Two pre-existing issues surfaced during sim e2e of a full debate:
1. **secret-mgr env injection**: backend-client's resolveApiKey ran
execSync('secret-mgr get dialectic-agent-apikey') without setting
AGENT_ID/AGENT_WORKSPACE/AGENT_VERIFY in the child env. The plugin
process inherits the openclaw gateway env (no agent context), so
secret-mgr refused with 'AGENT_VERIFY mismatch' and the error
surfaced to agents as the generic 'dialectic api key not provisioned'
(stderr was swallowed by stdio:'ignore'). Now we explicitly inject
the pcexec trio plus PATH=~/.openclaw/bin:..., capture stderr so
underlying failures are visible, and use the standard
~/.openclaw/workspace/workspace-<id> layout if AGENT_WORKSPACE
isn't already set.
2. **DIALECTIC_PLUGIN_BYPASS_HF=1 sim escape hatch**: HarborForge's
hasOnCallCovering returns false on sim (sim agents have no real
on_call slots), which blocks dialectic_signup before it ever reaches
the backend. Added an env-gated skip so sim/test environments can
run the full debate flow without provisioning real schedules.
Bypass is opt-in via env, so prod is unaffected.
E2e verified on sim dind-t2 (openclaw) + dind-t3 (backend):
- recruiter/main/simdev minted dialectic-agent-apikey
- propose_topic created topic
- 3 signups all 201
- ticker allocated pro=main, con=simdev, judge=recruiter
- pro+con posted arguments to round 0
- judge submitted binary verdict after debate_end_at, topic→completed
- view_verdict round-trips
Deploy note: jiti loader prefers .js over .ts when both are present in
src/, so updates that only change .ts need the colocated .js removed
(or properly rebuilt) before they take effect. The plugin still ships
src/*.js as pre-built artifacts; consider switching to .ts-only
sources or running 'npm run build' before deploy.
hzhang
dd4c58ec8c