@1presence/bridge 0.1.18 → 0.2.0

package/README.md

@@ -25,6 +25,12 @@ Conversations are stateful — the bridge maps each 1Presence conversation to a
 
 Your OAuth tokens and vault data stay server-side — nothing sensitive is stored locally beyond the auth token.
 
+## Model
+
+On first run the bridge asks which Claude model you want it to use. Leave the prompt blank to defer to your local Claude Code default (recommended — typically Sonnet on a Pro subscription), or type a specific model id to pin it (e.g. `claude-opus-4-7`, `claude-sonnet-4-5`, `claude-haiku-4-5`). The choice is saved to `~/.1presence/config.json` and reused on every subsequent run.
+
+The first reply each session prints the model and credential source so you can confirm what's running. To change your pick later, edit or delete `~/.1presence/config.json` — the bridge will prompt again on the next start.
+
 ## Signing out
 
 To sign out and reset the cached credentials:

package/dist/auth.js

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.isTokenValid = isTokenValid;
 exports.ensureFreshToken = ensureFreshToken;
 exports.getValidAuth = getValidAuth;
 exports.refreshAuth = refreshAuth;

package/dist/claude.js

@@ -3,27 +3,151 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.spawnClaude = spawnClaude;
 exports.killAll = killAll;
 const child_process_1 = require("child_process");
+const fs_1 = require("fs");
 const os_1 = require("os");
 const path_1 = require("path");
 const sessions_1 = require("./sessions");
+// ─── Bridge working directory ─────────────────────────────────────────────────
+//
+// Claude Code always loads CLAUDE.md files from cwd upward plus the global
+// ~/.claude/CLAUDE.md. If the bridge is launched from within a development
+// repo (e.g. PresenceAI), it would pick up project CLAUDE.md instructions that
+// direct it to write to local vault paths and call MemPalace — both wrong in
+// bridge/Local Mode. We run Claude in a dedicated temp dir with a LOCAL MODE
+// CLAUDE.md that explicitly overrides those behaviors.
+const BRIDGE_CWD = (0, path_1.join)((0, os_1.tmpdir)(), '1presence-bridge');
+const BRIDGE_CLAUDE_MD = `# Bridge / Local Mode — Overrides
+
+You are running as a **1Presence bridge agent** on the user's local machine.
+The rules below **override all other CLAUDE.md instructions**, including the global one.
+
+## Filesystem — DO NOT WRITE LOCALLY
+
+You have NO permission to write files to this machine.
+- Do NOT write chat history, vault notes, or memory files to the local filesystem.
+- Do NOT write to any path under /Users/, ~/Library/, ~/.obsidian/, or similar.
+- Attempting to use Write/Edit tools on local paths is forbidden in this mode.
+
+## Vault operations
+
+All vault reads and writes go through the \`mcp__1presence__*\` MCP tools.
+Use those tools instead of any local file paths.
+
+## MemPalace / memory
+
+MemPalace is hosted in the cloud, not locally. If mempalace tools are available
+via MCP, use them. If a mempalace call fails with "not initialised", skip it
+silently — do NOT attempt to write memory files locally as a fallback.
+
+## Session notes / chat history
+
+Do NOT write session notes or chat history to the local filesystem.
+If vault MCP tools are available, update vault files through those.
+Otherwise, skip the write and continue — do not error or warn the user.
+
+## UI tools — call these so the chat UI matches the hosted assistant
+
+These tools are wired through MCP and produce dedicated UI events in the user's
+chat interface. Call them by their MCP-prefixed names (\`mcp__1presence__<name>\`).
+
+- **set_conversation_title** — Call ONCE on your first reply in a new
+  conversation with a 2–4 word topic title (sentence case, no verbs). Call
+  again later only if the topic clearly shifts. Without this, the user's
+  conversation list shows untitled threads.
+
+- **ui_payload** — Emit at most ONE per turn, AFTER your reply text ends.
+  Pass \`hints: []\` most turns (aim ~1 hint per 3 early turns, less later)
+  and \`suggestions\`: 2–4 follow-on prompts the user can tap. Hints are
+  end-user product coaching only — never mention models, AI vendors,
+  engineering, or roadmap. Skip entirely on pure tool-ingestion turns.
+
+- **plan** — Show a checklist when a task has ≥3 distinct, user-visible
+  steps with side effects. Call once at the start with all steps; update
+  the FULL list each time a step finishes. Never use for single-tool
+  answers, lookups, or conversational replies.
+
+- **copy_to_clipboard** — Use whenever the user asks you to copy something,
+  or when you produce content (code, a draft, a URL, a list) they will
+  clearly want to paste elsewhere. Call once per piece of content; the
+  text also streams into the chat.
+
+- **request_feature** — Log a feature request when declining a user ask
+  because the capability doesn't exist. Not for transient errors. After
+  calling, tell the user their request was noted.
+
+## Sending email — ALWAYS use gmail_draft
+
+To send email on the user's behalf, ALWAYS call \`gmail_draft\`. This opens
+an inline review panel in the chat UI with Send and Cancel buttons; the
+email is NOT delivered until the user clicks Send themselves.
+
+You DO NOT have direct send capability in this mode — \`gmail_send\` is not
+exposed and the user's explicit confirmation in the review panel is the only
+way mail leaves their account. After calling gmail_draft, tell the user the
+draft is ready to review and wait for them to confirm. Never claim the
+email was sent until the user tells you they clicked Send.
+
+Use the bare tool name (the part after \`mcp__1presence__\`) when reasoning
+about WHEN to call them — the prefix is just the MCP namespace.
+`;
+// Write the override CLAUDE.md once on module load
+(0, fs_1.mkdirSync)(BRIDGE_CWD, { recursive: true });
+(0, fs_1.writeFileSync)((0, path_1.join)(BRIDGE_CWD, 'CLAUDE.md'), BRIDGE_CLAUDE_MD, 'utf-8');
+const config_1 = require("./config");
+// Track whether we've already announced the model this process — printing it
+// per-spawn is noisy; once on startup is what the user actually wants to see.
+let modelAnnounced = false;
 // ─── Active processes ─────────────────────────────────────────────────────────
 const active = new Map();
 // ─── Spawn ────────────────────────────────────────────────────────────────────
 function spawnClaude(params) {
-    const { conversationId, presenceSessionId, text, uid, vaultFileOpen, onEvent, onDone, onError } = params;
+    const { conversationId, presenceSessionId, text, uid, vaultFileOpen, clientCapabilities, syncedFolders, onEvent, onDone, onError } = params;
     const systemPromptPath = (0, path_1.join)((0, os_1.tmpdir)(), `agent-${uid}.md`);
     const mcpConfigPath = (0, path_1.join)((0, os_1.tmpdir)(), `mcp-${uid}.json`);
+    // If a prior process is still running for this conversation (user sent a
+    // follow-up before the previous turn finished), supersede it. The latest
+    // user intent wins; the orphan would otherwise keep streaming events.
+    const existing = active.get(conversationId);
+    if (existing) {
+        process.stderr.write(`[bridge] superseding active conversation ${conversationId}\n`);
+        existing.kill('SIGTERM');
+        active.delete(conversationId);
+    }
     const claudeSessionId = presenceSessionId ? (0, sessions_1.getClaudeSession)(presenceSessionId) : undefined;
-    const promptText = vaultFileOpen ? `[vault_file_open: ${vaultFileOpen}]\n\n${text}` : text;
+    const ctxParts = [];
+    if (vaultFileOpen)
+        ctxParts.push(`vault_file_open: ${vaultFileOpen}`);
+    if (clientCapabilities?.length)
+        ctxParts.push(`client_capabilities: ${clientCapabilities.join(', ')}`);
+    if (syncedFolders?.length)
+        ctxParts.push(`synced_folders: ${syncedFolders.join(', ')}`);
+    const promptText = ctxParts.length > 0 ? `[${ctxParts.join(' | ')}]\n\n${text}` : text;
+    // Lockdown rationale:
+    // - `--tools ""` disables ALL built-in tools (Bash/Read/Write/Edit/Glob/Grep/
+    //   WebFetch/etc.). MCP tools are not "built-in" so the 1Presence MCP surface
+    //   remains available.
+    // - `--setting-sources ""` prevents claude CLI from loading the user's
+    //   ~/.claude/settings.json (and project/.local equivalents). Without this,
+    //   permissive `permissions.allow` rules in the user's personal Claude Code
+    //   config would silently re-enable Bash/Edit/Write etc. inside the bridge.
+    // - `--strict-mcp-config` keeps the MCP surface to exactly what we wire in
+    //   via --mcp-config. Together these guarantee the bridge can only call
+    //   `mcp__1presence__*` — no filesystem, no shell, no arbitrary network.
     const args = [
         '-p', promptText,
         '--output-format', 'stream-json',
         '--verbose',
+        '--tools', '',
+        '--setting-sources', '',
         '--allowedTools', 'mcp__1presence__*',
         '--system-prompt', systemPromptPath,
         '--mcp-config', mcpConfigPath,
         '--strict-mcp-config',
     ];
+    const pinnedModel = (0, config_1.getBridgeModel)();
+    if (pinnedModel) {
+        args.push('--model', pinnedModel);
+    }
     if (claudeSessionId) {
         args.push('--resume', claudeSessionId);
     }
@@ -31,6 +155,7 @@ function spawnClaude(params) {
     // (OAuth credentials), not an API key that would bill to a separate account.
     const { ANTHROPIC_API_KEY: _stripped, ...safeEnv } = process.env;
     const proc = (0, child_process_1.spawn)('claude', args, {
+        cwd: BRIDGE_CWD,
         env: safeEnv,
         stdio: ['ignore', 'pipe', 'pipe'],
     });
@@ -39,6 +164,7 @@ function spawnClaude(params) {
     let messageCount = 0;
     let costUsd = 0;
     let usage = null;
+    let extractedModel = null;
     let buffer = '';
     proc.stdout.on('data', (chunk) => {
         buffer += chunk.toString('utf-8');
@@ -64,7 +190,20 @@ function spawnClaude(params) {
                 }
                 const keySource = event['apiKeySource'];
                 const model = event['model'];
-                process.stderr.write(`[bridge] model: ${model ?? 'unknown'}  apiKeySource: ${keySource ?? 'none'}\n`);
+                if (model)
+                    extractedModel = model;
+                if (!modelAnnounced) {
+                    // First conversation since bridge started — announce prominently
+                    // so the user can confirm which model and credential is in use.
+                    const source = keySource === 'none' || !keySource ? 'claude.ai subscription' : keySource;
+                    const pin = (0, config_1.getBridgeModel)() ? '  (pinned via 1presence config)' : '';
+                    process.stdout.write(`\n  model: ${model ?? 'unknown'}${pin}\n  auth:  ${source}\n\n`);
+                    modelAnnounced = true;
+                }
+                else {
+                    // Subsequent conversations — quiet line for power users.
+                    process.stderr.write(`[bridge] model: ${model ?? 'unknown'}  apiKeySource: ${keySource ?? 'none'}\n`);
+                }
                 sessionIdExtracted = true;
             }
             // Count complete assistant turns + accumulate token usage + log tool calls
@@ -76,6 +215,8 @@ function spawnClaude(params) {
                     usage = {
                         input_tokens: (usage?.input_tokens ?? 0) + (u['input_tokens'] ?? 0),
                         output_tokens: (usage?.output_tokens ?? 0) + (u['output_tokens'] ?? 0),
+                        cache_read_input_tokens: (usage?.cache_read_input_tokens ?? 0) + (u['cache_read_input_tokens'] ?? 0),
+                        cache_creation_input_tokens: (usage?.cache_creation_input_tokens ?? 0) + (u['cache_creation_input_tokens'] ?? 0),
                     };
                 }
                 const content = msg?.['content'];
@@ -128,19 +269,21 @@ function spawnClaude(params) {
             catch { /* ignore */ }
         }
         if (code !== 0 && code !== null) {
-            onError(`claude exited with code ${code}`);
+            // Pass any partial token usage we observed before the failure so the
+            // PWA and the gateway's bridge usage store can still record it.
+            onError(`claude exited with code ${code}`, usage, extractedModel);
         }
         else {
-            onDone(messageCount, costUsd, usage);
+            onDone(messageCount, costUsd, usage, extractedModel);
         }
     });
     proc.on('error', (err) => {
         active.delete(conversationId);
         if (err.code === 'ENOENT') {
-            onError('claude CLI not found. Please install Claude Code: https://claude.ai/code');
+            onError('claude CLI not found. Please install Claude Code: https://claude.ai/code', usage, extractedModel);
         }
         else {
-            onError(err.message);
+            onError(err.message, usage, extractedModel);
         }
     });
 }

package/dist/config.js

@@ -0,0 +1,74 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureModelChoice = ensureModelChoice;
+exports.getBridgeModel = getBridgeModel;
+const fs_1 = require("fs");
+const os_1 = require("os");
+const path_1 = require("path");
+const readline_1 = require("readline");
+// ─── Storage ──────────────────────────────────────────────────────────────────
+//
+// `~/.1presence/config.json` holds bridge-wide preferences that should persist
+// across runs but aren't sensitive (unlike auth.json). Today: model choice.
+const CONFIG_DIR = (0, path_1.join)((0, os_1.homedir)(), '.1presence');
+const CONFIG_FILE = (0, path_1.join)(CONFIG_DIR, 'config.json');
+let cached = null;
+function load() {
+    if (cached)
+        return cached;
+    try {
+        cached = JSON.parse((0, fs_1.readFileSync)(CONFIG_FILE, 'utf-8'));
+    }
+    catch {
+        cached = {};
+    }
+    return cached;
+}
+function persist(c) {
+    (0, fs_1.mkdirSync)(CONFIG_DIR, { recursive: true });
+    (0, fs_1.writeFileSync)(CONFIG_FILE, JSON.stringify(c, null, 2), 'utf-8');
+    cached = c;
+}
+// ─── Model choice ─────────────────────────────────────────────────────────────
+function promptForModel() {
+    return new Promise((resolve) => {
+        const rl = (0, readline_1.createInterface)({ input: process.stdin, output: process.stdout });
+        process.stdout.write('\nWhich Claude model should the bridge use?\n');
+        process.stdout.write('  Leave blank to use your local Claude Code default (recommended).\n');
+        process.stdout.write('  Or enter a model id (e.g. claude-sonnet-4-5, claude-opus-4-7, claude-haiku-4-5).\n');
+        rl.question('  model: ', (answer) => {
+            rl.close();
+            const trimmed = answer.trim();
+            resolve(trimmed || null);
+        });
+    });
+}
+/**
+ * Ensures the user has picked a model preference. On first interactive run,
+ * prompts and persists. Subsequent runs return the saved value without asking.
+ * In a non-TTY environment (background process, CI) the prompt is skipped and
+ * we record an explicit "no override" so we don't keep trying.
+ */
+async function ensureModelChoice() {
+    const c = load();
+    if ('model' in c)
+        return; // already configured (string or explicit null)
+    if (!process.stdin.isTTY) {
+        persist({ ...c, model: null });
+        return;
+    }
+    const chosen = await promptForModel();
+    persist({ ...c, model: chosen });
+    if (chosen) {
+        console.log(`\nPinned model: ${chosen}`);
+        console.log(`(Edit or delete ~/.1presence/config.json to change.)\n`);
+    }
+    else {
+        console.log(`\nUsing your Claude Code default.`);
+        console.log(`(Edit ~/.1presence/config.json to pin a model later.)\n`);
+    }
+}
+/** Returns the pinned model id, or null to defer to Claude Code's own default. */
+function getBridgeModel() {
+    return load().model ?? null;
+}

package/dist/index.js

@@ -10,6 +10,7 @@ const os_1 = require("os");
 const path_1 = require("path");
 const auth_1 = require("./auth");
 const claude_1 = require("./claude");
+const config_1 = require("./config");
 const update_1 = require("./update");
 const package_json_1 = require("../package.json");
 // ─── Config ───────────────────────────────────────────────────────────────────
@@ -35,17 +36,41 @@ async function fetchVaultFile(path, token) {
         return null;
     }
 }
+// Pulls the fully-built system prompt from agent-api (via gateway proxy).
+// This matches the hosted runtime exactly: STATIC_SYSTEM_PROMPT + dynamic
+// context (timezone, connector scopes, vault state, personal AGENT.md, etc.).
+// Falls back to null on failure — caller decides whether to use AGENT.md only.
+async function fetchSystemPrompt(token) {
+    try {
+        const tz = Intl.DateTimeFormat().resolvedOptions().timeZone;
+        const res = await fetch(`${GATEWAY_HTTP}/system-prompt?timezone=${encodeURIComponent(tz)}`, {
+            headers: { Authorization: `Bearer ${token}` },
+        });
+        if (!res.ok)
+            return null;
+        const data = await res.json();
+        return data.text ?? null;
+    }
+    catch {
+        return null;
+    }
+}
 // ─── Setup files ──────────────────────────────────────────────────────────────
 function tmpFile(name) {
     return (0, path_1.join)((0, os_1.tmpdir)(), name);
 }
 async function writeSetupFiles(auth) {
     const { uid, token } = auth;
-    // Fetch user's AGENT.md (fall back to empty if missing — claude will still run)
-    const agentMd = await fetchVaultFile('AGENT.md', token)
-        ?? await fetchVaultFile('CLAUDE.md', token)
+    // Prefer the fully-built hosted system prompt so the bridge runtime behaves
+    // identically to the cloud agent (tool-use policy, ui_payload sparsity,
+    // plan thresholds, Gmail safety, connector pivots, personal AGENT.md, etc.).
+    // If the pod isn't reachable yet, fall back to the user's AGENT.md alone —
+    // Claude will still run, just without the platform policy layer.
+    const systemPrompt = (await fetchSystemPrompt(token))
+        ?? (await fetchVaultFile('AGENT.md', token))
+        ?? (await fetchVaultFile('CLAUDE.md', token))
         ?? '';
-    (0, fs_1.writeFileSync)(tmpFile(`agent-${uid}.md`), agentMd, 'utf-8');
+    (0, fs_1.writeFileSync)(tmpFile(`agent-${uid}.md`), systemPrompt, 'utf-8');
     // MCP config pointing at gateway's /mcp endpoint (proxied to agent-api)
     const mcpConfig = {
         mcpServers: {
@@ -59,7 +84,7 @@ async function writeSetupFiles(auth) {
     (0, fs_1.writeFileSync)(tmpFile(`mcp-${uid}.json`), JSON.stringify(mcpConfig, null, 2), 'utf-8');
 }
 // ─── Handle a single incoming message (token refresh + spawn) ─────────────────
-async function handleMessage(conversationId, text, sessionId, auth, vaultFileOpen) {
+async function handleMessage(conversationId, text, sessionId, auth, vaultFileOpen, clientCapabilities, syncedFolders) {
     // Refresh JWT if <10 min remaining before spawning Claude
     let activeAuth = auth;
     try {
@@ -71,7 +96,17 @@ async function handleMessage(conversationId, text, sessionId, auth, vaultFileOpe
         }
     }
     catch (err) {
-        console.warn(`[bridge] token refresh failed: ${err.message}`);
+        // If the cached token still has time, proceed — refresh was preemptive.
+        // If it's already invalid, MCP calls will 401 mid-turn — fail fast instead.
+        if (!(0, auth_1.isTokenValid)(auth.token)) {
+            const message = 'Authentication expired and refresh failed — please restart the bridge to sign in again.';
+            console.error(`[bridge] ${message} (${err.message})`);
+            if (currentWs?.readyState === ws_1.default.OPEN) {
+                currentWs.send(JSON.stringify({ type: 'error', conversationId, message }));
+            }
+            return;
+        }
+        console.warn(`[bridge] token refresh failed (proceeding with current token): ${err.message}`);
     }
     let responding = false;
     (0, claude_1.spawnClaude)({
@@ -80,6 +115,8 @@ async function handleMessage(conversationId, text, sessionId, auth, vaultFileOpe
         text,
         uid: activeAuth.uid,
         vaultFileOpen,
+        clientCapabilities,
+        syncedFolders,
         onEvent: (event) => {
             if (!responding && event['type'] === 'assistant') {
                 responding = true;
@@ -89,7 +126,7 @@ async function handleMessage(conversationId, text, sessionId, auth, vaultFileOpe
                 currentWs.send(JSON.stringify({ type: 'stream', conversationId, event }));
             }
         },
-        onDone: (messageCount, costUsd, usage) => {
+        onDone: (messageCount, costUsd, usage, model) => {
             const parts = [];
             if (usage)
                 parts.push(`in:${usage.input_tokens} out:${usage.output_tokens}`);
@@ -98,18 +135,43 @@ async function handleMessage(conversationId, text, sessionId, auth, vaultFileOpe
             const suffix = parts.length ? `  ${parts.join('  ')}` : '';
             console.log(`[${new Date().toLocaleTimeString()}] ✓ done${suffix}`);
             if (currentWs?.readyState === ws_1.default.OPEN) {
-                currentWs.send(JSON.stringify({ type: 'done', conversationId, messageCount, costUsd }));
+                currentWs.send(JSON.stringify({
+                    type: 'done',
+                    conversationId,
+                    messageCount,
+                    costUsd,
+                    model,
+                    usage: usage ? {
+                        inputTokens: usage.input_tokens,
+                        outputTokens: usage.output_tokens,
+                        cacheReadTokens: usage.cache_read_input_tokens,
+                        cacheCreationTokens: usage.cache_creation_input_tokens,
+                    } : null,
+                }));
             }
         },
-        onError: (message) => {
+        onError: (message, usage, model) => {
             console.error(`[${new Date().toLocaleTimeString()}] ✗ ${message}`);
             if (currentWs?.readyState === ws_1.default.OPEN) {
-                currentWs.send(JSON.stringify({ type: 'error', conversationId, message }));
+                currentWs.send(JSON.stringify({
+                    type: 'error',
+                    conversationId,
+                    message,
+                    model,
+                    usage: usage ? {
+                        inputTokens: usage.input_tokens,
+                        outputTokens: usage.output_tokens,
+                        cacheReadTokens: usage.cache_read_input_tokens,
+                        cacheCreationTokens: usage.cache_creation_input_tokens,
+                    } : null,
+                }));
             }
         },
     });
 }
 // ─── WebSocket connection ─────────────────────────────────────────────────────
+// Application-level heartbeat — avoids relying on WebSocket control frames (ping/pong),
+// which some proxies (GKE LB) may not forward reliably.
 const PING_INTERVAL_MS = 30_000;
 const PONG_TIMEOUT_MS = 10_000;
 function connect(auth, retryDelay = 1000) {
@@ -122,7 +184,7 @@ function connect(auth, retryDelay = 1000) {
         pingTimer = setInterval(() => {
             if (ws.readyState !== ws_1.default.OPEN)
                 return;
-            ws.ping();
+            ws.send(JSON.stringify({ type: 'ping', ts: Date.now() }));
             pongTimer = setTimeout(() => {
                 console.log('[bridge] pong timeout — reconnecting…');
                 ws.terminate();
@@ -139,14 +201,11 @@ function connect(auth, retryDelay = 1000) {
             pongTimer = null;
         }
     }
-    ws.on('pong', () => {
-        if (pongTimer) {
-            clearTimeout(pongTimer);
-            pongTimer = null;
-        }
-    });
     ws.on('open', () => {
         currentWs = ws;
+        // Reset backoff so that a disconnect after a long-stable session
+        // reconnects quickly instead of waiting at the 30s cap.
+        retryDelay = 1000;
         console.log('✓ Bridge connected. Local Mode active on all your devices.\n');
         startPing();
     });
@@ -158,13 +217,21 @@ function connect(auth, retryDelay = 1000) {
         catch {
             return;
         }
+        // Application-level pong — clear the timeout
+        if (msg.type === 'pong') {
+            if (pongTimer) {
+                clearTimeout(pongTimer);
+                pongTimer = null;
+            }
+            return;
+        }
         if (msg.type !== 'message' || !msg.conversationId || !msg.text)
             return;
-        const { conversationId, text, sessionId, vaultFileOpen } = msg;
+        const { conversationId, text, sessionId, vaultFileOpen, clientCapabilities, syncedFolders } = msg;
         const ts = new Date().toLocaleTimeString();
         const preview = text.length > 80 ? text.slice(0, 80) + '…' : text;
         console.log(`[${ts}] ▶ ${preview}`);
-        handleMessage(conversationId, text, sessionId ?? null, auth, vaultFileOpen).catch((err) => {
+        handleMessage(conversationId, text, sessionId ?? null, auth, vaultFileOpen, clientCapabilities, syncedFolders).catch((err) => {
             console.error(`[bridge] handleMessage error: ${err.message}`);
         });
     });
@@ -203,6 +270,10 @@ async function main() {
     // Auth
     const auth = await (0, auth_1.getValidAuth)(GATEWAY_HTTP, PWA_URL);
     currentAuth = auth;
+    // One-time interactive model choice (only prompts on first run; saved to
+    // ~/.1presence/config.json). In a non-TTY environment this is a no-op and
+    // Claude Code's own default is used.
+    await (0, config_1.ensureModelChoice)();
     // Write system prompt + MCP config
     process.stdout.write('Setting up…');
     await writeSetupFiles(auth);

package/dist/sessions.js

@@ -8,25 +8,29 @@ const path_1 = require("path");
 // ─── Storage ──────────────────────────────────────────────────────────────────
 const CONFIG_DIR = (0, path_1.join)((0, os_1.homedir)(), '.1presence');
 const SESSIONS_FILE = (0, path_1.join)(CONFIG_DIR, 'sessions.json');
-function load() {
+let cache = null;
+function getMap() {
+    if (cache)
+        return cache;
     try {
         const raw = (0, fs_1.readFileSync)(SESSIONS_FILE, 'utf-8');
-        return JSON.parse(raw);
+        cache = JSON.parse(raw);
     }
     catch {
-        return {};
+        cache = {};
     }
+    return cache;
 }
-function save(map) {
+function persist(map) {
     (0, fs_1.mkdirSync)(CONFIG_DIR, { recursive: true });
     (0, fs_1.writeFileSync)(SESSIONS_FILE, JSON.stringify(map, null, 2), 'utf-8');
 }
 // ─── Public API ───────────────────────────────────────────────────────────────
 function getClaudeSession(presenceSessionId) {
-    return load()[presenceSessionId];
+    return getMap()[presenceSessionId];
 }
 function saveClaudeSession(presenceSessionId, claudeSessionId) {
-    const map = load();
+    const map = getMap();
     map[presenceSessionId] = claudeSessionId;
-    save(map);
+    persist(map);
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@1presence/bridge",
-  "version": "0.1.18",
+  "version": "0.2.0",
   "description": "Run 1Presence on your Mac and use your Claude.ai Pro subscription from any device",
   "bin": {
     "1presence-bridge": "dist/index.js"