Summary

This PR combines three production-facing fixes/enhancements:

1. Kernel UTF-8 safety

   • Replaced byte-slice truncation paths with UTF-8-safe truncation to prevent panics on multi-byte text (e.g. Chinese/emoji).

2. New built-in tool: system_time

   • Added a deterministic local/UTC time tool so agents can answer time queries without unnecessary web search.
   • Supports:
     • timezone: local (default) or utc
     • format: rfc3339 (default) or iso

3. ClawHub install resilience

   • Added retry/backoff behavior for transient download failures:
     • retries on 429 Too Many Requests and 5xx
     • honors Retry-After when present
     • exponential backoff fallback
     • clearer final error message with attempt count

Motivation

These changes were driven by real runtime issues:

• A panic in kernel string truncation (not a char boundary) when processing non-ASCII text.
• Time queries sometimes routed to web search; this is slower and less reliable than local system time.
• ClawHub installs failed immediately under rate limiting, creating poor UX.

Detailed Changes

1) Kernel UTF-8 truncation fixes

File: crates/openfang-kernel/src/kernel.rs

• Use safe_truncate_str(...) instead of &s[..N] in:
  • daily memory log summary truncation
  • identity file max-bytes truncation
  • session summary topic truncation

This prevents panics when truncating multibyte strings.

2) system_time tool in runtime

File: crates/openfang-runtime/src/tool_runner.rs

• Added tool definition in builtin_tool_definitions()
• Added dispatch branch in execute_tool(...)
• Added tool_system_time(...) implementation

Output fields:

• local_time
• utc_time
• timezone
• offset
• unix_seconds

Tests added:

• test_system_time_default
• test_system_time_utc_iso
• test_system_time_invalid_timezone

3) ClawHub download retry/backoff

File: crates/openfang-skills/src/clawhub.rs

• Wrapped install download request in retry loop (MAX_ATTEMPTS=4)
• Retry conditions:
  • 429
  • 5xx
  • request-level network failures
• Delay strategy:
  • Retry-After header (seconds, capped)
  • fallback exponential backoff
• Added helper functions:
  • retry_delay(...)
  • exponential_backoff(...)
• Added tests for retry/backoff behavior.

Test Plan

Executed locally:

• cargo build --workspace --lib ✅
• cargo test --workspace ✅
• cargo test -p openfang-runtime system_time ✅

Note:

• cargo clippy --workspace --all-targets -- -D warnings currently fails due to pre-existing unrelated warnings in crates/openfang-cli/src/main.rs (collapsible_else_if), not introduced by this PR.

Risk / Compatibility

• Low risk.
• Kernel changes are safety-only (no intended behavior change besides avoiding panic).
• New tool is additive.
• ClawHub retry logic only affects transient error handling and improves reliability.