feat: add pure context mode to disable prompt injection

Author: jasonczc

cli/src/agent/utils/haqiAgentInstructions.test.ts

@@ -107,4 +107,25 @@ describe('haqiAgentInstructions', () => {
 
         expect(prompt).toContain('[truncated: MEMORY.md exceeded 65536 bytes]')
     })
+
+    it('skips all automatic prompt injections when pure context mode is enabled', () => {
+        const startDir = join(tempRoot, 'workspace')
+        const hapiHome = join(tempRoot, 'hapi-home')
+        mkdirSync(startDir, { recursive: true })
+        mkdirSync(hapiHome, { recursive: true })
+        process.env.HAPI_HOME = hapiHome
+        writeFileSync(join(startDir, 'HAQI-Agent.md'), 'repo-rules')
+        writeFileSync(
+            join(hapiHome, 'settings.json'),
+            JSON.stringify({
+                memoryInjectionEnabled: true,
+                pureContextMode: true
+            }, null, 2)
+        )
+
+        const prompt = buildPromptWithHaqiAgentInstructions('BASE PROMPT', startDir)
+
+        expect(prompt).toBe('BASE PROMPT')
+        expect(existsSync(join(hapiHome, 'MEMORY.md'))).toBe(false)
+    })
 })

cli/src/agent/utils/haqiAgentInstructions.ts

@@ -8,6 +8,7 @@ const WORKSPACE_INSTRUCTIONS_FILE = 'HAQI-Agent.md'
 const GLOBAL_MEMORY_FILE = 'MEMORY.md'
 const GLOBAL_SETTINGS_FILE = 'settings.json'
 const DEFAULT_MEMORY_INJECTION_ENABLED = false
+const DEFAULT_PURE_CONTEXT_MODE = false
 const MAX_FILE_BYTES = 64 * 1024
 const DEFAULT_MEMORY_TEMPLATE = trimIdent(`
     # MEMORY.md
@@ -61,27 +62,54 @@ function resolveGlobalSettingsPath(): string {
     return join(resolveHapiHomeDir(), GLOBAL_SETTINGS_FILE)
 }
 
-function isGlobalMemoryInjectionEnabled(): boolean {
+type GlobalPromptSettings = {
+    memoryInjectionEnabled: boolean
+    pureContextMode: boolean
+}
+
+function readGlobalPromptSettings(): GlobalPromptSettings {
     try {
         const filepath = resolveGlobalSettingsPath()
         if (!existsSync(filepath)) {
-            return DEFAULT_MEMORY_INJECTION_ENABLED
+            return {
+                memoryInjectionEnabled: DEFAULT_MEMORY_INJECTION_ENABLED,
+                pureContextMode: DEFAULT_PURE_CONTEXT_MODE
+            }
         }
         const raw = readFileSync(filepath, 'utf-8').trim()
         if (!raw) {
-            return DEFAULT_MEMORY_INJECTION_ENABLED
+            return {
+                memoryInjectionEnabled: DEFAULT_MEMORY_INJECTION_ENABLED,
+                pureContextMode: DEFAULT_PURE_CONTEXT_MODE
+            }
+        }
+        const parsed = JSON.parse(raw) as {
+            memoryInjectionEnabled?: unknown
+            pureContextMode?: unknown
         }
-        const parsed = JSON.parse(raw) as { memoryInjectionEnabled?: unknown }
-        if (typeof parsed.memoryInjectionEnabled === 'boolean') {
-            return parsed.memoryInjectionEnabled
+        const memoryInjectionEnabled = typeof parsed.memoryInjectionEnabled === 'boolean'
+            ? parsed.memoryInjectionEnabled
+            : DEFAULT_MEMORY_INJECTION_ENABLED
+        const pureContextMode = typeof parsed.pureContextMode === 'boolean'
+            ? parsed.pureContextMode
+            : DEFAULT_PURE_CONTEXT_MODE
+        return {
+            memoryInjectionEnabled,
+            pureContextMode
         }
-        return DEFAULT_MEMORY_INJECTION_ENABLED
     } catch (error) {
         logger.debug('[haqi-agent-instructions] failed to load global settings', error)
-        return DEFAULT_MEMORY_INJECTION_ENABLED
+        return {
+            memoryInjectionEnabled: DEFAULT_MEMORY_INJECTION_ENABLED,
+            pureContextMode: DEFAULT_PURE_CONTEXT_MODE
+        }
     }
 }
 
+export function isPureContextModeEnabled(): boolean {
+    return readGlobalPromptSettings().pureContextMode
+}
+
 function ensureGlobalMemoryFile(filepath: string): void {
     if (existsSync(filepath)) {
         return
@@ -140,9 +168,13 @@ export function loadGlobalMemory(): { path: string; content: string } | null {
 }
 
 export function buildPromptWithHaqiAgentInstructions(basePrompt: string, startDir: string): string {
+    const promptSettings = readGlobalPromptSettings()
+    if (promptSettings.pureContextMode) {
+        return basePrompt
+    }
+
     const instructions = loadHaqiAgentInstructions(startDir)
-    const memoryInjectionEnabled = isGlobalMemoryInjectionEnabled()
-    const globalMemory = memoryInjectionEnabled ? loadGlobalMemory() : null
+    const globalMemory = promptSettings.memoryInjectionEnabled ? loadGlobalMemory() : null
     if (!instructions && !globalMemory) {
         return basePrompt
     }

cli/src/claude/claudeLocal.ts

@@ -53,7 +53,9 @@ export async function claudeLocal(opts: {
     }
 
     const resolvedSystemPrompt = buildClaudeSystemPrompt(opts.path);
-    args.push('--append-system-prompt', stripNewlinesForWindowsShellArg(resolvedSystemPrompt));
+    if (resolvedSystemPrompt.trim()) {
+        args.push('--append-system-prompt', stripNewlinesForWindowsShellArg(resolvedSystemPrompt));
+    }
 
     const cleanupMcpConfig = appendMcpConfigArg(args, opts.mcpServers, {
         baseDir: projectDir

cli/src/claude/claudeRemote.ts

@@ -10,6 +10,7 @@ import { awaitFileExist } from "@/modules/watcher/awaitFileExist";
 import { buildClaudeSystemPrompt } from "./utils/systemPrompt";
 import { PermissionResult } from "./sdk/types";
 import { getHapiBlobsDir } from "@/constants/uploadPaths";
+import { isPureContextModeEnabled } from "@/agent/utils/haqiAgentInstructions";
 
 export async function claudeRemote(opts: {
 
@@ -108,6 +109,23 @@ export async function claudeRemote(opts: {
     }
 
     const resolvedSystemPrompt = buildClaudeSystemPrompt(opts.path);
+    const pureContextMode = isPureContextModeEnabled();
+    const normalizedSystemPrompt = resolvedSystemPrompt.trim();
+
+    const customSystemPrompt = pureContextMode
+        ? undefined
+        : (initial.mode.customSystemPrompt
+            ? (normalizedSystemPrompt
+                ? `${initial.mode.customSystemPrompt}\n\n${normalizedSystemPrompt}`
+                : initial.mode.customSystemPrompt)
+            : undefined);
+    const appendSystemPrompt = pureContextMode
+        ? undefined
+        : (initial.mode.appendSystemPrompt
+            ? (normalizedSystemPrompt
+                ? `${initial.mode.appendSystemPrompt}\n\n${normalizedSystemPrompt}`
+                : initial.mode.appendSystemPrompt)
+            : (normalizedSystemPrompt || undefined));
 
     // Prepare SDK options
     let mode = initial.mode;
@@ -119,8 +137,8 @@ export async function claudeRemote(opts: {
         model: initial.mode.model,
         effort: initial.mode.thinkEffort,
         fallbackModel: initial.mode.fallbackModel,
-        customSystemPrompt: initial.mode.customSystemPrompt ? initial.mode.customSystemPrompt + '\n\n' + resolvedSystemPrompt : undefined,
-        appendSystemPrompt: initial.mode.appendSystemPrompt ? initial.mode.appendSystemPrompt + '\n\n' + resolvedSystemPrompt : resolvedSystemPrompt,
+        customSystemPrompt,
+        appendSystemPrompt,
         allowedTools: initial.mode.allowedTools ? initial.mode.allowedTools.concat(opts.allowedTools) : opts.allowedTools,
         disallowedTools: initial.mode.disallowedTools,
         canCallTool: (toolName: string, input: unknown, options: { signal: AbortSignal }) => opts.canCallTool(toolName, input, mode, options),

cli/src/claude/runClaude.ts

@@ -18,6 +18,7 @@ import { isModelModeAllowedForFlavor, isPermissionModeAllowedForFlavor } from '@
 import { ModelModeSchema, PermissionModeSchema } from '@hapi/protocol/schemas';
 import { formatMessageWithAttachments } from '@/utils/attachmentFormatter';
 import { findClaudeThinkEffortFromArgs, type ClaudeThinkEffort, resolveClaudeModelSelection } from './modelMode';
+import { isPureContextModeEnabled } from '@/agent/utils/haqiAgentInstructions';
 
 export interface StartOptions {
     model?: string
@@ -427,11 +428,15 @@ export async function runClaude(options: StartOptions = {}): Promise<void> {
         }
         const messagePermissionMode = currentPermissionMode;
         const messageModel = currentModel;
+        const pureContextMode = isPureContextModeEnabled();
         logger.debug(`[loop] User message received with permission mode: ${currentPermissionMode}, modelMode: ${currentModelMode}, model: ${currentModel ?? 'default'}`);
 
         // Resolve custom system prompt - use message.meta.customSystemPrompt if provided, otherwise use current
         let messageCustomSystemPrompt = currentCustomSystemPrompt;
-        if (message.meta?.hasOwnProperty('customSystemPrompt')) {
+        if (pureContextMode) {
+            messageCustomSystemPrompt = undefined;
+            currentCustomSystemPrompt = undefined;
+        } else if (message.meta?.hasOwnProperty('customSystemPrompt')) {
             messageCustomSystemPrompt = message.meta.customSystemPrompt || undefined; // null becomes undefined
             currentCustomSystemPrompt = messageCustomSystemPrompt;
             logger.debug(`[loop] Custom system prompt updated from user message: ${messageCustomSystemPrompt ? 'set' : 'reset to none'}`);
@@ -451,7 +456,10 @@ export async function runClaude(options: StartOptions = {}): Promise<void> {
 
         // Resolve append system prompt - use message.meta.appendSystemPrompt if provided, otherwise use current
         let messageAppendSystemPrompt = currentAppendSystemPrompt;
-        if (message.meta?.hasOwnProperty('appendSystemPrompt')) {
+        if (pureContextMode) {
+            messageAppendSystemPrompt = undefined;
+            currentAppendSystemPrompt = undefined;
+        } else if (message.meta?.hasOwnProperty('appendSystemPrompt')) {
             messageAppendSystemPrompt = message.meta.appendSystemPrompt || undefined; // null becomes undefined
             currentAppendSystemPrompt = messageAppendSystemPrompt;
             logger.debug(`[loop] Append system prompt updated from user message: ${messageAppendSystemPrompt ? 'set' : 'reset to none'}`);
@@ -632,13 +640,14 @@ export async function runClaude(options: StartOptions = {}): Promise<void> {
         try {
             const parsed = resolveEnqueuePayload(payload);
             const formattedText = formatMessageWithAttachments(parsed.text, parsed.attachments);
+            const pureContextMode = isPureContextModeEnabled();
             const enhancedMode: EnhancedMode = {
                 permissionMode: currentPermissionMode ?? 'default',
                 model: currentModel,
                 thinkEffort: currentThinkEffort,
                 fallbackModel: currentFallbackModel,
-                customSystemPrompt: currentCustomSystemPrompt,
-                appendSystemPrompt: currentAppendSystemPrompt,
+                customSystemPrompt: pureContextMode ? undefined : currentCustomSystemPrompt,
+                appendSystemPrompt: pureContextMode ? undefined : currentAppendSystemPrompt,
                 allowedTools: currentAllowedTools,
                 disallowedTools: currentDisallowedTools,
                 routeContext: parsed.routeContext
@@ -727,12 +736,13 @@ export async function runClaude(options: StartOptions = {}): Promise<void> {
         try {
             const parsed = resolveEnqueuePayload(payload);
             const formattedText = formatMessageWithAttachments(parsed.text, parsed.attachments);
+            const pureContextMode = isPureContextModeEnabled();
             const enhancedMode: EnhancedMode = {
                 permissionMode: currentPermissionMode ?? 'default',
                 model: currentModelMode === 'default' ? undefined : currentModelMode,
                 fallbackModel: currentFallbackModel,
-                customSystemPrompt: currentCustomSystemPrompt,
-                appendSystemPrompt: currentAppendSystemPrompt,
+                customSystemPrompt: pureContextMode ? undefined : currentCustomSystemPrompt,
+                appendSystemPrompt: pureContextMode ? undefined : currentAppendSystemPrompt,
                 allowedTools: currentAllowedTools,
                 disallowedTools: currentDisallowedTools,
                 routeContext: parsed.routeContext

cli/src/claude/utils/systemPrompt.ts

@@ -1,6 +1,6 @@
 import { trimIdent } from "@/utils/trimIdent";
 import { shouldIncludeCoAuthoredBy } from "./claudeSettings";
-import { buildPromptWithHaqiAgentInstructions } from "@/agent/utils/haqiAgentInstructions";
+import { buildPromptWithHaqiAgentInstructions, isPureContextModeEnabled } from "@/agent/utils/haqiAgentInstructions";
 
 /**
  * Base system prompt shared across all configurations
@@ -43,5 +43,8 @@ export const systemPrompt = (() => {
 })();
 
 export function buildClaudeSystemPrompt(startDir: string): string {
+  if (isPureContextModeEnabled()) {
+    return '';
+  }
   return buildPromptWithHaqiAgentInstructions(systemPrompt, startDir);
 }

cli/src/codex/utils/appServerConfig.test.ts

@@ -1,10 +1,30 @@
-import { describe, expect, it } from 'vitest';
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { afterEach, beforeEach, describe, expect, it } from 'vitest';
 import { buildThreadStartParams, buildTurnStartParams } from './appServerConfig';
 import { codexSystemPrompt } from './systemPrompt';
 
 describe('appServerConfig', () => {
+    let tempRoot: string;
+    let previousHapiHome: string | undefined;
     const mcpServers = { hapi: { command: 'node', args: ['mcp'] } };
 
+    beforeEach(() => {
+        tempRoot = mkdtempSync(join(tmpdir(), 'app-server-config-'));
+        previousHapiHome = process.env.HAPI_HOME;
+        process.env.HAPI_HOME = tempRoot;
+    });
+
+    afterEach(() => {
+        if (previousHapiHome === undefined) {
+            delete process.env.HAPI_HOME;
+        } else {
+            process.env.HAPI_HOME = previousHapiHome;
+        }
+        rmSync(tempRoot, { recursive: true, force: true });
+    });
+
     it('applies CLI overrides when permission mode is default', () => {
         const params = buildThreadStartParams({
             mode: { permissionMode: 'default' },
@@ -47,6 +67,16 @@ describe('appServerConfig', () => {
         expect(params.approvalPolicy).toBe('never');
     });
 
+    it('omits base instructions when empty', () => {
+        const params = buildThreadStartParams({
+            mode: { permissionMode: 'default' },
+            mcpServers,
+            baseInstructions: ''
+        });
+
+        expect(params.baseInstructions).toBeUndefined();
+    });
+
     it('builds turn params with mode defaults', () => {
         const params = buildTurnStartParams({
             threadId: 'thread-1',

cli/src/codex/utils/appServerConfig.ts

@@ -2,6 +2,7 @@ import type { EnhancedMode } from '../loop';
 import type { CodexCliOverrides } from './codexCliOverrides';
 import type { McpServersConfig } from './buildHapiMcpBridge';
 import { codexSystemPrompt } from './systemPrompt';
+import { isPureContextModeEnabled } from '@/agent/utils/haqiAgentInstructions';
 import type {
     ApprovalPolicy,
     SandboxMode,
@@ -91,12 +92,13 @@ export function buildThreadStartParams(args: {
     const resolvedSandbox = cliOverrides?.sandbox ?? sandbox;
 
     const config = buildMcpServerConfig(args.mcpServers);
-    const baseInstructions = args.baseInstructions ?? codexSystemPrompt;
+    const defaultBaseInstructions = isPureContextModeEnabled() ? '' : codexSystemPrompt;
+    const baseInstructions = args.baseInstructions ?? defaultBaseInstructions;
 
     const params: ThreadStartParams = {
         approvalPolicy: resolvedApprovalPolicy,
         sandbox: resolvedSandbox,
-        baseInstructions,
+        ...(baseInstructions.trim() ? { baseInstructions } : {}),
         ...(args.developerInstructions ? { developerInstructions: args.developerInstructions } : {}),
         ...(Object.keys(config).length > 0 ? { config } : {})
     };

cli/src/codex/utils/codexMcpConfig.test.ts

@@ -89,5 +89,10 @@ describe('codexMcpConfig', () => {
 
             expect(args[1]).toContain('\\\\');
         });
+
+        it('returns no args for empty instructions', () => {
+            const args = buildDeveloperInstructionsArg('   ');
+            expect(args).toEqual([]);
+        });
     });
 });

cli/src/codex/utils/codexMcpConfig.ts

@@ -71,6 +71,9 @@ export function buildMcpServerConfigArgs(
  * @returns Array of CLI arguments to pass to codex
  */
 export function buildDeveloperInstructionsArg(instructions: string): string[] {
+    if (!instructions.trim()) {
+        return [];
+    }
     const escaped = escapeTomlString(instructions);
     return ['-c', `developer_instructions="${escaped}"`];
 }