wecom_aibot", "BotID and Secret provided, using WebSocket mode")
+ // WebSocket long-connection mode takes priority when BotID + secret are set.
+ if cfg.BotID != "" && cfg.Secret() != "" {
+ logger.InfoC("wecom_aibot", "BotID and secret provided, using WebSocket mode")
return newWeComAIBotWSChannel(cfg, messageBus)
}
// Webhook (short-connection) mode.
- if cfg.Token == "" || cfg.EncodingAESKey == "" {
+ if cfg.Token() == "" || cfg.EncodingAESKey() == "" {
return nil, fmt.Errorf(
"WeCom AI Bot requires either (bot_id + secret) for WebSocket mode " +
"or (token + encoding_aes_key) for webhook mode")
@@ -350,7 +350,7 @@ func (c *WeComAIBotChannel) handleVerification(
})
// Verify signature
- if !verifySignature(c.config.Token, msgSignature, timestamp, nonce, echostr) {
+ if !verifySignature(c.config.Token(), msgSignature, timestamp, nonce, echostr) {
logger.ErrorC("wecom_aibot", "Signature verification failed")
http.Error(w, "Signature verification failed", http.StatusUnauthorized)
return
@@ -358,7 +358,7 @@ func (c *WeComAIBotChannel) handleVerification(
// Decrypt echostr
// For WeCom AI Bot (智能机器人), receiveid should be empty string
- decrypted, err := decryptMessageWithVerify(echostr, c.config.EncodingAESKey, "")
+ decrypted, err := decryptMessageWithVerify(echostr, c.config.EncodingAESKey(), "")
if err != nil {
logger.ErrorCF("wecom_aibot", "Failed to decrypt echostr", map[string]any{
"error": err,
@@ -417,7 +417,7 @@ func (c *WeComAIBotChannel) handleMessageCallback(
}
// Verify signature
- if !verifySignature(c.config.Token, msgSignature, timestamp, nonce, encryptedMsg.Encrypt) {
+ if !verifySignature(c.config.Token(), msgSignature, timestamp, nonce, encryptedMsg.Encrypt) {
logger.ErrorC("wecom_aibot", "Signature verification failed")
http.Error(w, "Signature verification failed", http.StatusUnauthorized)
return
@@ -425,7 +425,7 @@ func (c *WeComAIBotChannel) handleMessageCallback(
// Decrypt message
// For WeCom AI Bot (智能机器人), receiveid is empty string
- decrypted, err := decryptMessageWithVerify(encryptedMsg.Encrypt, c.config.EncodingAESKey, "")
+ decrypted, err := decryptMessageWithVerify(encryptedMsg.Encrypt, c.config.EncodingAESKey(), "")
if err != nil {
logger.ErrorCF("wecom_aibot", "Failed to decrypt message", map[string]any{
"error": err,
@@ -859,7 +859,7 @@ func (c *WeComAIBotChannel) encryptResponse(
}
// Generate signature
- signature := computeSignature(c.config.Token, timestamp, nonce, encrypted)
+ signature := computeSignature(c.config.Token(), timestamp, nonce, encrypted)
// Build encrypted response
encryptedResp := WeComAIBotEncryptedResponse{
@@ -894,7 +894,7 @@ func (c *WeComAIBotChannel) encryptEmptyResponse(timestamp, nonce string) string
// encryptMessage encrypts a plain text message for WeCom AI Bot
func (c *WeComAIBotChannel) encryptMessage(plaintext, receiveid string) (string, error) {
- aesKey, err := decodeWeComAESKey(c.config.EncodingAESKey)
+ aesKey, err := decodeWeComAESKey(c.config.EncodingAESKey())
if err != nil {
return "", err
}
diff --git a/pkg/channels/wecom/aibot_test.go b/pkg/channels/wecom/aibot_test.go
index 957b51c38..11c4393d6 100644
--- a/pkg/channels/wecom/aibot_test.go
+++ b/pkg/channels/wecom/aibot_test.go
@@ -15,12 +15,11 @@ import (
func TestNewWeComAIBotChannel_WebhookMode(t *testing.T) {
t.Run("success with valid config", func(t *testing.T) {
- cfg := config.WeComAIBotConfig{
- Enabled: true,
- Token: "test_token",
- EncodingAESKey: "testkey1234567890123456789012345678901234567",
- WebhookPath: "/webhook/test",
- }
+ cfg := config.WeComAIBotConfig{}
+ cfg.Enabled = true
+ cfg.SetToken("test_token")
+ cfg.SetEncodingAESKey("testkey1234567890123456789012345678901234567")
+ cfg.WebhookPath = "/webhook/test"
messageBus := bus.NewMessageBus()
ch, err := NewWeComAIBotChannel(cfg, messageBus)
@@ -40,10 +39,10 @@ func TestNewWeComAIBotChannel_WebhookMode(t *testing.T) {
})
t.Run("error with missing token", func(t *testing.T) {
- cfg := config.WeComAIBotConfig{
- Enabled: true,
- EncodingAESKey: "testkey1234567890123456789012345678901234567",
- }
+ cfg := config.WeComAIBotConfig{}
+ cfg.Enabled = true
+ cfg.SetEncodingAESKey("testkey1234567890123456789012345678901234567")
+
messageBus := bus.NewMessageBus()
_, err := NewWeComAIBotChannel(cfg, messageBus)
if err == nil {
@@ -52,10 +51,10 @@ func TestNewWeComAIBotChannel_WebhookMode(t *testing.T) {
})
t.Run("error with missing encoding key", func(t *testing.T) {
- cfg := config.WeComAIBotConfig{
- Enabled: true,
- Token: "test_token",
- }
+ cfg := config.WeComAIBotConfig{}
+ cfg.Enabled = true
+ cfg.SetToken("test_token")
+
messageBus := bus.NewMessageBus()
_, err := NewWeComAIBotChannel(cfg, messageBus)
if err == nil {
@@ -66,10 +65,10 @@ func TestNewWeComAIBotChannel_WebhookMode(t *testing.T) {
func TestWeComAIBotWebhookChannelStartStop(t *testing.T) {
cfg := config.WeComAIBotConfig{
- Enabled: true,
- Token: "test_token",
- EncodingAESKey: "testkey1234567890123456789012345678901234567",
+ Enabled: true,
}
+ cfg.SetToken("test_token")
+ cfg.SetEncodingAESKey("testkey1234567890123456789012345678901234567")
messageBus := bus.NewMessageBus()
ch, err := NewWeComAIBotChannel(cfg, messageBus)
@@ -96,11 +95,11 @@ func TestWeComAIBotWebhookChannelStartStop(t *testing.T) {
func TestWeComAIBotChannelWebhookPath(t *testing.T) {
t.Run("default path", func(t *testing.T) {
- cfg := config.WeComAIBotConfig{
- Enabled: true,
- Token: "test_token",
- EncodingAESKey: "testkey1234567890123456789012345678901234567",
- }
+ cfg := config.WeComAIBotConfig{}
+ cfg.Enabled = true
+ cfg.SetToken("test_token")
+ cfg.SetEncodingAESKey("testkey1234567890123456789012345678901234567")
+
messageBus := bus.NewMessageBus()
ch, _ := NewWeComAIBotChannel(cfg, messageBus)
@@ -116,12 +115,12 @@ func TestWeComAIBotChannelWebhookPath(t *testing.T) {
t.Run("custom path", func(t *testing.T) {
customPath := "/custom/webhook"
- cfg := config.WeComAIBotConfig{
- Enabled: true,
- Token: "test_token",
- EncodingAESKey: "testkey1234567890123456789012345678901234567",
- WebhookPath: customPath,
- }
+ cfg := config.WeComAIBotConfig{}
+ cfg.Enabled = true
+ cfg.SetToken("test_token")
+ cfg.SetEncodingAESKey("testkey1234567890123456789012345678901234567")
+ cfg.WebhookPath = customPath
+
messageBus := bus.NewMessageBus()
ch, _ := NewWeComAIBotChannel(cfg, messageBus)
@@ -140,10 +139,10 @@ func TestWeComAIBotChannelGetStreamResponseProcessingMessage(t *testing.T) {
t.Run("uses default processing message", func(t *testing.T) {
cfg := config.WeComAIBotConfig{
- Enabled: true,
- Token: "test_token",
- EncodingAESKey: validAESKey,
+ Enabled: true,
}
+ cfg.SetToken("test_token")
+ cfg.SetEncodingAESKey(validAESKey)
messageBus := bus.NewMessageBus()
channel, err := NewWeComAIBotChannel(cfg, messageBus)
@@ -187,10 +186,10 @@ func TestWeComAIBotChannelGetStreamResponseProcessingMessage(t *testing.T) {
t.Run("uses custom processing message", func(t *testing.T) {
cfg := config.WeComAIBotConfig{
Enabled: true,
- Token: "test_token",
- EncodingAESKey: validAESKey,
ProcessingMessage: "Please wait a moment. The result will be delivered in a follow-up message.",
}
+ cfg.SetToken("test_token")
+ cfg.SetEncodingAESKey(validAESKey)
messageBus := bus.NewMessageBus()
channel, err := NewWeComAIBotChannel(cfg, messageBus)
@@ -217,11 +216,11 @@ func TestWeComAIBotChannelGetStreamResponseProcessingMessage(t *testing.T) {
}
func TestGenerateStreamID(t *testing.T) {
- cfg := config.WeComAIBotConfig{
- Enabled: true,
- Token: "test_token",
- EncodingAESKey: "testkey1234567890123456789012345678901234567",
- }
+ cfg := config.WeComAIBotConfig{}
+ cfg.Enabled = true
+ cfg.SetToken("test_token")
+ cfg.SetEncodingAESKey("testkey1234567890123456789012345678901234567")
+
messageBus := bus.NewMessageBus()
ch, _ := NewWeComAIBotChannel(cfg, messageBus)
webhookCh, ok := ch.(*WeComAIBotChannel)
@@ -243,11 +242,12 @@ func TestGenerateStreamID(t *testing.T) {
}
func TestEncryptDecrypt(t *testing.T) {
- cfg := config.WeComAIBotConfig{
- Enabled: true,
- Token: "test_token",
- EncodingAESKey: "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG", // 43 characters
- }
+ // Use a valid 43-character base64 key (企业微信标准格式)
+ cfg := config.WeComAIBotConfig{}
+ cfg.Enabled = true
+ cfg.SetToken("test_token")
+ cfg.SetEncodingAESKey("abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG") // 43 characters
+
messageBus := bus.NewMessageBus()
ch, _ := NewWeComAIBotChannel(cfg, messageBus)
webhookCh, ok := ch.(*WeComAIBotChannel)
@@ -266,7 +266,8 @@ func TestEncryptDecrypt(t *testing.T) {
t.Fatal("Encrypted message is empty")
}
- decrypted, err := decryptMessageWithVerify(encrypted, cfg.EncodingAESKey, receiveid)
+ // Decrypt
+ decrypted, err := decryptMessageWithVerify(encrypted, cfg.EncodingAESKey(), receiveid)
if err != nil {
t.Fatalf("Failed to decrypt message: %v", err)
}
@@ -298,7 +299,7 @@ func decodeStreamResponse(t *testing.T, ch *WeComAIBotChannel, encryptedResponse
t.Fatalf("Failed to unmarshal encrypted response: %v", err)
}
- plaintext, err := decryptMessageWithVerify(wrapped.Encrypt, ch.config.EncodingAESKey, "")
+ plaintext, err := decryptMessageWithVerify(wrapped.Encrypt, ch.config.EncodingAESKey(), "")
if err != nil {
t.Fatalf("Failed to decrypt response: %v", err)
}
@@ -318,8 +319,8 @@ func TestNewWeComAIBotChannel_WSMode(t *testing.T) {
cfg := config.WeComAIBotConfig{
Enabled: true,
BotID: "test_bot_id",
- Secret: "test_secret",
}
+ cfg.SetSecret("test_secret")
messageBus := bus.NewMessageBus()
ch, err := NewWeComAIBotChannel(cfg, messageBus)
if err != nil {
@@ -339,27 +340,27 @@ func TestNewWeComAIBotChannel_WSMode(t *testing.T) {
t.Run("ws mode takes priority over webhook fields", func(t *testing.T) {
cfg := config.WeComAIBotConfig{
- Enabled: true,
- BotID: "test_bot_id",
- Secret: "test_secret",
- Token: "also_set",
- EncodingAESKey: "testkey1234567890123456789012345678901234567",
+ Enabled: true,
+ BotID: "test_bot_id",
}
+ cfg.SetSecret("test_secret")
+ cfg.SetToken("also_set")
+ cfg.SetEncodingAESKey("testkey1234567890123456789012345678901234567")
messageBus := bus.NewMessageBus()
ch, err := NewWeComAIBotChannel(cfg, messageBus)
if err != nil {
t.Fatalf("Expected no error, got %v", err)
}
if _, ok := ch.(*WeComAIBotWSChannel); !ok {
- t.Error("Expected WebSocket mode channel when both BotID+Secret and Token+Key are set")
+ t.Error("Expected WebSocket mode channel when both BotID+secret and Token+Key are set")
}
})
t.Run("error with missing bot_id", func(t *testing.T) {
cfg := config.WeComAIBotConfig{
Enabled: true,
- Secret: "test_secret",
}
+ cfg.SetSecret("test_secret")
messageBus := bus.NewMessageBus()
_, err := NewWeComAIBotChannel(cfg, messageBus)
// Missing bot_id alone means neither WS mode nor webhook mode is fully configured.
@@ -385,8 +386,8 @@ func TestWeComAIBotWSChannelStartStop(t *testing.T) {
cfg := config.WeComAIBotConfig{
Enabled: true,
BotID: "test_bot_id",
- Secret: "test_secret",
}
+ cfg.SetSecret("test_secret")
messageBus := bus.NewMessageBus()
ch, err := NewWeComAIBotChannel(cfg, messageBus)
if err != nil {
@@ -446,10 +447,10 @@ func TestWSGenerateID(t *testing.T) {
func makeWebhookChannel(t *testing.T) *WeComAIBotChannel {
t.Helper()
cfg := config.WeComAIBotConfig{
- Enabled: true,
- Token: "test_token",
- EncodingAESKey: "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG",
+ Enabled: true,
}
+ cfg.SetToken("test_token")
+ cfg.SetEncodingAESKey("abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG")
ch, err := NewWeComAIBotChannel(cfg, bus.NewMessageBus())
if err != nil {
t.Fatalf("create channel: %v", err)
diff --git a/pkg/channels/wecom/aibot_ws.go b/pkg/channels/wecom/aibot_ws.go
index 830e763b9..53dd7071f 100644
--- a/pkg/channels/wecom/aibot_ws.go
+++ b/pkg/channels/wecom/aibot_ws.go
@@ -225,7 +225,7 @@ func newWeComAIBotWSChannel(
cfg config.WeComAIBotConfig,
messageBus *bus.MessageBus,
) (*WeComAIBotWSChannel, error) {
- if cfg.BotID == "" || cfg.Secret == "" {
+ if cfg.BotID == "" || cfg.Secret() == "" {
return nil, fmt.Errorf("bot_id and secret are required for WeCom AI Bot WebSocket mode")
}
@@ -433,7 +433,7 @@ func (c *WeComAIBotWSChannel) runConnection() error {
Headers: wsHeaders{ReqID: reqID},
Body: map[string]string{
"bot_id": c.config.BotID,
- "secret": c.config.Secret,
+ "secret": c.config.Secret(),
},
}, wsSubscribeTimeout)
if err != nil {
@@ -1218,8 +1218,9 @@ func (c *WeComAIBotWSChannel) storeWSMedia(
scope := channels.BuildMediaScope("wecom_aibot", chatID, msgID)
ref, err := store.Store(tmpPath, media.MediaMeta{
- Filename: msgID + ext,
- Source: "wecom_aibot",
+ Filename: msgID + ext,
+ Source: "wecom_aibot",
+ CleanupPolicy: media.CleanupPolicyDeleteOnCleanup,
}, scope)
if err != nil {
os.Remove(tmpPath)
diff --git a/pkg/channels/wecom/aibot_ws_test.go b/pkg/channels/wecom/aibot_ws_test.go
index 0a533da5d..f2f8833a1 100644
--- a/pkg/channels/wecom/aibot_ws_test.go
+++ b/pkg/channels/wecom/aibot_ws_test.go
@@ -21,8 +21,8 @@ func newTestWSChannel(t *testing.T) *WeComAIBotWSChannel {
cfg := config.WeComAIBotConfig{
Enabled: true,
BotID: "test_bot_id",
- Secret: "test_secret",
}
+ cfg.SetSecret("test_secret")
ch, err := newWeComAIBotWSChannel(cfg, bus.NewMessageBus())
if err != nil {
t.Fatalf("create WS channel: %v", err)
diff --git a/pkg/channels/wecom/app.go b/pkg/channels/wecom/app.go
index 2098fcd4e..fccfc60a3 100644
--- a/pkg/channels/wecom/app.go
+++ b/pkg/channels/wecom/app.go
@@ -119,7 +119,7 @@ type PKCS7Padding struct{}
// NewWeComAppChannel creates a new WeCom App channel instance
func NewWeComAppChannel(cfg config.WeComAppConfig, messageBus *bus.MessageBus) (*WeComAppChannel, error) {
- if cfg.CorpID == "" || cfg.CorpSecret == "" || cfg.AgentID == 0 {
+ if cfg.CorpID == "" || cfg.CorpSecret() == "" || cfg.AgentID == 0 {
return nil, fmt.Errorf("wecom_app corp_id, corp_secret and agent_id are required")
}
@@ -497,9 +497,9 @@ func (c *WeComAppChannel) handleVerification(ctx context.Context, w http.Respons
}
// Verify signature
- if !verifySignature(c.config.Token, msgSignature, timestamp, nonce, echostr) {
+ if !verifySignature(c.config.Token(), msgSignature, timestamp, nonce, echostr) {
logger.WarnCF("wecom_app", "Signature verification failed", map[string]any{
- "token": c.config.Token,
+ "token": c.config.Token(),
"msg_signature": msgSignature,
"timestamp": timestamp,
"nonce": nonce,
@@ -513,10 +513,10 @@ func (c *WeComAppChannel) handleVerification(ctx context.Context, w http.Respons
// Decrypt echostr with CorpID verification
// For WeCom App (自建应用), receiveid should be corp_id
logger.DebugCF("wecom_app", "Attempting to decrypt echostr", map[string]any{
- "encoding_aes_key": c.config.EncodingAESKey,
+ "encoding_aes_key": c.config.EncodingAESKey(),
"corp_id": c.config.CorpID,
})
- decryptedEchoStr, err := decryptMessageWithVerify(echostr, c.config.EncodingAESKey, c.config.CorpID)
+ decryptedEchoStr, err := decryptMessageWithVerify(echostr, c.config.EncodingAESKey(), c.config.CorpID)
if err != nil {
logger.ErrorCF("wecom_app", "Failed to decrypt echostr", map[string]any{
"error": err.Error(),
@@ -575,7 +575,7 @@ func (c *WeComAppChannel) handleMessageCallback(ctx context.Context, w http.Resp
}
// Verify signature
- if !verifySignature(c.config.Token, msgSignature, timestamp, nonce, encryptedMsg.Encrypt) {
+ if !verifySignature(c.config.Token(), msgSignature, timestamp, nonce, encryptedMsg.Encrypt) {
logger.WarnC("wecom_app", "Message signature verification failed")
http.Error(w, "Invalid signature", http.StatusForbidden)
return
@@ -583,7 +583,7 @@ func (c *WeComAppChannel) handleMessageCallback(ctx context.Context, w http.Resp
// Decrypt message with CorpID verification
// For WeCom App (自建应用), receiveid should be corp_id
- decryptedMsg, err := decryptMessageWithVerify(encryptedMsg.Encrypt, c.config.EncodingAESKey, c.config.CorpID)
+ decryptedMsg, err := decryptMessageWithVerify(encryptedMsg.Encrypt, c.config.EncodingAESKey(), c.config.CorpID)
if err != nil {
logger.ErrorCF("wecom_app", "Failed to decrypt message", map[string]any{
"error": err.Error(),
@@ -689,7 +689,7 @@ func (c *WeComAppChannel) tokenRefreshLoop() {
// refreshAccessToken gets a new access token from WeCom API
func (c *WeComAppChannel) refreshAccessToken() error {
apiURL := fmt.Sprintf("%s/cgi-bin/gettoken?corpid=%s&corpsecret=%s",
- wecomAPIBase, url.QueryEscape(c.config.CorpID), url.QueryEscape(c.config.CorpSecret))
+ wecomAPIBase, url.QueryEscape(c.config.CorpID), url.QueryEscape(c.config.CorpSecret()))
resp, err := http.Get(apiURL)
if err != nil {
diff --git a/pkg/channels/wecom/app_test.go b/pkg/channels/wecom/app_test.go
index 7d07041ad..502544441 100644
--- a/pkg/channels/wecom/app_test.go
+++ b/pkg/channels/wecom/app_test.go
@@ -91,10 +91,10 @@ func TestNewWeComAppChannel(t *testing.T) {
t.Run("missing corp_id", func(t *testing.T) {
cfg := config.WeComAppConfig{
- CorpID: "",
- CorpSecret: "test_secret",
- AgentID: 1000002,
+ CorpID: "",
+ AgentID: 1000002,
}
+ cfg.SetCorpSecret("test_secret")
_, err := NewWeComAppChannel(cfg, msgBus)
if err == nil {
t.Error("expected error for missing corp_id, got nil")
@@ -103,9 +103,8 @@ func TestNewWeComAppChannel(t *testing.T) {
t.Run("missing corp_secret", func(t *testing.T) {
cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "",
- AgentID: 1000002,
+ CorpID: "test_corp_id",
+ AgentID: 1000002,
}
_, err := NewWeComAppChannel(cfg, msgBus)
if err == nil {
@@ -115,10 +114,10 @@ func TestNewWeComAppChannel(t *testing.T) {
t.Run("missing agent_id", func(t *testing.T) {
cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 0,
+ CorpID: "test_corp_id",
+ AgentID: 0,
}
+ cfg.SetCorpSecret("test_secret")
_, err := NewWeComAppChannel(cfg, msgBus)
if err == nil {
t.Error("expected error for missing agent_id, got nil")
@@ -127,11 +126,11 @@ func TestNewWeComAppChannel(t *testing.T) {
t.Run("valid config", func(t *testing.T) {
cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 1000002,
- AllowFrom: []string{"user1", "user2"},
+ CorpID: "test_corp_id",
+ AgentID: 1000002,
+ AllowFrom: []string{"user1", "user2"},
}
+ cfg.SetCorpSecret("test_secret")
ch, err := NewWeComAppChannel(cfg, msgBus)
if err != nil {
t.Fatalf("unexpected error: %v", err)
@@ -150,11 +149,11 @@ func TestWeComAppChannelIsAllowed(t *testing.T) {
t.Run("empty allowlist allows all", func(t *testing.T) {
cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 1000002,
- AllowFrom: []string{},
+ CorpID: "test_corp_id",
+ AgentID: 1000002,
+ AllowFrom: []string{},
}
+ cfg.SetCorpSecret("test_secret")
ch, _ := NewWeComAppChannel(cfg, msgBus)
if !ch.IsAllowed("any_user") {
t.Error("empty allowlist should allow all users")
@@ -163,11 +162,11 @@ func TestWeComAppChannelIsAllowed(t *testing.T) {
t.Run("allowlist restricts users", func(t *testing.T) {
cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 1000002,
- AllowFrom: []string{"allowed_user"},
+ CorpID: "test_corp_id",
+ AgentID: 1000002,
+ AllowFrom: []string{"allowed_user"},
}
+ cfg.SetCorpSecret("test_secret")
ch, _ := NewWeComAppChannel(cfg, msgBus)
if !ch.IsAllowed("allowed_user") {
t.Error("allowed user should pass allowlist check")
@@ -180,12 +179,11 @@ func TestWeComAppChannelIsAllowed(t *testing.T) {
func TestWeComAppVerifySignature(t *testing.T) {
msgBus := bus.NewMessageBus()
- cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 1000002,
- Token: "test_token",
- }
+ cfg := config.WeComAppConfig{}
+ cfg.CorpID = "test_corp_id"
+ cfg.SetCorpSecret("test_secret")
+ cfg.AgentID = 1000002
+ cfg.SetToken("test_token")
ch, _ := NewWeComAppChannel(cfg, msgBus)
t.Run("valid signature", func(t *testing.T) {
@@ -194,7 +192,7 @@ func TestWeComAppVerifySignature(t *testing.T) {
msgEncrypt := "test_message"
expectedSig := generateSignatureApp("test_token", timestamp, nonce, msgEncrypt)
- if !verifySignature(ch.config.Token, expectedSig, timestamp, nonce, msgEncrypt) {
+ if !verifySignature(ch.config.Token(), expectedSig, timestamp, nonce, msgEncrypt) {
t.Error("valid signature should pass verification")
}
})
@@ -204,21 +202,20 @@ func TestWeComAppVerifySignature(t *testing.T) {
nonce := "test_nonce"
msgEncrypt := "test_message"
- if verifySignature(ch.config.Token, "invalid_sig", timestamp, nonce, msgEncrypt) {
+ if verifySignature(ch.config.Token(), "invalid_sig", timestamp, nonce, msgEncrypt) {
t.Error("invalid signature should fail verification")
}
})
t.Run("empty token rejects verification (fail-closed)", func(t *testing.T) {
- cfgEmpty := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 1000002,
- Token: "",
- }
+ cfgEmpty := config.WeComAppConfig{}
+ cfgEmpty.CorpID = "test_corp_id"
+ cfgEmpty.SetCorpSecret("test_secret")
+ cfgEmpty.AgentID = 1000002
+ cfgEmpty.SetToken("")
chEmpty, _ := NewWeComAppChannel(cfgEmpty, msgBus)
- if verifySignature(chEmpty.config.Token, "any_sig", "any_ts", "any_nonce", "any_msg") {
+ if verifySignature(chEmpty.config.Token(), "any_sig", "any_ts", "any_nonce", "any_msg") {
t.Error("empty token should reject verification (fail-closed)")
}
})
@@ -228,19 +225,18 @@ func TestWeComAppDecryptMessage(t *testing.T) {
msgBus := bus.NewMessageBus()
t.Run("decrypt without AES key", func(t *testing.T) {
- cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 1000002,
- EncodingAESKey: "",
- }
+ cfg := config.WeComAppConfig{}
+ cfg.CorpID = "test_corp_id"
+ cfg.SetCorpSecret("test_secret")
+ cfg.AgentID = 1000002
+ cfg.SetEncodingAESKey("")
ch, _ := NewWeComAppChannel(cfg, msgBus)
// Without AES key, message should be base64 decoded only
plainText := "hello world"
encoded := base64.StdEncoding.EncodeToString([]byte(plainText))
- result, err := decryptMessage(encoded, ch.config.EncodingAESKey)
+ result, err := decryptMessage(encoded, ch.config.EncodingAESKey())
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
@@ -252,11 +248,11 @@ func TestWeComAppDecryptMessage(t *testing.T) {
t.Run("decrypt with AES key", func(t *testing.T) {
aesKey := generateTestAESKeyApp()
cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 1000002,
- EncodingAESKey: aesKey,
+ CorpID: "test_corp_id",
+ AgentID: 1000002,
}
+ cfg.SetCorpSecret("test_secret")
+ cfg.SetEncodingAESKey(aesKey)
ch, _ := NewWeComAppChannel(cfg, msgBus)
originalMsg := "Hello"
@@ -265,7 +261,7 @@ func TestWeComAppDecryptMessage(t *testing.T) {
t.Fatalf("failed to encrypt test message: %v", err)
}
- result, err := decryptMessage(encrypted, ch.config.EncodingAESKey)
+ result, err := decryptMessage(encrypted, ch.config.EncodingAESKey())
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
@@ -276,29 +272,28 @@ func TestWeComAppDecryptMessage(t *testing.T) {
t.Run("invalid base64", func(t *testing.T) {
cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 1000002,
- EncodingAESKey: "",
+ CorpID: "test_corp_id",
+ AgentID: 1000002,
}
+ cfg.SetCorpSecret("test_secret")
+ cfg.SetEncodingAESKey("")
ch, _ := NewWeComAppChannel(cfg, msgBus)
- _, err := decryptMessage("invalid_base64!!!", ch.config.EncodingAESKey)
+ _, err := decryptMessage("invalid_base64!!!", ch.config.EncodingAESKey())
if err == nil {
t.Error("expected error for invalid base64, got nil")
}
})
t.Run("invalid AES key", func(t *testing.T) {
- cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 1000002,
- EncodingAESKey: "invalid_key",
- }
+ cfg := config.WeComAppConfig{}
+ cfg.CorpID = "test_corp_id"
+ cfg.SetCorpSecret("test_secret")
+ cfg.AgentID = 1000002
+ cfg.SetEncodingAESKey("invalid_key")
ch, _ := NewWeComAppChannel(cfg, msgBus)
- _, err := decryptMessage(base64.StdEncoding.EncodeToString([]byte("test")), ch.config.EncodingAESKey)
+ _, err := decryptMessage(base64.StdEncoding.EncodeToString([]byte("test")), ch.config.EncodingAESKey())
if err == nil {
t.Error("expected error for invalid AES key, got nil")
}
@@ -306,17 +301,16 @@ func TestWeComAppDecryptMessage(t *testing.T) {
t.Run("ciphertext too short", func(t *testing.T) {
aesKey := generateTestAESKeyApp()
- cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 1000002,
- EncodingAESKey: aesKey,
- }
+ cfg := config.WeComAppConfig{}
+ cfg.CorpID = "test_corp_id"
+ cfg.SetCorpSecret("test_secret")
+ cfg.AgentID = 1000002
+ cfg.SetEncodingAESKey(aesKey)
ch, _ := NewWeComAppChannel(cfg, msgBus)
// Encrypt a very short message that results in ciphertext less than block size
shortData := make([]byte, 8)
- _, err := decryptMessage(base64.StdEncoding.EncodeToString(shortData), ch.config.EncodingAESKey)
+ _, err := decryptMessage(base64.StdEncoding.EncodeToString(shortData), ch.config.EncodingAESKey())
if err == nil {
t.Error("expected error for short ciphertext, got nil")
}
@@ -326,13 +320,12 @@ func TestWeComAppDecryptMessage(t *testing.T) {
func TestWeComAppHandleVerification(t *testing.T) {
msgBus := bus.NewMessageBus()
aesKey := generateTestAESKeyApp()
- cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 1000002,
- Token: "test_token",
- EncodingAESKey: aesKey,
- }
+ cfg := config.WeComAppConfig{}
+ cfg.CorpID = "test_corp_id"
+ cfg.SetCorpSecret("test_secret")
+ cfg.AgentID = 1000002
+ cfg.SetToken("test_token")
+ cfg.SetEncodingAESKey(aesKey)
ch, _ := NewWeComAppChannel(cfg, msgBus)
t.Run("valid verification request", func(t *testing.T) {
@@ -394,13 +387,12 @@ func TestWeComAppHandleVerification(t *testing.T) {
func TestWeComAppHandleMessageCallback(t *testing.T) {
msgBus := bus.NewMessageBus()
aesKey := generateTestAESKeyApp()
- cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 1000002,
- Token: "test_token",
- EncodingAESKey: aesKey,
- }
+ cfg := config.WeComAppConfig{}
+ cfg.CorpID = "test_corp_id"
+ cfg.SetCorpSecret("test_secret")
+ cfg.AgentID = 1000002
+ cfg.SetToken("test_token")
+ cfg.SetEncodingAESKey(aesKey)
ch, _ := NewWeComAppChannel(cfg, msgBus)
t.Run("valid message callback", func(t *testing.T) {
@@ -509,10 +501,10 @@ func TestWeComAppHandleMessageCallback(t *testing.T) {
func TestWeComAppProcessMessage(t *testing.T) {
msgBus := bus.NewMessageBus()
cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 1000002,
+ CorpID: "test_corp_id",
+ AgentID: 1000002,
}
+ cfg.SetCorpSecret("test_secret")
ch, _ := NewWeComAppChannel(cfg, msgBus)
t.Run("process text message", func(t *testing.T) {
@@ -594,12 +586,11 @@ func TestWeComAppProcessMessage(t *testing.T) {
func TestWeComAppHandleWebhook(t *testing.T) {
msgBus := bus.NewMessageBus()
- cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 1000002,
- Token: "test_token",
- }
+ cfg := config.WeComAppConfig{}
+ cfg.CorpID = "test_corp_id"
+ cfg.SetCorpSecret("test_secret")
+ cfg.AgentID = 1000002
+ cfg.SetToken("test_token")
ch, _ := NewWeComAppChannel(cfg, msgBus)
t.Run("GET request calls verification", func(t *testing.T) {
@@ -666,10 +657,10 @@ func TestWeComAppHandleWebhook(t *testing.T) {
func TestWeComAppHandleHealth(t *testing.T) {
msgBus := bus.NewMessageBus()
cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 1000002,
+ CorpID: "test_corp_id",
+ AgentID: 1000002,
}
+ cfg.SetCorpSecret("test_secret")
ch, _ := NewWeComAppChannel(cfg, msgBus)
req := httptest.NewRequest(http.MethodGet, "/health/wecom-app", nil)
@@ -695,10 +686,10 @@ func TestWeComAppHandleHealth(t *testing.T) {
func TestWeComAppAccessToken(t *testing.T) {
msgBus := bus.NewMessageBus()
cfg := config.WeComAppConfig{
- CorpID: "test_corp_id",
- CorpSecret: "test_secret",
- AgentID: 1000002,
+ CorpID: "test_corp_id",
+ AgentID: 1000002,
}
+ cfg.SetCorpSecret("test_secret")
ch, _ := NewWeComAppChannel(cfg, msgBus)
t.Run("get empty access token initially", func(t *testing.T) {
diff --git a/pkg/channels/wecom/bot.go b/pkg/channels/wecom/bot.go
index 96d5a961f..22461b768 100644
--- a/pkg/channels/wecom/bot.go
+++ b/pkg/channels/wecom/bot.go
@@ -82,7 +82,7 @@ type WeComBotReplyMessage struct {
// NewWeComBotChannel creates a new WeCom Bot channel instance
func NewWeComBotChannel(cfg config.WeComConfig, messageBus *bus.MessageBus) (*WeComBotChannel, error) {
- if cfg.Token == "" || cfg.WebhookURL == "" {
+ if cfg.Token() == "" || cfg.WebhookURL == "" {
return nil, fmt.Errorf("wecom token and webhook_url are required")
}
@@ -216,7 +216,7 @@ func (c *WeComBotChannel) handleVerification(ctx context.Context, w http.Respons
}
// Verify signature
- if !verifySignature(c.config.Token, msgSignature, timestamp, nonce, echostr) {
+ if !verifySignature(c.config.Token(), msgSignature, timestamp, nonce, echostr) {
logger.WarnC("wecom", "Signature verification failed")
http.Error(w, "Invalid signature", http.StatusForbidden)
return
@@ -225,7 +225,7 @@ func (c *WeComBotChannel) handleVerification(ctx context.Context, w http.Respons
// Decrypt echostr
// For AIBOT (智能机器人), receiveid should be empty string ""
// Reference: https://developer.work.weixin.qq.com/document/path/101033
- decryptedEchoStr, err := decryptMessageWithVerify(echostr, c.config.EncodingAESKey, "")
+ decryptedEchoStr, err := decryptMessageWithVerify(echostr, c.config.EncodingAESKey(), "")
if err != nil {
logger.ErrorCF("wecom", "Failed to decrypt echostr", map[string]any{
"error": err.Error(),
@@ -278,7 +278,7 @@ func (c *WeComBotChannel) handleMessageCallback(ctx context.Context, w http.Resp
}
// Verify signature
- if !verifySignature(c.config.Token, msgSignature, timestamp, nonce, encryptedMsg.Encrypt) {
+ if !verifySignature(c.config.Token(), msgSignature, timestamp, nonce, encryptedMsg.Encrypt) {
logger.WarnC("wecom", "Message signature verification failed")
http.Error(w, "Invalid signature", http.StatusForbidden)
return
@@ -287,7 +287,7 @@ func (c *WeComBotChannel) handleMessageCallback(ctx context.Context, w http.Resp
// Decrypt message
// For AIBOT (智能机器人), receiveid should be empty string ""
// Reference: https://developer.work.weixin.qq.com/document/path/101033
- decryptedMsg, err := decryptMessageWithVerify(encryptedMsg.Encrypt, c.config.EncodingAESKey, "")
+ decryptedMsg, err := decryptMessageWithVerify(encryptedMsg.Encrypt, c.config.EncodingAESKey(), "")
if err != nil {
logger.ErrorCF("wecom", "Failed to decrypt message", map[string]any{
"error": err.Error(),
diff --git a/pkg/channels/wecom/bot_test.go b/pkg/channels/wecom/bot_test.go
index d223bb6b6..7b50a86f7 100644
--- a/pkg/channels/wecom/bot_test.go
+++ b/pkg/channels/wecom/bot_test.go
@@ -89,10 +89,9 @@ func TestNewWeComBotChannel(t *testing.T) {
msgBus := bus.NewMessageBus()
t.Run("missing token", func(t *testing.T) {
- cfg := config.WeComConfig{
- Token: "",
- WebhookURL: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test",
- }
+ cfg := config.WeComConfig{}
+ cfg.SetToken("")
+ cfg.WebhookURL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test"
_, err := NewWeComBotChannel(cfg, msgBus)
if err == nil {
t.Error("expected error for missing token, got nil")
@@ -100,10 +99,9 @@ func TestNewWeComBotChannel(t *testing.T) {
})
t.Run("missing webhook_url", func(t *testing.T) {
- cfg := config.WeComConfig{
- Token: "test_token",
- WebhookURL: "",
- }
+ cfg := config.WeComConfig{}
+ cfg.SetToken("test_token")
+ cfg.WebhookURL = ""
_, err := NewWeComBotChannel(cfg, msgBus)
if err == nil {
t.Error("expected error for missing webhook_url, got nil")
@@ -111,11 +109,10 @@ func TestNewWeComBotChannel(t *testing.T) {
})
t.Run("valid config", func(t *testing.T) {
- cfg := config.WeComConfig{
- Token: "test_token",
- WebhookURL: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test",
- AllowFrom: []string{"user1", "user2"},
- }
+ cfg := config.WeComConfig{}
+ cfg.SetToken("test_token")
+ cfg.WebhookURL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test"
+ cfg.AllowFrom = []string{"user1", "user2"}
ch, err := NewWeComBotChannel(cfg, msgBus)
if err != nil {
t.Fatalf("unexpected error: %v", err)
@@ -133,11 +130,10 @@ func TestWeComBotChannelIsAllowed(t *testing.T) {
msgBus := bus.NewMessageBus()
t.Run("empty allowlist allows all", func(t *testing.T) {
- cfg := config.WeComConfig{
- Token: "test_token",
- WebhookURL: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test",
- AllowFrom: []string{},
- }
+ cfg := config.WeComConfig{}
+ cfg.SetToken("test_token")
+ cfg.WebhookURL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test"
+ cfg.AllowFrom = []string{}
ch, _ := NewWeComBotChannel(cfg, msgBus)
if !ch.IsAllowed("any_user") {
t.Error("empty allowlist should allow all users")
@@ -145,11 +141,10 @@ func TestWeComBotChannelIsAllowed(t *testing.T) {
})
t.Run("allowlist restricts users", func(t *testing.T) {
- cfg := config.WeComConfig{
- Token: "test_token",
- WebhookURL: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test",
- AllowFrom: []string{"allowed_user"},
- }
+ cfg := config.WeComConfig{}
+ cfg.SetToken("test_token")
+ cfg.WebhookURL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test"
+ cfg.AllowFrom = []string{"allowed_user"}
ch, _ := NewWeComBotChannel(cfg, msgBus)
if !ch.IsAllowed("allowed_user") {
t.Error("allowed user should pass allowlist check")
@@ -162,10 +157,9 @@ func TestWeComBotChannelIsAllowed(t *testing.T) {
func TestWeComBotVerifySignature(t *testing.T) {
msgBus := bus.NewMessageBus()
- cfg := config.WeComConfig{
- Token: "test_token",
- WebhookURL: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test",
- }
+ cfg := config.WeComConfig{}
+ cfg.SetToken("test_token")
+ cfg.WebhookURL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test"
ch, _ := NewWeComBotChannel(cfg, msgBus)
t.Run("valid signature", func(t *testing.T) {
@@ -174,7 +168,7 @@ func TestWeComBotVerifySignature(t *testing.T) {
msgEncrypt := "test_message"
expectedSig := generateSignature("test_token", timestamp, nonce, msgEncrypt)
- if !verifySignature(ch.config.Token, expectedSig, timestamp, nonce, msgEncrypt) {
+ if !verifySignature(ch.config.Token(), expectedSig, timestamp, nonce, msgEncrypt) {
t.Error("valid signature should pass verification")
}
})
@@ -184,21 +178,20 @@ func TestWeComBotVerifySignature(t *testing.T) {
nonce := "test_nonce"
msgEncrypt := "test_message"
- if verifySignature(ch.config.Token, "invalid_sig", timestamp, nonce, msgEncrypt) {
+ if verifySignature(ch.config.Token(), "invalid_sig", timestamp, nonce, msgEncrypt) {
t.Error("invalid signature should fail verification")
}
})
t.Run("empty token rejects verification (fail-closed)", func(t *testing.T) {
- cfgEmpty := config.WeComConfig{
- Token: "",
- WebhookURL: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test",
- }
+ cfgEmpty := config.WeComConfig{}
+ cfgEmpty.SetToken("")
+ cfgEmpty.WebhookURL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test"
chEmpty := &WeComBotChannel{
config: cfgEmpty,
}
- if verifySignature(chEmpty.config.Token, "any_sig", "any_ts", "any_nonce", "any_msg") {
+ if verifySignature(chEmpty.config.Token(), "any_sig", "any_ts", "any_nonce", "any_msg") {
t.Error("empty token should reject verification (fail-closed)")
}
})
@@ -208,18 +201,17 @@ func TestWeComBotDecryptMessage(t *testing.T) {
msgBus := bus.NewMessageBus()
t.Run("decrypt without AES key", func(t *testing.T) {
- cfg := config.WeComConfig{
- Token: "test_token",
- WebhookURL: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test",
- EncodingAESKey: "",
- }
+ cfg := config.WeComConfig{}
+ cfg.SetToken("test_token")
+ cfg.WebhookURL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test"
+ cfg.SetEncodingAESKey("")
ch, _ := NewWeComBotChannel(cfg, msgBus)
// Without AES key, message should be base64 decoded only
plainText := "hello world"
encoded := base64.StdEncoding.EncodeToString([]byte(plainText))
- result, err := decryptMessage(encoded, ch.config.EncodingAESKey)
+ result, err := decryptMessage(encoded, ch.config.EncodingAESKey())
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
@@ -230,11 +222,10 @@ func TestWeComBotDecryptMessage(t *testing.T) {
t.Run("decrypt with AES key", func(t *testing.T) {
aesKey := generateTestAESKey()
- cfg := config.WeComConfig{
- Token: "test_token",
- WebhookURL: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test",
- EncodingAESKey: aesKey,
- }
+ cfg := config.WeComConfig{}
+ cfg.SetToken("test_token")
+ cfg.WebhookURL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test"
+ cfg.SetEncodingAESKey(aesKey)
ch, _ := NewWeComBotChannel(cfg, msgBus)
originalMsg := "Hello"
@@ -243,7 +234,7 @@ func TestWeComBotDecryptMessage(t *testing.T) {
t.Fatalf("failed to encrypt test message: %v", err)
}
- result, err := decryptMessage(encrypted, ch.config.EncodingAESKey)
+ result, err := decryptMessage(encrypted, ch.config.EncodingAESKey())
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
@@ -253,28 +244,26 @@ func TestWeComBotDecryptMessage(t *testing.T) {
})
t.Run("invalid base64", func(t *testing.T) {
- cfg := config.WeComConfig{
- Token: "test_token",
- WebhookURL: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test",
- EncodingAESKey: "",
- }
+ cfg := config.WeComConfig{}
+ cfg.SetToken("test_token")
+ cfg.WebhookURL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test"
+ cfg.SetEncodingAESKey("")
ch, _ := NewWeComBotChannel(cfg, msgBus)
- _, err := decryptMessage("invalid_base64!!!", ch.config.EncodingAESKey)
+ _, err := decryptMessage("invalid_base64!!!", ch.config.EncodingAESKey())
if err == nil {
t.Error("expected error for invalid base64, got nil")
}
})
t.Run("invalid AES key", func(t *testing.T) {
- cfg := config.WeComConfig{
- Token: "test_token",
- WebhookURL: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test",
- EncodingAESKey: "invalid_key",
- }
+ cfg := config.WeComConfig{}
+ cfg.SetToken("test_token")
+ cfg.WebhookURL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test"
+ cfg.SetEncodingAESKey("invalid_key")
ch, _ := NewWeComBotChannel(cfg, msgBus)
- _, err := decryptMessage(base64.StdEncoding.EncodeToString([]byte("test")), ch.config.EncodingAESKey)
+ _, err := decryptMessage(base64.StdEncoding.EncodeToString([]byte("test")), ch.config.EncodingAESKey())
if err == nil {
t.Error("expected error for invalid AES key, got nil")
}
@@ -338,11 +327,10 @@ func TestWeComBotPKCS7Unpad(t *testing.T) {
func TestWeComBotHandleVerification(t *testing.T) {
msgBus := bus.NewMessageBus()
aesKey := generateTestAESKey()
- cfg := config.WeComConfig{
- Token: "test_token",
- EncodingAESKey: aesKey,
- WebhookURL: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test",
- }
+ cfg := config.WeComConfig{}
+ cfg.SetToken("test_token")
+ cfg.SetEncodingAESKey(aesKey)
+ cfg.WebhookURL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test"
ch, _ := NewWeComBotChannel(cfg, msgBus)
t.Run("valid verification request", func(t *testing.T) {
@@ -404,11 +392,10 @@ func TestWeComBotHandleVerification(t *testing.T) {
func TestWeComBotHandleMessageCallback(t *testing.T) {
msgBus := bus.NewMessageBus()
aesKey := generateTestAESKey()
- cfg := config.WeComConfig{
- Token: "test_token",
- EncodingAESKey: aesKey,
- WebhookURL: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test",
- }
+ cfg := config.WeComConfig{}
+ cfg.SetToken("test_token")
+ cfg.SetEncodingAESKey(aesKey)
+ cfg.WebhookURL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test"
ch, _ := NewWeComBotChannel(cfg, msgBus)
runBotMessageCallback := func(t *testing.T, jsonMsg string) *httptest.ResponseRecorder {
@@ -530,10 +517,9 @@ func TestWeComBotHandleMessageCallback(t *testing.T) {
func TestWeComBotProcessMessage(t *testing.T) {
msgBus := bus.NewMessageBus()
- cfg := config.WeComConfig{
- Token: "test_token",
- WebhookURL: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test",
- }
+ cfg := config.WeComConfig{}
+ cfg.SetToken("test_token")
+ cfg.WebhookURL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test"
ch, _ := NewWeComBotChannel(cfg, msgBus)
t.Run("process direct text message", func(t *testing.T) {
@@ -599,10 +585,9 @@ func TestWeComBotProcessMessage(t *testing.T) {
func TestWeComBotHandleWebhook(t *testing.T) {
msgBus := bus.NewMessageBus()
- cfg := config.WeComConfig{
- Token: "test_token",
- WebhookURL: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test",
- }
+ cfg := config.WeComConfig{}
+ cfg.SetToken("test_token")
+ cfg.WebhookURL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test"
ch, _ := NewWeComBotChannel(cfg, msgBus)
t.Run("GET request calls verification", func(t *testing.T) {
@@ -668,10 +653,9 @@ func TestWeComBotHandleWebhook(t *testing.T) {
func TestWeComBotHandleHealth(t *testing.T) {
msgBus := bus.NewMessageBus()
- cfg := config.WeComConfig{
- Token: "test_token",
- WebhookURL: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test",
- }
+ cfg := config.WeComConfig{}
+ cfg.SetToken("test_token")
+ cfg.WebhookURL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test"
ch, _ := NewWeComBotChannel(cfg, msgBus)
req := httptest.NewRequest(http.MethodGet, "/health/wecom", nil)
diff --git a/pkg/channels/weixin/media.go b/pkg/channels/weixin/media.go
index 0332f48f6..72af27438 100644
--- a/pkg/channels/weixin/media.go
+++ b/pkg/channels/weixin/media.go
@@ -291,9 +291,10 @@ func (c *WeixinChannel) storeInboundBytes(
return "", err
}
ref, err := store.Store(tmpPath, media.MediaMeta{
- Filename: filename,
- ContentType: contentType,
- Source: "weixin",
+ Filename: filename,
+ ContentType: contentType,
+ Source: "weixin",
+ CleanupPolicy: media.CleanupPolicyDeleteOnCleanup,
}, basechannels.BuildMediaScope("weixin", chatID, messageID))
if err != nil {
os.Remove(tmpPath)
diff --git a/pkg/channels/weixin/state.go b/pkg/channels/weixin/state.go
index 02c137b83..9672e614d 100644
--- a/pkg/channels/weixin/state.go
+++ b/pkg/channels/weixin/state.go
@@ -46,7 +46,7 @@ func picoclawHomeDir() string {
func buildWeixinSyncBufPath(cfg config.WeixinConfig) string {
key := "default"
- token := strings.TrimSpace(cfg.Token)
+ token := strings.TrimSpace(cfg.Token())
if token != "" {
sum := sha256.Sum256([]byte(strings.TrimSpace(cfg.BaseURL) + "|" + token))
key = hex.EncodeToString(sum[:8])
diff --git a/pkg/channels/weixin/weixin.go b/pkg/channels/weixin/weixin.go
index 43c776f98..b9e821ef1 100644
--- a/pkg/channels/weixin/weixin.go
+++ b/pkg/channels/weixin/weixin.go
@@ -42,7 +42,7 @@ func init() {
// NewWeixinChannel creates a new WeixinChannel from config.
func NewWeixinChannel(cfg config.WeixinConfig, messageBus *bus.MessageBus) (*WeixinChannel, error) {
- api, err := NewApiClient(cfg.BaseURL, cfg.Token, cfg.Proxy)
+ api, err := NewApiClient(cfg.BaseURL, cfg.Token(), cfg.Proxy)
if err != nil {
return nil, fmt.Errorf("weixin: failed to create API client: %w", err)
}
diff --git a/pkg/channels/weixin/weixin_test.go b/pkg/channels/weixin/weixin_test.go
index 115675395..62984c965 100644
--- a/pkg/channels/weixin/weixin_test.go
+++ b/pkg/channels/weixin/weixin_test.go
@@ -149,10 +149,11 @@ func TestBuildWeixinSyncBufPathUsesPicoclawHome(t *testing.T) {
home := t.TempDir()
t.Setenv(config.EnvHome, home)
- got := buildWeixinSyncBufPath(config.WeixinConfig{
+ wxCfg := config.WeixinConfig{
BaseURL: "https://ilinkai.weixin.qq.com/",
- Token: "token-123",
- })
+ }
+ wxCfg.SetToken("token-123")
+ got := buildWeixinSyncBufPath(wxCfg)
if filepath.Dir(got) != filepath.Join(home, "channels", "weixin", "sync") {
t.Fatalf("sync path dir = %q", filepath.Dir(got))
}
diff --git a/pkg/commands/builtin.go b/pkg/commands/builtin.go
index 6d9ece82f..7bd36b653 100644
--- a/pkg/commands/builtin.go
+++ b/pkg/commands/builtin.go
@@ -13,6 +13,7 @@ func BuiltinDefinitions() []Definition {
switchCommand(),
checkCommand(),
clearCommand(),
+ subagentsCommand(),
reloadCommand(),
}
}
diff --git a/pkg/commands/cmd_subagents.go b/pkg/commands/cmd_subagents.go
new file mode 100644
index 000000000..29321823c
--- /dev/null
+++ b/pkg/commands/cmd_subagents.go
@@ -0,0 +1,42 @@
+package commands
+
+import (
+ "context"
+ "fmt"
+)
+
+// TurnInfo is a mirrored struct from agent.TurnInfo to avoid circular dependencies.
+type TurnInfo struct {
+ TurnID string
+ ParentTurnID string
+ Depth int
+ ChildTurnIDs []string
+ IsFinished bool
+}
+
+func subagentsCommand() Definition {
+ return Definition{
+ Name: "subagents",
+ Description: "Show running subagents and task tree",
+ Handler: func(ctx context.Context, req Request, rt *Runtime) error {
+ getTurnFn := rt.GetActiveTurn
+ if getTurnFn == nil {
+ return req.Reply("Runtime does not support querying active turns.")
+ }
+
+ turnRaw := getTurnFn()
+ if turnRaw == nil {
+ return req.Reply("No active tasks running in this session.")
+ }
+
+ if treeStr, ok := turnRaw.(string); ok {
+ if treeStr == "" {
+ return req.Reply("No active tasks running in this session.")
+ }
+ return req.Reply(fmt.Sprintf("🤖 **Active Subagents Tree**\n```text\n%s\n```", treeStr))
+ }
+
+ return req.Reply(fmt.Sprintf("🤖 **Active Subagents List**\n```text\n%+v\n```", turnRaw))
+ },
+ }
+}
diff --git a/pkg/commands/runtime.go b/pkg/commands/runtime.go
index 84f775808..f714e1ca4 100644
--- a/pkg/commands/runtime.go
+++ b/pkg/commands/runtime.go
@@ -11,6 +11,7 @@ type Runtime struct {
ListAgentIDs func() []string
ListDefinitions func() []Definition
GetEnabledChannels func() []string
+ GetActiveTurn func() any // Returning any to avoid circular dependency with agent package
SwitchModel func(value string) (oldModel string, err error)
SwitchChannel func(value string) error
ClearHistory func() error
diff --git a/pkg/config/SECURITY_CONFIG.md b/pkg/config/SECURITY_CONFIG.md
new file mode 100644
index 000000000..c5aed54ae
--- /dev/null
+++ b/pkg/config/SECURITY_CONFIG.md
@@ -0,0 +1,551 @@
+# Security Configuration Refactoring
+
+## Overview
+
+This refactoring introduces a `.security.yml` file to store all sensitive data (API keys, tokens, secrets, passwords) separately from the main configuration. This improves security by:
+
+1. **Separation of concerns**: Configuration settings and secrets are in separate files
+2. **Easier sharing**: The main config can be shared without exposing sensitive data
+3. **Better version control**: `.security.yml` can be added to `.gitignore`
+4. **Flexible deployment**: Different environments can use different security files
+
+## File Structure
+
+```
+~/.picoclaw/
+├── config.json # Main configuration (safe to share)
+└── .security.yml # Security data (never share)
+```
+
+## Usage
+
+### Basic Configuration
+
+In your `config.json`, use `ref:` references to point to values in `.security.yml`:
+
+```json
+{
+ "version": 1,
+ "model_list": [
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_base": "https://api.openai.com/v1",
+ "api_key": "ref:model_list.gpt-5.4.api_key"
+ }
+ ],
+ "channels": {
+ "telegram": {
+ "enabled": true,
+ "token": "ref:channels.telegram.token"
+ }
+ }
+}
+```
+
+### Security Configuration
+
+In your `.security.yml`, store the actual values:
+
+```yaml
+model_list:
+ gpt-5.4:
+ api_keys:
+ - "sk-your-actual-api-key-1"
+ - "sk-your-actual-api-key-2" # Optional: Multiple keys for failover
+ claude-sonnet-4.6:
+ api_keys:
+ - "sk-your-actual-anthropic-key" # Single key in array format
+
+channels:
+ telegram:
+ token: "your-telegram-bot-token"
+
+web:
+ brave:
+ api_keys:
+ - "BSAyour-brave-api-key-1"
+ - "BSAyour-brave-api-key-2" # Optional: Multiple keys for failover
+ tavily:
+ api_keys:
+ - "tvly-your-tavily-api-key" # Single key in array format
+ glm_search:
+ api_key: "your-glm-search-api-key" # GLMSearch uses single key format
+```
+
+## Reference Format
+
+### Model API Keys
+
+Format: `ref:model_list..api_key`
+
+Example: `ref:model_list.gpt-5.4.api_key`
+
+### Channel Tokens/Secrets
+
+Format: `ref:channels..`
+
+Examples:
+- `ref:channels.telegram.token`
+- `ref:channels.feishu.app_secret`
+- `ref:channels.feishu.encrypt_key`
+- `ref:channels.feishu.verification_token`
+- `ref:channels.discord.token`
+- `ref:channels.qq.app_secret`
+- `ref:channels.dingtalk.client_secret`
+- `ref:channels.slack.bot_token`
+- `ref:channels.slack.app_token`
+- `ref:channels.matrix.access_token`
+- `ref:channels.line.channel_secret`
+- `ref:channels.line.channel_access_token`
+- `ref:channels.onebot.access_token`
+- `ref:channels.wecom.token`
+- `ref:channels.wecom.encoding_aes_key`
+- `ref:channels.wecom_app.corp_secret`
+- `ref:channels.wecom_app.token`
+- `ref:channels.wecom_app.encoding_aes_key`
+- `ref:channels.wecom_aibot.token`
+- `ref:channels.wecom_aibot.encoding_aes_key`
+- `ref:channels.pico.token`
+- `ref:channels.irc.password`
+- `ref:channels.irc.nickserv_password`
+- `ref:channels.irc.sasl_password`
+
+### Web Tool API Keys
+
+Format: `ref:web..`
+
+Examples:
+- `ref:web.brave.api_key`
+- `ref:web.tavily.api_key`
+- `ref:web.perplexity.api_key`
+- `ref:web.glm_search.api_key`
+
+### Skills Registry Tokens
+
+Format: `ref:skills..`
+
+Examples:
+- `ref:skills.github.token`
+- `ref:skills.clawhub.auth_token`
+
+## Backward Compatibility
+
+The refactoring maintains full backward compatibility:
+
+1. **Direct values**: You can still use direct values in `config.json` (not recommended for production)
+2. **Mixed usage**: You can mix `ref:` references and direct values
+3. **Optional security file**: If `.security.yml` doesn't exist, all references will fail (but direct values still work)
+
+### API Key Formats in .security.yml
+
+**Models (gpt-5.4, claude-sonnet-4.6, etc.):**
+- Must use `api_keys` (array) format
+- Both single and multiple keys use array format
+
+**Web Tools (Brave, Tavily, Perplexity):**
+- Must use `api_keys` (array) format
+- Both single and multiple keys use array format
+
+**Web Tools (GLMSearch):**
+- Must use `api_key` (single string) format
+- Does NOT support array format
+
+**Channels (Telegram, Discord, etc.):**
+- Use single field names (e.g., `token`, `app_secret`)
+- Each channel uses its specific field names
+
+### Single Key (Models)
+
+Use array format with one element:
+```yaml
+model_list:
+ gpt-5.4:
+ api_keys:
+ - "sk-your-key"
+```
+
+In `config.json`:
+```json
+{
+ "api_key": "ref:model_list.gpt-5.4.api_key"
+}
+```
+
+### Single Key (GLMSearch)
+
+Use single string format:
+```yaml
+web:
+ glm_search:
+ api_key: "your-glm-key"
+```
+
+In `config.json`:
+```json
+{
+ "api_key": "ref:web.glm_search.api_key"
+}
+```
+
+## Migration Guide
+
+### Step 1: Create .security.yml
+
+Copy the example template:
+```bash
+cp security.example.yml ~/.picoclaw/.security.yml
+```
+
+### Step 2: Fill in your actual values
+
+Edit `~/.picoclaw/.security.yml` and replace placeholder values with your actual API keys and tokens.
+
+### Step 3: Update config.json
+
+Replace sensitive values in `~/.picoclaw/config.json` with `ref:` references:
+
+**Before:**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_key": "sk-your-actual-api-key-here"
+ }
+ ]
+}
+```
+
+**After:**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_key": "ref:model_list.gpt-5.4.api_key"
+ }
+ ]
+}
+```
+
+### Step 4: Verify
+
+Restart PicoClaw and verify it loads correctly:
+```bash
+picoclaw --version
+```
+
+## Security Best Practices
+
+1. **Never commit `.security.yml`** to version control
+2. **Set file permissions**: `chmod 600 ~/.picoclaw/.security.yml`
+3. **Use different keys** for different environments (dev, staging, production)
+4. **Rotate keys regularly** and update `.security.yml`
+5. **Backup securely**: Encrypt backups containing `.security.yml`
+
+## API
+
+### LoadSecurityConfig
+
+```go
+func LoadSecurityConfig(securityPath string) (*SecurityConfig, error)
+```
+
+Loads the security configuration from `.security.yml`. Returns an empty `SecurityConfig` if the file doesn't exist.
+
+### SaveSecurityConfig
+
+```go
+func SaveSecurityConfig(securityPath string, sec *SecurityConfig) error
+```
+
+Saves the security configuration to `.security.yml` with `0o600` permissions.
+
+### ResolveReference
+
+```go
+func (sec *SecurityConfig) ResolveReference(ref string) (string, error)
+```
+
+Resolves a reference string (e.g., `"ref:model_list.test.api_key"`) and returns the actual value.
+
+### SecurityPath
+
+```go
+func SecurityPath(configPath string) string
+```
+
+Returns the path to `.security.yml` relative to the config file.
+
+## Example: Complete Configuration
+
+### config.json
+```json
+{
+ "version": 1,
+ "agents": {
+ "defaults": {
+ "workspace": "~/picoclaw-workspace",
+ "model_name": "gpt-5.4"
+ }
+ },
+ "model_list": [
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_base": "https://api.openai.com/v1",
+ "api_key": "ref:model_list.gpt-5.4.api_key"
+ },
+ {
+ "model_name": "claude-sonnet-4.6",
+ "model": "anthropic/claude-sonnet-4.6",
+ "api_base": "https://api.anthropic.com/v1",
+ "api_key": "ref:model_list.claude-sonnet-4.6.api_key"
+ }
+ ],
+ "channels": {
+ "telegram": {
+ "enabled": true,
+ "token": "ref:channels.telegram.token"
+ }
+ },
+ "tools": {
+ "web": {
+ "brave": {
+ "enabled": true,
+ "api_key": "ref:web.brave.api_key"
+ }
+ }
+ }
+}
+```
+
+### .security.yml
+```yaml
+model_list:
+ gpt-5.4:
+ api_keys:
+ - "sk-proj-actual-openai-key-1"
+ - "sk-proj-actual-openai-key-2"
+ claude-sonnet-4.6:
+ api_keys:
+ - "sk-ant-actual-anthropic-key" # Single key in array format
+
+channels:
+ telegram:
+ token: "1234567890:ABCdefGHIjklMNOpqrsTUVwxyz"
+
+web:
+ brave:
+ api_keys:
+ - "BSAactualbravekey-1"
+ - "BSAactualbravekey-2"
+ tavily:
+ api_keys:
+ - "tvly-your-tavily-key" # Single key in array format
+ glm_search:
+ api_key: "your-glm-key" # GLMSearch uses single key format
+```
+
+## Testing
+
+The refactoring includes comprehensive tests:
+
+```bash
+go test ./pkg/config -run TestSecurityConfig
+```
+
+## Troubleshooting
+
+### Error: "model security entry not found"
+
+- Ensure the model name in your reference matches exactly in `.security.yml`
+- Check that the `model_list` section exists in `.security.yml`
+- For models with indexed names (e.g., "gpt-5.4:0"), ensure the exact name is used or check the base name without index
+
+### Error: "failed to load security config"
+
+- Verify `.security.yml` exists in the same directory as `config.json`
+- Check the YAML syntax is valid (use a YAML validator)
+- Ensure file permissions allow reading
+
+### Error: "unknown reference path"
+
+- Verify the reference format is correct
+- Check the path structure matches the examples above
+- Ensure all required sections exist in `.security.yml`
+
+## Advanced Features
+
+### Multiple API Keys (Load Balancing & Failover)
+
+Both models and web tools support multiple API keys for improved reliability:
+
+**Benefits:**
+- **Load balancing**: Requests are distributed across multiple keys
+- **Failover**: Automatic switching to another key if one fails
+- **Rate limit management**: Distribute usage across multiple keys
+- **High availability**: Reduce downtime during API provider issues
+
+#### Example: Model with Multiple Keys
+
+**.security.yml:**
+```yaml
+model_list:
+ gpt-5.4:
+ api_keys:
+ - "sk-proj-key-1"
+ - "sk-proj-key-2"
+ - "sk-proj-key-3"
+```
+
+**config.json:**
+```json
+{
+ "model_list": [
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_key": "ref:model_list.gpt-5.4.api_key"
+ }
+ ]
+}
+```
+
+#### Example: Web Tool with Multiple Keys
+
+**.security.yml:**
+```yaml
+web:
+ brave:
+ api_keys:
+ - "BSA-key-1"
+ - "BSA-key-2"
+ tavily:
+ api_keys:
+ - "tvly-your-key" # Single key in array format
+ glm_search:
+ api_key: "your-glm-key" # GLMSearch uses single key format
+```
+
+**config.json:**
+```json
+{
+ "tools": {
+ "web": {
+ "brave": {
+ "enabled": true,
+ "api_key": "ref:web.brave.api_key"
+ },
+ "tavily": {
+ "enabled": true,
+ "api_key": "ref:web.tavily.api_key"
+ }
+ }
+ }
+}
+```
+
+#### Supported Formats
+
+**Models - Single key:**
+```yaml
+model_list:
+ gpt-5.4:
+ api_keys:
+ - "sk-your-key" # Array with one element
+```
+
+**Models - Multiple keys:**
+```yaml
+model_list:
+ gpt-5.4:
+ api_keys:
+ - "sk-your-key-1"
+ - "sk-your-key-2"
+ - "sk-your-key-3"
+```
+
+**Web Tools (Brave/Tavily/Perplexity) - Single key:**
+```yaml
+web:
+ brave:
+ api_keys:
+ - "BSA-your-key" # Array with one element
+```
+
+**Web Tools (Brave/Tavily/Perplexity) - Multiple keys:**
+```yaml
+web:
+ brave:
+ api_keys:
+ - "BSA-key-1"
+ - "BSA-key-2"
+```
+
+**Web Tool (GLMSearch) - Single key only:**
+```yaml
+web:
+ glm_search:
+ api_key: "your-glm-key" # Single string (NOT array)
+```
+
+All formats work identically in `config.json` - you always use the same reference format:
+```json
+{
+ "api_key": "ref:model_list.gpt-5.4.api_key"
+}
+```
+
+### Model Indexing for Load Balancing
+
+When you have multiple models with the same base name but different API keys, you can use indexed names:
+
+**.security.yml:**
+```yaml
+model_list:
+ gpt-5.4:
+ api_keys:
+ - "sk-proj-key-1"
+ - "sk-proj-key-2"
+```
+
+The system will automatically expand this into multiple model entries with fallback support.
+
+### Environment Variables
+
+You can override any security value using environment variables:
+
+**For models:**
+```bash
+export PICOCLAW_MODEL_LIST_GPT-5.4_API_KEY="sk-from-env"
+```
+
+**For channels:**
+```bash
+export PICOCLAW_CHANNELS_TELEGRAM_TOKEN="token-from-env"
+```
+
+**For web tools:**
+```bash
+export PICOCLAW_WEB_BRAVE_API_KEY="key-from-env"
+```
+
+Environment variables follow this pattern: `PICOCLAW____` with dots replaced by underscores and converted to uppercase.
+
+### Multiple API Keys Not Working
+
+- Ensure you're using `api_keys` (plural) in `.security.yml` for models and web tools (except GLMSearch)
+- Check that the array format is correct in YAML (proper indentation)
+- Remember: Models, Brave, Tavily, Perplexity MUST use `api_keys` (array format)
+- GLMSearch MUST use `api_key` (single string format)
+- The reference in `config.json` is the same regardless of single or multiple keys
+
+### Load Balancing/Failover Issues
+
+- Verify all API keys in the `api_keys` array are valid
+- Check that all keys have the same rate limits and permissions
+- Monitor logs to see which keys are being used and failing
diff --git a/pkg/config/config.go b/pkg/config/config.go
index c4f1e751f..ab07a13a6 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -10,8 +10,10 @@ import (
"github.com/caarlos0/env/v11"
+ "github.com/sipeed/picoclaw/pkg"
"github.com/sipeed/picoclaw/pkg/credential"
"github.com/sipeed/picoclaw/pkg/fileutil"
+ "github.com/sipeed/picoclaw/pkg/logger"
)
// rrCounter is a global counter for round-robin load balancing across models.
@@ -76,20 +78,70 @@ func (f *FlexibleStringSlice) UnmarshalText(text []byte) error {
return nil
}
+// CurrentVersion is the latest config schema version
+const CurrentVersion = 1
+
+// Config is the current config structure with version support
type Config struct {
+ Version int `json:"version"` // Config schema version for migration
Agents AgentsConfig `json:"agents"`
Bindings []AgentBinding `json:"bindings,omitempty"`
Session SessionConfig `json:"session,omitempty"`
Channels ChannelsConfig `json:"channels"`
- Providers ProvidersConfig `json:"providers,omitempty"`
- ModelList []ModelConfig `json:"model_list"` // New model-centric provider configuration
+ ModelList []*ModelConfig `json:"model_list"` // New model-centric provider configuration
Gateway GatewayConfig `json:"gateway"`
+ Hooks HooksConfig `json:"hooks,omitempty"`
Tools ToolsConfig `json:"tools"`
Heartbeat HeartbeatConfig `json:"heartbeat"`
Devices DevicesConfig `json:"devices"`
Voice VoiceConfig `json:"voice"`
// BuildInfo contains build-time version information
BuildInfo BuildInfo `json:"build_info,omitempty"`
+
+ security *SecurityConfig
+}
+
+func (c *Config) WithSecurity(sec *SecurityConfig) *Config {
+ if sec == nil {
+ c.security = sec
+ return c
+ }
+ err := applySecurityConfig(c, sec)
+ if err != nil {
+ return nil
+ }
+ c.security = sec
+ return c
+}
+
+type HooksConfig struct {
+ Enabled bool `json:"enabled"`
+ Defaults HookDefaultsConfig `json:"defaults,omitempty"`
+ Builtins map[string]BuiltinHookConfig `json:"builtins,omitempty"`
+ Processes map[string]ProcessHookConfig `json:"processes,omitempty"`
+}
+
+type HookDefaultsConfig struct {
+ ObserverTimeoutMS int `json:"observer_timeout_ms,omitempty"`
+ InterceptorTimeoutMS int `json:"interceptor_timeout_ms,omitempty"`
+ ApprovalTimeoutMS int `json:"approval_timeout_ms,omitempty"`
+}
+
+type BuiltinHookConfig struct {
+ Enabled bool `json:"enabled"`
+ Priority int `json:"priority,omitempty"`
+ Config json.RawMessage `json:"config,omitempty"`
+}
+
+type ProcessHookConfig struct {
+ Enabled bool `json:"enabled"`
+ Priority int `json:"priority,omitempty"`
+ Transport string `json:"transport,omitempty"`
+ Command []string `json:"command,omitempty"`
+ Dir string `json:"dir,omitempty"`
+ Env map[string]string `json:"env,omitempty"`
+ Observe []string `json:"observe,omitempty"`
+ Intercept []string `json:"intercept,omitempty"`
}
// BuildInfo contains build-time version information
@@ -102,19 +154,13 @@ type BuildInfo struct {
// MarshalJSON implements custom JSON marshaling for Config
// to omit providers section when empty and session when empty
-func (c Config) MarshalJSON() ([]byte, error) {
+func (c *Config) MarshalJSON() ([]byte, error) {
type Alias Config
aux := &struct {
- Providers *ProvidersConfig `json:"providers,omitempty"`
- Session *SessionConfig `json:"session,omitempty"`
+ Session *SessionConfig `json:"session,omitempty"`
*Alias
}{
- Alias: (*Alias)(&c),
- }
-
- // Only include providers if not empty
- if !c.Providers.IsEmpty() {
- aux.Providers = &c.Providers
+ Alias: (*Alias)(c),
}
// Only include session if not empty
@@ -219,9 +265,15 @@ type RoutingConfig struct {
Threshold float64 `json:"threshold"` // complexity score in [0,1]; score >= threshold → primary model
}
-// ToolFeedbackConfig controls whether tool execution details are sent to the
-// chat channel as real-time feedback messages. When enabled, every tool call
-// produces a short notification with the tool name and its parameters.
+// SubTurnConfig configures the SubTurn execution system.
+type SubTurnConfig struct {
+ MaxDepth int `json:"max_depth" env:"PICOCLAW_AGENTS_DEFAULTS_SUBTURN_MAX_DEPTH"`
+ MaxConcurrent int `json:"max_concurrent" env:"PICOCLAW_AGENTS_DEFAULTS_SUBTURN_MAX_CONCURRENT"`
+ DefaultTimeoutMinutes int `json:"default_timeout_minutes" env:"PICOCLAW_AGENTS_DEFAULTS_SUBTURN_DEFAULT_TIMEOUT_MINUTES"`
+ DefaultTokenBudget int `json:"default_token_budget" env:"PICOCLAW_AGENTS_DEFAULTS_SUBTURN_DEFAULT_TOKEN_BUDGET"`
+ ConcurrencyTimeoutSec int `json:"concurrency_timeout_sec" env:"PICOCLAW_AGENTS_DEFAULTS_SUBTURN_CONCURRENCY_TIMEOUT_SEC"`
+}
+
type ToolFeedbackConfig struct {
Enabled bool `json:"enabled" env:"PICOCLAW_AGENTS_DEFAULTS_TOOL_FEEDBACK_ENABLED"`
MaxArgsLength int `json:"max_args_length" env:"PICOCLAW_AGENTS_DEFAULTS_TOOL_FEEDBACK_MAX_ARGS_LENGTH"`
@@ -233,19 +285,20 @@ type AgentDefaults struct {
AllowReadOutsideWorkspace bool `json:"allow_read_outside_workspace" env:"PICOCLAW_AGENTS_DEFAULTS_ALLOW_READ_OUTSIDE_WORKSPACE"`
Provider string `json:"provider" env:"PICOCLAW_AGENTS_DEFAULTS_PROVIDER"`
ModelName string `json:"model_name" env:"PICOCLAW_AGENTS_DEFAULTS_MODEL_NAME"`
- Model string `json:"model,omitempty" env:"PICOCLAW_AGENTS_DEFAULTS_MODEL"` // Deprecated: use model_name instead
ModelFallbacks []string `json:"model_fallbacks,omitempty"`
ImageModel string `json:"image_model,omitempty" env:"PICOCLAW_AGENTS_DEFAULTS_IMAGE_MODEL"`
ImageModelFallbacks []string `json:"image_model_fallbacks,omitempty"`
MaxTokens int `json:"max_tokens" env:"PICOCLAW_AGENTS_DEFAULTS_MAX_TOKENS"`
+ ContextWindow int `json:"context_window,omitempty" env:"PICOCLAW_AGENTS_DEFAULTS_CONTEXT_WINDOW"`
Temperature *float64 `json:"temperature,omitempty" env:"PICOCLAW_AGENTS_DEFAULTS_TEMPERATURE"`
MaxToolIterations int `json:"max_tool_iterations" env:"PICOCLAW_AGENTS_DEFAULTS_MAX_TOOL_ITERATIONS"`
SummarizeMessageThreshold int `json:"summarize_message_threshold" env:"PICOCLAW_AGENTS_DEFAULTS_SUMMARIZE_MESSAGE_THRESHOLD"`
SummarizeTokenPercent int `json:"summarize_token_percent" env:"PICOCLAW_AGENTS_DEFAULTS_SUMMARIZE_TOKEN_PERCENT"`
MaxMediaSize int `json:"max_media_size,omitempty" env:"PICOCLAW_AGENTS_DEFAULTS_MAX_MEDIA_SIZE"`
Routing *RoutingConfig `json:"routing,omitempty"`
+ SteeringMode string `json:"steering_mode,omitempty" env:"PICOCLAW_AGENTS_DEFAULTS_STEERING_MODE"` // "one-at-a-time" (default) or "all"
+ SubTurn SubTurnConfig `json:"subturn" envPrefix:"PICOCLAW_AGENTS_DEFAULTS_SUBTURN_"`
ToolFeedback ToolFeedbackConfig `json:"tool_feedback,omitempty"`
- LogLevel string `json:"log_level,omitempty" env:"PICOCLAW_LOG_LEVEL"`
}
const (
@@ -276,10 +329,7 @@ func (d *AgentDefaults) IsToolFeedbackEnabled() bool {
// GetModelName returns the effective model name for the agent defaults.
// It prefers the new "model_name" field but falls back to "model" for backward compatibility.
func (d *AgentDefaults) GetModelName() string {
- if d.ModelName != "" {
- return d.ModelName
- }
- return d.Model
+ return d.ModelName
}
type ChannelsConfig struct {
@@ -336,8 +386,8 @@ type WhatsAppConfig struct {
}
type TelegramConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_TELEGRAM_ENABLED"`
- Token string `json:"token" env:"PICOCLAW_CHANNELS_TELEGRAM_TOKEN"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_TELEGRAM_ENABLED"`
+ token string
BaseURL string `json:"base_url" env:"PICOCLAW_CHANNELS_TELEGRAM_BASE_URL"`
Proxy string `json:"proxy" env:"PICOCLAW_CHANNELS_TELEGRAM_PROXY"`
AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_TELEGRAM_ALLOW_FROM"`
@@ -347,25 +397,71 @@ type TelegramConfig struct {
Streaming StreamingConfig `json:"streaming,omitempty"`
ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_TELEGRAM_REASONING_CHANNEL_ID"`
UseMarkdownV2 bool `json:"use_markdown_v2" env:"PICOCLAW_CHANNELS_TELEGRAM_USE_MARKDOWN_V2"`
+ secDirty bool
+}
+
+// Token returns the Telegram bot token
+func (c *TelegramConfig) Token() string {
+ return c.token
+}
+
+// SetToken sets the Telegram bot token
+func (c *TelegramConfig) SetToken(token string) {
+ c.token = token
+ c.secDirty = true
}
type FeishuConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_FEISHU_ENABLED"`
- AppID string `json:"app_id" env:"PICOCLAW_CHANNELS_FEISHU_APP_ID"`
- AppSecret string `json:"app_secret" env:"PICOCLAW_CHANNELS_FEISHU_APP_SECRET"`
- EncryptKey string `json:"encrypt_key" env:"PICOCLAW_CHANNELS_FEISHU_ENCRYPT_KEY"`
- VerificationToken string `json:"verification_token" env:"PICOCLAW_CHANNELS_FEISHU_VERIFICATION_TOKEN"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_FEISHU_ENABLED"`
+ AppID string `json:"app_id" env:"PICOCLAW_CHANNELS_FEISHU_APP_ID"`
+ appSecret string
+ encryptKey string
+ verificationToken string
AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_FEISHU_ALLOW_FROM"`
GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
Placeholder PlaceholderConfig `json:"placeholder,omitempty"`
ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_FEISHU_REASONING_CHANNEL_ID"`
RandomReactionEmoji FlexibleStringSlice `json:"random_reaction_emoji" env:"PICOCLAW_CHANNELS_FEISHU_RANDOM_REACTION_EMOJI"`
IsLark bool `json:"is_lark" env:"PICOCLAW_CHANNELS_FEISHU_IS_LARK"`
+ secDirty bool
+}
+
+// AppSecret returns the Feishu app secret
+func (c *FeishuConfig) AppSecret() string {
+ return c.appSecret
+}
+
+// SetAppSecret sets the Feishu app secret
+func (c *FeishuConfig) SetAppSecret(secret string) {
+ c.appSecret = secret
+ c.secDirty = true
+}
+
+// EncryptKey returns the Feishu encrypt key
+func (c *FeishuConfig) EncryptKey() string {
+ return c.encryptKey
+}
+
+// SetEncryptKey sets the Feishu encrypt key
+func (c *FeishuConfig) SetEncryptKey(key string) {
+ c.encryptKey = key
+ c.secDirty = true
+}
+
+// VerificationToken returns the Feishu verification token
+func (c *FeishuConfig) VerificationToken() string {
+ return c.verificationToken
+}
+
+// SetVerificationToken sets the Feishu verification token
+func (c *FeishuConfig) SetVerificationToken(token string) {
+ c.verificationToken = token
+ c.secDirty = true
}
type DiscordConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_DISCORD_ENABLED"`
- Token string `json:"token" env:"PICOCLAW_CHANNELS_DISCORD_TOKEN"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_DISCORD_ENABLED"`
+ token string
Proxy string `json:"proxy" env:"PICOCLAW_CHANNELS_DISCORD_PROXY"`
AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_DISCORD_ALLOW_FROM"`
MentionOnly bool `json:"mention_only" env:"PICOCLAW_CHANNELS_DISCORD_MENTION_ONLY"`
@@ -373,6 +469,18 @@ type DiscordConfig struct {
Typing TypingConfig `json:"typing,omitempty"`
Placeholder PlaceholderConfig `json:"placeholder,omitempty"`
ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_DISCORD_REASONING_CHANNEL_ID"`
+ secDirty bool
+}
+
+// Token returns the Discord bot token
+func (c *DiscordConfig) Token() string {
+ return c.token
+}
+
+// SetToken sets the Discord bot token
+func (c *DiscordConfig) SetToken(token string) {
+ c.token = token
+ c.secDirty = true
}
type MaixCamConfig struct {
@@ -384,42 +492,89 @@ type MaixCamConfig struct {
}
type QQConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_QQ_ENABLED"`
- AppID string `json:"app_id" env:"PICOCLAW_CHANNELS_QQ_APP_ID"`
- AppSecret string `json:"app_secret" env:"PICOCLAW_CHANNELS_QQ_APP_SECRET"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_QQ_ENABLED"`
+ AppID string `json:"app_id" env:"PICOCLAW_CHANNELS_QQ_APP_ID"`
+ appSecret string
AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_QQ_ALLOW_FROM"`
GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
MaxMessageLength int `json:"max_message_length" env:"PICOCLAW_CHANNELS_QQ_MAX_MESSAGE_LENGTH"`
MaxBase64FileSizeMiB int64 `json:"max_base64_file_size_mib" env:"PICOCLAW_CHANNELS_QQ_MAX_BASE64_FILE_SIZE_MIB"`
SendMarkdown bool `json:"send_markdown" env:"PICOCLAW_CHANNELS_QQ_SEND_MARKDOWN"`
ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_QQ_REASONING_CHANNEL_ID"`
+ secDirty bool
+}
+
+// AppSecret returns the QQ app secret
+func (c *QQConfig) AppSecret() string {
+ return c.appSecret
+}
+
+// SetAppSecret sets the QQ app secret
+func (c *QQConfig) SetAppSecret(secret string) {
+ c.appSecret = secret
+ c.secDirty = true
}
type DingTalkConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_DINGTALK_ENABLED"`
- ClientID string `json:"client_id" env:"PICOCLAW_CHANNELS_DINGTALK_CLIENT_ID"`
- ClientSecret string `json:"client_secret" env:"PICOCLAW_CHANNELS_DINGTALK_CLIENT_SECRET"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_DINGTALK_ENABLED"`
+ ClientID string `json:"client_id" env:"PICOCLAW_CHANNELS_DINGTALK_CLIENT_ID"`
+ clientSecret string
AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_DINGTALK_ALLOW_FROM"`
GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_DINGTALK_REASONING_CHANNEL_ID"`
+ secDirty bool
+}
+
+// ClientSecret returns the DingTalk client secret
+func (c *DingTalkConfig) ClientSecret() string {
+ return c.clientSecret
+}
+
+// SetClientSecret sets the DingTalk client secret
+func (c *DingTalkConfig) SetClientSecret(secret string) {
+ c.clientSecret = secret
+ c.secDirty = true
}
type SlackConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_SLACK_ENABLED"`
- BotToken string `json:"bot_token" env:"PICOCLAW_CHANNELS_SLACK_BOT_TOKEN"`
- AppToken string `json:"app_token" env:"PICOCLAW_CHANNELS_SLACK_APP_TOKEN"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_SLACK_ENABLED"`
+ botToken string
+ appToken string
AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_SLACK_ALLOW_FROM"`
GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
Typing TypingConfig `json:"typing,omitempty"`
Placeholder PlaceholderConfig `json:"placeholder,omitempty"`
ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_SLACK_REASONING_CHANNEL_ID"`
+ secDirty bool
+}
+
+// BotToken returns the Slack bot token
+func (c *SlackConfig) BotToken() string {
+ return c.botToken
+}
+
+// SetBotToken sets the Slack bot token
+func (c *SlackConfig) SetBotToken(token string) {
+ c.botToken = token
+ c.secDirty = true
+}
+
+// AppToken returns the Slack app token
+func (c *SlackConfig) AppToken() string {
+ return c.appToken
+}
+
+// SetAppToken sets the Slack app token
+func (c *SlackConfig) SetAppToken(token string) {
+ c.appToken = token
+ c.secDirty = true
}
type MatrixConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_MATRIX_ENABLED"`
- Homeserver string `json:"homeserver" env:"PICOCLAW_CHANNELS_MATRIX_HOMESERVER"`
- UserID string `json:"user_id" env:"PICOCLAW_CHANNELS_MATRIX_USER_ID"`
- AccessToken string `json:"access_token" env:"PICOCLAW_CHANNELS_MATRIX_ACCESS_TOKEN"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_MATRIX_ENABLED"`
+ Homeserver string `json:"homeserver" env:"PICOCLAW_CHANNELS_MATRIX_HOMESERVER"`
+ UserID string `json:"user_id" env:"PICOCLAW_CHANNELS_MATRIX_USER_ID"`
+ accessToken string
DeviceID string `json:"device_id,omitempty" env:"PICOCLAW_CHANNELS_MATRIX_DEVICE_ID"`
JoinOnInvite bool `json:"join_on_invite" env:"PICOCLAW_CHANNELS_MATRIX_JOIN_ON_INVITE"`
MessageFormat string `json:"message_format,omitempty" env:"PICOCLAW_CHANNELS_MATRIX_MESSAGE_FORMAT"`
@@ -427,12 +582,24 @@ type MatrixConfig struct {
GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
Placeholder PlaceholderConfig `json:"placeholder,omitempty"`
ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_MATRIX_REASONING_CHANNEL_ID"`
+ secDirty bool
+}
+
+// AccessToken returns the Matrix access token
+func (c *MatrixConfig) AccessToken() string {
+ return c.accessToken
+}
+
+// SetAccessToken sets the Matrix access token
+func (c *MatrixConfig) SetAccessToken(token string) {
+ c.accessToken = token
+ c.secDirty = true
}
type LINEConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_LINE_ENABLED"`
- ChannelSecret string `json:"channel_secret" env:"PICOCLAW_CHANNELS_LINE_CHANNEL_SECRET"`
- ChannelAccessToken string `json:"channel_access_token" env:"PICOCLAW_CHANNELS_LINE_CHANNEL_ACCESS_TOKEN"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_LINE_ENABLED"`
+ channelSecret string
+ channelAccessToken string
WebhookHost string `json:"webhook_host" env:"PICOCLAW_CHANNELS_LINE_WEBHOOK_HOST"`
WebhookPort int `json:"webhook_port" env:"PICOCLAW_CHANNELS_LINE_WEBHOOK_PORT"`
WebhookPath string `json:"webhook_path" env:"PICOCLAW_CHANNELS_LINE_WEBHOOK_PATH"`
@@ -441,12 +608,35 @@ type LINEConfig struct {
Typing TypingConfig `json:"typing,omitempty"`
Placeholder PlaceholderConfig `json:"placeholder,omitempty"`
ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_LINE_REASONING_CHANNEL_ID"`
+ secDirty bool
+}
+
+// ChannelSecret returns the LINE channel secret
+func (c *LINEConfig) ChannelSecret() string {
+ return c.channelSecret
+}
+
+// SetChannelSecret sets the LINE channel secret
+func (c *LINEConfig) SetChannelSecret(secret string) {
+ c.channelSecret = secret
+ c.secDirty = true
+}
+
+// ChannelAccessToken returns the LINE channel access token
+func (c *LINEConfig) ChannelAccessToken() string {
+ return c.channelAccessToken
+}
+
+// SetChannelAccessToken sets the LINE channel access token
+func (c *LINEConfig) SetChannelAccessToken(token string) {
+ c.channelAccessToken = token
+ c.secDirty = true
}
type OneBotConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_ONEBOT_ENABLED"`
- WSUrl string `json:"ws_url" env:"PICOCLAW_CHANNELS_ONEBOT_WS_URL"`
- AccessToken string `json:"access_token" env:"PICOCLAW_CHANNELS_ONEBOT_ACCESS_TOKEN"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_ONEBOT_ENABLED"`
+ WSUrl string `json:"ws_url" env:"PICOCLAW_CHANNELS_ONEBOT_WS_URL"`
+ accessToken string
ReconnectInterval int `json:"reconnect_interval" env:"PICOCLAW_CHANNELS_ONEBOT_RECONNECT_INTERVAL"`
GroupTriggerPrefix []string `json:"group_trigger_prefix" env:"PICOCLAW_CHANNELS_ONEBOT_GROUP_TRIGGER_PREFIX"`
AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_ONEBOT_ALLOW_FROM"`
@@ -454,12 +644,24 @@ type OneBotConfig struct {
Typing TypingConfig `json:"typing,omitempty"`
Placeholder PlaceholderConfig `json:"placeholder,omitempty"`
ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_ONEBOT_REASONING_CHANNEL_ID"`
+ secDirty bool
+}
+
+// AccessToken returns the OneBot access token
+func (c *OneBotConfig) AccessToken() string {
+ return c.accessToken
+}
+
+// SetAccessToken sets the OneBot access token
+func (c *OneBotConfig) SetAccessToken(token string) {
+ c.accessToken = token
+ c.secDirty = true
}
type WeComConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_WECOM_ENABLED"`
- Token string `json:"token" env:"PICOCLAW_CHANNELS_WECOM_TOKEN"`
- EncodingAESKey string `json:"encoding_aes_key" env:"PICOCLAW_CHANNELS_WECOM_ENCODING_AES_KEY"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_WECOM_ENABLED"`
+ token string
+ encodingAESKey string
WebhookURL string `json:"webhook_url" env:"PICOCLAW_CHANNELS_WECOM_WEBHOOK_URL"`
WebhookHost string `json:"webhook_host" env:"PICOCLAW_CHANNELS_WECOM_WEBHOOK_HOST"`
WebhookPort int `json:"webhook_port" env:"PICOCLAW_CHANNELS_WECOM_WEBHOOK_PORT"`
@@ -468,15 +670,38 @@ type WeComConfig struct {
ReplyTimeout int `json:"reply_timeout" env:"PICOCLAW_CHANNELS_WECOM_REPLY_TIMEOUT"`
GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_WECOM_REASONING_CHANNEL_ID"`
+ secDirty bool
+}
+
+// Token returns the WeCom token
+func (c *WeComConfig) Token() string {
+ return c.token
+}
+
+// SetToken sets the WeCom token
+func (c *WeComConfig) SetToken(token string) {
+ c.token = token
+ c.secDirty = true
+}
+
+// EncodingAESKey returns the WeCom encoding AES key
+func (c *WeComConfig) EncodingAESKey() string {
+ return c.encodingAESKey
+}
+
+// SetEncodingAESKey sets the WeCom encoding AES key
+func (c *WeComConfig) SetEncodingAESKey(key string) {
+ c.encodingAESKey = key
+ c.secDirty = true
}
type WeComAppConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_WECOM_APP_ENABLED"`
- CorpID string `json:"corp_id" env:"PICOCLAW_CHANNELS_WECOM_APP_CORP_ID"`
- CorpSecret string `json:"corp_secret" env:"PICOCLAW_CHANNELS_WECOM_APP_CORP_SECRET"`
- AgentID int64 `json:"agent_id" env:"PICOCLAW_CHANNELS_WECOM_APP_AGENT_ID"`
- Token string `json:"token" env:"PICOCLAW_CHANNELS_WECOM_APP_TOKEN"`
- EncodingAESKey string `json:"encoding_aes_key" env:"PICOCLAW_CHANNELS_WECOM_APP_ENCODING_AES_KEY"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_WECOM_APP_ENABLED"`
+ CorpID string `json:"corp_id" env:"PICOCLAW_CHANNELS_WECOM_APP_CORP_ID"`
+ corpSecret string
+ AgentID int64 `json:"agent_id" env:"PICOCLAW_CHANNELS_WECOM_APP_AGENT_ID"`
+ token string
+ encodingAESKey string
WebhookHost string `json:"webhook_host" env:"PICOCLAW_CHANNELS_WECOM_APP_WEBHOOK_HOST"`
WebhookPort int `json:"webhook_port" env:"PICOCLAW_CHANNELS_WECOM_APP_WEBHOOK_PORT"`
WebhookPath string `json:"webhook_path" env:"PICOCLAW_CHANNELS_WECOM_APP_WEBHOOK_PATH"`
@@ -484,14 +709,48 @@ type WeComAppConfig struct {
ReplyTimeout int `json:"reply_timeout" env:"PICOCLAW_CHANNELS_WECOM_APP_REPLY_TIMEOUT"`
GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_WECOM_APP_REASONING_CHANNEL_ID"`
+ secDirty bool
+}
+
+// CorpSecret returns the corporate secret for WeCom app
+func (c *WeComAppConfig) CorpSecret() string {
+ return c.corpSecret
+}
+
+// SetCorpSecret sets the corporate secret for WeCom app
+func (c *WeComAppConfig) SetCorpSecret(secret string) {
+ c.corpSecret = secret
+ c.secDirty = true
+}
+
+// Token returns the webhook token for WeCom app
+func (c *WeComAppConfig) Token() string {
+ return c.token
+}
+
+// SetToken sets the webhook token for WeCom app
+func (c *WeComAppConfig) SetToken(token string) {
+ c.token = token
+ c.secDirty = true
+}
+
+// EncodingAESKey returns the encoding AES key for WeCom app
+func (c *WeComAppConfig) EncodingAESKey() string {
+ return c.encodingAESKey
+}
+
+// SetEncodingAESKey sets the encoding AES key for WeCom app
+func (c *WeComAppConfig) SetEncodingAESKey(key string) {
+ c.encodingAESKey = key
+ c.secDirty = true
}
type WeComAIBotConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_ENABLED"`
- BotID string `json:"bot_id,omitempty" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_BOT_ID"`
- Secret string `json:"secret,omitempty" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_SECRET"`
- Token string `json:"token,omitempty" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_TOKEN"`
- EncodingAESKey string `json:"encoding_aes_key,omitempty" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_ENCODING_AES_KEY"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_ENABLED"`
+ BotID string `json:"bot_id,omitempty" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_BOT_ID"`
+ secret string
+ token string
+ encodingAESKey string
WebhookPath string `json:"webhook_path,omitempty" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_WEBHOOK_PATH"`
AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_ALLOW_FROM"`
ReplyTimeout int `json:"reply_timeout" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_REPLY_TIMEOUT"`
@@ -499,21 +758,64 @@ type WeComAIBotConfig struct {
WelcomeMessage string `json:"welcome_message" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_WELCOME_MESSAGE"` // Sent on enter_chat event; empty = no welcome
ProcessingMessage string `json:"processing_message,omitempty" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_PROCESSING_MESSAGE"`
ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_REASONING_CHANNEL_ID"`
+ secDirty bool
+}
+
+// Token returns the webhook token for WeCom AI bot
+func (c *WeComAIBotConfig) Token() string {
+ return c.token
+}
+
+// EncodingAESKey returns the encoding AES key for WeCom AI bot
+func (c *WeComAIBotConfig) EncodingAESKey() string {
+ return c.encodingAESKey
+}
+
+// SetToken sets the token for WeCom AI bot
+func (c *WeComAIBotConfig) SetToken(token string) {
+ c.token = token
+ c.secDirty = true
+}
+
+// SetEncodingAESKey sets the encoding AES key for WeCom AI bot
+func (c *WeComAIBotConfig) SetEncodingAESKey(key string) {
+ c.encodingAESKey = key
+ c.secDirty = true
+}
+
+func (c *WeComAIBotConfig) Secret() string {
+ return c.secret
+}
+
+func (c *WeComAIBotConfig) SetSecret(secret string) {
+ c.secret = secret
+ c.secDirty = true
}
type WeixinConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_WEIXIN_ENABLED"`
- Token string `json:"token" env:"PICOCLAW_CHANNELS_WEIXIN_TOKEN"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_WEIXIN_ENABLED"`
+ token string
BaseURL string `json:"base_url" env:"PICOCLAW_CHANNELS_WEIXIN_BASE_URL"`
CDNBaseURL string `json:"cdn_base_url" env:"PICOCLAW_CHANNELS_WEIXIN_CDN_BASE_URL"`
Proxy string `json:"proxy" env:"PICOCLAW_CHANNELS_WEIXIN_PROXY"`
AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_WEIXIN_ALLOW_FROM"`
ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_WEIXIN_REASONING_CHANNEL_ID"`
+ secDirty bool
+}
+
+func (c *WeixinConfig) Token() string {
+ return c.token
+}
+
+func (c *WeixinConfig) SetToken(token string) *WeixinConfig {
+ c.token = token
+ c.secDirty = true
+ return c
}
type PicoConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_PICO_ENABLED"`
- Token string `json:"token" env:"PICOCLAW_CHANNELS_PICO_TOKEN"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_PICO_ENABLED"`
+ token string
AllowTokenQuery bool `json:"allow_token_query,omitempty"`
AllowOrigins []string `json:"allow_origins,omitempty"`
PingInterval int `json:"ping_interval,omitempty"`
@@ -522,6 +824,18 @@ type PicoConfig struct {
MaxConnections int `json:"max_connections,omitempty"`
AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_PICO_ALLOW_FROM"`
Placeholder PlaceholderConfig `json:"placeholder,omitempty"`
+ secDirty bool
+}
+
+// Token returns the Pico channel token
+func (c *PicoConfig) Token() string {
+ return c.token
+}
+
+// SetToken sets the Pico channel token
+func (c *PicoConfig) SetToken(token string) {
+ c.token = token
+ c.secDirty = true
}
type PicoClientConfig struct {
@@ -535,22 +849,53 @@ type PicoClientConfig struct {
}
type IRCConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_IRC_ENABLED"`
- Server string `json:"server" env:"PICOCLAW_CHANNELS_IRC_SERVER"`
- TLS bool `json:"tls" env:"PICOCLAW_CHANNELS_IRC_TLS"`
- Nick string `json:"nick" env:"PICOCLAW_CHANNELS_IRC_NICK"`
- User string `json:"user,omitempty" env:"PICOCLAW_CHANNELS_IRC_USER"`
- RealName string `json:"real_name,omitempty" env:"PICOCLAW_CHANNELS_IRC_REAL_NAME"`
- Password string `json:"password" env:"PICOCLAW_CHANNELS_IRC_PASSWORD"`
- NickServPassword string `json:"nickserv_password" env:"PICOCLAW_CHANNELS_IRC_NICKSERV_PASSWORD"`
- SASLUser string `json:"sasl_user" env:"PICOCLAW_CHANNELS_IRC_SASL_USER"`
- SASLPassword string `json:"sasl_password" env:"PICOCLAW_CHANNELS_IRC_SASL_PASSWORD"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_IRC_ENABLED"`
+ Server string `json:"server" env:"PICOCLAW_CHANNELS_IRC_SERVER"`
+ TLS bool `json:"tls" env:"PICOCLAW_CHANNELS_IRC_TLS"`
+ Nick string `json:"nick" env:"PICOCLAW_CHANNELS_IRC_NICK"`
+ User string `json:"user,omitempty" env:"PICOCLAW_CHANNELS_IRC_USER"`
+ RealName string `json:"real_name,omitempty" env:"PICOCLAW_CHANNELS_IRC_REAL_NAME"`
+ password string
+ nickServPassword string
+ SASLUser string `json:"sasl_user" env:"PICOCLAW_CHANNELS_IRC_SASL_USER"`
+ saslPassword string
Channels FlexibleStringSlice `json:"channels" env:"PICOCLAW_CHANNELS_IRC_CHANNELS"`
RequestCaps FlexibleStringSlice `json:"request_caps,omitempty" env:"PICOCLAW_CHANNELS_IRC_REQUEST_CAPS"`
AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_IRC_ALLOW_FROM"`
GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
Typing TypingConfig `json:"typing,omitempty"`
ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_IRC_REASONING_CHANNEL_ID"`
+ secDirty bool
+}
+
+// Password returns the IRC password
+func (c *IRCConfig) Password() string {
+ return c.password
+}
+
+// NickServPassword returns the NickServ password
+func (c *IRCConfig) NickServPassword() string {
+ return c.nickServPassword
+}
+
+// SASLPassword returns the SASL password
+func (c *IRCConfig) SASLPassword() string {
+ return c.saslPassword
+}
+
+func (c *IRCConfig) SetPassword(password string) {
+ c.password = password
+ c.secDirty = true
+}
+
+func (c *IRCConfig) SetNickServPassword(password string) {
+ c.nickServPassword = password
+ c.secDirty = true
+}
+
+func (c *IRCConfig) SetSASLPassword(password string) {
+ c.saslPassword = password
+ c.secDirty = true
}
type HeartbeatConfig struct {
@@ -564,89 +909,8 @@ type DevicesConfig struct {
}
type VoiceConfig struct {
- EchoTranscription bool `json:"echo_transcription" env:"PICOCLAW_VOICE_ECHO_TRANSCRIPTION"`
-}
-
-type ProvidersConfig struct {
- Anthropic ProviderConfig `json:"anthropic"`
- OpenAI OpenAIProviderConfig `json:"openai"`
- LiteLLM ProviderConfig `json:"litellm"`
- OpenRouter ProviderConfig `json:"openrouter"`
- Groq ProviderConfig `json:"groq"`
- Zhipu ProviderConfig `json:"zhipu"`
- VLLM ProviderConfig `json:"vllm"`
- Gemini ProviderConfig `json:"gemini"`
- Nvidia ProviderConfig `json:"nvidia"`
- Ollama ProviderConfig `json:"ollama"`
- Moonshot ProviderConfig `json:"moonshot"`
- ShengSuanYun ProviderConfig `json:"shengsuanyun"`
- DeepSeek ProviderConfig `json:"deepseek"`
- Cerebras ProviderConfig `json:"cerebras"`
- Vivgrid ProviderConfig `json:"vivgrid"`
- VolcEngine ProviderConfig `json:"volcengine"`
- GitHubCopilot ProviderConfig `json:"github_copilot"`
- Antigravity ProviderConfig `json:"antigravity"`
- Qwen ProviderConfig `json:"qwen"`
- Mistral ProviderConfig `json:"mistral"`
- Avian ProviderConfig `json:"avian"`
- Minimax ProviderConfig `json:"minimax"`
- LongCat ProviderConfig `json:"longcat"`
- ModelScope ProviderConfig `json:"modelscope"`
- Novita ProviderConfig `json:"novita"`
-}
-
-// IsEmpty checks if all provider configs are empty (no API keys or API bases set)
-// Note: WebSearch is an optimization option and doesn't count as "non-empty"
-func (p ProvidersConfig) IsEmpty() bool {
- return p.Anthropic.APIKey == "" && p.Anthropic.APIBase == "" &&
- p.OpenAI.APIKey == "" && p.OpenAI.APIBase == "" &&
- p.LiteLLM.APIKey == "" && p.LiteLLM.APIBase == "" &&
- p.OpenRouter.APIKey == "" && p.OpenRouter.APIBase == "" &&
- p.Groq.APIKey == "" && p.Groq.APIBase == "" &&
- p.Zhipu.APIKey == "" && p.Zhipu.APIBase == "" &&
- p.VLLM.APIKey == "" && p.VLLM.APIBase == "" &&
- p.Gemini.APIKey == "" && p.Gemini.APIBase == "" &&
- p.Nvidia.APIKey == "" && p.Nvidia.APIBase == "" &&
- p.Ollama.APIKey == "" && p.Ollama.APIBase == "" &&
- p.Moonshot.APIKey == "" && p.Moonshot.APIBase == "" &&
- p.ShengSuanYun.APIKey == "" && p.ShengSuanYun.APIBase == "" &&
- p.DeepSeek.APIKey == "" && p.DeepSeek.APIBase == "" &&
- p.Cerebras.APIKey == "" && p.Cerebras.APIBase == "" &&
- p.Vivgrid.APIKey == "" && p.Vivgrid.APIBase == "" &&
- p.VolcEngine.APIKey == "" && p.VolcEngine.APIBase == "" &&
- p.GitHubCopilot.APIKey == "" && p.GitHubCopilot.APIBase == "" &&
- p.Antigravity.APIKey == "" && p.Antigravity.APIBase == "" &&
- p.Qwen.APIKey == "" && p.Qwen.APIBase == "" &&
- p.Mistral.APIKey == "" && p.Mistral.APIBase == "" &&
- p.Avian.APIKey == "" && p.Avian.APIBase == "" &&
- p.Minimax.APIKey == "" && p.Minimax.APIBase == "" &&
- p.LongCat.APIKey == "" && p.LongCat.APIBase == "" &&
- p.ModelScope.APIKey == "" && p.ModelScope.APIBase == "" &&
- p.Novita.APIKey == "" && p.Novita.APIBase == ""
-}
-
-// MarshalJSON implements custom JSON marshaling for ProvidersConfig
-// to omit the entire section when empty
-func (p ProvidersConfig) MarshalJSON() ([]byte, error) {
- if p.IsEmpty() {
- return []byte("null"), nil
- }
- type Alias ProvidersConfig
- return json.Marshal((*Alias)(&p))
-}
-
-type ProviderConfig struct {
- APIKey string `json:"api_key" env:"PICOCLAW_PROVIDERS_{{.Name}}_API_KEY"`
- APIBase string `json:"api_base" env:"PICOCLAW_PROVIDERS_{{.Name}}_API_BASE"`
- Proxy string `json:"proxy,omitempty" env:"PICOCLAW_PROVIDERS_{{.Name}}_PROXY"`
- RequestTimeout int `json:"request_timeout,omitempty" env:"PICOCLAW_PROVIDERS_{{.Name}}_REQUEST_TIMEOUT"`
- AuthMethod string `json:"auth_method,omitempty" env:"PICOCLAW_PROVIDERS_{{.Name}}_AUTH_METHOD"`
- ConnectMode string `json:"connect_mode,omitempty" env:"PICOCLAW_PROVIDERS_{{.Name}}_CONNECT_MODE"` // only for Github Copilot, `stdio` or `grpc`
-}
-
-type OpenAIProviderConfig struct {
- ProviderConfig
- WebSearch bool `json:"web_search" env:"PICOCLAW_PROVIDERS_OPENAI_WEB_SEARCH"`
+ ModelName string `json:"model_name,omitempty" env:"PICOCLAW_VOICE_MODEL_NAME"`
+ EchoTranscription bool `json:"echo_transcription" env:"PICOCLAW_VOICE_ECHO_TRANSCRIPTION"`
}
// ModelConfig represents a model-centric provider configuration.
@@ -663,8 +927,6 @@ type ModelConfig struct {
// HTTP-based providers
APIBase string `json:"api_base,omitempty"` // API endpoint URL
- APIKey string `json:"api_key"` // API authentication key (single key)
- APIKeys []string `json:"api_keys,omitempty"` // API authentication keys (multiple keys for failover)
Proxy string `json:"proxy,omitempty"` // HTTP proxy URL
Fallbacks []string `json:"fallbacks,omitempty"` // Fallback model names for failover
@@ -679,6 +941,19 @@ type ModelConfig struct {
RequestTimeout int `json:"request_timeout,omitempty"`
ThinkingLevel string `json:"thinking_level,omitempty"` // Extended thinking: off|low|medium|high|xhigh|adaptive
ExtraBody map[string]any `json:"extra_body,omitempty"` // Additional fields to inject into request body
+
+ // from security
+ secModelName string
+ apiKeys []string
+ secDirty bool
+}
+
+// APIKey returns the first API key from apiKeys
+func (c *ModelConfig) APIKey() string {
+ if len(c.apiKeys) > 0 {
+ return c.apiKeys[0]
+ }
+ return ""
}
// Validate checks if the ModelConfig has all required fields.
@@ -692,10 +967,20 @@ func (c *ModelConfig) Validate() error {
return nil
}
+func (c *ModelConfig) SetAPIKey(value string) {
+ if len(c.apiKeys) > 0 {
+ c.apiKeys[0] = value
+ } else {
+ c.apiKeys = append(c.apiKeys, value)
+ }
+ c.secDirty = true
+}
+
type GatewayConfig struct {
- Host string `json:"host" env:"PICOCLAW_GATEWAY_HOST"`
- Port int `json:"port" env:"PICOCLAW_GATEWAY_PORT"`
- HotReload bool `json:"hot_reload" env:"PICOCLAW_GATEWAY_HOT_RELOAD"`
+ Host string `json:"host" env:"PICOCLAW_GATEWAY_HOST"`
+ Port int `json:"port" env:"PICOCLAW_GATEWAY_PORT"`
+ HotReload bool `json:"hot_reload" env:"PICOCLAW_GATEWAY_HOT_RELOAD"`
+ LogLevel string `json:"log_level,omitempty" env:"PICOCLAW_LOG_LEVEL"`
}
type ToolDiscoveryConfig struct {
@@ -711,18 +996,68 @@ type ToolConfig struct {
}
type BraveConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_TOOLS_WEB_BRAVE_ENABLED"`
- APIKey string `json:"api_key" env:"PICOCLAW_TOOLS_WEB_BRAVE_API_KEY"`
- APIKeys []string `json:"api_keys" env:"PICOCLAW_TOOLS_WEB_BRAVE_API_KEYS"`
- MaxResults int `json:"max_results" env:"PICOCLAW_TOOLS_WEB_BRAVE_MAX_RESULTS"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_TOOLS_WEB_BRAVE_ENABLED"`
+ apiKeys []string
+ secDirty bool
+ MaxResults int `json:"max_results" env:"PICOCLAW_TOOLS_WEB_BRAVE_MAX_RESULTS"`
+}
+
+// APIKey returns the Brave API key
+func (c *BraveConfig) APIKey() string {
+ if len(c.apiKeys) == 0 {
+ return ""
+ }
+ return c.apiKeys[0]
+}
+
+// APIKeys returns the Brave API keys
+func (c *BraveConfig) APIKeys() []string {
+ return c.apiKeys
+}
+
+// SetAPIKey sets the Brave API key
+func (c *BraveConfig) SetAPIKey(key string) {
+ c.apiKeys = []string{key}
+ c.secDirty = true
+}
+
+// SetAPIKeys sets the Brave API keys
+func (c *BraveConfig) SetAPIKeys(keys []string) {
+ c.apiKeys = keys
+ c.secDirty = true
}
type TavilyConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_TOOLS_WEB_TAVILY_ENABLED"`
- APIKey string `json:"api_key" env:"PICOCLAW_TOOLS_WEB_TAVILY_API_KEY"`
- APIKeys []string `json:"api_keys" env:"PICOCLAW_TOOLS_WEB_TAVILY_API_KEYS"`
- BaseURL string `json:"base_url" env:"PICOCLAW_TOOLS_WEB_TAVILY_BASE_URL"`
- MaxResults int `json:"max_results" env:"PICOCLAW_TOOLS_WEB_TAVILY_MAX_RESULTS"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_TOOLS_WEB_TAVILY_ENABLED"`
+ apiKeys []string
+ secDirty bool
+ BaseURL string `json:"base_url" env:"PICOCLAW_TOOLS_WEB_TAVILY_BASE_URL"`
+ MaxResults int `json:"max_results" env:"PICOCLAW_TOOLS_WEB_TAVILY_MAX_RESULTS"`
+}
+
+// APIKey returns the Tavily API key
+func (c *TavilyConfig) APIKey() string {
+ if len(c.apiKeys) == 0 {
+ return ""
+ }
+ return c.apiKeys[0]
+}
+
+// APIKeys returns the Tavily API keys
+func (c *TavilyConfig) APIKeys() []string {
+ return c.apiKeys
+}
+
+// SetAPIKey sets the Tavily API key
+func (c *TavilyConfig) SetAPIKey(key string) {
+ c.apiKeys = []string{key}
+ c.secDirty = true
+}
+
+// SetAPIKeys sets the Tavily API keys
+func (c *TavilyConfig) SetAPIKeys(keys []string) {
+ c.apiKeys = keys
+ c.secDirty = true
}
type DuckDuckGoConfig struct {
@@ -731,10 +1066,35 @@ type DuckDuckGoConfig struct {
}
type PerplexityConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_TOOLS_WEB_PERPLEXITY_ENABLED"`
- APIKey string `json:"api_key" env:"PICOCLAW_TOOLS_WEB_PERPLEXITY_API_KEY"`
- APIKeys []string `json:"api_keys" env:"PICOCLAW_TOOLS_WEB_PERPLEXITY_API_KEYS"`
- MaxResults int `json:"max_results" env:"PICOCLAW_TOOLS_WEB_PERPLEXITY_MAX_RESULTS"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_TOOLS_WEB_PERPLEXITY_ENABLED"`
+ apiKeys []string
+ secDirty bool
+ MaxResults int `json:"max_results" env:"PICOCLAW_TOOLS_WEB_PERPLEXITY_MAX_RESULTS"`
+}
+
+// APIKey returns the Perplexity API key
+func (c *PerplexityConfig) APIKey() string {
+ if len(c.apiKeys) == 0 {
+ return ""
+ }
+ return c.apiKeys[0]
+}
+
+// SetAPIKey sets the Perplexity API key
+func (c *PerplexityConfig) SetAPIKey(key string) {
+ c.apiKeys = []string{key}
+ c.secDirty = true
+}
+
+// APIKeys returns the Perplexity API keys
+func (c *PerplexityConfig) APIKeys() []string {
+ return c.apiKeys
+}
+
+// SetAPIKeys sets the Perplexity API keys
+func (c *PerplexityConfig) SetAPIKeys(keys []string) {
+ c.apiKeys = keys
+ c.secDirty = true
}
type SearXNGConfig struct {
@@ -744,23 +1104,54 @@ type SearXNGConfig struct {
}
type GLMSearchConfig struct {
- Enabled bool `json:"enabled" env:"PICOCLAW_TOOLS_WEB_GLM_ENABLED"`
- APIKey string `json:"api_key" env:"PICOCLAW_TOOLS_WEB_GLM_API_KEY"`
- BaseURL string `json:"base_url" env:"PICOCLAW_TOOLS_WEB_GLM_BASE_URL"`
+ Enabled bool `json:"enabled" env:"PICOCLAW_TOOLS_WEB_GLM_ENABLED"`
+ apiKey string
+ secDirty bool
+ BaseURL string `json:"base_url" env:"PICOCLAW_TOOLS_WEB_GLM_BASE_URL"`
// SearchEngine specifies the search backend: "search_std" (default),
// "search_pro", "search_pro_sogou", or "search_pro_quark".
SearchEngine string `json:"search_engine" env:"PICOCLAW_TOOLS_WEB_GLM_SEARCH_ENGINE"`
MaxResults int `json:"max_results" env:"PICOCLAW_TOOLS_WEB_GLM_MAX_RESULTS"`
}
+// APIKey returns the GLM search API key
+func (c *GLMSearchConfig) APIKey() string {
+ return c.apiKey
+}
+
+// SetAPIKey sets the GLM search API key (internal use only)
+func (c *GLMSearchConfig) SetAPIKey(key string) {
+ c.apiKey = key
+ c.secDirty = true
+}
+
+type BaiduSearchConfig struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_TOOLS_WEB_BAIDU_ENABLED"`
+ BaseURL string `json:"base_url" env:"PICOCLAW_TOOLS_WEB_BAIDU_BASE_URL"`
+ MaxResults int `json:"max_results" env:"PICOCLAW_TOOLS_WEB_BAIDU_MAX_RESULTS"`
+ apiKey string
+ secDirty bool
+}
+
+// APIKey returns the Baidu search API key
+func (c *BaiduSearchConfig) APIKey() string {
+ return c.apiKey
+}
+
+func (c *BaiduSearchConfig) SetAPIKey(key string) {
+ c.apiKey = key
+ c.secDirty = true
+}
+
type WebToolsConfig struct {
- ToolConfig ` envPrefix:"PICOCLAW_TOOLS_WEB_"`
- Brave BraveConfig ` json:"brave"`
- Tavily TavilyConfig ` json:"tavily"`
- DuckDuckGo DuckDuckGoConfig ` json:"duckduckgo"`
- Perplexity PerplexityConfig ` json:"perplexity"`
- SearXNG SearXNGConfig ` json:"searxng"`
- GLMSearch GLMSearchConfig ` json:"glm_search"`
+ ToolConfig ` envPrefix:"PICOCLAW_TOOLS_WEB_"`
+ Brave BraveConfig ` json:"brave"`
+ Tavily TavilyConfig ` json:"tavily"`
+ DuckDuckGo DuckDuckGoConfig ` json:"duckduckgo"`
+ Perplexity PerplexityConfig ` json:"perplexity"`
+ SearXNG SearXNGConfig ` json:"searxng"`
+ GLMSearch GLMSearchConfig ` json:"glm_search"`
+ BaiduSearch BaiduSearchConfig ` json:"baidu_search"`
// PreferNative controls whether to use provider-native web search when
// the active LLM supports it (e.g. OpenAI web_search_preview). When true,
// the client-side web_search tool is hidden to avoid duplicate search surfaces,
@@ -845,14 +1236,27 @@ type SkillsRegistriesConfig struct {
}
type SkillsGithubConfig struct {
- Token string `json:"token,omitempty" env:"PICOCLAW_TOOLS_SKILLS_GITHUB_AUTH_TOKEN"`
- Proxy string `json:"proxy,omitempty" env:"PICOCLAW_TOOLS_SKILLS_GITHUB_PROXY"`
+ token string
+ secDirty bool
+ Proxy string `json:"proxy,omitempty" env:"PICOCLAW_TOOLS_SKILLS_GITHUB_PROXY"`
+}
+
+// Token returns the GitHub token
+func (c *SkillsGithubConfig) Token() string {
+ return c.token
+}
+
+// SetToken sets the GitHub token
+func (c *SkillsGithubConfig) SetToken(token string) {
+ c.token = token
+ c.secDirty = true
}
type ClawHubRegistryConfig struct {
Enabled bool `json:"enabled" env:"PICOCLAW_SKILLS_REGISTRIES_CLAWHUB_ENABLED"`
BaseURL string `json:"base_url" env:"PICOCLAW_SKILLS_REGISTRIES_CLAWHUB_BASE_URL"`
- AuthToken string `json:"auth_token" env:"PICOCLAW_SKILLS_REGISTRIES_CLAWHUB_AUTH_TOKEN"`
+ authToken string
+ secDirty bool
SearchPath string `json:"search_path" env:"PICOCLAW_SKILLS_REGISTRIES_CLAWHUB_SEARCH_PATH"`
SkillsPath string `json:"skills_path" env:"PICOCLAW_SKILLS_REGISTRIES_CLAWHUB_SKILLS_PATH"`
DownloadPath string `json:"download_path" env:"PICOCLAW_SKILLS_REGISTRIES_CLAWHUB_DOWNLOAD_PATH"`
@@ -861,6 +1265,17 @@ type ClawHubRegistryConfig struct {
MaxResponseSize int `json:"max_response_size" env:"PICOCLAW_SKILLS_REGISTRIES_CLAWHUB_MAX_RESPONSE_SIZE"`
}
+// AuthToken returns the ClawHub auth token
+func (c *ClawHubRegistryConfig) AuthToken() string {
+ return c.authToken
+}
+
+// SetAuthToken sets the ClawHub auth token
+func (c *ClawHubRegistryConfig) SetAuthToken(token string) {
+ c.authToken = token
+ c.secDirty = true
+}
+
// MCPServerConfig defines configuration for a single MCP server
type MCPServerConfig struct {
// Enabled indicates whether this MCP server is active
@@ -894,40 +1309,76 @@ type MCPConfig struct {
}
func LoadConfig(path string) (*Config, error) {
- cfg := DefaultConfig()
-
data, err := os.ReadFile(path)
if err != nil {
if os.IsNotExist(err) {
- return cfg, nil
+ return DefaultConfig(), nil
}
return nil, err
}
- // Pre-scan the JSON to check how many model_list entries the user provided.
- // Go's JSON decoder reuses existing slice backing-array elements rather than
- // zero-initializing them, so fields absent from the user's JSON (e.g. api_base)
- // would silently inherit values from the DefaultConfig template at the same
- // index position. We only reset cfg.ModelList when the user actually provides
- // entries; when count is 0 we keep DefaultConfig's built-in list as fallback.
- var tmp Config
- if err := json.Unmarshal(data, &tmp); err != nil {
- return nil, err
+ // First, try to detect config version by reading the version field
+ var versionInfo struct {
+ Version int `json:"version"`
}
- if len(tmp.ModelList) > 0 {
- cfg.ModelList = nil
+ if e := json.Unmarshal(data, &versionInfo); e != nil {
+ return nil, fmt.Errorf("failed to detect config version: %w", e)
+ }
+ if len(data) <= 10 {
+ return DefaultConfig().WithSecurity(&SecurityConfig{}), nil
}
- if err := json.Unmarshal(data, cfg); err != nil {
- return nil, err
+ // Load config based on detected version
+ var cfg *Config
+ switch versionInfo.Version {
+ case 0:
+ logger.InfoF("config migrate start", map[string]any{"from": versionInfo.Version, "to": CurrentVersion})
+ // Legacy config (no version field)
+ v, e := loadConfigV0(data)
+ if e != nil {
+ return nil, e
+ }
+ cfg, e = v.Migrate()
+ if e != nil {
+ logger.DebugF("config migrate fail", map[string]any{"from": versionInfo.Version, "to": CurrentVersion})
+ return nil, e
+ }
+ logger.DebugF("config migrate success", map[string]any{"from": versionInfo.Version, "to": CurrentVersion})
+ defer func() {
+ _ = SaveConfig(path, cfg)
+ }()
+ case CurrentVersion:
+ // Current version
+ cfg, err = loadConfig(data)
+ if err != nil {
+ return nil, err
+ }
+ default:
+ return nil, fmt.Errorf("unsupported config version: %d", versionInfo.Version)
+ }
+
+ // Load security configuration
+ securityPath := securityPath(path)
+ sec, err := loadSecurityConfig(securityPath)
+ if err != nil {
+ return nil, fmt.Errorf("failed to load security config: %w", err)
+ }
+
+ // Apply security references from .security.yml BEFORE resolveAPIKeys
+ // This resolves ref: references to actual values
+ if err := applySecurityConfig(cfg, sec); err != nil {
+ return nil, fmt.Errorf("failed to apply security config: %w", err)
}
if passphrase := credential.PassphraseProvider(); passphrase != "" {
for _, m := range cfg.ModelList {
- if m.APIKey != "" && !strings.HasPrefix(m.APIKey, "enc://") && !strings.HasPrefix(m.APIKey, "file://") {
- fmt.Fprintf(os.Stderr,
- "picoclaw: warning: model %q has a plaintext api_key; call SaveConfig to encrypt it\n",
- m.ModelName)
+ for _, k := range m.apiKeys {
+ if k != "" && !strings.HasPrefix(k, "enc://") && !strings.HasPrefix(k, "file://") {
+ fmt.Fprintf(os.Stderr,
+ "picoclaw: warning: model %q has a plaintext api_key; call SaveConfig to encrypt it\n",
+ m.ModelName)
+ break // Only warn once per model
+ }
}
}
}
@@ -940,55 +1391,264 @@ func LoadConfig(path string) (*Config, error) {
return nil, err
}
+ // Resolve security fields like authToken that may contain file:// references
+ if err := resolveSecurityFields(cfg, filepath.Dir(path)); err != nil {
+ return nil, err
+ }
+
// Expand multi-key configs into separate entries for key-level failover
- cfg.ModelList = ExpandMultiKeyModels(cfg.ModelList)
+ cfg.ModelList = expandMultiKeyModels(cfg.ModelList)
// Migrate legacy channel config fields to new unified structures
cfg.migrateChannelConfigs()
- // Auto-migrate: if only legacy providers config exists, convert to model_list
- if len(cfg.ModelList) == 0 && cfg.HasProvidersConfig() {
- cfg.ModelList = ConvertProvidersToModelList(cfg)
- }
-
- // Inherit credentials from providers to model_list entries (#1635).
- // When both providers and model_list are present, model_list entries
- // whose api_key/api_base are empty will inherit from the matching
- // provider (matched by protocol prefix). Explicit model_list values
- // always take precedence.
- if cfg.HasProvidersConfig() {
- InheritProviderCredentials(cfg.ModelList, cfg.Providers)
- }
-
// Validate model_list for uniqueness and required fields
if err := cfg.ValidateModelList(); err != nil {
return nil, err
}
+ // Ensure Workspace has a default if not set
+ if cfg.Agents.Defaults.Workspace == "" {
+ homePath, _ := os.UserHomeDir()
+ if picoclawHome := os.Getenv(EnvHome); picoclawHome != "" {
+ homePath = picoclawHome
+ } else if homePath != "" {
+ homePath = filepath.Join(homePath, pkg.DefaultPicoClawHome)
+ }
+ cfg.Agents.Defaults.Workspace = filepath.Join(homePath, pkg.WorkspaceName)
+ }
+
return cfg, nil
}
+func copyArray[T any](dst, src *[]T) {
+ *dst = make([]T, len(*src))
+ copy(*dst, *src)
+}
+
+// applySecurityConfig resolves all security references in config
+// It checks each field for "ref:" prefixed values and resolves them from .security.yml
+func applySecurityConfig(cfg *Config, sec *SecurityConfig) error {
+ if sec == nil {
+ return nil
+ }
+
+ if sec.Web.Brave != nil && len(sec.Web.Brave.APIKeys) > 0 {
+ copyArray(&cfg.Tools.Web.Brave.apiKeys, &sec.Web.Brave.APIKeys)
+ }
+
+ if sec.Web.Tavily != nil && len(sec.Web.Tavily.APIKeys) > 0 {
+ copyArray(&cfg.Tools.Web.Tavily.apiKeys, &sec.Web.Tavily.APIKeys)
+ }
+
+ if sec.Web.Perplexity != nil && len(sec.Web.Perplexity.APIKeys) > 0 {
+ copyArray(&cfg.Tools.Web.Perplexity.apiKeys, &sec.Web.Perplexity.APIKeys)
+ }
+
+ if sec.Web.GLMSearch != nil && sec.Web.GLMSearch.APIKey != "" {
+ cfg.Tools.Web.GLMSearch.apiKey = sec.Web.GLMSearch.APIKey
+ }
+
+ if sec.Web.BaiduSearch != nil && sec.Web.BaiduSearch.APIKey != "" {
+ cfg.Tools.Web.BaiduSearch.apiKey = sec.Web.BaiduSearch.APIKey
+ }
+
+ if sec.Skills.Github != nil && sec.Skills.Github.Token != "" {
+ cfg.Tools.Skills.Github.token = sec.Skills.Github.Token
+ }
+
+ if sec.Skills.ClawHub != nil && sec.Skills.ClawHub.AuthToken != "" {
+ cfg.Tools.Skills.Registries.ClawHub.authToken = sec.Skills.ClawHub.AuthToken
+ }
+
+ names := toNameIndex(cfg.ModelList)
+ for i, model := range cfg.ModelList {
+ // Try exact match first (e.g., "abc:0" -> "abc:0")
+ if entry, exists := sec.ModelList[names[i]]; exists {
+ copyArray(&model.apiKeys, &entry.APIKeys)
+ model.secModelName = names[i]
+ continue
+ }
+
+ // Try match without index suffix (e.g., "abc" -> "abc")
+ // This allows .security.yml to use simpler keys like "test-model" instead of "test-model:0"
+ baseName := model.ModelName
+ if entry, exists := sec.ModelList[baseName]; exists {
+ copyArray(&model.apiKeys, &entry.APIKeys)
+ model.secModelName = baseName
+ continue
+ }
+ }
+
+ // Handle Telegram token
+ if sec.Channels.Telegram != nil && sec.Channels.Telegram.Token != "" {
+ cfg.Channels.Telegram.token = sec.Channels.Telegram.Token
+ }
+
+ // Handle Feishu credentials
+ if sec.Channels.Feishu != nil {
+ if sec.Channels.Feishu.AppSecret != "" {
+ cfg.Channels.Feishu.appSecret = sec.Channels.Feishu.AppSecret
+ }
+ if sec.Channels.Feishu.EncryptKey != "" {
+ cfg.Channels.Feishu.encryptKey = sec.Channels.Feishu.EncryptKey
+ }
+ if sec.Channels.Feishu.VerificationToken != "" {
+ cfg.Channels.Feishu.verificationToken = sec.Channels.Feishu.VerificationToken
+ }
+ }
+
+ // Handle Discord token
+ if sec.Channels.Discord != nil && sec.Channels.Discord.Token != "" {
+ cfg.Channels.Discord.token = sec.Channels.Discord.Token
+ }
+
+ // Handle Weixin token
+ if sec.Channels.Weixin != nil && sec.Channels.Weixin.Token != "" {
+ cfg.Channels.Discord.token = sec.Channels.Discord.Token
+ }
+
+ // Handle DingTalk client secret
+ if sec.Channels.DingTalk != nil && sec.Channels.DingTalk.ClientSecret != "" {
+ cfg.Channels.DingTalk.clientSecret = sec.Channels.DingTalk.ClientSecret
+ }
+
+ // Handle Slack tokens
+ if sec.Channels.Slack != nil {
+ if sec.Channels.Slack.BotToken != "" {
+ cfg.Channels.Slack.botToken = sec.Channels.Slack.BotToken
+ }
+ if sec.Channels.Slack.AppToken != "" {
+ cfg.Channels.Slack.appToken = sec.Channels.Slack.AppToken
+ }
+ }
+
+ // Handle Matrix access token
+ if sec.Channels.Matrix != nil && sec.Channels.Matrix.AccessToken != "" {
+ cfg.Channels.Matrix.accessToken = sec.Channels.Matrix.AccessToken
+ }
+
+ // Handle LINE credentials
+ if sec.Channels.LINE != nil {
+ if sec.Channels.LINE.ChannelSecret != "" {
+ cfg.Channels.LINE.channelSecret = sec.Channels.LINE.ChannelSecret
+ }
+ if sec.Channels.LINE.ChannelAccessToken != "" {
+ cfg.Channels.LINE.channelAccessToken = sec.Channels.LINE.ChannelAccessToken
+ }
+ }
+
+ // Handle OneBot access token
+ if sec.Channels.OneBot != nil && sec.Channels.OneBot.AccessToken != "" {
+ cfg.Channels.OneBot.accessToken = sec.Channels.OneBot.AccessToken
+ }
+
+ // Handle WeCom token and encoding key
+ if sec.Channels.WeCom != nil {
+ if sec.Channels.WeCom.Token != "" {
+ cfg.Channels.WeCom.token = sec.Channels.WeCom.Token
+ }
+ if sec.Channels.WeCom.EncodingAESKey != "" {
+ cfg.Channels.WeCom.encodingAESKey = sec.Channels.WeCom.EncodingAESKey
+ }
+ }
+
+ // Handle WeCom App credentials
+ if sec.Channels.WeComApp != nil {
+ if sec.Channels.WeComApp.CorpSecret != "" {
+ cfg.Channels.WeComApp.corpSecret = sec.Channels.WeComApp.CorpSecret
+ }
+ if sec.Channels.WeComApp.Token != "" {
+ cfg.Channels.WeComApp.token = sec.Channels.WeComApp.Token
+ }
+ if sec.Channels.WeComApp.EncodingAESKey != "" {
+ cfg.Channels.WeComApp.encodingAESKey = sec.Channels.WeComApp.EncodingAESKey
+ }
+ }
+
+ // Handle WeCom AI Bot credentials
+ if sec.Channels.WeComAIBot != nil {
+ if sec.Channels.WeComAIBot.Token != "" {
+ cfg.Channels.WeComAIBot.token = sec.Channels.WeComAIBot.Token
+ }
+ if sec.Channels.WeComAIBot.EncodingAESKey != "" {
+ cfg.Channels.WeComAIBot.encodingAESKey = sec.Channels.WeComAIBot.EncodingAESKey
+ }
+ if sec.Channels.WeComAIBot.Secret != "" {
+ cfg.Channels.WeComAIBot.secret = sec.Channels.WeComAIBot.Secret
+ }
+ }
+
+ // Handle Pico channel token
+ if sec.Channels.Pico != nil && sec.Channels.Pico.Token != "" {
+ cfg.Channels.Pico.token = sec.Channels.Pico.Token
+ }
+
+ // Handle IRC passwords
+ if sec.Channels.IRC != nil {
+ if sec.Channels.IRC.Password != "" {
+ cfg.Channels.IRC.password = sec.Channels.IRC.Password
+ }
+ if sec.Channels.IRC.NickServPassword != "" {
+ cfg.Channels.IRC.nickServPassword = sec.Channels.IRC.NickServPassword
+ }
+ if sec.Channels.IRC.SASLPassword != "" {
+ cfg.Channels.IRC.saslPassword = sec.Channels.IRC.SASLPassword
+ }
+ }
+
+ // Handle QQ app secret
+ if sec.Channels.QQ != nil && sec.Channels.QQ.AppSecret != "" {
+ cfg.Channels.QQ.appSecret = sec.Channels.QQ.AppSecret
+ }
+
+ cfg.security = sec
+
+ return nil
+}
+
+func toNameIndex(list []*ModelConfig) []string {
+ nameList := make([]string, 0, len(list))
+ countMap := make(map[string]int)
+ for _, model := range list {
+ name := model.ModelName
+ index := countMap[name]
+ nameList = append(nameList, fmt.Sprintf("%s:%d", name, index))
+ countMap[name]++
+ }
+ return nameList
+}
+
// encryptPlaintextAPIKeys returns a copy of models with plaintext api_key values
// encrypted. Returns (nil, nil) when nothing changed (all keys already sealed or
// empty). Returns (nil, error) if any key fails to encrypt — callers must treat
// this as a hard failure to prevent a mixed plaintext/ciphertext state on disk.
// Symmetric counterpart of resolveAPIKeys: both operate purely on []ModelConfig
// and leave JSON marshaling to the caller.
-func encryptPlaintextAPIKeys(models []ModelConfig, passphrase string) ([]ModelConfig, error) {
- sealed := make([]ModelConfig, len(models))
- copy(sealed, models)
+func encryptPlaintextAPIKeys(
+ models map[string]ModelSecurityEntry,
+ passphrase string,
+) (map[string]ModelSecurityEntry, error) {
+ sealed := make(map[string]ModelSecurityEntry, len(models))
changed := false
- for i := range sealed {
- m := &sealed[i]
- if m.APIKey == "" || strings.HasPrefix(m.APIKey, "enc://") || strings.HasPrefix(m.APIKey, "file://") {
- continue
+ for k, m := range models {
+ sealedEntry := ModelSecurityEntry{APIKeys: make([]string, len(m.APIKeys))}
+
+ // Encrypt each key in APIKeys
+ for i, key := range m.APIKeys {
+ if key == "" || strings.HasPrefix(key, "enc://") || strings.HasPrefix(key, "file://") {
+ sealedEntry.APIKeys[i] = key
+ continue
+ }
+ encrypted, err := credential.Encrypt(passphrase, "", key)
+ if err != nil {
+ return nil, fmt.Errorf("cannot seal api_key for model %q: %w", k, err)
+ }
+ sealedEntry.APIKeys[i] = encrypted
+ changed = true
}
- encrypted, err := credential.Encrypt(passphrase, "", m.APIKey)
- if err != nil {
- return nil, fmt.Errorf("cannot seal api_key for model %q: %w", m.ModelName, err)
- }
- m.APIKey = encrypted
- changed = true
+
+ sealed[k] = sealedEntry
}
if !changed {
return nil, nil
@@ -998,24 +1658,22 @@ func encryptPlaintextAPIKeys(models []ModelConfig, passphrase string) ([]ModelCo
// resolveAPIKeys decrypts or dereferences each api_key in models in-place.
// Supports plaintext (no-op), file:// (read from configDir), and enc:// (AES-GCM decrypt).
-// Also resolves api_keys array if present.
-func resolveAPIKeys(models []ModelConfig, configDir string) error {
+func resolveAPIKeys(models []*ModelConfig, configDir string) error {
cr := credential.NewResolver(configDir)
for i := range models {
- // Resolve single APIKey
- resolved, err := cr.Resolve(models[i].APIKey)
- if err != nil {
- return fmt.Errorf("model_list[%d] (%s): %w", i, models[i].ModelName, err)
- }
- models[i].APIKey = resolved
-
// Resolve APIKeys array
- for j, key := range models[i].APIKeys {
+ for j, key := range models[i].apiKeys {
resolved, err := cr.Resolve(key)
if err != nil {
- return fmt.Errorf("model_list[%d] (%s): api_keys[%d]: %w", i, models[i].ModelName, j, err)
+ return fmt.Errorf(
+ "model_list[%d] (%s): api_keys[%d]: %w",
+ i,
+ models[i].ModelName,
+ j,
+ err,
+ )
}
- models[i].APIKeys[j] = resolved
+ models[i].apiKeys[j] = resolved
}
}
return nil
@@ -1035,17 +1693,187 @@ func (c *Config) migrateChannelConfigs() {
}
func SaveConfig(path string, cfg *Config) error {
+ if cfg.security == nil {
+ logger.Errorf("config %#v", *cfg)
+ if len(cfg.ModelList) > 0 {
+ logger.Errorf("model[0] %#v", cfg.ModelList[0])
+ }
+ logger.ErrorC("config", "security is nil")
+ return fmt.Errorf("security is nil")
+ }
+ // Ensure version is always set when saving
+ if cfg.Version == 0 {
+ cfg.Version = CurrentVersion
+ }
+ names := toNameIndex(cfg.ModelList)
+ for i, m := range cfg.ModelList {
+ if m.secDirty {
+ if m.secModelName == "" {
+ m.secModelName = names[i]
+ }
+ cfg.security.ModelList[m.secModelName] = ModelSecurityEntry{
+ APIKeys: m.apiKeys,
+ }
+ m.secDirty = false
+ }
+ }
+ if cfg.Channels.Pico.secDirty {
+ cfg.security.Channels.Pico = &PicoSecurity{
+ Token: cfg.Channels.Pico.Token(),
+ }
+ cfg.Channels.Pico.secDirty = false
+ }
+ if cfg.Channels.IRC.secDirty {
+ cfg.security.Channels.IRC = &IRCSecurity{
+ Password: cfg.Channels.IRC.password,
+ NickServPassword: cfg.Channels.IRC.nickServPassword,
+ SASLPassword: cfg.Channels.IRC.saslPassword,
+ }
+ cfg.Channels.IRC.secDirty = false
+ }
+ if cfg.Channels.Telegram.secDirty {
+ cfg.security.Channels.Telegram = &TelegramSecurity{
+ Token: cfg.Channels.Telegram.Token(),
+ }
+ cfg.Channels.Telegram.secDirty = false
+ }
+ if cfg.Channels.Feishu.secDirty {
+ cfg.security.Channels.Feishu = &FeishuSecurity{
+ AppSecret: cfg.Channels.Feishu.AppSecret(),
+ EncryptKey: cfg.Channels.Feishu.EncryptKey(),
+ VerificationToken: cfg.Channels.Feishu.VerificationToken(),
+ }
+ cfg.Channels.Feishu.secDirty = false
+ }
+ if cfg.Channels.Discord.secDirty {
+ cfg.security.Channels.Discord = &DiscordSecurity{
+ Token: cfg.Channels.Discord.Token(),
+ }
+ cfg.Channels.Discord.secDirty = false
+ }
+ if cfg.Channels.Weixin.secDirty {
+ cfg.security.Channels.Weixin = &WeixinSecurity{
+ Token: cfg.Channels.Weixin.Token(),
+ }
+ cfg.Channels.Discord.secDirty = false
+ }
+ if cfg.Channels.QQ.secDirty {
+ cfg.security.Channels.QQ = &QQSecurity{
+ AppSecret: cfg.Channels.QQ.AppSecret(),
+ }
+ cfg.Channels.QQ.secDirty = false
+ }
+ if cfg.Channels.DingTalk.secDirty {
+ cfg.security.Channels.DingTalk = &DingTalkSecurity{
+ ClientSecret: cfg.Channels.DingTalk.ClientSecret(),
+ }
+ cfg.Channels.DingTalk.secDirty = false
+ }
+ if cfg.Channels.Slack.secDirty {
+ cfg.security.Channels.Slack = &SlackSecurity{
+ BotToken: cfg.Channels.Slack.BotToken(),
+ AppToken: cfg.Channels.Slack.AppToken(),
+ }
+ cfg.Channels.Slack.secDirty = false
+ }
+ if cfg.Channels.Matrix.secDirty {
+ cfg.security.Channels.Matrix = &MatrixSecurity{
+ AccessToken: cfg.Channels.Matrix.AccessToken(),
+ }
+ cfg.Channels.Matrix.secDirty = false
+ }
+ if cfg.Channels.LINE.secDirty {
+ cfg.security.Channels.LINE = &LINESecurity{
+ ChannelSecret: cfg.Channels.LINE.ChannelSecret(),
+ ChannelAccessToken: cfg.Channels.LINE.ChannelAccessToken(),
+ }
+ cfg.Channels.LINE.secDirty = false
+ }
+ if cfg.Channels.OneBot.secDirty {
+ cfg.security.Channels.OneBot = &OneBotSecurity{
+ AccessToken: cfg.Channels.OneBot.AccessToken(),
+ }
+ cfg.Channels.OneBot.secDirty = false
+ }
+ if cfg.Channels.WeCom.secDirty {
+ cfg.security.Channels.WeCom = &WeComSecurity{
+ Token: cfg.Channels.WeCom.Token(),
+ EncodingAESKey: cfg.Channels.WeCom.EncodingAESKey(),
+ }
+ cfg.Channels.WeCom.secDirty = false
+ }
+ if cfg.Channels.WeComApp.secDirty {
+ cfg.security.Channels.WeComApp = &WeComAppSecurity{
+ CorpSecret: cfg.Channels.WeComApp.CorpSecret(),
+ Token: cfg.Channels.WeComApp.Token(),
+ EncodingAESKey: cfg.Channels.WeComApp.EncodingAESKey(),
+ }
+ cfg.Channels.WeComApp.secDirty = false
+ }
+ if cfg.Channels.WeComAIBot.secDirty {
+ cfg.security.Channels.WeComAIBot = &WeComAIBotSecurity{
+ Token: cfg.Channels.WeComAIBot.Token(),
+ EncodingAESKey: cfg.Channels.WeComAIBot.EncodingAESKey(),
+ Secret: cfg.Channels.WeComAIBot.Secret(),
+ }
+ cfg.Channels.WeComAIBot.secDirty = false
+ }
+ if cfg.Tools.Web.Brave.secDirty {
+ cfg.security.Web.Brave = &BraveSecurity{
+ APIKeys: cfg.Tools.Web.Brave.APIKeys(),
+ }
+ cfg.Tools.Web.Brave.secDirty = false
+ }
+ if cfg.Tools.Web.Tavily.secDirty {
+ cfg.security.Web.Tavily = &TavilySecurity{
+ APIKeys: cfg.Tools.Web.Tavily.APIKeys(),
+ }
+ cfg.Tools.Web.Tavily.secDirty = false
+ }
+ if cfg.Tools.Web.Perplexity.secDirty {
+ cfg.security.Web.Perplexity = &PerplexitySecurity{
+ APIKeys: cfg.Tools.Web.Perplexity.APIKeys(),
+ }
+ cfg.Tools.Web.Perplexity.secDirty = false
+ }
+ if cfg.Tools.Web.GLMSearch.secDirty {
+ cfg.security.Web.GLMSearch = &GLMSearchSecurity{
+ APIKey: cfg.Tools.Web.GLMSearch.APIKey(),
+ }
+ cfg.Tools.Web.GLMSearch.secDirty = false
+ }
+ if cfg.Tools.Web.BaiduSearch.secDirty {
+ cfg.security.Web.BaiduSearch = &BaiduSearchSecurity{
+ APIKey: cfg.Tools.Web.BaiduSearch.APIKey(),
+ }
+ cfg.Tools.Web.BaiduSearch.secDirty = false
+ }
+ if cfg.Tools.Skills.Github.secDirty {
+ cfg.security.Skills.Github = &GithubSecurity{
+ Token: cfg.Tools.Skills.Github.Token(),
+ }
+ cfg.Tools.Skills.Github.secDirty = false
+ }
+ if cfg.Tools.Skills.Registries.ClawHub.secDirty {
+ cfg.security.Skills.ClawHub = &ClawHubSecurity{
+ AuthToken: cfg.Tools.Skills.Registries.ClawHub.AuthToken(),
+ }
+ cfg.Tools.Skills.Registries.ClawHub.secDirty = false
+ }
+
if passphrase := credential.PassphraseProvider(); passphrase != "" {
- sealed, err := encryptPlaintextAPIKeys(cfg.ModelList, passphrase)
+ sealed, err := encryptPlaintextAPIKeys(cfg.security.ModelList, passphrase)
if err != nil {
return err
}
if sealed != nil {
- tmp := *cfg
- tmp.ModelList = sealed
- cfg = &tmp
+ cfg.security.ModelList = sealed
}
}
+ if err := saveSecurityConfig(securityPath(path), cfg.security); err != nil {
+ logger.ErrorCF("config", "cannot save .security.yml", map[string]any{"error": err})
+ return err
+ }
data, err := json.MarshalIndent(cfg, "", " ")
if err != nil {
@@ -1058,53 +1886,6 @@ func (c *Config) WorkspacePath() string {
return expandHome(c.Agents.Defaults.Workspace)
}
-func (c *Config) GetAPIKey() string {
- if c.Providers.OpenRouter.APIKey != "" {
- return c.Providers.OpenRouter.APIKey
- }
- if c.Providers.Anthropic.APIKey != "" {
- return c.Providers.Anthropic.APIKey
- }
- if c.Providers.OpenAI.APIKey != "" {
- return c.Providers.OpenAI.APIKey
- }
- if c.Providers.Gemini.APIKey != "" {
- return c.Providers.Gemini.APIKey
- }
- if c.Providers.Zhipu.APIKey != "" {
- return c.Providers.Zhipu.APIKey
- }
- if c.Providers.Groq.APIKey != "" {
- return c.Providers.Groq.APIKey
- }
- if c.Providers.VLLM.APIKey != "" {
- return c.Providers.VLLM.APIKey
- }
- if c.Providers.ShengSuanYun.APIKey != "" {
- return c.Providers.ShengSuanYun.APIKey
- }
- if c.Providers.Cerebras.APIKey != "" {
- return c.Providers.Cerebras.APIKey
- }
- return ""
-}
-
-func (c *Config) GetAPIBase() string {
- if c.Providers.OpenRouter.APIKey != "" {
- if c.Providers.OpenRouter.APIBase != "" {
- return c.Providers.OpenRouter.APIBase
- }
- return "https://openrouter.ai/api/v1"
- }
- if c.Providers.Zhipu.APIKey != "" {
- return c.Providers.Zhipu.APIBase
- }
- if c.Providers.VLLM.APIKey != "" && c.Providers.VLLM.APIBase != "" {
- return c.Providers.VLLM.APIBase
- }
- return ""
-}
-
func expandHome(path string) string {
if path == "" {
return path
@@ -1128,17 +1909,17 @@ func (c *Config) GetModelConfig(modelName string) (*ModelConfig, error) {
return nil, fmt.Errorf("model %q not found in model_list or providers", modelName)
}
if len(matches) == 1 {
- return &matches[0], nil
+ return matches[0], nil
}
// Multiple configs - use round-robin for load balancing
idx := (rrCounter.Add(1) - 1) % uint64(len(matches))
- return &matches[idx], nil
+ return matches[idx], nil
}
// findMatches finds all ModelConfig entries with the given model_name.
-func (c *Config) findMatches(modelName string) []ModelConfig {
- var matches []ModelConfig
+func (c *Config) findMatches(modelName string) []*ModelConfig {
+ var matches []*ModelConfig
for i := range c.ModelList {
if c.ModelList[i].ModelName == modelName {
matches = append(matches, c.ModelList[i])
@@ -1147,11 +1928,6 @@ func (c *Config) findMatches(modelName string) []ModelConfig {
return matches
}
-// HasProvidersConfig checks if any provider in the old providers config has configuration.
-func (c *Config) HasProvidersConfig() bool {
- return !c.Providers.IsEmpty()
-}
-
// ValidateModelList validates all ModelConfig entries in the model_list.
// It checks that each model config is valid.
// Note: Multiple entries with the same model_name are allowed for load balancing.
@@ -1164,6 +1940,10 @@ func (c *Config) ValidateModelList() error {
return nil
}
+func (c *Config) SecurityCopyFrom(cfg *Config) {
+ c.security = cfg.security
+}
+
func MergeAPIKeys(apiKey string, apiKeys []string) []string {
seen := make(map[string]struct{})
var all []string
@@ -1187,28 +1967,92 @@ func MergeAPIKeys(apiKey string, apiKeys []string) []string {
return all
}
-// ExpandMultiKeyModels expands ModelConfig entries with multiple API keys into
+// resolveSecurityFields resolves file:// and enc:// references in security-sensitive fields
+// like authToken and token that are not part of ModelConfig's apiKeys
+func resolveSecurityFields(cfg *Config, configDir string) error {
+ cr := credential.NewResolver(configDir)
+
+ // Resolve Web tool API keys - set apiKey field to first resolved apiKeys entry
+ if len(cfg.Tools.Web.Brave.apiKeys) > 0 {
+ keys := cfg.Tools.Web.Brave.apiKeys
+ for i, key := range keys {
+ resolved, err := cr.Resolve(key)
+ if err != nil {
+ return fmt.Errorf("brave api_keys[%d]: %w", i, err)
+ }
+ keys[i] = resolved
+ }
+ }
+
+ if len(cfg.Tools.Web.Tavily.apiKeys) > 0 {
+ keys := cfg.Tools.Web.Tavily.apiKeys
+ for i, key := range keys {
+ resolved, err := cr.Resolve(key)
+ if err != nil {
+ return fmt.Errorf("tavily api_keys[%d]: %w", i, err)
+ }
+ keys[i] = resolved
+ }
+ }
+
+ if len(cfg.Tools.Web.Perplexity.apiKeys) > 0 {
+ keys := cfg.Tools.Web.Perplexity.apiKeys
+ for i, key := range keys {
+ resolved, err := cr.Resolve(key)
+ if err != nil {
+ return fmt.Errorf("perplexity api_keys[%d]: %w", i, err)
+ }
+ keys[i] = resolved
+ }
+ }
+
+ // GLMSearch has a private apiKey field
+ if cfg.Tools.Web.GLMSearch.apiKey != "" {
+ resolved, err := cr.Resolve(cfg.Tools.Web.GLMSearch.apiKey)
+ if err != nil {
+ return fmt.Errorf("glm api_key: %w", err)
+ }
+ cfg.Tools.Web.GLMSearch.apiKey = resolved
+ }
+
+ // Resolve Skills tokens
+ if cfg.Tools.Skills.Github.token != "" {
+ resolved, err := cr.Resolve(cfg.Tools.Skills.Github.token)
+ if err != nil {
+ return fmt.Errorf("github token: %w", err)
+ }
+ cfg.Tools.Skills.Github.token = resolved
+ }
+
+ if cfg.Tools.Skills.Registries.ClawHub.authToken != "" {
+ resolved, err := cr.Resolve(cfg.Tools.Skills.Registries.ClawHub.authToken)
+ if err != nil {
+ return fmt.Errorf("clawhub auth_token: %w", err)
+ }
+ cfg.Tools.Skills.Registries.ClawHub.authToken = resolved
+ }
+
+ return nil
+}
+
+// expandMultiKeyModels expands ModelConfig entries with multiple API keys into
// separate entries for key-level failover. Each key gets its own ModelConfig entry,
// and the original entry's fallbacks are set up to chain through the expanded entries.
//
// Example: {"model_name": "gpt-4", "api_keys": ["k1", "k2", "k3"]}
// Becomes:
-// - {"model_name": "gpt-4", "api_key": "k1", "fallbacks": ["gpt-4__key_1", "gpt-4__key_2"]}
-// - {"model_name": "gpt-4__key_1", "api_key": "k2"}
-// - {"model_name": "gpt-4__key_2", "api_key": "k3"}
-func ExpandMultiKeyModels(models []ModelConfig) []ModelConfig {
- var expanded []ModelConfig
+// - {"model_name": "gpt-4", "api_keys": ["k1"], "fallbacks": ["gpt-4__key_1", "gpt-4__key_2"]}
+// - {"model_name": "gpt-4__key_1", "api_keys": {"k2"}}
+// - {"model_name": "gpt-4__key_2", "api_keys": {"k3"}}
+func expandMultiKeyModels(models []*ModelConfig) []*ModelConfig {
+ var expanded []*ModelConfig
for _, m := range models {
- keys := MergeAPIKeys(m.APIKey, m.APIKeys)
+ keys := MergeAPIKeys("", m.apiKeys)
// Single key or no keys: keep as-is
if len(keys) <= 1 {
- // Ensure APIKey is set from APIKeys if needed
- if m.APIKey == "" && len(keys) == 1 {
- m.APIKey = keys[0]
- }
- m.APIKeys = nil // Clear APIKeys to avoid confusion
+ m.apiKeys = keys
expanded = append(expanded, m)
continue
}
@@ -1223,11 +2067,11 @@ func ExpandMultiKeyModels(models []ModelConfig) []ModelConfig {
expandedName := originalName + suffix
// Create a copy for the additional key
- additionalEntry := ModelConfig{
+ additionalEntry := &ModelConfig{
ModelName: expandedName,
Model: m.Model,
APIBase: m.APIBase,
- APIKey: keys[i],
+ apiKeys: []string{keys[i]},
Proxy: m.Proxy,
AuthMethod: m.AuthMethod,
ConnectMode: m.ConnectMode,
@@ -1242,11 +2086,10 @@ func ExpandMultiKeyModels(models []ModelConfig) []ModelConfig {
}
// Create the primary entry with first key and fallbacks
- primaryEntry := ModelConfig{
+ primaryEntry := &ModelConfig{
ModelName: originalName,
Model: m.Model,
APIBase: m.APIBase,
- APIKey: keys[0],
Proxy: m.Proxy,
AuthMethod: m.AuthMethod,
ConnectMode: m.ConnectMode,
@@ -1255,6 +2098,7 @@ func ExpandMultiKeyModels(models []ModelConfig) []ModelConfig {
MaxTokensField: m.MaxTokensField,
RequestTimeout: m.RequestTimeout,
ThinkingLevel: m.ThinkingLevel,
+ apiKeys: []string{keys[0]},
}
// Prepend new fallbacks to existing ones
diff --git a/pkg/config/config_old.go b/pkg/config/config_old.go
new file mode 100644
index 000000000..c7c7f0028
--- /dev/null
+++ b/pkg/config/config_old.go
@@ -0,0 +1,1032 @@
+// PicoClaw - Ultra-lightweight personal AI agent
+// License: MIT
+//
+// Copyright (c) 2026 PicoClaw contributors
+
+package config
+
+import "encoding/json"
+
+type agentDefaultsV0 struct {
+ Workspace string `json:"workspace" env:"PICOCLAW_AGENTS_DEFAULTS_WORKSPACE"`
+ RestrictToWorkspace bool `json:"restrict_to_workspace" env:"PICOCLAW_AGENTS_DEFAULTS_RESTRICT_TO_WORKSPACE"`
+ AllowReadOutsideWorkspace bool `json:"allow_read_outside_workspace" env:"PICOCLAW_AGENTS_DEFAULTS_ALLOW_READ_OUTSIDE_WORKSPACE"`
+ Provider string `json:"provider" env:"PICOCLAW_AGENTS_DEFAULTS_PROVIDER"`
+ ModelName string `json:"model_name,omitempty" env:"PICOCLAW_AGENTS_DEFAULTS_MODEL_NAME"`
+ Model string `json:"model" env:"PICOCLAW_AGENTS_DEFAULTS_MODEL"` // Deprecated: use model_name instead
+ ModelFallbacks []string `json:"model_fallbacks,omitempty"`
+ ImageModel string `json:"image_model,omitempty" env:"PICOCLAW_AGENTS_DEFAULTS_IMAGE_MODEL"`
+ ImageModelFallbacks []string `json:"image_model_fallbacks,omitempty"`
+ MaxTokens int `json:"max_tokens" env:"PICOCLAW_AGENTS_DEFAULTS_MAX_TOKENS"`
+ Temperature *float64 `json:"temperature,omitempty" env:"PICOCLAW_AGENTS_DEFAULTS_TEMPERATURE"`
+ MaxToolIterations int `json:"max_tool_iterations" env:"PICOCLAW_AGENTS_DEFAULTS_MAX_TOOL_ITERATIONS"`
+ SummarizeMessageThreshold int `json:"summarize_message_threshold" env:"PICOCLAW_AGENTS_DEFAULTS_SUMMARIZE_MESSAGE_THRESHOLD"`
+ SummarizeTokenPercent int `json:"summarize_token_percent" env:"PICOCLAW_AGENTS_DEFAULTS_SUMMARIZE_TOKEN_PERCENT"`
+ MaxMediaSize int `json:"max_media_size,omitempty" env:"PICOCLAW_AGENTS_DEFAULTS_MAX_MEDIA_SIZE"`
+ Routing *RoutingConfig `json:"routing,omitempty"`
+}
+
+// GetModelName returns the effective model name for the agent defaults.
+// It prefers the new "model_name" field but falls back to "model" for backward compatibility.
+func (d *agentDefaultsV0) GetModelName() string {
+ if d.ModelName != "" {
+ return d.ModelName
+ }
+ return d.Model
+}
+
+type agentsConfigV0 struct {
+ Defaults agentDefaultsV0 `json:"defaults"`
+ List []AgentConfig `json:"list,omitempty"`
+}
+
+// configV0 represents the config structure before versioning was introduced.
+// This struct is used for loading legacy config files (version 0).
+// It is unexported since it's only used internally for migration.
+type configV0 struct {
+ Agents agentsConfigV0 `json:"agents"`
+ Bindings []AgentBinding `json:"bindings,omitempty"`
+ Session SessionConfig `json:"session,omitempty"`
+ Channels channelsConfigV0 `json:"channels"`
+ Providers providersConfigV0 `json:"providers,omitempty"`
+ ModelList []modelConfigV0 `json:"model_list"`
+ Gateway GatewayConfig `json:"gateway"`
+ Tools toolsConfigV0 `json:"tools"`
+ Heartbeat HeartbeatConfig `json:"heartbeat"`
+ Devices DevicesConfig `json:"devices"`
+}
+
+type toolsConfigV0 struct {
+ AllowReadPaths []string `json:"allow_read_paths" env:"PICOCLAW_TOOLS_ALLOW_READ_PATHS"`
+ AllowWritePaths []string `json:"allow_write_paths" env:"PICOCLAW_TOOLS_ALLOW_WRITE_PATHS"`
+ Web webToolsConfigV0 `json:"web"`
+ Cron CronToolsConfig `json:"cron"`
+ Exec ExecConfig `json:"exec"`
+ Skills skillsToolsConfigV0 `json:"skills"`
+ MediaCleanup MediaCleanupConfig `json:"media_cleanup"`
+ MCP MCPConfig `json:"mcp"`
+ AppendFile ToolConfig `json:"append_file" envPrefix:"PICOCLAW_TOOLS_APPEND_FILE_"`
+ EditFile ToolConfig `json:"edit_file" envPrefix:"PICOCLAW_TOOLS_EDIT_FILE_"`
+ FindSkills ToolConfig `json:"find_skills" envPrefix:"PICOCLAW_TOOLS_FIND_SKILLS_"`
+ I2C ToolConfig `json:"i2c" envPrefix:"PICOCLAW_TOOLS_I2C_"`
+ InstallSkill ToolConfig `json:"install_skill" envPrefix:"PICOCLAW_TOOLS_INSTALL_SKILL_"`
+ ListDir ToolConfig `json:"list_dir" envPrefix:"PICOCLAW_TOOLS_LIST_DIR_"`
+ Message ToolConfig `json:"message" envPrefix:"PICOCLAW_TOOLS_MESSAGE_"`
+ ReadFile ReadFileToolConfig `json:"read_file" envPrefix:"PICOCLAW_TOOLS_READ_FILE_"`
+ SendFile ToolConfig `json:"send_file" envPrefix:"PICOCLAW_TOOLS_SEND_FILE_"`
+ Spawn ToolConfig `json:"spawn" envPrefix:"PICOCLAW_TOOLS_SPAWN_"`
+ SpawnStatus ToolConfig `json:"spawn_status" envPrefix:"PICOCLAW_TOOLS_SPAWN_STATUS_"`
+ SPI ToolConfig `json:"spi" envPrefix:"PICOCLAW_TOOLS_SPI_"`
+ Subagent ToolConfig `json:"subagent" envPrefix:"PICOCLAW_TOOLS_SUBAGENT_"`
+ WebFetch ToolConfig `json:"web_fetch" envPrefix:"PICOCLAW_TOOLS_WEB_FETCH_"`
+ WriteFile ToolConfig `json:"write_file" envPrefix:"PICOCLAW_TOOLS_WRITE_FILE_"`
+}
+
+type channelsConfigV0 struct {
+ WhatsApp WhatsAppConfig `json:"whatsapp"`
+ Telegram telegramConfigV0 `json:"telegram"`
+ Feishu feishuConfigV0 `json:"feishu"`
+ Discord discordConfigV0 `json:"discord"`
+ MaixCam maixcamConfigV0 `json:"maixcam"`
+ Weixin weixinConfigV0 `json:"weixin"`
+ QQ qqConfigV0 `json:"qq"`
+ DingTalk dingtalkConfigV0 `json:"dingtalk"`
+ Slack slackConfigV0 `json:"slack"`
+ Matrix matrixConfigV0 `json:"matrix"`
+ LINE lineConfigV0 `json:"line"`
+ OneBot onebotConfigV0 `json:"onebot"`
+ WeCom wecomConfigV0 `json:"wecom"`
+ WeComApp wecomappConfigV0 `json:"wecom_app"`
+ WeComAIBot wecomaibotConfigV0 `json:"wecom_aibot"`
+ Pico picoConfigV0 `json:"pico"`
+ IRC ircConfigV0 `json:"irc"`
+}
+
+func (v *channelsConfigV0) ToChannelsConfig() (ChannelsConfig, ChannelsSecurity) {
+ telegram, telegramSecurity := v.Telegram.ToTelegramConfig()
+ feishu, feishuSecurity := v.Feishu.ToFeishuConfig()
+ discord, discordSecurity := v.Discord.ToDiscordConfig()
+ maixcam := v.MaixCam.ToMaixCamConfig()
+ qq, qqSecurity := v.QQ.ToQQConfig()
+ weixin, weixinSecurity := v.Weixin.ToWeiXinConfig()
+ dingtalk, dingtalkSecurity := v.DingTalk.ToDingTalkConfig()
+ slack, slackSecurity := v.Slack.ToSlackConfig()
+ matrix, matrixSecurity := v.Matrix.ToMatrixConfig()
+ line, lineSecurity := v.LINE.ToLINEConfig()
+ onebot, onebotSecurity := v.OneBot.ToOneBotConfig()
+ wecom, wecomSecurity := v.WeCom.ToWeComConfig()
+ wecomapp, wecomappSecurity := v.WeComApp.ToWeComAppConfig()
+ wecomaibot, wecomaibotSecurity := v.WeComAIBot.ToWeComAIBotConfig()
+ pico, picoSecurity := v.Pico.ToPicoConfig()
+ irc, ircSecurity := v.IRC.ToIRCConfig()
+
+ return ChannelsConfig{
+ WhatsApp: v.WhatsApp,
+ Telegram: telegram,
+ Feishu: feishu,
+ Discord: discord,
+ MaixCam: maixcam,
+ QQ: qq,
+ Weixin: weixin,
+ DingTalk: dingtalk,
+ Slack: slack,
+ Matrix: matrix,
+ LINE: line,
+ OneBot: onebot,
+ WeCom: wecom,
+ WeComApp: wecomapp,
+ WeComAIBot: wecomaibot,
+ Pico: pico,
+ IRC: irc,
+ }, ChannelsSecurity{
+ Telegram: &telegramSecurity,
+ Feishu: &feishuSecurity,
+ Discord: &discordSecurity,
+ QQ: &qqSecurity,
+ Weixin: &weixinSecurity,
+ DingTalk: &dingtalkSecurity,
+ Slack: &slackSecurity,
+ Matrix: &matrixSecurity,
+ LINE: &lineSecurity,
+ OneBot: &onebotSecurity,
+ WeCom: &wecomSecurity,
+ WeComApp: &wecomappSecurity,
+ WeComAIBot: &wecomaibotSecurity,
+ Pico: &picoSecurity,
+ IRC: &ircSecurity,
+ }
+}
+
+type qqConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_QQ_ENABLED"`
+ AppID string `json:"app_id" env:"PICOCLAW_CHANNELS_QQ_APP_ID"`
+ AppSecret string `json:"app_secret" env:"PICOCLAW_CHANNELS_QQ_APP_SECRET"`
+ AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_QQ_ALLOW_FROM"`
+ GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
+ MaxMessageLength int `json:"max_message_length" env:"PICOCLAW_CHANNELS_QQ_MAX_MESSAGE_LENGTH"`
+ MaxBase64FileSizeMiB int64 `json:"max_base64_file_size_mib" env:"PICOCLAW_CHANNELS_QQ_MAX_BASE64_FILE_SIZE_MIB"`
+ SendMarkdown bool `json:"send_markdown" env:"PICOCLAW_CHANNELS_QQ_SEND_MARKDOWN"`
+ ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_QQ_REASONING_CHANNEL_ID"`
+}
+
+func (v *qqConfigV0) ToQQConfig() (QQConfig, QQSecurity) {
+ return QQConfig{
+ Enabled: v.Enabled,
+ AppID: v.AppID,
+ AllowFrom: v.AllowFrom,
+ GroupTrigger: v.GroupTrigger,
+ MaxMessageLength: v.MaxMessageLength,
+ MaxBase64FileSizeMiB: v.MaxBase64FileSizeMiB,
+ SendMarkdown: v.SendMarkdown,
+ ReasoningChannelID: v.ReasoningChannelID,
+ }, QQSecurity{
+ AppSecret: v.AppSecret,
+ }
+}
+
+type telegramConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_TELEGRAM_ENABLED"`
+ Token string `json:"token" env:"PICOCLAW_CHANNELS_TELEGRAM_TOKEN"`
+ BaseURL string `json:"base_url" env:"PICOCLAW_CHANNELS_TELEGRAM_BASE_URL"`
+ Proxy string `json:"proxy" env:"PICOCLAW_CHANNELS_TELEGRAM_PROXY"`
+ AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_TELEGRAM_ALLOW_FROM"`
+ GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
+ Typing TypingConfig `json:"typing,omitempty"`
+ Placeholder PlaceholderConfig `json:"placeholder,omitempty"`
+ ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_TELEGRAM_REASONING_CHANNEL_ID"`
+ UseMarkdownV2 bool `json:"use_markdown_v2" env:"PICOCLAW_CHANNELS_TELEGRAM_USE_MARKDOWN_V2"`
+}
+
+func (v *telegramConfigV0) ToTelegramConfig() (TelegramConfig, TelegramSecurity) {
+ return TelegramConfig{
+ Enabled: v.Enabled,
+ token: v.Token,
+ BaseURL: v.BaseURL,
+ Proxy: v.Proxy,
+ AllowFrom: v.AllowFrom,
+ GroupTrigger: v.GroupTrigger,
+ Typing: v.Typing,
+ Placeholder: v.Placeholder,
+ ReasoningChannelID: v.ReasoningChannelID,
+ UseMarkdownV2: v.UseMarkdownV2,
+ }, TelegramSecurity{
+ Token: v.Token,
+ }
+}
+
+type feishuConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_FEISHU_ENABLED"`
+ AppID string `json:"app_id" env:"PICOCLAW_CHANNELS_FEISHU_APP_ID"`
+ AppSecret string `json:"app_secret" env:"PICOCLAW_CHANNELS_FEISHU_APP_SECRET"`
+ EncryptKey string `json:"encrypt_key" env:"PICOCLAW_CHANNELS_FEISHU_ENCRYPT_KEY"`
+ VerificationToken string `json:"verification_token" env:"PICOCLAW_CHANNELS_FEISHU_VERIFICATION_TOKEN"`
+ AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_FEISHU_ALLOW_FROM"`
+ GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
+ Placeholder PlaceholderConfig `json:"placeholder,omitempty"`
+ ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_FEISHU_REASONING_CHANNEL_ID"`
+ RandomReactionEmoji FlexibleStringSlice `json:"random_reaction_emoji" env:"PICOCLAW_CHANNELS_FEISHU_RANDOM_REACTION_EMOJI"`
+ IsLark bool `json:"is_lark" env:"PICOCLAW_CHANNELS_FEISHU_IS_LARK"`
+}
+
+func (v *feishuConfigV0) ToFeishuConfig() (FeishuConfig, FeishuSecurity) {
+ return FeishuConfig{
+ Enabled: v.Enabled,
+ AppID: v.AppID,
+ appSecret: v.AppSecret,
+ AllowFrom: v.AllowFrom,
+ GroupTrigger: v.GroupTrigger,
+ Placeholder: v.Placeholder,
+ ReasoningChannelID: v.ReasoningChannelID,
+ }, FeishuSecurity{
+ AppSecret: v.AppSecret,
+ EncryptKey: v.EncryptKey,
+ VerificationToken: v.VerificationToken,
+ }
+}
+
+type discordConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_DISCORD_ENABLED"`
+ Token string `json:"token" env:"PICOCLAW_CHANNELS_DISCORD_TOKEN"`
+ Proxy string `json:"proxy" env:"PICOCLAW_CHANNELS_DISCORD_PROXY"`
+ AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_DISCORD_ALLOW_FROM"`
+ MentionOnly bool `json:"mention_only" env:"PICOCLAW_CHANNELS_DISCORD_MENTION_ONLY"`
+ GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
+ Typing TypingConfig `json:"typing,omitempty"`
+ Placeholder PlaceholderConfig `json:"placeholder,omitempty"`
+ ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_DISCORD_REASONING_CHANNEL_ID"`
+}
+
+func (v *discordConfigV0) ToDiscordConfig() (DiscordConfig, DiscordSecurity) {
+ return DiscordConfig{
+ Enabled: v.Enabled,
+ token: v.Token,
+ Proxy: v.Proxy,
+ AllowFrom: v.AllowFrom,
+ MentionOnly: v.MentionOnly,
+ GroupTrigger: v.GroupTrigger,
+ Typing: v.Typing,
+ Placeholder: v.Placeholder,
+ ReasoningChannelID: v.ReasoningChannelID,
+ }, DiscordSecurity{
+ Token: v.Token,
+ }
+}
+
+type maixcamConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_MAIXCAM_ENABLED"`
+ Host string `json:"host" env:"PICOCLAW_CHANNELS_MAIXCAM_HOST"`
+ Port int `json:"port" env:"PICOCLAW_CHANNELS_MAIXCAM_PORT"`
+ AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_MAIXCAM_ALLOW_FROM"`
+ ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_MAIXCAM_REASONING_CHANNEL_ID"`
+}
+
+func (v *maixcamConfigV0) ToMaixCamConfig() MaixCamConfig {
+ return MaixCamConfig{
+ Enabled: v.Enabled,
+ Host: v.Host,
+ Port: v.Port,
+ AllowFrom: v.AllowFrom,
+ ReasoningChannelID: v.ReasoningChannelID,
+ }
+}
+
+type dingtalkConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_DINGTALK_ENABLED"`
+ ClientID string `json:"client_id" env:"PICOCLAW_CHANNELS_DINGTALK_CLIENT_ID"`
+ ClientSecret string `json:"client_secret" env:"PICOCLAW_CHANNELS_DINGTALK_CLIENT_SECRET"`
+ AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_DINGTALK_ALLOW_FROM"`
+ GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
+ ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_DINGTALK_REASONING_CHANNEL_ID"`
+}
+
+func (v *dingtalkConfigV0) ToDingTalkConfig() (DingTalkConfig, DingTalkSecurity) {
+ return DingTalkConfig{
+ Enabled: v.Enabled,
+ ClientID: v.ClientID,
+ clientSecret: v.ClientSecret,
+ AllowFrom: v.AllowFrom,
+ GroupTrigger: v.GroupTrigger,
+ ReasoningChannelID: v.ReasoningChannelID,
+ }, DingTalkSecurity{
+ ClientSecret: v.ClientSecret,
+ }
+}
+
+type slackConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_SLACK_ENABLED"`
+ BotToken string `json:"bot_token" env:"PICOCLAW_CHANNELS_SLACK_BOT_TOKEN"`
+ AppToken string `json:"app_token" env:"PICOCLAW_CHANNELS_SLACK_APP_TOKEN"`
+ AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_SLACK_ALLOW_FROM"`
+ GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
+ Typing TypingConfig `json:"typing,omitempty"`
+ Placeholder PlaceholderConfig `json:"placeholder,omitempty"`
+ ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_SLACK_REASONING_CHANNEL_ID"`
+}
+
+func (v *slackConfigV0) ToSlackConfig() (SlackConfig, SlackSecurity) {
+ return SlackConfig{
+ Enabled: v.Enabled,
+ botToken: v.BotToken,
+ appToken: v.AppToken,
+ AllowFrom: v.AllowFrom,
+ GroupTrigger: v.GroupTrigger,
+ Typing: v.Typing,
+ Placeholder: v.Placeholder,
+ ReasoningChannelID: v.ReasoningChannelID,
+ }, SlackSecurity{
+ BotToken: v.BotToken,
+ AppToken: v.AppToken,
+ }
+}
+
+type matrixConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_MATRIX_ENABLED"`
+ Homeserver string `json:"homeserver" env:"PICOCLAW_CHANNELS_MATRIX_HOMESERVER"`
+ UserID string `json:"user_id" env:"PICOCLAW_CHANNELS_MATRIX_USER_ID"`
+ AccessToken string `json:"access_token" env:"PICOCLAW_CHANNELS_MATRIX_ACCESS_TOKEN"`
+ DeviceID string `json:"device_id,omitempty" env:"PICOCLAW_CHANNELS_MATRIX_DEVICE_ID"`
+ JoinOnInvite bool `json:"join_on_invite" env:"PICOCLAW_CHANNELS_MATRIX_JOIN_ON_INVITE"`
+ MessageFormat string `json:"message_format,omitempty" env:"PICOCLAW_CHANNELS_MATRIX_MESSAGE_FORMAT"`
+ AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_MATRIX_ALLOW_FROM"`
+ GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
+ Placeholder PlaceholderConfig `json:"placeholder,omitempty"`
+ ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_MATRIX_REASONING_CHANNEL_ID"`
+}
+
+func (v *matrixConfigV0) ToMatrixConfig() (MatrixConfig, MatrixSecurity) {
+ return MatrixConfig{
+ Enabled: v.Enabled,
+ Homeserver: v.Homeserver,
+ UserID: v.UserID,
+ accessToken: v.AccessToken,
+ DeviceID: v.DeviceID,
+ JoinOnInvite: v.JoinOnInvite,
+ MessageFormat: v.MessageFormat,
+ AllowFrom: v.AllowFrom,
+ GroupTrigger: v.GroupTrigger,
+ Placeholder: v.Placeholder,
+ ReasoningChannelID: v.ReasoningChannelID,
+ }, MatrixSecurity{
+ AccessToken: v.AccessToken,
+ }
+}
+
+type lineConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_LINE_ENABLED"`
+ ChannelSecret string `json:"channel_secret" env:"PICOCLAW_CHANNELS_LINE_CHANNEL_SECRET"`
+ ChannelAccessToken string `json:"channel_access_token" env:"PICOCLAW_CHANNELS_LINE_CHANNEL_ACCESS_TOKEN"`
+ WebhookHost string `json:"webhook_host" env:"PICOCLAW_CHANNELS_LINE_WEBHOOK_HOST"`
+ WebhookPort int `json:"webhook_port" env:"PICOCLAW_CHANNELS_LINE_WEBHOOK_PORT"`
+ WebhookPath string `json:"webhook_path" env:"PICOCLAW_CHANNELS_LINE_WEBHOOK_PATH"`
+ AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_LINE_ALLOW_FROM"`
+ GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
+ Typing TypingConfig `json:"typing,omitempty"`
+ Placeholder PlaceholderConfig `json:"placeholder,omitempty"`
+ ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_LINE_REASONING_CHANNEL_ID"`
+}
+
+func (v *lineConfigV0) ToLINEConfig() (LINEConfig, LINESecurity) {
+ return LINEConfig{
+ Enabled: v.Enabled,
+ channelSecret: v.ChannelSecret,
+ channelAccessToken: v.ChannelAccessToken,
+ WebhookHost: v.WebhookHost,
+ WebhookPort: v.WebhookPort,
+ WebhookPath: v.WebhookPath,
+ AllowFrom: v.AllowFrom,
+ GroupTrigger: v.GroupTrigger,
+ Typing: v.Typing,
+ Placeholder: v.Placeholder,
+ ReasoningChannelID: v.ReasoningChannelID,
+ }, LINESecurity{
+ ChannelSecret: v.ChannelSecret,
+ ChannelAccessToken: v.ChannelAccessToken,
+ }
+}
+
+type onebotConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_ONEBOT_ENABLED"`
+ WSUrl string `json:"ws_url" env:"PICOCLAW_CHANNELS_ONEBOT_WS_URL"`
+ AccessToken string `json:"access_token" env:"PICOCLAW_CHANNELS_ONEBOT_ACCESS_TOKEN"`
+ ReconnectInterval int `json:"reconnect_interval" env:"PICOCLAW_CHANNELS_ONEBOT_RECONNECT_INTERVAL"`
+ GroupTriggerPrefix []string `json:"group_trigger_prefix" env:"PICOCLAW_CHANNELS_ONEBOT_GROUP_TRIGGER_PREFIX"`
+ AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_ONEBOT_ALLOW_FROM"`
+ GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
+ Typing TypingConfig `json:"typing,omitempty"`
+ Placeholder PlaceholderConfig `json:"placeholder,omitempty"`
+ ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_ONEBOT_REASONING_CHANNEL_ID"`
+}
+
+func (v *onebotConfigV0) ToOneBotConfig() (OneBotConfig, OneBotSecurity) {
+ return OneBotConfig{
+ Enabled: v.Enabled,
+ WSUrl: v.WSUrl,
+ accessToken: v.AccessToken,
+ ReconnectInterval: v.ReconnectInterval,
+ GroupTriggerPrefix: v.GroupTriggerPrefix,
+ AllowFrom: v.AllowFrom,
+ GroupTrigger: v.GroupTrigger,
+ Typing: v.Typing,
+ Placeholder: v.Placeholder,
+ ReasoningChannelID: v.ReasoningChannelID,
+ }, OneBotSecurity{
+ AccessToken: v.AccessToken,
+ }
+}
+
+type wecomConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_WECOM_ENABLED"`
+ Token string `json:"token" env:"PICOCLAW_CHANNELS_WECOM_TOKEN"`
+ EncodingAESKey string `json:"encoding_aes_key" env:"PICOCLAW_CHANNELS_WECOM_ENCODING_AES_KEY"`
+ WebhookURL string `json:"webhook_url" env:"PICOCLAW_CHANNELS_WECOM_WEBHOOK_URL"`
+ WebhookHost string `json:"webhook_host" env:"PICOCLAW_CHANNELS_WECOM_WEBHOOK_HOST"`
+ WebhookPort int `json:"webhook_port" env:"PICOCLAW_CHANNELS_WECOM_WEBHOOK_PORT"`
+ WebhookPath string `json:"webhook_path" env:"PICOCLAW_CHANNELS_WECOM_WEBHOOK_PATH"`
+ AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_WECOM_ALLOW_FROM"`
+ ReplyTimeout int `json:"reply_timeout" env:"PICOCLAW_CHANNELS_WECOM_REPLY_TIMEOUT"`
+ GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
+ ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_WECOM_REASONING_CHANNEL_ID"`
+}
+
+func (v *wecomConfigV0) ToWeComConfig() (WeComConfig, WeComSecurity) {
+ return WeComConfig{
+ Enabled: v.Enabled,
+ token: v.Token,
+ encodingAESKey: v.EncodingAESKey,
+ WebhookURL: v.WebhookURL,
+ WebhookHost: v.WebhookHost,
+ WebhookPort: v.WebhookPort,
+ WebhookPath: v.WebhookPath,
+ AllowFrom: v.AllowFrom,
+ ReplyTimeout: v.ReplyTimeout,
+ GroupTrigger: v.GroupTrigger,
+ ReasoningChannelID: v.ReasoningChannelID,
+ }, WeComSecurity{
+ Token: v.Token,
+ EncodingAESKey: v.EncodingAESKey,
+ }
+}
+
+type weixinConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_WEIXIN_ENABLED"`
+ Token string `json:"token" env:"PICOCLAW_CHANNELS_WEIXIN_TOKEN"`
+ BaseURL string `json:"base_url" env:"PICOCLAW_CHANNELS_WEIXIN_BASE_URL"`
+ CDNBaseURL string `json:"cdn_base_url" env:"PICOCLAW_CHANNELS_WEIXIN_CDN_BASE_URL"`
+ Proxy string `json:"proxy" env:"PICOCLAW_CHANNELS_WEIXIN_PROXY"`
+ AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_WEIXIN_ALLOW_FROM"`
+ ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_WEIXIN_REASONING_CHANNEL_ID"`
+}
+
+func (v *weixinConfigV0) ToWeiXinConfig() (WeixinConfig, WeixinSecurity) {
+ return WeixinConfig{
+ Enabled: v.Enabled,
+ token: v.Token,
+ BaseURL: v.BaseURL,
+ CDNBaseURL: v.CDNBaseURL,
+ Proxy: v.Proxy,
+ AllowFrom: v.AllowFrom,
+ ReasoningChannelID: v.ReasoningChannelID,
+ }, WeixinSecurity{
+ Token: v.Token,
+ }
+}
+
+type wecomappConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_WECOM_APP_ENABLED"`
+ CorpID string `json:"corp_id" env:"PICOCLAW_CHANNELS_WECOM_APP_CORP_ID"`
+ CorpSecret string `json:"corp_secret" env:"PICOCLAW_CHANNELS_WECOM_APP_CORP_SECRET"`
+ AgentID int64 `json:"agent_id" env:"PICOCLAW_CHANNELS_WECOM_APP_AGENT_ID"`
+ Token string `json:"token" env:"PICOCLAW_CHANNELS_WECOM_APP_TOKEN"`
+ EncodingAESKey string `json:"encoding_aes_key" env:"PICOCLAW_CHANNELS_WECOM_APP_ENCODING_AES_KEY"`
+ WebhookHost string `json:"webhook_host" env:"PICOCLAW_CHANNELS_WECOM_APP_WEBHOOK_HOST"`
+ WebhookPort int `json:"webhook_port" env:"PICOCLAW_CHANNELS_WECOM_APP_WEBHOOK_PORT"`
+ WebhookPath string `json:"webhook_path" env:"PICOCLAW_CHANNELS_WECOM_APP_WEBHOOK_PATH"`
+ AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_WECOM_APP_ALLOW_FROM"`
+ ReplyTimeout int `json:"reply_timeout" env:"PICOCLAW_CHANNELS_WECOM_APP_REPLY_TIMEOUT"`
+ GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
+ ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_WECOM_APP_REASONING_CHANNEL_ID"`
+}
+
+func (v *wecomappConfigV0) ToWeComAppConfig() (WeComAppConfig, WeComAppSecurity) {
+ return WeComAppConfig{
+ Enabled: v.Enabled,
+ CorpID: v.CorpID,
+ corpSecret: v.CorpSecret,
+ AgentID: v.AgentID,
+ token: v.Token,
+ encodingAESKey: v.EncodingAESKey,
+ WebhookHost: v.WebhookHost,
+ WebhookPort: v.WebhookPort,
+ WebhookPath: v.WebhookPath,
+ AllowFrom: v.AllowFrom,
+ ReplyTimeout: v.ReplyTimeout,
+ GroupTrigger: v.GroupTrigger,
+ ReasoningChannelID: v.ReasoningChannelID,
+ }, WeComAppSecurity{
+ CorpSecret: v.CorpSecret,
+ Token: v.Token,
+ EncodingAESKey: v.EncodingAESKey,
+ }
+}
+
+type wecomaibotConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_ENABLED"`
+ Token string `json:"token" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_TOKEN"`
+ Secret string `json:"secret" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_SECRET"`
+ EncodingAESKey string `json:"encoding_aes_key" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_ENCODING_AES_KEY"`
+ WebhookPath string `json:"webhook_path" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_WEBHOOK_PATH"`
+ AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_ALLOW_FROM"`
+ ReplyTimeout int `json:"reply_timeout" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_REPLY_TIMEOUT"`
+ MaxSteps int `json:"max_steps" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_MAX_STEPS"`
+ WelcomeMessage string `json:"welcome_message" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_WELCOME_MESSAGE"`
+ ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_REASONING_CHANNEL_ID"`
+}
+
+func (v *wecomaibotConfigV0) ToWeComAIBotConfig() (WeComAIBotConfig, WeComAIBotSecurity) {
+ return WeComAIBotConfig{
+ Enabled: v.Enabled,
+ WebhookPath: v.WebhookPath,
+ AllowFrom: v.AllowFrom,
+ ReplyTimeout: v.ReplyTimeout,
+ MaxSteps: v.MaxSteps,
+ WelcomeMessage: v.WelcomeMessage,
+ ReasoningChannelID: v.ReasoningChannelID,
+ }, WeComAIBotSecurity{
+ Token: v.Token,
+ Secret: v.Secret,
+ EncodingAESKey: v.EncodingAESKey,
+ }
+}
+
+type picoConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_PICO_ENABLED"`
+ Token string `json:"token" env:"PICOCLAW_CHANNELS_PICO_TOKEN"`
+ AllowTokenQuery bool `json:"allow_token_query,omitempty"`
+ AllowOrigins []string `json:"allow_origins,omitempty"`
+ PingInterval int `json:"ping_interval,omitempty"`
+ ReadTimeout int `json:"read_timeout,omitempty"`
+ WriteTimeout int `json:"write_timeout,omitempty"`
+ MaxConnections int `json:"max_connections,omitempty"`
+ AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_PICO_ALLOW_FROM"`
+ Placeholder PlaceholderConfig `json:"placeholder,omitempty"`
+}
+
+func (v *picoConfigV0) ToPicoConfig() (PicoConfig, PicoSecurity) {
+ return PicoConfig{
+ Enabled: v.Enabled,
+ token: v.Token,
+ AllowTokenQuery: v.AllowTokenQuery,
+ AllowOrigins: v.AllowOrigins,
+ PingInterval: v.PingInterval,
+ ReadTimeout: v.ReadTimeout,
+ WriteTimeout: v.WriteTimeout,
+ MaxConnections: v.MaxConnections,
+ AllowFrom: v.AllowFrom,
+ Placeholder: v.Placeholder,
+ }, PicoSecurity{
+ Token: v.Token,
+ }
+}
+
+type ircConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_CHANNELS_IRC_ENABLED"`
+ Server string `json:"server" env:"PICOCLAW_CHANNELS_IRC_SERVER"`
+ TLS bool `json:"tls" env:"PICOCLAW_CHANNELS_IRC_TLS"`
+ Nick string `json:"nick" env:"PICOCLAW_CHANNELS_IRC_NICK"`
+ User string `json:"user,omitempty" env:"PICOCLAW_CHANNELS_IRC_USER"`
+ RealName string `json:"real_name,omitempty" env:"PICOCLAW_CHANNELS_IRC_REAL_NAME"`
+ Password string `json:"password" env:"PICOCLAW_CHANNELS_IRC_PASSWORD"`
+ NickServPassword string `json:"nickserv_password" env:"PICOCLAW_CHANNELS_IRC_NICKSERV_PASSWORD"`
+ SASLUser string `json:"sasl_user" env:"PICOCLAW_CHANNELS_IRC_SASL_USER"`
+ SASLPassword string `json:"sasl_password" env:"PICOCLAW_CHANNELS_IRC_SASL_PASSWORD"`
+ Channels FlexibleStringSlice `json:"channels" env:"PICOCLAW_CHANNELS_IRC_CHANNELS"`
+ RequestCaps FlexibleStringSlice `json:"request_caps,omitempty" env:"PICOCLAW_CHANNELS_IRC_REQUEST_CAPS"`
+ AllowFrom FlexibleStringSlice `json:"allow_from" env:"PICOCLAW_CHANNELS_IRC_ALLOW_FROM"`
+ GroupTrigger GroupTriggerConfig `json:"group_trigger,omitempty"`
+ Typing TypingConfig `json:"typing,omitempty"`
+ ReasoningChannelID string `json:"reasoning_channel_id" env:"PICOCLAW_CHANNELS_IRC_REASONING_CHANNEL_ID"`
+}
+
+func (v *ircConfigV0) ToIRCConfig() (IRCConfig, IRCSecurity) {
+ return IRCConfig{
+ Enabled: v.Enabled,
+ Server: v.Server,
+ TLS: v.TLS,
+ Nick: v.Nick,
+ User: v.User,
+ RealName: v.RealName,
+ password: v.Password,
+ nickServPassword: v.NickServPassword,
+ SASLUser: v.SASLUser,
+ saslPassword: v.SASLPassword,
+ Channels: v.Channels,
+ RequestCaps: v.RequestCaps,
+ AllowFrom: v.AllowFrom,
+ GroupTrigger: v.GroupTrigger,
+ Typing: v.Typing,
+ ReasoningChannelID: v.ReasoningChannelID,
+ }, IRCSecurity{
+ Password: v.Password,
+ NickServPassword: v.NickServPassword,
+ SASLPassword: v.SASLPassword,
+ }
+}
+
+type providersConfigV0 struct {
+ Anthropic providerConfigV0 `json:"anthropic"`
+ OpenAI openAIProviderConfigV0 `json:"openai"`
+ LiteLLM providerConfigV0 `json:"litellm"`
+ OpenRouter providerConfigV0 `json:"openrouter"`
+ Groq providerConfigV0 `json:"groq"`
+ Zhipu providerConfigV0 `json:"zhipu"`
+ VLLM providerConfigV0 `json:"vllm"`
+ Gemini providerConfigV0 `json:"gemini"`
+ Nvidia providerConfigV0 `json:"nvidia"`
+ Ollama providerConfigV0 `json:"ollama"`
+ Moonshot providerConfigV0 `json:"moonshot"`
+ ShengSuanYun providerConfigV0 `json:"shengsuanyun"`
+ DeepSeek providerConfigV0 `json:"deepseek"`
+ Cerebras providerConfigV0 `json:"cerebras"`
+ Vivgrid providerConfigV0 `json:"vivgrid"`
+ VolcEngine providerConfigV0 `json:"volcengine"`
+ GitHubCopilot providerConfigV0 `json:"github_copilot"`
+ Antigravity providerConfigV0 `json:"antigravity"`
+ Qwen providerConfigV0 `json:"qwen"`
+ Mistral providerConfigV0 `json:"mistral"`
+ Avian providerConfigV0 `json:"avian"`
+ Minimax providerConfigV0 `json:"minimax"`
+ LongCat providerConfigV0 `json:"longcat"`
+ ModelScope providerConfigV0 `json:"modelscope"`
+ Novita providerConfigV0 `json:"novita"`
+}
+
+// IsEmpty checks if all provider configs are empty (no API keys or API bases set)
+// Note: WebSearch is an optimization option and doesn't count as "non-empty"
+func (p providersConfigV0) IsEmpty() bool {
+ return p.Anthropic.APIKey == "" && p.Anthropic.APIBase == "" &&
+ p.OpenAI.APIKey == "" && p.OpenAI.APIBase == "" &&
+ p.LiteLLM.APIKey == "" && p.LiteLLM.APIBase == "" &&
+ p.OpenRouter.APIKey == "" && p.OpenRouter.APIBase == "" &&
+ p.Groq.APIKey == "" && p.Groq.APIBase == "" &&
+ p.Zhipu.APIKey == "" && p.Zhipu.APIBase == "" &&
+ p.VLLM.APIKey == "" && p.VLLM.APIBase == "" &&
+ p.Gemini.APIKey == "" && p.Gemini.APIBase == "" &&
+ p.Nvidia.APIKey == "" && p.Nvidia.APIBase == "" &&
+ p.Ollama.APIKey == "" && p.Ollama.APIBase == "" &&
+ p.Moonshot.APIKey == "" && p.Moonshot.APIBase == "" &&
+ p.ShengSuanYun.APIKey == "" && p.ShengSuanYun.APIBase == "" &&
+ p.DeepSeek.APIKey == "" && p.DeepSeek.APIBase == "" &&
+ p.Cerebras.APIKey == "" && p.Cerebras.APIBase == "" &&
+ p.Vivgrid.APIKey == "" && p.Vivgrid.APIBase == "" &&
+ p.VolcEngine.APIKey == "" && p.VolcEngine.APIBase == "" &&
+ p.GitHubCopilot.APIKey == "" && p.GitHubCopilot.APIBase == "" &&
+ p.Antigravity.APIKey == "" && p.Antigravity.APIBase == "" &&
+ p.Qwen.APIKey == "" && p.Qwen.APIBase == "" &&
+ p.Mistral.APIKey == "" && p.Mistral.APIBase == "" &&
+ p.Avian.APIKey == "" && p.Avian.APIBase == "" &&
+ p.Minimax.APIKey == "" && p.Minimax.APIBase == "" &&
+ p.LongCat.APIKey == "" && p.LongCat.APIBase == "" &&
+ p.ModelScope.APIKey == "" && p.ModelScope.APIBase == "" &&
+ p.Novita.APIKey == "" && p.Novita.APIBase == ""
+}
+
+type providerConfigV0 struct {
+ APIKey string `json:"api_key" env:"PICOCLAW_PROVIDERS_{{.Name}}_API_KEY"`
+ APIBase string `json:"api_base" env:"PICOCLAW_PROVIDERS_{{.Name}}_API_BASE"`
+ Proxy string `json:"proxy,omitempty" env:"PICOCLAW_PROVIDERS_{{.Name}}_PROXY"`
+ RequestTimeout int `json:"request_timeout,omitempty" env:"PICOCLAW_PROVIDERS_{{.Name}}_REQUEST_TIMEOUT"`
+ AuthMethod string `json:"auth_method,omitempty" env:"PICOCLAW_PROVIDERS_{{.Name}}_AUTH_METHOD"`
+ ConnectMode string `json:"connect_mode,omitempty" env:"PICOCLAW_PROVIDERS_{{.Name}}_CONNECT_MODE"` // only for Github Copilot, `stdio` or `grpc`
+}
+
+// MarshalJSON implements custom JSON marshaling for providersConfig
+// to omit the entire section when empty
+func (p providersConfigV0) MarshalJSON() ([]byte, error) {
+ if p.IsEmpty() {
+ return []byte("null"), nil
+ }
+ type Alias providersConfigV0
+ return json.Marshal((*Alias)(&p))
+}
+
+type openAIProviderConfigV0 struct {
+ providerConfigV0
+ WebSearch bool `json:"web_search" env:"PICOCLAW_PROVIDERS_OPENAI_WEB_SEARCH"`
+}
+
+type modelConfigV0 struct {
+ // Required fields
+ ModelName string `json:"model_name"` // User-facing alias for the model
+ Model string `json:"model"` // Protocol/model-identifier (e.g., "openai/gpt-4o", "anthropic/claude-sonnet-4.6")
+
+ // HTTP-based providers
+ APIBase string `json:"api_base,omitempty"` // API endpoint URL
+ APIKey string `json:"api_key"` // API authentication key (single key)
+ APIKeys []string `json:"api_keys,omitempty"` // API authentication keys (multiple keys for failover)
+ Proxy string `json:"proxy,omitempty"` // HTTP proxy URL
+ Fallbacks []string `json:"fallbacks,omitempty"` // Fallback model names for failover
+
+ // Special providers (CLI-based, OAuth, etc.)
+ AuthMethod string `json:"auth_method,omitempty"` // Authentication method: oauth, token
+ ConnectMode string `json:"connect_mode,omitempty"` // Connection mode: stdio, grpc
+ Workspace string `json:"workspace,omitempty"` // Workspace path for CLI-based providers
+
+ // Optional optimizations
+ RPM int `json:"rpm,omitempty"` // Requests per minute limit
+ MaxTokensField string `json:"max_tokens_field,omitempty"` // Field name for max tokens (e.g., "max_completion_tokens")
+ RequestTimeout int `json:"request_timeout,omitempty"`
+ ThinkingLevel string `json:"thinking_level,omitempty"` // Extended thinking: off|low|medium|high|xhigh|adaptive
+}
+
+func (c *configV0) migrateChannelConfigs() {
+ // Discord: mention_only -> group_trigger.mention_only
+ if c.Channels.Discord.MentionOnly && !c.Channels.Discord.GroupTrigger.MentionOnly {
+ c.Channels.Discord.GroupTrigger.MentionOnly = true
+ }
+
+ // OneBot: group_trigger_prefix -> group_trigger.prefixes
+ if len(c.Channels.OneBot.GroupTriggerPrefix) > 0 &&
+ len(c.Channels.OneBot.GroupTrigger.Prefixes) == 0 {
+ c.Channels.OneBot.GroupTrigger.Prefixes = c.Channels.OneBot.GroupTriggerPrefix
+ }
+}
+
+func (c *configV0) Migrate() (*Config, error) {
+ // Migrate legacy channel config fields to new unified structures
+ cfg := DefaultConfig()
+
+ // Always copy user's Agents config to preserve settings like Provider, Model, MaxTokens
+ cfg.Agents.List = c.Agents.List
+ cfg.Agents.Defaults.Workspace = c.Agents.Defaults.Workspace
+ cfg.Agents.Defaults.RestrictToWorkspace = c.Agents.Defaults.RestrictToWorkspace
+ cfg.Agents.Defaults.AllowReadOutsideWorkspace = c.Agents.Defaults.AllowReadOutsideWorkspace
+ cfg.Agents.Defaults.Provider = c.Agents.Defaults.Provider
+ cfg.Agents.Defaults.ModelName = c.Agents.Defaults.GetModelName()
+ cfg.Agents.Defaults.ModelFallbacks = c.Agents.Defaults.ModelFallbacks
+ cfg.Agents.Defaults.ImageModel = c.Agents.Defaults.ImageModel
+ cfg.Agents.Defaults.ImageModelFallbacks = c.Agents.Defaults.ImageModelFallbacks
+ cfg.Agents.Defaults.MaxTokens = c.Agents.Defaults.MaxTokens
+ cfg.Agents.Defaults.Temperature = c.Agents.Defaults.Temperature
+ cfg.Agents.Defaults.MaxToolIterations = c.Agents.Defaults.MaxToolIterations
+ cfg.Agents.Defaults.SummarizeMessageThreshold = c.Agents.Defaults.SummarizeMessageThreshold
+ cfg.Agents.Defaults.SummarizeTokenPercent = c.Agents.Defaults.SummarizeTokenPercent
+ cfg.Agents.Defaults.MaxMediaSize = c.Agents.Defaults.MaxMediaSize
+ cfg.Agents.Defaults.Routing = c.Agents.Defaults.Routing
+
+ // Copy other top-level fields
+ cfg.Bindings = c.Bindings
+ cfg.Session = c.Session
+ var secChannels ChannelsSecurity
+ cfg.Channels, secChannels = c.Channels.ToChannelsConfig()
+ cfg.Gateway = c.Gateway
+ var secWeb WebToolsSecurity
+ cfg.Tools.Web, secWeb = c.Tools.Web.ToWebToolsConfig()
+ cfg.Tools.Cron = c.Tools.Cron
+ cfg.Tools.Exec = c.Tools.Exec
+ var secSkills SkillsSecurity
+ cfg.Tools.Skills, secSkills = c.Tools.Skills.ToSkillsToolsConfig()
+ cfg.Tools.MediaCleanup = c.Tools.MediaCleanup
+ cfg.Tools.MCP = c.Tools.MCP
+ cfg.Tools.AppendFile = c.Tools.AppendFile
+ cfg.Tools.EditFile = c.Tools.EditFile
+ cfg.Tools.FindSkills = c.Tools.FindSkills
+ cfg.Tools.I2C = c.Tools.I2C
+ cfg.Tools.InstallSkill = c.Tools.InstallSkill
+ cfg.Tools.ListDir = c.Tools.ListDir
+ cfg.Tools.Message = c.Tools.Message
+ cfg.Tools.ReadFile = c.Tools.ReadFile
+ cfg.Tools.SendFile = c.Tools.SendFile
+ cfg.Tools.Spawn = c.Tools.Spawn
+ cfg.Tools.SpawnStatus = c.Tools.SpawnStatus
+ cfg.Tools.SPI = c.Tools.SPI
+ cfg.Tools.Subagent = c.Tools.Subagent
+ cfg.Tools.WebFetch = c.Tools.WebFetch
+ cfg.Tools.AllowReadPaths = c.Tools.AllowReadPaths
+ cfg.Tools.AllowWritePaths = c.Tools.AllowWritePaths
+ cfg.Heartbeat = c.Heartbeat
+ cfg.Devices = c.Devices
+
+ secModels := make(map[string]ModelSecurityEntry, 0)
+ // Only override ModelList if user provided values
+ if len(c.ModelList) > 0 {
+ // Convert []modelConfigV0 to []ModelConfig
+ cfg.ModelList = make([]*ModelConfig, len(c.ModelList))
+ for i, m := range c.ModelList {
+ // Merge APIKey and APIKeys, deduplicating
+ mergedKeys := MergeAPIKeys(m.APIKey, m.APIKeys)
+
+ cfg.ModelList[i] = &ModelConfig{
+ ModelName: m.ModelName,
+ Model: m.Model,
+ APIBase: m.APIBase,
+ Proxy: m.Proxy,
+ Fallbacks: m.Fallbacks,
+ AuthMethod: m.AuthMethod,
+ ConnectMode: m.ConnectMode,
+ Workspace: m.Workspace,
+ RPM: m.RPM,
+ MaxTokensField: m.MaxTokensField,
+ RequestTimeout: m.RequestTimeout,
+ ThinkingLevel: m.ThinkingLevel,
+ apiKeys: mergedKeys,
+ }
+ }
+ names := toNameIndex(cfg.ModelList)
+ for i, m := range c.ModelList {
+ // Merge APIKey and APIKeys, deduplicating
+ mergedKeys := MergeAPIKeys(m.APIKey, m.APIKeys)
+ secModels[names[i]] = ModelSecurityEntry{
+ APIKeys: mergedKeys,
+ }
+ }
+ }
+
+ cfg.WithSecurity(&SecurityConfig{
+ ModelList: secModels,
+ Channels: secChannels,
+ Web: secWeb,
+ Skills: secSkills,
+ })
+ cfg.Version = CurrentVersion
+ return cfg, nil
+}
+
+type webToolsConfigV0 struct {
+ ToolConfig ` envPrefix:"PICOCLAW_TOOLS_WEB_"`
+ Brave braveConfigV0 ` json:"brave"`
+ Tavily tavilyConfigV0 ` json:"tavily"`
+ DuckDuckGo DuckDuckGoConfig ` json:"duckduckgo"`
+ Perplexity perplexityConfigV0 ` json:"perplexity"`
+ SearXNG SearXNGConfig ` json:"searxng"`
+ GLMSearch glmSearchConfigV0 ` json:"glm_search"`
+ PreferNative bool ` json:"prefer_native" env:"PICOCLAW_TOOLS_WEB_PREFER_NATIVE"`
+ Proxy string ` json:"proxy,omitempty" env:"PICOCLAW_TOOLS_WEB_PROXY"`
+ FetchLimitBytes int64 ` json:"fetch_limit_bytes,omitempty" env:"PICOCLAW_TOOLS_WEB_FETCH_LIMIT_BYTES"`
+ Format string ` json:"format,omitempty" env:"PICOCLAW_TOOLS_WEB_FORMAT"`
+ PrivateHostWhitelist FlexibleStringSlice ` json:"private_host_whitelist,omitempty" env:"PICOCLAW_TOOLS_WEB_PRIVATE_HOST_WHITELIST"`
+}
+
+type braveConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_TOOLS_WEB_BRAVE_ENABLED"`
+ APIKey string `json:"api_key" env:"PICOCLAW_TOOLS_WEB_BRAVE_API_KEY"`
+ APIKeys []string `json:"api_keys" env:"PICOCLAW_TOOLS_WEB_BRAVE_API_KEYS"`
+ MaxResults int `json:"max_results" env:"PICOCLAW_TOOLS_WEB_BRAVE_MAX_RESULTS"`
+}
+
+func (v *braveConfigV0) ToBraveConfig() (BraveConfig, BraveSecurity) {
+ return BraveConfig{
+ Enabled: v.Enabled,
+ MaxResults: v.MaxResults,
+ }, BraveSecurity{
+ APIKeys: MergeAPIKeys(v.APIKey, v.APIKeys),
+ }
+}
+
+type tavilyConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_TOOLS_WEB_TAVILY_ENABLED"`
+ APIKey string `json:"api_key" env:"PICOCLAW_TOOLS_WEB_TAVILY_API_KEY"`
+ APIKeys []string `json:"api_keys" env:"PICOCLAW_TOOLS_WEB_TAVILY_API_KEYS"`
+ BaseURL string `json:"base_url" env:"PICOCLAW_TOOLS_WEB_TAVILY_BASE_URL"`
+ MaxResults int `json:"max_results" env:"PICOCLAW_TOOLS_WEB_TAVILY_MAX_RESULTS"`
+}
+
+func (v *tavilyConfigV0) ToTavilyConfig() (TavilyConfig, TavilySecurity) {
+ return TavilyConfig{
+ Enabled: v.Enabled,
+ BaseURL: v.BaseURL,
+ MaxResults: v.MaxResults,
+ }, TavilySecurity{
+ APIKeys: MergeAPIKeys(v.APIKey, v.APIKeys),
+ }
+}
+
+type perplexityConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_TOOLS_WEB_PERPLEXITY_ENABLED"`
+ APIKey string `json:"api_key" env:"PICOCLAW_TOOLS_WEB_PERPLEXITY_API_KEY"`
+ APIKeys []string `json:"api_keys" env:"PICOCLAW_TOOLS_WEB_PERPLEXITY_API_KEYS"`
+ MaxResults int `json:"max_results" env:"PICOCLAW_TOOLS_WEB_PERPLEXITY_MAX_RESULTS"`
+}
+
+func (v *perplexityConfigV0) ToPerplexityConfig() (PerplexityConfig, PerplexitySecurity) {
+ return PerplexityConfig{
+ Enabled: v.Enabled,
+ MaxResults: v.MaxResults,
+ }, PerplexitySecurity{
+ APIKeys: MergeAPIKeys(v.APIKey, v.APIKeys),
+ }
+}
+
+type glmSearchConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_TOOLS_WEB_GLM_ENABLED"`
+ APIKey string `json:"api_key" env:"PICOCLAW_TOOLS_WEB_GLM_API_KEY"`
+ BaseURL string `json:"base_url" env:"PICOCLAW_TOOLS_WEB_GLM_BASE_URL"`
+ SearchEngine string `json:"search_engine" env:"PICOCLAW_TOOLS_WEB_GLM_SEARCH_ENGINE"`
+}
+
+func (v *glmSearchConfigV0) ToGLMSearchConfig() (GLMSearchConfig, GLMSearchSecurity) {
+ return GLMSearchConfig{
+ Enabled: v.Enabled,
+ apiKey: v.APIKey,
+ BaseURL: v.BaseURL,
+ SearchEngine: v.SearchEngine,
+ }, GLMSearchSecurity{
+ APIKey: v.APIKey,
+ }
+}
+
+func (v *webToolsConfigV0) ToWebToolsConfig() (WebToolsConfig, WebToolsSecurity) {
+ brave, braveSecurity := v.Brave.ToBraveConfig()
+ tavily, tavilySecurity := v.Tavily.ToTavilyConfig()
+ perplexity, perplexitySecurity := v.Perplexity.ToPerplexityConfig()
+ glmSearch, glmSearchSecurity := v.GLMSearch.ToGLMSearchConfig()
+
+ return WebToolsConfig{
+ ToolConfig: v.ToolConfig,
+ Brave: brave,
+ Tavily: tavily,
+ DuckDuckGo: v.DuckDuckGo,
+ Perplexity: perplexity,
+ SearXNG: v.SearXNG,
+ GLMSearch: glmSearch,
+ PreferNative: v.PreferNative,
+ Proxy: v.Proxy,
+ FetchLimitBytes: v.FetchLimitBytes,
+ Format: v.Format,
+ PrivateHostWhitelist: v.PrivateHostWhitelist,
+ }, WebToolsSecurity{
+ Brave: &braveSecurity,
+ Tavily: &tavilySecurity,
+ Perplexity: &perplexitySecurity,
+ GLMSearch: &glmSearchSecurity,
+ }
+}
+
+type skillsToolsConfigV0 struct {
+ ToolConfig ` envPrefix:"PICOCLAW_TOOLS_SKILLS_"`
+ Registries skillsRegistriesConfigV0 ` json:"registries"`
+ Github skillsGithubConfigV0 ` json:"github"`
+ MaxConcurrentSearches int ` json:"max_concurrent_searches" env:"PICOCLAW_TOOLS_SKILLS_MAX_CONCURRENT_SEARCHES"`
+ SearchCache SearchCacheConfig ` json:"search_cache"`
+}
+
+type skillsRegistriesConfigV0 struct {
+ ClawHub clawHubRegistryConfigV0 `json:"clawhub"`
+}
+
+type clawHubRegistryConfigV0 struct {
+ Enabled bool `json:"enabled" env:"PICOCLAW_SKILLS_REGISTRIES_CLAWHUB_ENABLED"`
+ BaseURL string `json:"base_url" env:"PICOCLAW_SKILLS_REGISTRIES_CLAWHUB_BASE_URL"`
+ AuthToken string `json:"auth_token" env:"PICOCLAW_SKILLS_REGISTRIES_CLAWHUB_AUTH_TOKEN"`
+ SearchPath string `json:"search_path" env:"PICOCLAW_SKILLS_REGISTRIES_CLAWHUB_SEARCH_PATH"`
+ SkillsPath string `json:"skills_path" env:"PICOCLAW_SKILLS_REGISTRIES_CLAWHUB_SKILLS_PATH"`
+}
+
+func (v *clawHubRegistryConfigV0) ToClawHubRegistryConfig() (ClawHubRegistryConfig, ClawHubSecurity) {
+ return ClawHubRegistryConfig{
+ Enabled: v.Enabled,
+ BaseURL: v.BaseURL,
+ authToken: v.AuthToken,
+ SearchPath: v.SearchPath,
+ SkillsPath: v.SkillsPath,
+ }, ClawHubSecurity{
+ AuthToken: v.AuthToken,
+ }
+}
+
+type skillsGithubConfigV0 struct {
+ Token string `json:"token" env:"PICOCLAW_TOOLS_SKILLS_GITHUB_TOKEN"`
+ Proxy string `json:"proxy,omitempty" env:"PICOCLAW_TOOLS_SKILLS_GITHUB_PROXY"`
+}
+
+func (v *skillsGithubConfigV0) ToSkillsGithubConfig() (SkillsGithubConfig, GithubSecurity) {
+ return SkillsGithubConfig{
+ token: v.Token,
+ Proxy: v.Proxy,
+ }, GithubSecurity{
+ Token: v.Token,
+ }
+}
+
+func (v *skillsRegistriesConfigV0) ToSkillsRegistriesConfig() (SkillsRegistriesConfig, *ClawHubSecurity) {
+ clawHub, clawHubSecurity := v.ClawHub.ToClawHubRegistryConfig()
+
+ return SkillsRegistriesConfig{
+ ClawHub: clawHub,
+ }, &clawHubSecurity
+}
+
+func (v *skillsToolsConfigV0) ToSkillsToolsConfig() (SkillsToolsConfig, SkillsSecurity) {
+ registries, registriesSecurity := v.Registries.ToSkillsRegistriesConfig()
+ github, githubSecurity := v.Github.ToSkillsGithubConfig()
+
+ return SkillsToolsConfig{
+ ToolConfig: v.ToolConfig,
+ Registries: registries,
+ Github: github,
+ MaxConcurrentSearches: v.MaxConcurrentSearches,
+ SearchCache: v.SearchCache,
+ }, SkillsSecurity{
+ Github: &githubSecurity,
+ ClawHub: registriesSecurity,
+ }
+}
diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go
index 0c7e0c002..5fc0fe8fc 100644
--- a/pkg/config/config_test.go
+++ b/pkg/config/config_test.go
@@ -8,6 +8,9 @@ import (
"strings"
"testing"
+ "github.com/stretchr/testify/assert"
+ "gopkg.in/yaml.v3"
+
"github.com/sipeed/picoclaw/pkg/credential"
)
@@ -78,18 +81,19 @@ func TestAgentModelConfig_MarshalObject(t *testing.T) {
}
func TestProvidersConfig_IsEmpty(t *testing.T) {
- var empty ProvidersConfig
+ var empty providersConfigV0
+ t.Logf("empty: %+v", empty)
if !empty.IsEmpty() {
- t.Fatal("empty ProvidersConfig should report empty")
+ t.Fatal("empty providersConfig should report empty")
}
- novita := ProvidersConfig{
- Novita: ProviderConfig{
+ novita := providersConfigV0{
+ Novita: providerConfigV0{
APIKey: "test-key",
},
}
if novita.IsEmpty() {
- t.Fatal("ProvidersConfig with novita settings should not report empty")
+ t.Fatal("providersConfig with novita settings should not report empty")
}
}
@@ -237,15 +241,6 @@ func TestDefaultConfig_WorkspacePath(t *testing.T) {
}
}
-// TestDefaultConfig_Model verifies model is set
-func TestDefaultConfig_Model(t *testing.T) {
- cfg := DefaultConfig()
-
- if cfg.Agents.Defaults.Model != "" {
- t.Error("Model should be empty")
- }
-}
-
// TestDefaultConfig_MaxTokens verifies max tokens has default value
func TestDefaultConfig_MaxTokens(t *testing.T) {
cfg := DefaultConfig()
@@ -288,21 +283,6 @@ func TestDefaultConfig_Gateway(t *testing.T) {
}
}
-// TestDefaultConfig_Providers verifies provider structure
-func TestDefaultConfig_Providers(t *testing.T) {
- cfg := DefaultConfig()
-
- if cfg.Providers.Anthropic.APIKey != "" {
- t.Error("Anthropic API key should be empty by default")
- }
- if cfg.Providers.OpenAI.APIKey != "" {
- t.Error("OpenAI API key should be empty by default")
- }
- if cfg.Providers.OpenRouter.APIKey != "" {
- t.Error("OpenRouter API key should be empty by default")
- }
-}
-
// TestDefaultConfig_Channels verifies channels are disabled by default
func TestDefaultConfig_Channels(t *testing.T) {
cfg := DefaultConfig()
@@ -329,7 +309,7 @@ func TestDefaultConfig_WebTools(t *testing.T) {
if cfg.Tools.Web.Brave.MaxResults != 5 {
t.Error("Expected Brave MaxResults 5, got ", cfg.Tools.Web.Brave.MaxResults)
}
- if len(cfg.Tools.Web.Brave.APIKeys) != 0 {
+ if len(cfg.Tools.Web.Brave.APIKeys()) != 0 {
t.Error("Brave API key should be empty by default")
}
if cfg.Tools.Web.DuckDuckGo.MaxResults != 5 {
@@ -387,9 +367,6 @@ func TestConfig_Complete(t *testing.T) {
if cfg.Agents.Defaults.Workspace == "" {
t.Error("Workspace should not be empty")
}
- if cfg.Agents.Defaults.Model != "" {
- t.Error("Model should be empty")
- }
if cfg.Agents.Defaults.Temperature != nil {
t.Error("Temperature should be nil when not provided")
}
@@ -408,12 +385,8 @@ func TestConfig_Complete(t *testing.T) {
if !cfg.Heartbeat.Enabled {
t.Error("Heartbeat should be enabled by default")
}
-}
-
-func TestDefaultConfig_OpenAIWebSearchEnabled(t *testing.T) {
- cfg := DefaultConfig()
- if !cfg.Providers.OpenAI.WebSearch {
- t.Fatal("DefaultConfig().Providers.OpenAI.WebSearch should be true")
+ if !cfg.Tools.Exec.AllowRemote {
+ t.Error("Exec.AllowRemote should be true by default")
}
}
@@ -427,7 +400,7 @@ func TestDefaultConfig_WebPreferNativeEnabled(t *testing.T) {
func TestLoadConfig_WebPreferNativeDefaultsTrueWhenUnset(t *testing.T) {
dir := t.TempDir()
configPath := filepath.Join(dir, "config.json")
- if err := os.WriteFile(configPath, []byte(`{"tools":{"web":{"enabled":true}}}`), 0o600); err != nil {
+ if err := os.WriteFile(configPath, []byte(`{"version":1,"tools":{"web":{"enabled":true}}}`), 0o600); err != nil {
t.Fatalf("WriteFile() error: %v", err)
}
@@ -470,33 +443,34 @@ func TestDefaultConfig_CronAllowCommandEnabled(t *testing.T) {
}
}
-func TestDefaultConfig_LogLevel(t *testing.T) {
+func TestDefaultConfig_HooksDefaults(t *testing.T) {
cfg := DefaultConfig()
- if cfg.Agents.Defaults.LogLevel != "fatal" {
- t.Errorf("LogLevel = %q, want \"fatal\"", cfg.Agents.Defaults.LogLevel)
+ if !cfg.Hooks.Enabled {
+ t.Fatal("DefaultConfig().Hooks.Enabled should be true")
+ }
+ if cfg.Hooks.Defaults.ObserverTimeoutMS != 500 {
+ t.Fatalf("ObserverTimeoutMS = %d, want 500", cfg.Hooks.Defaults.ObserverTimeoutMS)
+ }
+ if cfg.Hooks.Defaults.InterceptorTimeoutMS != 5000 {
+ t.Fatalf("InterceptorTimeoutMS = %d, want 5000", cfg.Hooks.Defaults.InterceptorTimeoutMS)
+ }
+ if cfg.Hooks.Defaults.ApprovalTimeoutMS != 60000 {
+ t.Fatalf("ApprovalTimeoutMS = %d, want 60000", cfg.Hooks.Defaults.ApprovalTimeoutMS)
}
}
-func TestLoadConfig_OpenAIWebSearchDefaultsTrueWhenUnset(t *testing.T) {
- dir := t.TempDir()
- configPath := filepath.Join(dir, "config.json")
- if err := os.WriteFile(configPath, []byte(`{"providers":{"openai":{"api_base":""}}}`), 0o600); err != nil {
- t.Fatalf("WriteFile() error: %v", err)
- }
-
- cfg, err := LoadConfig(configPath)
- if err != nil {
- t.Fatalf("LoadConfig() error: %v", err)
- }
- if !cfg.Providers.OpenAI.WebSearch {
- t.Fatal("OpenAI codex web search should remain true when unset in config file")
+func TestDefaultConfig_LogLevel(t *testing.T) {
+ cfg := DefaultConfig()
+ if cfg.Gateway.LogLevel != "fatal" {
+ t.Errorf("LogLevel = %q, want \"fatal\"", cfg.Gateway.LogLevel)
}
}
func TestLoadConfig_ExecAllowRemoteDefaultsTrueWhenUnset(t *testing.T) {
dir := t.TempDir()
configPath := filepath.Join(dir, "config.json")
- if err := os.WriteFile(configPath, []byte(`{"tools":{"exec":{"enable_deny_patterns":true}}}`), 0o600); err != nil {
+ if err := os.WriteFile(configPath, []byte(`{"version":1,"tools":{"exec":{"enable_deny_patterns":true}}}`),
+ 0o600); err != nil {
t.Fatalf("WriteFile() error: %v", err)
}
@@ -512,7 +486,11 @@ func TestLoadConfig_ExecAllowRemoteDefaultsTrueWhenUnset(t *testing.T) {
func TestLoadConfig_CronAllowCommandDefaultsTrueWhenUnset(t *testing.T) {
dir := t.TempDir()
configPath := filepath.Join(dir, "config.json")
- if err := os.WriteFile(configPath, []byte(`{"tools":{"cron":{"exec_timeout_minutes":5}}}`), 0o600); err != nil {
+ if err := os.WriteFile(
+ configPath,
+ []byte(`{"version":1,"tools":{"cron":{"exec_timeout_minutes":5}}}`),
+ 0o600,
+ ); err != nil {
t.Fatalf("WriteFile() error: %v", err)
}
@@ -525,22 +503,6 @@ func TestLoadConfig_CronAllowCommandDefaultsTrueWhenUnset(t *testing.T) {
}
}
-func TestLoadConfig_OpenAIWebSearchCanBeDisabled(t *testing.T) {
- dir := t.TempDir()
- configPath := filepath.Join(dir, "config.json")
- if err := os.WriteFile(configPath, []byte(`{"providers":{"openai":{"web_search":false}}}`), 0o600); err != nil {
- t.Fatalf("WriteFile() error: %v", err)
- }
-
- cfg, err := LoadConfig(configPath)
- if err != nil {
- t.Fatalf("LoadConfig() error: %v", err)
- }
- if cfg.Providers.OpenAI.WebSearch {
- t.Fatal("OpenAI codex web search should be false when disabled in config file")
- }
-}
-
func TestLoadConfig_WebToolsProxy(t *testing.T) {
tmpDir := t.TempDir()
configPath := filepath.Join(tmpDir, "config.json")
@@ -562,6 +524,89 @@ func TestLoadConfig_WebToolsProxy(t *testing.T) {
}
}
+func TestLoadConfig_HooksProcessConfig(t *testing.T) {
+ tmpDir := t.TempDir()
+ configPath := filepath.Join(tmpDir, "config.json")
+ configJSON := `{
+ "version": 1,
+ "hooks": {
+ "processes": {
+ "review-gate": {
+ "enabled": true,
+ "transport": "stdio",
+ "command": ["uvx", "picoclaw-hook-reviewer"],
+ "dir": "/tmp/hooks",
+ "env": {
+ "HOOK_MODE": "rewrite"
+ },
+ "observe": ["turn_start", "turn_end"],
+ "intercept": ["before_tool", "approve_tool"]
+ }
+ },
+ "builtins": {
+ "audit": {
+ "enabled": true,
+ "priority": 5,
+ "config": {
+ "label": "audit"
+ }
+ }
+ }
+ }
+}`
+ if err := os.WriteFile(configPath, []byte(configJSON), 0o600); err != nil {
+ t.Fatalf("os.WriteFile() error: %v", err)
+ }
+
+ cfg, err := LoadConfig(configPath)
+ if err != nil {
+ t.Fatalf("LoadConfig() error: %v", err)
+ }
+
+ processCfg, ok := cfg.Hooks.Processes["review-gate"]
+ if !ok {
+ t.Fatal("expected review-gate process hook")
+ }
+ if !processCfg.Enabled {
+ t.Fatal("expected review-gate process hook to be enabled")
+ }
+ if processCfg.Transport != "stdio" {
+ t.Fatalf("Transport = %q, want stdio", processCfg.Transport)
+ }
+ if len(processCfg.Command) != 2 || processCfg.Command[0] != "uvx" {
+ t.Fatalf("Command = %v", processCfg.Command)
+ }
+ if processCfg.Dir != "/tmp/hooks" {
+ t.Fatalf("Dir = %q, want /tmp/hooks", processCfg.Dir)
+ }
+ if processCfg.Env["HOOK_MODE"] != "rewrite" {
+ t.Fatalf("HOOK_MODE = %q, want rewrite", processCfg.Env["HOOK_MODE"])
+ }
+ if len(processCfg.Observe) != 2 || processCfg.Observe[1] != "turn_end" {
+ t.Fatalf("Observe = %v", processCfg.Observe)
+ }
+ if len(processCfg.Intercept) != 2 || processCfg.Intercept[1] != "approve_tool" {
+ t.Fatalf("Intercept = %v", processCfg.Intercept)
+ }
+
+ builtinCfg, ok := cfg.Hooks.Builtins["audit"]
+ if !ok {
+ t.Fatal("expected audit builtin hook")
+ }
+ if !builtinCfg.Enabled {
+ t.Fatal("expected audit builtin hook to be enabled")
+ }
+ if builtinCfg.Priority != 5 {
+ t.Fatalf("Priority = %d, want 5", builtinCfg.Priority)
+ }
+ if !strings.Contains(string(builtinCfg.Config), `"audit"`) {
+ t.Fatalf("Config = %s", string(builtinCfg.Config))
+ }
+ if cfg.Hooks.Defaults.ApprovalTimeoutMS != 60000 {
+ t.Fatalf("ApprovalTimeoutMS = %d, want 60000", cfg.Hooks.Defaults.ApprovalTimeoutMS)
+ }
+}
+
// TestDefaultConfig_DMScope verifies the default dm_scope value
// TestDefaultConfig_SummarizationThresholds verifies summarization defaults
func TestDefaultConfig_SummarizationThresholds(t *testing.T) {
@@ -736,7 +781,20 @@ func TestFlexibleStringSlice_UnmarshalText_EmptySliceConsistency(t *testing.T) {
func TestLoadConfig_WarnsForPlaintextAPIKey(t *testing.T) {
dir := t.TempDir()
cfgPath := filepath.Join(dir, "config.json")
- const original = `{"model_list":[{"model_name":"test","model":"openai/gpt-4","api_key":"sk-plaintext"}]}`
+ const original = `{"version":1,"model_list":[{"model_name":"test","model":"openai/gpt-4","api_key":"sk-plaintext"}]}`
+ if err := os.WriteFile(cfgPath, []byte(original), 0o600); err != nil {
+ t.Fatalf("setup: %v", err)
+ }
+ secPath := filepath.Join(dir, SecurityConfigFile)
+ const securityConfig = `
+model_list:
+ test:0:
+ api_keys:
+ - "sk-plaintext"
+`
+ if err := os.WriteFile(secPath, []byte(securityConfig), 0o600); err != nil {
+ t.Fatalf("setup: %v", err)
+ }
if err := os.WriteFile(cfgPath, []byte(original), 0o600); err != nil {
t.Fatalf("setup: %v", err)
}
@@ -749,10 +807,10 @@ func TestLoadConfig_WarnsForPlaintextAPIKey(t *testing.T) {
t.Fatalf("LoadConfig: %v", err)
}
// In-memory value must be the resolved plaintext.
- if cfg.ModelList[0].APIKey != "sk-plaintext" {
- t.Errorf("in-memory api_key = %q, want %q", cfg.ModelList[0].APIKey, "sk-plaintext")
+ if cfg.ModelList[0].APIKey() != "sk-plaintext" {
+ t.Errorf("in-memory api_key = %q, want %q", cfg.ModelList[0].APIKey(), "sk-plaintext")
}
- // The file on disk must remain unchanged — LoadConfig must not write anything.
+ // The file on disk must remain unchanged — no need upgrade version
raw, _ := os.ReadFile(cfgPath)
if string(raw) != original {
t.Errorf("LoadConfig must not modify the config file; got:\n%s", string(raw))
@@ -769,15 +827,19 @@ func TestSaveConfig_EncryptsPlaintextAPIKey(t *testing.T) {
mustSetupSSHKey(t)
cfg := DefaultConfig()
- cfg.ModelList = []ModelConfig{
- {ModelName: "test", Model: "openai/gpt-4", APIKey: "sk-plaintext"},
+ cfg.ModelList = []*ModelConfig{
+ {ModelName: "test", Model: "openai/gpt-4", apiKeys: []string{"sk-plaintext"}},
+ }
+ cfg.security = &SecurityConfig{
+ ModelList: map[string]ModelSecurityEntry{"test:0": {APIKeys: []string{"sk-plaintext"}}},
}
if err := SaveConfig(cfgPath, cfg); err != nil {
t.Fatalf("SaveConfig: %v", err)
}
// Disk must contain enc://, not the raw key.
- raw, _ := os.ReadFile(cfgPath)
+ secPath := filepath.Join(dir, SecurityConfigFile)
+ raw, _ := os.ReadFile(secPath)
if !strings.Contains(string(raw), "enc://") {
t.Errorf("saved file should contain enc://, got:\n%s", string(raw))
}
@@ -790,8 +852,8 @@ func TestSaveConfig_EncryptsPlaintextAPIKey(t *testing.T) {
if err != nil {
t.Fatalf("LoadConfig after SaveConfig: %v", err)
}
- if cfg2.ModelList[0].APIKey != "sk-plaintext" {
- t.Errorf("loaded api_key = %q, want %q", cfg2.ModelList[0].APIKey, "sk-plaintext")
+ if cfg2.ModelList[0].APIKey() != "sk-plaintext" {
+ t.Errorf("loaded api_key = %q, want %q", cfg2.ModelList[0].APIKey(), "sk-plaintext")
}
}
@@ -827,10 +889,17 @@ func TestLoadConfig_FileRefNotSealed(t *testing.T) {
if err := os.WriteFile(keyFile, []byte("sk-from-file"), 0o600); err != nil {
t.Fatalf("setup: %v", err)
}
- data := `{"model_list":[{"model_name":"test","model":"openai/gpt-4","api_key":"file://openai.key"}]}`
+ data := `{"version":1,"model_list":[{"model_name":"test","model":"openai/gpt-4"}]}`
if err := os.WriteFile(cfgPath, []byte(data), 0o600); err != nil {
t.Fatalf("setup: %v", err)
}
+ secPath := filepath.Join(dir, SecurityConfigFile)
+ if err := saveSecurityConfig(
+ secPath,
+ &SecurityConfig{ModelList: map[string]ModelSecurityEntry{"test:0": {APIKeys: []string{"file://openai.key"}}}},
+ ); err != nil {
+ t.Fatalf("saveSecurityConfig: %v", err)
+ }
t.Setenv("PICOCLAW_KEY_PASSPHRASE", "test-passphrase")
t.Setenv("PICOCLAW_SSH_KEY_PATH", "")
@@ -839,7 +908,7 @@ func TestLoadConfig_FileRefNotSealed(t *testing.T) {
t.Fatalf("LoadConfig: %v", err)
}
- raw, _ := os.ReadFile(cfgPath)
+ raw, _ := os.ReadFile(secPath)
if !strings.Contains(string(raw), "file://openai.key") {
t.Error("file:// reference should be preserved unchanged in the config file")
}
@@ -859,23 +928,28 @@ func TestSaveConfig_MixedKeys(t *testing.T) {
// Pre-encrypt one key so we have a genuine enc:// value to put in the config.
if err := SaveConfig(cfgPath, &Config{
- ModelList: []ModelConfig{
- {ModelName: "pre", Model: "openai/gpt-4", APIKey: "sk-already-plain"},
+ ModelList: []*ModelConfig{
+ {ModelName: "pre", Model: "openai/gpt-4"},
+ },
+ security: &SecurityConfig{
+ ModelList: map[string]ModelSecurityEntry{
+ "pre:0": {APIKeys: []string{"sk-already-plain"}},
+ },
},
}); err != nil {
t.Fatalf("setup SaveConfig: %v", err)
}
- raw, _ := os.ReadFile(cfgPath)
+ raw, _ := os.ReadFile(filepath.Join(dir, SecurityConfigFile))
// Extract the enc:// value from the saved file.
var tmp struct {
- ModelList []struct {
- APIKey string `json:"api_key"`
- } `json:"model_list"`
+ ModelList map[string]struct {
+ APIKeys []string `yaml:"api_keys"`
+ } `yaml:"model_list"`
}
- if err := json.Unmarshal(raw, &tmp); err != nil || len(tmp.ModelList) == 0 {
+ if err := yaml.Unmarshal(raw, &tmp); err != nil || len(tmp.ModelList) == 0 {
t.Fatalf("setup: could not parse saved config: %v", err)
}
- alreadyEncrypted := tmp.ModelList[0].APIKey
+ alreadyEncrypted := tmp.ModelList["pre:0"].APIKeys[0]
if !strings.HasPrefix(alreadyEncrypted, "enc://") {
t.Fatalf("setup: expected enc:// key, got %q", alreadyEncrypted)
}
@@ -889,19 +963,28 @@ func TestSaveConfig_MixedKeys(t *testing.T) {
t.Fatalf("setup: %v", err)
}
cfg := &Config{
- ModelList: []ModelConfig{
- {ModelName: "plain", Model: "openai/gpt-4", APIKey: "sk-new-plaintext"},
- {ModelName: "enc", Model: "openai/gpt-4", APIKey: alreadyEncrypted},
- {ModelName: "file", Model: "openai/gpt-4", APIKey: "file://api.key"},
+ ModelList: []*ModelConfig{
+ {ModelName: "plain", Model: "openai/gpt-4", apiKeys: []string{"sk-new-plaintext"}},
+ {ModelName: "enc", Model: "openai/gpt-4", apiKeys: []string{alreadyEncrypted}},
+ {ModelName: "file", Model: "openai/gpt-4", apiKeys: []string{"file://api.key"}},
+ },
+ security: &SecurityConfig{
+ ModelList: map[string]ModelSecurityEntry{
+ "plain:0": {APIKeys: []string{"sk-new-plaintext"}},
+ "enc:0": {APIKeys: []string{alreadyEncrypted}},
+ "file:0": {APIKeys: []string{"file://api.key"}},
+ },
},
}
if err := SaveConfig(cfgPath, cfg); err != nil {
t.Fatalf("SaveConfig: %v", err)
}
- raw, _ = os.ReadFile(cfgPath)
+ raw, _ = os.ReadFile(filepath.Join(dir, SecurityConfigFile))
s := string(raw)
+ t.Logf("saved file:\n%s", s)
+
// 1. Plaintext must be encrypted.
if strings.Contains(s, "sk-new-plaintext") {
t.Error("plaintext key must not appear in saved file")
@@ -922,7 +1005,7 @@ func TestSaveConfig_MixedKeys(t *testing.T) {
}
byName := make(map[string]string)
for _, m := range cfg2.ModelList {
- byName[m.ModelName] = m.APIKey
+ byName[m.ModelName] = m.APIKey()
}
if byName["plain"] != "sk-new-plaintext" {
t.Errorf("plain model api_key = %q, want %q", byName["plain"], "sk-new-plaintext")
@@ -946,26 +1029,26 @@ func TestLoadConfig_MixedKeys_NoPassphrase(t *testing.T) {
t.Setenv("PICOCLAW_KEY_PASSPHRASE", "test-passphrase")
mustSetupSSHKey(t)
if err := SaveConfig(cfgPath, &Config{
- ModelList: []ModelConfig{
- {ModelName: "m", Model: "openai/gpt-4", APIKey: "sk-secret"},
+ ModelList: []*ModelConfig{
+ {ModelName: "m", Model: "openai/gpt-4", apiKeys: []string{"sk-secret"}},
+ },
+ security: &SecurityConfig{
+ ModelList: map[string]ModelSecurityEntry{
+ "m:0": {APIKeys: []string{"sk-secret"}},
+ },
},
}); err != nil {
t.Fatalf("setup SaveConfig: %v", err)
}
- raw, _ := os.ReadFile(cfgPath)
- var tmp struct {
- ModelList []struct {
- APIKey string `json:"api_key"`
- } `json:"model_list"`
- }
- if err := json.Unmarshal(raw, &tmp); err != nil {
- t.Fatalf("setup parse: %v", err)
- }
- encValue := tmp.ModelList[0].APIKey
+ raw, err := LoadConfig(cfgPath)
+ assert.NoError(t, err)
+ encValue := raw.security.ModelList["m:0"].APIKeys[0]
+ assert.NotEmpty(t, encValue)
+ assert.Equal(t, "enc://", encValue[:6])
// Write a mixed config: enc:// + plaintext + file://
keyFile := filepath.Join(dir, "api.key")
- if err := os.WriteFile(keyFile, []byte("sk-from-file"), 0o600); err != nil {
+ if err = os.WriteFile(keyFile, []byte("sk-from-file"), 0o600); err != nil {
t.Fatalf("setup: %v", err)
}
mixed, _ := json.Marshal(map[string]any{
@@ -975,14 +1058,24 @@ func TestLoadConfig_MixedKeys_NoPassphrase(t *testing.T) {
{"model_name": "file", "model": "openai/gpt-4", "api_key": "file://api.key"},
},
})
- if err := os.WriteFile(cfgPath, mixed, 0o600); err != nil {
+ if err = os.WriteFile(cfgPath, mixed, 0o600); err != nil {
t.Fatalf("setup write: %v", err)
}
+ secs, _ := yaml.Marshal(map[string]any{
+ "model_list": map[string]map[string]any{
+ "enc:0": {"api_keys": []string{encValue}},
+ "plain:0": {"api_keys": []string{"sk-plain"}},
+ "file:0": {"api_keys": []string{"file://api.key"}},
+ },
+ })
+ if err = os.WriteFile(filepath.Join(dir, SecurityConfigFile), secs, 0o600); err != nil {
+ t.Fatalf("security write: %v", err)
+ }
// Now clear the passphrase — LoadConfig must fail because enc:// cannot be decrypted.
t.Setenv("PICOCLAW_KEY_PASSPHRASE", "")
- _, err := LoadConfig(cfgPath)
+ _, err = LoadConfig(cfgPath)
if err == nil {
t.Fatal("LoadConfig should fail when enc:// key is present and no passphrase is set")
}
@@ -1010,14 +1103,15 @@ func TestSaveConfig_UsesPassphraseProvider(t *testing.T) {
t.Cleanup(func() { credential.PassphraseProvider = orig })
cfg := DefaultConfig()
- cfg.ModelList = []ModelConfig{
- {ModelName: "test", Model: "openai/gpt-4", APIKey: "sk-plaintext"},
+ cfg.ModelList = []*ModelConfig{
+ {ModelName: "test", Model: "openai/gpt-4"},
}
+ cfg.security.ModelList["test:0"] = ModelSecurityEntry{APIKeys: []string{"sk-plaintext"}}
if err := SaveConfig(cfgPath, cfg); err != nil {
t.Fatalf("SaveConfig: %v", err)
}
- raw, _ := os.ReadFile(cfgPath)
+ raw, _ := os.ReadFile(filepath.Join(dir, SecurityConfigFile))
if !strings.Contains(string(raw), "enc://") {
t.Errorf("SaveConfig should have encrypted plaintext key via PassphraseProvider; got:\n%s", raw)
}
@@ -1060,15 +1154,15 @@ func TestLoadConfig_UsesPassphraseProvider(t *testing.T) {
if err != nil {
t.Fatalf("LoadConfig: %v", err)
}
- if cfg.ModelList[0].APIKey != plainKey {
- t.Errorf("api_key = %q, want %q", cfg.ModelList[0].APIKey, plainKey)
+ if cfg.ModelList[0].APIKey() != plainKey {
+ t.Errorf("api_key = %q, want %q", cfg.ModelList[0].APIKey(), plainKey)
}
}
func TestConfigParsesLogLevel(t *testing.T) {
dir := t.TempDir()
cfgPath := filepath.Join(dir, "config.json")
- data := `{"agents":{"defaults":{"log_level":"debug"}}}`
+ data := `{"version":1,"gateway":{"log_level":"debug"}}`
if err := os.WriteFile(cfgPath, []byte(data), 0o600); err != nil {
t.Fatalf("setup: %v", err)
}
@@ -1077,15 +1171,15 @@ func TestConfigParsesLogLevel(t *testing.T) {
if err != nil {
t.Fatalf("LoadConfig: %v", err)
}
- if cfg.Agents.Defaults.LogLevel != "debug" {
- t.Errorf("LogLevel = %q, want \"debug\"", cfg.Agents.Defaults.LogLevel)
+ if cfg.Gateway.LogLevel != "debug" {
+ t.Errorf("LogLevel = %q, want \"debug\"", cfg.Gateway.LogLevel)
}
}
func TestConfigLogLevelEmpty(t *testing.T) {
dir := t.TempDir()
cfgPath := filepath.Join(dir, "config.json")
- data := `{}`
+ data := `{"version":1}`
if err := os.WriteFile(cfgPath, []byte(data), 0o600); err != nil {
t.Fatalf("setup: %v", err)
}
@@ -1095,8 +1189,8 @@ func TestConfigLogLevelEmpty(t *testing.T) {
t.Fatalf("LoadConfig: %v", err)
}
// When config omits log_level, the DefaultConfig value ("fatal") is preserved.
- if cfg.Agents.Defaults.LogLevel != "fatal" {
- t.Errorf("LogLevel = %q, want \"fatal\"", cfg.Agents.Defaults.LogLevel)
+ if cfg.Gateway.LogLevel != "fatal" {
+ t.Errorf("LogLevel = %q, want \"fatal\"", cfg.Gateway.LogLevel)
}
}
diff --git a/pkg/config/defaults.go b/pkg/config/defaults.go
index f4056eca6..18e0bbfd4 100644
--- a/pkg/config/defaults.go
+++ b/pkg/config/defaults.go
@@ -8,6 +8,8 @@ package config
import (
"os"
"path/filepath"
+
+ "github.com/sipeed/picoclaw/pkg"
)
// DefaultConfig returns the default configuration for PicoClaw.
@@ -19,23 +21,23 @@ func DefaultConfig() *Config {
homePath = picoclawHome
} else {
userHome, _ := os.UserHomeDir()
- homePath = filepath.Join(userHome, ".picoclaw")
+ homePath = filepath.Join(userHome, pkg.DefaultPicoClawHome)
}
- workspacePath := filepath.Join(homePath, "workspace")
+ workspacePath := filepath.Join(homePath, pkg.WorkspaceName)
return &Config{
+ Version: CurrentVersion,
Agents: AgentsConfig{
Defaults: AgentDefaults{
- LogLevel: "fatal",
Workspace: workspacePath,
RestrictToWorkspace: true,
Provider: "",
- Model: "",
MaxTokens: 32768,
Temperature: nil, // nil means use provider default
MaxToolIterations: 50,
SummarizeMessageThreshold: 20,
SummarizeTokenPercent: 75,
+ SteeringMode: "one-at-a-time",
ToolFeedback: ToolFeedbackConfig{
Enabled: true,
MaxArgsLength: 300,
@@ -56,7 +58,6 @@ func DefaultConfig() *Config {
},
Telegram: TelegramConfig{
Enabled: false,
- Token: "",
AllowFrom: FlexibleStringSlice{},
Typing: TypingConfig{Enabled: true},
Placeholder: PlaceholderConfig{
@@ -67,16 +68,12 @@ func DefaultConfig() *Config {
UseMarkdownV2: false,
},
Feishu: FeishuConfig{
- Enabled: false,
- AppID: "",
- AppSecret: "",
- EncryptKey: "",
- VerificationToken: "",
- AllowFrom: FlexibleStringSlice{},
+ Enabled: false,
+ AppID: "",
+ AllowFrom: FlexibleStringSlice{},
},
Discord: DiscordConfig{
Enabled: false,
- Token: "",
AllowFrom: FlexibleStringSlice{},
MentionOnly: false,
},
@@ -89,28 +86,23 @@ func DefaultConfig() *Config {
QQ: QQConfig{
Enabled: false,
AppID: "",
- AppSecret: "",
AllowFrom: FlexibleStringSlice{},
MaxMessageLength: 2000,
MaxBase64FileSizeMiB: 0,
},
DingTalk: DingTalkConfig{
- Enabled: false,
- ClientID: "",
- ClientSecret: "",
- AllowFrom: FlexibleStringSlice{},
+ Enabled: false,
+ ClientID: "",
+ AllowFrom: FlexibleStringSlice{},
},
Slack: SlackConfig{
Enabled: false,
- BotToken: "",
- AppToken: "",
AllowFrom: FlexibleStringSlice{},
},
Matrix: MatrixConfig{
Enabled: false,
Homeserver: "https://matrix.org",
UserID: "",
- AccessToken: "",
DeviceID: "",
JoinOnInvite: true,
AllowFrom: FlexibleStringSlice{},
@@ -123,51 +115,40 @@ func DefaultConfig() *Config {
},
},
LINE: LINEConfig{
- Enabled: false,
- ChannelSecret: "",
- ChannelAccessToken: "",
- WebhookHost: "0.0.0.0",
- WebhookPort: 18791,
- WebhookPath: "/webhook/line",
- AllowFrom: FlexibleStringSlice{},
- GroupTrigger: GroupTriggerConfig{MentionOnly: true},
+ Enabled: false,
+ WebhookHost: "0.0.0.0",
+ WebhookPort: 18791,
+ WebhookPath: "/webhook/line",
+ AllowFrom: FlexibleStringSlice{},
+ GroupTrigger: GroupTriggerConfig{MentionOnly: true},
},
OneBot: OneBotConfig{
- Enabled: false,
- WSUrl: "ws://127.0.0.1:3001",
- AccessToken: "",
- ReconnectInterval: 5,
- GroupTriggerPrefix: []string{},
- AllowFrom: FlexibleStringSlice{},
+ Enabled: false,
+ WSUrl: "ws://127.0.0.1:3001",
+ ReconnectInterval: 5,
+ AllowFrom: FlexibleStringSlice{},
},
WeCom: WeComConfig{
- Enabled: false,
- Token: "",
- EncodingAESKey: "",
- WebhookURL: "",
- WebhookHost: "0.0.0.0",
- WebhookPort: 18793,
- WebhookPath: "/webhook/wecom",
- AllowFrom: FlexibleStringSlice{},
- ReplyTimeout: 5,
+ Enabled: false,
+ WebhookURL: "",
+ WebhookHost: "0.0.0.0",
+ WebhookPort: 18793,
+ WebhookPath: "/webhook/wecom",
+ AllowFrom: FlexibleStringSlice{},
+ ReplyTimeout: 5,
},
WeComApp: WeComAppConfig{
- Enabled: false,
- CorpID: "",
- CorpSecret: "",
- AgentID: 0,
- Token: "",
- EncodingAESKey: "",
- WebhookHost: "0.0.0.0",
- WebhookPort: 18792,
- WebhookPath: "/webhook/wecom-app",
- AllowFrom: FlexibleStringSlice{},
- ReplyTimeout: 5,
+ Enabled: false,
+ CorpID: "",
+ AgentID: 0,
+ WebhookHost: "0.0.0.0",
+ WebhookPort: 18792,
+ WebhookPath: "/webhook/wecom-app",
+ AllowFrom: FlexibleStringSlice{},
+ ReplyTimeout: 5,
},
WeComAIBot: WeComAIBotConfig{
Enabled: false,
- Token: "",
- EncodingAESKey: "",
WebhookPath: "/webhook/wecom-aibot",
AllowFrom: FlexibleStringSlice{},
ReplyTimeout: 5,
@@ -177,7 +158,6 @@ func DefaultConfig() *Config {
},
Weixin: WeixinConfig{
Enabled: false,
- Token: "",
BaseURL: "https://ilinkai.weixin.qq.com/",
CDNBaseURL: "https://novac2c.cdn.weixin.qq.com/c2c",
AllowFrom: FlexibleStringSlice{},
@@ -185,7 +165,6 @@ func DefaultConfig() *Config {
},
Pico: PicoConfig{
Enabled: false,
- Token: "",
PingInterval: 30,
ReadTimeout: 60,
WriteTimeout: 10,
@@ -193,10 +172,15 @@ func DefaultConfig() *Config {
AllowFrom: FlexibleStringSlice{},
},
},
- Providers: ProvidersConfig{
- OpenAI: OpenAIProviderConfig{WebSearch: true},
+ Hooks: HooksConfig{
+ Enabled: true,
+ Defaults: HookDefaultsConfig{
+ ObserverTimeoutMS: 500,
+ InterceptorTimeoutMS: 5000,
+ ApprovalTimeoutMS: 60000,
+ },
},
- ModelList: []ModelConfig{
+ ModelList: []*ModelConfig{
// ============================================
// Add your API key to the model you want to use
// ============================================
@@ -206,7 +190,6 @@ func DefaultConfig() *Config {
ModelName: "glm-4.7",
Model: "zhipu/glm-4.7",
APIBase: "https://open.bigmodel.cn/api/paas/v4",
- APIKey: "",
},
// OpenAI - https://platform.openai.com/api-keys
@@ -214,7 +197,6 @@ func DefaultConfig() *Config {
ModelName: "gpt-5.4",
Model: "openai/gpt-5.4",
APIBase: "https://api.openai.com/v1",
- APIKey: "",
},
// Anthropic Claude - https://console.anthropic.com/settings/keys
@@ -222,7 +204,6 @@ func DefaultConfig() *Config {
ModelName: "claude-sonnet-4.6",
Model: "anthropic/claude-sonnet-4.6",
APIBase: "https://api.anthropic.com/v1",
- APIKey: "",
},
// DeepSeek - https://platform.deepseek.com/
@@ -230,7 +211,6 @@ func DefaultConfig() *Config {
ModelName: "deepseek-chat",
Model: "deepseek/deepseek-chat",
APIBase: "https://api.deepseek.com/v1",
- APIKey: "",
},
// Google Gemini - https://ai.google.dev/
@@ -238,7 +218,6 @@ func DefaultConfig() *Config {
ModelName: "gemini-2.0-flash",
Model: "gemini/gemini-2.0-flash-exp",
APIBase: "https://generativelanguage.googleapis.com/v1beta",
- APIKey: "",
},
// Qwen (通义千问) - https://dashscope.console.aliyun.com/apiKey
@@ -246,7 +225,6 @@ func DefaultConfig() *Config {
ModelName: "qwen-plus",
Model: "qwen/qwen-plus",
APIBase: "https://dashscope.aliyuncs.com/compatible-mode/v1",
- APIKey: "",
},
// Moonshot (月之暗面) - https://platform.moonshot.cn/console/api-keys
@@ -254,7 +232,6 @@ func DefaultConfig() *Config {
ModelName: "moonshot-v1-8k",
Model: "moonshot/moonshot-v1-8k",
APIBase: "https://api.moonshot.cn/v1",
- APIKey: "",
},
// Groq - https://console.groq.com/keys
@@ -262,7 +239,6 @@ func DefaultConfig() *Config {
ModelName: "llama-3.3-70b",
Model: "groq/llama-3.3-70b-versatile",
APIBase: "https://api.groq.com/openai/v1",
- APIKey: "",
},
// OpenRouter (100+ models) - https://openrouter.ai/keys
@@ -270,13 +246,11 @@ func DefaultConfig() *Config {
ModelName: "openrouter-auto",
Model: "openrouter/auto",
APIBase: "https://openrouter.ai/api/v1",
- APIKey: "",
},
{
ModelName: "openrouter-gpt-5.4",
Model: "openrouter/openai/gpt-5.4",
APIBase: "https://openrouter.ai/api/v1",
- APIKey: "",
},
// NVIDIA - https://build.nvidia.com/
@@ -284,7 +258,6 @@ func DefaultConfig() *Config {
ModelName: "nemotron-4-340b",
Model: "nvidia/nemotron-4-340b-instruct",
APIBase: "https://integrate.api.nvidia.com/v1",
- APIKey: "",
},
// Cerebras - https://inference.cerebras.ai/
@@ -292,7 +265,6 @@ func DefaultConfig() *Config {
ModelName: "cerebras-llama-3.3-70b",
Model: "cerebras/llama-3.3-70b",
APIBase: "https://api.cerebras.ai/v1",
- APIKey: "",
},
// Vivgrid - https://vivgrid.com
@@ -300,7 +272,6 @@ func DefaultConfig() *Config {
ModelName: "vivgrid-auto",
Model: "vivgrid/auto",
APIBase: "https://api.vivgrid.com/v1",
- APIKey: "",
},
// Volcengine (火山引擎) - https://console.volcengine.com/ark
@@ -308,13 +279,11 @@ func DefaultConfig() *Config {
ModelName: "ark-code-latest",
Model: "volcengine/ark-code-latest",
APIBase: "https://ark.cn-beijing.volces.com/api/v3",
- APIKey: "",
},
{
ModelName: "doubao-pro",
Model: "volcengine/doubao-pro-32k",
APIBase: "https://ark.cn-beijing.volces.com/api/v3",
- APIKey: "",
},
// ShengsuanYun (神算云)
@@ -322,7 +291,6 @@ func DefaultConfig() *Config {
ModelName: "deepseek-v3",
Model: "shengsuanyun/deepseek-v3",
APIBase: "https://api.shengsuanyun.com/v1",
- APIKey: "",
},
// Antigravity (Google Cloud Code Assist) - OAuth only
@@ -345,7 +313,6 @@ func DefaultConfig() *Config {
ModelName: "llama3",
Model: "ollama/llama3",
APIBase: "http://localhost:11434/v1",
- APIKey: "ollama",
},
// Mistral AI - https://console.mistral.ai/api-keys
@@ -353,7 +320,6 @@ func DefaultConfig() *Config {
ModelName: "mistral-small",
Model: "mistral/mistral-small-latest",
APIBase: "https://api.mistral.ai/v1",
- APIKey: "",
},
// Avian - https://avian.io
@@ -361,13 +327,11 @@ func DefaultConfig() *Config {
ModelName: "deepseek-v3.2",
Model: "avian/deepseek/deepseek-v3.2",
APIBase: "https://api.avian.io/v1",
- APIKey: "",
},
{
ModelName: "kimi-k2.5",
Model: "avian/moonshotai/kimi-k2.5",
APIBase: "https://api.avian.io/v1",
- APIKey: "",
},
// Minimax - https://api.minimaxi.com/
@@ -375,7 +339,6 @@ func DefaultConfig() *Config {
ModelName: "MiniMax-M2.5",
Model: "minimax/MiniMax-M2.5",
APIBase: "https://api.minimaxi.com/v1",
- APIKey: "",
},
// LongCat - https://longcat.chat/platform
@@ -383,7 +346,6 @@ func DefaultConfig() *Config {
ModelName: "LongCat-Flash-Thinking",
Model: "longcat/LongCat-Flash-Thinking",
APIBase: "https://api.longcat.chat/openai",
- APIKey: "",
},
// ModelScope (魔搭社区) - https://modelscope.cn/my/tokens
@@ -391,7 +353,6 @@ func DefaultConfig() *Config {
ModelName: "modelscope-qwen",
Model: "modelscope/Qwen/Qwen3-235B-A22B-Instruct-2507",
APIBase: "https://api-inference.modelscope.cn/v1",
- APIKey: "",
},
// VLLM (local) - http://localhost:8000
@@ -399,7 +360,6 @@ func DefaultConfig() *Config {
ModelName: "local-model",
Model: "vllm/custom-model",
APIBase: "http://localhost:8000/v1",
- APIKey: "",
},
// Azure OpenAI - https://portal.azure.com
@@ -408,13 +368,13 @@ func DefaultConfig() *Config {
ModelName: "azure-gpt5",
Model: "azure/my-gpt5-deployment",
APIBase: "https://your-resource.openai.azure.com",
- APIKey: "",
},
},
Gateway: GatewayConfig{
Host: "127.0.0.1",
Port: 18790,
HotReload: false,
+ LogLevel: "fatal",
},
Tools: ToolsConfig{
MediaCleanup: MediaCleanupConfig{
@@ -434,14 +394,10 @@ func DefaultConfig() *Config {
Format: "plaintext",
Brave: BraveConfig{
Enabled: false,
- APIKey: "",
- APIKeys: nil,
MaxResults: 5,
},
Tavily: TavilyConfig{
Enabled: false,
- APIKey: "",
- APIKeys: nil,
MaxResults: 5,
},
DuckDuckGo: DuckDuckGoConfig{
@@ -450,8 +406,6 @@ func DefaultConfig() *Config {
},
Perplexity: PerplexityConfig{
Enabled: false,
- APIKey: "",
- APIKeys: nil,
MaxResults: 5,
},
SearXNG: SearXNGConfig{
@@ -461,11 +415,15 @@ func DefaultConfig() *Config {
},
GLMSearch: GLMSearchConfig{
Enabled: false,
- APIKey: "",
BaseURL: "https://open.bigmodel.cn/api/paas/v4/web_search",
SearchEngine: "search_std",
MaxResults: 5,
},
+ BaiduSearch: BaiduSearchConfig{
+ Enabled: false,
+ BaseURL: "https://qianfan.baidubce.com/v2/ai_search/web_search",
+ MaxResults: 10,
+ },
},
Cron: CronToolsConfig{
ToolConfig: ToolConfig{
@@ -567,6 +525,7 @@ func DefaultConfig() *Config {
MonitorUSB: true,
},
Voice: VoiceConfig{
+ ModelName: "",
EchoTranscription: false,
},
BuildInfo: BuildInfo{
@@ -575,5 +534,10 @@ func DefaultConfig() *Config {
BuildTime: BuildTime,
GoVersion: GoVersion,
},
+ security: &SecurityConfig{
+ ModelList: map[string]ModelSecurityEntry{},
+ Channels: ChannelsSecurity{},
+ Web: WebToolsSecurity{},
+ },
}
}
diff --git a/pkg/config/example_security_usage.go b/pkg/config/example_security_usage.go
new file mode 100644
index 000000000..cba76c6bc
--- /dev/null
+++ b/pkg/config/example_security_usage.go
@@ -0,0 +1,423 @@
+// PicoClaw - Ultra-lightweight personal AI agent
+// License: MIT
+//
+// Copyright (c) 2026 PicoClaw contributors
+
+// This file demonstrates how to use the security configuration feature
+// It's not meant to be compiled, just for documentation purposes
+
+/*
+Package config
+
+# Example: Using Security Configuration
+
+## 1. Create security.yml
+
+File: ~/.picoclaw/security.yml
+
+```yaml
+# Model API Keys
+# Note: Use 'api_keys' array for multiple keys (load balancing/failover)
+# Single key should be provided as an array with one element
+model_list:
+
+ gpt-5.4:
+ api_keys:
+ - "sk-proj-your-actual-openai-key-1"
+ - "sk-proj-your-actual-openai-key-2" # Failover key
+ claude-sonnet-4.6:
+ api_keys:
+ - "sk-ant-your-actual-anthropic-key" # Single key in array format
+
+# Channel Tokens
+channels:
+
+ telegram:
+ token: "1234567890:ABCdefGHIjklMNOpqrsTUVwxyz"
+ discord:
+ token: "your-discord-bot-token"
+
+# Web Tool Keys
+# Note: Use 'api_keys' array for multiple keys (load balancing/failover)
+# For GLMSearch, use 'api_key' (single string)
+web:
+
+ brave:
+ api_keys:
+ - "BSAyour-brave-api-key-1"
+ - "BSAyour-brave-api-key-2" # Failover key
+ tavily:
+ api_keys:
+ - "tvly-your-tavily-api-key" # Single key in array format
+ glm_search:
+ api_key: "your-glm-search-api-key" # Single key (not array)
+
+```
+
+## 2. Update config.json to use references
+
+File: ~/.picoclaw/config.json
+
+```json
+
+ {
+ "version": 1,
+ "agents": {
+ "defaults": {
+ "workspace": "~/picoclaw-workspace",
+ "model_name": "gpt-5.4"
+ }
+ },
+ "model_list": [
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_base": "https://api.openai.com/v1",
+ "api_key": "ref:model_list.gpt-5.4.api_key"
+ },
+ {
+ "model_name": "claude-sonnet-4.6",
+ "model": "anthropic/claude-sonnet-4.6",
+ "api_base": "https://api.anthropic.com/v1",
+ "api_key": "ref:model_list.claude-sonnet-4.6.api_key"
+ }
+ ],
+ "channels": {
+ "telegram": {
+ "enabled": true,
+ "token": "ref:channels.telegram.token"
+ },
+ "discord": {
+ "enabled": true,
+ "token": "ref:channels.discord.token"
+ }
+ },
+ "tools": {
+ "web": {
+ "brave": {
+ "enabled": true,
+ "api_key": "ref:web.brave.api_key"
+ },
+ "tavily": {
+ "enabled": true,
+ "api_key": "ref:web.tavily.api_key"
+ }
+ }
+ }
+ }
+
+```
+
+## 3. Set proper permissions
+
+```bash
+chmod 600 ~/.picoclaw/security.yml
+```
+
+## 4. Add to .gitignore
+
+```gitignore
+# Security configuration
+.security.yml
+```
+
+## 5. Verify it works
+
+```bash
+picoclaw --version
+```
+
+# Available Reference Paths
+
+## Model API Keys
+- ref:model_list..api_key
+
+Examples:
+- ref:model_list.gpt-5.4.api_key
+- ref:model_list.claude-sonnet-4.6.api_key
+
+**Note:** In .security.yml, use `api_keys` (array) format for models.
+Both single and multiple keys should use the array format.
+
+## Channel Tokens/Secrets
+- ref:channels.telegram.token
+- ref:channels.feishu.app_secret
+- ref:channels.feishu.encrypt_key
+- ref:channels.feishu.verification_token
+- ref:channels.discord.token
+- ref:channels.qq.app_secret
+- ref:channels.dingtalk.client_secret
+- ref:channels.slack.bot_token
+- ref:channels.slack.app_token
+- ref:channels.matrix.access_token
+- ref:channels.line.channel_secret
+- ref:channels.line.channel_access_token
+- ref:channels.onebot.access_token
+- ref:channels.wecom.token
+- ref:channels.wecom.encoding_aes_key
+- ref:channels.wecom_app.corp_secret
+- ref:channels.wecom_app.token
+- ref:channels.wecom_app.encoding_aes_key
+- ref:channels.wecom_aibot.token
+- ref:channels.wecom_aibot.encoding_aes_key
+- ref:channels.pico.token
+- ref:channels.irc.password
+- ref:channels.irc.nickserv_password
+- ref:channels.irc.sasl_password
+
+## Web Tool API Keys
+- ref:web.brave.api_key
+- ref:web.tavily.api_key
+- ref:web.perplexity.api_key
+- ref:web.glm_search.api_key
+
+**Note:**
+- Brave, Tavily, Perplexity: Use `api_keys` (array) format in .security.yml
+- GLMSearch: Use `api_key` (single string) format in .security.yml
+
+## Skills Registry Tokens
+- ref:skills.github.token
+- ref:skills.clawhub.auth_token
+
+# Backward Compatibility
+
+You can still use direct values in config.json if needed:
+
+```json
+
+ {
+ "model_list": [
+ {
+ "model_name": "local-model",
+ "model": "ollama/llama3",
+ "api_base": "http://localhost:11434/v1",
+ "api_key": "ollama" // Direct value (no reference)
+ }
+ ]
+ }
+
+```
+
+You can also mix references and direct values:
+
+```json
+
+ {
+ "model_list": [
+ {
+ "model_name": "cloud-model",
+ "api_key": "ref:model_list.cloud-model.api_key" // From .security.yml
+ },
+ {
+ "model_name": "local-model",
+ "api_key": "ollama" // Direct value
+ }
+ ]
+ }
+
+```
+
+# Migration from Old Config
+
+## Step 1: Backup your config
+```bash
+cp ~/.picoclaw/config.json ~/.picoclaw/config.json.backup
+```
+
+## Step 2: Copy the example security file
+```bash
+cp security.example.yml ~/.picoclaw/.security.yml
+```
+
+## Step 3: Fill in your API keys
+Edit ~/.picoclaw/.security.yml and replace placeholders with your actual keys.
+
+## Step 4: Update config.json references
+Replace sensitive values in ~/.picoclaw/config.json with ref: references.
+
+## Step 5: Test
+```bash
+picoclaw --version
+```
+
+If everything works, you can delete the backup:
+```bash
+rm ~/.picoclaw/config.json.backup
+```
+
+# Advanced Features
+
+## Multiple API Keys (Load Balancing & Failover)
+
+You can configure multiple API keys for both models and web tools to enable:
+- **Load balancing**: Requests are distributed across multiple keys
+- **Failover**: If a key fails, the system automatically switches to another key
+
+### Example: Model with Multiple Keys
+
+**.security.yml:**
+```yaml
+model_list:
+
+ gpt-5.4:
+ api_keys:
+ - "sk-proj-key-1"
+ - "sk-proj-key-2"
+ - "sk-proj-key-3"
+
+```
+
+**config.json:**
+```json
+
+ {
+ "model_list": [
+ {
+ "model_name": "gpt-5.4",
+ "model": "openai/gpt-5.4",
+ "api_key": "ref:model_list.gpt-5.4.api_key"
+ }
+ ]
+ }
+
+```
+
+### Example: Web Tool with Multiple Keys
+
+**.security.yml:**
+```yaml
+web:
+
+ brave:
+ api_keys:
+ - "BSA-key-1"
+ - "BSA-key-2"
+ tavily:
+ api_keys:
+ - "tvly-your-key" # Single key in array format
+ glm_search:
+ api_key: "your-glm-key" # GLMSearch uses single key format
+
+```
+
+**config.json:**
+```json
+
+ {
+ "tools": {
+ "web": {
+ "brave": {
+ "enabled": true,
+ "api_key": "ref:web.brave.api_key"
+ }
+ }
+ }
+ }
+
+```
+
+### Single Key
+
+Use array format with one element:
+```yaml
+model_list:
+
+ gpt-5.4:
+ api_keys:
+ - "sk-proj-your-key" # Single key in array format
+
+```
+
+### Multiple Keys (Load Balancing & Failover)
+
+Use array format with multiple elements:
+```yaml
+model_list:
+
+ gpt-5.4:
+ api_keys:
+ - "sk-proj-key-1"
+ - "sk-proj-key-2"
+ - "sk-proj-key-3"
+
+```
+
+**Important:** All model keys in .security.yml must use the `api_keys` (plural) array format.
+The single `api_key` (singular) format is NOT supported for models.
+
+### Model Index Matching
+
+The system supports intelligent model name matching in .security.yml:
+
+**Example 1: Exact Match**
+```yaml
+# config.json
+
+ {
+ "model_name": "gpt-5.4:0"
+ }
+
+# .security.yml (exact match with index)
+model_list:
+
+ gpt-5.4:0:
+ api_keys: ["key-1"]
+
+```
+
+**Example 2: Base Name Match**
+```yaml
+# config.json
+
+ {
+ "model_name": "gpt-5.4:0"
+ }
+
+# .security.yml (base name without index)
+model_list:
+
+ gpt-5.4:
+ api_keys: ["key-1"]
+
+```
+
+Both methods work. The base name match allows you to use simpler keys in .security.yml
+even when your config uses indexed model names for load balancing.
+
+### Security File Permissions
+
+The security file should have restricted permissions:
+
+```bash
+chmod 600 ~/.picoclaw/.security.yml
+```
+
+This ensures only the owner can read and write the file.
+
+# Security Best Practices
+
+1. Never commit .security.yml to version control
+2. Set file permissions: chmod 600 ~/.picoclaw/.security.yml
+3. Use different keys for different environments
+4. Rotate keys regularly and update .security.yml
+5. Encrypt backups containing .security.yml
+
+# Troubleshooting
+
+## Error: "model security entry not found"
+- Check that the model name in config.json matches exactly in .security.yml
+- Verify the model_list section exists in .security.yml
+
+## Error: "failed to load security config"
+- Ensure .security.yml exists in the same directory as config.json
+- Check YAML syntax is valid
+- Verify file permissions allow reading
+
+## Error: "unknown reference path"
+- Verify the reference format is correct
+- Check the path structure matches the examples above
+- Ensure all required sections exist in .security.yml
+*/
+package config
+
+// This file is documentation only
diff --git a/pkg/config/migration.go b/pkg/config/migration.go
index 832d8bf17..fee800a76 100644
--- a/pkg/config/migration.go
+++ b/pkg/config/migration.go
@@ -6,10 +6,15 @@
package config
import (
+ "encoding/json"
"slices"
"strings"
)
+type migratable interface {
+ Migrate() (*Config, error)
+}
+
// buildModelWithProtocol constructs a model string with protocol prefix.
// If the model already contains a "/" (indicating it has a protocol prefix), it is returned as-is.
// Otherwise, the protocol prefix is added.
@@ -21,31 +26,31 @@ func buildModelWithProtocol(protocol, model string) string {
return protocol + "/" + model
}
-// providerMigrationConfig defines how to migrate a provider from old config to new format.
-type providerMigrationConfig struct {
- // providerNames are the possible names used in agents.defaults.provider
- providerNames []string
- // protocol is the protocol prefix for the model field
- protocol string
- // buildConfig creates the ModelConfig from ProviderConfig
- buildConfig func(p ProvidersConfig) (ModelConfig, bool)
-}
-
-// ConvertProvidersToModelList converts the old ProvidersConfig to a slice of ModelConfig.
+// v0ConvertProvidersToModelList converts the old providersConfigV0 to a slice of ModelConfig.
// This enables backward compatibility with existing configurations.
// It preserves the user's configured model from agents.defaults.model when possible.
-func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
+func v0ConvertProvidersToModelList(cfg *configV0) []modelConfigV0 {
if cfg == nil {
return nil
}
+ // providerMigrationConfig defines how to migrate a provider from old config to new format.
+ type providerMigrationConfig struct {
+ // providerNames are the possible names used in agents.defaults.provider
+ providerNames []string
+ // protocol is the protocol prefix for the model field
+ protocol string
+ // buildConfig creates the ModelConfig from ProviderConfig
+ buildConfig func(p providersConfigV0) (modelConfigV0, bool)
+ }
+
// Get user's configured provider and model
userProvider := strings.ToLower(cfg.Agents.Defaults.Provider)
userModel := cfg.Agents.Defaults.GetModelName()
p := cfg.Providers
- var result []ModelConfig
+ var result []modelConfigV0
// Track if we've applied the legacy model name fix (only for first provider)
legacyModelNameApplied := false
@@ -55,11 +60,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"openai", "gpt"},
protocol: "openai",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.OpenAI.APIKey == "" && p.OpenAI.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "openai",
Model: "openai/gpt-5.4",
APIKey: p.OpenAI.APIKey,
@@ -73,11 +78,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"anthropic", "claude"},
protocol: "anthropic",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.Anthropic.APIKey == "" && p.Anthropic.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "anthropic",
Model: "anthropic/claude-sonnet-4.6",
APIKey: p.Anthropic.APIKey,
@@ -91,11 +96,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"litellm"},
protocol: "litellm",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.LiteLLM.APIKey == "" && p.LiteLLM.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "litellm",
Model: "litellm/auto",
APIKey: p.LiteLLM.APIKey,
@@ -108,11 +113,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"openrouter"},
protocol: "openrouter",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.OpenRouter.APIKey == "" && p.OpenRouter.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "openrouter",
Model: "openrouter/auto",
APIKey: p.OpenRouter.APIKey,
@@ -125,11 +130,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"groq"},
protocol: "groq",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.Groq.APIKey == "" && p.Groq.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "groq",
Model: "groq/llama-3.1-70b-versatile",
APIKey: p.Groq.APIKey,
@@ -142,11 +147,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"zhipu", "glm"},
protocol: "zhipu",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.Zhipu.APIKey == "" && p.Zhipu.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "zhipu",
Model: "zhipu/glm-4",
APIKey: p.Zhipu.APIKey,
@@ -159,11 +164,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"vllm"},
protocol: "vllm",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.VLLM.APIKey == "" && p.VLLM.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "vllm",
Model: "vllm/auto",
APIKey: p.VLLM.APIKey,
@@ -176,11 +181,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"gemini", "google"},
protocol: "gemini",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.Gemini.APIKey == "" && p.Gemini.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "gemini",
Model: "gemini/gemini-pro",
APIKey: p.Gemini.APIKey,
@@ -193,11 +198,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"nvidia"},
protocol: "nvidia",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.Nvidia.APIKey == "" && p.Nvidia.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "nvidia",
Model: "nvidia/meta/llama-3.1-8b-instruct",
APIKey: p.Nvidia.APIKey,
@@ -210,11 +215,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"ollama"},
protocol: "ollama",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.Ollama.APIKey == "" && p.Ollama.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "ollama",
Model: "ollama/llama3",
APIKey: p.Ollama.APIKey,
@@ -227,11 +232,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"moonshot", "kimi"},
protocol: "moonshot",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.Moonshot.APIKey == "" && p.Moonshot.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "moonshot",
Model: "moonshot/kimi",
APIKey: p.Moonshot.APIKey,
@@ -244,11 +249,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"shengsuanyun"},
protocol: "shengsuanyun",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.ShengSuanYun.APIKey == "" && p.ShengSuanYun.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "shengsuanyun",
Model: "shengsuanyun/auto",
APIKey: p.ShengSuanYun.APIKey,
@@ -261,11 +266,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"deepseek"},
protocol: "deepseek",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.DeepSeek.APIKey == "" && p.DeepSeek.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "deepseek",
Model: "deepseek/deepseek-chat",
APIKey: p.DeepSeek.APIKey,
@@ -278,11 +283,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"cerebras"},
protocol: "cerebras",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.Cerebras.APIKey == "" && p.Cerebras.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "cerebras",
Model: "cerebras/llama-3.3-70b",
APIKey: p.Cerebras.APIKey,
@@ -295,11 +300,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"vivgrid"},
protocol: "vivgrid",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.Vivgrid.APIKey == "" && p.Vivgrid.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "vivgrid",
Model: "vivgrid/auto",
APIKey: p.Vivgrid.APIKey,
@@ -312,11 +317,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"volcengine", "doubao"},
protocol: "volcengine",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.VolcEngine.APIKey == "" && p.VolcEngine.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "volcengine",
Model: "volcengine/doubao-pro",
APIKey: p.VolcEngine.APIKey,
@@ -329,11 +334,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"github_copilot", "copilot"},
protocol: "github-copilot",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.GitHubCopilot.APIKey == "" && p.GitHubCopilot.APIBase == "" && p.GitHubCopilot.ConnectMode == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "github-copilot",
Model: "github-copilot/gpt-5.4",
APIBase: p.GitHubCopilot.APIBase,
@@ -344,11 +349,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"antigravity"},
protocol: "antigravity",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.Antigravity.APIKey == "" && p.Antigravity.AuthMethod == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "antigravity",
Model: "antigravity/gemini-2.0-flash",
APIKey: p.Antigravity.APIKey,
@@ -359,11 +364,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"qwen", "tongyi"},
protocol: "qwen",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.Qwen.APIKey == "" && p.Qwen.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "qwen",
Model: "qwen/qwen-max",
APIKey: p.Qwen.APIKey,
@@ -376,11 +381,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"mistral"},
protocol: "mistral",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.Mistral.APIKey == "" && p.Mistral.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "mistral",
Model: "mistral/mistral-small-latest",
APIKey: p.Mistral.APIKey,
@@ -393,11 +398,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"avian"},
protocol: "avian",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.Avian.APIKey == "" && p.Avian.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "avian",
Model: "avian/deepseek/deepseek-v3.2",
APIKey: p.Avian.APIKey,
@@ -410,11 +415,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"longcat"},
protocol: "longcat",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.LongCat.APIKey == "" && p.LongCat.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "longcat",
Model: "longcat/LongCat-Flash-Thinking",
APIKey: p.LongCat.APIKey,
@@ -427,11 +432,11 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
{
providerNames: []string{"modelscope"},
protocol: "modelscope",
- buildConfig: func(p ProvidersConfig) (ModelConfig, bool) {
+ buildConfig: func(p providersConfigV0) (modelConfigV0, bool) {
if p.ModelScope.APIKey == "" && p.ModelScope.APIBase == "" {
- return ModelConfig{}, false
+ return modelConfigV0{}, false
}
- return ModelConfig{
+ return modelConfigV0{
ModelName: "modelscope",
Model: "modelscope/Qwen/Qwen3-235B-A22B-Instruct-2507",
APIKey: p.ModelScope.APIKey,
@@ -469,83 +474,63 @@ func ConvertProvidersToModelList(cfg *Config) []ModelConfig {
return result
}
-// protocolProviderMapping maps a model protocol prefix (the part before "/" in
-// the Model field) to a function that extracts the corresponding ProviderConfig
-// from the legacy ProvidersConfig. Used by InheritProviderCredentials.
-var protocolProviderMapping = map[string]func(p ProvidersConfig) ProviderConfig{
- "openai": func(p ProvidersConfig) ProviderConfig { return p.OpenAI.ProviderConfig },
- "anthropic": func(p ProvidersConfig) ProviderConfig { return p.Anthropic },
- "litellm": func(p ProvidersConfig) ProviderConfig { return p.LiteLLM },
- "openrouter": func(p ProvidersConfig) ProviderConfig { return p.OpenRouter },
- "groq": func(p ProvidersConfig) ProviderConfig { return p.Groq },
- "zhipu": func(p ProvidersConfig) ProviderConfig { return p.Zhipu },
- "vllm": func(p ProvidersConfig) ProviderConfig { return p.VLLM },
- "gemini": func(p ProvidersConfig) ProviderConfig { return p.Gemini },
- "nvidia": func(p ProvidersConfig) ProviderConfig { return p.Nvidia },
- "ollama": func(p ProvidersConfig) ProviderConfig { return p.Ollama },
- "moonshot": func(p ProvidersConfig) ProviderConfig { return p.Moonshot },
- "shengsuanyun": func(p ProvidersConfig) ProviderConfig { return p.ShengSuanYun },
- "deepseek": func(p ProvidersConfig) ProviderConfig { return p.DeepSeek },
- "cerebras": func(p ProvidersConfig) ProviderConfig { return p.Cerebras },
- "vivgrid": func(p ProvidersConfig) ProviderConfig { return p.Vivgrid },
- "volcengine": func(p ProvidersConfig) ProviderConfig { return p.VolcEngine },
- "github-copilot": func(p ProvidersConfig) ProviderConfig { return p.GitHubCopilot },
- "antigravity": func(p ProvidersConfig) ProviderConfig { return p.Antigravity },
- "qwen": func(p ProvidersConfig) ProviderConfig { return p.Qwen },
- "mistral": func(p ProvidersConfig) ProviderConfig { return p.Mistral },
- "avian": func(p ProvidersConfig) ProviderConfig { return p.Avian },
- "minimax": func(p ProvidersConfig) ProviderConfig { return p.Minimax },
- "longcat": func(p ProvidersConfig) ProviderConfig { return p.LongCat },
- "modelscope": func(p ProvidersConfig) ProviderConfig { return p.ModelScope },
- "novita": func(p ProvidersConfig) ProviderConfig { return p.Novita },
-}
-
-// InheritProviderCredentials fills in missing api_key, api_base, proxy, and
-// request_timeout on model_list entries from the matching legacy providers
-// configuration. The match is determined by the protocol prefix in the Model
-// field (e.g. "deepseek/deepseek-chat" matches providers.deepseek).
-//
-// Only empty fields are filled — any value explicitly set on a model_list entry
-// takes precedence. This function modifies the slice in place.
-//
-// This bridges the gap described in issue #1635: users who configure
-// credentials once in the providers section expect model_list entries using
-// the same protocol to "just work" without duplicating credentials.
-func InheritProviderCredentials(models []ModelConfig, providers ProvidersConfig) {
- if providers.IsEmpty() {
- return
+// loadConfigV0 loads a legacy config (no version field)
+func loadConfigV0(data []byte) (migratable, error) {
+ var v0 configV0
+ if err := json.Unmarshal(data, &v0); err != nil {
+ return nil, err
}
- for i := range models {
- m := &models[i]
+ v0.migrateChannelConfigs()
- // Extract protocol prefix from Model field
- protocol := ""
- if idx := strings.Index(m.Model, "/"); idx > 0 {
- protocol = strings.ToLower(m.Model[:idx])
- }
- if protocol == "" {
- continue
- }
-
- getProvider, ok := protocolProviderMapping[protocol]
- if !ok {
- continue
- }
- pc := getProvider(providers)
-
- // Only fill empty fields — explicit model_list values win
- if m.APIKey == "" && pc.APIKey != "" {
- m.APIKey = pc.APIKey
- }
- if m.APIBase == "" && pc.APIBase != "" {
- m.APIBase = pc.APIBase
- }
- if m.Proxy == "" && pc.Proxy != "" {
- m.Proxy = pc.Proxy
- }
- if m.RequestTimeout == 0 && pc.RequestTimeout != 0 {
- m.RequestTimeout = pc.RequestTimeout
+ // Auto-migrate: if only legacy providers config exists, convert to model_list
+ if len(v0.ModelList) == 0 && !v0.Providers.IsEmpty() {
+ newModelList := v0ConvertProvidersToModelList(&v0)
+ // Convert []ModelConfig to []modelConfigV0
+ v0.ModelList = make([]modelConfigV0, len(newModelList))
+ for i, m := range newModelList {
+ v0.ModelList[i] = modelConfigV0{
+ ModelName: m.ModelName,
+ Model: m.Model,
+ APIBase: m.APIBase,
+ Proxy: m.Proxy,
+ Fallbacks: m.Fallbacks,
+ AuthMethod: m.AuthMethod,
+ ConnectMode: m.ConnectMode,
+ Workspace: m.Workspace,
+ RPM: m.RPM,
+ MaxTokensField: m.MaxTokensField,
+ RequestTimeout: m.RequestTimeout,
+ ThinkingLevel: m.ThinkingLevel,
+ APIKey: m.APIKey,
+ APIKeys: m.APIKeys,
+ }
}
}
+
+ return &v0, nil
+}
+
+// loadConfigV1 loads a version 1 config (current schema)
+func loadConfig(data []byte) (*Config, error) {
+ cfg := DefaultConfig()
+
+ // Pre-scan the JSON to check how many model_list entries the user provided.
+ // Go's JSON decoder reuses existing slice backing-array elements rather than
+ // zero-initializing them, so fields absent from the user's JSON (e.g. api_base)
+ // would silently inherit values from the DefaultConfig template at the same
+ // index position. We only reset cfg.ModelList when the user actually provides
+ // entries; when count is 0 we keep DefaultConfig's built-in list as fallback.
+ var tmp Config
+ if err := json.Unmarshal(data, &tmp); err != nil {
+ return nil, err
+ }
+ if len(tmp.ModelList) > 0 {
+ cfg.ModelList = nil
+ }
+
+ if err := json.Unmarshal(data, cfg); err != nil {
+ return nil, err
+ }
+ return cfg, nil
}
diff --git a/pkg/config/migration_integration_test.go b/pkg/config/migration_integration_test.go
new file mode 100644
index 000000000..c884a6b5d
--- /dev/null
+++ b/pkg/config/migration_integration_test.go
@@ -0,0 +1,568 @@
+// PicoClaw - Ultra-lightweight personal AI agent
+// License: MIT
+//
+// Copyright (c) 2026 PicoClaw contributors
+
+package config
+
+import (
+ "encoding/json"
+ "os"
+ "path/filepath"
+ "testing"
+)
+
+// TestMigration_Integration_LegacyConfigWithoutWorkspace tests the issue reported:
+// User configured Model and Provider but no Workspace - settings should not be lost
+func TestMigration_Integration_LegacyConfigWithoutWorkspace(t *testing.T) {
+ // Create a temporary directory for test config files
+ tmpDir := t.TempDir()
+ configPath := filepath.Join(tmpDir, "config.json")
+
+ // Create a legacy config (version 0) with Model and Provider but NO Workspace
+ // This simulates the real-world scenario where user settings would be lost
+ legacyConfig := `{
+ "agents": {
+ "defaults": {
+ "provider": "openai",
+ "model": "gpt-4o",
+ "max_tokens": 8192,
+ "temperature": 0.7
+ }
+ },
+ "channels": {
+ "telegram": {
+ "enabled": true,
+ "token": "test-token"
+ }
+ },
+ "gateway": {
+ "host": "127.0.0.1",
+ "port": 18790
+ },
+ "tools": {
+ "web": {
+ "enabled": true
+ }
+ },
+ "heartbeat": {
+ "enabled": true,
+ "interval": 30
+ },
+ "devices": {
+ "enabled": false
+ }
+ }`
+
+ if err := os.WriteFile(configPath, []byte(legacyConfig), 0o600); err != nil {
+ t.Fatalf("Failed to write legacy config: %v", err)
+ }
+
+ // Load the config - this should trigger migration
+ cfg, err := LoadConfig(configPath)
+ if err != nil {
+ t.Fatalf("LoadConfig failed: %v", err)
+ }
+
+ // Verify version is updated
+ if cfg.Version != CurrentVersion {
+ t.Errorf("Version = %d, want %d", cfg.Version, CurrentVersion)
+ }
+
+ // CRITICAL: Verify that user's settings are preserved
+ // This was the bug - these settings were lost when Workspace was empty
+ if cfg.Agents.Defaults.Provider != "openai" {
+ t.Errorf("Provider = %q, want %q (user's setting should be preserved)", cfg.Agents.Defaults.Provider, "openai")
+ }
+ // Old "model" field is migrated to "model_name" field
+ if cfg.Agents.Defaults.ModelName != "gpt-4o" {
+ t.Errorf(
+ "ModelName = %q, want %q (user's setting should be preserved)",
+ cfg.Agents.Defaults.ModelName, "gpt-4o",
+ )
+ }
+ // GetModelName() should also return the migrated value
+ if cfg.Agents.Defaults.GetModelName() != "gpt-4o" {
+ t.Errorf("GetModelName() = %q, want %q", cfg.Agents.Defaults.GetModelName(), "gpt-4o")
+ }
+ if cfg.Agents.Defaults.MaxTokens != 8192 {
+ t.Errorf("MaxTokens = %d, want %d", cfg.Agents.Defaults.MaxTokens, 8192)
+ }
+ if cfg.Agents.Defaults.Temperature == nil {
+ t.Error("Temperature should not be nil")
+ } else if *cfg.Agents.Defaults.Temperature != 0.7 {
+ t.Errorf("Temperature = %v, want %v", *cfg.Agents.Defaults.Temperature, 0.7)
+ }
+
+ // Verify Workspace has a default value (should not be empty)
+ if cfg.Agents.Defaults.Workspace == "" {
+ t.Error("Workspace should have a default value, not be empty")
+ }
+
+ // Verify other config sections are preserved
+ if !cfg.Channels.Telegram.Enabled {
+ t.Error("Telegram.Enabled should be true")
+ }
+ if cfg.Channels.Telegram.Token() != "test-token" {
+ t.Errorf("Telegram.Token = %q, want %q", cfg.Channels.Telegram.Token(), "test-token")
+ }
+ if cfg.Gateway.Port != 18790 {
+ t.Errorf("Gateway.Port = %d, want %d", cfg.Gateway.Port, 18790)
+ }
+}
+
+// TestMigration_Integration_LegacyConfigWithWorkspace tests migration with Workspace set
+func TestMigration_Integration_LegacyConfigWithWorkspace(t *testing.T) {
+ tmpDir := t.TempDir()
+ configPath := filepath.Join(tmpDir, "config.json")
+
+ legacyConfig := `{
+ "agents": {
+ "defaults": {
+ "workspace": "/custom/workspace",
+ "provider": "deepseek",
+ "model": "deepseek-chat",
+ "max_tokens": 16384
+ }
+ },
+ "channels": {
+ "telegram": {
+ "enabled": false
+ }
+ },
+ "gateway": {
+ "host": "0.0.0.0",
+ "port": 8080
+ },
+ "tools": {
+ "web": {
+ "enabled": false
+ }
+ },
+ "heartbeat": {
+ "enabled": false
+ },
+ "devices": {
+ "enabled": true
+ }
+ }`
+
+ if err := os.WriteFile(configPath, []byte(legacyConfig), 0o600); err != nil {
+ t.Fatalf("Failed to write legacy config: %v", err)
+ }
+
+ cfg, err := LoadConfig(configPath)
+ if err != nil {
+ t.Fatalf("LoadConfig failed: %v", err)
+ }
+
+ // All user settings should be preserved
+ if cfg.Agents.Defaults.Workspace != "/custom/workspace" {
+ t.Errorf("Workspace = %q, want %q", cfg.Agents.Defaults.Workspace, "/custom/workspace")
+ }
+ if cfg.Agents.Defaults.Provider != "deepseek" {
+ t.Errorf("Provider = %q, want %q", cfg.Agents.Defaults.Provider, "deepseek")
+ }
+ if cfg.Agents.Defaults.ModelName != "deepseek-chat" {
+ t.Errorf("ModelName = %q, want %q", cfg.Agents.Defaults.ModelName, "deepseek-chat")
+ }
+ if cfg.Agents.Defaults.MaxTokens != 16384 {
+ t.Errorf("MaxTokens = %d, want %d", cfg.Agents.Defaults.MaxTokens, 16384)
+ }
+
+ // Verify other settings
+ if cfg.Gateway.Port != 8080 {
+ t.Errorf("Gateway.Port = %d, want %d", cfg.Gateway.Port, 8080)
+ }
+ if !cfg.Devices.Enabled {
+ t.Error("Devices.Enabled should be true")
+ }
+}
+
+// TestMigration_Integration_PreservesAllAgentsFields tests that ALL Agents fields are preserved
+func TestMigration_Integration_PreservesAllAgentsFields(t *testing.T) {
+ tmpDir := t.TempDir()
+ configPath := filepath.Join(tmpDir, "config.json")
+
+ legacyConfig := `{
+ "agents": {
+ "defaults": {
+ "workspace": "",
+ "restrict_to_workspace": false,
+ "allow_read_outside_workspace": true,
+ "provider": "anthropic",
+ "model": "claude-opus-4",
+ "model_fallbacks": ["claude-sonnet-4", "claude-haiku-4"],
+ "image_model": "claude-opus-4-vision",
+ "image_model_fallbacks": ["claude-sonnet-4-vision"],
+ "max_tokens": 4096,
+ "temperature": 0.5,
+ "max_tool_iterations": 100,
+ "summarize_message_threshold": 30,
+ "summarize_token_percent": 80,
+ "max_media_size": 10485760
+ },
+ "list": [
+ {
+ "id": "special-agent",
+ "default": false,
+ "name": "Special Agent",
+ "workspace": "/special/workspace"
+ }
+ ]
+ },
+ "channels": {
+ "telegram": {"enabled": false}
+ },
+ "gateway": {
+ "host": "127.0.0.1",
+ "port": 18790
+ },
+ "tools": {
+ "web": {"enabled": true}
+ },
+ "heartbeat": {
+ "enabled": true,
+ "interval": 30
+ },
+ "devices": {
+ "enabled": false
+ }
+ }`
+
+ if err := os.WriteFile(configPath, []byte(legacyConfig), 0o600); err != nil {
+ t.Fatalf("Failed to write legacy config: %v", err)
+ }
+
+ cfg, err := LoadConfig(configPath)
+ if err != nil {
+ t.Fatalf("LoadConfig failed: %v", err)
+ }
+
+ // Verify ALL defaults fields are preserved
+ d := cfg.Agents.Defaults
+
+ if d.RestrictToWorkspace != false {
+ t.Errorf("RestrictToWorkspace = %v, want false", d.RestrictToWorkspace)
+ }
+ if d.AllowReadOutsideWorkspace != true {
+ t.Errorf("AllowReadOutsideWorkspace = %v, want true", d.AllowReadOutsideWorkspace)
+ }
+ if d.Provider != "anthropic" {
+ t.Errorf("Provider = %q, want %q", d.Provider, "anthropic")
+ }
+ if d.ModelName != "claude-opus-4" {
+ t.Errorf("ModelName = %q, want %q", d.ModelName, "claude-opus-4")
+ }
+ if len(d.ModelFallbacks) != 2 {
+ t.Errorf("len(ModelFallbacks) = %d, want 2", len(d.ModelFallbacks))
+ } else {
+ if d.ModelFallbacks[0] != "claude-sonnet-4" {
+ t.Errorf("ModelFallbacks[0] = %q, want %q", d.ModelFallbacks[0], "claude-sonnet-4")
+ }
+ if d.ModelFallbacks[1] != "claude-haiku-4" {
+ t.Errorf("ModelFallbacks[1] = %q, want %q", d.ModelFallbacks[1], "claude-haiku-4")
+ }
+ }
+ if d.ImageModel != "claude-opus-4-vision" {
+ t.Errorf("ImageModel = %q, want %q", d.ImageModel, "claude-opus-4-vision")
+ }
+ if len(d.ImageModelFallbacks) != 1 {
+ t.Errorf("len(ImageModelFallbacks) = %d, want 1", len(d.ImageModelFallbacks))
+ } else if d.ImageModelFallbacks[0] != "claude-sonnet-4-vision" {
+ t.Errorf("ImageModelFallbacks[0] = %q, want %q", d.ImageModelFallbacks[0], "claude-sonnet-4-vision")
+ }
+ if d.MaxTokens != 4096 {
+ t.Errorf("MaxTokens = %d, want %d", d.MaxTokens, 4096)
+ }
+ if d.Temperature == nil || *d.Temperature != 0.5 {
+ t.Errorf("Temperature = %v, want 0.5", d.Temperature)
+ }
+ if d.MaxToolIterations != 100 {
+ t.Errorf("MaxToolIterations = %d, want %d", d.MaxToolIterations, 100)
+ }
+ if d.SummarizeMessageThreshold != 30 {
+ t.Errorf("SummarizeMessageThreshold = %d, want %d", d.SummarizeMessageThreshold, 30)
+ }
+ if d.SummarizeTokenPercent != 80 {
+ t.Errorf("SummarizeTokenPercent = %d, want %d", d.SummarizeTokenPercent, 80)
+ }
+ if d.MaxMediaSize != 10485760 {
+ t.Errorf("MaxMediaSize = %d, want %d", d.MaxMediaSize, 10485760)
+ }
+
+ // Verify agent list is preserved
+ if len(cfg.Agents.List) != 1 {
+ t.Fatalf("len(Agents.List) = %d, want 1", len(cfg.Agents.List))
+ }
+ if cfg.Agents.List[0].ID != "special-agent" {
+ t.Errorf("Agent.ID = %q, want %q", cfg.Agents.List[0].ID, "special-agent")
+ }
+ if cfg.Agents.List[0].Workspace != "/special/workspace" {
+ t.Errorf("Agent.Workspace = %q, want %q", cfg.Agents.List[0].Workspace, "/special/workspace")
+ }
+
+ // Workspace should have default since it was empty in legacy config
+ if d.Workspace == "" {
+ t.Error("Workspace should have a default value, not be empty")
+ }
+}
+
+// TestMigration_Integration_ChannelsConfigMigrated tests channel config migration
+func TestMigration_Integration_ChannelsConfigMigrated(t *testing.T) {
+ tmpDir := t.TempDir()
+ configPath := filepath.Join(tmpDir, "config.json")
+
+ // Legacy config with old channel field formats
+ legacyConfig := `{
+ "agents": {
+ "defaults": {}
+ },
+ "channels": {
+ "discord": {
+ "enabled": true,
+ "token": "discord-token",
+ "mention_only": true
+ },
+ "onebot": {
+ "enabled": true,
+ "ws_url": "ws://127.0.0.1:3001",
+ "group_trigger_prefix": ["/", "!"]
+ }
+ },
+ "gateway": {
+ "host": "127.0.0.1",
+ "port": 18790
+ },
+ "tools": {
+ "web": {"enabled": true}
+ },
+ "heartbeat": {
+ "enabled": true,
+ "interval": 30
+ },
+ "devices": {
+ "enabled": false
+ }
+ }`
+
+ if err := os.WriteFile(configPath, []byte(legacyConfig), 0o600); err != nil {
+ t.Fatalf("Failed to write legacy config: %v", err)
+ }
+
+ cfg, err := LoadConfig(configPath)
+ if err != nil {
+ t.Fatalf("LoadConfig failed: %v", err)
+ }
+
+ // Discord: mention_only should be migrated to group_trigger.mention_only
+ if cfg.Channels.Discord.GroupTrigger.MentionOnly != true {
+ t.Error("Discord.GroupTrigger.MentionOnly should be true after migration")
+ }
+
+ // OneBot: group_trigger_prefix should be migrated to group_trigger.prefixes
+ if len(cfg.Channels.OneBot.GroupTrigger.Prefixes) != 2 {
+ t.Errorf("len(OneBot.GroupTrigger.Prefixes) = %d, want 2", len(cfg.Channels.OneBot.GroupTrigger.Prefixes))
+ } else {
+ if cfg.Channels.OneBot.GroupTrigger.Prefixes[0] != "/" {
+ t.Errorf("Prefixes[0] = %q, want %q", cfg.Channels.OneBot.GroupTrigger.Prefixes[0], "/")
+ }
+ if cfg.Channels.OneBot.GroupTrigger.Prefixes[1] != "!" {
+ t.Errorf("Prefixes[1] = %q, want %q", cfg.Channels.OneBot.GroupTrigger.Prefixes[1], "!")
+ }
+ }
+}
+
+// TestMigration_Integration_RoundTrip_SerializeAndLoad tests that migrated config can be saved and reloaded
+func TestMigration_Integration_RoundTrip_SerializeAndLoad(t *testing.T) {
+ tmpDir := t.TempDir()
+ configPath := filepath.Join(tmpDir, "config.json")
+
+ legacyConfig := `{
+ "agents": {
+ "defaults": {
+ "provider": "openai",
+ "model": "gpt-4o",
+ "max_tokens": 8192
+ }
+ },
+ "channels": {
+ "telegram": {
+ "enabled": true,
+ "token": "test-token"
+ }
+ },
+ "gateway": {
+ "host": "127.0.0.1",
+ "port": 18790
+ },
+ "tools": {
+ "web": {"enabled": true}
+ },
+ "heartbeat": {
+ "enabled": true,
+ "interval": 30
+ },
+ "devices": {
+ "enabled": false
+ }
+ }`
+
+ if err := os.WriteFile(configPath, []byte(legacyConfig), 0o600); err != nil {
+ t.Fatalf("Failed to write legacy config: %v", err)
+ }
+
+ // First load - triggers migration and saves
+ cfg1, err := LoadConfig(configPath)
+ if err != nil {
+ t.Fatalf("First LoadConfig failed: %v", err)
+ }
+
+ // Read the migrated config from disk
+ migratedData, err := os.ReadFile(configPath)
+ if err != nil {
+ t.Fatalf("Failed to read migrated config: %v", err)
+ }
+
+ // Verify it has the current version
+ var versionCheck struct {
+ Version int `json:"version"`
+ }
+ if err = json.Unmarshal(migratedData, &versionCheck); err != nil {
+ t.Fatalf("Failed to parse migrated config version: %v", err)
+ }
+ if versionCheck.Version != CurrentVersion {
+ t.Errorf("Migrated config version = %d, want %d", versionCheck.Version, CurrentVersion)
+ }
+
+ // Second load - should load the migrated config without changes
+ cfg2, err := LoadConfig(configPath)
+ if err != nil {
+ t.Fatalf("Second LoadConfig failed: %v", err)
+ }
+
+ // Verify configs are identical
+ if cfg2.Agents.Defaults.Provider != cfg1.Agents.Defaults.Provider {
+ t.Errorf("Provider changed from %q to %q", cfg1.Agents.Defaults.Provider, cfg2.Agents.Defaults.Provider)
+ }
+ if cfg2.Agents.Defaults.ModelName != cfg1.Agents.Defaults.ModelName {
+ t.Errorf("ModelName changed from %q to %q", cfg1.Agents.Defaults.ModelName, cfg2.Agents.Defaults.ModelName)
+ }
+ if cfg2.Agents.Defaults.MaxTokens != cfg1.Agents.Defaults.MaxTokens {
+ t.Errorf("MaxTokens changed from %d to %d", cfg1.Agents.Defaults.MaxTokens, cfg2.Agents.Defaults.MaxTokens)
+ }
+}
+
+// TestMigration_Integration_EmptyAgentsDefaults tests migration with completely empty agents config
+func TestMigration_Integration_EmptyAgentsDefaults(t *testing.T) {
+ tmpDir := t.TempDir()
+ configPath := filepath.Join(tmpDir, "config.json")
+
+ // Legacy config with empty agents defaults
+ legacyConfig := `{
+ "agents": {
+ "defaults": {}
+ },
+ "channels": {
+ "telegram": {"enabled": false}
+ },
+ "gateway": {
+ "host": "127.0.0.1",
+ "port": 18790
+ },
+ "tools": {
+ "web": {"enabled": true}
+ },
+ "heartbeat": {
+ "enabled": true,
+ "interval": 30
+ },
+ "devices": {
+ "enabled": false
+ }
+ }`
+
+ if err := os.WriteFile(configPath, []byte(legacyConfig), 0o600); err != nil {
+ t.Fatalf("Failed to write legacy config: %v", err)
+ }
+
+ cfg, err := LoadConfig(configPath)
+ if err != nil {
+ t.Fatalf("LoadConfig failed: %v", err)
+ }
+
+ // Workspace should have default value
+ if cfg.Agents.Defaults.Workspace == "" {
+ t.Error("Workspace should have a default value")
+ }
+
+ // Note: When fields are explicitly set in config (even to zero values),
+ // they override defaults. This is correct JSON unmarshaling behavior.
+ // Users should set values they want; defaults are for unspecified fields.
+ if cfg.Agents.Defaults.MaxTokens == 0 {
+ // This is expected when users don't set max_tokens in their config
+ // The zero value (0) from the legacy config is preserved
+ }
+ if cfg.Agents.Defaults.MaxToolIterations == 0 {
+ // Same as above - zero value is preserved if it was in the config
+ }
+}
+
+// TestMigration_Integration_ModelNameField tests migration using new model_name field
+func TestMigration_Integration_ModelNameField(t *testing.T) {
+ tmpDir := t.TempDir()
+ configPath := filepath.Join(tmpDir, "config.json")
+
+ // Legacy config using the new model_name field
+ legacyConfig := `{
+ "agents": {
+ "defaults": {
+ "provider": "deepseek",
+ "model_name": "deepseek-reasoner",
+ "model_fallbacks": ["deepseek-chat"]
+ }
+ },
+ "channels": {
+ "telegram": {"enabled": false}
+ },
+ "gateway": {
+ "host": "127.0.0.1",
+ "port": 18790
+ },
+ "tools": {
+ "web": {"enabled": true}
+ },
+ "heartbeat": {
+ "enabled": true,
+ "interval": 30
+ },
+ "devices": {
+ "enabled": false
+ }
+ }`
+
+ if err := os.WriteFile(configPath, []byte(legacyConfig), 0o600); err != nil {
+ t.Fatalf("Failed to write legacy config: %v", err)
+ }
+
+ cfg, err := LoadConfig(configPath)
+ if err != nil {
+ t.Fatalf("LoadConfig failed: %v", err)
+ }
+
+ // model_name field should be preserved
+ if cfg.Agents.Defaults.ModelName != "deepseek-reasoner" {
+ t.Errorf("ModelName = %q, want %q", cfg.Agents.Defaults.ModelName, "deepseek-reasoner")
+ }
+
+ // GetModelName() should return model_name, not model (deprecated)
+ if cfg.Agents.Defaults.GetModelName() != "deepseek-reasoner" {
+ t.Errorf("GetModelName() = %q, want %q", cfg.Agents.Defaults.GetModelName(), "deepseek-reasoner")
+ }
+
+ if len(cfg.Agents.Defaults.ModelFallbacks) != 1 {
+ t.Errorf("len(ModelFallbacks) = %d, want 1", len(cfg.Agents.Defaults.ModelFallbacks))
+ } else if cfg.Agents.Defaults.ModelFallbacks[0] != "deepseek-chat" {
+ t.Errorf("ModelFallbacks[0] = %q, want %q", cfg.Agents.Defaults.ModelFallbacks[0], "deepseek-chat")
+ }
+}
diff --git a/pkg/config/migration_test.go b/pkg/config/migration_test.go
index bea5b9034..aeabe9730 100644
--- a/pkg/config/migration_test.go
+++ b/pkg/config/migration_test.go
@@ -11,10 +11,10 @@ import (
)
func TestConvertProvidersToModelList_OpenAI(t *testing.T) {
- cfg := &Config{
- Providers: ProvidersConfig{
- OpenAI: OpenAIProviderConfig{
- ProviderConfig: ProviderConfig{
+ cfg := &configV0{
+ Providers: providersConfigV0{
+ OpenAI: openAIProviderConfigV0{
+ providerConfigV0: providerConfigV0{
APIKey: "sk-test-key",
APIBase: "https://custom.api.com/v1",
},
@@ -22,7 +22,7 @@ func TestConvertProvidersToModelList_OpenAI(t *testing.T) {
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 1 {
t.Fatalf("len(result) = %d, want 1", len(result))
@@ -40,16 +40,15 @@ func TestConvertProvidersToModelList_OpenAI(t *testing.T) {
}
func TestConvertProvidersToModelList_Anthropic(t *testing.T) {
- cfg := &Config{
- Providers: ProvidersConfig{
- Anthropic: ProviderConfig{
- APIKey: "ant-key",
+ cfg := &configV0{
+ Providers: providersConfigV0{
+ Anthropic: providerConfigV0{
APIBase: "https://custom.anthropic.com",
},
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 1 {
t.Fatalf("len(result) = %d, want 1", len(result))
@@ -64,16 +63,15 @@ func TestConvertProvidersToModelList_Anthropic(t *testing.T) {
}
func TestConvertProvidersToModelList_LiteLLM(t *testing.T) {
- cfg := &Config{
- Providers: ProvidersConfig{
- LiteLLM: ProviderConfig{
- APIKey: "litellm-key",
+ cfg := &configV0{
+ Providers: providersConfigV0{
+ LiteLLM: providerConfigV0{
APIBase: "http://localhost:4000/v1",
},
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 1 {
t.Fatalf("len(result) = %d, want 1", len(result))
@@ -91,15 +89,15 @@ func TestConvertProvidersToModelList_LiteLLM(t *testing.T) {
}
func TestConvertProvidersToModelList_Multiple(t *testing.T) {
- cfg := &Config{
- Providers: ProvidersConfig{
- OpenAI: OpenAIProviderConfig{ProviderConfig: ProviderConfig{APIKey: "openai-key"}},
- Groq: ProviderConfig{APIKey: "groq-key"},
- Zhipu: ProviderConfig{APIKey: "zhipu-key"},
+ cfg := &configV0{
+ Providers: providersConfigV0{
+ OpenAI: openAIProviderConfigV0{providerConfigV0: providerConfigV0{APIKey: "openai-key"}},
+ Groq: providerConfigV0{APIKey: "groq-key"},
+ Zhipu: providerConfigV0{APIKey: "zhipu-key"},
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 3 {
t.Fatalf("len(result) = %d, want 3", len(result))
@@ -119,11 +117,11 @@ func TestConvertProvidersToModelList_Multiple(t *testing.T) {
}
func TestConvertProvidersToModelList_Empty(t *testing.T) {
- cfg := &Config{
- Providers: ProvidersConfig{},
+ cfg := &configV0{
+ Providers: providersConfigV0{},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 0 {
t.Errorf("len(result) = %d, want 0", len(result))
@@ -131,7 +129,7 @@ func TestConvertProvidersToModelList_Empty(t *testing.T) {
}
func TestConvertProvidersToModelList_Nil(t *testing.T) {
- result := ConvertProvidersToModelList(nil)
+ result := v0ConvertProvidersToModelList(nil)
if result != nil {
t.Errorf("result = %v, want nil", result)
@@ -139,35 +137,38 @@ func TestConvertProvidersToModelList_Nil(t *testing.T) {
}
func TestConvertProvidersToModelList_AllProviders(t *testing.T) {
- cfg := &Config{
- Providers: ProvidersConfig{
- OpenAI: OpenAIProviderConfig{ProviderConfig: ProviderConfig{APIKey: "key1"}},
- LiteLLM: ProviderConfig{APIKey: "key-litellm", APIBase: "http://localhost:4000/v1"},
- Anthropic: ProviderConfig{APIKey: "key2"},
- OpenRouter: ProviderConfig{APIKey: "key3"},
- Groq: ProviderConfig{APIKey: "key4"},
- Zhipu: ProviderConfig{APIKey: "key5"},
- VLLM: ProviderConfig{APIKey: "key6"},
- Gemini: ProviderConfig{APIKey: "key7"},
- Nvidia: ProviderConfig{APIKey: "key8"},
- Ollama: ProviderConfig{APIKey: "key9"},
- Moonshot: ProviderConfig{APIKey: "key10"},
- ShengSuanYun: ProviderConfig{APIKey: "key11"},
- DeepSeek: ProviderConfig{APIKey: "key12"},
- Cerebras: ProviderConfig{APIKey: "key13"},
- Vivgrid: ProviderConfig{APIKey: "key14"},
- VolcEngine: ProviderConfig{APIKey: "key15"},
- GitHubCopilot: ProviderConfig{ConnectMode: "grpc"},
- Antigravity: ProviderConfig{AuthMethod: "oauth"},
- Qwen: ProviderConfig{APIKey: "key17"},
- Mistral: ProviderConfig{APIKey: "key18"},
- Avian: ProviderConfig{APIKey: "key19"},
- LongCat: ProviderConfig{APIKey: "key-longcat"},
- ModelScope: ProviderConfig{APIKey: "key-modelscope"},
+ // This test verifies that when providers have at least one configured field,
+ // they are converted. GitHubCopilot has ConnectMode set, Antigravity has AuthMethod.
+ // Other providers have no configuration, so they won't be converted.
+ cfg := &configV0{
+ Providers: providersConfigV0{
+ OpenAI: openAIProviderConfigV0{providerConfigV0: providerConfigV0{APIKey: "key1"}},
+ LiteLLM: providerConfigV0{APIKey: "key-litellm", APIBase: "http://localhost:4000/v1"},
+ Anthropic: providerConfigV0{APIKey: "key2"},
+ OpenRouter: providerConfigV0{APIKey: "key3"},
+ Groq: providerConfigV0{APIKey: "key4"},
+ Zhipu: providerConfigV0{APIKey: "key5"},
+ VLLM: providerConfigV0{APIKey: "key6"},
+ Gemini: providerConfigV0{APIKey: "key7"},
+ Nvidia: providerConfigV0{APIKey: "key8"},
+ Ollama: providerConfigV0{APIKey: "key9"},
+ Moonshot: providerConfigV0{APIKey: "key10"},
+ ShengSuanYun: providerConfigV0{APIKey: "key11"},
+ DeepSeek: providerConfigV0{APIKey: "key12"},
+ Cerebras: providerConfigV0{APIKey: "key13"},
+ Vivgrid: providerConfigV0{APIKey: "key14"},
+ VolcEngine: providerConfigV0{APIKey: "key15"},
+ GitHubCopilot: providerConfigV0{ConnectMode: "grpc"},
+ Antigravity: providerConfigV0{AuthMethod: "oauth"},
+ Qwen: providerConfigV0{APIKey: "key17"},
+ Mistral: providerConfigV0{APIKey: "key18"},
+ Avian: providerConfigV0{APIKey: "key19"},
+ LongCat: providerConfigV0{APIKey: "key-longcat"},
+ ModelScope: providerConfigV0{APIKey: "key-modelscope"},
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
// All 23 providers should be converted
if len(result) != 23 {
@@ -176,10 +177,10 @@ func TestConvertProvidersToModelList_AllProviders(t *testing.T) {
}
func TestConvertProvidersToModelList_Proxy(t *testing.T) {
- cfg := &Config{
- Providers: ProvidersConfig{
- OpenAI: OpenAIProviderConfig{
- ProviderConfig: ProviderConfig{
+ cfg := &configV0{
+ Providers: providersConfigV0{
+ OpenAI: openAIProviderConfigV0{
+ providerConfigV0: providerConfigV0{
APIKey: "key",
Proxy: "http://proxy:8080",
},
@@ -187,7 +188,7 @@ func TestConvertProvidersToModelList_Proxy(t *testing.T) {
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 1 {
t.Fatalf("len(result) = %d, want 1", len(result))
@@ -199,16 +200,16 @@ func TestConvertProvidersToModelList_Proxy(t *testing.T) {
}
func TestConvertProvidersToModelList_RequestTimeout(t *testing.T) {
- cfg := &Config{
- Providers: ProvidersConfig{
- Ollama: ProviderConfig{
- APIKey: "ollama-key",
+ cfg := &configV0{
+ Providers: providersConfigV0{
+ Ollama: providerConfigV0{
+ APIBase: "http://localhost:11434",
RequestTimeout: 300,
},
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 1 {
t.Fatalf("len(result) = %d, want 1", len(result))
@@ -220,17 +221,17 @@ func TestConvertProvidersToModelList_RequestTimeout(t *testing.T) {
}
func TestConvertProvidersToModelList_AuthMethod(t *testing.T) {
- cfg := &Config{
- Providers: ProvidersConfig{
- OpenAI: OpenAIProviderConfig{
- ProviderConfig: ProviderConfig{
+ cfg := &configV0{
+ Providers: providersConfigV0{
+ OpenAI: openAIProviderConfigV0{
+ providerConfigV0: providerConfigV0{
AuthMethod: "oauth",
},
},
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 0 {
t.Errorf("len(result) = %d, want 0 (AuthMethod alone should not create entry)", len(result))
@@ -240,19 +241,19 @@ func TestConvertProvidersToModelList_AuthMethod(t *testing.T) {
// Tests for preserving user's configured model during migration
func TestConvertProvidersToModelList_PreservesUserModel_DeepSeek(t *testing.T) {
- cfg := &Config{
- Agents: AgentsConfig{
- Defaults: AgentDefaults{
+ cfg := &configV0{
+ Agents: agentsConfigV0{
+ Defaults: agentDefaultsV0{
Provider: "deepseek",
Model: "deepseek-reasoner",
},
},
- Providers: ProvidersConfig{
- DeepSeek: ProviderConfig{APIKey: "sk-deepseek"},
+ Providers: providersConfigV0{
+ DeepSeek: providerConfigV0{APIKey: "sk-deepseek"},
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 1 {
t.Fatalf("len(result) = %d, want 1", len(result))
@@ -265,19 +266,19 @@ func TestConvertProvidersToModelList_PreservesUserModel_DeepSeek(t *testing.T) {
}
func TestConvertProvidersToModelList_PreservesUserModel_OpenAI(t *testing.T) {
- cfg := &Config{
- Agents: AgentsConfig{
- Defaults: AgentDefaults{
+ cfg := &configV0{
+ Agents: agentsConfigV0{
+ Defaults: agentDefaultsV0{
Provider: "openai",
Model: "gpt-4-turbo",
},
},
- Providers: ProvidersConfig{
- OpenAI: OpenAIProviderConfig{ProviderConfig: ProviderConfig{APIKey: "sk-openai"}},
+ Providers: providersConfigV0{
+ OpenAI: openAIProviderConfigV0{providerConfigV0: providerConfigV0{APIKey: "sk-openai"}},
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 1 {
t.Fatalf("len(result) = %d, want 1", len(result))
@@ -289,19 +290,19 @@ func TestConvertProvidersToModelList_PreservesUserModel_OpenAI(t *testing.T) {
}
func TestConvertProvidersToModelList_PreservesUserModel_Anthropic(t *testing.T) {
- cfg := &Config{
- Agents: AgentsConfig{
- Defaults: AgentDefaults{
+ cfg := &configV0{
+ Agents: agentsConfigV0{
+ Defaults: agentDefaultsV0{
Provider: "claude", // alternative name
Model: "claude-opus-4-20250514",
},
},
- Providers: ProvidersConfig{
- Anthropic: ProviderConfig{APIKey: "sk-ant"},
+ Providers: providersConfigV0{
+ Anthropic: providerConfigV0{APIKey: "sk-ant"},
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 1 {
t.Fatalf("len(result) = %d, want 1", len(result))
@@ -313,19 +314,19 @@ func TestConvertProvidersToModelList_PreservesUserModel_Anthropic(t *testing.T)
}
func TestConvertProvidersToModelList_PreservesUserModel_Qwen(t *testing.T) {
- cfg := &Config{
- Agents: AgentsConfig{
- Defaults: AgentDefaults{
+ cfg := &configV0{
+ Agents: agentsConfigV0{
+ Defaults: agentDefaultsV0{
Provider: "qwen",
Model: "qwen-plus",
},
},
- Providers: ProvidersConfig{
- Qwen: ProviderConfig{APIKey: "sk-qwen"},
+ Providers: providersConfigV0{
+ Qwen: providerConfigV0{APIKey: "sk-qwen"},
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 1 {
t.Fatalf("len(result) = %d, want 1", len(result))
@@ -337,19 +338,19 @@ func TestConvertProvidersToModelList_PreservesUserModel_Qwen(t *testing.T) {
}
func TestConvertProvidersToModelList_UsesDefaultWhenNoUserModel(t *testing.T) {
- cfg := &Config{
- Agents: AgentsConfig{
- Defaults: AgentDefaults{
+ cfg := &configV0{
+ Agents: agentsConfigV0{
+ Defaults: agentDefaultsV0{
Provider: "deepseek",
Model: "", // no model specified
},
},
- Providers: ProvidersConfig{
- DeepSeek: ProviderConfig{APIKey: "sk-deepseek"},
+ Providers: providersConfigV0{
+ DeepSeek: providerConfigV0{APIKey: "sk-deepseek"},
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 1 {
t.Fatalf("len(result) = %d, want 1", len(result))
@@ -362,20 +363,20 @@ func TestConvertProvidersToModelList_UsesDefaultWhenNoUserModel(t *testing.T) {
}
func TestConvertProvidersToModelList_MultipleProviders_PreservesUserModel(t *testing.T) {
- cfg := &Config{
- Agents: AgentsConfig{
- Defaults: AgentDefaults{
+ cfg := &configV0{
+ Agents: agentsConfigV0{
+ Defaults: agentDefaultsV0{
Provider: "deepseek",
Model: "deepseek-reasoner",
},
},
- Providers: ProvidersConfig{
- OpenAI: OpenAIProviderConfig{ProviderConfig: ProviderConfig{APIKey: "sk-openai"}},
- DeepSeek: ProviderConfig{APIKey: "sk-deepseek"},
+ Providers: providersConfigV0{
+ OpenAI: openAIProviderConfigV0{providerConfigV0: providerConfigV0{APIKey: "sk-openai"}},
+ DeepSeek: providerConfigV0{APIKey: "sk-deepseek"},
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 2 {
t.Fatalf("len(result) = %d, want 2", len(result))
@@ -400,20 +401,20 @@ func TestConvertProvidersToModelList_ProviderNameAliases(t *testing.T) {
tests := []struct {
providerAlias string
expectedModel string
- provider ProviderConfig
+ provider providerConfigV0
}{
- {"gpt", "openai/gpt-4-custom", ProviderConfig{APIKey: "key"}},
- {"claude", "anthropic/claude-custom", ProviderConfig{APIKey: "key"}},
- {"doubao", "volcengine/doubao-custom", ProviderConfig{APIKey: "key"}},
- {"tongyi", "qwen/qwen-custom", ProviderConfig{APIKey: "key"}},
- {"kimi", "moonshot/kimi-custom", ProviderConfig{APIKey: "key"}},
+ {"gpt", "openai/gpt-4-custom", providerConfigV0{APIKey: "key"}},
+ {"claude", "anthropic/claude-custom", providerConfigV0{APIKey: "key"}},
+ {"doubao", "volcengine/doubao-custom", providerConfigV0{APIKey: "key"}},
+ {"tongyi", "qwen/qwen-custom", providerConfigV0{APIKey: "key"}},
+ {"kimi", "moonshot/kimi-custom", providerConfigV0{APIKey: "key"}},
}
for _, tt := range tests {
t.Run(tt.providerAlias, func(t *testing.T) {
- cfg := &Config{
- Agents: AgentsConfig{
- Defaults: AgentDefaults{
+ cfg := &configV0{
+ Agents: agentsConfigV0{
+ Defaults: agentDefaultsV0{
Provider: tt.providerAlias,
Model: strings.TrimPrefix(
tt.expectedModel,
@@ -421,13 +422,13 @@ func TestConvertProvidersToModelList_ProviderNameAliases(t *testing.T) {
),
},
},
- Providers: ProvidersConfig{},
+ Providers: providersConfigV0{},
}
// Set the appropriate provider config
switch tt.providerAlias {
case "gpt":
- cfg.Providers.OpenAI = OpenAIProviderConfig{ProviderConfig: tt.provider}
+ cfg.Providers.OpenAI = openAIProviderConfigV0{providerConfigV0: tt.provider}
case "claude":
cfg.Providers.Anthropic = tt.provider
case "doubao":
@@ -444,7 +445,7 @@ func TestConvertProvidersToModelList_ProviderNameAliases(t *testing.T) {
tt.expectedModel[:strings.Index(tt.expectedModel, "/")+1],
)
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 1 {
t.Fatalf("len(result) = %d, want 1", len(result))
}
@@ -466,19 +467,21 @@ func TestConvertProvidersToModelList_NoProviderField_SingleProvider(t *testing.T
// - No provider field set
// - model = "glm-4.7"
// - Only zhipu has API key configured
- cfg := &Config{
- Agents: AgentsConfig{
- Defaults: AgentDefaults{
+ cfg := &configV0{
+ Agents: agentsConfigV0{
+ Defaults: agentDefaultsV0{
Provider: "", // Not set
Model: "glm-4.7",
},
},
- Providers: ProvidersConfig{
- Zhipu: ProviderConfig{APIKey: "test-zhipu-key"},
+ Providers: providersConfigV0{
+ Zhipu: providerConfigV0{
+ APIKey: "test-zhipu-key",
+ },
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 1 {
t.Fatalf("len(result) = %d, want 1", len(result))
@@ -499,20 +502,20 @@ func TestConvertProvidersToModelList_NoProviderField_MultipleProviders(t *testin
// When multiple providers are configured but no provider field is set,
// the FIRST provider (in migration order) will use userModel as ModelName
// for backward compatibility with legacy implicit provider selection
- cfg := &Config{
- Agents: AgentsConfig{
- Defaults: AgentDefaults{
+ cfg := &configV0{
+ Agents: agentsConfigV0{
+ Defaults: agentDefaultsV0{
Provider: "", // Not set
Model: "some-model",
},
},
- Providers: ProvidersConfig{
- OpenAI: OpenAIProviderConfig{ProviderConfig: ProviderConfig{APIKey: "openai-key"}},
- Zhipu: ProviderConfig{APIKey: "zhipu-key"},
+ Providers: providersConfigV0{
+ OpenAI: openAIProviderConfigV0{providerConfigV0: providerConfigV0{APIKey: "openai-key"}},
+ Zhipu: providerConfigV0{APIKey: "zhipu-key"},
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 2 {
t.Fatalf("len(result) = %d, want 2", len(result))
@@ -532,19 +535,19 @@ func TestConvertProvidersToModelList_NoProviderField_MultipleProviders(t *testin
func TestConvertProvidersToModelList_NoProviderField_NoModel(t *testing.T) {
// Edge case: no provider, no model
- cfg := &Config{
- Agents: AgentsConfig{
- Defaults: AgentDefaults{
+ cfg := &configV0{
+ Agents: agentsConfigV0{
+ Defaults: agentDefaultsV0{
Provider: "",
Model: "",
},
},
- Providers: ProvidersConfig{
- Zhipu: ProviderConfig{APIKey: "zhipu-key"},
+ Providers: providersConfigV0{
+ Zhipu: providerConfigV0{APIKey: "zhipu-key"},
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) != 1 {
t.Fatalf("len(result) = %d, want 1", len(result))
@@ -585,19 +588,19 @@ func TestBuildModelWithProtocol_DifferentPrefix(t *testing.T) {
// Test for legacy config with protocol prefix in model name
func TestConvertProvidersToModelList_LegacyModelWithProtocolPrefix(t *testing.T) {
- cfg := &Config{
- Agents: AgentsConfig{
- Defaults: AgentDefaults{
+ cfg := &configV0{
+ Agents: agentsConfigV0{
+ Defaults: agentDefaultsV0{
Provider: "", // No explicit provider
Model: "openrouter/auto", // Model already has protocol prefix
},
},
- Providers: ProvidersConfig{
- OpenRouter: ProviderConfig{APIKey: "sk-or-test"},
+ Providers: providersConfigV0{
+ OpenRouter: providerConfigV0{APIKey: "sk-or-test"},
},
}
- result := ConvertProvidersToModelList(cfg)
+ result := v0ConvertProvidersToModelList(cfg)
if len(result) < 1 {
t.Fatalf("len(result) = %d, want at least 1", len(result))
@@ -613,143 +616,3 @@ func TestConvertProvidersToModelList_LegacyModelWithProtocolPrefix(t *testing.T)
t.Errorf("Model = %q, want %q (should not duplicate prefix)", result[0].Model, "openrouter/auto")
}
}
-
-// ---------- InheritProviderCredentials tests ----------
-
-func TestInheritProviderCredentials_FillsMissingAPIKey(t *testing.T) {
- models := []ModelConfig{
- {ModelName: "my-deepseek", Model: "deepseek/deepseek-chat"},
- }
- providers := ProvidersConfig{
- DeepSeek: ProviderConfig{
- APIKey: "sk-deepseek-from-providers",
- APIBase: "https://api.deepseek.com/v1",
- },
- }
-
- InheritProviderCredentials(models, providers)
-
- if models[0].APIKey != "sk-deepseek-from-providers" {
- t.Errorf("APIKey = %q, want %q", models[0].APIKey, "sk-deepseek-from-providers")
- }
- if models[0].APIBase != "https://api.deepseek.com/v1" {
- t.Errorf("APIBase = %q, want %q", models[0].APIBase, "https://api.deepseek.com/v1")
- }
-}
-
-func TestInheritProviderCredentials_ExplicitValuesTakePrecedence(t *testing.T) {
- models := []ModelConfig{
- {
- ModelName: "my-openai",
- Model: "openai/gpt-5.4",
- APIKey: "sk-explicit-model-key",
- APIBase: "https://my-custom-endpoint.com/v1",
- },
- }
- providers := ProvidersConfig{
- OpenAI: OpenAIProviderConfig{
- ProviderConfig: ProviderConfig{
- APIKey: "sk-provider-key",
- APIBase: "https://api.openai.com/v1",
- },
- },
- }
-
- InheritProviderCredentials(models, providers)
-
- if models[0].APIKey != "sk-explicit-model-key" {
- t.Errorf("APIKey = %q, want %q (explicit should win)", models[0].APIKey, "sk-explicit-model-key")
- }
- if models[0].APIBase != "https://my-custom-endpoint.com/v1" {
- t.Errorf("APIBase = %q, want %q (explicit should win)", models[0].APIBase, "https://my-custom-endpoint.com/v1")
- }
-}
-
-func TestInheritProviderCredentials_MultipleModels(t *testing.T) {
- models := []ModelConfig{
- {ModelName: "groq-llama", Model: "groq/llama-3.1-70b"},
- {ModelName: "zhipu-glm", Model: "zhipu/glm-4"},
- {ModelName: "custom-openai", Model: "openai/gpt-5.4", APIKey: "sk-already-set"},
- }
- providers := ProvidersConfig{
- Groq: ProviderConfig{APIKey: "gsk-groq-key", Proxy: "http://proxy:8080"},
- Zhipu: ProviderConfig{APIKey: "zhipu-key-123", APIBase: "https://zhipu.example.com"},
- OpenAI: OpenAIProviderConfig{
- ProviderConfig: ProviderConfig{APIKey: "sk-should-not-override"},
- },
- }
-
- InheritProviderCredentials(models, providers)
-
- // groq model should inherit
- if models[0].APIKey != "gsk-groq-key" {
- t.Errorf("groq APIKey = %q, want %q", models[0].APIKey, "gsk-groq-key")
- }
- if models[0].Proxy != "http://proxy:8080" {
- t.Errorf("groq Proxy = %q, want %q", models[0].Proxy, "http://proxy:8080")
- }
-
- // zhipu model should inherit
- if models[1].APIKey != "zhipu-key-123" {
- t.Errorf("zhipu APIKey = %q, want %q", models[1].APIKey, "zhipu-key-123")
- }
- if models[1].APIBase != "https://zhipu.example.com" {
- t.Errorf("zhipu APIBase = %q, want %q", models[1].APIBase, "https://zhipu.example.com")
- }
-
- // openai model already has key — should NOT be overridden
- if models[2].APIKey != "sk-already-set" {
- t.Errorf("openai APIKey = %q, want %q (should not be overridden)", models[2].APIKey, "sk-already-set")
- }
-}
-
-func TestInheritProviderCredentials_NoMatchingProvider(t *testing.T) {
- models := []ModelConfig{
- {ModelName: "my-model", Model: "novelai/some-model"},
- }
- providers := ProvidersConfig{
- DeepSeek: ProviderConfig{APIKey: "sk-deepseek"},
- }
-
- InheritProviderCredentials(models, providers)
-
- // No matching provider for "novelai" protocol — should stay empty
- if models[0].APIKey != "" {
- t.Errorf("APIKey = %q, want empty (no matching provider)", models[0].APIKey)
- }
-}
-
-func TestInheritProviderCredentials_EmptyProviders(t *testing.T) {
- models := []ModelConfig{
- {ModelName: "my-model", Model: "openai/gpt-5.4"},
- }
- providers := ProvidersConfig{} // all empty
-
- InheritProviderCredentials(models, providers)
-
- // Empty providers — nothing to inherit
- if models[0].APIKey != "" {
- t.Errorf("APIKey = %q, want empty", models[0].APIKey)
- }
-}
-
-func TestInheritProviderCredentials_InheritsRequestTimeout(t *testing.T) {
- models := []ModelConfig{
- {ModelName: "my-ollama", Model: "ollama/llama3.2:3b"},
- }
- providers := ProvidersConfig{
- Ollama: ProviderConfig{
- APIBase: "http://localhost:11434",
- RequestTimeout: 120,
- },
- }
-
- InheritProviderCredentials(models, providers)
-
- if models[0].APIBase != "http://localhost:11434" {
- t.Errorf("APIBase = %q, want %q", models[0].APIBase, "http://localhost:11434")
- }
- if models[0].RequestTimeout != 120 {
- t.Errorf("RequestTimeout = %d, want 120", models[0].RequestTimeout)
- }
-}
diff --git a/pkg/config/model_config_test.go b/pkg/config/model_config_test.go
index 9bc600ed9..3252d2f26 100644
--- a/pkg/config/model_config_test.go
+++ b/pkg/config/model_config_test.go
@@ -13,12 +13,20 @@ import (
)
func TestGetModelConfig_Found(t *testing.T) {
- cfg := &Config{
- ModelList: []ModelConfig{
- {ModelName: "test-model", Model: "openai/gpt-4o", APIKey: "key1"},
- {ModelName: "other-model", Model: "anthropic/claude", APIKey: "key2"},
+ cfg := (&Config{
+ Version: CurrentVersion,
+ ModelList: []*ModelConfig{
+ {ModelName: "test-model", Model: "openai/gpt-4o"},
+ {ModelName: "other-model", Model: "anthropic/claude"},
},
- }
+ }).WithSecurity(&SecurityConfig{ModelList: map[string]ModelSecurityEntry{
+ "test-model:0": {
+ APIKeys: []string{"key1"},
+ },
+ "other-model:0": {
+ APIKeys: []string{"key2"},
+ },
+ }})
result, err := cfg.GetModelConfig("test-model")
if err != nil {
@@ -30,11 +38,17 @@ func TestGetModelConfig_Found(t *testing.T) {
}
func TestGetModelConfig_NotFound(t *testing.T) {
- cfg := &Config{
- ModelList: []ModelConfig{
- {ModelName: "test-model", Model: "openai/gpt-4o", APIKey: "key1"},
+ cfg := (&Config{
+ ModelList: []*ModelConfig{
+ {ModelName: "test-model", Model: "openai/gpt-4o"},
},
- }
+ }).WithSecurity(&SecurityConfig{
+ ModelList: map[string]ModelSecurityEntry{
+ "test-model:0": {
+ APIKeys: []string{"key1"},
+ },
+ },
+ })
_, err := cfg.GetModelConfig("nonexistent")
if err == nil {
@@ -44,7 +58,7 @@ func TestGetModelConfig_NotFound(t *testing.T) {
func TestGetModelConfig_EmptyList(t *testing.T) {
cfg := &Config{
- ModelList: []ModelConfig{},
+ ModelList: []*ModelConfig{},
}
_, err := cfg.GetModelConfig("any-model")
@@ -54,13 +68,25 @@ func TestGetModelConfig_EmptyList(t *testing.T) {
}
func TestGetModelConfig_RoundRobin(t *testing.T) {
- cfg := &Config{
- ModelList: []ModelConfig{
- {ModelName: "lb-model", Model: "openai/gpt-4o-1", APIKey: "key1"},
- {ModelName: "lb-model", Model: "openai/gpt-4o-2", APIKey: "key2"},
- {ModelName: "lb-model", Model: "openai/gpt-4o-3", APIKey: "key3"},
+ cfg := (&Config{
+ ModelList: []*ModelConfig{
+ {ModelName: "lb-model", Model: "openai/gpt-4o-1"},
+ {ModelName: "lb-model", Model: "openai/gpt-4o-2"},
+ {ModelName: "lb-model", Model: "openai/gpt-4o-3"},
},
- }
+ }).WithSecurity(&SecurityConfig{
+ ModelList: map[string]ModelSecurityEntry{
+ "lb-model:0": {
+ APIKeys: []string{"key1"},
+ },
+ "lb-model:1": {
+ APIKeys: []string{"key2"},
+ },
+ "lb-model:2": {
+ APIKeys: []string{"key3"},
+ },
+ },
+ })
// Test round-robin distribution
results := make(map[string]int)
@@ -84,10 +110,10 @@ func TestGetModelConfig_RoundRobinStartsFromFirstMatch(t *testing.T) {
rrCounter.Store(0)
cfg := &Config{
- ModelList: []ModelConfig{
- {ModelName: "lb-model", Model: "openai/gpt-4o-1", APIKey: "key1"},
- {ModelName: "lb-model", Model: "openai/gpt-4o-2", APIKey: "key2"},
- {ModelName: "lb-model", Model: "openai/gpt-4o-3", APIKey: "key3"},
+ ModelList: []*ModelConfig{
+ {ModelName: "lb-model", Model: "openai/gpt-4o-1", apiKeys: []string{"key1"}},
+ {ModelName: "lb-model", Model: "openai/gpt-4o-2", apiKeys: []string{"key2"}},
+ {ModelName: "lb-model", Model: "openai/gpt-4o-3", apiKeys: []string{"key3"}},
},
}
@@ -112,9 +138,9 @@ func TestGetModelConfig_RoundRobinStartsFromFirstMatch(t *testing.T) {
func TestGetModelConfig_Concurrent(t *testing.T) {
cfg := &Config{
- ModelList: []ModelConfig{
- {ModelName: "concurrent-model", Model: "openai/gpt-4o-1", APIKey: "key1"},
- {ModelName: "concurrent-model", Model: "openai/gpt-4o-2", APIKey: "key2"},
+ ModelList: []*ModelConfig{
+ {ModelName: "concurrent-model", Model: "openai/gpt-4o-1", apiKeys: []string{"key1"}},
+ {ModelName: "concurrent-model", Model: "openai/gpt-4o-2", apiKeys: []string{"key2"}},
},
}
@@ -143,39 +169,7 @@ func TestGetModelConfig_Concurrent(t *testing.T) {
}
}
-func TestAgentDefaults_GetModelName_BackwardCompat(t *testing.T) {
- tests := []struct {
- name string
- defaults AgentDefaults
- wantName string
- }{
- {
- name: "new model_name field only",
- defaults: AgentDefaults{ModelName: "new-model"},
- wantName: "new-model",
- },
- {
- name: "old model field only",
- defaults: AgentDefaults{Model: "legacy-model"},
- wantName: "legacy-model",
- },
- {
- name: "both fields - model_name takes precedence",
- defaults: AgentDefaults{ModelName: "new-model", Model: "old-model"},
- wantName: "new-model",
- },
- }
-
- for _, tt := range tests {
- t.Run(tt.name, func(t *testing.T) {
- if got := tt.defaults.GetModelName(); got != tt.wantName {
- t.Errorf("GetModelName() = %q, want %q", got, tt.wantName)
- }
- })
- }
-}
-
-func TestAgentDefaults_JSON_BackwardCompat(t *testing.T) {
+func TestAgentDefaultsV0_JSON_BackwardCompat(t *testing.T) {
tests := []struct {
name string
json string
@@ -200,7 +194,7 @@ func TestAgentDefaults_JSON_BackwardCompat(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
- var defaults AgentDefaults
+ var defaults agentDefaultsV0
if err := json.Unmarshal([]byte(tt.json), &defaults); err != nil {
t.Fatalf("Unmarshal error: %v", err)
}
@@ -211,69 +205,6 @@ func TestAgentDefaults_JSON_BackwardCompat(t *testing.T) {
}
}
-func TestFullConfig_JSON_BackwardCompat(t *testing.T) {
- // Test complete config with both old and new formats
- oldFormat := `{
- "agents": {
- "defaults": {
- "workspace": "~/.picoclaw/workspace",
- "model": "gpt4",
- "max_tokens": 4096
- }
- },
- "model_list": [
- {
- "model_name": "gpt4",
- "model": "openai/gpt-4o",
- "api_key": "test-key"
- }
- ]
- }`
-
- newFormat := `{
- "agents": {
- "defaults": {
- "workspace": "~/.picoclaw/workspace",
- "model_name": "gpt4",
- "max_tokens": 4096
- }
- },
- "model_list": [
- {
- "model_name": "gpt4",
- "model": "openai/gpt-4o",
- "api_key": "test-key"
- }
- ]
- }`
-
- for name, jsonStr := range map[string]string{
- "old format (model)": oldFormat,
- "new format (model_name)": newFormat,
- } {
- t.Run(name, func(t *testing.T) {
- cfg := &Config{}
- if err := json.Unmarshal([]byte(jsonStr), cfg); err != nil {
- t.Fatalf("Unmarshal error: %v", err)
- }
-
- // Check that GetModelName returns correct value
- if got := cfg.Agents.Defaults.GetModelName(); got != "gpt4" {
- t.Errorf("GetModelName() = %q, want %q", got, "gpt4")
- }
-
- // Check that GetModelConfig works
- modelCfg, err := cfg.GetModelConfig("gpt4")
- if err != nil {
- t.Fatalf("GetModelConfig error: %v", err)
- }
- if modelCfg.Model != "openai/gpt-4o" {
- t.Errorf("Model = %q, want %q", modelCfg.Model, "openai/gpt-4o")
- }
- })
- }
-}
-
func TestModelConfig_Validate(t *testing.T) {
tests := []struct {
name string
@@ -329,7 +260,7 @@ func TestConfig_ValidateModelList(t *testing.T) {
{
name: "valid list",
config: &Config{
- ModelList: []ModelConfig{
+ ModelList: []*ModelConfig{
{ModelName: "test1", Model: "openai/gpt-4o"},
{ModelName: "test2", Model: "anthropic/claude"},
},
@@ -339,7 +270,7 @@ func TestConfig_ValidateModelList(t *testing.T) {
{
name: "invalid entry",
config: &Config{
- ModelList: []ModelConfig{
+ ModelList: []*ModelConfig{
{ModelName: "test1", Model: "openai/gpt-4o"},
{ModelName: "", Model: "anthropic/claude"}, // missing model_name
},
@@ -350,7 +281,7 @@ func TestConfig_ValidateModelList(t *testing.T) {
{
name: "empty list",
config: &Config{
- ModelList: []ModelConfig{},
+ ModelList: []*ModelConfig{},
},
wantErr: false,
},
@@ -358,10 +289,7 @@ func TestConfig_ValidateModelList(t *testing.T) {
// Load balancing: multiple entries with same model_name are allowed
name: "duplicate model_name for load balancing",
config: &Config{
- ModelList: []ModelConfig{
- {ModelName: "gpt-4", Model: "openai/gpt-4o", APIKey: "key1"},
- {ModelName: "gpt-4", Model: "openai/gpt-4-turbo", APIKey: "key2"},
- },
+ ModelList: []*ModelConfig{},
},
wantErr: false, // Changed: duplicates are allowed for load balancing
},
@@ -369,7 +297,7 @@ func TestConfig_ValidateModelList(t *testing.T) {
// Load balancing: non-adjacent entries with same model_name are also allowed
name: "duplicate model_name non-adjacent for load balancing",
config: &Config{
- ModelList: []ModelConfig{
+ ModelList: []*ModelConfig{
{ModelName: "model-a", Model: "openai/gpt-4o"},
{ModelName: "model-b", Model: "anthropic/claude"},
{ModelName: "model-a", Model: "openai/gpt-4-turbo"},
diff --git a/pkg/config/multikey_test.go b/pkg/config/multikey_test.go
index b899b991c..cc529905c 100644
--- a/pkg/config/multikey_test.go
+++ b/pkg/config/multikey_test.go
@@ -5,15 +5,15 @@ import (
)
func TestExpandMultiKeyModels_SingleKey(t *testing.T) {
- models := []ModelConfig{
+ models := []*ModelConfig{
{
ModelName: "gpt-4",
Model: "openai/gpt-4o",
- APIKey: "single-key",
+ apiKeys: []string{"single-key"},
},
}
- result := ExpandMultiKeyModels(models)
+ result := expandMultiKeyModels(models)
if len(result) != 1 {
t.Fatalf("expected 1 model, got %d", len(result))
@@ -23,8 +23,8 @@ func TestExpandMultiKeyModels_SingleKey(t *testing.T) {
t.Errorf("expected model_name 'gpt-4', got %q", result[0].ModelName)
}
- if result[0].APIKey != "single-key" {
- t.Errorf("expected api_key 'single-key', got %q", result[0].APIKey)
+ if result[0].APIKey() != "single-key" {
+ t.Errorf("expected api_key 'single-key', got %q", result[0].APIKey())
}
if len(result[0].Fallbacks) != 0 {
@@ -33,16 +33,16 @@ func TestExpandMultiKeyModels_SingleKey(t *testing.T) {
}
func TestExpandMultiKeyModels_APIKeysOnly(t *testing.T) {
- models := []ModelConfig{
+ models := []*ModelConfig{
{
ModelName: "glm-4.7",
Model: "zhipu/glm-4.7",
APIBase: "https://api.example.com",
- APIKeys: []string{"key1", "key2", "key3"},
+ apiKeys: []string{"key1", "key2", "key3"},
},
}
- result := ExpandMultiKeyModels(models)
+ result := expandMultiKeyModels(models)
// Should expand to 3 models
if len(result) != 3 {
@@ -54,8 +54,8 @@ func TestExpandMultiKeyModels_APIKeysOnly(t *testing.T) {
if primary.ModelName != "glm-4.7" {
t.Errorf("expected primary model_name 'glm-4.7', got %q", primary.ModelName)
}
- if primary.APIKey != "key1" {
- t.Errorf("expected primary api_key 'key1', got %q", primary.APIKey)
+ if primary.APIKey() != "key1" {
+ t.Errorf("expected primary api_key 'key1', got %q", primary.APIKey())
}
if len(primary.Fallbacks) != 2 {
t.Errorf("expected 2 fallbacks, got %d", len(primary.Fallbacks))
@@ -72,8 +72,8 @@ func TestExpandMultiKeyModels_APIKeysOnly(t *testing.T) {
if second.ModelName != "glm-4.7__key_1" {
t.Errorf("expected second model_name 'glm-4.7__key_1', got %q", second.ModelName)
}
- if second.APIKey != "key2" {
- t.Errorf("expected second api_key 'key2', got %q", second.APIKey)
+ if second.APIKey() != "key2" {
+ t.Errorf("expected second api_key 'key2', got %q", second.APIKey())
}
// Third entry should be key3
@@ -81,22 +81,21 @@ func TestExpandMultiKeyModels_APIKeysOnly(t *testing.T) {
if third.ModelName != "glm-4.7__key_2" {
t.Errorf("expected third model_name 'glm-4.7__key_2', got %q", third.ModelName)
}
- if third.APIKey != "key3" {
- t.Errorf("expected third api_key 'key3', got %q", third.APIKey)
+ if third.APIKey() != "key3" {
+ t.Errorf("expected third api_key 'key3', got %q", third.APIKey())
}
}
func TestExpandMultiKeyModels_APIKeyAndAPIKeys(t *testing.T) {
- models := []ModelConfig{
+ models := []*ModelConfig{
{
ModelName: "gpt-4",
Model: "openai/gpt-4o",
- APIKey: "key0",
- APIKeys: []string{"key1", "key2"},
+ apiKeys: []string{"key0", "key1", "key2"},
},
}
- result := ExpandMultiKeyModels(models)
+ result := expandMultiKeyModels(models)
// Should expand to 3 models (key0 from APIKey + key1, key2 from APIKeys)
if len(result) != 3 {
@@ -105,8 +104,8 @@ func TestExpandMultiKeyModels_APIKeyAndAPIKeys(t *testing.T) {
// Primary should use key0
primary := result[2]
- if primary.APIKey != "key0" {
- t.Errorf("expected primary api_key 'key0', got %q", primary.APIKey)
+ if primary.APIKey() != "key0" {
+ t.Errorf("expected primary api_key 'key0', got %q", primary.APIKey())
}
if len(primary.Fallbacks) != 2 {
t.Errorf("expected 2 fallbacks, got %d", len(primary.Fallbacks))
@@ -114,16 +113,15 @@ func TestExpandMultiKeyModels_APIKeyAndAPIKeys(t *testing.T) {
}
func TestExpandMultiKeyModels_WithExistingFallbacks(t *testing.T) {
- models := []ModelConfig{
- {
- ModelName: "gpt-4",
- Model: "openai/gpt-4o",
- APIKeys: []string{"key1", "key2"},
- Fallbacks: []string{"claude-3"},
- },
+ modelCfg := &ModelConfig{
+ ModelName: "gpt-4",
+ Model: "openai/gpt-4o",
}
+ modelCfg.apiKeys = []string{"key0", "key1"} // Use internal field for multi-key testing
+ modelCfg.Fallbacks = []string{"claude-3"}
+ models := []*ModelConfig{modelCfg}
- result := ExpandMultiKeyModels(models)
+ result := expandMultiKeyModels(models)
primary := result[1]
// With 2 keys, we get 1 key fallback + 1 existing fallback = 2 total
@@ -141,16 +139,15 @@ func TestExpandMultiKeyModels_WithExistingFallbacks(t *testing.T) {
}
func TestExpandMultiKeyModels_EmptyAPIKeys(t *testing.T) {
- models := []ModelConfig{
+ models := []*ModelConfig{
{
ModelName: "gpt-4",
Model: "openai/gpt-4o",
- APIKey: "",
- APIKeys: []string{},
+ apiKeys: []string{},
},
}
- result := ExpandMultiKeyModels(models)
+ result := expandMultiKeyModels(models)
// Should keep as-is with no changes
if len(result) != 1 {
@@ -163,25 +160,25 @@ func TestExpandMultiKeyModels_EmptyAPIKeys(t *testing.T) {
}
func TestExpandMultiKeyModels_Deduplication(t *testing.T) {
- models := []ModelConfig{
+ models := []*ModelConfig{
{
ModelName: "gpt-4",
Model: "openai/gpt-4o",
- APIKey: "key1",
- APIKeys: []string{"key1", "key2", "key1"}, // Duplicate key1
+ apiKeys: []string{"key1", "key2", "key1"}, // Duplicate key1
},
}
- result := ExpandMultiKeyModels(models)
+ result := expandMultiKeyModels(models)
+ t.Logf("result: %#v", result)
// Should only create 2 models (deduplicated keys)
if len(result) != 2 {
t.Fatalf("expected 2 models (deduplicated), got %d", len(result))
}
primary := result[1]
- if primary.APIKey != "key1" {
- t.Errorf("expected primary api_key 'key1', got %q", primary.APIKey)
+ if primary.APIKey() != "key1" {
+ t.Errorf("expected primary api_key 'key1', got %q", primary.APIKey())
}
if len(primary.Fallbacks) != 1 {
t.Errorf("expected 1 fallback, got %d", len(primary.Fallbacks))
@@ -189,21 +186,20 @@ func TestExpandMultiKeyModels_Deduplication(t *testing.T) {
}
func TestExpandMultiKeyModels_PreservesOtherFields(t *testing.T) {
- models := []ModelConfig{
- {
- ModelName: "gpt-4",
- Model: "openai/gpt-4o",
- APIBase: "https://api.example.com",
- APIKeys: []string{"key1", "key2"},
- Proxy: "http://proxy:8080",
- RPM: 60,
- MaxTokensField: "max_completion_tokens",
- RequestTimeout: 30,
- ThinkingLevel: "high",
- },
+ modelCfg := &ModelConfig{
+ ModelName: "gpt-4",
+ Model: "openai/gpt-4o",
+ APIBase: "https://api.example.com",
+ Proxy: "http://proxy:8080",
+ RPM: 60,
+ MaxTokensField: "max_completion_tokens",
+ RequestTimeout: 30,
+ ThinkingLevel: "high",
}
+ modelCfg.apiKeys = []string{"key0", "key1"} // Use internal field for multi-key testing
+ models := []*ModelConfig{modelCfg}
- result := ExpandMultiKeyModels(models)
+ result := expandMultiKeyModels(models)
// Check primary entry preserves all fields
primary := result[1]
@@ -250,13 +246,13 @@ func TestMergeAPIKeys(t *testing.T) {
expected: nil,
},
{
- name: "only apiKey",
+ name: "only ApiKey",
apiKey: "key1",
apiKeys: nil,
expected: []string{"key1"},
},
{
- name: "only apiKeys",
+ name: "only ApiKeys",
apiKey: "",
apiKeys: []string{"key1", "key2"},
expected: []string{"key1", "key2"},
diff --git a/pkg/config/security.go b/pkg/config/security.go
new file mode 100644
index 000000000..fe2111280
--- /dev/null
+++ b/pkg/config/security.go
@@ -0,0 +1,220 @@
+// PicoClaw - Ultra-lightweight personal AI agent
+// License: MIT
+//
+// Copyright (c) 2026 PicoClaw contributors
+
+package config
+
+import (
+ "bytes"
+ "fmt"
+ "os"
+ "path/filepath"
+
+ "github.com/caarlos0/env/v11"
+ "github.com/tencent-connect/botgo/log"
+ "gopkg.in/yaml.v3"
+
+ "github.com/sipeed/picoclaw/pkg/fileutil"
+)
+
+const (
+ SecurityConfigFile = ".security.yml"
+)
+
+// SecurityConfig stores all sensitive data (API keys, tokens, secrets, passwords)
+// This data is loaded from security.yml and kept separate from the main config
+type SecurityConfig struct {
+ // Model API keys. Map key is model_name, can include suffix like "abc:0", "abc:1"
+ // for load balancing with same model_name. The suffix ":N" is used to distinguish
+ // multiple configs that share the same base model_name.
+ ModelList map[string]ModelSecurityEntry `yaml:"model_list,omitempty"`
+
+ // Channel tokens/secrets
+ Channels ChannelsSecurity `yaml:"channels,omitempty"`
+
+ Web WebToolsSecurity `yaml:"web,omitempty"`
+ Skills SkillsSecurity `yaml:"skills,omitempty"`
+}
+
+// ModelSecurityEntry stores security data for a model
+type ModelSecurityEntry struct {
+ APIKeys []string `yaml:"api_keys,omitempty"` // API authentication keys (multiple keys for failover)
+}
+
+// ChannelsSecurity stores channel-related security data
+type ChannelsSecurity struct {
+ Telegram *TelegramSecurity `yaml:"telegram,omitempty"`
+ Feishu *FeishuSecurity `yaml:"feishu,omitempty"`
+ Discord *DiscordSecurity `yaml:"discord,omitempty"`
+ Weixin *WeixinSecurity `yaml:"weixin,omitempty"`
+ QQ *QQSecurity `yaml:"qq,omitempty"`
+ DingTalk *DingTalkSecurity `yaml:"dingtalk,omitempty"`
+ Slack *SlackSecurity `yaml:"slack,omitempty"`
+ Matrix *MatrixSecurity `yaml:"matrix,omitempty"`
+ LINE *LINESecurity `yaml:"line,omitempty"`
+ OneBot *OneBotSecurity `yaml:"onebot,omitempty"`
+ WeCom *WeComSecurity `yaml:"wecom,omitempty"`
+ WeComApp *WeComAppSecurity `yaml:"wecom_app,omitempty"`
+ WeComAIBot *WeComAIBotSecurity `yaml:"wecom_aibot,omitempty"`
+ Pico *PicoSecurity `yaml:"pico,omitempty"`
+ IRC *IRCSecurity `yaml:"irc,omitempty"`
+}
+
+type TelegramSecurity struct {
+ Token string `yaml:"token,omitempty" env:"PICOCLAW_CHANNELS_TELEGRAM_TOKEN"`
+}
+
+type FeishuSecurity struct {
+ AppSecret string `yaml:"app_secret,omitempty" env:"PICOCLAW_CHANNELS_FEISHU_APP_SECRET"`
+ EncryptKey string `yaml:"encrypt_key,omitempty" env:"PICOCLAW_CHANNELS_FEISHU_ENCRYPT_KEY"`
+ VerificationToken string `yaml:"verification_token,omitempty" env:"PICOCLAW_CHANNELS_FEISHU_VERIFICATION_TOKEN"`
+}
+
+type DiscordSecurity struct {
+ Token string `yaml:"token,omitempty" env:"PICOCLAW_CHANNELS_DISCORD_TOKEN"`
+}
+
+type WeixinSecurity struct {
+ Token string `yaml:"token,omitempty" env:"PICOCLAW_CHANNELS_WEIXIN_TOKEN"`
+}
+
+type QQSecurity struct {
+ AppSecret string `yaml:"app_secret,omitempty" env:"PICOCLAW_CHANNELS_QQ_APP_SECRET"`
+}
+
+type DingTalkSecurity struct {
+ ClientSecret string `yaml:"client_secret,omitempty" env:"PICOCLAW_CHANNELS_DINGTALK_CLIENT_SECRET"`
+}
+
+type SlackSecurity struct {
+ BotToken string `yaml:"bot_token,omitempty" env:"PICOCLAW_CHANNELS_SLACK_BOT_TOKEN"`
+ AppToken string `yaml:"app_token,omitempty" env:"PICOCLAW_CHANNELS_SLACK_APP_TOKEN"`
+}
+
+type MatrixSecurity struct {
+ AccessToken string `yaml:"access_token,omitempty" env:"PICOCLAW_CHANNELS_MATRIX_ACCESS_TOKEN"`
+}
+
+type LINESecurity struct {
+ ChannelSecret string `yaml:"channel_secret,omitempty" env:"PICOCLAW_CHANNELS_LINE_CHANNEL_SECRET"`
+ ChannelAccessToken string `yaml:"channel_access_token,omitempty" env:"PICOCLAW_CHANNELS_LINE_CHANNEL_ACCESS_TOKEN"`
+}
+
+type OneBotSecurity struct {
+ AccessToken string `yaml:"access_token,omitempty" env:"PICOCLAW_CHANNELS_ONEBOT_ACCESS_TOKEN"`
+}
+
+type WeComSecurity struct {
+ Token string `yaml:"token,omitempty" env:"PICOCLAW_CHANNELS_WECOM_TOKEN"`
+ EncodingAESKey string `yaml:"encoding_aes_key,omitempty" env:"PICOCLAW_CHANNELS_WECOM_ENCODING_AES_KEY"`
+}
+
+type WeComAppSecurity struct {
+ CorpSecret string `yaml:"corp_secret,omitempty" env:"PICOCLAW_CHANNELS_WECOM_APP_CORP_SECRET"`
+ Token string `yaml:"token,omitempty" env:"PICOCLAW_CHANNELS_WECOM_APP_TOKEN"`
+ EncodingAESKey string `yaml:"encoding_aes_key,omitempty" env:"PICOCLAW_CHANNELS_WECOM_APP_ENCODING_AES_KEY"`
+}
+
+type WeComAIBotSecurity struct {
+ Secret string `yaml:"secret,omitempty" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_SECRET"`
+ Token string `yaml:"token,omitempty" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_TOKEN"`
+ EncodingAESKey string `yaml:"encoding_aes_key,omitempty" env:"PICOCLAW_CHANNELS_WECOM_AIBOT_ENCODING_AES_KEY"`
+}
+
+type PicoSecurity struct {
+ Token string `yaml:"token,omitempty" env:"PICOCLAW_CHANNELS_PICO_TOKEN"`
+}
+
+type IRCSecurity struct {
+ Password string `yaml:"password,omitempty" env:"PICOCLAW_CHANNELS_IRC_PASSWORD"`
+ NickServPassword string `yaml:"nickserv_password,omitempty" env:"PICOCLAW_CHANNELS_IRC_NICKSERV_PASSWORD"`
+ SASLPassword string `yaml:"sasl_password,omitempty" env:"PICOCLAW_CHANNELS_IRC_SASL_PASSWORD"`
+}
+
+type WebToolsSecurity struct {
+ Brave *BraveSecurity `yaml:"brave,omitempty"`
+ Tavily *TavilySecurity `yaml:"tavily,omitempty"`
+ Perplexity *PerplexitySecurity `yaml:"perplexity,omitempty"`
+ GLMSearch *GLMSearchSecurity `yaml:"glm_search,omitempty"`
+ BaiduSearch *BaiduSearchSecurity `yaml:"baidu_search,omitempty"`
+}
+
+type BraveSecurity struct {
+ APIKeys []string `yaml:"api_keys,omitempty"`
+}
+
+type TavilySecurity struct {
+ APIKeys []string `yaml:"api_keys,omitempty"`
+}
+
+type PerplexitySecurity struct {
+ APIKeys []string `yaml:"api_keys,omitempty"`
+}
+
+type GLMSearchSecurity struct {
+ APIKey string `yaml:"api_key,omitempty"`
+}
+
+type BaiduSearchSecurity struct {
+ APIKey string `yaml:"api_key,omitempty" env:"PICOCLAW_TOOLS_WEB_BAIDU_API_KEY"`
+}
+
+type SkillsSecurity struct {
+ Github *GithubSecurity `yaml:"github,omitempty"`
+ ClawHub *ClawHubSecurity `yaml:"clawhub,omitempty"`
+}
+
+type GithubSecurity struct {
+ Token string `yaml:"token,omitempty"`
+}
+
+type ClawHubSecurity struct {
+ AuthToken string `yaml:"auth_token,omitempty"`
+}
+
+// securityPath returns the path to security.yml relative to the config file
+func securityPath(configPath string) string {
+ configDir := filepath.Dir(configPath)
+ return filepath.Join(configDir, SecurityConfigFile)
+}
+
+// loadSecurityConfig loads the security configuration from security.yml
+// Returns an empty SecurityConfig if the file doesn't exist
+func loadSecurityConfig(securityPath string) (*SecurityConfig, error) {
+ data, err := os.ReadFile(securityPath)
+ if err != nil {
+ if os.IsNotExist(err) {
+ return &SecurityConfig{}, nil
+ }
+ return nil, fmt.Errorf("failed to read security config: %w", err)
+ }
+
+ var sec SecurityConfig
+ if err := yaml.Unmarshal(data, &sec); err != nil {
+ return nil, fmt.Errorf("failed to parse security config: %w", err)
+ }
+
+ // No need to validate model_name format here - both formats are supported:
+ // - "model-name:0" (with index for multiple entries)
+ // - "model-name" (without index for single entry or default to index 0)
+
+ if err := env.Parse(&sec); err != nil {
+ log.Errorf("failed to parse environment variables: %v", err)
+ return nil, err
+ }
+
+ return &sec, nil
+}
+
+// saveSecurityConfig saves the security configuration to security.yml
+func saveSecurityConfig(securityPath string, sec *SecurityConfig) error {
+ var buf bytes.Buffer
+ enc := yaml.NewEncoder(&buf)
+ enc.SetIndent(2)
+ err := enc.Encode(sec)
+ if err != nil {
+ return fmt.Errorf("failed to marshal security config: %w", err)
+ }
+ return fileutil.WriteFileAtomic(securityPath, buf.Bytes(), 0o600)
+}
diff --git a/pkg/config/security_integration_test.go b/pkg/config/security_integration_test.go
new file mode 100644
index 000000000..c1e1a2340
--- /dev/null
+++ b/pkg/config/security_integration_test.go
@@ -0,0 +1,472 @@
+// PicoClaw - Ultra-lightweight personal AI agent
+// License: MIT
+//
+// Copyright (c) 2026 PicoClaw contributors
+
+package config
+
+import (
+ "encoding/json"
+ "os"
+ "path/filepath"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+// Test JSON unmarshal of private fields
+func TestJSONUnmarshalPrivateFields(t *testing.T) {
+ //nolint: govet
+ type testStruct struct {
+ PublicField string `json:"public"`
+ privateField string `json:"private"`
+ }
+
+ data := `{"public": "pub", "private": "priv"}`
+ var s testStruct
+ if err := json.Unmarshal([]byte(data), &s); err != nil {
+ t.Fatalf("JSON unmarshal failed: %v", err)
+ }
+
+ t.Logf("PublicField: %s", s.PublicField)
+ t.Logf("privateField: %s", s.privateField)
+
+ if s.PublicField != "pub" {
+ t.Errorf("PublicField = %q, want 'pub'", s.PublicField)
+ }
+ // This should fail because privateField is unexported
+ if s.privateField != "priv" {
+ t.Logf("privateField = %q, want 'priv' - THIS IS EXPECTED TO FAIL", s.privateField)
+ }
+}
+
+func TestSecurityConfigIntegration(t *testing.T) {
+ t.Run("Full workflow with security references", func(t *testing.T) {
+ tmpDir := t.TempDir()
+
+ // Create config.json with references
+ configPath := filepath.Join(tmpDir, "config.json")
+ configContent := `{
+ "version": 1,
+ "model_list": [
+ {
+ "model_name": "test-model",
+ "model": "openai/test-model",
+ "api_base": "https://api.openai.com/v1",
+ "api_key": "ref:model_list.test-model.api_key"
+ }
+ ],
+ "channels": {
+ "telegram": {
+ "enabled": true,
+ "token": "ref:channels.telegram.token"
+ }
+ },
+ "tools": {
+ "web": {
+ "brave": {
+ "enabled": true,
+ "api_key": "ref:web.brave.api_key"
+ }
+ },
+ "skills": {
+ "github": {
+ "token": "ref:skills.github.token"
+ }
+ }
+ }
+}`
+ err := os.WriteFile(configPath, []byte(configContent), 0o644)
+ require.NoError(t, err)
+
+ // Create .security.yml with actual values
+ securityPath := filepath.Join(tmpDir, SecurityConfigFile)
+ securityContent := `model_list:
+ test-model:
+ api_keys:
+ - "sk-test-api-key-12345"
+
+channels:
+ telegram:
+ token: "123456789:ABCdefGHIjklMNOpqrsTUVwxyz"
+
+web:
+ brave:
+ api_keys:
+ - "BSAbrave-api-key-67890"
+
+skills:
+ github:
+ token: "ghp_github-token-abc123"`
+ err = os.WriteFile(securityPath, []byte(securityContent), 0o600)
+ require.NoError(t, err)
+
+ // Load config and verify references are resolved
+ cfg, err := LoadConfig(configPath)
+ require.NoError(t, err)
+ require.NotNil(t, cfg)
+
+ // Verify model API key is resolved
+ assert.Equal(t, 1, len(cfg.ModelList))
+ assert.Equal(t, "test-model", cfg.ModelList[0].ModelName)
+ assert.Equal(t, "sk-test-api-key-12345", cfg.ModelList[0].apiKeys[0])
+
+ // Verify channel token is resolved
+ assert.Equal(t, "123456789:ABCdefGHIjklMNOpqrsTUVwxyz", cfg.Channels.Telegram.token)
+
+ // Verify web tool API key is resolved
+ assert.Equal(t, "BSAbrave-api-key-67890", cfg.Tools.Web.Brave.APIKey())
+
+ // Verify skills token is resolved
+ assert.Equal(t, "ghp_github-token-abc123", cfg.Tools.Skills.Github.token)
+ })
+}
+
+func TestSecurityConfigWithAPIKeysArray(t *testing.T) {
+ t.Run("Multiple API keys via security", func(t *testing.T) {
+ tmpDir := t.TempDir()
+
+ // Create config with APIKeys array
+ configPath := filepath.Join(tmpDir, "config.json")
+ configContent := `{
+ "version": 1,
+ "model_list": [
+ {
+ "model_name": "multi-key-model",
+ "model": "openai/multi-key-model"
+ }
+ ]
+}`
+ err := os.WriteFile(configPath, []byte(configContent), 0o644)
+ require.NoError(t, err)
+
+ // Create .security.yml
+ securityPath := filepath.Join(tmpDir, SecurityConfigFile)
+ securityContent := `model_list:
+ multi-key-model:0:
+ api_key: "sk-key-1"
+ api_keys:
+ - "sk-key-1"
+ - "sk-key-2"
+ - "sk-key-3"
+`
+ err = os.WriteFile(securityPath, []byte(securityContent), 0o600)
+ require.NoError(t, err)
+
+ // Load config
+ cfg, err := LoadConfig(configPath)
+ require.NoError(t, err)
+
+ t.Logf("Config: %+v", cfg.ModelList)
+ for _, m := range cfg.ModelList {
+ t.Logf("Model: %+v", m)
+ }
+ // Verify multi-key expansion works
+ assert.Equal(t, 3, len(cfg.ModelList))
+ assert.Equal(t, "multi-key-model", cfg.ModelList[2].ModelName)
+ })
+}
+
+func TestAllSecurityKeysAccessible(t *testing.T) {
+ t.Run("All security keys accessible via Key() methods including file://", func(t *testing.T) {
+ tmpDir := t.TempDir()
+
+ // Create test files for file:// references
+ modelAPIKeyFile := filepath.Join(tmpDir, "model_api_key.txt")
+ err := os.WriteFile(modelAPIKeyFile, []byte("sk-model-from-file-12345"), 0o600)
+ require.NoError(t, err)
+
+ braveAPIKeyFile := filepath.Join(tmpDir, "brave_api_key.txt")
+ err = os.WriteFile(braveAPIKeyFile, []byte("BSA-brave-from-file-67890"), 0o600)
+ require.NoError(t, err)
+
+ tavilyAPIKeyFile := filepath.Join(tmpDir, "tavily_api_key.txt")
+ err = os.WriteFile(tavilyAPIKeyFile, []byte("tvly-tavily-from-file-11111"), 0o600)
+ require.NoError(t, err)
+
+ perplexityAPIKeyFile := filepath.Join(tmpDir, "perplexity_api_key.txt")
+ err = os.WriteFile(perplexityAPIKeyFile, []byte("pplx-perplexity-from-file-22222"), 0o600)
+ require.NoError(t, err)
+
+ githubTokenFile := filepath.Join(tmpDir, "github_token.txt")
+ err = os.WriteFile(githubTokenFile, []byte("ghp-github-from-file-abc123"), 0o600)
+ require.NoError(t, err)
+
+ clawhubAuthTokenFile := filepath.Join(tmpDir, "clawhub_auth_token.txt")
+ err = os.WriteFile(clawhubAuthTokenFile, []byte("clawhub-auth-token-from-file"), 0o600)
+ require.NoError(t, err)
+
+ // Create config.json without sensitive values (they'll be in .security.yml)
+ configPath := filepath.Join(tmpDir, "config.json")
+ configContent := `{
+ "version": 1,
+ "model_list": [
+ {
+ "model_name": "test-model-1",
+ "model": "openai/test-model-1"
+ }
+ ],
+ "channels": {
+ "telegram": {
+ "enabled": true
+ },
+ "feishu": {
+ "enabled": true,
+ "app_id": "test_app_id"
+ },
+ "discord": {
+ "enabled": true
+ },
+ "dingtalk": {
+ "enabled": true,
+ "client_id": "test_client_id"
+ },
+ "slack": {
+ "enabled": true
+ },
+ "matrix": {
+ "enabled": true,
+ "homeserver": "https://matrix.org",
+ "user_id": "@test:matrix.org"
+ },
+ "line": {
+ "enabled": true,
+ "webhook_host": "localhost",
+ "webhook_port": 8080,
+ "webhook_path": "/webhook"
+ },
+ "onebot": {
+ "enabled": true,
+ "ws_url": "ws://localhost:8080"
+ },
+ "wecom": {
+ "enabled": true,
+ "webhook_url": "https://qyapi.weixin.qq.com/cgi-bin/webhook"
+ },
+ "wecom_app": {
+ "enabled": true,
+ "corp_id": "test_corp_id",
+ "agent_id": 123456
+ },
+ "wecom_aibot": {
+ "enabled": true
+ },
+ "pico": {
+ "enabled": true
+ },
+ "irc": {
+ "enabled": true,
+ "server": "irc.example.com",
+ "nick": "testbot"
+ },
+ "qq": {
+ "enabled": true,
+ "app_id": "test_qq_app_id"
+ }
+ },
+ "tools": {
+ "web": {
+ "brave": {
+ "enabled": true
+ },
+ "tavily": {
+ "enabled": true
+ },
+ "perplexity": {
+ "enabled": true
+ },
+ "glm_search": {
+ "enabled": true
+ }
+ },
+ "skills": {
+ "github": {}
+ }
+ }
+}`
+ err = os.WriteFile(configPath, []byte(configContent), 0o644)
+ require.NoError(t, err)
+
+ // Create .security.yml with file:// references and plaintext values
+ securityPath := filepath.Join(tmpDir, SecurityConfigFile)
+ securityContent := `model_list:
+ test-model-1:
+ api_keys:
+ - "file://model_api_key.txt"
+
+channels:
+ telegram:
+ token: "123456789:ABCdefGHIjklMNOpqrsTUVwxyz"
+ feishu:
+ app_secret: "feishu_test_app_secret"
+ encrypt_key: "feishu_test_encrypt_key"
+ verification_token: "feishu_test_verification_token"
+ discord:
+ token: "discord_test_bot_token_xyz"
+ dingtalk:
+ client_secret: "dingtalk_test_client_secret"
+ slack:
+ bot_token: "xoxb-slack-bot-token-123"
+ app_token: "xapp-slack-app-token-456"
+ matrix:
+ access_token: "matrix_test_access_token"
+ line:
+ channel_secret: "line_test_channel_secret"
+ channel_access_token: "line_test_channel_access_token"
+ onebot:
+ access_token: "onebot_test_access_token"
+ wecom:
+ token: "wecom_test_webhook_token"
+ encoding_aes_key: "wecom_test_aes_key"
+ wecom_app:
+ corp_secret: "wecom_app_test_corp_secret"
+ token: "wecom_app_test_token"
+ encoding_aes_key: "wecom_app_test_aes_key"
+ wecom_aibot:
+ token: "wecom_aibot_test_token"
+ encoding_aes_key: "wecom_aibot_test_aes_key"
+ pico:
+ token: "pico_test_token"
+ irc:
+ password: "irc_test_password"
+ nickserv_password: "irc_test_nickserv_password"
+ sasl_password: "irc_test_sasl_password"
+ qq:
+ app_secret: "qq_test_app_secret"
+
+web:
+ brave:
+ api_keys:
+ - "file://brave_api_key.txt"
+ tavily:
+ api_keys:
+ - "file://tavily_api_key.txt"
+ perplexity:
+ api_keys:
+ - "file://perplexity_api_key.txt"
+ glm_search:
+ api_key: "glm-test-glm-search-key"
+
+skills:
+ github:
+ token: "file://github_token.txt"
+ clawhub:
+ auth_token: "file://clawhub_auth_token.txt"
+`
+ err = os.WriteFile(securityPath, []byte(securityContent), 0o600)
+ require.NoError(t, err)
+
+ // Load config and verify all security keys are accessible
+ cfg, err := LoadConfig(configPath)
+ require.NoError(t, err)
+ require.NotNil(t, cfg)
+
+ // Verify Model API keys
+ assert.Equal(t, 1, len(cfg.ModelList))
+ assert.Equal(t, "test-model-1", cfg.ModelList[0].ModelName)
+ // file:// reference should be resolved
+ assert.Equal(t, "sk-model-from-file-12345", cfg.ModelList[0].APIKey())
+ t.Logf("Model APIKey(): %s", cfg.ModelList[0].APIKey())
+
+ // Verify Channel tokens via Key() methods
+ // Telegram
+ assert.Equal(t, "123456789:ABCdefGHIjklMNOpqrsTUVwxyz", cfg.Channels.Telegram.Token())
+ t.Logf("Telegram Token(): %s", cfg.Channels.Telegram.Token())
+
+ // Feishu
+ assert.Equal(t, "feishu_test_app_secret", cfg.Channels.Feishu.AppSecret())
+ assert.Equal(t, "feishu_test_encrypt_key", cfg.Channels.Feishu.EncryptKey())
+ assert.Equal(t, "feishu_test_verification_token", cfg.Channels.Feishu.VerificationToken())
+ t.Logf("Feishu AppSecret(): %s", cfg.Channels.Feishu.AppSecret())
+ t.Logf("Feishu EncryptKey(): %s", cfg.Channels.Feishu.EncryptKey())
+ t.Logf("Feishu VerificationToken(): %s", cfg.Channels.Feishu.VerificationToken())
+
+ // Discord
+ assert.Equal(t, "discord_test_bot_token_xyz", cfg.Channels.Discord.Token())
+ t.Logf("Discord Token(): %s", cfg.Channels.Discord.Token())
+
+ // DingTalk
+ assert.Equal(t, "dingtalk_test_client_secret", cfg.Channels.DingTalk.ClientSecret())
+ t.Logf("DingTalk ClientSecret(): %s", cfg.Channels.DingTalk.ClientSecret())
+
+ // Slack
+ assert.Equal(t, "xoxb-slack-bot-token-123", cfg.Channels.Slack.BotToken())
+ assert.Equal(t, "xapp-slack-app-token-456", cfg.Channels.Slack.AppToken())
+ t.Logf("Slack BotToken(): %s", cfg.Channels.Slack.BotToken())
+ t.Logf("Slack AppToken(): %s", cfg.Channels.Slack.AppToken())
+
+ // Matrix
+ assert.Equal(t, "matrix_test_access_token", cfg.Channels.Matrix.AccessToken())
+ t.Logf("Matrix AccessToken(): %s", cfg.Channels.Matrix.AccessToken())
+
+ // LINE
+ assert.Equal(t, "line_test_channel_secret", cfg.Channels.LINE.ChannelSecret())
+ assert.Equal(t, "line_test_channel_access_token", cfg.Channels.LINE.ChannelAccessToken())
+ t.Logf("LINE ChannelSecret(): %s", cfg.Channels.LINE.ChannelSecret())
+ t.Logf("LINE ChannelAccessToken(): %s", cfg.Channels.LINE.ChannelAccessToken())
+
+ // OneBot
+ assert.Equal(t, "onebot_test_access_token", cfg.Channels.OneBot.AccessToken())
+ t.Logf("OneBot AccessToken(): %s", cfg.Channels.OneBot.AccessToken())
+
+ // WeCom
+ assert.Equal(t, "wecom_test_webhook_token", cfg.Channels.WeCom.Token())
+ assert.Equal(t, "wecom_test_aes_key", cfg.Channels.WeCom.EncodingAESKey())
+ t.Logf("WeCom Token(): %s", cfg.Channels.WeCom.Token())
+ t.Logf("WeCom EncodingAESKey(): %s", cfg.Channels.WeCom.EncodingAESKey())
+
+ // WeCom App
+ assert.Equal(t, "wecom_app_test_corp_secret", cfg.Channels.WeComApp.CorpSecret())
+ assert.Equal(t, "wecom_app_test_token", cfg.Channels.WeComApp.Token())
+ assert.Equal(t, "wecom_app_test_aes_key", cfg.Channels.WeComApp.EncodingAESKey())
+ t.Logf("WeComApp CorpSecret(): %s", cfg.Channels.WeComApp.CorpSecret())
+ t.Logf("WeComApp Token(): %s", cfg.Channels.WeComApp.Token())
+ t.Logf("WeComApp EncodingAESKey(): %s", cfg.Channels.WeComApp.EncodingAESKey())
+
+ // WeCom AI Bot
+ assert.Equal(t, "wecom_aibot_test_token", cfg.Channels.WeComAIBot.Token())
+ assert.Equal(t, "wecom_aibot_test_aes_key", cfg.Channels.WeComAIBot.EncodingAESKey())
+ t.Logf("WeComAIBot Token(): %s", cfg.Channels.WeComAIBot.Token())
+ t.Logf("WeComAIBot EncodingAESKey(): %s", cfg.Channels.WeComAIBot.EncodingAESKey())
+
+ // Pico
+ assert.Equal(t, "pico_test_token", cfg.Channels.Pico.Token())
+ t.Logf("Pico Token(): %s", cfg.Channels.Pico.Token())
+
+ // IRC
+ assert.Equal(t, "irc_test_password", cfg.Channels.IRC.Password())
+ assert.Equal(t, "irc_test_nickserv_password", cfg.Channels.IRC.NickServPassword())
+ assert.Equal(t, "irc_test_sasl_password", cfg.Channels.IRC.SASLPassword())
+ t.Logf("IRC Password(): %s", cfg.Channels.IRC.Password())
+ t.Logf("IRC NickServPassword(): %s", cfg.Channels.IRC.NickServPassword())
+ t.Logf("IRC SASLPassword(): %s", cfg.Channels.IRC.SASLPassword())
+
+ // QQ
+ assert.Equal(t, "qq_test_app_secret", cfg.Channels.QQ.AppSecret())
+ t.Logf("QQ AppSecret(): %s", cfg.Channels.QQ.AppSecret())
+
+ // Verify Web tool API keys
+ assert.Equal(t, "BSA-brave-from-file-67890", cfg.Tools.Web.Brave.APIKey())
+ t.Logf("Brave APIKey(): %s", cfg.Tools.Web.Brave.APIKey())
+
+ assert.Equal(t, "tvly-tavily-from-file-11111", cfg.Tools.Web.Tavily.APIKey())
+ t.Logf("Tavily APIKey(): %s", cfg.Tools.Web.Tavily.APIKey())
+
+ assert.Equal(t, "pplx-perplexity-from-file-22222", cfg.Tools.Web.Perplexity.APIKey())
+ t.Logf("Perplexity APIKey(): %s", cfg.Tools.Web.Perplexity.APIKey())
+
+ // GLM Search - Note: GLM uses SetAPIKey (lowercase) internally
+ t.Logf("GLMSearch APIKey(): %s", cfg.Tools.Web.GLMSearch.APIKey())
+ assert.Equal(t, "glm-test-glm-search-key", cfg.Tools.Web.GLMSearch.APIKey())
+
+ // Verify Skills tokens
+ assert.Equal(t, "ghp-github-from-file-abc123", cfg.Tools.Skills.Github.Token())
+ t.Logf("Github Token(): %s", cfg.Tools.Skills.Github.Token())
+
+ assert.Equal(t, "clawhub-auth-token-from-file", cfg.Tools.Skills.Registries.ClawHub.AuthToken())
+ t.Logf("ClawHub AuthToken(): %s", cfg.Tools.Skills.Registries.ClawHub.AuthToken())
+
+ t.Log("All security keys are successfully accessible via their respective Key() methods")
+ })
+}
diff --git a/pkg/config/security_test.go b/pkg/config/security_test.go
new file mode 100644
index 000000000..74e765f6b
--- /dev/null
+++ b/pkg/config/security_test.go
@@ -0,0 +1,90 @@
+// PicoClaw - Ultra-lightweight personal AI agent
+// License: MIT
+//
+// Copyright (c) 2026 PicoClaw contributors
+
+package config
+
+import (
+ "os"
+ "path/filepath"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func TestSecurityConfig(t *testing.T) {
+ t.Run("LoadNonExistent", func(t *testing.T) {
+ sec, err := loadSecurityConfig("/nonexistent/.security.yml")
+ require.NoError(t, err)
+ assert.NotNil(t, sec)
+ assert.Empty(t, sec.ModelList)
+ })
+}
+
+func TestSecurityPath(t *testing.T) {
+ tests := []struct {
+ name string
+ configDir string
+ want string
+ }{
+ {
+ name: "standard path",
+ configDir: "/home/user/.picoclaw/config.json",
+ want: "/home/user/.picoclaw/.security.yml",
+ },
+ {
+ name: "nested path",
+ configDir: "/path/to/config/myconfig.json",
+ want: "/path/to/config/.security.yml",
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ got := securityPath(tt.configDir)
+ assert.Equal(t, tt.want, got)
+ })
+ }
+}
+
+func TestSaveAndLoadSecurityConfig(t *testing.T) {
+ tmpDir := t.TempDir()
+ secPath := filepath.Join(tmpDir, SecurityConfigFile)
+
+ original := &SecurityConfig{
+ ModelList: map[string]ModelSecurityEntry{
+ "model1:0": {
+ APIKeys: []string{"key1", "key2"},
+ },
+ },
+ Channels: ChannelsSecurity{
+ Telegram: &TelegramSecurity{
+ Token: "telegram-token",
+ },
+ },
+ Web: WebToolsSecurity{
+ Brave: &BraveSecurity{
+ APIKeys: []string{"brave-api-key"},
+ },
+ },
+ }
+
+ // Save
+ err := saveSecurityConfig(secPath, original)
+ require.NoError(t, err)
+
+ // Verify file was created with correct permissions
+ info, err := os.Stat(secPath)
+ require.NoError(t, err)
+ assert.Equal(t, os.FileMode(0o600), info.Mode())
+
+ // Load
+ loaded, err := loadSecurityConfig(secPath)
+ require.NoError(t, err)
+
+ assert.Equal(t, original.ModelList, loaded.ModelList)
+ assert.Equal(t, original.Channels.Telegram.Token, loaded.Channels.Telegram.Token)
+ assert.EqualValues(t, original.Web.Brave.APIKeys, loaded.Web.Brave.APIKeys)
+}
diff --git a/pkg/env.go b/pkg/env.go
new file mode 100644
index 000000000..b9a77dab2
--- /dev/null
+++ b/pkg/env.go
@@ -0,0 +1,12 @@
+// all environment variables including default values put here
+
+package pkg
+
+const (
+ Logo = "🦞"
+ // AppName is the name of the app
+ AppName = "PicoClaw"
+
+ DefaultPicoClawHome = ".picoclaw"
+ WorkspaceName = "workspace"
+)
diff --git a/pkg/gateway/gateway.go b/pkg/gateway/gateway.go
index 92bef6c15..454ee2c48 100644
--- a/pkg/gateway/gateway.go
+++ b/pkg/gateway/gateway.go
@@ -85,7 +85,7 @@ func Run(debug bool, configPath string, allowEmptyStartup bool) error {
return fmt.Errorf("error loading config: %w", err)
}
- logger.SetLevelFromString(cfg.Agents.Defaults.LogLevel)
+ logger.SetLevelFromString(cfg.Gateway.LogLevel)
if debug {
logger.SetLevel(logger.DEBUG)
@@ -381,9 +381,6 @@ func handleConfigReload(
logger.Info("🔄 Config file changed, reloading...")
newModel := newCfg.Agents.Defaults.ModelName
- if newModel == "" {
- newModel = newCfg.Agents.Defaults.Model
- }
logger.Infof(" New model is '%s', recreating provider...", newModel)
diff --git a/pkg/logger/logger.go b/pkg/logger/logger.go
index 179804607..eeb1436de 100644
--- a/pkg/logger/logger.go
+++ b/pkg/logger/logger.go
@@ -256,6 +256,8 @@ func appendFields(event *zerolog.Event, fields map[string]any) {
for k, v := range fields {
// Type switch to avoid double JSON serialization of strings
switch val := v.(type) {
+ case error:
+ event.Str(k, val.Error())
case string:
event.Str(k, val)
case int:
diff --git a/pkg/logger/logger_test.go b/pkg/logger/logger_test.go
index e551db58e..6ad3a8dd6 100644
--- a/pkg/logger/logger_test.go
+++ b/pkg/logger/logger_test.go
@@ -1,7 +1,12 @@
package logger
import (
+ "bytes"
+ "encoding/json"
+ "errors"
"testing"
+
+ "github.com/rs/zerolog"
)
func TestLogLevelFiltering(t *testing.T) {
@@ -337,3 +342,26 @@ func TestSetLevelFromString(t *testing.T) {
t.Errorf("after SetLevelFromString(\"FATAL\"): GetLevel() = %v, want FATAL", got)
}
}
+
+func TestAppendFields_ErrorUsesErrorString(t *testing.T) {
+ var buf bytes.Buffer
+ l := zerolog.New(&buf)
+
+ event := l.Info()
+ appendFields(event, map[string]any{"error": errors.New("transcription request failed")})
+ event.Msg("test")
+
+ lines := bytes.Split(bytes.TrimSpace(buf.Bytes()), []byte("\n"))
+ if len(lines) == 0 {
+ t.Fatal("expected log output, got none")
+ }
+
+ var got map[string]any
+ if err := json.Unmarshal(lines[0], &got); err != nil {
+ t.Fatalf("unmarshal log line: %v", err)
+ }
+
+ if got["error"] != "transcription request failed" {
+ t.Fatalf("error field = %#v, want %q", got["error"], "transcription request failed")
+ }
+}
diff --git a/pkg/media/store.go b/pkg/media/store.go
index 30220986c..78cff8bb6 100644
--- a/pkg/media/store.go
+++ b/pkg/media/store.go
@@ -11,11 +11,25 @@ import (
"github.com/sipeed/picoclaw/pkg/logger"
)
+// CleanupPolicy controls how the MediaStore treats the underlying file when
+// a ref is released or expires.
+type CleanupPolicy string
+
+const (
+ // CleanupPolicyDeleteOnCleanup means the file is store-managed and may be
+ // deleted once the final ref for that path is gone.
+ CleanupPolicyDeleteOnCleanup CleanupPolicy = "delete_on_cleanup"
+ // CleanupPolicyForgetOnly means the store should only drop ref mappings and
+ // must never delete the underlying file.
+ CleanupPolicyForgetOnly CleanupPolicy = "forget_only"
+)
+
// MediaMeta holds metadata about a stored media file.
type MediaMeta struct {
- Filename string
- ContentType string
- Source string // "telegram", "discord", "tool:image-gen", etc.
+ Filename string
+ ContentType string
+ Source string // "telegram", "discord", "tool:image-gen", etc.
+ CleanupPolicy CleanupPolicy // defaults to CleanupPolicyDeleteOnCleanup
}
// MediaStore manages the lifecycle of media files associated with processing scopes.
@@ -23,6 +37,7 @@ type MediaStore interface {
// Store registers an existing local file under the given scope.
// Returns a ref identifier (e.g. "media://").
// Store does not move or copy the file; it only records the mapping.
+ // If meta.CleanupPolicy is empty, CleanupPolicyDeleteOnCleanup is assumed.
Store(localPath string, meta MediaMeta, scope string) (ref string, err error)
// Resolve returns the local file path for a given ref.
@@ -43,6 +58,11 @@ type mediaEntry struct {
storedAt time.Time
}
+type pathRefState struct {
+ refCount int
+ deleteEligible bool
+}
+
// MediaCleanerConfig configures the background TTL cleanup.
type MediaCleanerConfig struct {
Enabled bool
@@ -57,6 +77,8 @@ type FileMediaStore struct {
refs map[string]mediaEntry
scopeToRefs map[string]map[string]struct{}
refToScope map[string]string
+ refToPath map[string]string
+ pathStates map[string]pathRefState
cleanerCfg MediaCleanerConfig
stop chan struct{}
@@ -71,6 +93,8 @@ func NewFileMediaStore() *FileMediaStore {
refs: make(map[string]mediaEntry),
scopeToRefs: make(map[string]map[string]struct{}),
refToScope: make(map[string]string),
+ refToPath: make(map[string]string),
+ pathStates: make(map[string]pathRefState),
nowFunc: time.Now,
}
}
@@ -81,6 +105,8 @@ func NewFileMediaStoreWithCleanup(cfg MediaCleanerConfig) *FileMediaStore {
refs: make(map[string]mediaEntry),
scopeToRefs: make(map[string]map[string]struct{}),
refToScope: make(map[string]string),
+ refToPath: make(map[string]string),
+ pathStates: make(map[string]pathRefState),
cleanerCfg: cfg,
stop: make(chan struct{}),
nowFunc: time.Now,
@@ -94,6 +120,7 @@ func (s *FileMediaStore) Store(localPath string, meta MediaMeta, scope string) (
}
ref := "media://" + uuid.New().String()
+ meta.CleanupPolicy = normalizeCleanupPolicy(meta.CleanupPolicy)
s.mu.Lock()
defer s.mu.Unlock()
@@ -104,6 +131,18 @@ func (s *FileMediaStore) Store(localPath string, meta MediaMeta, scope string) (
}
s.scopeToRefs[scope][ref] = struct{}{}
s.refToScope[ref] = scope
+ s.refToPath[ref] = localPath
+
+ pathState := s.pathStates[localPath]
+ if pathState.refCount == 0 {
+ pathState.deleteEligible = meta.CleanupPolicy == CleanupPolicyDeleteOnCleanup
+ } else if meta.CleanupPolicy == CleanupPolicyForgetOnly {
+ // Be conservative: once a path is borrowed externally, never let this
+ // lifecycle auto-delete it even if store-managed refs also exist.
+ pathState.deleteEligible = false
+ }
+ pathState.refCount++
+ s.pathStates[localPath] = pathState
return ref, nil
}
@@ -134,7 +173,8 @@ func (s *FileMediaStore) ResolveWithMeta(ref string) (string, MediaMeta, error)
// ReleaseAll removes all files under the given scope and cleans up mappings.
// Phase 1 (under lock): remove entries from maps.
-// Phase 2 (no lock): delete files from disk.
+// Phase 2 (no lock): delete store-managed files from disk once their final
+// path ref is gone.
func (s *FileMediaStore) ReleaseAll(scope string) error {
// Phase 1: collect paths and remove from maps under lock
var paths []string
@@ -147,11 +187,13 @@ func (s *FileMediaStore) ReleaseAll(scope string) error {
}
for ref := range refs {
+ fallbackPath := ""
if entry, exists := s.refs[ref]; exists {
- paths = append(paths, entry.path)
+ fallbackPath = entry.path
+ }
+ if removablePath, shouldDelete := s.releaseRefLocked(ref, fallbackPath); shouldDelete {
+ paths = append(paths, removablePath)
}
- delete(s.refs, ref)
- delete(s.refToScope, ref)
}
delete(s.scopeToRefs, scope)
s.mu.Unlock()
@@ -171,7 +213,7 @@ func (s *FileMediaStore) ReleaseAll(scope string) error {
// CleanExpired removes all entries older than MaxAge.
// Phase 1 (under lock): identify expired entries and remove from maps.
-// Phase 2 (no lock): delete files from disk to minimize lock contention.
+// Phase 2 (no lock): delete store-managed files from disk to minimize lock contention.
func (s *FileMediaStore) CleanExpired() int {
if s.cleanerCfg.MaxAge <= 0 {
return 0
@@ -179,8 +221,8 @@ func (s *FileMediaStore) CleanExpired() int {
// Phase 1: collect expired entries under lock
type expiredEntry struct {
- ref string
- path string
+ ref string
+ deletePath string
}
s.mu.Lock()
@@ -189,8 +231,6 @@ func (s *FileMediaStore) CleanExpired() int {
for ref, entry := range s.refs {
if entry.storedAt.Before(cutoff) {
- expired = append(expired, expiredEntry{ref: ref, path: entry.path})
-
if scope, ok := s.refToScope[ref]; ok {
if scopeRefs, ok := s.scopeToRefs[scope]; ok {
delete(scopeRefs, ref)
@@ -200,17 +240,23 @@ func (s *FileMediaStore) CleanExpired() int {
}
}
- delete(s.refs, ref)
- delete(s.refToScope, ref)
+ expiredItem := expiredEntry{ref: ref}
+ if deletePath, shouldDelete := s.releaseRefLocked(ref, entry.path); shouldDelete {
+ expiredItem.deletePath = deletePath
+ }
+ expired = append(expired, expiredItem)
}
}
s.mu.Unlock()
// Phase 2: delete files without holding the lock
for _, e := range expired {
- if err := os.Remove(e.path); err != nil && !os.IsNotExist(err) {
+ if e.deletePath == "" {
+ continue
+ }
+ if err := os.Remove(e.deletePath); err != nil && !os.IsNotExist(err) {
logger.WarnCF("media", "cleanup: failed to remove file", map[string]any{
- "path": e.path,
+ "path": e.deletePath,
"error": err.Error(),
})
}
@@ -219,6 +265,45 @@ func (s *FileMediaStore) CleanExpired() int {
return len(expired)
}
+func normalizeCleanupPolicy(policy CleanupPolicy) CleanupPolicy {
+ switch policy {
+ case "", CleanupPolicyDeleteOnCleanup:
+ return CleanupPolicyDeleteOnCleanup
+ case CleanupPolicyForgetOnly:
+ return CleanupPolicyForgetOnly
+ default:
+ return CleanupPolicyDeleteOnCleanup
+ }
+}
+
+func (s *FileMediaStore) releaseRefLocked(ref, fallbackPath string) (string, bool) {
+ path := fallbackPath
+ if storedPath, ok := s.refToPath[ref]; ok {
+ path = storedPath
+ delete(s.refToPath, ref)
+ }
+
+ delete(s.refs, ref)
+ delete(s.refToScope, ref)
+
+ if path == "" {
+ return "", false
+ }
+
+ pathState, ok := s.pathStates[path]
+ if !ok {
+ return "", false
+ }
+ if pathState.refCount <= 1 {
+ delete(s.pathStates, path)
+ return path, pathState.deleteEligible
+ }
+
+ pathState.refCount--
+ s.pathStates[path] = pathState
+ return "", false
+}
+
// Start begins the background cleanup goroutine if cleanup is enabled.
// Safe to call multiple times; only the first call starts the goroutine.
func (s *FileMediaStore) Start() {
diff --git a/pkg/media/store_test.go b/pkg/media/store_test.go
index 1dcfdf350..dabcc3142 100644
--- a/pkg/media/store_test.go
+++ b/pkg/media/store_test.go
@@ -77,6 +77,106 @@ func TestReleaseAll(t *testing.T) {
}
}
+func TestReleaseAllForgetOnlyKeepsFile(t *testing.T) {
+ dir := t.TempDir()
+ store := NewFileMediaStore()
+
+ path := createTempFile(t, dir, "workspace.txt")
+ ref, err := store.Store(path, MediaMeta{
+ Source: "test",
+ CleanupPolicy: CleanupPolicyForgetOnly,
+ }, "scope1")
+ if err != nil {
+ t.Fatalf("Store failed: %v", err)
+ }
+
+ if err := store.ReleaseAll("scope1"); err != nil {
+ t.Fatalf("ReleaseAll failed: %v", err)
+ }
+
+ if _, err := store.Resolve(ref); err == nil {
+ t.Error("forget-only ref should be unresolvable after release")
+ }
+ if _, err := os.Stat(path); err != nil {
+ t.Errorf("forget-only file should remain on disk: %v", err)
+ }
+}
+
+func TestReleaseAllSharedPathDeletesOnFinalRefOnly(t *testing.T) {
+ dir := t.TempDir()
+ store := NewFileMediaStore()
+
+ path := createTempFile(t, dir, "shared.jpg")
+ refA, err := store.Store(path, MediaMeta{
+ Source: "test",
+ CleanupPolicy: CleanupPolicyDeleteOnCleanup,
+ }, "scopeA")
+ if err != nil {
+ t.Fatalf("Store(scopeA) failed: %v", err)
+ }
+ refB, err := store.Store(path, MediaMeta{
+ Source: "test",
+ CleanupPolicy: CleanupPolicyDeleteOnCleanup,
+ }, "scopeB")
+ if err != nil {
+ t.Fatalf("Store(scopeB) failed: %v", err)
+ }
+
+ if err := store.ReleaseAll("scopeA"); err != nil {
+ t.Fatalf("ReleaseAll(scopeA) failed: %v", err)
+ }
+
+ if _, err := store.Resolve(refA); err == nil {
+ t.Error("refA should be unresolvable after ReleaseAll(scopeA)")
+ }
+ if _, err := store.Resolve(refB); err != nil {
+ t.Fatalf("refB should still resolve: %v", err)
+ }
+ if _, err := os.Stat(path); err != nil {
+ t.Errorf("shared file should remain until final ref is released: %v", err)
+ }
+
+ if err := store.ReleaseAll("scopeB"); err != nil {
+ t.Fatalf("ReleaseAll(scopeB) failed: %v", err)
+ }
+ if _, err := os.Stat(path); !os.IsNotExist(err) {
+ t.Error("shared file should be deleted after final ref is released")
+ }
+}
+
+func TestReleaseAllMixedPoliciesKeepsFile(t *testing.T) {
+ dir := t.TempDir()
+ store := NewFileMediaStore()
+
+ path := createTempFile(t, dir, "shared.txt")
+ if _, err := store.Store(path, MediaMeta{
+ Source: "test",
+ CleanupPolicy: CleanupPolicyDeleteOnCleanup,
+ }, "owned"); err != nil {
+ t.Fatalf("Store(owned) failed: %v", err)
+ }
+ if _, err := store.Store(path, MediaMeta{
+ Source: "test",
+ CleanupPolicy: CleanupPolicyForgetOnly,
+ }, "borrowed"); err != nil {
+ t.Fatalf("Store(borrowed) failed: %v", err)
+ }
+
+ if err := store.ReleaseAll("owned"); err != nil {
+ t.Fatalf("ReleaseAll(owned) failed: %v", err)
+ }
+ if _, err := os.Stat(path); err != nil {
+ t.Fatalf("mixed-policy file should remain after owned ref release: %v", err)
+ }
+
+ if err := store.ReleaseAll("borrowed"); err != nil {
+ t.Fatalf("ReleaseAll(borrowed) failed: %v", err)
+ }
+ if _, err := os.Stat(path); err != nil {
+ t.Errorf("mixed-policy path should not be auto-deleted: %v", err)
+ }
+}
+
func TestMultiScopeIsolation(t *testing.T) {
dir := t.TempDir()
store := NewFileMediaStore()
@@ -293,6 +393,35 @@ func TestCleanExpiredRemovesOldEntries(t *testing.T) {
}
}
+func TestCleanExpiredForgetOnlyKeepsFile(t *testing.T) {
+ dir := t.TempDir()
+ now := time.Now()
+ store := newTestStoreWithCleanup(10 * time.Minute)
+ store.nowFunc = func() time.Time { return now.Add(-20 * time.Minute) }
+
+ path := createTempFile(t, dir, "workspace.txt")
+ ref, err := store.Store(path, MediaMeta{
+ Source: "test",
+ CleanupPolicy: CleanupPolicyForgetOnly,
+ }, "scope1")
+ if err != nil {
+ t.Fatalf("Store failed: %v", err)
+ }
+
+ store.nowFunc = func() time.Time { return now }
+ removed := store.CleanExpired()
+
+ if removed != 1 {
+ t.Errorf("expected 1 removed, got %d", removed)
+ }
+ if _, err := store.Resolve(ref); err == nil {
+ t.Error("expired forget-only ref should be unresolvable")
+ }
+ if _, err := os.Stat(path); err != nil {
+ t.Errorf("forget-only file should remain on disk: %v", err)
+ }
+}
+
func TestCleanExpiredKeepsNonExpired(t *testing.T) {
dir := t.TempDir()
now := time.Now()
@@ -346,6 +475,53 @@ func TestCleanExpiredMixedAges(t *testing.T) {
}
}
+func TestCleanExpiredSharedPathDeletesOnFinalRefOnly(t *testing.T) {
+ dir := t.TempDir()
+ now := time.Now()
+ store := newTestStoreWithCleanup(10 * time.Minute)
+
+ path := createTempFile(t, dir, "shared.jpg")
+
+ store.nowFunc = func() time.Time { return now.Add(-20 * time.Minute) }
+ oldRef, err := store.Store(path, MediaMeta{
+ Source: "test",
+ CleanupPolicy: CleanupPolicyDeleteOnCleanup,
+ }, "scope-old")
+ if err != nil {
+ t.Fatalf("Store(old) failed: %v", err)
+ }
+
+ store.nowFunc = func() time.Time { return now }
+ freshRef, err := store.Store(path, MediaMeta{
+ Source: "test",
+ CleanupPolicy: CleanupPolicyDeleteOnCleanup,
+ }, "scope-fresh")
+ if err != nil {
+ t.Fatalf("Store(fresh) failed: %v", err)
+ }
+
+ removed := store.CleanExpired()
+ if removed != 1 {
+ t.Errorf("expected 1 removed, got %d", removed)
+ }
+ if _, err := store.Resolve(oldRef); err == nil {
+ t.Error("old ref should be gone after cleanup")
+ }
+ if _, err := store.Resolve(freshRef); err != nil {
+ t.Fatalf("fresh ref should still resolve: %v", err)
+ }
+ if _, err := os.Stat(path); err != nil {
+ t.Errorf("shared file should remain while fresh ref exists: %v", err)
+ }
+
+ if err := store.ReleaseAll("scope-fresh"); err != nil {
+ t.Fatalf("ReleaseAll(scope-fresh) failed: %v", err)
+ }
+ if _, err := os.Stat(path); !os.IsNotExist(err) {
+ t.Error("shared file should be deleted after final ref is released")
+ }
+}
+
func TestCleanExpiredCleansEmptyScopes(t *testing.T) {
dir := t.TempDir()
now := time.Now()
diff --git a/pkg/migrate/internal/common.go b/pkg/migrate/internal/common.go
index 75aef5dc2..65a87adc4 100644
--- a/pkg/migrate/internal/common.go
+++ b/pkg/migrate/internal/common.go
@@ -6,6 +6,7 @@ import (
"os"
"path/filepath"
+ "github.com/sipeed/picoclaw/pkg"
"github.com/sipeed/picoclaw/pkg/config"
)
@@ -20,7 +21,7 @@ func ResolveTargetHome(override string) (string, error) {
if err != nil {
return "", fmt.Errorf("resolving home directory: %w", err)
}
- return filepath.Join(home, ".picoclaw"), nil
+ return filepath.Join(home, pkg.DefaultPicoClawHome), nil
}
func ExpandHome(path string) string {
diff --git a/pkg/migrate/sources/openclaw/openclaw_config.go b/pkg/migrate/sources/openclaw/openclaw_config.go
index 317bd3e84..b56194b3d 100644
--- a/pkg/migrate/sources/openclaw/openclaw_config.go
+++ b/pkg/migrate/sources/openclaw/openclaw_config.go
@@ -981,13 +981,16 @@ func (c *PicoClawConfig) ToStandardConfig() *config.Config {
cfg.Agents.Defaults.ModelFallbacks = c.Agents.Defaults.ModelFallbacks
for _, m := range c.ModelList {
- cfg.ModelList = append(cfg.ModelList, config.ModelConfig{
+ mc := &config.ModelConfig{
ModelName: m.ModelName,
Model: m.Model,
APIBase: m.APIBase,
- APIKey: m.APIKey,
Proxy: m.Proxy,
- })
+ }
+ if m.APIKey != "" {
+ mc.SetAPIKey(m.APIKey)
+ }
+ cfg.ModelList = append(cfg.ModelList, mc)
}
cfg.Channels = c.Channels.ToStandardChannels()
@@ -1020,59 +1023,107 @@ func (c ChannelsConfig) ToStandardChannels() config.ChannelsConfig {
Enabled: c.WhatsApp.Enabled,
BridgeURL: c.WhatsApp.BridgeURL,
},
- Telegram: config.TelegramConfig{
- Enabled: c.Telegram.Enabled,
- Token: c.Telegram.Token,
- Proxy: c.Telegram.Proxy,
- },
- Feishu: config.FeishuConfig{
- Enabled: c.Feishu.Enabled,
- AppID: c.Feishu.AppID,
- AppSecret: c.Feishu.AppSecret,
- EncryptKey: c.Feishu.EncryptKey,
- VerificationToken: c.Feishu.VerificationToken,
- },
- Discord: config.DiscordConfig{
- Enabled: c.Discord.Enabled,
- Token: c.Discord.Token,
- MentionOnly: c.Discord.MentionOnly,
- },
+ Telegram: func() config.TelegramConfig {
+ tc := config.TelegramConfig{
+ Enabled: c.Telegram.Enabled,
+ Proxy: c.Telegram.Proxy,
+ }
+ if c.Telegram.Token != "" {
+ tc.SetToken(c.Telegram.Token)
+ }
+ return tc
+ }(),
+ Feishu: func() config.FeishuConfig {
+ fc := config.FeishuConfig{
+ Enabled: c.Feishu.Enabled,
+ AppID: c.Feishu.AppID,
+ }
+ if c.Feishu.AppSecret != "" {
+ fc.SetAppSecret(c.Feishu.AppSecret)
+ }
+ if c.Feishu.EncryptKey != "" {
+ fc.SetEncryptKey(c.Feishu.EncryptKey)
+ }
+ if c.Feishu.VerificationToken != "" {
+ fc.SetVerificationToken(c.Feishu.VerificationToken)
+ }
+ return fc
+ }(),
+ Discord: func() config.DiscordConfig {
+ dc := config.DiscordConfig{
+ Enabled: c.Discord.Enabled,
+ MentionOnly: c.Discord.MentionOnly,
+ }
+ if c.Discord.Token != "" {
+ dc.SetToken(c.Discord.Token)
+ }
+ return dc
+ }(),
MaixCam: config.MaixCamConfig{
Enabled: c.MaixCam.Enabled,
Host: c.MaixCam.Host,
Port: c.MaixCam.Port,
},
- QQ: config.QQConfig{
- Enabled: c.QQ.Enabled,
- AppID: c.QQ.AppID,
- AppSecret: c.QQ.AppSecret,
- },
- DingTalk: config.DingTalkConfig{
- Enabled: c.DingTalk.Enabled,
- ClientID: c.DingTalk.ClientID,
- ClientSecret: c.DingTalk.ClientSecret,
- },
- Slack: config.SlackConfig{
- Enabled: c.Slack.Enabled,
- BotToken: c.Slack.BotToken,
- AppToken: c.Slack.AppToken,
- },
- Matrix: config.MatrixConfig{
- Enabled: c.Matrix.Enabled,
- Homeserver: c.Matrix.Homeserver,
- UserID: c.Matrix.UserID,
- AccessToken: c.Matrix.AccessToken,
- AllowFrom: c.Matrix.AllowFrom,
- JoinOnInvite: true,
- },
- LINE: config.LINEConfig{
- Enabled: c.LINE.Enabled,
- ChannelSecret: c.LINE.ChannelSecret,
- ChannelAccessToken: c.LINE.ChannelAccessToken,
- WebhookHost: c.LINE.WebhookHost,
- WebhookPort: c.LINE.WebhookPort,
- WebhookPath: c.LINE.WebhookPath,
- },
+ QQ: func() config.QQConfig {
+ qc := config.QQConfig{
+ Enabled: c.QQ.Enabled,
+ AppID: c.QQ.AppID,
+ }
+ if c.QQ.AppSecret != "" {
+ qc.SetAppSecret(c.QQ.AppSecret)
+ }
+ return qc
+ }(),
+ DingTalk: func() config.DingTalkConfig {
+ dt := config.DingTalkConfig{
+ Enabled: c.DingTalk.Enabled,
+ ClientID: c.DingTalk.ClientID,
+ }
+ if c.DingTalk.ClientSecret != "" {
+ dt.SetClientSecret(c.DingTalk.ClientSecret)
+ }
+ return dt
+ }(),
+ Slack: func() config.SlackConfig {
+ sc := config.SlackConfig{
+ Enabled: c.Slack.Enabled,
+ }
+ if c.Slack.BotToken != "" {
+ sc.SetBotToken(c.Slack.BotToken)
+ }
+ if c.Slack.AppToken != "" {
+ sc.SetAppToken(c.Slack.AppToken)
+ }
+ return sc
+ }(),
+ Matrix: func() config.MatrixConfig {
+ mc := config.MatrixConfig{
+ Enabled: c.Matrix.Enabled,
+ Homeserver: c.Matrix.Homeserver,
+ UserID: c.Matrix.UserID,
+ AllowFrom: c.Matrix.AllowFrom,
+ JoinOnInvite: true,
+ }
+ if c.Matrix.AccessToken != "" {
+ mc.SetAccessToken(c.Matrix.AccessToken)
+ }
+ return mc
+ }(),
+ LINE: func() config.LINEConfig {
+ lc := config.LINEConfig{
+ Enabled: c.LINE.Enabled,
+ WebhookHost: c.LINE.WebhookHost,
+ WebhookPort: c.LINE.WebhookPort,
+ WebhookPath: c.LINE.WebhookPath,
+ }
+ if c.LINE.ChannelSecret != "" {
+ lc.SetChannelSecret(c.LINE.ChannelSecret)
+ }
+ if c.LINE.ChannelAccessToken != "" {
+ lc.SetChannelAccessToken(c.LINE.ChannelAccessToken)
+ }
+ return lc
+ }(),
}
}
@@ -1084,30 +1135,44 @@ func (c GatewayConfig) ToStandardGateway() config.GatewayConfig {
}
func (c ToolsConfig) ToStandardTools() config.ToolsConfig {
+ brave := config.BraveConfig{
+ Enabled: c.Web.Brave.Enabled,
+ MaxResults: c.Web.Brave.MaxResults,
+ }
+ if c.Web.Brave.APIKey != "" {
+ brave.SetAPIKey(c.Web.Brave.APIKey)
+ }
+ if len(c.Web.Brave.APIKeys) > 0 {
+ brave.SetAPIKeys(c.Web.Brave.APIKeys)
+ }
+
+ tavily := config.TavilyConfig{
+ Enabled: c.Web.Tavily.Enabled,
+ BaseURL: c.Web.Tavily.BaseURL,
+ MaxResults: c.Web.Tavily.MaxResults,
+ }
+ if c.Web.Tavily.APIKey != "" {
+ tavily.SetAPIKey(c.Web.Tavily.APIKey)
+ }
+
+ perplexity := config.PerplexityConfig{
+ Enabled: c.Web.Perplexity.Enabled,
+ MaxResults: c.Web.Perplexity.MaxResults,
+ }
+ if c.Web.Perplexity.APIKey != "" {
+ perplexity.SetAPIKey(c.Web.Perplexity.APIKey)
+ }
+
return config.ToolsConfig{
Web: config.WebToolsConfig{
- Brave: config.BraveConfig{
- Enabled: c.Web.Brave.Enabled,
- APIKey: c.Web.Brave.APIKey,
- APIKeys: c.Web.Brave.APIKeys,
- MaxResults: c.Web.Brave.MaxResults,
- },
- Tavily: config.TavilyConfig{
- Enabled: c.Web.Tavily.Enabled,
- APIKey: c.Web.Tavily.APIKey,
- BaseURL: c.Web.Tavily.BaseURL,
- MaxResults: c.Web.Tavily.MaxResults,
- },
+ Brave: brave,
+ Tavily: tavily,
DuckDuckGo: config.DuckDuckGoConfig{
Enabled: c.Web.DuckDuckGo.Enabled,
MaxResults: c.Web.DuckDuckGo.MaxResults,
},
- Perplexity: config.PerplexityConfig{
- Enabled: c.Web.Perplexity.Enabled,
- APIKey: c.Web.Perplexity.APIKey,
- MaxResults: c.Web.Perplexity.MaxResults,
- },
- Proxy: c.Web.Proxy,
+ Perplexity: perplexity,
+ Proxy: c.Web.Proxy,
},
Cron: config.CronToolsConfig{
ExecTimeoutMinutes: c.Cron.ExecTimeoutMinutes,
diff --git a/pkg/migrate/sources/openclaw/openclaw_config_test.go b/pkg/migrate/sources/openclaw/openclaw_config_test.go
index 802693825..350b29776 100644
--- a/pkg/migrate/sources/openclaw/openclaw_config_test.go
+++ b/pkg/migrate/sources/openclaw/openclaw_config_test.go
@@ -697,7 +697,7 @@ func TestToStandardConfig(t *testing.T) {
for _, m := range stdCfg.ModelList {
if m.ModelName == "claude-sonnet-4-20250514" {
foundModel = true
- foundAPIKey = m.APIKey
+ foundAPIKey = m.APIKey()
break
}
}
@@ -711,8 +711,8 @@ func TestToStandardConfig(t *testing.T) {
if !stdCfg.Channels.Telegram.Enabled {
t.Error("telegram should be enabled")
}
- if stdCfg.Channels.Telegram.Token != "test-token" {
- t.Errorf("expected token 'test-token', got '%s'", stdCfg.Channels.Telegram.Token)
+ if stdCfg.Channels.Telegram.Token() != "test-token" {
+ t.Errorf("expected token 'test-token', got '%s'", stdCfg.Channels.Telegram.Token())
}
if stdCfg.Gateway.Port != 8080 {
diff --git a/pkg/providers/claude_cli_provider_test.go b/pkg/providers/claude_cli_provider_test.go
index d4d648f5a..bc9960f0c 100644
--- a/pkg/providers/claude_cli_provider_test.go
+++ b/pkg/providers/claude_cli_provider_test.go
@@ -413,10 +413,10 @@ func TestChat_EmptyWorkspaceDoesNotSetDir(t *testing.T) {
func TestCreateProvider_ClaudeCli(t *testing.T) {
cfg := config.DefaultConfig()
- cfg.ModelList = []config.ModelConfig{
+ cfg.ModelList = []*config.ModelConfig{
{ModelName: "claude-sonnet-4.6", Model: "claude-cli/claude-sonnet-4.6", Workspace: "/test/ws"},
}
- cfg.Agents.Defaults.Model = "claude-sonnet-4.6"
+ cfg.Agents.Defaults.ModelName = "claude-sonnet-4.6"
provider, _, err := CreateProvider(cfg)
if err != nil {
@@ -434,10 +434,10 @@ func TestCreateProvider_ClaudeCli(t *testing.T) {
func TestCreateProvider_ClaudeCode(t *testing.T) {
cfg := config.DefaultConfig()
- cfg.ModelList = []config.ModelConfig{
+ cfg.ModelList = []*config.ModelConfig{
{ModelName: "claude-code", Model: "claude-cli/claude-code"},
}
- cfg.Agents.Defaults.Model = "claude-code"
+ cfg.Agents.Defaults.ModelName = "claude-code"
provider, _, err := CreateProvider(cfg)
if err != nil {
@@ -450,10 +450,10 @@ func TestCreateProvider_ClaudeCode(t *testing.T) {
func TestCreateProvider_ClaudeCodec(t *testing.T) {
cfg := config.DefaultConfig()
- cfg.ModelList = []config.ModelConfig{
+ cfg.ModelList = []*config.ModelConfig{
{ModelName: "claudecode", Model: "claude-cli/claudecode"},
}
- cfg.Agents.Defaults.Model = "claudecode"
+ cfg.Agents.Defaults.ModelName = "claudecode"
provider, _, err := CreateProvider(cfg)
if err != nil {
@@ -466,10 +466,10 @@ func TestCreateProvider_ClaudeCodec(t *testing.T) {
func TestCreateProvider_ClaudeCliDefaultWorkspace(t *testing.T) {
cfg := config.DefaultConfig()
- cfg.ModelList = []config.ModelConfig{
+ cfg.ModelList = []*config.ModelConfig{
{ModelName: "claude-cli", Model: "claude-cli/claude-sonnet"},
}
- cfg.Agents.Defaults.Model = "claude-cli"
+ cfg.Agents.Defaults.ModelName = "claude-cli"
cfg.Agents.Defaults.Workspace = ""
provider, _, err := CreateProvider(cfg)
diff --git a/pkg/providers/common/common.go b/pkg/providers/common/common.go
index 23680a1bf..90142fb8b 100644
--- a/pkg/providers/common/common.go
+++ b/pkg/providers/common/common.go
@@ -111,6 +111,17 @@ func SerializeMessages(messages []Message) []any {
"url": mediaURL,
},
})
+ continue
+ }
+
+ if format, data, ok := parseDataAudioURL(mediaURL); ok {
+ parts = append(parts, map[string]any{
+ "type": "input_audio",
+ "input_audio": map[string]any{
+ "data": data,
+ "format": format,
+ },
+ })
}
}
@@ -132,6 +143,26 @@ func SerializeMessages(messages []Message) []any {
return out
}
+func parseDataAudioURL(mediaURL string) (format, data string, ok bool) {
+ if !strings.HasPrefix(mediaURL, "data:audio/") {
+ return "", "", false
+ }
+
+ payload := strings.TrimPrefix(mediaURL, "data:audio/")
+ meta, data, found := strings.Cut(payload, ",")
+ if !found {
+ return "", "", false
+ }
+
+ format, _, _ = strings.Cut(meta, ";")
+ format = strings.TrimSpace(format)
+ data = strings.TrimSpace(data)
+ if format == "" || data == "" {
+ return "", "", false
+ }
+ return format, data, true
+}
+
// --- Response parsing ---
// ParseResponse parses a JSON chat completion response body into an LLMResponse.
@@ -214,11 +245,20 @@ func ParseResponse(body io.Reader) (*LLMResponse, error) {
Reasoning: choice.Message.Reasoning,
ReasoningDetails: choice.Message.ReasoningDetails,
ToolCalls: toolCalls,
- FinishReason: choice.FinishReason,
+ FinishReason: normalizeFinishReason(choice.FinishReason),
Usage: apiResponse.Usage,
}, nil
}
+// normalizeFinishReason normalizes finish_reason values across providers.
+// Converts "length" to "truncated" for consistent handling.
+func normalizeFinishReason(reason string) string {
+ if reason == "length" {
+ return "truncated"
+ }
+ return reason
+}
+
// DecodeToolCallArguments decodes a tool call's arguments from raw JSON.
func DecodeToolCallArguments(raw json.RawMessage, name string) map[string]any {
arguments := make(map[string]any)
diff --git a/pkg/providers/common/common_test.go b/pkg/providers/common/common_test.go
index bb7e7434d..79a637d48 100644
--- a/pkg/providers/common/common_test.go
+++ b/pkg/providers/common/common_test.go
@@ -91,6 +91,44 @@ func TestSerializeMessages_WithMedia(t *testing.T) {
}
}
+func TestSerializeMessages_WithAudioMedia(t *testing.T) {
+ messages := []Message{
+ {Role: "user", Content: "transcribe this", Media: []string{"data:audio/ogg;base64,abc123"}},
+ }
+ result := SerializeMessages(messages)
+
+ data, _ := json.Marshal(result)
+ var msgs []map[string]any
+ json.Unmarshal(data, &msgs)
+
+ content, ok := msgs[0]["content"].([]any)
+ if !ok {
+ t.Fatalf("expected array content for media message, got %T", msgs[0]["content"])
+ }
+ if len(content) != 2 {
+ t.Fatalf("expected 2 content parts, got %d", len(content))
+ }
+
+ audioPart, ok := content[1].(map[string]any)
+ if !ok {
+ t.Fatalf("expected audio content part to be an object, got %T", content[1])
+ }
+ if audioPart["type"] != "input_audio" {
+ t.Fatalf("audio part type = %v, want input_audio", audioPart["type"])
+ }
+
+ inputAudio, ok := audioPart["input_audio"].(map[string]any)
+ if !ok {
+ t.Fatalf("expected input_audio object, got %T", audioPart["input_audio"])
+ }
+ if inputAudio["format"] != "ogg" {
+ t.Fatalf("audio format = %v, want ogg", inputAudio["format"])
+ }
+ if inputAudio["data"] != "abc123" {
+ t.Fatalf("audio data = %v, want abc123", inputAudio["data"])
+ }
+}
+
func TestSerializeMessages_MediaWithToolCallID(t *testing.T) {
messages := []Message{
{Role: "tool", Content: "result", Media: []string{"data:image/png;base64,xyz"}, ToolCallID: "call_1"},
diff --git a/pkg/providers/factory.go b/pkg/providers/factory.go
index d2afe2943..354acafcb 100644
--- a/pkg/providers/factory.go
+++ b/pkg/providers/factory.go
@@ -1,400 +1,7 @@
package providers
import (
- "fmt"
- "strings"
-
"github.com/sipeed/picoclaw/pkg/auth"
- "github.com/sipeed/picoclaw/pkg/config"
)
-const defaultAnthropicAPIBase = "https://api.anthropic.com/v1"
-
var getCredential = auth.GetCredential
-
-type providerType int
-
-const (
- providerTypeHTTPCompat providerType = iota
- providerTypeClaudeAuth
- providerTypeCodexAuth
- providerTypeCodexCLIToken
- providerTypeClaudeCLI
- providerTypeCodexCLI
- providerTypeGitHubCopilot
-)
-
-type providerSelection struct {
- providerType providerType
- apiKey string
- apiBase string
- proxy string
- model string
- workspace string
- connectMode string
- enableWebSearch bool
-}
-
-func resolveProviderSelection(cfg *config.Config) (providerSelection, error) {
- model := cfg.Agents.Defaults.GetModelName()
- providerName := strings.ToLower(cfg.Agents.Defaults.Provider)
- lowerModel := strings.ToLower(model)
-
- if providerName == "" && model == "" {
- return providerSelection{}, fmt.Errorf("no model configured: agents.defaults.model is empty")
- }
-
- sel := providerSelection{
- providerType: providerTypeHTTPCompat,
- model: model,
- }
-
- // First, prefer explicit provider configuration.
- if providerName != "" {
- switch providerName {
- case "groq":
- if cfg.Providers.Groq.APIKey != "" {
- sel.apiKey = cfg.Providers.Groq.APIKey
- sel.apiBase = cfg.Providers.Groq.APIBase
- sel.proxy = cfg.Providers.Groq.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://api.groq.com/openai/v1"
- }
- }
- case "openai", "gpt":
- if cfg.Providers.OpenAI.APIKey != "" || cfg.Providers.OpenAI.AuthMethod != "" {
- sel.enableWebSearch = cfg.Providers.OpenAI.WebSearch
- if cfg.Providers.OpenAI.AuthMethod == "codex-cli" {
- sel.providerType = providerTypeCodexCLIToken
- return sel, nil
- }
- if cfg.Providers.OpenAI.AuthMethod == "oauth" || cfg.Providers.OpenAI.AuthMethod == "token" {
- sel.providerType = providerTypeCodexAuth
- return sel, nil
- }
- sel.apiKey = cfg.Providers.OpenAI.APIKey
- sel.apiBase = cfg.Providers.OpenAI.APIBase
- sel.proxy = cfg.Providers.OpenAI.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://api.openai.com/v1"
- }
- }
- case "anthropic", "claude":
- if cfg.Providers.Anthropic.APIKey != "" || cfg.Providers.Anthropic.AuthMethod != "" {
- if cfg.Providers.Anthropic.AuthMethod == "oauth" || cfg.Providers.Anthropic.AuthMethod == "token" {
- sel.apiBase = cfg.Providers.Anthropic.APIBase
- if sel.apiBase == "" {
- sel.apiBase = defaultAnthropicAPIBase
- }
- sel.providerType = providerTypeClaudeAuth
- return sel, nil
- }
- sel.apiKey = cfg.Providers.Anthropic.APIKey
- sel.apiBase = cfg.Providers.Anthropic.APIBase
- sel.proxy = cfg.Providers.Anthropic.Proxy
- if sel.apiBase == "" {
- sel.apiBase = defaultAnthropicAPIBase
- }
- }
- case "openrouter":
- if cfg.Providers.OpenRouter.APIKey != "" {
- sel.apiKey = cfg.Providers.OpenRouter.APIKey
- sel.proxy = cfg.Providers.OpenRouter.Proxy
- if cfg.Providers.OpenRouter.APIBase != "" {
- sel.apiBase = cfg.Providers.OpenRouter.APIBase
- } else {
- sel.apiBase = "https://openrouter.ai/api/v1"
- }
- }
- case "litellm":
- if cfg.Providers.LiteLLM.APIKey != "" || cfg.Providers.LiteLLM.APIBase != "" {
- sel.apiKey = cfg.Providers.LiteLLM.APIKey
- sel.apiBase = cfg.Providers.LiteLLM.APIBase
- sel.proxy = cfg.Providers.LiteLLM.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "http://localhost:4000/v1"
- }
- }
- case "zhipu", "glm":
- if cfg.Providers.Zhipu.APIKey != "" {
- sel.apiKey = cfg.Providers.Zhipu.APIKey
- sel.apiBase = cfg.Providers.Zhipu.APIBase
- sel.proxy = cfg.Providers.Zhipu.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://open.bigmodel.cn/api/paas/v4"
- }
- }
- case "gemini", "google":
- if cfg.Providers.Gemini.APIKey != "" {
- sel.apiKey = cfg.Providers.Gemini.APIKey
- sel.apiBase = cfg.Providers.Gemini.APIBase
- sel.proxy = cfg.Providers.Gemini.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://generativelanguage.googleapis.com/v1beta"
- }
- }
- case "vllm":
- if cfg.Providers.VLLM.APIBase != "" {
- sel.apiKey = cfg.Providers.VLLM.APIKey
- sel.apiBase = cfg.Providers.VLLM.APIBase
- sel.proxy = cfg.Providers.VLLM.Proxy
- }
- case "shengsuanyun":
- if cfg.Providers.ShengSuanYun.APIKey != "" {
- sel.apiKey = cfg.Providers.ShengSuanYun.APIKey
- sel.apiBase = cfg.Providers.ShengSuanYun.APIBase
- sel.proxy = cfg.Providers.ShengSuanYun.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://router.shengsuanyun.com/api/v1"
- }
- }
- case "nvidia":
- if cfg.Providers.Nvidia.APIKey != "" {
- sel.apiKey = cfg.Providers.Nvidia.APIKey
- sel.apiBase = cfg.Providers.Nvidia.APIBase
- sel.proxy = cfg.Providers.Nvidia.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://integrate.api.nvidia.com/v1"
- }
- }
- case "vivgrid":
- if cfg.Providers.Vivgrid.APIKey != "" {
- sel.apiKey = cfg.Providers.Vivgrid.APIKey
- sel.apiBase = cfg.Providers.Vivgrid.APIBase
- sel.proxy = cfg.Providers.Vivgrid.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://api.vivgrid.com/v1"
- }
- }
- case "claude-cli", "claude-code", "claudecode":
- workspace := cfg.WorkspacePath()
- if workspace == "" {
- workspace = "."
- }
- sel.providerType = providerTypeClaudeCLI
- sel.workspace = workspace
- return sel, nil
- case "codex-cli", "codex-code":
- workspace := cfg.WorkspacePath()
- if workspace == "" {
- workspace = "."
- }
- sel.providerType = providerTypeCodexCLI
- sel.workspace = workspace
- return sel, nil
- case "deepseek":
- if cfg.Providers.DeepSeek.APIKey != "" {
- sel.apiKey = cfg.Providers.DeepSeek.APIKey
- sel.apiBase = cfg.Providers.DeepSeek.APIBase
- sel.proxy = cfg.Providers.DeepSeek.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://api.deepseek.com/v1"
- }
- if model != "deepseek-chat" && model != "deepseek-reasoner" {
- sel.model = "deepseek-chat"
- }
- }
- case "avian":
- if cfg.Providers.Avian.APIKey != "" {
- sel.apiKey = cfg.Providers.Avian.APIKey
- sel.apiBase = cfg.Providers.Avian.APIBase
- sel.proxy = cfg.Providers.Avian.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://api.avian.io/v1"
- }
- }
- case "mistral":
- if cfg.Providers.Mistral.APIKey != "" {
- sel.apiKey = cfg.Providers.Mistral.APIKey
- sel.apiBase = cfg.Providers.Mistral.APIBase
- sel.proxy = cfg.Providers.Mistral.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://api.mistral.ai/v1"
- }
- }
- case "minimax":
- if cfg.Providers.Minimax.APIKey != "" {
- sel.apiKey = cfg.Providers.Minimax.APIKey
- sel.apiBase = cfg.Providers.Minimax.APIBase
- sel.proxy = cfg.Providers.Minimax.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://api.minimaxi.com/v1"
- }
- }
- case "longcat":
- if cfg.Providers.LongCat.APIKey != "" {
- sel.apiKey = cfg.Providers.LongCat.APIKey
- sel.apiBase = cfg.Providers.LongCat.APIBase
- sel.proxy = cfg.Providers.LongCat.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://api.longcat.chat/openai"
- }
- }
- case "github_copilot", "copilot":
- sel.providerType = providerTypeGitHubCopilot
- if cfg.Providers.GitHubCopilot.APIBase != "" {
- sel.apiBase = cfg.Providers.GitHubCopilot.APIBase
- } else {
- sel.apiBase = "localhost:4321"
- }
- sel.connectMode = cfg.Providers.GitHubCopilot.ConnectMode
- return sel, nil
- }
- }
-
- // Fallback: infer provider from model and configured keys.
- if sel.apiKey == "" && sel.apiBase == "" {
- switch {
- case (strings.Contains(lowerModel, "kimi") || strings.Contains(lowerModel, "moonshot") || strings.HasPrefix(model, "moonshot/")) && cfg.Providers.Moonshot.APIKey != "":
- sel.apiKey = cfg.Providers.Moonshot.APIKey
- sel.apiBase = cfg.Providers.Moonshot.APIBase
- sel.proxy = cfg.Providers.Moonshot.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://api.moonshot.cn/v1"
- }
- case strings.HasPrefix(model, "openrouter/") ||
- strings.HasPrefix(model, "anthropic/") ||
- strings.HasPrefix(model, "openai/") ||
- strings.HasPrefix(model, "meta-llama/") ||
- strings.HasPrefix(model, "deepseek/") ||
- strings.HasPrefix(model, "google/"):
- sel.apiKey = cfg.Providers.OpenRouter.APIKey
- sel.proxy = cfg.Providers.OpenRouter.Proxy
- if cfg.Providers.OpenRouter.APIBase != "" {
- sel.apiBase = cfg.Providers.OpenRouter.APIBase
- } else {
- sel.apiBase = "https://openrouter.ai/api/v1"
- }
- case (strings.Contains(lowerModel, "claude") || strings.HasPrefix(model, "anthropic/")) &&
- (cfg.Providers.Anthropic.APIKey != "" || cfg.Providers.Anthropic.AuthMethod != ""):
- if cfg.Providers.Anthropic.AuthMethod == "oauth" || cfg.Providers.Anthropic.AuthMethod == "token" {
- sel.apiBase = cfg.Providers.Anthropic.APIBase
- if sel.apiBase == "" {
- sel.apiBase = defaultAnthropicAPIBase
- }
- sel.providerType = providerTypeClaudeAuth
- return sel, nil
- }
- sel.apiKey = cfg.Providers.Anthropic.APIKey
- sel.apiBase = cfg.Providers.Anthropic.APIBase
- sel.proxy = cfg.Providers.Anthropic.Proxy
- if sel.apiBase == "" {
- sel.apiBase = defaultAnthropicAPIBase
- }
- case (strings.Contains(lowerModel, "gpt") || strings.HasPrefix(model, "openai/")) &&
- (cfg.Providers.OpenAI.APIKey != "" || cfg.Providers.OpenAI.AuthMethod != ""):
- sel.enableWebSearch = cfg.Providers.OpenAI.WebSearch
- if cfg.Providers.OpenAI.AuthMethod == "codex-cli" {
- sel.providerType = providerTypeCodexCLIToken
- return sel, nil
- }
- if cfg.Providers.OpenAI.AuthMethod == "oauth" || cfg.Providers.OpenAI.AuthMethod == "token" {
- sel.providerType = providerTypeCodexAuth
- return sel, nil
- }
- sel.apiKey = cfg.Providers.OpenAI.APIKey
- sel.apiBase = cfg.Providers.OpenAI.APIBase
- sel.proxy = cfg.Providers.OpenAI.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://api.openai.com/v1"
- }
- case (strings.Contains(lowerModel, "gemini") || strings.HasPrefix(model, "google/")) && cfg.Providers.Gemini.APIKey != "":
- sel.apiKey = cfg.Providers.Gemini.APIKey
- sel.apiBase = cfg.Providers.Gemini.APIBase
- sel.proxy = cfg.Providers.Gemini.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://generativelanguage.googleapis.com/v1beta"
- }
- case (strings.Contains(lowerModel, "glm") || strings.Contains(lowerModel, "zhipu") || strings.Contains(lowerModel, "zai")) && cfg.Providers.Zhipu.APIKey != "":
- sel.apiKey = cfg.Providers.Zhipu.APIKey
- sel.apiBase = cfg.Providers.Zhipu.APIBase
- sel.proxy = cfg.Providers.Zhipu.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://open.bigmodel.cn/api/paas/v4"
- }
- case (strings.Contains(lowerModel, "groq") || strings.HasPrefix(model, "groq/")) && cfg.Providers.Groq.APIKey != "":
- sel.apiKey = cfg.Providers.Groq.APIKey
- sel.apiBase = cfg.Providers.Groq.APIBase
- sel.proxy = cfg.Providers.Groq.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://api.groq.com/openai/v1"
- }
- case (strings.Contains(lowerModel, "nvidia") || strings.HasPrefix(model, "nvidia/")) && cfg.Providers.Nvidia.APIKey != "":
- sel.apiKey = cfg.Providers.Nvidia.APIKey
- sel.apiBase = cfg.Providers.Nvidia.APIBase
- sel.proxy = cfg.Providers.Nvidia.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://integrate.api.nvidia.com/v1"
- }
- case strings.HasPrefix(model, "vivgrid/") && cfg.Providers.Vivgrid.APIKey != "":
- sel.apiKey = cfg.Providers.Vivgrid.APIKey
- sel.apiBase = cfg.Providers.Vivgrid.APIBase
- sel.proxy = cfg.Providers.Vivgrid.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://api.vivgrid.com/v1"
- }
- case (strings.Contains(lowerModel, "ollama") || strings.HasPrefix(model, "ollama/")) && cfg.Providers.Ollama.APIKey != "":
- sel.apiKey = cfg.Providers.Ollama.APIKey
- sel.apiBase = cfg.Providers.Ollama.APIBase
- sel.proxy = cfg.Providers.Ollama.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "http://localhost:11434/v1"
- }
- case (strings.Contains(lowerModel, "mistral") || strings.HasPrefix(model, "mistral/")) && cfg.Providers.Mistral.APIKey != "":
- sel.apiKey = cfg.Providers.Mistral.APIKey
- sel.apiBase = cfg.Providers.Mistral.APIBase
- sel.proxy = cfg.Providers.Mistral.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://api.mistral.ai/v1"
- }
- case (strings.Contains(lowerModel, "minimax") || strings.HasPrefix(model, "minimax/")) && cfg.Providers.Minimax.APIKey != "":
- sel.apiKey = cfg.Providers.Minimax.APIKey
- sel.apiBase = cfg.Providers.Minimax.APIBase
- sel.proxy = cfg.Providers.Minimax.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://api.minimaxi.com/v1"
- }
- case strings.HasPrefix(model, "avian/") && cfg.Providers.Avian.APIKey != "":
- sel.apiKey = cfg.Providers.Avian.APIKey
- sel.apiBase = cfg.Providers.Avian.APIBase
- sel.proxy = cfg.Providers.Avian.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://api.avian.io/v1"
- }
- case (strings.Contains(lowerModel, "longcat") || strings.HasPrefix(model, "longcat/")) && cfg.Providers.LongCat.APIKey != "":
- sel.apiKey = cfg.Providers.LongCat.APIKey
- sel.apiBase = cfg.Providers.LongCat.APIBase
- sel.proxy = cfg.Providers.LongCat.Proxy
- if sel.apiBase == "" {
- sel.apiBase = "https://api.longcat.chat/openai"
- }
- case cfg.Providers.VLLM.APIBase != "":
- sel.apiKey = cfg.Providers.VLLM.APIKey
- sel.apiBase = cfg.Providers.VLLM.APIBase
- sel.proxy = cfg.Providers.VLLM.Proxy
- default:
- if cfg.Providers.OpenRouter.APIKey != "" {
- sel.apiKey = cfg.Providers.OpenRouter.APIKey
- sel.proxy = cfg.Providers.OpenRouter.Proxy
- if cfg.Providers.OpenRouter.APIBase != "" {
- sel.apiBase = cfg.Providers.OpenRouter.APIBase
- } else {
- sel.apiBase = "https://openrouter.ai/api/v1"
- }
- } else {
- return providerSelection{}, fmt.Errorf("no API key configured for model: %s", model)
- }
- }
- }
-
- if sel.providerType == providerTypeHTTPCompat {
- if sel.apiKey == "" && !strings.HasPrefix(model, "bedrock/") {
- return providerSelection{}, fmt.Errorf("no API key configured for provider (model: %s)", model)
- }
- if sel.apiBase == "" {
- return providerSelection{}, fmt.Errorf("no API base configured for provider (model: %s)", model)
- }
- }
-
- return sel, nil
-}
diff --git a/pkg/providers/factory_provider.go b/pkg/providers/factory_provider.go
index 7e33f4d17..68335a108 100644
--- a/pkg/providers/factory_provider.go
+++ b/pkg/providers/factory_provider.go
@@ -80,7 +80,7 @@ func CreateProviderFromConfig(cfg *config.ModelConfig) (LLMProvider, string, err
return provider, modelID, nil
}
// OpenAI with API key
- if cfg.APIKey == "" && cfg.APIBase == "" {
+ if cfg.APIKey() == "" && cfg.APIBase == "" {
return nil, "", fmt.Errorf("api_key or api_base is required for HTTP-based protocol %q", protocol)
}
apiBase := cfg.APIBase
@@ -88,7 +88,7 @@ func CreateProviderFromConfig(cfg *config.ModelConfig) (LLMProvider, string, err
apiBase = getDefaultAPIBase(protocol)
}
return NewHTTPProviderWithMaxTokensFieldAndRequestTimeout(
- cfg.APIKey,
+ cfg.APIKey(),
apiBase,
cfg.Proxy,
cfg.MaxTokensField,
@@ -99,7 +99,7 @@ func CreateProviderFromConfig(cfg *config.ModelConfig) (LLMProvider, string, err
case "azure", "azure-openai":
// Azure OpenAI uses deployment-based URLs, api-key header auth,
// and always sends max_completion_tokens.
- if cfg.APIKey == "" {
+ if cfg.APIKey() == "" {
return nil, "", fmt.Errorf("api_key is required for azure protocol")
}
if cfg.APIBase == "" {
@@ -108,7 +108,7 @@ func CreateProviderFromConfig(cfg *config.ModelConfig) (LLMProvider, string, err
)
}
return azure.NewProviderWithTimeout(
- cfg.APIKey,
+ cfg.APIKey(),
cfg.APIBase,
cfg.Proxy,
cfg.RequestTimeout,
@@ -120,7 +120,7 @@ func CreateProviderFromConfig(cfg *config.ModelConfig) (LLMProvider, string, err
"qwen-us", "dashscope-us", "mistral", "avian", "longcat", "modelscope", "novita",
"coding-plan", "alibaba-coding", "qwen-coding":
// All other OpenAI-compatible HTTP providers
- if cfg.APIKey == "" && cfg.APIBase == "" {
+ if cfg.APIKey() == "" && cfg.APIBase == "" {
return nil, "", fmt.Errorf("api_key or api_base is required for HTTP-based protocol %q", protocol)
}
apiBase := cfg.APIBase
@@ -128,7 +128,7 @@ func CreateProviderFromConfig(cfg *config.ModelConfig) (LLMProvider, string, err
apiBase = getDefaultAPIBase(protocol)
}
return NewHTTPProviderWithMaxTokensFieldAndRequestTimeout(
- cfg.APIKey,
+ cfg.APIKey(),
apiBase,
cfg.Proxy,
cfg.MaxTokensField,
@@ -175,11 +175,11 @@ func CreateProviderFromConfig(cfg *config.ModelConfig) (LLMProvider, string, err
if apiBase == "" {
apiBase = "https://api.anthropic.com/v1"
}
- if cfg.APIKey == "" {
+ if cfg.APIKey() == "" {
return nil, "", fmt.Errorf("api_key is required for anthropic protocol (model: %s)", cfg.Model)
}
return NewHTTPProviderWithMaxTokensFieldAndRequestTimeout(
- cfg.APIKey,
+ cfg.APIKey(),
apiBase,
cfg.Proxy,
cfg.MaxTokensField,
@@ -193,11 +193,11 @@ func CreateProviderFromConfig(cfg *config.ModelConfig) (LLMProvider, string, err
if apiBase == "" {
apiBase = "https://api.anthropic.com/v1"
}
- if cfg.APIKey == "" {
+ if cfg.APIKey() == "" {
return nil, "", fmt.Errorf("api_key is required for anthropic-messages protocol (model: %s)", cfg.Model)
}
return anthropicmessages.NewProviderWithTimeout(
- cfg.APIKey,
+ cfg.APIKey(),
apiBase,
cfg.RequestTimeout,
), modelID, nil
@@ -208,11 +208,11 @@ func CreateProviderFromConfig(cfg *config.ModelConfig) (LLMProvider, string, err
if apiBase == "" {
apiBase = getDefaultAPIBase(protocol)
}
- if cfg.APIKey == "" {
+ if cfg.APIKey() == "" {
return nil, "", fmt.Errorf("api_key is required for %q protocol (model: %s)", protocol, cfg.Model)
}
return anthropicmessages.NewProviderWithTimeout(
- cfg.APIKey,
+ cfg.APIKey(),
apiBase,
cfg.RequestTimeout,
), modelID, nil
diff --git a/pkg/providers/factory_provider_test.go b/pkg/providers/factory_provider_test.go
index cdc2cea8f..06025fba2 100644
--- a/pkg/providers/factory_provider_test.go
+++ b/pkg/providers/factory_provider_test.go
@@ -90,9 +90,9 @@ func TestCreateProviderFromConfig_OpenAI(t *testing.T) {
cfg := &config.ModelConfig{
ModelName: "test-openai",
Model: "openai/gpt-4o",
- APIKey: "test-key",
APIBase: "https://api.example.com/v1",
}
+ cfg.SetAPIKey("test-key")
provider, modelID, err := CreateProviderFromConfig(cfg)
if err != nil {
@@ -130,8 +130,8 @@ func TestCreateProviderFromConfig_DefaultAPIBase(t *testing.T) {
cfg := &config.ModelConfig{
ModelName: "test-" + tt.protocol,
Model: tt.protocol + "/test-model",
- APIKey: "test-key",
}
+ cfg.SetAPIKey("test-key")
provider, _, err := CreateProviderFromConfig(cfg)
if err != nil {
@@ -156,9 +156,9 @@ func TestCreateProviderFromConfig_LiteLLM(t *testing.T) {
cfg := &config.ModelConfig{
ModelName: "test-litellm",
Model: "litellm/my-proxy-alias",
- APIKey: "test-key",
APIBase: "http://localhost:4000/v1",
}
+ cfg.SetAPIKey("test-key")
provider, modelID, err := CreateProviderFromConfig(cfg)
if err != nil {
@@ -176,9 +176,9 @@ func TestCreateProviderFromConfig_LongCat(t *testing.T) {
cfg := &config.ModelConfig{
ModelName: "test-longcat",
Model: "longcat/LongCat-Flash-Thinking",
- APIKey: "test-key",
APIBase: "https://api.longcat.chat/openai",
}
+ cfg.SetAPIKey("test-key")
provider, modelID, err := CreateProviderFromConfig(cfg)
if err != nil {
@@ -199,9 +199,9 @@ func TestCreateProviderFromConfig_ModelScope(t *testing.T) {
cfg := &config.ModelConfig{
ModelName: "test-modelscope",
Model: "modelscope/Qwen/Qwen3-235B-A22B-Instruct-2507",
- APIKey: "test-key",
APIBase: "https://api-inference.modelscope.cn/v1",
}
+ cfg.SetAPIKey("test-key")
provider, modelID, err := CreateProviderFromConfig(cfg)
if err != nil {
@@ -228,8 +228,8 @@ func TestCreateProviderFromConfig_Novita(t *testing.T) {
cfg := &config.ModelConfig{
ModelName: "test-novita",
Model: "novita/deepseek/deepseek-v3.2",
- APIKey: "test-key",
}
+ cfg.SetAPIKey("test-key")
provider, modelID, err := CreateProviderFromConfig(cfg)
if err != nil {
@@ -256,8 +256,8 @@ func TestCreateProviderFromConfig_Anthropic(t *testing.T) {
cfg := &config.ModelConfig{
ModelName: "test-anthropic",
Model: "anthropic/claude-sonnet-4.6",
- APIKey: "test-key",
}
+ cfg.SetAPIKey("test-key")
provider, modelID, err := CreateProviderFromConfig(cfg)
if err != nil {
@@ -341,8 +341,8 @@ func TestCreateProviderFromConfig_UnknownProtocol(t *testing.T) {
cfg := &config.ModelConfig{
ModelName: "test-unknown",
Model: "unknown-protocol/model",
- APIKey: "test-key",
}
+ cfg.SetAPIKey("test-key")
_, _, err := CreateProviderFromConfig(cfg)
if err == nil {
@@ -383,6 +383,7 @@ func TestCreateProviderFromConfig_RequestTimeoutPropagation(t *testing.T) {
APIBase: server.URL,
RequestTimeout: 1,
}
+ cfg.SetAPIKey("test-key")
provider, modelID, err := CreateProviderFromConfig(cfg)
if err != nil {
@@ -412,9 +413,9 @@ func TestCreateProviderFromConfig_Azure(t *testing.T) {
cfg := &config.ModelConfig{
ModelName: "azure-gpt5",
Model: "azure/my-gpt5-deployment",
- APIKey: "test-azure-key",
APIBase: "https://my-resource.openai.azure.com",
}
+ cfg.SetAPIKey("test-azure-key")
provider, modelID, err := CreateProviderFromConfig(cfg)
if err != nil {
@@ -432,9 +433,9 @@ func TestCreateProviderFromConfig_AzureOpenAIAlias(t *testing.T) {
cfg := &config.ModelConfig{
ModelName: "azure-gpt4",
Model: "azure-openai/my-deployment",
- APIKey: "test-azure-key",
APIBase: "https://my-resource.openai.azure.com",
}
+ cfg.SetAPIKey("test-azure-key")
provider, modelID, err := CreateProviderFromConfig(cfg)
if err != nil {
@@ -465,8 +466,8 @@ func TestCreateProviderFromConfig_AzureMissingAPIBase(t *testing.T) {
cfg := &config.ModelConfig{
ModelName: "azure-gpt5",
Model: "azure/my-gpt5-deployment",
- APIKey: "test-azure-key",
}
+ cfg.SetAPIKey("test-azure-key")
_, _, err := CreateProviderFromConfig(cfg)
if err == nil {
@@ -489,8 +490,8 @@ func TestCreateProviderFromConfig_QwenInternationalAlias(t *testing.T) {
cfg := &config.ModelConfig{
ModelName: "test-" + tt.protocol,
Model: tt.protocol + "/qwen-max",
- APIKey: "test-key",
}
+ cfg.SetAPIKey("test-key")
provider, modelID, err := CreateProviderFromConfig(cfg)
if err != nil {
@@ -523,8 +524,8 @@ func TestCreateProviderFromConfig_QwenUSAlias(t *testing.T) {
cfg := &config.ModelConfig{
ModelName: "test-" + tt.protocol,
Model: tt.protocol + "/qwen-max",
- APIKey: "test-key",
}
+ cfg.SetAPIKey("test-key")
provider, modelID, err := CreateProviderFromConfig(cfg)
if err != nil {
@@ -557,8 +558,8 @@ func TestCreateProviderFromConfig_CodingPlanAnthropic(t *testing.T) {
cfg := &config.ModelConfig{
ModelName: "test-" + tt.protocol,
Model: tt.protocol + "/claude-sonnet-4-20250514",
- APIKey: "test-key",
}
+ cfg.SetAPIKey("test-key")
provider, modelID, err := CreateProviderFromConfig(cfg)
if err != nil {
diff --git a/pkg/providers/factory_test.go b/pkg/providers/factory_test.go
index 91469f25b..b99f5baf9 100644
--- a/pkg/providers/factory_test.go
+++ b/pkg/providers/factory_test.go
@@ -1,262 +1,22 @@
package providers
import (
- "strings"
"testing"
"github.com/sipeed/picoclaw/pkg/auth"
"github.com/sipeed/picoclaw/pkg/config"
)
-func TestResolveProviderSelection(t *testing.T) {
- tests := []struct {
- name string
- setup func(*config.Config)
- wantType providerType
- wantAPIBase string
- wantProxy string
- wantErrSubstr string
- }{
- {
- name: "explicit litellm provider uses configured base",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Provider = "litellm"
- cfg.Providers.LiteLLM.APIKey = "litellm-key"
- cfg.Providers.LiteLLM.APIBase = "http://localhost:4000/v1"
- cfg.Providers.LiteLLM.Proxy = "http://127.0.0.1:7890"
- },
- wantType: providerTypeHTTPCompat,
- wantAPIBase: "http://localhost:4000/v1",
- wantProxy: "http://127.0.0.1:7890",
- },
- {
- name: "explicit litellm provider defaults base when only key is configured",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Provider = "litellm"
- cfg.Providers.LiteLLM.APIKey = "litellm-key"
- },
- wantType: providerTypeHTTPCompat,
- wantAPIBase: "http://localhost:4000/v1",
- },
- {
- name: "explicit claude-cli provider routes to cli provider type",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Provider = "claude-cli"
- cfg.Agents.Defaults.Workspace = "/tmp/ws"
- },
- wantType: providerTypeClaudeCLI,
- },
- {
- name: "explicit copilot provider routes to github copilot type",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Provider = "copilot"
- },
- wantType: providerTypeGitHubCopilot,
- wantAPIBase: "localhost:4321",
- },
- {
- name: "explicit deepseek provider uses deepseek defaults",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Provider = "deepseek"
- cfg.Agents.Defaults.Model = "deepseek/deepseek-chat"
- cfg.Providers.DeepSeek.APIKey = "deepseek-key"
- cfg.Providers.DeepSeek.Proxy = "http://127.0.0.1:7890"
- },
- wantType: providerTypeHTTPCompat,
- wantAPIBase: "https://api.deepseek.com/v1",
- wantProxy: "http://127.0.0.1:7890",
- },
- {
- name: "explicit shengsuanyun provider uses defaults",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Provider = "shengsuanyun"
- cfg.Providers.ShengSuanYun.APIKey = "ssy-key"
- cfg.Providers.ShengSuanYun.Proxy = "http://127.0.0.1:7890"
- },
- wantType: providerTypeHTTPCompat,
- wantAPIBase: "https://router.shengsuanyun.com/api/v1",
- wantProxy: "http://127.0.0.1:7890",
- },
- {
- name: "explicit nvidia provider uses defaults",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Provider = "nvidia"
- cfg.Providers.Nvidia.APIKey = "nvapi-test"
- cfg.Providers.Nvidia.Proxy = "http://127.0.0.1:7890"
- },
- wantType: providerTypeHTTPCompat,
- wantAPIBase: "https://integrate.api.nvidia.com/v1",
- wantProxy: "http://127.0.0.1:7890",
- },
- {
- name: "explicit vivgrid provider uses defaults",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Provider = "vivgrid"
- cfg.Providers.Vivgrid.APIKey = "vivgrid-key"
- cfg.Providers.Vivgrid.Proxy = "http://127.0.0.1:7890"
- },
- wantType: providerTypeHTTPCompat,
- wantAPIBase: "https://api.vivgrid.com/v1",
- wantProxy: "http://127.0.0.1:7890",
- },
- {
- name: "openrouter model uses openrouter defaults",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Model = "openrouter/auto"
- cfg.Providers.OpenRouter.APIKey = "sk-or-test"
- },
- wantType: providerTypeHTTPCompat,
- wantAPIBase: "https://openrouter.ai/api/v1",
- },
- {
- name: "anthropic oauth routes to claude auth provider",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Model = "claude-sonnet-4.6"
- cfg.Providers.Anthropic.AuthMethod = "oauth"
- },
- wantType: providerTypeClaudeAuth,
- },
- {
- name: "openai oauth routes to codex auth provider",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Model = "gpt-4o"
- cfg.Providers.OpenAI.AuthMethod = "oauth"
- },
- wantType: providerTypeCodexAuth,
- },
- {
- name: "openai codex-cli auth routes to codex cli token provider",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Model = "gpt-4o"
- cfg.Providers.OpenAI.AuthMethod = "codex-cli"
- },
- wantType: providerTypeCodexCLIToken,
- },
- {
- name: "explicit codex-code provider routes to codex cli provider type",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Provider = "codex-code"
- cfg.Agents.Defaults.Workspace = "/tmp/ws"
- },
- wantType: providerTypeCodexCLI,
- },
- {
- name: "zhipu model uses zhipu base default",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Model = "glm-4.7"
- cfg.Providers.Zhipu.APIKey = "zhipu-key"
- },
- wantType: providerTypeHTTPCompat,
- wantAPIBase: "https://open.bigmodel.cn/api/paas/v4",
- },
- {
- name: "groq model uses groq base default",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Model = "groq/llama-3.3-70b"
- cfg.Providers.Groq.APIKey = "gsk-key"
- },
- wantType: providerTypeHTTPCompat,
- wantAPIBase: "https://api.groq.com/openai/v1",
- },
- {
- name: "ollama model uses ollama base default",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Model = "ollama/qwen2.5:14b"
- cfg.Providers.Ollama.APIKey = "ollama-key"
- },
- wantType: providerTypeHTTPCompat,
- wantAPIBase: "http://localhost:11434/v1",
- },
- {
- name: "moonshot model keeps proxy and default base",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Model = "moonshot/kimi-k2.5"
- cfg.Providers.Moonshot.APIKey = "moonshot-key"
- cfg.Providers.Moonshot.Proxy = "http://127.0.0.1:7890"
- },
- wantType: providerTypeHTTPCompat,
- wantAPIBase: "https://api.moonshot.cn/v1",
- wantProxy: "http://127.0.0.1:7890",
- },
- {
- name: "explicit longcat provider uses defaults",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Provider = "longcat"
- cfg.Providers.LongCat.APIKey = "longcat-key"
- cfg.Providers.LongCat.Proxy = "http://127.0.0.1:7890"
- },
- wantType: providerTypeHTTPCompat,
- wantAPIBase: "https://api.longcat.chat/openai",
- wantProxy: "http://127.0.0.1:7890",
- },
- {
- name: "longcat model fallback uses longcat base default",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Model = "longcat/LongCat-Flash-Thinking"
- cfg.Providers.LongCat.APIKey = "longcat-key"
- },
- wantType: providerTypeHTTPCompat,
- wantAPIBase: "https://api.longcat.chat/openai",
- },
- {
- name: "missing keys returns model config error",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Model = "custom-model"
- },
- wantErrSubstr: "no API key configured for model",
- },
- {
- name: "openrouter prefix without key returns provider key error",
- setup: func(cfg *config.Config) {
- cfg.Agents.Defaults.Model = "openrouter/auto"
- },
- wantErrSubstr: "no API key configured for provider",
- },
- }
-
- for _, tt := range tests {
- t.Run(tt.name, func(t *testing.T) {
- cfg := config.DefaultConfig()
- tt.setup(cfg)
-
- got, err := resolveProviderSelection(cfg)
- if tt.wantErrSubstr != "" {
- if err == nil {
- t.Fatalf("expected error containing %q, got nil", tt.wantErrSubstr)
- }
- if !strings.Contains(err.Error(), tt.wantErrSubstr) {
- t.Fatalf("error = %q, want substring %q", err.Error(), tt.wantErrSubstr)
- }
- return
- }
-
- if err != nil {
- t.Fatalf("resolveProviderSelection() error = %v", err)
- }
- if got.providerType != tt.wantType {
- t.Fatalf("providerType = %v, want %v", got.providerType, tt.wantType)
- }
- if tt.wantAPIBase != "" && got.apiBase != tt.wantAPIBase {
- t.Fatalf("apiBase = %q, want %q", got.apiBase, tt.wantAPIBase)
- }
- if tt.wantProxy != "" && got.proxy != tt.wantProxy {
- t.Fatalf("proxy = %q, want %q", got.proxy, tt.wantProxy)
- }
- })
- }
-}
-
func TestCreateProviderReturnsHTTPProviderForOpenRouter(t *testing.T) {
cfg := config.DefaultConfig()
- cfg.Agents.Defaults.Model = "test-openrouter"
- cfg.ModelList = []config.ModelConfig{
- {
- ModelName: "test-openrouter",
- Model: "openrouter/auto",
- APIKey: "sk-or-test",
- APIBase: "https://openrouter.ai/api/v1",
- },
+ cfg.Agents.Defaults.ModelName = "test-openrouter"
+ modelCfg := &config.ModelConfig{
+ ModelName: "test-openrouter",
+ Model: "openrouter/auto",
+ APIBase: "https://openrouter.ai/api/v1",
}
+ modelCfg.SetAPIKey("sk-or-test")
+ cfg.ModelList = []*config.ModelConfig{modelCfg}
provider, _, err := CreateProvider(cfg)
if err != nil {
@@ -270,8 +30,8 @@ func TestCreateProviderReturnsHTTPProviderForOpenRouter(t *testing.T) {
func TestCreateProviderReturnsCodexCliProviderForCodexCode(t *testing.T) {
cfg := config.DefaultConfig()
- cfg.Agents.Defaults.Model = "test-codex"
- cfg.ModelList = []config.ModelConfig{
+ cfg.Agents.Defaults.ModelName = "test-codex"
+ cfg.ModelList = []*config.ModelConfig{
{
ModelName: "test-codex",
Model: "codex-cli/codex-model",
@@ -291,8 +51,8 @@ func TestCreateProviderReturnsCodexCliProviderForCodexCode(t *testing.T) {
func TestCreateProviderReturnsClaudeCliProviderForClaudeCli(t *testing.T) {
cfg := config.DefaultConfig()
- cfg.Agents.Defaults.Model = "test-claude-cli"
- cfg.ModelList = []config.ModelConfig{
+ cfg.Agents.Defaults.ModelName = "test-claude-cli"
+ cfg.ModelList = []*config.ModelConfig{
{
ModelName: "test-claude-cli",
Model: "claude-cli/claude-sonnet",
@@ -324,8 +84,8 @@ func TestCreateProviderReturnsClaudeProviderForAnthropicOAuth(t *testing.T) {
}
cfg := config.DefaultConfig()
- cfg.Agents.Defaults.Model = "test-claude-oauth"
- cfg.ModelList = []config.ModelConfig{
+ cfg.Agents.Defaults.ModelName = "test-claude-oauth"
+ cfg.ModelList = []*config.ModelConfig{
{
ModelName: "test-claude-oauth",
Model: "anthropic/claude-sonnet-4.6",
diff --git a/pkg/providers/legacy_provider.go b/pkg/providers/legacy_provider.go
index 26905159f..4b0815dd4 100644
--- a/pkg/providers/legacy_provider.go
+++ b/pkg/providers/legacy_provider.go
@@ -18,23 +18,6 @@ import (
func CreateProvider(cfg *config.Config) (LLMProvider, string, error) {
model := cfg.Agents.Defaults.GetModelName()
- // Ensure model_list is populated from providers config if needed
- // This handles two cases:
- // 1. ModelList is empty - convert all providers
- // 2. ModelList has some entries but not all providers - merge missing ones
- if cfg.HasProvidersConfig() {
- providerModels := config.ConvertProvidersToModelList(cfg)
- existingModelNames := make(map[string]bool)
- for _, m := range cfg.ModelList {
- existingModelNames[m.ModelName] = true
- }
- for _, pm := range providerModels {
- if !existingModelNames[pm.ModelName] {
- cfg.ModelList = append(cfg.ModelList, pm)
- }
- }
- }
-
// Must have model_list at this point
if len(cfg.ModelList) == 0 {
return nil, "", fmt.Errorf("no providers configured. Please add entries to model_list in your config")
diff --git a/pkg/routing/route_test.go b/pkg/routing/route_test.go
index 8255db5f9..fdfc899f9 100644
--- a/pkg/routing/route_test.go
+++ b/pkg/routing/route_test.go
@@ -11,7 +11,7 @@ func testConfig(agents []config.AgentConfig, bindings []config.AgentBinding) *co
Agents: config.AgentsConfig{
Defaults: config.AgentDefaults{
Workspace: "/tmp/picoclaw-test",
- Model: "gpt-4",
+ ModelName: "gpt-4",
},
List: agents,
},
diff --git a/pkg/tools/registry.go b/pkg/tools/registry.go
index 0b0f51cc1..ed373a28f 100644
--- a/pkg/tools/registry.go
+++ b/pkg/tools/registry.go
@@ -384,3 +384,22 @@ func (r *ToolRegistry) GetSummaries() []string {
}
return summaries
}
+
+// GetAll returns all registered tools (both core and non-core with TTL > 0).
+// Used by SubTurn to inherit parent's tool set.
+func (r *ToolRegistry) GetAll() []Tool {
+ r.mu.RLock()
+ defer r.mu.RUnlock()
+
+ sorted := r.sortedToolNames()
+ tools := make([]Tool, 0, len(sorted))
+ for _, name := range sorted {
+ entry := r.tools[name]
+
+ // Include core tools and non-core tools with active TTL
+ if entry.IsCore || entry.TTL > 0 {
+ tools = append(tools, entry.Tool)
+ }
+ }
+ return tools
+}
diff --git a/pkg/tools/result.go b/pkg/tools/result.go
index cab833284..bf34b7bc6 100644
--- a/pkg/tools/result.go
+++ b/pkg/tools/result.go
@@ -1,6 +1,10 @@
package tools
-import "encoding/json"
+import (
+ "encoding/json"
+
+ "github.com/sipeed/picoclaw/pkg/providers"
+)
// ToolResult represents the structured return value from tool execution.
// It provides clear semantics for different types of results and supports
@@ -34,6 +38,11 @@ type ToolResult struct {
// Media contains media store refs produced by this tool.
// When non-empty, the agent will publish these as OutboundMediaMessage.
Media []string `json:"media,omitempty"`
+
+ // Messages holds the ephemeral session history after execution.
+ // Only populated by SubTurn executions; used by evaluator_optimizer
+ // to carry stateful worker context across evaluation iterations.
+ Messages []providers.Message `json:"-"`
}
// NewToolResult creates a basic ToolResult with content for the LLM.
diff --git a/pkg/tools/send_file.go b/pkg/tools/send_file.go
index a67bd4210..57b99a845 100644
--- a/pkg/tools/send_file.go
+++ b/pkg/tools/send_file.go
@@ -133,9 +133,10 @@ func (t *SendFileTool) Execute(ctx context.Context, args map[string]any) *ToolRe
scope := fmt.Sprintf("tool:send_file:%s:%s", channel, chatID)
ref, err := t.mediaStore.Store(resolved, media.MediaMeta{
- Filename: filename,
- ContentType: mediaType,
- Source: "tool:send_file",
+ Filename: filename,
+ ContentType: mediaType,
+ Source: "tool:send_file",
+ CleanupPolicy: media.CleanupPolicyForgetOnly,
}, scope)
if err != nil {
return ErrorResult(fmt.Sprintf("failed to register media: %v", err))
diff --git a/pkg/tools/send_file_test.go b/pkg/tools/send_file_test.go
index 6daaab31c..0a99e8028 100644
--- a/pkg/tools/send_file_test.go
+++ b/pkg/tools/send_file_test.go
@@ -104,6 +104,14 @@ func TestSendFileTool_Success(t *testing.T) {
if result.Media[0][:8] != "media://" {
t.Errorf("expected media:// ref, got %q", result.Media[0])
}
+
+ _, meta, err := store.ResolveWithMeta(result.Media[0])
+ if err != nil {
+ t.Fatalf("ResolveWithMeta failed: %v", err)
+ }
+ if meta.CleanupPolicy != media.CleanupPolicyForgetOnly {
+ t.Errorf("CleanupPolicy = %q, want %q", meta.CleanupPolicy, media.CleanupPolicyForgetOnly)
+ }
}
func TestSendFileTool_CustomFilename(t *testing.T) {
diff --git a/pkg/tools/spawn.go b/pkg/tools/spawn.go
index be40ffda2..d019d511a 100644
--- a/pkg/tools/spawn.go
+++ b/pkg/tools/spawn.go
@@ -7,7 +7,10 @@ import (
)
type SpawnTool struct {
- manager *SubagentManager
+ spawner SubTurnSpawner
+ defaultModel string
+ maxTokens int
+ temperature float64
allowlistCheck func(targetAgentID string) bool
}
@@ -15,9 +18,19 @@ type SpawnTool struct {
var _ AsyncExecutor = (*SpawnTool)(nil)
func NewSpawnTool(manager *SubagentManager) *SpawnTool {
- return &SpawnTool{
- manager: manager,
+ if manager == nil {
+ return &SpawnTool{}
}
+ return &SpawnTool{
+ defaultModel: manager.defaultModel,
+ maxTokens: manager.maxTokens,
+ temperature: manager.temperature,
+ }
+}
+
+// SetSpawner sets the SubTurnSpawner for direct sub-turn execution.
+func (t *SpawnTool) SetSpawner(spawner SubTurnSpawner) {
+ t.spawner = spawner
}
func (t *SpawnTool) Name() string {
@@ -59,11 +72,19 @@ func (t *SpawnTool) Execute(ctx context.Context, args map[string]any) *ToolResul
// ExecuteAsync implements AsyncExecutor. The callback is passed through to the
// subagent manager as a call parameter — never stored on the SpawnTool instance.
-func (t *SpawnTool) ExecuteAsync(ctx context.Context, args map[string]any, cb AsyncCallback) *ToolResult {
+func (t *SpawnTool) ExecuteAsync(
+ ctx context.Context,
+ args map[string]any,
+ cb AsyncCallback,
+) *ToolResult {
return t.execute(ctx, args, cb)
}
-func (t *SpawnTool) execute(ctx context.Context, args map[string]any, cb AsyncCallback) *ToolResult {
+func (t *SpawnTool) execute(
+ ctx context.Context,
+ args map[string]any,
+ cb AsyncCallback,
+) *ToolResult {
task, ok := args["task"].(string)
if !ok || strings.TrimSpace(task) == "" {
return ErrorResult("task is required and must be a non-empty string")
@@ -79,28 +100,53 @@ func (t *SpawnTool) execute(ctx context.Context, args map[string]any, cb AsyncCa
}
}
- if t.manager == nil {
- return ErrorResult("Subagent manager not configured")
+ // Build system prompt for spawned subagent
+ systemPrompt := fmt.Sprintf(
+ `You are a spawned subagent running in the background. Complete the given task independently and report back when done.
+
+Task: %s`,
+ task,
+ )
+
+ if label != "" {
+ systemPrompt = fmt.Sprintf(
+ `You are a spawned subagent labeled "%s" running in the background. Complete the given task independently and report back when done.
+
+Task: %s`,
+ label,
+ task,
+ )
}
- // Read channel/chatID from context (injected by registry).
- // Fall back to "cli"/"direct" for non-conversation callers (e.g., CLI, tests)
- // to preserve the same defaults as the original NewSpawnTool constructor.
- channel := ToolChannel(ctx)
- if channel == "" {
- channel = "cli"
- }
- chatID := ToolChatID(ctx)
- if chatID == "" {
- chatID = "direct"
+ // Use spawner if available (direct SpawnSubTurn call)
+ if t.spawner != nil {
+ // Launch async sub-turn in goroutine
+ go func() {
+ result, err := t.spawner.SpawnSubTurn(ctx, SubTurnConfig{
+ Model: t.defaultModel,
+ Tools: nil, // Will inherit from parent via context
+ SystemPrompt: systemPrompt,
+ MaxTokens: t.maxTokens,
+ Temperature: t.temperature,
+ Async: true, // Async execution
+ })
+ if err != nil {
+ result = ErrorResult(fmt.Sprintf("Spawn failed: %v", err)).WithError(err)
+ }
+
+ // Call callback if provided
+ if cb != nil {
+ cb(ctx, result)
+ }
+ }()
+
+ // Return immediate acknowledgment
+ if label != "" {
+ return AsyncResult(fmt.Sprintf("Spawned subagent '%s' for task: %s", label, task))
+ }
+ return AsyncResult(fmt.Sprintf("Spawned subagent for task: %s", task))
}
- // Pass callback to manager for async completion notification
- result, err := t.manager.Spawn(ctx, task, label, agentID, channel, chatID, cb)
- if err != nil {
- return ErrorResult(fmt.Sprintf("failed to spawn subagent: %v", err))
- }
-
- // Return AsyncResult since the task runs in background
- return AsyncResult(result)
+ // Fallback: spawner not configured
+ return ErrorResult("Subagent manager not configured")
}
diff --git a/pkg/tools/spawn_test.go b/pkg/tools/spawn_test.go
index 43223b8db..fda6bbd89 100644
--- a/pkg/tools/spawn_test.go
+++ b/pkg/tools/spawn_test.go
@@ -6,6 +6,24 @@ import (
"testing"
)
+// mockSpawner implements SubTurnSpawner for testing
+type mockSpawner struct{}
+
+func (m *mockSpawner) SpawnSubTurn(ctx context.Context, cfg SubTurnConfig) (*ToolResult, error) {
+ // Extract task from system prompt for response
+ task := cfg.SystemPrompt
+ if strings.Contains(task, "Task: ") {
+ parts := strings.Split(task, "Task: ")
+ if len(parts) > 1 {
+ task = parts[1]
+ }
+ }
+ return &ToolResult{
+ ForLLM: "Task completed: " + task,
+ ForUser: "Task completed",
+ }, nil
+}
+
func TestSpawnTool_Execute_EmptyTask(t *testing.T) {
provider := &MockLLMProvider{}
manager := NewSubagentManager(provider, "test-model", "/tmp/test")
@@ -44,6 +62,7 @@ func TestSpawnTool_Execute_ValidTask(t *testing.T) {
provider := &MockLLMProvider{}
manager := NewSubagentManager(provider, "test-model", "/tmp/test")
tool := NewSpawnTool(manager)
+ tool.SetSpawner(&mockSpawner{})
ctx := context.Background()
args := map[string]any{
diff --git a/pkg/tools/subagent.go b/pkg/tools/subagent.go
index c37a5ee0f..9a1a8b802 100644
--- a/pkg/tools/subagent.go
+++ b/pkg/tools/subagent.go
@@ -4,11 +4,34 @@ import (
"context"
"fmt"
"sync"
+ "sync/atomic"
"time"
"github.com/sipeed/picoclaw/pkg/providers"
)
+// SubTurnSpawner is an interface for spawning sub-turns.
+// This avoids circular dependency between tools and agent packages.
+type SubTurnSpawner interface {
+ SpawnSubTurn(ctx context.Context, cfg SubTurnConfig) (*ToolResult, error)
+}
+
+// SubTurnConfig holds configuration for spawning a sub-turn.
+type SubTurnConfig struct {
+ Model string
+ Tools []Tool
+ SystemPrompt string
+ MaxTokens int
+ Temperature float64
+ Async bool // true for async (spawn), false for sync (subagent)
+ Critical bool // continue running after parent finishes gracefully
+ Timeout time.Duration // 0 = use default (5 minutes)
+ MaxContextRunes int // 0 = auto, -1 = no limit, >0 = explicit limit
+ ActualSystemPrompt string
+ InitialMessages []providers.Message
+ InitialTokenBudget *atomic.Int64 // Shared token budget for team members; nil if no budget
+}
+
type SubagentTask struct {
ID string
Task string
@@ -21,6 +44,15 @@ type SubagentTask struct {
Created int64
}
+type SpawnSubTurnFunc func(
+ ctx context.Context,
+ task, label, agentID string,
+ tools *ToolRegistry,
+ maxTokens int,
+ temperature float64,
+ hasMaxTokens, hasTemperature bool,
+) (*ToolResult, error)
+
type SubagentManager struct {
tasks map[string]*SubagentTask
mu sync.RWMutex
@@ -34,6 +66,7 @@ type SubagentManager struct {
hasMaxTokens bool
hasTemperature bool
nextID int
+ spawner SpawnSubTurnFunc
}
func NewSubagentManager(
@@ -51,6 +84,12 @@ func NewSubagentManager(
}
}
+func (sm *SubagentManager) SetSpawner(spawner SpawnSubTurnFunc) {
+ sm.mu.Lock()
+ defer sm.mu.Unlock()
+ sm.spawner = spawner
+}
+
// SetLLMOptions sets max tokens and temperature for subagent LLM calls.
func (sm *SubagentManager) SetLLMOptions(maxTokens int, temperature float64) {
sm.mu.Lock()
@@ -108,22 +147,16 @@ func (sm *SubagentManager) Spawn(
return fmt.Sprintf("Spawned subagent for task: %s", task), nil
}
-func (sm *SubagentManager) runTask(ctx context.Context, task *SubagentTask, callback AsyncCallback) {
- // Build system prompt for subagent
- systemPrompt := `You are a subagent. Complete the given task independently and report the result.
-You have access to tools - use them as needed to complete your task.
-After completing the task, provide a clear summary of what was done.`
-
- messages := []providers.Message{
- {
- Role: "system",
- Content: systemPrompt,
- },
- {
- Role: "user",
- Content: task.Task,
- },
- }
+func (sm *SubagentManager) runTask(
+ ctx context.Context,
+ task *SubagentTask,
+ callback AsyncCallback,
+) {
+ task.Status = "running"
+ task.Created = time.Now().UnixMilli()
+ // TODO(eventbus): once subagents are modeled as child turns inside
+ // pkg/agent, emit SubTurnEnd and SubTurnResultDelivered from the parent
+ // AgentLoop instead of this legacy manager.
// Check if context is already canceled before starting
select {
@@ -136,8 +169,8 @@ After completing the task, provide a clear summary of what was done.`
default:
}
- // Run tool loop with access to tools
sm.mu.RLock()
+ spawner := sm.spawner
tools := sm.tools
maxIter := sm.maxIterations
maxTokens := sm.maxTokens
@@ -146,27 +179,69 @@ After completing the task, provide a clear summary of what was done.`
hasTemperature := sm.hasTemperature
sm.mu.RUnlock()
- var llmOptions map[string]any
- if hasMaxTokens || hasTemperature {
- llmOptions = map[string]any{}
- if hasMaxTokens {
- llmOptions["max_tokens"] = maxTokens
+ var result *ToolResult
+ var err error
+
+ if spawner != nil {
+ result, err = spawner(
+ ctx,
+ task.Task,
+ task.Label,
+ task.AgentID,
+ tools,
+ maxTokens,
+ temperature,
+ hasMaxTokens,
+ hasTemperature,
+ )
+ } else {
+ // Fallback to legacy RunToolLoop
+ systemPrompt := `You are a subagent. Complete the given task independently and report the result.
+You have access to tools - use them as needed to complete your task.
+After completing the task, provide a clear summary of what was done.`
+
+ messages := []providers.Message{
+ {Role: "system", Content: systemPrompt},
+ {Role: "user", Content: task.Task},
}
- if hasTemperature {
- llmOptions["temperature"] = temperature
+
+ var llmOptions map[string]any
+ if hasMaxTokens || hasTemperature {
+ llmOptions = map[string]any{}
+ if hasMaxTokens {
+ llmOptions["max_tokens"] = maxTokens
+ }
+ if hasTemperature {
+ llmOptions["temperature"] = temperature
+ }
+ }
+
+ var loopResult *ToolLoopResult
+ loopResult, err = RunToolLoop(ctx, ToolLoopConfig{
+ Provider: sm.provider,
+ Model: sm.defaultModel,
+ Tools: tools,
+ MaxIterations: maxIter,
+ LLMOptions: llmOptions,
+ }, messages, task.OriginChannel, task.OriginChatID)
+
+ if err == nil {
+ result = &ToolResult{
+ ForLLM: fmt.Sprintf(
+ "Subagent '%s' completed (iterations: %d): %s",
+ task.Label,
+ loopResult.Iterations,
+ loopResult.Content,
+ ),
+ ForUser: loopResult.Content,
+ Silent: false,
+ IsError: false,
+ Async: false,
+ }
}
}
- loopResult, err := RunToolLoop(ctx, ToolLoopConfig{
- Provider: sm.provider,
- Model: sm.defaultModel,
- Tools: tools,
- MaxIterations: maxIter,
- LLMOptions: llmOptions,
- }, messages, task.OriginChannel, task.OriginChatID)
-
sm.mu.Lock()
- var result *ToolResult
defer func() {
sm.mu.Unlock()
// Call callback if provided and result is set
@@ -193,19 +268,7 @@ After completing the task, provide a clear summary of what was done.`
}
} else {
task.Status = "completed"
- task.Result = loopResult.Content
- result = &ToolResult{
- ForLLM: fmt.Sprintf(
- "Subagent '%s' completed (iterations: %d): %s",
- task.Label,
- loopResult.Iterations,
- loopResult.Content,
- ),
- ForUser: loopResult.Content,
- Silent: false,
- IsError: false,
- Async: false,
- }
+ task.Result = result.ForLLM
}
}
@@ -253,16 +316,28 @@ func (sm *SubagentManager) ListTaskCopies() []SubagentTask {
}
// SubagentTool executes a subagent task synchronously and returns the result.
-// Unlike SpawnTool which runs tasks asynchronously, SubagentTool waits for completion
-// and returns the result directly in the ToolResult.
+// It directly calls SubTurnSpawner with Async=false for synchronous execution.
type SubagentTool struct {
- manager *SubagentManager
+ spawner SubTurnSpawner
+ defaultModel string
+ maxTokens int
+ temperature float64
}
func NewSubagentTool(manager *SubagentManager) *SubagentTool {
- return &SubagentTool{
- manager: manager,
+ if manager == nil {
+ return &SubagentTool{}
}
+ return &SubagentTool{
+ defaultModel: manager.defaultModel,
+ maxTokens: manager.maxTokens,
+ temperature: manager.temperature,
+ }
+}
+
+// SetSpawner sets the SubTurnSpawner for direct sub-turn execution.
+func (t *SubagentTool) SetSpawner(spawner SubTurnSpawner) {
+ t.spawner = spawner
}
func (t *SubagentTool) Name() string {
@@ -298,86 +373,64 @@ func (t *SubagentTool) Execute(ctx context.Context, args map[string]any) *ToolRe
label, _ := args["label"].(string)
- if t.manager == nil {
- return ErrorResult("Subagent manager not configured").WithError(fmt.Errorf("manager is nil"))
+ // Build system prompt for subagent
+ systemPrompt := fmt.Sprintf(
+ `You are a subagent. Complete the given task independently and provide a clear, concise result.
+
+Task: %s`,
+ task,
+ )
+
+ if label != "" {
+ systemPrompt = fmt.Sprintf(
+ `You are a subagent labeled "%s". Complete the given task independently and provide a clear, concise result.
+
+Task: %s`,
+ label,
+ task,
+ )
}
- // Build messages for subagent
- messages := []providers.Message{
- {
- Role: "system",
- Content: "You are a subagent. Complete the given task independently and provide a clear, concise result.",
- },
- {
- Role: "user",
- Content: task,
- },
- }
-
- // Use RunToolLoop to execute with tools (same as async SpawnTool)
- sm := t.manager
- sm.mu.RLock()
- tools := sm.tools
- maxIter := sm.maxIterations
- maxTokens := sm.maxTokens
- temperature := sm.temperature
- hasMaxTokens := sm.hasMaxTokens
- hasTemperature := sm.hasTemperature
- sm.mu.RUnlock()
-
- var llmOptions map[string]any
- if hasMaxTokens || hasTemperature {
- llmOptions = map[string]any{}
- if hasMaxTokens {
- llmOptions["max_tokens"] = maxTokens
+ // Use spawner if available (direct SpawnSubTurn call)
+ if t.spawner != nil {
+ result, err := t.spawner.SpawnSubTurn(ctx, SubTurnConfig{
+ Model: t.defaultModel,
+ Tools: nil, // Will inherit from parent via context
+ SystemPrompt: systemPrompt,
+ MaxTokens: t.maxTokens,
+ Temperature: t.temperature,
+ Async: false, // Synchronous execution
+ })
+ if err != nil {
+ return ErrorResult(fmt.Sprintf("Subagent execution failed: %v", err)).WithError(err)
}
- if hasTemperature {
- llmOptions["temperature"] = temperature
+
+ // Format result for display
+ userContent := result.ForLLM
+ if result.ForUser != "" {
+ userContent = result.ForUser
+ }
+ maxUserLen := 500
+ if len(userContent) > maxUserLen {
+ userContent = userContent[:maxUserLen] + "..."
+ }
+
+ labelStr := label
+ if labelStr == "" {
+ labelStr = "(unnamed)"
+ }
+ llmContent := fmt.Sprintf("Subagent task completed:\nLabel: %s\nResult: %s",
+ labelStr, result.ForLLM)
+
+ return &ToolResult{
+ ForLLM: llmContent,
+ ForUser: userContent,
+ Silent: false,
+ IsError: result.IsError,
+ Async: false,
}
}
- // Fall back to "cli"/"direct" for non-conversation callers (e.g., CLI, tests)
- // to preserve the same defaults as the original NewSubagentTool constructor.
- channel := ToolChannel(ctx)
- if channel == "" {
- channel = "cli"
- }
- chatID := ToolChatID(ctx)
- if chatID == "" {
- chatID = "direct"
- }
-
- loopResult, err := RunToolLoop(ctx, ToolLoopConfig{
- Provider: sm.provider,
- Model: sm.defaultModel,
- Tools: tools,
- MaxIterations: maxIter,
- LLMOptions: llmOptions,
- }, messages, channel, chatID)
- if err != nil {
- return ErrorResult(fmt.Sprintf("Subagent execution failed: %v", err)).WithError(err)
- }
-
- // ForUser: Brief summary for user (truncated if too long)
- userContent := loopResult.Content
- maxUserLen := 500
- if len(userContent) > maxUserLen {
- userContent = userContent[:maxUserLen] + "..."
- }
-
- // ForLLM: Full execution details
- labelStr := label
- if labelStr == "" {
- labelStr = "(unnamed)"
- }
- llmContent := fmt.Sprintf("Subagent task completed:\nLabel: %s\nIterations: %d\nResult: %s",
- labelStr, loopResult.Iterations, loopResult.Content)
-
- return &ToolResult{
- ForLLM: llmContent,
- ForUser: userContent,
- Silent: false,
- IsError: false,
- Async: false,
- }
+ // Fallback: spawner not configured
+ return ErrorResult("Subagent manager not configured").WithError(fmt.Errorf("spawner not set"))
}
diff --git a/pkg/tools/subagent_tool_test.go b/pkg/tools/subagent_tool_test.go
index 4b6f130a5..89ac7d4b5 100644
--- a/pkg/tools/subagent_tool_test.go
+++ b/pkg/tools/subagent_tool_test.go
@@ -48,24 +48,19 @@ func TestSubagentManager_SetLLMOptions_AppliesToRunToolLoop(t *testing.T) {
provider := &MockLLMProvider{}
manager := NewSubagentManager(provider, "test-model", "/tmp/test")
manager.SetLLMOptions(2048, 0.6)
- tool := NewSubagentTool(manager)
- ctx := WithToolContext(context.Background(), "cli", "direct")
- args := map[string]any{"task": "Do something"}
- result := tool.Execute(ctx, args)
-
- if result == nil || result.IsError {
- t.Fatalf("Expected successful result, got: %+v", result)
+ // Verify options are set on manager
+ if manager.maxTokens != 2048 {
+ t.Errorf("manager.maxTokens = %d, want 2048", manager.maxTokens)
}
-
- if provider.lastOptions == nil {
- t.Fatal("Expected LLM options to be passed, got nil")
+ if manager.temperature != 0.6 {
+ t.Errorf("manager.temperature = %f, want 0.6", manager.temperature)
}
- if provider.lastOptions["max_tokens"] != 2048 {
- t.Fatalf("max_tokens = %v, want %d", provider.lastOptions["max_tokens"], 2048)
+ if !manager.hasMaxTokens {
+ t.Error("manager.hasMaxTokens should be true")
}
- if provider.lastOptions["temperature"] != 0.6 {
- t.Fatalf("temperature = %v, want %v", provider.lastOptions["temperature"], 0.6)
+ if !manager.hasTemperature {
+ t.Error("manager.hasTemperature should be true")
}
}
@@ -150,6 +145,7 @@ func TestSubagentTool_Execute_Success(t *testing.T) {
provider := &MockLLMProvider{}
manager := NewSubagentManager(provider, "test-model", "/tmp/test")
tool := NewSubagentTool(manager)
+ tool.SetSpawner(&mockSpawner{})
ctx := WithToolContext(context.Background(), "telegram", "chat-123")
args := map[string]any{
@@ -204,6 +200,7 @@ func TestSubagentTool_Execute_NoLabel(t *testing.T) {
provider := &MockLLMProvider{}
manager := NewSubagentManager(provider, "test-model", "/tmp/test")
tool := NewSubagentTool(manager)
+ tool.SetSpawner(&mockSpawner{})
ctx := context.Background()
args := map[string]any{
@@ -277,6 +274,7 @@ func TestSubagentTool_Execute_ContextPassing(t *testing.T) {
provider := &MockLLMProvider{}
manager := NewSubagentManager(provider, "test-model", "/tmp/test")
tool := NewSubagentTool(manager)
+ tool.SetSpawner(&mockSpawner{})
channel := "test-channel"
chatID := "test-chat"
@@ -302,6 +300,7 @@ func TestSubagentTool_ForUserTruncation(t *testing.T) {
provider := &MockLLMProvider{}
manager := NewSubagentManager(provider, "test-model", "/tmp/test")
tool := NewSubagentTool(manager)
+ tool.SetSpawner(&mockSpawner{})
ctx := context.Background()
diff --git a/pkg/tools/web.go b/pkg/tools/web.go
index 42cf79578..7ff724802 100644
--- a/pkg/tools/web.go
+++ b/pkg/tools/web.go
@@ -613,39 +613,124 @@ func (p *GLMSearchProvider) Search(ctx context.Context, query string, count int)
return strings.Join(lines, "\n"), nil
}
+type BaiduSearchProvider struct {
+ apiKey string
+ baseURL string
+ proxy string
+ client *http.Client
+}
+
+func (p *BaiduSearchProvider) Search(ctx context.Context, query string, count int) (string, error) {
+ searchURL := p.baseURL
+ if searchURL == "" {
+ searchURL = "https://qianfan.baidubce.com/v2/ai_search/web_search"
+ }
+
+ payload := map[string]any{
+ "messages": []map[string]string{
+ {
+ "role": "user",
+ "content": query,
+ },
+ },
+ "search_source": "baidu_search_v2",
+ "resource_type_filter": []map[string]any{{"type": "web", "top_k": count}},
+ }
+
+ bodyBytes, err := json.Marshal(payload)
+ if err != nil {
+ return "", fmt.Errorf("failed to marshal payload: %w", err)
+ }
+
+ req, err := http.NewRequestWithContext(ctx, "POST", searchURL, bytes.NewReader(bodyBytes))
+ if err != nil {
+ return "", fmt.Errorf("failed to create request: %w", err)
+ }
+
+ req.Header.Set("Content-Type", "application/json")
+ req.Header.Set("Authorization", "Bearer "+p.apiKey)
+
+ resp, err := p.client.Do(req)
+ if err != nil {
+ return "", fmt.Errorf("baidu search request failed: %w", err)
+ }
+ defer resp.Body.Close()
+
+ body, err := io.ReadAll(io.LimitReader(resp.Body, 1<<20))
+ if err != nil {
+ return "", fmt.Errorf("failed to read response: %w", err)
+ }
+
+ if resp.StatusCode != http.StatusOK {
+ return "", fmt.Errorf("baidu search API error %d: %s", resp.StatusCode, string(body))
+ }
+
+ var result struct {
+ References []struct {
+ Title string `json:"title"`
+ URL string `json:"url"`
+ Content string `json:"content"`
+ } `json:"references"`
+ }
+ if err := json.Unmarshal(body, &result); err != nil {
+ return "", fmt.Errorf("failed to parse response: %w", err)
+ }
+
+ if len(result.References) == 0 {
+ return fmt.Sprintf("No results for: %s", query), nil
+ }
+
+ lines := []string{fmt.Sprintf("Results for: %s (via Baidu Search)", query)}
+ for i, item := range result.References {
+ if i >= count {
+ break
+ }
+ lines = append(lines, fmt.Sprintf("%d. %s\n %s", i+1, item.Title, item.URL))
+ if item.Content != "" {
+ lines = append(lines, fmt.Sprintf(" %s", item.Content))
+ }
+ }
+
+ return strings.Join(lines, "\n"), nil
+}
+
type WebSearchTool struct {
provider SearchProvider
maxResults int
}
type WebSearchToolOptions struct {
- BraveAPIKeys []string
- BraveMaxResults int
- BraveEnabled bool
- TavilyAPIKeys []string
- TavilyBaseURL string
- TavilyMaxResults int
- TavilyEnabled bool
- DuckDuckGoMaxResults int
- DuckDuckGoEnabled bool
- PerplexityAPIKeys []string
- PerplexityMaxResults int
- PerplexityEnabled bool
- SearXNGBaseURL string
- SearXNGMaxResults int
- SearXNGEnabled bool
- GLMSearchAPIKey string
- GLMSearchBaseURL string
- GLMSearchEngine string
- GLMSearchMaxResults int
- GLMSearchEnabled bool
- Proxy string
+ BraveAPIKeys []string
+ BraveMaxResults int
+ BraveEnabled bool
+ TavilyAPIKeys []string
+ TavilyBaseURL string
+ TavilyMaxResults int
+ TavilyEnabled bool
+ DuckDuckGoMaxResults int
+ DuckDuckGoEnabled bool
+ PerplexityAPIKeys []string
+ PerplexityMaxResults int
+ PerplexityEnabled bool
+ SearXNGBaseURL string
+ SearXNGMaxResults int
+ SearXNGEnabled bool
+ GLMSearchAPIKey string
+ GLMSearchBaseURL string
+ GLMSearchEngine string
+ GLMSearchMaxResults int
+ GLMSearchEnabled bool
+ BaiduSearchAPIKey string
+ BaiduSearchBaseURL string
+ BaiduSearchMaxResults int
+ BaiduSearchEnabled bool
+ Proxy string
}
func NewWebSearchTool(opts WebSearchToolOptions) (*WebSearchTool, error) {
var provider SearchProvider
maxResults := 5
- // Priority: Perplexity > Brave > SearXNG > Tavily > DuckDuckGo > GLM Search
+ // Priority: Perplexity > Brave > SearXNG > Tavily > DuckDuckGo > Baidu Search > GLM Search
if opts.PerplexityEnabled && len(opts.PerplexityAPIKeys) > 0 {
client, err := utils.CreateHTTPClient(opts.Proxy, perplexityTimeout)
if err != nil {
@@ -696,6 +781,20 @@ func NewWebSearchTool(opts WebSearchToolOptions) (*WebSearchTool, error) {
if opts.DuckDuckGoMaxResults > 0 {
maxResults = opts.DuckDuckGoMaxResults
}
+ } else if opts.BaiduSearchEnabled && opts.BaiduSearchAPIKey != "" {
+ client, err := utils.CreateHTTPClient(opts.Proxy, perplexityTimeout)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create HTTP client for Baidu Search: %w", err)
+ }
+ provider = &BaiduSearchProvider{
+ apiKey: opts.BaiduSearchAPIKey,
+ baseURL: opts.BaiduSearchBaseURL,
+ proxy: opts.Proxy,
+ client: client,
+ }
+ if opts.BaiduSearchMaxResults > 0 {
+ maxResults = opts.BaiduSearchMaxResults
+ }
} else if opts.GLMSearchEnabled && opts.GLMSearchAPIKey != "" {
client, err := utils.CreateHTTPClient(opts.Proxy, searchTimeout)
if err != nil {
diff --git a/pkg/utils/context.go b/pkg/utils/context.go
new file mode 100644
index 000000000..2007de9a3
--- /dev/null
+++ b/pkg/utils/context.go
@@ -0,0 +1,173 @@
+// PicoClaw - Ultra-lightweight personal AI agent
+// Inspired by and based on nanobot: https://github.com/HKUDS/nanobot
+// License: MIT
+//
+// Copyright (c) 2026 PicoClaw contributors
+
+package utils
+
+import (
+ "encoding/json"
+ "fmt"
+ "unicode/utf8"
+
+ "github.com/sipeed/picoclaw/pkg/providers"
+)
+
+// CalculateDefaultMaxContextRunes computes a default context limit based on the model's context window.
+// Strategy: Use 75% of the context window and convert to rune estimate.
+//
+// Token-to-rune conversion ratios (conservative estimates):
+// - English: ~4 chars per token
+// - Chinese: ~1.5-2 chars per token
+// - Mixed: ~3 chars per token (used here for safety)
+func CalculateDefaultMaxContextRunes(contextWindow int) int {
+ if contextWindow <= 0 {
+ // Conservative fallback when context window is unknown
+ return 8000 // ~2000 tokens
+ }
+
+ // Use 75% of context window to leave headroom
+ targetTokens := int(float64(contextWindow) * 0.75)
+
+ // Convert tokens to runes using conservative ratio
+ const avgCharsPerToken = 3
+ return targetTokens * avgCharsPerToken
+}
+
+// ResolveMaxContextRunes determines the final MaxContextRunes value to use.
+// Priority: explicit config > auto-calculate > conservative default
+func ResolveMaxContextRunes(configValue, contextWindow int) int {
+ switch {
+ case configValue > 0:
+ // Explicitly configured, use as-is
+ return configValue
+ case configValue == -1:
+ // Explicitly disabled
+ return -1
+ default:
+ // 0 or unset: auto-calculate
+ return CalculateDefaultMaxContextRunes(contextWindow)
+ }
+}
+
+// MeasureContextRunes calculates the total rune count of a message list.
+// Includes content, reasoning content, and estimates for tool calls.
+func MeasureContextRunes(messages []providers.Message) int {
+ totalRunes := 0
+ for _, msg := range messages {
+ totalRunes += utf8.RuneCountInString(msg.Content)
+ totalRunes += utf8.RuneCountInString(msg.ReasoningContent)
+
+ // Tool calls: serialize to JSON and count
+ if len(msg.ToolCalls) > 0 {
+ for _, tc := range msg.ToolCalls {
+ totalRunes += utf8.RuneCountInString(tc.Name)
+ // Arguments: serialize and count
+ if argsJSON, err := json.Marshal(tc.Arguments); err == nil {
+ totalRunes += utf8.RuneCount(argsJSON)
+ } else {
+ // Fallback estimate if serialization fails
+ totalRunes += 100
+ }
+ }
+ }
+
+ // ToolCallID
+ totalRunes += utf8.RuneCountInString(msg.ToolCallID)
+ }
+ return totalRunes
+}
+
+// TruncateContextSmart intelligently truncates message history to fit within maxRunes.
+//
+// Strategy:
+// 1. Always preserve system messages (they define the agent's behavior)
+// 2. Keep the most recent messages (they contain current context)
+// 3. Drop older middle messages when necessary
+// 4. Insert a truncation notice to inform the LLM
+//
+// Returns the truncated message list.
+func TruncateContextSmart(messages []providers.Message, maxRunes int) []providers.Message {
+ if len(messages) == 0 {
+ return messages
+ }
+
+ // Separate system messages from others
+ var systemMsgs []providers.Message
+ var otherMsgs []providers.Message
+
+ for _, msg := range messages {
+ if msg.Role == "system" {
+ systemMsgs = append(systemMsgs, msg)
+ } else {
+ otherMsgs = append(otherMsgs, msg)
+ }
+ }
+
+ // Calculate system message size
+ systemRunes := 0
+ for _, msg := range systemMsgs {
+ systemRunes += utf8.RuneCountInString(msg.Content)
+ systemRunes += utf8.RuneCountInString(msg.ReasoningContent)
+ }
+
+ // Reserve space for truncation notice (estimate ~80 runes)
+ const truncationNoticeEstimate = 80
+
+ // Allocate remaining space for other messages
+ remainingRunes := maxRunes - systemRunes - truncationNoticeEstimate
+ if remainingRunes <= 0 {
+ // System messages already exceed limit - return only system messages
+ return systemMsgs
+ }
+
+ // Collect recent messages in reverse order until we hit the limit
+ var keptMsgs []providers.Message
+ currentRunes := 0
+
+ for i := len(otherMsgs) - 1; i >= 0; i-- {
+ msg := otherMsgs[i]
+ msgRunes := utf8.RuneCountInString(msg.Content) +
+ utf8.RuneCountInString(msg.ReasoningContent)
+
+ // Estimate tool call size
+ if len(msg.ToolCalls) > 0 {
+ for _, tc := range msg.ToolCalls {
+ msgRunes += utf8.RuneCountInString(tc.Name)
+ if argsJSON, err := json.Marshal(tc.Arguments); err == nil {
+ msgRunes += utf8.RuneCount(argsJSON)
+ } else {
+ msgRunes += 100
+ }
+ }
+ }
+ msgRunes += utf8.RuneCountInString(msg.ToolCallID)
+
+ if currentRunes+msgRunes > remainingRunes {
+ // Would exceed limit, stop collecting
+ break
+ }
+
+ // Prepend to maintain chronological order
+ keptMsgs = append([]providers.Message{msg}, keptMsgs...)
+ currentRunes += msgRunes
+ }
+
+ // If we dropped messages, add a truncation notice
+ result := systemMsgs
+ if len(keptMsgs) < len(otherMsgs) {
+ droppedCount := len(otherMsgs) - len(keptMsgs)
+ truncationNotice := providers.Message{
+ Role: "system",
+ Content: fmt.Sprintf(
+ "[Context truncated: %d earlier messages omitted to stay within context limits]",
+ droppedCount,
+ ),
+ }
+ result = append(result, truncationNotice)
+ }
+
+ result = append(result, keptMsgs...)
+ return result
+}
diff --git a/pkg/utils/context_test.go b/pkg/utils/context_test.go
new file mode 100644
index 000000000..450a29249
--- /dev/null
+++ b/pkg/utils/context_test.go
@@ -0,0 +1,450 @@
+// PicoClaw - Ultra-lightweight personal AI agent
+// License: MIT
+//
+// Copyright (c) 2026 PicoClaw contributors
+
+package utils
+
+import (
+ "testing"
+
+ "github.com/sipeed/picoclaw/pkg/providers"
+)
+
+func TestCalculateDefaultMaxContextRunes(t *testing.T) {
+ tests := []struct {
+ name string
+ contextWindow int
+ want int
+ }{
+ {
+ name: "zero context window uses fallback",
+ contextWindow: 0,
+ want: 8000,
+ },
+ {
+ name: "negative context window uses fallback",
+ contextWindow: -1,
+ want: 8000,
+ },
+ {
+ name: "small context window (4k tokens)",
+ contextWindow: 4000,
+ want: 9000, // 4000 * 0.75 * 3 = 9000
+ },
+ {
+ name: "medium context window (128k tokens)",
+ contextWindow: 128000,
+ want: 288000, // 128000 * 0.75 * 3 = 288000
+ },
+ {
+ name: "large context window (1M tokens)",
+ contextWindow: 1000000,
+ want: 2250000, // 1000000 * 0.75 * 3 = 2250000
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ got := CalculateDefaultMaxContextRunes(tt.contextWindow)
+ if got != tt.want {
+ t.Errorf("CalculateDefaultMaxContextRunes(%d) = %d, want %d",
+ tt.contextWindow, got, tt.want)
+ }
+ })
+ }
+}
+
+func TestResolveMaxContextRunes(t *testing.T) {
+ tests := []struct {
+ name string
+ configValue int
+ contextWindow int
+ want int
+ }{
+ {
+ name: "explicit positive value",
+ configValue: 12000,
+ contextWindow: 4000,
+ want: 12000,
+ },
+ {
+ name: "explicit disable (-1)",
+ configValue: -1,
+ contextWindow: 4000,
+ want: -1,
+ },
+ {
+ name: "zero uses auto-calculate",
+ configValue: 0,
+ contextWindow: 4000,
+ want: 9000, // 4000 * 0.75 * 3
+ },
+ {
+ name: "unset (0) with unknown context window",
+ configValue: 0,
+ contextWindow: 0,
+ want: 8000, // fallback
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ got := ResolveMaxContextRunes(tt.configValue, tt.contextWindow)
+ if got != tt.want {
+ t.Errorf("ResolveMaxContextRunes(%d, %d) = %d, want %d",
+ tt.configValue, tt.contextWindow, got, tt.want)
+ }
+ })
+ }
+}
+
+func TestMeasureContextRunes(t *testing.T) {
+ tests := []struct {
+ name string
+ messages []providers.Message
+ want int
+ }{
+ {
+ name: "empty messages",
+ messages: []providers.Message{},
+ want: 0,
+ },
+ {
+ name: "single simple message",
+ messages: []providers.Message{
+ {Role: "user", Content: "Hello"},
+ },
+ want: 5, // "Hello" = 5 runes
+ },
+ {
+ name: "message with reasoning",
+ messages: []providers.Message{
+ {
+ Role: "assistant",
+ Content: "Answer",
+ ReasoningContent: "Thinking",
+ },
+ },
+ want: 14, // "Answer" (6) + "Thinking" (8) = 14
+ },
+ {
+ name: "message with tool call",
+ messages: []providers.Message{
+ {
+ Role: "assistant",
+ Content: "Using tool",
+ ToolCalls: []providers.ToolCall{
+ {
+ Name: "test_tool",
+ Arguments: map[string]any{"key": "value"},
+ },
+ },
+ },
+ },
+ want: 10 + 9 + 15, // "Using tool" + "test_tool" + {"key":"value"}
+ },
+ {
+ name: "multiple messages",
+ messages: []providers.Message{
+ {Role: "system", Content: "You are helpful"},
+ {Role: "user", Content: "Hi"},
+ {Role: "assistant", Content: "Hello!"},
+ },
+ want: 15 + 2 + 6, // 15 + 2 + 6 = 23
+ },
+ {
+ name: "unicode characters",
+ messages: []providers.Message{
+ {Role: "user", Content: "\u4f60\u597d\u4e16\u754c"}, // 4 Chinese characters
+ },
+ want: 4,
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ got := MeasureContextRunes(tt.messages)
+ if got != tt.want {
+ t.Errorf("MeasureContextRunes() = %d, want %d", got, tt.want)
+ }
+ })
+ }
+}
+
+func TestTruncateContextSmart(t *testing.T) {
+ tests := []struct {
+ name string
+ messages []providers.Message
+ maxRunes int
+ wantLen int
+ wantHas []string // Content strings that should be present
+ wantNot []string // Content strings that should be absent
+ }{
+ {
+ name: "empty messages",
+ messages: []providers.Message{},
+ maxRunes: 100,
+ wantLen: 0,
+ },
+ {
+ name: "no truncation needed",
+ messages: []providers.Message{
+ {Role: "system", Content: "System"},
+ {Role: "user", Content: "Hello"},
+ },
+ maxRunes: 100,
+ wantLen: 2,
+ wantHas: []string{"System", "Hello"},
+ },
+ {
+ name: "truncate when limit is tight",
+ messages: []providers.Message{
+ {Role: "system", Content: "System"},
+ {Role: "user", Content: "Message 1 with some content here"},
+ {Role: "assistant", Content: "Response 1 with some content here"},
+ {Role: "user", Content: "Message 2 with some content here"},
+ {Role: "assistant", Content: "Response 2 with some content here"},
+ {Role: "user", Content: "Latest"},
+ },
+ maxRunes: 120, // Tight limit to force truncation
+ wantLen: -1, // Don't check exact length, just verify truncation occurred
+ wantHas: []string{"System", "Latest"},
+ wantNot: []string{"Message 1", "Response 1"},
+ },
+ {
+ name: "system messages exceed limit",
+ messages: []providers.Message{
+ {Role: "system", Content: "Very long system message"},
+ {Role: "user", Content: "User message"},
+ },
+ maxRunes: 10, // Less than system message
+ wantLen: 1, // Only system message
+ wantHas: []string{"Very long system message"},
+ wantNot: []string{"User message"},
+ },
+ {
+ name: "preserve multiple system messages",
+ messages: []providers.Message{
+ {Role: "system", Content: "Sys1"},
+ {Role: "system", Content: "Sys2"},
+ {Role: "user", Content: "Old"},
+ {Role: "user", Content: "New"},
+ },
+ maxRunes: 200, // Generous limit
+ wantLen: 4, // Both system + truncation notice + new
+ wantHas: []string{"Sys1", "Sys2", "New"},
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ got := TruncateContextSmart(tt.messages, tt.maxRunes)
+
+ if tt.wantLen >= 0 && len(got) != tt.wantLen {
+ t.Errorf("TruncateContextSmart() returned %d messages, want %d",
+ len(got), tt.wantLen)
+ }
+
+ // Check for expected content
+ allContent := ""
+ for _, msg := range got {
+ allContent += msg.Content + " "
+ }
+
+ for _, want := range tt.wantHas {
+ found := false
+ for _, msg := range got {
+ if msg.Content == want || containsSubstring(msg.Content, want) {
+ found = true
+ break
+ }
+ }
+ if !found {
+ t.Errorf("Expected content %q not found in truncated messages", want)
+ }
+ }
+
+ for _, notWant := range tt.wantNot {
+ for _, msg := range got {
+ if containsSubstring(msg.Content, notWant) {
+ t.Errorf("Unexpected content %q found in truncated messages", notWant)
+ }
+ }
+ }
+ })
+ }
+}
+
+func containsSubstring(s, substr string) bool {
+ return len(s) >= len(substr) && findSubstring(s, substr)
+}
+
+func findSubstring(s, substr string) bool {
+ for i := 0; i <= len(s)-len(substr); i++ {
+ if s[i:i+len(substr)] == substr {
+ return true
+ }
+ }
+ return false
+}
+
+// TestSubTurnConfigMaxContextRunes verifies that MaxContextRunes configuration
+// is properly integrated into the SubTurn execution flow.
+func TestSubTurnConfigMaxContextRunes(t *testing.T) {
+ tests := []struct {
+ name string
+ maxContextRunes int
+ contextWindow int
+ wantResolved int
+ }{
+ {
+ name: "default (0) auto-calculates from context window",
+ maxContextRunes: 0,
+ contextWindow: 4000,
+ wantResolved: 9000, // 4000 * 0.75 * 3
+ },
+ {
+ name: "explicit value is used",
+ maxContextRunes: 12000,
+ contextWindow: 4000,
+ wantResolved: 12000,
+ },
+ {
+ name: "disabled (-1) returns -1",
+ maxContextRunes: -1,
+ contextWindow: 4000,
+ wantResolved: -1,
+ },
+ {
+ name: "fallback when context window unknown",
+ maxContextRunes: 0,
+ contextWindow: 0,
+ wantResolved: 8000, // conservative fallback
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ got := ResolveMaxContextRunes(tt.maxContextRunes, tt.contextWindow)
+ if got != tt.wantResolved {
+ t.Errorf("utils.ResolveMaxContextRunes(%d, %d) = %d, want %d",
+ tt.maxContextRunes, tt.contextWindow, got, tt.wantResolved)
+ }
+ })
+ }
+}
+
+// TestContextTruncationFlow verifies the complete context truncation flow:
+// 1. Messages accumulate beyond soft limit
+// 2. Truncation is triggered
+// 3. System messages are preserved
+// 4. Recent messages are kept
+func TestContextTruncationFlow(t *testing.T) {
+ // Build a message history that exceeds the limit
+ messages := []providers.Message{
+ {Role: "system", Content: "You are a helpful assistant"}, // ~27 runes
+ {Role: "user", Content: "First question"}, // ~14 runes
+ {Role: "assistant", Content: "First answer"}, // ~12 runes
+ {Role: "user", Content: "Second question"}, // ~15 runes
+ {Role: "assistant", Content: "Second answer"}, // ~13 runes
+ {Role: "user", Content: "Third question"}, // ~14 runes
+ {Role: "assistant", Content: "Third answer"}, // ~12 runes
+ {Role: "user", Content: "Latest question"}, // ~15 runes
+ }
+
+ // Total: ~122 runes
+ totalRunes := MeasureContextRunes(messages)
+ if totalRunes < 100 {
+ t.Errorf("Expected total runes > 100, got %d", totalRunes)
+ }
+
+ // Set limit to 150 runes - should force truncation of old messages
+ // but preserve system + truncation notice + recent messages
+ maxRunes := 150
+ truncated := TruncateContextSmart(messages, maxRunes)
+
+ // Verify truncation occurred
+ if len(truncated) >= len(messages) {
+ t.Errorf("Expected truncation, but got %d messages (original: %d)",
+ len(truncated), len(messages))
+ }
+
+ // Verify system message is preserved
+ foundSystem := false
+ for _, msg := range truncated {
+ if msg.Role == "system" && msg.Content == "You are a helpful assistant" {
+ foundSystem = true
+ break
+ }
+ }
+ if !foundSystem {
+ t.Error("System message was not preserved after truncation")
+ }
+
+ // Verify latest message is preserved
+ foundLatest := false
+ for _, msg := range truncated {
+ if msg.Content == "Latest question" {
+ foundLatest = true
+ break
+ }
+ }
+ if !foundLatest {
+ t.Error("Latest message was not preserved after truncation")
+ }
+
+ // Verify truncation notice is present
+ foundNotice := false
+ for _, msg := range truncated {
+ if msg.Role == "system" && containsSubstring(msg.Content, "truncated") {
+ foundNotice = true
+ break
+ }
+ }
+ if !foundNotice {
+ t.Error("Truncation notice was not added")
+ }
+
+ // Verify result is within limit (with some tolerance for estimation)
+ resultRunes := MeasureContextRunes(truncated)
+ if resultRunes > maxRunes+20 { // Allow 20 rune tolerance
+ t.Errorf("Truncated context (%d runes) significantly exceeds limit (%d runes)",
+ resultRunes, maxRunes)
+ }
+}
+
+// TestContextTruncationPreservesToolCalls verifies that tool calls are
+// properly handled during context truncation.
+func TestContextTruncationPreservesToolCalls(t *testing.T) {
+ messages := []providers.Message{
+ {Role: "system", Content: "System"},
+ {Role: "user", Content: "Old message that should be dropped"},
+ {
+ Role: "assistant",
+ Content: "Recent tool use",
+ ToolCalls: []providers.ToolCall{
+ {
+ Name: "important_tool",
+ Arguments: map[string]any{"key": "value"},
+ },
+ },
+ },
+ }
+
+ // Set a generous limit that should keep the tool call message
+ maxRunes := 200
+ truncated := TruncateContextSmart(messages, maxRunes)
+
+ // Verify tool call message is preserved
+ foundToolCall := false
+ for _, msg := range truncated {
+ if len(msg.ToolCalls) > 0 && msg.ToolCalls[0].Name == "important_tool" {
+ foundToolCall = true
+ break
+ }
+ }
+ if !foundToolCall {
+ t.Error("Tool call message was not preserved during truncation")
+ }
+}
diff --git a/pkg/utils/media.go b/pkg/utils/media.go
index 82e9f5f45..823ca155e 100644
--- a/pkg/utils/media.go
+++ b/pkg/utils/media.go
@@ -1,6 +1,7 @@
package utils
import (
+ "fmt"
"io"
"net/http"
"net/url"
@@ -15,9 +16,21 @@ import (
"github.com/sipeed/picoclaw/pkg/media"
)
+var audioExtensions = []string{".mp3", ".wav", ".ogg", ".m4a", ".flac", ".aac", ".wma"}
+
+func AudioFormat(path string) (string, error) {
+ ext := strings.ToLower(filepath.Ext(path))
+ for _, supportedExt := range audioExtensions {
+ if ext == supportedExt {
+ return strings.TrimPrefix(ext, "."), nil
+ }
+ }
+
+ return "", fmt.Errorf("unsupported audio format for %q", path)
+}
+
// IsAudioFile checks if a file is an audio file based on its filename extension and content type.
func IsAudioFile(filename, contentType string) bool {
- audioExtensions := []string{".mp3", ".wav", ".ogg", ".m4a", ".flac", ".aac", ".wma"}
audioTypes := []string{"audio/", "application/ogg", "application/x-ogg"}
for _, ext := range audioExtensions {
diff --git a/pkg/voice/audio_model_transcriber.go b/pkg/voice/audio_model_transcriber.go
new file mode 100644
index 000000000..f3ca81961
--- /dev/null
+++ b/pkg/voice/audio_model_transcriber.go
@@ -0,0 +1,95 @@
+package voice
+
+import (
+ "context"
+ "encoding/base64"
+ "fmt"
+ "os"
+ "strings"
+
+ "github.com/sipeed/picoclaw/pkg/config"
+ "github.com/sipeed/picoclaw/pkg/logger"
+ "github.com/sipeed/picoclaw/pkg/providers"
+ "github.com/sipeed/picoclaw/pkg/utils"
+)
+
+type AudioModelTranscriber struct {
+ provider providers.LLMProvider
+ modelID string
+ prompt string
+}
+
+const (
+ defaultTranscriptionPrompt = "Transcribe this audio."
+)
+
+func NewAudioModelTranscriber(modelCfg *config.ModelConfig) *AudioModelTranscriber {
+ if modelCfg == nil {
+ return nil
+ }
+
+ logger.DebugCF("voice", "Creating audio model transcriber", map[string]any{
+ "has_api_key": modelCfg.APIKey() != "",
+ "api_base": modelCfg.APIBase,
+ "model": modelCfg.Model,
+ })
+
+ provider, modelID, err := providers.CreateProviderFromConfig(modelCfg)
+ if err != nil {
+ logger.ErrorCF("voice", "Failed to create audio model provider", map[string]any{"error": err})
+ return nil
+ }
+
+ return &AudioModelTranscriber{
+ provider: provider,
+ modelID: modelID,
+ prompt: defaultTranscriptionPrompt,
+ }
+}
+
+func (t *AudioModelTranscriber) Transcribe(ctx context.Context, audioFilePath string) (*TranscriptionResponse, error) {
+ logger.InfoCF("voice", "Starting audio model transcription", map[string]any{
+ "audio_file": audioFilePath,
+ "model": t.modelID,
+ })
+
+ audioBytes, err := os.ReadFile(audioFilePath)
+ if err != nil {
+ logger.ErrorCF("voice", "Failed to read audio file", map[string]any{"path": audioFilePath, "error": err})
+ return nil, fmt.Errorf("failed to read audio file: %w", err)
+ }
+
+ format, err := utils.AudioFormat(audioFilePath)
+ if err != nil {
+ logger.ErrorCF("voice", "Failed to detect audio format", map[string]any{"path": audioFilePath, "error": err})
+ return nil, err
+ }
+
+ resp, err := t.provider.Chat(ctx, []providers.Message{
+ {
+ Role: "user",
+ Content: t.prompt,
+ Media: []string{
+ fmt.Sprintf("data:audio/%s;base64,%s", format, base64.StdEncoding.EncodeToString(audioBytes)),
+ },
+ },
+ }, nil, t.modelID, map[string]any{
+ "temperature": 0,
+ })
+ if err != nil {
+ logger.ErrorCF("voice", "Audio model transcription request failed", map[string]any{"error": err})
+ return nil, fmt.Errorf("transcription request failed: %w", err)
+ }
+
+ text := strings.TrimSpace(resp.Content)
+ logger.InfoCF("voice", "Audio model transcription completed successfully", map[string]any{
+ "text_length": len(text),
+ "transcription_preview": utils.Truncate(text, 50),
+ })
+
+ return &TranscriptionResponse{Text: text}, nil
+}
+
+func (t *AudioModelTranscriber) Name() string {
+ return "audio-model"
+}
diff --git a/pkg/voice/audio_model_transcriber_test.go b/pkg/voice/audio_model_transcriber_test.go
new file mode 100644
index 000000000..c33e3bf97
--- /dev/null
+++ b/pkg/voice/audio_model_transcriber_test.go
@@ -0,0 +1,203 @@
+package voice
+
+import (
+ "context"
+ "encoding/base64"
+ "errors"
+ "os"
+ "path/filepath"
+ "testing"
+
+ "github.com/sipeed/picoclaw/pkg/config"
+ "github.com/sipeed/picoclaw/pkg/providers"
+)
+
+var _ Transcriber = (*AudioModelTranscriber)(nil)
+
+type fakeLLMProvider struct {
+ chatFunc func(
+ ctx context.Context,
+ messages []providers.Message,
+ tools []providers.ToolDefinition,
+ model string,
+ options map[string]any,
+ ) (*providers.LLMResponse, error)
+}
+
+func (p *fakeLLMProvider) Chat(
+ ctx context.Context,
+ messages []providers.Message,
+ tools []providers.ToolDefinition,
+ model string,
+ options map[string]any,
+) (*providers.LLMResponse, error) {
+ if p.chatFunc == nil {
+ return nil, nil
+ }
+ return p.chatFunc(ctx, messages, tools, model, options)
+}
+
+func (p *fakeLLMProvider) GetDefaultModel() string {
+ return ""
+}
+
+func TestAudioModelTranscriberName(t *testing.T) {
+ tr := &AudioModelTranscriber{}
+ if got := tr.Name(); got != "audio-model" {
+ t.Errorf("Name() = %q, want %q", got, "audio-model")
+ }
+}
+
+func TestNewAudioModelTranscriberInvalidConfig(t *testing.T) {
+ tests := []struct {
+ name string
+ cfg *config.ModelConfig
+ }{
+ {
+ name: "nil config",
+ cfg: nil,
+ },
+ {
+ name: "missing api key",
+ cfg: &config.ModelConfig{
+ Model: "gemini/gemini-2.5-flash",
+ },
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ if tr := NewAudioModelTranscriber(tt.cfg); tr != nil {
+ t.Fatalf("NewAudioModelTranscriber() = %#v, want nil", tr)
+ }
+ })
+ }
+}
+
+func TestAudioModelTranscriberTranscribe(t *testing.T) {
+ tmpDir := t.TempDir()
+ audioPath := filepath.Join(tmpDir, "clip.ogg")
+ audioData := []byte("fake-audio-data")
+ if err := os.WriteFile(audioPath, audioData, 0o644); err != nil {
+ t.Fatalf("failed to write fake audio file: %v", err)
+ }
+
+ t.Run("success", func(t *testing.T) {
+ tr := &AudioModelTranscriber{
+ provider: &fakeLLMProvider{
+ chatFunc: func(
+ ctx context.Context,
+ messages []providers.Message,
+ tools []providers.ToolDefinition,
+ model string,
+ options map[string]any,
+ ) (*providers.LLMResponse, error) {
+ if ctx == nil {
+ t.Fatal("context should not be nil")
+ }
+ if tools != nil {
+ t.Fatalf("tools = %#v, want nil", tools)
+ }
+ if model != "gemini-2.5-flash" {
+ t.Fatalf("model = %q, want %q", model, "gemini-2.5-flash")
+ }
+ if len(messages) != 1 {
+ t.Fatalf("len(messages) = %d, want 1", len(messages))
+ }
+ msg := messages[0]
+ if msg.Role != "user" {
+ t.Fatalf("role = %q, want %q", msg.Role, "user")
+ }
+ if msg.Content != defaultTranscriptionPrompt {
+ t.Fatalf("prompt = %q, want %q", msg.Content, defaultTranscriptionPrompt)
+ }
+ if len(msg.Media) != 1 {
+ t.Fatalf("len(media) = %d, want 1", len(msg.Media))
+ }
+ wantMedia := "data:audio/ogg;base64," + base64.StdEncoding.EncodeToString(audioData)
+ if msg.Media[0] != wantMedia {
+ t.Fatalf("media = %q, want %q", msg.Media[0], wantMedia)
+ }
+ if len(options) != 1 {
+ t.Fatalf("options = %#v, want only temperature", options)
+ }
+ if got := options["temperature"]; got != 0 {
+ t.Fatalf("temperature = %#v, want 0", got)
+ }
+
+ return &providers.LLMResponse{Content: " hello from gemini \n"}, nil
+ },
+ },
+ modelID: "gemini-2.5-flash",
+ prompt: defaultTranscriptionPrompt,
+ }
+
+ resp, err := tr.Transcribe(context.Background(), audioPath)
+ if err != nil {
+ t.Fatalf("Transcribe() error: %v", err)
+ }
+ if resp.Text != "hello from gemini" {
+ t.Fatalf("Text = %q, want %q", resp.Text, "hello from gemini")
+ }
+ })
+
+ t.Run("provider error", func(t *testing.T) {
+ tr := &AudioModelTranscriber{
+ provider: &fakeLLMProvider{
+ chatFunc: func(
+ ctx context.Context,
+ messages []providers.Message,
+ tools []providers.ToolDefinition,
+ model string,
+ options map[string]any,
+ ) (*providers.LLMResponse, error) {
+ return nil, errors.New("upstream failure")
+ },
+ },
+ modelID: "gemini-2.5-flash",
+ prompt: defaultTranscriptionPrompt,
+ }
+
+ _, err := tr.Transcribe(context.Background(), audioPath)
+ if err == nil {
+ t.Fatal("expected error for provider failure, got nil")
+ }
+ if got := err.Error(); got != "transcription request failed: upstream failure" {
+ t.Fatalf("error = %q, want %q", got, "transcription request failed: upstream failure")
+ }
+ })
+
+ t.Run("missing file", func(t *testing.T) {
+ tr := &AudioModelTranscriber{
+ provider: &fakeLLMProvider{},
+ modelID: "gemini-2.5-flash",
+ prompt: defaultTranscriptionPrompt,
+ }
+
+ _, err := tr.Transcribe(context.Background(), filepath.Join(tmpDir, "nonexistent.ogg"))
+ if err == nil {
+ t.Fatal("expected error for missing file, got nil")
+ }
+ })
+
+ t.Run("unsupported audio format", func(t *testing.T) {
+ badPath := filepath.Join(tmpDir, "clip.txt")
+ if err := os.WriteFile(badPath, []byte("not-audio"), 0o644); err != nil {
+ t.Fatalf("failed to write fake file: %v", err)
+ }
+
+ tr := &AudioModelTranscriber{
+ provider: &fakeLLMProvider{},
+ modelID: "gemini-2.5-flash",
+ prompt: defaultTranscriptionPrompt,
+ }
+
+ _, err := tr.Transcribe(context.Background(), badPath)
+ if err == nil {
+ t.Fatal("expected error for unsupported audio format, got nil")
+ }
+ if got := err.Error(); got != `unsupported audio format for "`+badPath+`"` {
+ t.Fatalf("error = %q, want unsupported format error", got)
+ }
+ })
+}
diff --git a/pkg/voice/groq_transcriber.go b/pkg/voice/groq_transcriber.go
new file mode 100644
index 000000000..b42e598f7
--- /dev/null
+++ b/pkg/voice/groq_transcriber.go
@@ -0,0 +1,151 @@
+package voice
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "fmt"
+ "io"
+ "mime/multipart"
+ "net/http"
+ "os"
+ "path/filepath"
+ "time"
+
+ "github.com/sipeed/picoclaw/pkg/logger"
+ "github.com/sipeed/picoclaw/pkg/utils"
+)
+
+type GroqTranscriber struct {
+ apiKey string
+ apiBase string
+ httpClient *http.Client
+}
+
+func NewGroqTranscriber(apiKey string) *GroqTranscriber {
+ logger.DebugCF("voice", "Creating Groq transcriber", map[string]any{"has_api_key": apiKey != ""})
+
+ apiBase := "https://api.groq.com/openai/v1"
+ return &GroqTranscriber{
+ apiKey: apiKey,
+ apiBase: apiBase,
+ httpClient: &http.Client{
+ Timeout: 60 * time.Second,
+ },
+ }
+}
+
+func (t *GroqTranscriber) Transcribe(ctx context.Context, audioFilePath string) (*TranscriptionResponse, error) {
+ logger.InfoCF("voice", "Starting transcription", map[string]any{"audio_file": audioFilePath})
+
+ audioFile, err := os.Open(audioFilePath)
+ if err != nil {
+ logger.ErrorCF("voice", "Failed to open audio file", map[string]any{"path": audioFilePath, "error": err})
+ return nil, fmt.Errorf("failed to open audio file: %w", err)
+ }
+ defer audioFile.Close()
+
+ fileInfo, err := audioFile.Stat()
+ if err != nil {
+ logger.ErrorCF("voice", "Failed to get file info", map[string]any{"path": audioFilePath, "error": err})
+ return nil, fmt.Errorf("failed to get file info: %w", err)
+ }
+
+ logger.DebugCF("voice", "Audio file details", map[string]any{
+ "size_bytes": fileInfo.Size(),
+ "file_name": filepath.Base(audioFilePath),
+ })
+
+ var requestBody bytes.Buffer
+ writer := multipart.NewWriter(&requestBody)
+
+ part, err := writer.CreateFormFile("file", filepath.Base(audioFilePath))
+ if err != nil {
+ logger.ErrorCF("voice", "Failed to create form file", map[string]any{"error": err})
+ return nil, fmt.Errorf("failed to create form file: %w", err)
+ }
+
+ copied, err := io.Copy(part, audioFile)
+ if err != nil {
+ logger.ErrorCF("voice", "Failed to copy file content", map[string]any{"error": err})
+ return nil, fmt.Errorf("failed to copy file content: %w", err)
+ }
+
+ logger.DebugCF("voice", "File copied to request", map[string]any{"bytes_copied": copied})
+
+ if err = writer.WriteField("model", "whisper-large-v3"); err != nil {
+ logger.ErrorCF("voice", "Failed to write model field", map[string]any{"error": err})
+ return nil, fmt.Errorf("failed to write model field: %w", err)
+ }
+
+ if err = writer.WriteField("response_format", "json"); err != nil {
+ logger.ErrorCF("voice", "Failed to write response_format field", map[string]any{"error": err})
+ return nil, fmt.Errorf("failed to write response_format field: %w", err)
+ }
+
+ if err = writer.Close(); err != nil {
+ logger.ErrorCF("voice", "Failed to close multipart writer", map[string]any{"error": err})
+ return nil, fmt.Errorf("failed to close multipart writer: %w", err)
+ }
+
+ url := t.apiBase + "/audio/transcriptions"
+ req, err := http.NewRequestWithContext(ctx, "POST", url, &requestBody)
+ if err != nil {
+ logger.ErrorCF("voice", "Failed to create request", map[string]any{"error": err})
+ return nil, fmt.Errorf("failed to create request: %w", err)
+ }
+
+ req.Header.Set("Content-Type", writer.FormDataContentType())
+ req.Header.Set("Authorization", "Bearer "+t.apiKey)
+
+ logger.DebugCF("voice", "Sending transcription request to Groq API", map[string]any{
+ "url": url,
+ "request_size_bytes": requestBody.Len(),
+ "file_size_bytes": fileInfo.Size(),
+ })
+
+ resp, err := t.httpClient.Do(req)
+ if err != nil {
+ logger.ErrorCF("voice", "Failed to send request", map[string]any{"error": err})
+ return nil, fmt.Errorf("failed to send request: %w", err)
+ }
+ defer resp.Body.Close()
+
+ body, err := io.ReadAll(resp.Body)
+ if err != nil {
+ logger.ErrorCF("voice", "Failed to read response", map[string]any{"error": err})
+ return nil, fmt.Errorf("failed to read response: %w", err)
+ }
+
+ if resp.StatusCode != http.StatusOK {
+ logger.ErrorCF("voice", "API error", map[string]any{
+ "status_code": resp.StatusCode,
+ "response": string(body),
+ })
+ return nil, fmt.Errorf("API error (status %d): %s", resp.StatusCode, string(body))
+ }
+
+ logger.DebugCF("voice", "Received response from Groq API", map[string]any{
+ "status_code": resp.StatusCode,
+ "response_size_bytes": len(body),
+ })
+
+ var result TranscriptionResponse
+ if err := json.Unmarshal(body, &result); err != nil {
+ logger.ErrorCF("voice", "Failed to unmarshal response", map[string]any{"error": err})
+ return nil, fmt.Errorf("failed to unmarshal response: %w", err)
+ }
+
+ logger.InfoCF("voice", "Transcription completed successfully", map[string]any{
+ "text_length": len(result.Text),
+ "language": result.Language,
+ "duration_seconds": result.Duration,
+ "transcription_preview": utils.Truncate(result.Text, 50),
+ })
+
+ return &result, nil
+}
+
+func (t *GroqTranscriber) Name() string {
+ return "groq"
+}
diff --git a/pkg/voice/groq_transcriber_test.go b/pkg/voice/groq_transcriber_test.go
new file mode 100644
index 000000000..fdcaa7580
--- /dev/null
+++ b/pkg/voice/groq_transcriber_test.go
@@ -0,0 +1,84 @@
+package voice
+
+import (
+ "context"
+ "encoding/json"
+ "net/http"
+ "net/http/httptest"
+ "os"
+ "path/filepath"
+ "testing"
+)
+
+var _ Transcriber = (*GroqTranscriber)(nil)
+
+func TestGroqTranscriberName(t *testing.T) {
+ tr := NewGroqTranscriber("sk-test")
+ if got := tr.Name(); got != "groq" {
+ t.Errorf("Name() = %q, want %q", got, "groq")
+ }
+}
+
+func TestGroqTranscribe(t *testing.T) {
+ // Write a minimal fake audio file so the transcriber can open and send it.
+ tmpDir := t.TempDir()
+ audioPath := filepath.Join(tmpDir, "clip.ogg")
+ if err := os.WriteFile(audioPath, []byte("fake-audio-data"), 0o644); err != nil {
+ t.Fatalf("failed to write fake audio file: %v", err)
+ }
+
+ t.Run("success", func(t *testing.T) {
+ srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path != "/audio/transcriptions" {
+ t.Errorf("unexpected path: %s", r.URL.Path)
+ }
+ if r.Header.Get("Authorization") != "Bearer sk-test" {
+ t.Errorf("unexpected Authorization header: %s", r.Header.Get("Authorization"))
+ }
+ w.Header().Set("Content-Type", "application/json")
+ _ = json.NewEncoder(w).Encode(TranscriptionResponse{
+ Text: "hello world",
+ Language: "en",
+ Duration: 1.5,
+ })
+ }))
+ defer srv.Close()
+
+ tr := NewGroqTranscriber("sk-test")
+ tr.apiBase = srv.URL
+
+ resp, err := tr.Transcribe(context.Background(), audioPath)
+ if err != nil {
+ t.Fatalf("Transcribe() error: %v", err)
+ }
+ if resp.Text != "hello world" {
+ t.Errorf("Text = %q, want %q", resp.Text, "hello world")
+ }
+ if resp.Language != "en" {
+ t.Errorf("Language = %q, want %q", resp.Language, "en")
+ }
+ })
+
+ t.Run("api error", func(t *testing.T) {
+ srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ http.Error(w, `{"error":"invalid_api_key"}`, http.StatusUnauthorized)
+ }))
+ defer srv.Close()
+
+ tr := NewGroqTranscriber("sk-bad")
+ tr.apiBase = srv.URL
+
+ _, err := tr.Transcribe(context.Background(), audioPath)
+ if err == nil {
+ t.Fatal("expected error for non-200 response, got nil")
+ }
+ })
+
+ t.Run("missing file", func(t *testing.T) {
+ tr := NewGroqTranscriber("sk-test")
+ _, err := tr.Transcribe(context.Background(), filepath.Join(tmpDir, "nonexistent.ogg"))
+ if err == nil {
+ t.Fatal("expected error for missing file, got nil")
+ }
+ })
+}
diff --git a/pkg/voice/transcriber.go b/pkg/voice/transcriber.go
index e949d7a22..a50fba8f8 100644
--- a/pkg/voice/transcriber.go
+++ b/pkg/voice/transcriber.go
@@ -1,21 +1,11 @@
package voice
import (
- "bytes"
"context"
- "encoding/json"
- "fmt"
- "io"
- "mime/multipart"
- "net/http"
- "os"
- "path/filepath"
"strings"
- "time"
"github.com/sipeed/picoclaw/pkg/config"
- "github.com/sipeed/picoclaw/pkg/logger"
- "github.com/sipeed/picoclaw/pkg/utils"
+ "github.com/sipeed/picoclaw/pkg/providers"
)
type Transcriber interface {
@@ -23,157 +13,51 @@ type Transcriber interface {
Transcribe(ctx context.Context, audioFilePath string) (*TranscriptionResponse, error)
}
-type GroqTranscriber struct {
- apiKey string
- apiBase string
- httpClient *http.Client
-}
-
type TranscriptionResponse struct {
Text string `json:"text"`
Language string `json:"language,omitempty"`
Duration float64 `json:"duration,omitempty"`
}
-func NewGroqTranscriber(apiKey string) *GroqTranscriber {
- logger.DebugCF("voice", "Creating Groq transcriber", map[string]any{"has_api_key": apiKey != ""})
+func supportsAudioTranscription(model string) bool {
+ protocol, _ := providers.ExtractProtocol(model)
- apiBase := "https://api.groq.com/openai/v1"
- return &GroqTranscriber{
- apiKey: apiKey,
- apiBase: apiBase,
- httpClient: &http.Client{
- Timeout: 60 * time.Second,
- },
+ switch protocol {
+ case "openai", "azure", "azure-openai",
+ "litellm", "openrouter", "groq", "zhipu", "gemini", "nvidia",
+ "ollama", "moonshot", "shengsuanyun", "deepseek", "cerebras",
+ "vivgrid", "volcengine", "vllm", "qwen", "qwen-intl", "qwen-international", "dashscope-intl",
+ "qwen-us", "dashscope-us", "mistral", "avian", "minimax", "longcat", "modelscope", "novita",
+ "coding-plan", "alibaba-coding", "qwen-coding":
+ // These protocols all go through the OpenAI-compatible or Azure provider path in
+ // providers.CreateProviderFromConfig, so they are the only ones that can supply
+ // the audio media payload shape expected by NewAudioModelTranscriber.
+
+ // TODO: Further restrict this by modelID, since not every model under these
+ // protocols supports audio transcription.
+ return true
+ default:
+ return false
}
}
-func (t *GroqTranscriber) Transcribe(ctx context.Context, audioFilePath string) (*TranscriptionResponse, error) {
- logger.InfoCF("voice", "Starting transcription", map[string]any{"audio_file": audioFilePath})
-
- audioFile, err := os.Open(audioFilePath)
- if err != nil {
- logger.ErrorCF("voice", "Failed to open audio file", map[string]any{"path": audioFilePath, "error": err})
- return nil, fmt.Errorf("failed to open audio file: %w", err)
- }
- defer audioFile.Close()
-
- fileInfo, err := audioFile.Stat()
- if err != nil {
- logger.ErrorCF("voice", "Failed to get file info", map[string]any{"path": audioFilePath, "error": err})
- return nil, fmt.Errorf("failed to get file info: %w", err)
- }
-
- logger.DebugCF("voice", "Audio file details", map[string]any{
- "size_bytes": fileInfo.Size(),
- "file_name": filepath.Base(audioFilePath),
- })
-
- var requestBody bytes.Buffer
- writer := multipart.NewWriter(&requestBody)
-
- part, err := writer.CreateFormFile("file", filepath.Base(audioFilePath))
- if err != nil {
- logger.ErrorCF("voice", "Failed to create form file", map[string]any{"error": err})
- return nil, fmt.Errorf("failed to create form file: %w", err)
- }
-
- copied, err := io.Copy(part, audioFile)
- if err != nil {
- logger.ErrorCF("voice", "Failed to copy file content", map[string]any{"error": err})
- return nil, fmt.Errorf("failed to copy file content: %w", err)
- }
-
- logger.DebugCF("voice", "File copied to request", map[string]any{"bytes_copied": copied})
-
- if err = writer.WriteField("model", "whisper-large-v3"); err != nil {
- logger.ErrorCF("voice", "Failed to write model field", map[string]any{"error": err})
- return nil, fmt.Errorf("failed to write model field: %w", err)
- }
-
- if err = writer.WriteField("response_format", "json"); err != nil {
- logger.ErrorCF("voice", "Failed to write response_format field", map[string]any{"error": err})
- return nil, fmt.Errorf("failed to write response_format field: %w", err)
- }
-
- if err = writer.Close(); err != nil {
- logger.ErrorCF("voice", "Failed to close multipart writer", map[string]any{"error": err})
- return nil, fmt.Errorf("failed to close multipart writer: %w", err)
- }
-
- url := t.apiBase + "/audio/transcriptions"
- req, err := http.NewRequestWithContext(ctx, "POST", url, &requestBody)
- if err != nil {
- logger.ErrorCF("voice", "Failed to create request", map[string]any{"error": err})
- return nil, fmt.Errorf("failed to create request: %w", err)
- }
-
- req.Header.Set("Content-Type", writer.FormDataContentType())
- req.Header.Set("Authorization", "Bearer "+t.apiKey)
-
- logger.DebugCF("voice", "Sending transcription request to Groq API", map[string]any{
- "url": url,
- "request_size_bytes": requestBody.Len(),
- "file_size_bytes": fileInfo.Size(),
- })
-
- resp, err := t.httpClient.Do(req)
- if err != nil {
- logger.ErrorCF("voice", "Failed to send request", map[string]any{"error": err})
- return nil, fmt.Errorf("failed to send request: %w", err)
- }
- defer resp.Body.Close()
-
- body, err := io.ReadAll(resp.Body)
- if err != nil {
- logger.ErrorCF("voice", "Failed to read response", map[string]any{"error": err})
- return nil, fmt.Errorf("failed to read response: %w", err)
- }
-
- if resp.StatusCode != http.StatusOK {
- logger.ErrorCF("voice", "API error", map[string]any{
- "status_code": resp.StatusCode,
- "response": string(body),
- })
- return nil, fmt.Errorf("API error (status %d): %s", resp.StatusCode, string(body))
- }
-
- logger.DebugCF("voice", "Received response from Groq API", map[string]any{
- "status_code": resp.StatusCode,
- "response_size_bytes": len(body),
- })
-
- var result TranscriptionResponse
- if err := json.Unmarshal(body, &result); err != nil {
- logger.ErrorCF("voice", "Failed to unmarshal response", map[string]any{"error": err})
- return nil, fmt.Errorf("failed to unmarshal response: %w", err)
- }
-
- logger.InfoCF("voice", "Transcription completed successfully", map[string]any{
- "text_length": len(result.Text),
- "language": result.Language,
- "duration_seconds": result.Duration,
- "transcription_preview": utils.Truncate(result.Text, 50),
- })
-
- return &result, nil
-}
-
-func (t *GroqTranscriber) Name() string {
- return "groq"
-}
-
// DetectTranscriber inspects cfg and returns the appropriate Transcriber, or
// nil if no supported transcription provider is configured.
func DetectTranscriber(cfg *config.Config) Transcriber {
- // Direct Groq provider config takes priority.
- if key := cfg.Providers.Groq.APIKey; key != "" {
- return NewGroqTranscriber(key)
+ if modelName := strings.TrimSpace(cfg.Voice.ModelName); modelName != "" {
+ modelCfg, err := cfg.GetModelConfig(modelName)
+ if err != nil {
+ return nil
+ }
+ if supportsAudioTranscription(modelCfg.Model) {
+ return NewAudioModelTranscriber(modelCfg)
+ }
}
+
// Fall back to any model-list entry that uses the groq/ protocol.
for _, mc := range cfg.ModelList {
- if strings.HasPrefix(mc.Model, "groq/") && mc.APIKey != "" {
- return NewGroqTranscriber(mc.APIKey)
+ if strings.HasPrefix(mc.Model, "groq/") && mc.APIKey() != "" {
+ return NewGroqTranscriber(mc.APIKey())
}
}
return nil
diff --git a/pkg/voice/transcriber_test.go b/pkg/voice/transcriber_test.go
index 9b6add333..20ba5388b 100644
--- a/pkg/voice/transcriber_test.go
+++ b/pkg/voice/transcriber_test.go
@@ -1,27 +1,11 @@
package voice
import (
- "context"
- "encoding/json"
- "net/http"
- "net/http/httptest"
- "os"
- "path/filepath"
"testing"
"github.com/sipeed/picoclaw/pkg/config"
)
-// Ensure GroqTranscriber satisfies the Transcriber interface at compile time.
-var _ Transcriber = (*GroqTranscriber)(nil)
-
-func TestGroqTranscriberName(t *testing.T) {
- tr := NewGroqTranscriber("sk-test")
- if got := tr.Name(); got != "groq" {
- t.Errorf("Name() = %q, want %q", got, "groq")
- }
-}
-
func TestDetectTranscriber(t *testing.T) {
tests := []struct {
name string
@@ -35,45 +19,132 @@ func TestDetectTranscriber(t *testing.T) {
wantNil: true,
},
{
- name: "groq provider key",
- cfg: &config.Config{
- Providers: config.ProvidersConfig{
- Groq: config.ProviderConfig{APIKey: "sk-groq-direct"},
+ name: "voice model name selects audio model transcriber",
+ cfg: (&config.Config{
+ Voice: config.VoiceConfig{ModelName: "voice-gemini"},
+ ModelList: []*config.ModelConfig{
+ {ModelName: "voice-gemini", Model: "gemini/gemini-2.5-flash"},
},
- },
- wantName: "groq",
+ }).WithSecurity(&config.SecurityConfig{
+ ModelList: map[string]config.ModelSecurityEntry{
+ "voice-gemini": {
+ APIKeys: []string{"sk-gemini-model"},
+ },
+ },
+ }),
+ wantName: "audio-model",
},
{
name: "groq via model list",
- cfg: &config.Config{
- ModelList: []config.ModelConfig{
- {Model: "openai/gpt-4o", APIKey: "sk-openai"},
- {Model: "groq/llama-3.3-70b", APIKey: "sk-groq-model"},
+ cfg: (&config.Config{
+ ModelList: []*config.ModelConfig{
+ {ModelName: "openai", Model: "openai/gpt-4o"},
+ {ModelName: "groq", Model: "groq/llama-3.3-70b"},
},
- },
+ }).WithSecurity(&config.SecurityConfig{
+ ModelList: map[string]config.ModelSecurityEntry{
+ "openai": {
+ APIKeys: []string{"sk-openai"},
+ },
+ "groq": {
+ APIKeys: []string{"sk-groq-model"},
+ },
+ },
+ }),
wantName: "groq",
},
+ {
+ name: "voice model name selects non-gemini audio model transcriber",
+ cfg: (&config.Config{
+ Voice: config.VoiceConfig{ModelName: "voice-openai-audio"},
+ ModelList: []*config.ModelConfig{
+ {ModelName: "voice-openai-audio", Model: "openai/gpt-4o-audio-preview"},
+ },
+ }).WithSecurity(&config.SecurityConfig{
+ ModelList: map[string]config.ModelSecurityEntry{
+ "voice-openai-audio": {
+ APIKeys: []string{"sk-openai"},
+ },
+ },
+ }),
+ wantName: "audio-model",
+ },
+ {
+ name: "voice model name selects azure audio model transcriber",
+ cfg: (&config.Config{
+ Voice: config.VoiceConfig{ModelName: "voice-azure-audio"},
+ ModelList: []*config.ModelConfig{
+ {
+ ModelName: "voice-azure-audio",
+ Model: "azure/my-audio-deployment",
+ APIBase: "https://example.openai.azure.com",
+ },
+ },
+ }).WithSecurity(&config.SecurityConfig{
+ ModelList: map[string]config.ModelSecurityEntry{
+ "voice-azure-audio": {
+ APIKeys: []string{"sk-azure"},
+ },
+ },
+ }),
+ wantName: "audio-model",
+ },
+ {
+ name: "voice model name with non openai compatible protocol does not select audio model transcriber",
+ cfg: (&config.Config{
+ Voice: config.VoiceConfig{ModelName: "voice-anthropic"},
+ ModelList: []*config.ModelConfig{
+ {ModelName: "voice-anthropic", Model: "anthropic/claude-sonnet-4.6"},
+ },
+ }).WithSecurity(&config.SecurityConfig{
+ ModelList: map[string]config.ModelSecurityEntry{
+ "voice-anthropic": {
+ APIKeys: []string{"sk-anthropic"},
+ },
+ },
+ }),
+ wantNil: true,
+ },
{
name: "groq model list entry without key is skipped",
cfg: &config.Config{
- ModelList: []config.ModelConfig{
- {Model: "groq/llama-3.3-70b", APIKey: ""},
+ ModelList: []*config.ModelConfig{
+ {Model: "groq/llama-3.3-70b"},
},
},
wantNil: true,
},
{
name: "provider key takes priority over model list",
- cfg: &config.Config{
- Providers: config.ProvidersConfig{
- Groq: config.ProviderConfig{APIKey: "sk-groq-direct"},
+ cfg: (&config.Config{
+ ModelList: []*config.ModelConfig{
+ {ModelName: "groq", Model: "groq/llama-3.3-70b"},
},
- ModelList: []config.ModelConfig{
- {Model: "groq/llama-3.3-70b", APIKey: "sk-groq-model"},
+ }).WithSecurity(&config.SecurityConfig{
+ ModelList: map[string]config.ModelSecurityEntry{
+ "groq": {
+ APIKeys: []string{"sk-groq-model"},
+ },
},
- },
+ }),
wantName: "groq",
},
+ {
+ name: "missing voice model name config returns nil",
+ cfg: (&config.Config{
+ Voice: config.VoiceConfig{ModelName: "missing"},
+ ModelList: []*config.ModelConfig{
+ {ModelName: "other", Model: "gemini/gemini-2.5-flash"},
+ },
+ }).WithSecurity(&config.SecurityConfig{
+ ModelList: map[string]config.ModelSecurityEntry{
+ "other": {
+ APIKeys: []string{"sk-other-model"},
+ },
+ },
+ }),
+ wantNil: true,
+ },
}
for _, tc := range tests {
@@ -94,67 +165,3 @@ func TestDetectTranscriber(t *testing.T) {
})
}
}
-
-func TestTranscribe(t *testing.T) {
- // Write a minimal fake audio file so the transcriber can open and send it.
- tmpDir := t.TempDir()
- audioPath := filepath.Join(tmpDir, "clip.ogg")
- if err := os.WriteFile(audioPath, []byte("fake-audio-data"), 0o644); err != nil {
- t.Fatalf("failed to write fake audio file: %v", err)
- }
-
- t.Run("success", func(t *testing.T) {
- srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- if r.URL.Path != "/audio/transcriptions" {
- t.Errorf("unexpected path: %s", r.URL.Path)
- }
- if r.Header.Get("Authorization") != "Bearer sk-test" {
- t.Errorf("unexpected Authorization header: %s", r.Header.Get("Authorization"))
- }
- w.Header().Set("Content-Type", "application/json")
- _ = json.NewEncoder(w).Encode(TranscriptionResponse{
- Text: "hello world",
- Language: "en",
- Duration: 1.5,
- })
- }))
- defer srv.Close()
-
- tr := NewGroqTranscriber("sk-test")
- tr.apiBase = srv.URL
-
- resp, err := tr.Transcribe(context.Background(), audioPath)
- if err != nil {
- t.Fatalf("Transcribe() error: %v", err)
- }
- if resp.Text != "hello world" {
- t.Errorf("Text = %q, want %q", resp.Text, "hello world")
- }
- if resp.Language != "en" {
- t.Errorf("Language = %q, want %q", resp.Language, "en")
- }
- })
-
- t.Run("api error", func(t *testing.T) {
- srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- http.Error(w, `{"error":"invalid_api_key"}`, http.StatusUnauthorized)
- }))
- defer srv.Close()
-
- tr := NewGroqTranscriber("sk-bad")
- tr.apiBase = srv.URL
-
- _, err := tr.Transcribe(context.Background(), audioPath)
- if err == nil {
- t.Fatal("expected error for non-200 response, got nil")
- }
- })
-
- t.Run("missing file", func(t *testing.T) {
- tr := NewGroqTranscriber("sk-test")
- _, err := tr.Transcribe(context.Background(), filepath.Join(tmpDir, "nonexistent.ogg"))
- if err == nil {
- t.Fatal("expected error for missing file, got nil")
- }
- })
-}
diff --git a/web/backend/api/config.go b/web/backend/api/config.go
index a7d5b3c5d..7cdfde174 100644
--- a/web/backend/api/config.go
+++ b/web/backend/api/config.go
@@ -8,6 +8,7 @@ import (
"regexp"
"github.com/sipeed/picoclaw/pkg/config"
+ "github.com/sipeed/picoclaw/pkg/logger"
)
// registerConfigRoutes binds configuration management endpoints to the ServeMux.
@@ -45,7 +46,7 @@ func (h *Handler) handleUpdateConfig(w http.ResponseWriter, r *http.Request) {
defer r.Body.Close()
var cfg config.Config
- if err := json.Unmarshal(body, &cfg); err != nil {
+ if err = json.Unmarshal(body, &cfg); err != nil {
http.Error(w, fmt.Sprintf("Invalid JSON: %v", err), http.StatusBadRequest)
return
}
@@ -63,6 +64,14 @@ func (h *Handler) handleUpdateConfig(w http.ResponseWriter, r *http.Request) {
return
}
+ logger.Infof("new config: %+v", cfg)
+ oldCfg, err := config.LoadConfig(h.configPath)
+ if err != nil {
+ http.Error(w, fmt.Sprintf("Failed to load config: %v", err), http.StatusInternalServerError)
+ return
+ }
+ cfg.SecurityCopyFrom(oldCfg)
+
if err := config.SaveConfig(h.configPath, &cfg); err != nil {
http.Error(w, fmt.Sprintf("Failed to save config: %v", err), http.StatusInternalServerError)
return
@@ -150,6 +159,8 @@ func (h *Handler) handlePatchConfig(w http.ResponseWriter, r *http.Request) {
return
}
+ newCfg.SecurityCopyFrom(cfg)
+
if err := config.SaveConfig(h.configPath, &newCfg); err != nil {
http.Error(w, fmt.Sprintf("Failed to save config: %v", err), http.StatusInternalServerError)
return
@@ -175,17 +186,17 @@ func validateConfig(cfg *config.Config) []string {
}
// Pico channel: token required when enabled
- if cfg.Channels.Pico.Enabled && cfg.Channels.Pico.Token == "" {
+ if cfg.Channels.Pico.Enabled && cfg.Channels.Pico.Token() == "" {
errs = append(errs, "channels.pico.token is required when pico channel is enabled")
}
// Telegram: token required when enabled
- if cfg.Channels.Telegram.Enabled && cfg.Channels.Telegram.Token == "" {
+ if cfg.Channels.Telegram.Enabled && cfg.Channels.Telegram.Token() == "" {
errs = append(errs, "channels.telegram.token is required when telegram channel is enabled")
}
// Discord: token required when enabled
- if cfg.Channels.Discord.Enabled && cfg.Channels.Discord.Token == "" {
+ if cfg.Channels.Discord.Enabled && cfg.Channels.Discord.Token() == "" {
errs = append(errs, "channels.discord.token is required when discord channel is enabled")
}
diff --git a/web/backend/api/config_test.go b/web/backend/api/config_test.go
index 54ec8e857..bbf285e14 100644
--- a/web/backend/api/config_test.go
+++ b/web/backend/api/config_test.go
@@ -18,6 +18,7 @@ func TestHandleUpdateConfig_PreservesExecAllowRemoteDefaultWhenOmitted(t *testin
h.RegisterRoutes(mux)
req := httptest.NewRequest(http.MethodPut, "/api/config", bytes.NewBufferString(`{
+"version": 1,
"agents": {
"defaults": {
"workspace": "~/.picoclaw/workspace"
@@ -27,7 +28,7 @@ func TestHandleUpdateConfig_PreservesExecAllowRemoteDefaultWhenOmitted(t *testin
{
"model_name": "custom-default",
"model": "openai/gpt-4o",
- "api_key": "sk-default"
+ "api_keys": ["sk-default"]
}
]
}`))
diff --git a/web/backend/api/gateway.go b/web/backend/api/gateway.go
index d5ccd6e29..7f72f12b8 100644
--- a/web/backend/api/gateway.go
+++ b/web/backend/api/gateway.go
@@ -159,10 +159,10 @@ func (h *Handler) gatewayStartReady() (bool, string, error) {
return false, fmt.Sprintf("default model %q is invalid", modelName), nil
}
- if !hasModelConfiguration(*modelCfg) {
+ if !hasModelConfiguration(modelCfg) {
return false, fmt.Sprintf("default model %q has no credentials configured", modelName), nil
}
- if requiresRuntimeProbe(*modelCfg) && !probeLocalModelAvailability(*modelCfg) {
+ if requiresRuntimeProbe(modelCfg) && !probeLocalModelAvailability(modelCfg) {
return false, fmt.Sprintf("default model %q is not reachable", modelName), nil
}
diff --git a/web/backend/api/gateway_test.go b/web/backend/api/gateway_test.go
index 5c94f0b89..a5ba2bad2 100644
--- a/web/backend/api/gateway_test.go
+++ b/web/backend/api/gateway_test.go
@@ -101,7 +101,7 @@ func TestGatewayStartReady_NoDefaultModel(t *testing.T) {
func TestGatewayStartReady_InvalidDefaultModel(t *testing.T) {
configPath := filepath.Join(t.TempDir(), "config.json")
cfg := config.DefaultConfig()
- cfg.Agents.Defaults.Model = "missing-model"
+ cfg.Agents.Defaults.ModelName = "missing-model"
err := config.SaveConfig(configPath, cfg)
if err != nil {
t.Fatalf("SaveConfig() error = %v", err)
@@ -124,7 +124,7 @@ func TestGatewayStartReady_ValidDefaultModel(t *testing.T) {
configPath := filepath.Join(t.TempDir(), "config.json")
cfg := config.DefaultConfig()
cfg.Agents.Defaults.ModelName = cfg.ModelList[0].ModelName
- cfg.ModelList[0].APIKey = "test-key"
+ cfg.ModelList[0].SetAPIKey("test-key")
err := config.SaveConfig(configPath, cfg)
if err != nil {
t.Fatalf("SaveConfig() error = %v", err)
@@ -144,7 +144,7 @@ func TestGatewayStartReady_DefaultModelWithoutCredential(t *testing.T) {
configPath := filepath.Join(t.TempDir(), "config.json")
cfg := config.DefaultConfig()
cfg.Agents.Defaults.ModelName = cfg.ModelList[0].ModelName
- cfg.ModelList[0].APIKey = ""
+ cfg.ModelList[0].SetAPIKey("")
cfg.ModelList[0].AuthMethod = ""
err := config.SaveConfig(configPath, cfg)
if err != nil {
@@ -169,7 +169,7 @@ func TestGatewayStartReady_LocalModelWithoutAPIKey(t *testing.T) {
defer cleanup()
resetModelProbeHooks(t)
- probeOpenAICompatibleModelFunc = func(apiBase, modelID string) bool {
+ probeOpenAICompatibleModelFunc = func(apiBase, modelID, apiKey string) bool {
return false
}
@@ -177,7 +177,7 @@ func TestGatewayStartReady_LocalModelWithoutAPIKey(t *testing.T) {
if err != nil {
t.Fatalf("LoadConfig() error = %v", err)
}
- cfg.ModelList = []config.ModelConfig{{
+ cfg.ModelList = []*config.ModelConfig{{
ModelName: "local-vllm",
Model: "vllm/custom-model",
APIBase: "http://localhost:8000/v1",
@@ -206,15 +206,15 @@ func TestGatewayStartReady_LocalModelWithRunningService(t *testing.T) {
defer cleanup()
resetModelProbeHooks(t)
- probeOpenAICompatibleModelFunc = func(apiBase, modelID string) bool {
- return apiBase == "http://127.0.0.1:8000/v1" && modelID == "custom-model"
+ probeOpenAICompatibleModelFunc = func(apiBase, modelID, apiKey string) bool {
+ return apiBase == "http://127.0.0.1:8000/v1" && modelID == "custom-model" && apiKey == ""
}
cfg, err := config.LoadConfig(configPath)
if err != nil {
t.Fatalf("LoadConfig() error = %v", err)
}
- cfg.ModelList = []config.ModelConfig{{
+ cfg.ModelList = []*config.ModelConfig{{
ModelName: "local-vllm",
Model: "vllm/custom-model",
APIBase: "http://127.0.0.1:8000/v1",
@@ -240,7 +240,7 @@ func TestGatewayStartReady_RemoteVLLMWithAPIKeyDoesNotProbe(t *testing.T) {
defer cleanup()
resetModelProbeHooks(t)
- probeOpenAICompatibleModelFunc = func(apiBase, modelID string) bool {
+ probeOpenAICompatibleModelFunc = func(apiBase, modelID, apiKey string) bool {
t.Fatalf("unexpected OpenAI-compatible probe for %q (%q)", apiBase, modelID)
return false
}
@@ -249,12 +249,12 @@ func TestGatewayStartReady_RemoteVLLMWithAPIKeyDoesNotProbe(t *testing.T) {
if err != nil {
t.Fatalf("LoadConfig() error = %v", err)
}
- cfg.ModelList = []config.ModelConfig{{
+ cfg.ModelList = []*config.ModelConfig{{
ModelName: "remote-vllm",
Model: "vllm/custom-model",
APIBase: "https://models.example.com/v1",
- APIKey: "remote-key",
}}
+ cfg.ModelList[0o0].SetAPIKey("remote-key")
cfg.Agents.Defaults.ModelName = "remote-vllm"
err = config.SaveConfig(configPath, cfg)
if err != nil {
@@ -284,7 +284,7 @@ func TestGatewayStartReady_LocalOllamaUsesDefaultProbeBase(t *testing.T) {
if err != nil {
t.Fatalf("LoadConfig() error = %v", err)
}
- cfg.ModelList = []config.ModelConfig{{
+ cfg.ModelList = []*config.ModelConfig{{
ModelName: "local-ollama",
Model: "ollama/llama3",
}}
@@ -312,7 +312,7 @@ func TestGatewayStartReady_OAuthModelRequiresStoredCredential(t *testing.T) {
if err != nil {
t.Fatalf("LoadConfig() error = %v", err)
}
- cfg.ModelList = []config.ModelConfig{{
+ cfg.ModelList = []*config.ModelConfig{{
ModelName: "openai-oauth",
Model: "openai/gpt-5.4",
AuthMethod: "oauth",
@@ -483,12 +483,12 @@ func TestGatewayStatusRequiresRestartAfterDefaultModelChange(t *testing.T) {
configPath := filepath.Join(t.TempDir(), "config.json")
cfg := config.DefaultConfig()
cfg.Agents.Defaults.ModelName = cfg.ModelList[0].ModelName
- cfg.ModelList[0].APIKey = "test-key"
- cfg.ModelList = append(cfg.ModelList, config.ModelConfig{
+ cfg.ModelList[0].SetAPIKey("test-key")
+ cfg.ModelList = append(cfg.ModelList, &config.ModelConfig{
ModelName: "second-model",
Model: "openai/gpt-4.1",
- APIKey: "second-key",
})
+ cfg.ModelList[len(cfg.ModelList)-1].SetAPIKey("second-key")
if err := config.SaveConfig(configPath, cfg); err != nil {
t.Fatalf("SaveConfig() error = %v", err)
}
@@ -596,6 +596,11 @@ func TestGatewayStatusReturnsErrorAfterStartupWindowExpires(t *testing.T) {
func TestGatewayStatusReturnsRestartingDuringRestartGap(t *testing.T) {
resetGatewayTestState(t)
+ // Mock health check to return error, so it won't override our "restarting" status
+ gatewayHealthGet = func(url string, timeout time.Duration) (*http.Response, error) {
+ return nil, errors.New("mock health check error")
+ }
+
configPath := filepath.Join(t.TempDir(), "config.json")
h := NewHandler(configPath)
mux := http.NewServeMux()
@@ -627,7 +632,7 @@ func TestGatewayRestartKeepsRunningProcessWhenPreconditionsFail(t *testing.T) {
configPath := filepath.Join(t.TempDir(), "config.json")
cfg := config.DefaultConfig()
cfg.Agents.Defaults.ModelName = cfg.ModelList[0].ModelName
- cfg.ModelList[0].APIKey = ""
+ cfg.ModelList[0].SetAPIKey("")
cfg.ModelList[0].AuthMethod = ""
if err := config.SaveConfig(configPath, cfg); err != nil {
t.Fatalf("SaveConfig() error = %v", err)
@@ -680,7 +685,7 @@ func TestGatewayRestartKeepsOldProcessWhenItDoesNotExitInTime(t *testing.T) {
configPath := filepath.Join(t.TempDir(), "config.json")
cfg := config.DefaultConfig()
cfg.Agents.Defaults.ModelName = cfg.ModelList[0].ModelName
- cfg.ModelList[0].APIKey = "test-key"
+ cfg.ModelList[0].SetAPIKey("test-key")
if err := config.SaveConfig(configPath, cfg); err != nil {
t.Fatalf("SaveConfig() error = %v", err)
}
@@ -738,10 +743,15 @@ func TestGatewayRestartKeepsOldProcessWhenItDoesNotExitInTime(t *testing.T) {
func TestGatewayRestartReturnsErrorStatusWhenReplacementFailsToStart(t *testing.T) {
resetGatewayTestState(t)
+ // Mock health check to return error, so it won't override our "error" status
+ gatewayHealthGet = func(url string, timeout time.Duration) (*http.Response, error) {
+ return nil, errors.New("mock health check error")
+ }
+
configPath := filepath.Join(t.TempDir(), "config.json")
cfg := config.DefaultConfig()
cfg.Agents.Defaults.ModelName = cfg.ModelList[0].ModelName
- cfg.ModelList[0].APIKey = "test-key"
+ cfg.ModelList[0].SetAPIKey("test-key")
if err := config.SaveConfig(configPath, cfg); err != nil {
t.Fatalf("SaveConfig() error = %v", err)
}
diff --git a/web/backend/api/model_status.go b/web/backend/api/model_status.go
index 22bf5c15b..aeef85119 100644
--- a/web/backend/api/model_status.go
+++ b/web/backend/api/model_status.go
@@ -20,9 +20,9 @@ var (
probeOpenAICompatibleModelFunc = probeOpenAICompatibleModel
)
-func hasModelConfiguration(m config.ModelConfig) bool {
+func hasModelConfiguration(m *config.ModelConfig) bool {
authMethod := strings.ToLower(strings.TrimSpace(m.AuthMethod))
- apiKey := strings.TrimSpace(m.APIKey)
+ apiKey := strings.TrimSpace(m.APIKey())
if authMethod == "oauth" || authMethod == "token" {
if provider, ok := oauthProviderForModel(m.Model); ok {
@@ -44,7 +44,7 @@ func hasModelConfiguration(m config.ModelConfig) bool {
// isModelConfigured reports whether a model is currently available to use.
// Local models must be reachable; remote/API-key models only need saved config.
-func isModelConfigured(m config.ModelConfig) bool {
+func isModelConfigured(m *config.ModelConfig) bool {
if !hasModelConfiguration(m) {
return false
}
@@ -54,7 +54,7 @@ func isModelConfigured(m config.ModelConfig) bool {
return true
}
-func requiresRuntimeProbe(m config.ModelConfig) bool {
+func requiresRuntimeProbe(m *config.ModelConfig) bool {
authMethod := strings.ToLower(strings.TrimSpace(m.AuthMethod))
if authMethod == "local" {
return true
@@ -75,27 +75,27 @@ func requiresRuntimeProbe(m config.ModelConfig) bool {
return false
}
-func probeLocalModelAvailability(m config.ModelConfig) bool {
+func probeLocalModelAvailability(m *config.ModelConfig) bool {
apiBase := modelProbeAPIBase(m)
protocol, modelID := splitModel(m.Model)
switch protocol {
case "ollama":
return probeOllamaModelFunc(apiBase, modelID)
case "vllm":
- return probeOpenAICompatibleModelFunc(apiBase, modelID)
+ return probeOpenAICompatibleModelFunc(apiBase, modelID, m.APIKey())
case "github-copilot", "copilot":
return probeTCPServiceFunc(apiBase)
case "claude-cli", "claudecli", "codex-cli", "codexcli":
return true
default:
if hasLocalAPIBase(apiBase) {
- return probeOpenAICompatibleModelFunc(apiBase, modelID)
+ return probeOpenAICompatibleModelFunc(apiBase, modelID, m.APIKey())
}
return false
}
}
-func modelProbeAPIBase(m config.ModelConfig) string {
+func modelProbeAPIBase(m *config.ModelConfig) string {
if apiBase := strings.TrimSpace(m.APIBase); apiBase != "" {
return normalizeModelProbeAPIBase(apiBase)
}
@@ -209,7 +209,7 @@ func probeOllamaModel(apiBase, modelID string) bool {
Model string `json:"model"`
} `json:"models"`
}
- if err := getJSON(root+"/api/tags", &resp); err != nil {
+ if err := getJSON(root+"/api/tags", &resp, ""); err != nil {
return false
}
@@ -221,7 +221,7 @@ func probeOllamaModel(apiBase, modelID string) bool {
return false
}
-func probeOpenAICompatibleModel(apiBase, modelID string) bool {
+func probeOpenAICompatibleModel(apiBase, modelID, apiKey string) bool {
if strings.TrimSpace(apiBase) == "" {
return false
}
@@ -231,7 +231,7 @@ func probeOpenAICompatibleModel(apiBase, modelID string) bool {
ID string `json:"id"`
} `json:"data"`
}
- if err := getJSON(strings.TrimRight(strings.TrimSpace(apiBase), "/")+"/models", &resp); err != nil {
+ if err := getJSON(strings.TrimRight(strings.TrimSpace(apiBase), "/")+"/models", &resp, apiKey); err != nil {
return false
}
@@ -243,11 +243,14 @@ func probeOpenAICompatibleModel(apiBase, modelID string) bool {
return false
}
-func getJSON(rawURL string, out any) error {
+func getJSON(rawURL string, out any, apiKey string) error {
req, err := http.NewRequest(http.MethodGet, rawURL, nil)
if err != nil {
return err
}
+ if apiKey = strings.TrimSpace(apiKey); apiKey != "" {
+ req.Header.Set("Authorization", "Bearer "+apiKey)
+ }
client := &http.Client{Timeout: modelProbeTimeout}
resp, err := client.Do(req)
diff --git a/web/backend/api/model_status_test.go b/web/backend/api/model_status_test.go
new file mode 100644
index 000000000..df942a9e9
--- /dev/null
+++ b/web/backend/api/model_status_test.go
@@ -0,0 +1,37 @@
+package api
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "testing"
+
+ "github.com/sipeed/picoclaw/pkg/config"
+)
+
+func TestProbeLocalModelAvailability_OpenAICompatibleIncludesAPIKey(t *testing.T) {
+ const apiKey = "test-api-key"
+
+ srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path != "/v1/models" {
+ t.Fatalf("path = %q, want %q", r.URL.Path, "/v1/models")
+ }
+ if got := r.Header.Get("Authorization"); got != "Bearer "+apiKey {
+ http.Error(w, "missing auth", http.StatusUnauthorized)
+ return
+ }
+
+ w.Header().Set("Content-Type", "application/json")
+ _, _ = w.Write([]byte(`{"data":[{"id":"custom-model"}]}`))
+ }))
+ defer srv.Close()
+
+ model := &config.ModelConfig{
+ Model: "openai/custom-model",
+ APIBase: srv.URL + "/v1",
+ }
+ model.SetAPIKey(apiKey)
+
+ if !probeLocalModelAvailability(model) {
+ t.Fatal("probeLocalModelAvailability() = false, want true when api_key is configured")
+ }
+}
diff --git a/web/backend/api/models.go b/web/backend/api/models.go
index 7f3d29c77..dd71ad25a 100644
--- a/web/backend/api/models.go
+++ b/web/backend/api/models.go
@@ -58,7 +58,7 @@ func (h *Handler) handleListModels(w http.ResponseWriter, r *http.Request) {
var wg sync.WaitGroup
wg.Add(len(cfg.ModelList))
for i, m := range cfg.ModelList {
- go func(i int, m config.ModelConfig) {
+ go func(i int, m *config.ModelConfig) {
defer wg.Done()
configured[i] = isModelConfigured(m)
}(i, m)
@@ -72,7 +72,7 @@ func (h *Handler) handleListModels(w http.ResponseWriter, r *http.Request) {
ModelName: m.ModelName,
Model: m.Model,
APIBase: m.APIBase,
- APIKey: maskAPIKey(m.APIKey),
+ APIKey: maskAPIKey(m.APIKey()),
Proxy: m.Proxy,
AuthMethod: m.AuthMethod,
ConnectMode: m.ConnectMode,
@@ -122,7 +122,7 @@ func (h *Handler) handleAddModel(w http.ResponseWriter, r *http.Request) {
return
}
- cfg.ModelList = append(cfg.ModelList, mc)
+ cfg.ModelList = append(cfg.ModelList, &mc)
if err := config.SaveConfig(h.configPath, cfg); err != nil {
http.Error(w, fmt.Sprintf("Failed to save config: %v", err), http.StatusInternalServerError)
@@ -180,11 +180,11 @@ func (h *Handler) handleUpdateModel(w http.ResponseWriter, r *http.Request) {
// Preserve the existing API key when the caller omits it (empty string).
// This lets the UI update api_base / proxy without clearing the stored secret.
- if mc.APIKey == "" {
- mc.APIKey = cfg.ModelList[idx].APIKey
+ if mc.APIKey() == "" {
+ mc.SetAPIKey(cfg.ModelList[idx].APIKey())
}
- cfg.ModelList[idx] = mc
+ cfg.ModelList[idx] = &mc
if err := config.SaveConfig(h.configPath, cfg); err != nil {
http.Error(w, fmt.Sprintf("Failed to save config: %v", err), http.StatusInternalServerError)
@@ -224,9 +224,6 @@ func (h *Handler) handleDeleteModel(w http.ResponseWriter, r *http.Request) {
if cfg.Agents.Defaults.ModelName == deletedModelName {
cfg.Agents.Defaults.ModelName = ""
}
- if cfg.Agents.Defaults.Model == deletedModelName {
- cfg.Agents.Defaults.Model = ""
- }
if err := config.SaveConfig(h.configPath, cfg); err != nil {
http.Error(w, fmt.Sprintf("Failed to save config: %v", err), http.StatusInternalServerError)
diff --git a/web/backend/api/models_test.go b/web/backend/api/models_test.go
index 2377b5b66..44d10154e 100644
--- a/web/backend/api/models_test.go
+++ b/web/backend/api/models_test.go
@@ -36,11 +36,11 @@ func TestHandleListModels_ConfiguredStatusUsesRuntimeProbesForLocalModels(t *tes
var ollamaProbes []string
var tcpProbes []string
- probeOpenAICompatibleModelFunc = func(apiBase, modelID string) bool {
+ probeOpenAICompatibleModelFunc = func(apiBase, modelID, apiKey string) bool {
mu.Lock()
- openAIProbes = append(openAIProbes, apiBase+"|"+modelID)
+ openAIProbes = append(openAIProbes, apiBase+"|"+modelID+"|"+apiKey)
mu.Unlock()
- return apiBase == "http://127.0.0.1:8000/v1" && modelID == "custom-model"
+ return apiBase == "http://127.0.0.1:8000/v1" && modelID == "custom-model" && apiKey == ""
}
probeOllamaModelFunc = func(apiBase, modelID string) bool {
mu.Lock()
@@ -59,7 +59,7 @@ func TestHandleListModels_ConfiguredStatusUsesRuntimeProbesForLocalModels(t *tes
if err != nil {
t.Fatalf("LoadConfig() error = %v", err)
}
- cfg.ModelList = []config.ModelConfig{
+ cfg.ModelList = []*config.ModelConfig{
{
ModelName: "openai-oauth",
Model: "openai/gpt-5.4",
@@ -78,7 +78,6 @@ func TestHandleListModels_ConfiguredStatusUsesRuntimeProbesForLocalModels(t *tes
ModelName: "vllm-remote",
Model: "vllm/custom-model",
APIBase: "https://models.example.com/v1",
- APIKey: "remote-key",
},
{
ModelName: "copilot-gpt-5.4",
@@ -87,6 +86,11 @@ func TestHandleListModels_ConfiguredStatusUsesRuntimeProbesForLocalModels(t *tes
AuthMethod: "oauth",
},
}
+ cfg.WithSecurity(&config.SecurityConfig{ModelList: map[string]config.ModelSecurityEntry{
+ "vllm-remote": {
+ APIKeys: []string{"remote-key"},
+ },
+ }})
cfg.Agents.Defaults.ModelName = "openai-oauth"
if err := config.SaveConfig(configPath, cfg); err != nil {
t.Fatalf("SaveConfig() error = %v", err)
@@ -131,7 +135,7 @@ func TestHandleListModels_ConfiguredStatusUsesRuntimeProbesForLocalModels(t *tes
if !got["copilot-gpt-5.4"] {
t.Fatalf("copilot model configured = false, want true when local bridge probe succeeds")
}
- if len(openAIProbes) != 1 || openAIProbes[0] != "http://127.0.0.1:8000/v1|custom-model" {
+ if len(openAIProbes) != 1 || openAIProbes[0] != "http://127.0.0.1:8000/v1|custom-model|" {
t.Fatalf("openAI probes = %#v, want only local vllm probe", openAIProbes)
}
if len(ollamaProbes) != 1 || ollamaProbes[0] != "http://localhost:11434/v1|llama3" {
@@ -152,7 +156,7 @@ func TestHandleListModels_ConfiguredStatusForOAuthModelWithCredential(t *testing
if err != nil {
t.Fatalf("LoadConfig() error = %v", err)
}
- cfg.ModelList = []config.ModelConfig{{
+ cfg.ModelList = []*config.ModelConfig{{
ModelName: "claude-oauth",
Model: "anthropic/claude-sonnet-4.6",
AuthMethod: "oauth",
@@ -205,7 +209,7 @@ func TestHandleListModels_ProbesLocalModelsConcurrently(t *testing.T) {
started := make(chan string, 2)
release := make(chan struct{})
- probeOpenAICompatibleModelFunc = func(apiBase, modelID string) bool {
+ probeOpenAICompatibleModelFunc = func(apiBase, modelID, apiKey string) bool {
started <- apiBase + "|" + modelID
<-release
return true
@@ -215,7 +219,7 @@ func TestHandleListModels_ProbesLocalModelsConcurrently(t *testing.T) {
if err != nil {
t.Fatalf("LoadConfig() error = %v", err)
}
- cfg.ModelList = []config.ModelConfig{
+ cfg.ModelList = []*config.ModelConfig{
{
ModelName: "local-vllm-a",
Model: "vllm/custom-a",
@@ -265,16 +269,16 @@ func TestHandleListModels_NormalizesWildcardLocalAPIBaseForProbe(t *testing.T) {
resetModelProbeHooks(t)
var gotProbe string
- probeOpenAICompatibleModelFunc = func(apiBase, modelID string) bool {
- gotProbe = apiBase + "|" + modelID
- return apiBase == "http://127.0.0.1:8000/v1" && modelID == "custom-model"
+ probeOpenAICompatibleModelFunc = func(apiBase, modelID, apiKey string) bool {
+ gotProbe = apiBase + "|" + modelID + "|" + apiKey
+ return apiBase == "http://127.0.0.1:8000/v1" && modelID == "custom-model" && apiKey == ""
}
cfg, err := config.LoadConfig(configPath)
if err != nil {
t.Fatalf("LoadConfig() error = %v", err)
}
- cfg.ModelList = []config.ModelConfig{{
+ cfg.ModelList = []*config.ModelConfig{{
ModelName: "vllm-local",
Model: "vllm/custom-model",
APIBase: "http://0.0.0.0:8000/v1",
@@ -307,7 +311,7 @@ func TestHandleListModels_NormalizesWildcardLocalAPIBaseForProbe(t *testing.T) {
if !resp.Models[0].Configured {
t.Fatal("wildcard-bound local model configured = false, want true after probe host normalization")
}
- if gotProbe != "http://127.0.0.1:8000/v1|custom-model" {
- t.Fatalf("probe api base = %q, want %q", gotProbe, "http://127.0.0.1:8000/v1|custom-model")
+ if gotProbe != "http://127.0.0.1:8000/v1|custom-model|" {
+ t.Fatalf("probe api base = %q, want %q", gotProbe, "http://127.0.0.1:8000/v1|custom-model|")
}
}
diff --git a/web/backend/api/oauth.go b/web/backend/api/oauth.go
index 4edabb9ab..213b53836 100644
--- a/web/backend/api/oauth.go
+++ b/web/backend/api/oauth.go
@@ -744,17 +744,6 @@ func (h *Handler) syncProviderAuthMethod(provider, authMethod string) error {
return err
}
- switch provider {
- case oauthProviderOpenAI:
- cfg.Providers.OpenAI.AuthMethod = authMethod
- case oauthProviderAnthropic:
- cfg.Providers.Anthropic.AuthMethod = authMethod
- case oauthProviderGoogleAntigravity:
- cfg.Providers.Antigravity.AuthMethod = authMethod
- default:
- return fmt.Errorf("unsupported provider %q", provider)
- }
-
found := false
for i := range cfg.ModelList {
if modelBelongsToProvider(provider, cfg.ModelList[i].Model) {
@@ -787,28 +776,28 @@ func modelBelongsToProvider(provider, model string) bool {
}
}
-func defaultModelConfigForProvider(provider, authMethod string) config.ModelConfig {
+func defaultModelConfigForProvider(provider, authMethod string) *config.ModelConfig {
switch provider {
case oauthProviderOpenAI:
- return config.ModelConfig{
+ return &config.ModelConfig{
ModelName: "gpt-5.4",
Model: "openai/gpt-5.4",
AuthMethod: authMethod,
}
case oauthProviderAnthropic:
- return config.ModelConfig{
+ return &config.ModelConfig{
ModelName: "claude-sonnet-4.6",
Model: "anthropic/claude-sonnet-4.6",
AuthMethod: authMethod,
}
case oauthProviderGoogleAntigravity:
- return config.ModelConfig{
+ return &config.ModelConfig{
ModelName: "gemini-flash",
Model: "antigravity/gemini-3-flash",
AuthMethod: authMethod,
}
default:
- return config.ModelConfig{}
+ return &config.ModelConfig{}
}
}
diff --git a/web/backend/api/oauth_test.go b/web/backend/api/oauth_test.go
index 7d63abbd4..7cab79b52 100644
--- a/web/backend/api/oauth_test.go
+++ b/web/backend/api/oauth_test.go
@@ -166,8 +166,7 @@ func TestOAuthLogoutClearsCredentialAndConfig(t *testing.T) {
if err != nil {
t.Fatalf("LoadConfig error: %v", err)
}
- cfg.Providers.OpenAI.AuthMethod = "oauth"
- cfg.ModelList = append(cfg.ModelList, config.ModelConfig{
+ cfg.ModelList = append(cfg.ModelList, &config.ModelConfig{
ModelName: "gpt-5.4",
Model: "openai/gpt-5.4",
AuthMethod: "oauth",
@@ -208,9 +207,6 @@ func TestOAuthLogoutClearsCredentialAndConfig(t *testing.T) {
if err != nil {
t.Fatalf("LoadConfig error: %v", err)
}
- if updated.Providers.OpenAI.AuthMethod != "" {
- t.Fatalf("providers.openai.auth_method = %q, want empty", updated.Providers.OpenAI.AuthMethod)
- }
for _, m := range updated.ModelList {
if strings.HasPrefix(m.Model, "openai/") && m.AuthMethod != "" {
t.Fatalf("openai model auth_method = %q, want empty", m.AuthMethod)
@@ -233,12 +229,18 @@ func setupOAuthTestEnv(t *testing.T) (string, func()) {
}
cfg := config.DefaultConfig()
- cfg.ModelList = []config.ModelConfig{{
+ cfg.ModelList = []*config.ModelConfig{{
ModelName: "custom-default",
Model: "openai/gpt-4o",
- APIKey: "sk-default",
}}
cfg.Agents.Defaults.ModelName = "custom-default"
+ cfg.WithSecurity(&config.SecurityConfig{
+ ModelList: map[string]config.ModelSecurityEntry{
+ "custom-default": {
+ APIKeys: []string{"sk-default"},
+ },
+ },
+ })
configPath := filepath.Join(tmp, "config.json")
if err := config.SaveConfig(configPath, cfg); err != nil {
diff --git a/web/backend/api/pico.go b/web/backend/api/pico.go
index a880f2f0c..8fbb8737f 100644
--- a/web/backend/api/pico.go
+++ b/web/backend/api/pico.go
@@ -57,7 +57,7 @@ func (h *Handler) handleGetPicoToken(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]any{
- "token": cfg.Channels.Pico.Token,
+ "token": cfg.Channels.Pico.Token(),
"ws_url": wsURL,
"enabled": cfg.Channels.Pico.Enabled,
})
@@ -74,7 +74,7 @@ func (h *Handler) handleRegenPicoToken(w http.ResponseWriter, r *http.Request) {
}
token := generateSecureToken()
- cfg.Channels.Pico.Token = token
+ cfg.Channels.Pico.SetToken(token)
if err := config.SaveConfig(h.configPath, cfg); err != nil {
http.Error(w, fmt.Sprintf("Failed to save config: %v", err), http.StatusInternalServerError)
@@ -110,8 +110,8 @@ func (h *Handler) ensurePicoChannel(callerOrigin string) (bool, error) {
changed = true
}
- if cfg.Channels.Pico.Token == "" {
- cfg.Channels.Pico.Token = generateSecureToken()
+ if cfg.Channels.Pico.Token() == "" {
+ cfg.Channels.Pico.SetToken(generateSecureToken())
changed = true
}
@@ -150,7 +150,7 @@ func (h *Handler) handlePicoSetup(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]any{
- "token": cfg.Channels.Pico.Token,
+ "token": cfg.Channels.Pico.Token(),
"ws_url": wsURL,
"enabled": true,
"changed": changed,
diff --git a/web/backend/api/pico_test.go b/web/backend/api/pico_test.go
index 075da4ddc..263253cb2 100644
--- a/web/backend/api/pico_test.go
+++ b/web/backend/api/pico_test.go
@@ -33,7 +33,7 @@ func TestEnsurePicoChannel_FreshConfig(t *testing.T) {
if !cfg.Channels.Pico.Enabled {
t.Error("expected Pico to be enabled after setup")
}
- if cfg.Channels.Pico.Token == "" {
+ if cfg.Channels.Pico.Token() == "" {
t.Error("expected a non-empty token after setup")
}
}
@@ -121,7 +121,7 @@ func TestEnsurePicoChannel_PreservesUserSettings(t *testing.T) {
// Pre-configure with custom user settings
cfg := config.DefaultConfig()
cfg.Channels.Pico.Enabled = true
- cfg.Channels.Pico.Token = "user-custom-token"
+ cfg.Channels.Pico.SetToken("user-custom-token")
cfg.Channels.Pico.AllowTokenQuery = true
cfg.Channels.Pico.AllowOrigins = []string{"https://myapp.example.com"}
if err := config.SaveConfig(configPath, cfg); err != nil {
@@ -143,8 +143,8 @@ func TestEnsurePicoChannel_PreservesUserSettings(t *testing.T) {
t.Fatalf("LoadConfig() error = %v", err)
}
- if cfg.Channels.Pico.Token != "user-custom-token" {
- t.Errorf("token = %q, want %q", cfg.Channels.Pico.Token, "user-custom-token")
+ if cfg.Channels.Pico.Token() != "user-custom-token" {
+ t.Errorf("token = %q, want %q", cfg.Channels.Pico.Token(), "user-custom-token")
}
if !cfg.Channels.Pico.AllowTokenQuery {
t.Error("user's allow_token_query=true must be preserved")
@@ -166,7 +166,7 @@ func TestEnsurePicoChannel_Idempotent(t *testing.T) {
}
cfg1, _ := config.LoadConfig(configPath)
- token1 := cfg1.Channels.Pico.Token
+ token1 := cfg1.Channels.Pico.Token()
// Second call should be a no-op
changed, err := h.ensurePicoChannel(origin)
@@ -178,7 +178,7 @@ func TestEnsurePicoChannel_Idempotent(t *testing.T) {
}
cfg2, _ := config.LoadConfig(configPath)
- if cfg2.Channels.Pico.Token != token1 {
+ if cfg2.Channels.Pico.Token() != token1 {
t.Error("token should not change on subsequent calls")
}
}
diff --git a/web/frontend/src/components/chat/user-message.tsx b/web/frontend/src/components/chat/user-message.tsx
index b47806f49..84978e907 100644
--- a/web/frontend/src/components/chat/user-message.tsx
+++ b/web/frontend/src/components/chat/user-message.tsx
@@ -5,7 +5,7 @@ interface UserMessageProps {
export function UserMessage({ content }: UserMessageProps) {
return (
-
+
{content}
diff --git a/web/frontend/src/components/config/config-page.tsx b/web/frontend/src/components/config/config-page.tsx
index e533b956f..ee24aafaa 100644
--- a/web/frontend/src/components/config/config-page.tsx
+++ b/web/frontend/src/components/config/config-page.tsx
@@ -147,6 +147,9 @@ export function ConfigPage() {
const maxTokens = parseIntField(form.maxTokens, "Max tokens", {
min: 1,
})
+ const contextWindow = form.contextWindow.trim()
+ ? parseIntField(form.contextWindow, "Context window", { min: 1 })
+ : undefined
const maxToolIterations = parseIntField(
form.maxToolIterations,
"Max tool iterations",
@@ -201,6 +204,7 @@ export function ConfigPage() {
workspace,
restrict_to_workspace: form.restrictToWorkspace,
max_tokens: maxTokens,
+ context_window: contextWindow,
max_tool_iterations: maxToolIterations,
summarize_message_threshold: summarizeMessageThreshold,
summarize_token_percent: summarizeTokenPercent,
diff --git a/web/frontend/src/components/config/config-sections.tsx b/web/frontend/src/components/config/config-sections.tsx
index 517185eda..d938a93d4 100644
--- a/web/frontend/src/components/config/config-sections.tsx
+++ b/web/frontend/src/components/config/config-sections.tsx
@@ -106,6 +106,20 @@ export function AgentDefaultsSection({
/>
+
+ onFieldChange("contextWindow", e.target.value)}
+ placeholder="131072"
+ />
+
+
+ The default general-purpose assistant for everyday conversation, problem
+ solving, and workspace help.
+---
+
+You are Pico, the default assistant for this workspace.
+Your name is PicoClaw 🦞.
+## Role
+
+You are an ultra-lightweight personal AI assistant written in Go, designed to
+be practical, accurate, and efficient.
+
+## Mission
+
+- Help with general requests, questions, and problem solving
+- Use available tools when action is required
+- Stay useful even on constrained hardware and minimal environments
+
+## Capabilities
+
+- Web search and content fetching
+- File system operations
+- Shell command execution
+- Skill-based extension
+- Memory and context management
+- Multi-channel messaging integrations when configured
+
+## Working Principles
+
+- Be clear, direct, and accurate
+- Prefer simplicity over unnecessary complexity
+- Be transparent about actions and limits
+- Respect user control, privacy, and safety
+- Aim for fast, efficient help without sacrificing quality
+
+## Goals
+
+- Provide fast and lightweight AI assistance
+- Support customization through skills and workspace files
+- Remain effective on constrained hardware
+- Improve through feedback and continued iteration
+
+Read `SOUL.md` as part of your identity and communication style.
diff --git a/workspace/AGENTS.md b/workspace/AGENTS.md
deleted file mode 100644
index 5f5fa6480..000000000
--- a/workspace/AGENTS.md
+++ /dev/null
@@ -1,12 +0,0 @@
-# Agent Instructions
-
-You are a helpful AI assistant. Be concise, accurate, and friendly.
-
-## Guidelines
-
-- Always explain what you're doing before taking actions
-- Ask for clarification when request is ambiguous
-- Use tools to help accomplish tasks
-- Remember important information in your memory files
-- Be proactive and helpful
-- Learn from user feedback
\ No newline at end of file
diff --git a/workspace/IDENTITY.md b/workspace/IDENTITY.md
deleted file mode 100644
index 20e3e49fa..000000000
--- a/workspace/IDENTITY.md
+++ /dev/null
@@ -1,53 +0,0 @@
-# Identity
-
-## Name
-PicoClaw 🦞
-
-## Description
-Ultra-lightweight personal AI assistant written in Go, inspired by nanobot.
-
-## Purpose
-- Provide intelligent AI assistance with minimal resource usage
-- Support multiple LLM providers (OpenAI, Anthropic, Zhipu, etc.)
-- Enable easy customization through skills system
-- Run on minimal hardware ($10 boards, <10MB RAM)
-
-## Capabilities
-
-- Web search and content fetching
-- File system operations (read, write, edit)
-- Shell command execution
-- Multi-channel messaging (Telegram, WhatsApp, Feishu)
-- Skill-based extensibility
-- Memory and context management
-
-## Philosophy
-
-- Simplicity over complexity
-- Performance over features
-- User control and privacy
-- Transparent operation
-- Community-driven development
-
-## Goals
-
-- Provide a fast, lightweight AI assistant
-- Support offline-first operation where possible
-- Enable easy customization and extension
-- Maintain high quality responses
-- Run efficiently on constrained hardware
-
-## License
-MIT License - Free and open source
-
-## Repository
-https://github.com/sipeed/picoclaw
-
-## Contact
-Issues: https://github.com/sipeed/picoclaw/issues
-Discussions: https://github.com/sipeed/picoclaw/discussions
-
----
-
-"Every bit helps, every bit matters."
-- Picoclaw
\ No newline at end of file
diff --git a/workspace/SOUL.md b/workspace/SOUL.md
index 0be8834f5..8a6371ff9 100644
--- a/workspace/SOUL.md
+++ b/workspace/SOUL.md
@@ -1,6 +1,6 @@
# Soul
-I am picoclaw, a lightweight AI assistant powered by AI.
+I am PicoClaw: calm, helpful, and practical.
## Personality
@@ -8,10 +8,12 @@ I am picoclaw, a lightweight AI assistant powered by AI.
- Concise and to the point
- Curious and eager to learn
- Honest and transparent
+- Calm under uncertainty
## Values
- Accuracy over speed
- User privacy and safety
- Transparency in actions
-- Continuous improvement
\ No newline at end of file
+- Continuous improvement
+- Simplicity over unnecessary complexity
diff --git a/workspace/USER.md b/workspace/USER.md
index 91398a019..9a3419d87 100644
--- a/workspace/USER.md
+++ b/workspace/USER.md
@@ -1,6 +1,6 @@
# User
-Information about user goes here.
+Information about the user goes here.
## Preferences
@@ -18,4 +18,4 @@ Information about user goes here.
- What the user wants to learn from AI
- Preferred interaction style
-- Areas of interest
\ No newline at end of file
+- Areas of interest
@@ -24,147 +24,138 @@
---
-> **PicoClaw** est un projet open-source indépendant initié par [Sipeed](https://sipeed.com). Il est entièrement écrit en **Go** — ce n'est pas un fork d'OpenClaw, de NanoBot ou de tout autre projet.
+> **PicoClaw** est un projet open-source indépendant initié par [Sipeed](https://sipeed.com), entièrement écrit en **Go** à partir de zéro — ce n'est pas un fork d'OpenClaw, de NanoBot ou de tout autre projet.
-🦐 **PicoClaw** est un assistant personnel IA ultra-léger inspiré de [NanoBot](https://github.com/HKUDS/nanobot), entièrement réécrit en **Go** via un processus d'auto-amorçage (self-bootstrapping) — où l'agent IA lui-même a piloté l'intégralité de la migration architecturale et de l'optimisation du code.
+**PicoClaw** est un assistant personnel IA ultra-léger inspiré de [NanoBot](https://github.com/HKUDS/nanobot). Il a été entièrement reconstruit en **Go** via un processus d'auto-amorçage (self-bootstrapping) — l'Agent IA lui-même a piloté la migration architecturale et l'optimisation du code.
+
+**Fonctionne sur du matériel à $10 avec <10 Mo de RAM** — c'est 99% de mémoire en moins qu'OpenClaw et 98% moins cher qu'un Mac mini !
-⚡️ **Extrêmement léger :** Fonctionne sur du matériel à seulement **$10** avec **<10 Mo** de RAM. C'est 99% de mémoire en moins qu'OpenClaw et 98% moins cher qu'un Mac mini !
- 
- 
-> 📋 **[Liste de Compatibilité Matérielle](docs/hardware-compatibility.md)** — Voir toutes les cartes testées, du RISC-V à $5 au Raspberry Pi en passant par les téléphones Android. Votre carte n'est pas listée ? Soumettez une PR !
+
+
-
-### 🐜 Déploiement Innovant à Faible Empreinte
+### 🐜 Déploiement innovant à faible empreinte
PicoClaw peut être déployé sur pratiquement n'importe quel appareil Linux !
-- 9,9$ [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) version E (Ethernet) ou W (WiFi6), pour un Assistant Domotique Minimaliste
-- 30~$50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), ou 100$ [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html) pour la Maintenance Automatisée de Serveurs
-- 50$ [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) ou 100$ [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera) pour la Surveillance Intelligente
+- $9,9 [LicheeRV-Nano](https://www.aliexpress.com/item/1005006519668532.html) édition E(Ethernet) ou W(WiFi6), pour un assistant domestique minimal
+- $30~50 [NanoKVM](https://www.aliexpress.com/item/1005007369816019.html), ou $100 [NanoKVM-Pro](https://www.aliexpress.com/item/1005010048471263.html), pour des opérations serveur automatisées
+- $50 [MaixCAM](https://www.aliexpress.com/item/1005008053333693.html) ou $100 [MaixCAM2](https://www.kickstarter.com/projects/zepan/maixcam2-build-your-next-gen-4k-ai-camera), pour la surveillance intelligente
Rejoignez le Réseau Social d'Agents
+**Option 1 : Double-clic (Bureau)**
-Connectez PicoClaw au Réseau Social d'Agents simplement en envoyant un seul message via le CLI ou n'importe quelle application de chat intégrée.
+Après téléchargement depuis [picoclaw.io](https://picoclaw.io), double-cliquez sur `picoclaw-launcher` (ou `picoclaw-launcher.exe` sous Windows). Votre navigateur s'ouvrira automatiquement sur `http://localhost:18800`.
+
+**Option 2 : Ligne de commande**
+
+```bash
+picoclaw-launcher
+# Ouvrez http://localhost:18800 dans votre navigateur
+```
+
+> [!TIP]
+> **Accès distant / Docker / VM :** Ajoutez le flag `-public` pour écouter sur toutes les interfaces :
+> ```bash
+> picoclaw-launcher -public
+> ```
+
+
+
+
+
+
+
-
+