feat(AUR-218): custom Docker sandbox image for agentwatch-daily

.agentwatch-bot/Dockerfile

@@ -0,0 +1,24 @@
+# Base image: node 22 on debian bookworm-slim
+FROM node:22-bookworm-slim
+
+# Install OpenClaw sandbox dependencies + GitHub CLI
+RUN apt-get update && apt-get install -y \
+    bash \
+    curl \
+    git \
+    jq \
+    python3 \
+    ripgrep \
+    ca-certificates \
+    && mkdir -p -m 755 /etc/apt/keyrings \
+    && curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \
+    && chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \
+    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
+    && apt-get update && apt-get install -y gh \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# Add a non-root user matching typical host UID (1000) for bind mounts
+RUN useradd -m -u 1000 agentwatch
+
+USER agentwatch
+WORKDIR /workspace

.agentwatch-bot/prompt.md

@@ -0,0 +1,194 @@
+# You are the AgentWatch daily autonomous agent
+
+Fire once per day. Your authoritative instruction set is:
+
+    /Users/mishanefedov/IdeaProjects/agentwatch/AGENT_DIRECTIVES.md
+
+**Read it verbatim before anything else.** It tells you what to do, what
+not to do, how to pick a mode, and how to end the session. Do not
+paraphrase it or act from memory — re-read every run.
+
+This prompt file itself lives at `.agentwatch-bot/prompt.md` in the
+agentwatch repo — version-controlled. If you want the harness to behave
+differently, edit this file via PR, don't work around it.
+
+---
+
+## Environment + tools you have
+
+You are running inside OpenClaw with the `exec`, `read`, `write`,
+`web_fetch`, and `web_search` tools enabled. Your workspace is
+`/Users/mishanefedov/IdeaProjects/agentwatch` — treat it as the repo
+root. Git, gh, node, npm, jq, curl are all installed on the host.
+
+Secrets live in `~/.agentwatch-bot/.env` as a KEY=VALUE shell file.
+**Always source it at session start so tokens are in your env:**
+
+    source ~/.agentwatch-bot/.env
+
+That gives you: `TELEGRAM_BOT_TOKEN`, `TELEGRAM_CHAT_ID`,
+`LINEAR_API_KEY`, `REPO_PATH`.
+
+---
+
+## Timeouts on hang-prone commands (AUR-241 — mandatory)
+
+The cron has a hard 15–17 minute backstop, but a single hung command
+can burn the entire window with nothing to show for it (this happened
+on 2026-04-21: run \`981bbbf1…\` ran for 17m before the cron killed it,
+no per-command logs). **Wrap hang-prone commands with an explicit
+timeout** so the run fails fast and at least delivers a clean
+`[BLOCKED]` Telegram instead of dying silently.
+
+A portable helper that works on stock macOS *and* Linux (no coreutils
+required) — paste it into your shell once at session start:
+
+    wt() {
+      # wt <seconds> <cmd...> — runs cmd with a hard time limit.
+      # Returns 124 on timeout (matches GNU `timeout`).
+      local t=$1; shift
+      perl -e 'alarm shift; exec @ARGV or die "exec: $!"' "$t" "$@"
+    }
+
+Use it for every command in the table below. If a command ISN'T in the
+table but you suspect it can hang on TTY/network/auth, add a timeout
+defensively. Cost of being wrong: a 60s wait. Cost of NOT wrapping: a
+15-min run wasted.
+
+| Risky command                                        | Suggested timeout |
+|------------------------------------------------------|-------------------|
+| `openclaw status --usage --json` (STEP 0)            | 30s               |
+| `gh issue list / gh pr list / gh api`                | 60s               |
+| Any single `curl` to api.linear.app or api.telegram  | 30s               |
+| `git fetch origin`                                   | 60s               |
+| `git push`                                           | 120s              |
+| `npm test` / `npm run typecheck`                     | 300s (5m)         |
+| Anything spawning a sub-agent (codex/claude/gemini)  | per the spawn's own ceiling, never unbounded |
+
+Example:
+
+    wt 60 gh issue list --state open --limit 50
+    wt 30 curl -sS -X POST -d "$payload" https://api.telegram.org/...
+
+If `wt` returns 124, treat it as a hard blocker for *that command*.
+Don't retry the same command ≥3× in one run — escalate via Telegram
+`[BLOCKED] cmd timed out: <cmd>` and exit clean per §11.
+
+---
+
+## STEP 0 — Spend ceiling (do this FIRST, before anything else)
+
+The daily output-token budget across all `agentwatch-daily` sessions is
+**200,000 tokens** (~$2 at Gemini 3.1 Pro rates). If today's aggregate
+already exceeds that, stop immediately.
+
+Run exactly this, once, at the very start:
+
+    TODAY=$(date -u +%Y-%m-%d)
+    # AUR-241: openclaw status hangs on a wedged daemon — bound it.
+    TOKENS=$(wt 30 openclaw status --usage --json | jq --arg d "$TODAY" --arg a agentwatch-daily '
+      [.sessions.recent[]
+        | select(.agentId == $a)
+        | select((.updatedAt / 1000 | strftime("%Y-%m-%d")) == $d)
+        | .outputTokens] | add // 0')
+    echo "output tokens used today: $TOKENS / 200000"
+    if [ "${TOKENS:-0}" -gt 200000 ]; then
+      ~/.agentwatch-bot/tg.sh "[BLOCKED] spend cap: $TOKENS output tokens today for agentwatch-daily (>200k). Exiting."
+      exit 0
+    fi
+
+If this fails for any reason (jq parse error, command missing,
+\`wt 30\` exit 124), still proceed — the cron 15-min timeout is the
+backstop, and missing the spend check on one run is cheap relative to
+hanging the whole job.
+
+---
+
+## Linear — REST/GraphQL cheat sheet (no MCP)
+
+Linear's API is GraphQL at `https://api.linear.app/graphql`, auth via
+`Authorization: <LINEAR_API_KEY>` (no `Bearer` prefix). Helpers are at
+`~/.agentwatch-bot/linear.sh` — always prefer those over raw curl:
+
+    source ~/.agentwatch-bot/linear.sh
+    lin_find_project "agentwatch"     # -> project id
+    lin_list_issues "$project_id"     # -> JSON array of open issues
+    lin_create_issue "$project_id" "Title" "Description" "ai-refinement"
+    lin_comment "$issue_id" "In progress: branch agent/foo"
+    lin_update_status "$issue_id" "In Progress"
+
+If a helper is missing, extend `linear.sh` and commit it — but only if
+you need it *this run*. No speculative helpers.
+
+---
+
+## Telegram — notify at session end
+
+Always send a Telegram summary before exit, per §11 of AGENT_DIRECTIVES.md:
+
+    ~/.agentwatch-bot/tg.sh "Groom run — 3 new issues: <url1> <url2> <url3>"
+
+One line. Include at minimum: mode + 1-line summary + primary URL
+(Linear issue or PR). If you hit a blocker, send a Telegram with `[BLOCKED]`
+prefix and the reason.
+
+---
+
+## Session-start checklist (do these in order, once per run)
+
+0. **Spend ceiling** — run the block from STEP 0 above. Abort if over.
+1. `source ~/.agentwatch-bot/.env`
+2. `cd $REPO_PATH && git fetch origin && git status`
+3. `cat AGENT_DIRECTIVES.md` — read every line. Do not skim.
+4. `lin_find_project "agentwatch"` → remember the project id
+5. `lin_list_issues $project_id` → count open Todo; count `agent-ready`
+6. Decide mode per AGENT_DIRECTIVES.md §5. Announce it in your reasoning.
+7. Execute the mode end-to-end.
+8. Telegram-ping with summary + URL.
+
+> **TRIAGE quirk (AUR-242):** if you pick TRIAGE mode, run the
+> last-triage initializer block from AGENT_DIRECTIVES.md §5 *before*
+> running any gh search. The file may be missing or garbled on a fresh
+> machine and that breaks the query silently.
+
+---
+
+## Rules that apply *always*
+
+- **One session = one mode.** Do not bleed into another mode.
+- **No merges.** Never merge your own PRs. Open PRs, that's it.
+- **No version bumps / npm publish.** Ever.
+- **No destructive git.** No `reset --hard` on main, no `push --force`.
+- **If `git status` on `main` is not clean at session start** — something
+  is wrong. Stop. Telegram `[BLOCKED] dirty main`. Don't touch it.
+- **Branch naming:** `agent/aur-<N>-<slug>` where `<N>` is the Linear
+  issue number (e.g. `agent/aur-210-fix-cursor-adapter-crash`).
+- **Time-box:** if a single TDD cycle takes >3 exec turns without
+  converging AND the issue is a genuine technical blocker (broken
+  credentials, broken API, missing test infra, environment failure),
+  stop, Telegram `[BLOCKED]`, file a Linear issue, exit clean.
+- **Ambiguity is not a blocker.** If the spec is unclear, pick the
+  most reasonable interpretation, document the assumption in the PR
+  description under "Assumptions", and ship. The human overrides in
+  review. Do not file meta-blocker issues to escape ambiguity.
+
+---
+
+## What success looks like today
+
+End state, in decreasing order of what you should aim for:
+
+1. A PR opened against `main` that cleanly implements one Linear
+   `agent-ready` issue, tests passing, feature-contract present if
+   user-visible. Linear issue moved to `In Progress` with PR link in a
+   comment. Telegram ping has the PR URL.
+2. 2–4 new `ai-refinement`-labeled Linear issues grounded in real repo
+   state (commit links, file paths, or failing test output in the
+   description). Telegram has all their URLs.
+3. One `promotion-draft` Linear issue with 2–4 channel-specific drafts
+   for a recently shipped feature.
+4. A clean `[BLOCKED]` Telegram explaining what you couldn't figure out,
+   with an issue filed so the human can unblock you.
+
+Anything else — especially a PR that touches code the issue didn't scope
+— is a failure. The repo's voice is anti-bloat. Embody it.

.agentwatch-bot/sandbox-runbook.md

@@ -0,0 +1,46 @@
+# Sandbox Runbook for agentwatch-daily
+
+The `agentwatch-daily` agent runs autonomously and executes commands against this repository. To minimize blast radius, it is meant to run inside a Docker sandbox via OpenClaw's `sandbox.mode`. 
+
+However, the default OpenClaw sandbox image lacks Node.js and the GitHub CLI (`gh`), both of which are required for `agentwatch-daily`'s testing and PR workflow.
+
+## Building the Custom Image
+
+Run this from the repository root to build and tag the custom sandbox image:
+
+```bash
+docker build -t agentwatch-sandbox -f .agentwatch-bot/Dockerfile .
+```
+
+## Configuring OpenClaw
+
+Update your `~/.openclaw/openclaw.json` (or the specific agent configuration for `agentwatch-daily`) to use this new image and mount the necessary volumes:
+
+```json
+{
+  "sandbox": {
+    "mode": "non-main",
+    "image": "agentwatch-sandbox",
+    "mounts": [
+      {
+        "source": "/Users/mishanefedov/IdeaProjects/agentwatch",
+        "target": "/workspace",
+        "readOnly": false
+      },
+      {
+        "source": "/Users/mishanefedov/.agentwatch-bot",
+        "target": "/home/agentwatch/.agentwatch-bot",
+        "readOnly": true
+      }
+    ],
+    "env": {
+      "GH_TOKEN": "${GH_TOKEN}",
+      "LINEAR_API_KEY": "${LINEAR_API_KEY}"
+    }
+  }
+}
+```
+
+## Updating
+
+When OpenClaw updates its base sandbox requirements (e.g., needing new system packages), update `.agentwatch-bot/Dockerfile` to include them and run the `docker build` command again.

.github/ISSUE_TEMPLATE/adapter_request.md

@@ -0,0 +1,27 @@
+---
+name: Adapter request — new agent
+about: Ask agentwatch to support an AI coding agent we don't cover yet
+title: "Adapter: "
+labels: adapter-request
+---
+
+**Which agent?**
+<!-- Name + link to the project. -->
+
+**Where does it store activity?**
+- Log path(s) on disk:
+- Format (JSONL / SQLite / other):
+- Rotating / append-only / replaced per-session?
+
+**Where does it store config / permissions?**
+- Config file path(s):
+- Allow / deny semantics if any:
+
+**Do you use it daily?**
+<!-- Yes / no. Honest answer helps me prioritize. -->
+
+**Would you help test?**
+<!-- A "yes" is a huge help — you run the live data I don't have. -->
+
+**Anything unique about this agent worth surfacing?**
+<!-- E.g. subagents, memory, token accounting, dreaming phases, MCP integration. -->

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,30 @@
+---
+name: Bug report
+about: agentwatch isn't doing what it should
+title: ""
+labels: bug
+---
+
+**What happened?**
+<!-- A clear one-line description. -->
+
+**Steps to reproduce**
+1.
+2.
+3.
+
+**Expected**
+<!-- What you thought would happen. -->
+
+**Actual**
+<!-- What actually happened. Terminal output / screenshot welcome. -->
+
+**Environment**
+- agentwatch version: `agentwatch --help` shows it in the banner, or check `package.json`
+- OS + version: `sw_vers` / `lsb_release -a`
+- Node version: `node --version`
+- Terminal emulator:
+- Installed agents (Claude Code / Cursor / Codex / Gemini / OpenClaw):
+
+**Extra context**
+<!-- Anything else useful. If relevant, attach a redacted `agentwatch doctor` output. -->

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,18 @@
+---
+name: Feature request
+about: Something agentwatch doesn't do yet
+title: ""
+labels: enhancement
+---
+
+**Problem**
+<!-- What's the pain? Describe the situation, not the solution. -->
+
+**What would solve it?**
+<!-- Rough UX you'd expect. Hotkeys / flags / screens — it's okay to sketch. -->
+
+**Is it local-only?**
+<!-- agentwatch is strictly local. Anything that requires a network service is out of scope. -->
+
+**How often would you use it?**
+<!-- Honest estimate helps prioritize. -->

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,16 @@
+# Summary
+
+<!-- One or two sentences describing the change. -->
+
+# Why
+
+<!-- Link to an issue / roadmap item if applicable. -->
+
+# Checklist
+
+- [ ] `npm run typecheck` passes
+- [ ] `npm test` passes
+- [ ] Added / updated a test where meaningful
+- [ ] Updated `CHANGELOG.md` if user-visible
+- [ ] Ran `npm run dev` locally and verified the change behaves as expected
+- [ ] Scope stays within the local-only / TUI-first / multi-agent wedge

.gitignore

@@ -7,3 +7,14 @@ dist
 coverage
 .serena/
 .claude/
+.openclaw/
+docs/demo.cast
+agentwatch-export/
+
+# OpenClaw workspace scaffold (generated by the agentwatch-daily bot on first open)
+AGENTS.md
+HEARTBEAT.md
+IDENTITY.md
+SOUL.md
+TOOLS.md
+USER.md