Detect allowPromptInjection and optimize auto-recall handling

[lcpdeb]

Description

When allowPromptInjection=false, the OpenClaw framework strips prompt mutation fields from before_agent_start results, leaving undefined. The ?? fallback in attempt.ts then invokes the hook a second time. MemOS's auto-recall (LLM + embedding search) runs twice per message, and both results are discarded.

Related Issue (Required): Fixes #1276

Fix (workaround at plugin level): Detect allowPromptInjection in the plugin and skip auto-recall early.

// In register(): read policy
const pluginEntry = (api.config as any)?.plugins?.entries?.[api.id];
const allowPromptInjection = pluginEntry?.hooks?.allowPromptInjection !== false;

// In before_agent_start handler: early return
if (!allowPromptInjection) return {};

Returning {} (truthy) prevents the ?? fallback from triggering a second call.

Note: This is a workaround for an openclaw framework issue. The framework-level fix would be in constrainLegacyPromptInjectionHook to return {} instead of undefined.

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactor (does not change functionality, e.g. code style improvements, linting)
• Documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

• Unit Test
• Test Script Or Test Steps (please provide)
• Pipeline Automated API Test (please provide)

Checklist

• I have performed a self-review of my own code | 我已自行检查了自己的代码
• I have commented my code in hard-to-understand areas | 我已在难以理解的地方对代码进行了注释
• I have added tests that prove my fix is effective or that my feature works | 我已添加测试以证明我的修复有效或功能正常
• I have created related documentation issue/PR in MemOS-Docs (if applicable) | 我已在 MemOS-Docs 中创建了相关的文档 issue/PR（如果适用）
• I have linked the issue to this PR (if applicable) | 我已将 issue 链接到此 PR（如果适用）
• I have mentioned the person who will review this PR | 我已提及将审查此 PR 的人

Reviewer Checklist

• closes #xxxx (Replace xxxx with the GitHub issue number)
• Made sure Checks passed
• Tests have been provided

[Copilot]

Pull request overview

This PR adds a plugin-level workaround for an OpenClaw framework behavior where allowPromptInjection=false can lead to before_agent_start being invoked twice (due to prompt-mutation fields being stripped and the framework falling back via ??), causing MemOS auto-recall to run redundantly.

Changes:

• Read hooks.allowPromptInjection from the OpenClaw runtime config (api.config) during plugin registration.
• Short-circuit the before_agent_start auto-recall hook when allowPromptInjection is disabled to avoid unnecessary LLM/embedding work.
• Add startup logging indicating whether auto-recall is enabled/disabled under the policy.

Comments suppressed due to low confidence (1)

apps/memos-local-openclaw/index.ts:925

• In allowPromptInjection=false mode, this early return prevents updating currentAgentId from hookCtx.agentId. Since tools like memory_search use currentAgentId for owner isolation, tool calls during the agent run may incorrectly use the default main owner. Set currentAgentId from hookCtx?.agentId before returning (or move the policy check after the currentAgentId update) so isolation remains correct even when auto-recall is disabled.

    api.on("before_agent_start", async (event: { prompt?: string; messages?: unknown[] }, hookCtx?: { agentId?: string; sessionKey?: string }) => {
      if (!allowPromptInjection) return {};
      if (!event.prompt || event.prompt.length < 3) return;

      const recallAgentId = hookCtx?.agentId ?? "main";
      currentAgentId = recallAgentId;

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.