openclacky 1.1.2 → 1.1.4

data/lib/clacky/server/channel/adapters/dingtalk/api_client.rb

@@ -3,6 +3,7 @@
 require "net/http"
 require "uri"
 require "json"
+require "securerandom"
 
 module Clacky
   module Channel
@@ -11,12 +12,31 @@ module Clacky
         # DingTalk Bot API client — sends messages via session webhook (Stream Mode).
         class ApiClient
           OPENAPI_BASE = "https://api.dingtalk.com"
+          OAPI_BASE    = "https://oapi.dingtalk.com"
+
+          # File extensions accepted by DingTalk sampleFile message (fileType field).
+          # Anything outside this list is rejected by DingTalk's API — we surface
+          # a friendly text notice to the user instead of attempting upload.
+          #
+          # Why 9 entries instead of the 6 the public doc lists? The official
+          # doc (open.dingtalk.com / sampleFile) explicitly names only:
+          #   xlsx, pdf, zip, rar, doc, docx
+          # However old-format Office types (xls / ppt / pptx) are accepted in
+          # practice and were verified by hand during the C-5597 rollout.
+          # We deliberately keep the empirical 9-entry list because
+          # downgrading to the doc's 6 would silently reject files users
+          # routinely send. If DingTalk ever tightens enforcement and the
+          # extra 3 start failing, prefer adding a converter (e.g. xls→xlsx)
+          # over shrinking the list — the goal is "things users send arrive".
+          SUPPORTED_FILE_EXTS = %w[doc docx xls xlsx ppt pptx pdf zip rar].freeze
 
           def initialize(client_id:, client_secret:)
             @client_id     = client_id
             @client_secret = client_secret
             @token         = nil
             @token_expires_at = 0
+            @oapi_token    = nil
+            @oapi_token_expires_at = 0
           end
 
           # Send a text (or Markdown) message via the session webhook URL.
@@ -67,6 +87,26 @@ module Clacky
             @token
           end
 
+          # OAPI access token — required by legacy /media/upload endpoint.
+          # Independent token system from /v1.0/oauth2/accessToken.
+          def oapi_access_token
+            return @oapi_token if @oapi_token && Time.now.to_i < @oapi_token_expires_at - 60
+
+            uri = URI.parse("#{OAPI_BASE}/gettoken?appkey=#{@client_id}&appsecret=#{@client_secret}")
+            http = Net::HTTP.new(uri.host, uri.port)
+            http.use_ssl = true
+            resp = http.request(Net::HTTP::Get.new(uri.request_uri))
+            data = JSON.parse(resp.body)
+
+            unless resp.code.to_i == 200 && data["errcode"].to_i.zero? && data["access_token"]
+              raise "DingTalk OAPI token error (#{resp.code}): #{data["errmsg"] || resp.body}"
+            end
+
+            @oapi_token = data["access_token"]
+            @oapi_token_expires_at = Time.now.to_i + (data["expires_in"] || 7200).to_i
+            @oapi_token
+          end
+
           # Validate credentials by fetching a token.
           # @return [Hash] { ok: Boolean, error: String? }
           def test_connection
@@ -75,6 +115,275 @@ module Clacky
           rescue => e
             { ok: false, error: e.message }
           end
+
+          # Download a file the bot received, given its downloadCode + robotCode
+          # from the inbound event. Two-step: exchange downloadCode for a temporary
+          # downloadUrl, then persist bytes to UPLOAD_DIR via FileProcessor.save.
+          # @param download_code [String]
+          # @param robot_code [String]
+          # @param prefer_name [String, nil] original filename from inbound event
+          #   (DingTalk's content.fileName) — used to pick the file extension so
+          #   downstream consumers (parsers, vision models) route by suffix correctly.
+          # @return [Hash, nil] { name:, path:, mime: } or nil on failure
+          def download_message_file(download_code, robot_code, prefer_name: nil)
+            return nil if download_code.to_s.empty? || robot_code.to_s.empty?
+
+            url = fetch_download_url(download_code, robot_code)
+            return nil unless url
+
+            download_to_disk(url, prefer_name: prefer_name)
+          rescue => e
+            Clacky::Logger.warn("[dingtalk] download_message_file failed: #{e.message}")
+            nil
+          end
+
+          private def fetch_download_url(download_code, robot_code)
+            uri  = URI.parse("#{OPENAPI_BASE}/v1.0/robot/messageFiles/download")
+            http = Net::HTTP.new(uri.host, uri.port)
+            http.use_ssl = true
+            req = Net::HTTP::Post.new(uri.path,
+              "Content-Type"                => "application/json",
+              "x-acs-dingtalk-access-token" => access_token)
+            req.body = JSON.generate(downloadCode: download_code, robotCode: robot_code)
+            resp = http.request(req)
+            data = JSON.parse(resp.body) rescue {}
+            unless resp.code.to_i == 200 && data["downloadUrl"]
+              Clacky::Logger.warn("[dingtalk] fetch_download_url rejected (#{resp.code}): #{resp.body}")
+              return nil
+            end
+            data["downloadUrl"]
+          end
+
+          private def download_to_disk(url, prefer_name: nil)
+            uri  = URI.parse(url)
+            http = Net::HTTP.new(uri.host, uri.port)
+            http.use_ssl = uri.scheme == "https"
+            resp = http.get(uri.request_uri)
+            return nil unless resp.code.to_i == 200
+
+            mime = resp["content-type"].to_s
+            # Prefer extension from the original fileName supplied by DingTalk
+            # (e.g. report.pdf, notes.txt). Fall back to MIME mapping, then .bin.
+            ext  = ext_from_name(prefer_name) || guess_ext(mime) || ".bin"
+
+            base     = prefer_name && !prefer_name.to_s.empty? ?
+                         File.basename(prefer_name.to_s, ".*") : "dingtalk"
+            base     = sanitize_basename(base)
+            filename = "#{base}-#{Time.now.strftime('%Y%m%d-%H%M%S')}-#{SecureRandom.hex(3)}#{ext}"
+            saved    = Clacky::Utils::FileProcessor.save(body: resp.body, filename: filename)
+            saved.merge(mime: mime)
+          end
+
+          private def ext_from_name(name)
+            return nil if name.to_s.empty?
+            ext = File.extname(name.to_s).downcase
+            ext.empty? ? nil : ext
+          end
+
+          private def sanitize_basename(name)
+            # Keep ASCII letters/digits/dash/underscore; drop everything else
+            # (CJK, spaces, slashes) so the final filename stays filesystem-safe.
+            cleaned = name.to_s.gsub(/[^A-Za-z0-9_\-]/, "_").gsub(/_+/, "_").gsub(/^_+|_+$/, "")
+            cleaned.empty? ? "dingtalk" : cleaned
+          end
+
+          private def guess_ext(mime)
+            case mime.to_s.split(";").first.to_s.strip.downcase
+            # Images
+            when "image/jpeg", "image/jpg" then ".jpg"
+            when "image/png"               then ".png"
+            when "image/gif"               then ".gif"
+            when "image/webp"              then ".webp"
+            when "image/bmp"               then ".bmp"
+            when "image/svg+xml"           then ".svg"
+            # Documents
+            when "application/pdf"         then ".pdf"
+            when "application/msword"      then ".doc"
+            when "application/vnd.openxmlformats-officedocument.wordprocessingml.document" then ".docx"
+            when "application/vnd.ms-excel" then ".xls"
+            when "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" then ".xlsx"
+            when "application/vnd.ms-powerpoint" then ".ppt"
+            when "application/vnd.openxmlformats-officedocument.presentationml.presentation" then ".pptx"
+            # Archives
+            when "application/zip"         then ".zip"
+            when "application/x-rar-compressed", "application/vnd.rar" then ".rar"
+            when "application/x-7z-compressed" then ".7z"
+            when "application/x-tar"       then ".tar"
+            when "application/gzip"        then ".gz"
+            # Text
+            when "text/plain"              then ".txt"
+            when "text/markdown"           then ".md"
+            when "text/csv"                then ".csv"
+            when "text/html"               then ".html"
+            when "application/json"        then ".json"
+            when "application/xml", "text/xml" then ".xml"
+            when "application/x-yaml", "text/yaml" then ".yml"
+            # Audio / video
+            when "audio/mpeg"              then ".mp3"
+            when "audio/wav", "audio/x-wav" then ".wav"
+            when "audio/aac"               then ".aac"
+            when "audio/ogg"               then ".ogg"
+            when "video/mp4"               then ".mp4"
+            when "video/quicktime"         then ".mov"
+            end
+          end
+
+          # Upload a local file to DingTalk and return its media_id.
+          # Webhook delivery doesn't support image/file attachments — uploaded
+          # mediaId is used by the OAPI sendMessage path below.
+          # @param path [String]
+          # @param kind [Symbol] :image | :file
+          # @return [String, nil] media_id
+          def upload_media(path, kind:)
+            type_str = kind == :image ? "image" : "file"
+            # NB: legacy OAPI /media/upload — the new /v1.0/robot/messageFiles/*
+            # path returns 404, this is the only working endpoint as of 2026-05.
+            token    = oapi_access_token
+            uri      = URI.parse("#{OAPI_BASE}/media/upload?access_token=#{token}&type=#{type_str}")
+            boundary = "----DingTalkBoundary#{rand(1 << 64).to_s(16)}"
+            body     = build_multipart(path, boundary, type_str)
+
+            http = Net::HTTP.new(uri.host, uri.port)
+            http.use_ssl = true
+            req = Net::HTTP::Post.new(uri.request_uri,
+              "Content-Type" => "multipart/form-data; boundary=#{boundary}")
+            req.body = body
+            resp = http.request(req)
+            data = JSON.parse(resp.body) rescue {}
+            unless resp.code.to_i == 200 && data["errcode"].to_i.zero? && data["media_id"]
+              Clacky::Logger.warn("[dingtalk] upload_media rejected (#{resp.code}): #{resp.body}")
+              return nil
+            end
+            # Operational log: confirm upload succeeded and surface the
+            # media_id shape (length + first 4 chars). We keep this at info
+            # level because outbound failures correlate strongly with
+            # media_id format drift (e.g. DingTalk silently changing the
+            # `@` prefix policy). Avoid logging the full body to keep the
+            # token / id from leaking into shared log channels.
+            mid = data["media_id"].to_s
+            Clacky::Logger.info("[dingtalk] upload_media ok type=#{type_str} media_id_len=#{mid.length} media_id_prefix=#{mid[0, 4].inspect}")
+            mid
+          rescue => e
+            Clacky::Logger.warn("[dingtalk] upload_media failed: #{e.message}")
+            nil
+          end
+
+          # Send a media message via OAPI (not webhook).
+          # DM    → /v1.0/robot/oToMessages/batchSend (needs userIds)
+          # Group → /v1.0/robot/groupMessages/send   (needs openConversationId)
+          # @param conv_type [String] "1"=DM, "2"=group
+          # @param kind [Symbol] :image | :file
+          def send_media(robot_code:, conv_type:, conv_id:, user_id:, media_id:, kind:, file_name: nil)
+            msg_key, msg_param = build_media_message(media_id, kind, file_name)
+
+            if conv_type == "2"
+              path = "/v1.0/robot/groupMessages/send"
+              body = {
+                msgKey:             msg_key,
+                msgParam:           JSON.generate(msg_param),
+                openConversationId: conv_id,
+                robotCode:          robot_code
+              }
+            else
+              path = "/v1.0/robot/oToMessages/batchSend"
+              body = {
+                msgKey:    msg_key,
+                msgParam:  JSON.generate(msg_param),
+                userIds:   [user_id],
+                robotCode: robot_code
+              }
+            end
+
+            uri  = URI.parse("#{OPENAPI_BASE}#{path}")
+            http = Net::HTTP.new(uri.host, uri.port)
+            http.use_ssl = true
+            req = Net::HTTP::Post.new(uri.request_uri,
+              "Content-Type"                => "application/json",
+              "x-acs-dingtalk-access-token" => access_token)
+            req.body = JSON.generate(body)
+            resp = http.request(req)
+            data = JSON.parse(resp.body) rescue {}
+            if resp.code.to_i != 200
+              Clacky::Logger.warn("[dingtalk] send_media rejected (#{resp.code}): #{resp.body}")
+              return { ok: false, error: data["message"] || resp.body }
+            end
+            # Operational log: success path. We log msgKey (image vs file)
+            # so the operator can correlate "sampleImageMsg" with image
+            # delivery and "sampleFile" with file delivery without parsing
+            # the full request body.
+            Clacky::Logger.info("[dingtalk] send_media ok kind=#{kind} msgKey=#{msg_key}")
+            { ok: true, data: data }
+          rescue => e
+            Clacky::Logger.warn("[dingtalk] send_media failed: #{e.message}")
+            { ok: false, error: e.message }
+          end
+
+          private def build_media_message(media_id, kind, file_name)
+            # Images: `sampleImageMsg` with the OAPI-uploaded mediaId (type=image)
+            # renders an inline original-resolution image in the chat. The doc
+            # field is named `photoURL`, but DingTalk explicitly documents that
+            # photoURL accepts either a public URL OR a mediaId — and the
+            # mediaId form is what we use (the only way to send local files
+            # without standing up a public file server).
+            #
+            # NOTE — implementation pitfalls hard-won (2026-05-19):
+            #   1. Pass the raw mediaId returned by /media/upload AS-IS.
+            #      Despite the sampleLink doc example showing `picUrl: "@lADO..."`
+            #      with an `@` prefix, sampleImageMsg.photoURL must NOT be
+            #      prefixed — the upload response already includes whatever
+            #      shape DingTalk wants. Adding `@` produces "原图加载失败".
+            #   2. msgKey is `sampleImageMsg`, NOT `msgtype: "image"`.
+            #      `msgtype:image` belongs to the corpconversation/asyncsend_v2
+            #      work-notification protocol and does NOT work on the group
+            #      robot endpoint we use here.
+            #   3. msgParam must be a JSON-stringified object (handled by the
+            #      caller), not a nested hash.
+            return ["sampleImageMsg", { photoURL: media_id }] if kind == :image
+
+            # Generic files: sampleFile. fileType must be one of
+            # SUPPORTED_FILE_EXTS (see top of file for why we keep the
+            # empirically-verified 9-entry list rather than the 6-entry
+            # doc list). Upstream `Adapter#send_file` already screens out
+            # unsupported extensions before we reach here, so we just pass
+            # `ext` through.
+            ext = File.extname(file_name.to_s).delete(".")
+            ["sampleFile", { mediaId: media_id, fileName: file_name.to_s, fileType: ext }]
+          end
+
+          private def build_multipart(path, boundary, type_str)
+            filename = File.basename(path)
+            mime     = mime_for(filename)
+            content  = File.binread(path)
+
+            # All parts must be ASCII-8BIT before joining; mixing UTF-8 (e.g. a
+            # filename with CJK chars) with binary file content raises
+            # "incompatible character encodings: UTF-8 and BINARY".
+            parts = []
+            parts << "--#{boundary}\r\n".b
+            parts << "Content-Disposition: form-data; name=\"type\"\r\n\r\n#{type_str}\r\n".b
+            parts << "--#{boundary}\r\n".b
+            parts << "Content-Disposition: form-data; name=\"media\"; filename=\"#{filename}\"\r\n".b
+            parts << "Content-Type: #{mime}\r\n\r\n".b
+            parts << content.b
+            parts << "\r\n--#{boundary}--\r\n".b
+            parts.join
+          end
+
+          private def mime_for(filename)
+            case File.extname(filename).downcase
+            when ".jpg", ".jpeg" then "image/jpeg"
+            when ".png"          then "image/png"
+            when ".gif"          then "image/gif"
+            when ".webp"         then "image/webp"
+            when ".txt", ".log"  then "text/plain"
+            when ".md"           then "text/markdown"
+            when ".pdf"          then "application/pdf"
+            when ".json"         then "application/json"
+            when ".csv"          then "text/csv"
+            when ".zip"          then "application/zip"
+            else                       "application/octet-stream"
+            end
+          end
         end
       end
     end

data/lib/clacky/server/http_server.rb

@@ -407,7 +407,7 @@ module Clacky
         when ["GET",    "/api/channels"]          then api_list_channels(res)
         when ["POST",   "/api/tool/browser"]      then api_tool_browser(req, res)
         when ["POST",   "/api/upload"]            then api_upload_file(req, res)
-        when ["POST",   "/api/open-file"]         then api_open_file(req, res)
+        when ["POST",   "/api/file-action"]       then api_file_action(req, res)
         when ["GET",    "/api/local-image"]       then api_serve_local_image(req, res)
         when ["GET",    "/api/version"]           then api_get_version(res)
         when ["POST",   "/api/version/upgrade"]   then api_upgrade_version(req, res)
@@ -448,6 +448,9 @@ module Clacky
           elsif method == "PATCH" && path.match?(%r{^/api/sessions/[^/]+/model$})
             session_id = path.sub("/api/sessions/", "").sub("/model", "")
             api_switch_session_model(session_id, req, res)
+          elsif method == "PATCH" && path.match?(%r{^/api/sessions/[^/]+/reasoning_effort$})
+            session_id = path.sub("/api/sessions/", "").sub("/reasoning_effort", "")
+            api_switch_session_reasoning_effort(session_id, req, res)
           elsif method == "POST" && path.match?(%r{^/api/sessions/[^/]+/benchmark$})
             session_id = path.sub("/api/sessions/", "").sub("/benchmark", "")
             api_benchmark_session_models(session_id, req, res)
@@ -752,6 +755,9 @@ module Clacky
             else
               Clacky::Logger.debug("[Brand] async distribution refresh skipped/failed — #{result[:message]}")
             end
+            # Free-mode skill sync: branded + unactivated installs need their
+            # creator's free skills auto-installed for the "no serial number" UX.
+            brand.sync_free_skills_async!
           rescue StandardError => e
             Clacky::Logger.warn("[Brand] async distribution refresh raised: #{e.class}: #{e.message}")
           ensure
@@ -797,12 +803,30 @@ module Clacky
             refresh_pending = true
           end
 
+          # Free-mode counts: synchronous fetch is acceptable here because
+          # this endpoint is polled lazily and the platform call is cached
+          # via http keep-alive. On error we just return zero counts and the
+          # banner falls back to the legacy "not activated" message.
+          free_count  = 0
+          paid_count  = 0
+          begin
+            result = brand.fetch_free_skills!
+            if result[:success]
+              free_count = result[:skills].size
+              paid_count = result[:paid_skills_count].to_i
+            end
+          rescue StandardError
+            # Network errors are non-fatal here.
+          end
+
           json_response(res, 200, {
             branded:                       true,
             needs_activation:              true,
             product_name:                  brand.product_name,
             test_mode:                     @brand_test,
-            distribution_refresh_pending:  refresh_pending
+            distribution_refresh_pending:  refresh_pending,
+            free_skills_count:             free_count,
+            paid_skills_count:             paid_count
           })
           return
         end
@@ -918,7 +942,30 @@ module Clacky
         brand = Clacky::BrandConfig.load
 
         unless brand.activated?
-          json_response(res, 403, { ok: false, error: "License not activated" })
+          # Free-mode: branded but no license. Return the unencrypted skills
+          # available to anonymous installs so the Brand Skills tab is not
+          # empty and the user can install/use them without a serial number.
+          # Each skill is tagged is_free=true so the UI can show a "Free" badge.
+          result = brand.fetch_free_skills!
+
+          if result[:success]
+            free_skills = result[:skills].map { |s| s.merge("is_free" => true) }
+            json_response(res, 200, {
+              ok:                true,
+              skills:            free_skills,
+              free_mode:         true,
+              paid_skills_count: result[:paid_skills_count].to_i
+            })
+          else
+            json_response(res, 200, {
+              ok:                true,
+              skills:            [],
+              free_mode:         true,
+              paid_skills_count: 0,
+              warning_code:      "remote_unavailable",
+              warning:           result[:error] || "Could not reach the license server."
+            })
+          end
           return
         end
 
@@ -963,8 +1010,29 @@ module Clacky
       def api_brand_skill_install(slug, req, res)
         brand = Clacky::BrandConfig.load
 
+        # Free-mode: branded but not activated. Fall back to the public free
+        # skills endpoint and install with encrypted: false. Paid (encrypted)
+        # skills still require activation and will return 404 here.
         unless brand.activated?
-          json_response(res, 403, { ok: false, error: "License not activated" })
+          fetch_result = brand.fetch_free_skills!
+          unless fetch_result[:success]
+            json_response(res, 422, { ok: false, error: fetch_result[:error] })
+            return
+          end
+
+          skill_info = fetch_result[:skills].find { |s| s["name"] == slug }
+          unless skill_info
+            json_response(res, 404, { ok: false, error: "Skill '#{slug}' is not a free skill — activate your license to access it." })
+            return
+          end
+
+          result = brand.install_free_skill!(skill_info)
+          if result[:success]
+            @skill_loader = Clacky::SkillLoader.new(working_dir: nil, brand_config: brand)
+            json_response(res, 200, { ok: true, name: result[:name], version: result[:version] })
+          else
+            json_response(res, 422, { ok: false, error: result[:error] })
+          end
           return
         end
 
@@ -1304,7 +1372,11 @@ module Clacky
           sleep 0.5  # Let WEBrick flush the HTTP response
 
           if @master_pid
-            # Worker mode: tell master to hot-restart, then exit cleanly.
+            # Worker mode: tell master to hot-restart. Master will TERM us after the
+            # new worker boots; our trap("TERM") then runs shutdown_proc, which detaches
+            # the inherited listen socket before WEBrick shutdown. Do NOT exit(0) here —
+            # that bypasses trap handlers and lets the OS close(fd) on a socket shared
+            # with master+new worker, corrupting the listener on Linux/WSL.
             Clacky::Logger.info("[Restart] Sending USR1 to master (PID=#{@master_pid})")
             begin
               Process.kill("USR1", @master_pid)
@@ -1312,7 +1384,6 @@ module Clacky
               Clacky::Logger.warn("[Restart] Master PID=#{@master_pid} not found, falling back to exec.")
               standalone_exec_restart
             end
-            exit(0)
           else
             # Standalone mode (no master): fall back to the original exec approach.
             standalone_exec_restart
@@ -1549,12 +1620,16 @@ module Clacky
         json_response(res, 500, { ok: false, error: e.message })
       end
 
-      # POST /api/open-file
-      # Opens a local file or directory using the OS default handler.
-      # Used by the Web UI to handle file:// links — browsers block direct
-      # file:// navigation from http:// pages for security reasons.
-      def api_open_file(req, res)
-        path = parse_json_body(req)["path"]
+      # POST /api/file-action
+      # Unified file action endpoint — open locally or download.
+      # Body: { path: String, action: "open" | "download" }
+      #   open:     opens the file with the OS default handler (local deployments).
+      #   download: returns the file as a download (remote deployments).
+      def api_file_action(req, res)
+        body = parse_json_body(req)
+        path = body["path"]
+        action = body["action"] || "open"
+
         return json_response(res, 400, { error: "path is required" }) unless path && !path.empty?
 
         # Expand ~ to the user's home directory (e.g. "~/Desktop/file.pdf").
@@ -1567,13 +1642,33 @@ module Clacky
 
         return json_response(res, 404, { error: "file not found" }) unless File.exist?(linux_path)
 
-        result = Utils::EnvironmentDetector.open_file(linux_path)
-        return json_response(res, 501, { error: "unsupported OS" }) if result.nil?
-        json_response(res, 200, { ok: true })
+        case action
+        when "open"
+          result = Utils::EnvironmentDetector.open_file(linux_path)
+          return json_response(res, 501, { error: "unsupported OS" }) if result.nil?
+          json_response(res, 200, { ok: true })
+        when "download"
+          serve_file_download(res, linux_path)
+        else
+          json_response(res, 400, { error: "invalid action. Must be 'open' or 'download'" })
+        end
       rescue => e
         json_response(res, 500, { ok: false, error: e.message })
       end
 
+      # Stream a file to the client as a download.
+      # Content-Type is always application/octet-stream — the browser determines
+      # file type and handling from the filename extension in Content-Disposition.
+      def serve_file_download(res, path)
+        filename = File.basename(path)
+
+        res.status                  = 200
+        res["Content-Type"]         = "application/octet-stream"
+        res["Content-Disposition"]  = "attachment; filename=\"#{filename}\""
+        res["Content-Length"]       = File.size(path).to_s
+        res.body = File.binread(path)
+      end
+
       # GET /api/local-image?path=file:///path/to/image.png
       # GET /api/local-image?path=/path/to/image.png
       #
@@ -2999,6 +3094,26 @@ module Clacky
         json_response(res, 500, { error: e.message })
       end
 
+      # PATCH /api/sessions/:id/reasoning_effort
+      # Body: { "reasoning_effort": "off" | "low" | "medium" | "high" }
+      def api_switch_session_reasoning_effort(session_id, req, res)
+        body = parse_json_body(req)
+        raw = body["reasoning_effort"]
+        return json_response(res, 404, { error: "Session not found" }) unless @registry.ensure(session_id)
+
+        agent = nil
+        @registry.with_session(session_id) { |s| agent = s[:agent] }
+        return json_response(res, 404, { error: "Session not found" }) unless agent
+
+        agent.reasoning_effort = raw
+        @session_manager.save(agent.to_session_data)
+        broadcast_session_update(session_id)
+
+        json_response(res, 200, { ok: true, reasoning_effort: agent.reasoning_effort })
+      rescue => e
+        json_response(res, 500, { error: e.message })
+      end
+
       # POST /api/sessions/:id/benchmark
       #
       # Speed-test every configured model in one shot so the user can pick the

data/lib/clacky/server/session_registry.rb

@@ -165,11 +165,12 @@ module Clacky
             model_info = s[:agent]&.current_model_info
             live_name  = s[:agent]&.name
             live_name  = nil if live_name&.empty?
-            live_cost_source = s[:agent]&.cost_source
-            { status: s[:status], error: s[:error], model: model_info&.dig(:model), name: live_name,
-              total_tasks: s[:agent]&.total_tasks, total_cost: s[:agent]&.total_cost,
-              cost_source: live_cost_source,
-              latest_latency: s[:agent]&.latest_latency }
+          live_cost_source = s[:agent]&.cost_source
+          { status: s[:status], error: s[:error], model: model_info&.dig(:model), name: live_name,
+            total_tasks: s[:agent]&.total_tasks, total_cost: s[:agent]&.total_cost,
+            cost_source: live_cost_source,
+            reasoning_effort: s[:agent]&.reasoning_effort,
+            latest_latency: s[:agent]&.latest_latency }
           end
         end
 
@@ -241,6 +242,7 @@ module Clacky
           { status: s[:status], error: s[:error], model: model_info&.dig(:model),
             name: live_name, total_tasks: s[:agent]&.total_tasks,
             total_cost: s[:agent]&.total_cost, cost_source: s[:agent]&.cost_source,
+            reasoning_effort: s[:agent]&.reasoning_effort,
             latest_latency: s[:agent]&.latest_latency }
         end
 
@@ -271,6 +273,7 @@ module Clacky
           # per-assistant-message `latency` fields in messages[]. Reloaded
           # sessions start with nil and get populated on the next LLM call.
           latest_latency: ls&.dig(:latest_latency),
+          reasoning_effort: ls&.dig(:reasoning_effort) || s.dig(:config, :reasoning_effort),
           pinned:        s[:pinned] || false,
         }
       end
@@ -382,7 +385,7 @@ module Clacky
         return nil unless agent
 
         model_info = agent.current_model_info
-        
+
         {
           id:              session[:id],
           name:            agent.name,

data/lib/clacky/ui2/ui_controller.rb

@@ -795,6 +795,20 @@ module Clacky
         @legacy_progress_handles[type] = start_progress(message: display, style: style)
       end
 
+      # Stream-only update for the live thinking progress. Unlike
+      # +show_progress(progress_type: "thinking", phase: "active")+, this
+      # NEVER creates a new handle — if no thinking handle is currently
+      # alive (e.g. we're inside an idle-compression call_llm where only
+      # the quiet "Compressing..." handle is on the stack), the streamed
+      # token counts are silently dropped instead of spawning a primary
+      # spinner that would push the compression progress off-screen.
+      def stream_thinking_progress(input_tokens:, output_tokens:)
+        @legacy_progress_handles ||= {}
+        existing = @legacy_progress_handles["thinking"]
+        return unless existing&.running?
+        existing.update(metadata: { input_tokens: input_tokens, output_tokens: output_tokens })
+      end
+
       # ---------------------------------------------------------------------
       # (Legacy dead-code removed: the old imperative show_progress body
       # used to live here and is now superseded by the shim + owner

data/lib/clacky/ui_interface.rb

@@ -36,6 +36,20 @@ module Clacky
     # metadata: extensible hash (e.g., {attempt: 3, total: 10} for retries)
     def show_progress(message = nil, prefix_newline: true, progress_type: "thinking", phase: "active", metadata: {}); end
 
+    # Update the live "thinking" progress with streamed token counts.
+    # This is *purely decorative*: it must NEVER start a new progress
+    # indicator. If no thinking progress is currently active (e.g. during
+    # idle compression, where only a quiet "Compressing..." progress is
+    # live), the call is a no-op. UI2 overrides this; other UIs delegate
+    # to show_progress.
+    def stream_thinking_progress(input_tokens:, output_tokens:)
+      show_progress(
+        progress_type: "thinking",
+        phase: "active",
+        metadata: { input_tokens: input_tokens, output_tokens: output_tokens }
+      )
+    end
+
     # === Progress (v2: owned handles) ===
     #
     # Start a new progress indicator and return an owned handle. The caller