@botcord/daemon 0.2.4 → 0.2.5

package/dist/agent-discovery.d.ts

@@ -17,9 +17,9 @@ export interface DiscoveredAgentCredential {
     hubUrl: string;
     displayName?: string;
     /**
-     * Runtime cached in the credentials file (docs/agent-runtime-property-plan.md).
-     * Null for legacy bind-code credentials without the field; the daemon
-     * falls back to `defaultRoute` in that case.
+     * Runtime cached in the credentials file. Null for legacy bind-code
+     * credentials without the field; the daemon falls back to `defaultRoute`
+     * in that case.
      */
     runtime?: string;
     /** Working directory cached alongside `runtime`. */

package/dist/agent-discovery.js

@@ -134,7 +134,7 @@ export function resolveBootAgents(cfg, opts = {}) {
         // Best-effort enrich with runtime/cwd cached in credentials. A missing
         // or unreadable file is not fatal — the gateway channel will surface the
         // real error at start. The fields we're after are purely for router
-        // fallback (docs/agent-runtime-property-plan.md §4.3).
+        // fallback.
         const agents = explicit.map((agentId) => {
             const credentialsFile = defaultCredentialsFile(agentId);
             const entry = {

package/dist/agent-workspace.js

@@ -7,8 +7,6 @@
  *   codex-home/  — per-agent CODEX_HOME used by the codex adapter so codex
  *                  reads a daemon-written AGENTS.md (systemContext carrier)
  *                  and stores its sessions/ without touching ~/.codex.
- *
- * See docs/daemon-agent-workspace-plan.md §4 for the full layout rationale.
  */
 import { chmodSync, copyFileSync, existsSync, lstatSync, mkdirSync, readlinkSync, symlinkSync, unlinkSync, writeFileSync, } from "node:fs";
 import { homedir } from "node:os";

package/dist/control-channel.d.ts

@@ -5,16 +5,13 @@
  * Independent from the agent data-plane WS: different auth (user access
  * token vs agent JWT), different endpoint (`/daemon/ws`), different
  * lifecycle (alive even when zero agents are bound).
- *
- * See `docs/daemon-control-plane-plan.md` §4.1, §4.3, §8.
  */
 import WebSocket from "ws";
 import { type ControlAck, type ControlFrame } from "@botcord/protocol-core";
 import { type UserAuthManager } from "./user-auth.js";
 /**
  * Build the canonical signing input for a control frame: RFC 8785 (JCS)
- * canonicalization of `{id, type, params, ts}`. Per
- * `docs/daemon-control-plane-api-contract.md` §3.3 — the Hub uses Python
+ * canonicalization of `{id, type, params, ts}`. The Hub uses Python
  * `jcs.canonicalize` over the same object before signing.
  *
  * Excludes `sig` by definition. `params` defaults to `{}` (empty object)

package/dist/control-channel.js

@@ -5,8 +5,6 @@
  * Independent from the agent data-plane WS: different auth (user access
  * token vs agent JWT), different endpoint (`/daemon/ws`), different
  * lifecycle (alive even when zero agents are bound).
- *
- * See `docs/daemon-control-plane-plan.md` §4.1, §4.3, §8.
  */
 import WebSocket from "ws";
 import { buildDaemonWebSocketUrl, CONTROL_FRAME_TYPES, jcsCanonicalize, resolveHubControlPublicKey, verifyEd25519, } from "@botcord/protocol-core";
@@ -18,8 +16,7 @@ const KEEPALIVE_INTERVAL_MS = 25_000;
 const REPLAY_DEDUPE_CAP = 256;
 /**
  * Build the canonical signing input for a control frame: RFC 8785 (JCS)
- * canonicalization of `{id, type, params, ts}`. Per
- * `docs/daemon-control-plane-api-contract.md` §3.3 — the Hub uses Python
+ * canonicalization of `{id, type, params, ts}`. The Hub uses Python
  * `jcs.canonicalize` over the same object before signing.
  *
  * Excludes `sig` by definition. `params` defaults to `{}` (empty object)

package/dist/daemon-config-map.d.ts

@@ -9,9 +9,8 @@ export interface ToGatewayConfigOptions {
      */
     agentIds?: string[];
     /**
-     * Per-agent runtime/cwd cached from credentials (see
-     * `docs/agent-runtime-property-plan.md`). When present for an agent id,
-     * `toGatewayConfig` synthesizes a terminal route pinning that agent's
+     * Per-agent runtime/cwd cached from credentials. When present for an agent
+     * id, `toGatewayConfig` synthesizes a terminal route pinning that agent's
      * turns to its runtime. Explicit `cfg.routes` entries still win because
      * synthesized routes are appended after them.
      */

package/dist/gateway/dispatcher.d.ts

@@ -74,7 +74,42 @@ export declare class Dispatcher {
     private safeAck;
     private getQueue;
     private runCancelPrevious;
+    /**
+     * Serial mode with coalesce-on-drain semantics:
+     *
+     *   1. First arrival on an idle queue boots the worker, which dispatches a
+     *      single-message turn immediately (no batching delay).
+     *   2. Arrivals during an in-flight turn append to `serialBuffer`; when the
+     *      worker finishes the current turn it drains the entire buffer and
+     *      merges all pending entries into ONE next turn (folded into a single
+     *      `raw.batch` so the composer renders them as multi-block input).
+     *   3. Buffer caps: at most `MAX_BATCH_BUFFER_ENTRIES` entries are retained
+     *      (drop oldest) and merged turns are further trimmed to fit
+     *      `MAX_BATCH_BUFFER_CHARS` of total raw text.
+     *
+     * Note: the pre-composed `text` from `handle()` is intentionally discarded
+     * here — at drain time the worker re-invokes `composeUserTurn` on the
+     * merged message so the runtime sees a single coherent prompt covering all
+     * coalesced messages.
+     */
     private runSerial;
+    /**
+     * Merge buffered serial entries into a single dispatchable unit. With one
+     * entry the call is a near no-op (just recompose). With ≥2 entries this
+     * flattens any per-entry `raw.batch` (the BotCord channel already groups
+     * one inbox-poll's worth of same-room/topic messages into a `raw.batch`),
+     * applies the `MAX_BATCH_BUFFER_CHARS` cap by dropping oldest individual
+     * messages, and then synthesizes a merged inbound message anchored on the
+     * latest entry's metadata (mentioned = OR across all entries).
+     */
+    private mergeSerialBuffer;
+    /**
+     * Re-run the user-turn composer at drain time. Mirrors the logic in
+     * `handle()` but operates on the (possibly merged) message. Falls back to
+     * raw trimmed text on composer failure so a buggy composer never drops a
+     * turn.
+     */
+    private recomposeUserTurn;
     private runTurn;
     private sendReply;
 }

package/dist/gateway/dispatcher.js

@@ -1,6 +1,21 @@
 import { resolveRoute } from "./router.js";
 import { sessionKey } from "./session-store.js";
 const DEFAULT_TURN_TIMEOUT_MS = 10 * 60 * 1000;
+/**
+ * Owner-chat room prefix. Reply-text gating: only rooms with this prefix get
+ * `result.text` forwarded to the channel; in every other room the runtime's
+ * plain text output is discarded — agents must use the `botcord_send` tool
+ * (or `botcord send` CLI via Bash) to actually deliver replies.
+ */
+const OWNER_CHAT_ROOM_PREFIX = "rm_oc_";
+/** Maximum number of buffered serial entries per queue. Excess entries drop oldest. */
+const MAX_BATCH_BUFFER_ENTRIES = 40;
+/**
+ * Soft cap on the total characters across raw.batch members in a merged
+ * turn. When exceeded, oldest entries are dropped (with a warn log) so the
+ * runtime prompt stays bounded even if the channel-side batch was huge.
+ */
+const MAX_BATCH_BUFFER_CHARS = 16000;
 /**
  * Gateway dispatcher: consumes `GatewayInboundEnvelope` and drives a runtime
  * turn per message, respecting queue mode, trust level, streaming, and
@@ -55,12 +70,17 @@ export class Dispatcher {
             await this.safeAck(envelope);
             return;
         }
-        // Compose the final user-turn text. The composer can enrich the raw
-        // message with sender label, room header, NO_REPLY hint, etc. — anything
-        // that should land in the runtime transcript. Failures fall back to the
-        // raw trimmed text so a buggy composer cannot drop turns.
+        const managed = this.managedRoutes ? Array.from(this.managedRoutes.values()) : undefined;
+        const route = resolveRoute(msg, this.config, managed);
+        const mode = resolveQueueMode(route, msg.conversation.kind);
+        const queueKey = buildQueueKey(msg);
+        // Compose the final user-turn text only for cancel-previous mode, where
+        // the dispatcher consumes the pre-composed text directly. Serial mode
+        // re-runs the composer at drain time on the merged message (so it sees
+        // the full coalesced batch instead of any single arrival), so calling
+        // the composer here would just be redundant work.
         let text = rawText;
-        if (this.composeUserTurn) {
+        if (mode === "cancel-previous" && this.composeUserTurn) {
             try {
                 const composed = this.composeUserTurn(msg);
                 if (typeof composed === "string" && composed.length > 0) {
@@ -74,10 +94,6 @@ export class Dispatcher {
                 });
             }
         }
-        const managed = this.managedRoutes ? Array.from(this.managedRoutes.values()) : undefined;
-        const route = resolveRoute(msg, this.config, managed);
-        const mode = resolveQueueMode(route, msg.conversation.kind);
-        const queueKey = buildQueueKey(msg);
         // Ack immediately: once the dispatcher has a route + queue key, ownership is decided.
         await this.safeAck(envelope);
         // Notify the optional observer (activity tracking, metrics, etc.) as soon
@@ -139,8 +155,9 @@ export class Dispatcher {
         if (!q) {
             q = {
                 current: null,
-                tail: Promise.resolve(),
                 cancelGen: 0,
+                serialBuffer: [],
+                serialWorkerActive: false,
             };
             this.queues.set(key, q);
         }
@@ -169,12 +186,145 @@ export class Dispatcher {
         }
         await this.runTurn(queueKey, route, text, msg, channel);
     }
-    async runSerial(queueKey, route, text, msg, channel) {
+    /**
+     * Serial mode with coalesce-on-drain semantics:
+     *
+     *   1. First arrival on an idle queue boots the worker, which dispatches a
+     *      single-message turn immediately (no batching delay).
+     *   2. Arrivals during an in-flight turn append to `serialBuffer`; when the
+     *      worker finishes the current turn it drains the entire buffer and
+     *      merges all pending entries into ONE next turn (folded into a single
+     *      `raw.batch` so the composer renders them as multi-block input).
+     *   3. Buffer caps: at most `MAX_BATCH_BUFFER_ENTRIES` entries are retained
+     *      (drop oldest) and merged turns are further trimmed to fit
+     *      `MAX_BATCH_BUFFER_CHARS` of total raw text.
+     *
+     * Note: the pre-composed `text` from `handle()` is intentionally discarded
+     * here — at drain time the worker re-invokes `composeUserTurn` on the
+     * merged message so the runtime sees a single coherent prompt covering all
+     * coalesced messages.
+     */
+    async runSerial(queueKey, route, _text, msg, channel) {
         const q = this.getQueue(queueKey);
-        const prev = q.tail;
-        const next = prev.then(() => this.runTurn(queueKey, route, text, msg, channel));
-        q.tail = next.catch(() => undefined);
-        return next;
+        q.serialBuffer.push({ route, msg, channel });
+        while (q.serialBuffer.length > MAX_BATCH_BUFFER_ENTRIES) {
+            const dropped = q.serialBuffer.shift();
+            this.log.warn("dispatcher: serial buffer overflow — dropped oldest entry", {
+                queueKey,
+                droppedMessageId: dropped.msg.id,
+                bufferCap: MAX_BATCH_BUFFER_ENTRIES,
+            });
+        }
+        if (q.serialWorkerActive)
+            return;
+        q.serialWorkerActive = true;
+        try {
+            while (q.serialBuffer.length > 0) {
+                const drained = q.serialBuffer.splice(0, q.serialBuffer.length);
+                const merged = this.mergeSerialBuffer(drained, queueKey);
+                if (!merged)
+                    continue;
+                await this.runTurn(queueKey, merged.route, merged.text, merged.msg, merged.channel);
+            }
+        }
+        finally {
+            q.serialWorkerActive = false;
+        }
+    }
+    /**
+     * Merge buffered serial entries into a single dispatchable unit. With one
+     * entry the call is a near no-op (just recompose). With ≥2 entries this
+     * flattens any per-entry `raw.batch` (the BotCord channel already groups
+     * one inbox-poll's worth of same-room/topic messages into a `raw.batch`),
+     * applies the `MAX_BATCH_BUFFER_CHARS` cap by dropping oldest individual
+     * messages, and then synthesizes a merged inbound message anchored on the
+     * latest entry's metadata (mentioned = OR across all entries).
+     */
+    mergeSerialBuffer(entries, queueKey) {
+        if (entries.length === 0)
+            return null;
+        if (entries.length === 1) {
+            const only = entries[0];
+            return {
+                route: only.route,
+                text: this.recomposeUserTurn(only.msg),
+                msg: only.msg,
+                channel: only.channel,
+            };
+        }
+        // Flatten: each entry's raw may already be a BatchedInboxRaw with
+        // `.batch`; otherwise it's a single InboxMessage we treat as a 1-element
+        // batch. Insertion order preserves chronology.
+        const items = [];
+        for (const e of entries) {
+            const raw = e.msg.raw;
+            const batch = raw && Array.isArray(raw.batch)
+                ? (raw.batch)
+                : null;
+            if (batch) {
+                for (const m of batch)
+                    items.push(m);
+            }
+            else if (raw) {
+                items.push(raw);
+            }
+        }
+        // Char-cap: drop oldest until we fit. Reserve at least one item so we
+        // never produce an empty merged batch.
+        let totalChars = items.reduce((acc, m) => acc + (typeof m?.text === "string" ? m.text.length : 0), 0);
+        let droppedCount = 0;
+        while (totalChars > MAX_BATCH_BUFFER_CHARS && items.length > 1) {
+            const removed = items.shift();
+            totalChars -= typeof removed?.text === "string" ? removed.text.length : 0;
+            droppedCount += 1;
+        }
+        if (droppedCount > 0) {
+            this.log.warn("dispatcher: merged batch exceeded char cap — dropped oldest", {
+                queueKey,
+                droppedCount,
+                remaining: items.length,
+                totalChars,
+                charCap: MAX_BATCH_BUFFER_CHARS,
+            });
+        }
+        const latest = entries[entries.length - 1];
+        const latestRaw = latest.msg.raw ?? {};
+        const mergedRaw = { ...latestRaw, batch: items };
+        const anyMentioned = entries.some((e) => e.msg.mentioned === true);
+        const mergedMsg = {
+            ...latest.msg,
+            mentioned: anyMentioned,
+            raw: mergedRaw,
+        };
+        return {
+            route: latest.route,
+            text: this.recomposeUserTurn(mergedMsg),
+            msg: mergedMsg,
+            channel: latest.channel,
+        };
+    }
+    /**
+     * Re-run the user-turn composer at drain time. Mirrors the logic in
+     * `handle()` but operates on the (possibly merged) message. Falls back to
+     * raw trimmed text on composer failure so a buggy composer never drops a
+     * turn.
+     */
+    recomposeUserTurn(msg) {
+        const rawText = typeof msg.text === "string" ? msg.text.trim() : "";
+        if (!this.composeUserTurn)
+            return rawText;
+        try {
+            const composed = this.composeUserTurn(msg);
+            if (typeof composed === "string" && composed.length > 0)
+                return composed;
+        }
+        catch (err) {
+            this.log.warn("dispatcher: composeUserTurn (drain) threw — using raw text", {
+                messageId: msg.id,
+                error: err instanceof Error ? err.message : String(err),
+            });
+        }
+        return rawText;
     }
     async runTurn(queueKey, route, text, msg, channel) {
         const q = this.getQueue(queueKey);
@@ -290,16 +440,42 @@ export class Dispatcher {
             if (controller.signal.aborted && !slot.timedOut) {
                 return;
             }
+            // Reply gating: only owner-chat rooms accept the runtime's plain text
+            // output as a delivered message. Every other room expects the agent to
+            // call the `botcord_send` tool (or `botcord send` CLI via Bash)
+            // explicitly; runtime text in those rooms is logged and dropped,
+            // including timeout / error notifications.
+            //
+            // Owner-chat is identified by either the `rm_oc_` room prefix OR
+            // `source_type === "dashboard_user_chat"` on the raw envelope — the
+            // same dual check used by `sender-classify.ts:classifyActivitySender`,
+            // so the dispatcher's reply gating stays in lock-step with the
+            // composer's owner-bypass.
+            //
+            // Side effect: `onOutbound` (loop-risk tracking) only fires when a
+            // reply actually leaves the dispatcher. In non-owner-chat rooms the
+            // expectation is that the agent's `botcord_send` tool calls do their
+            // own loop-risk accounting downstream.
+            const isOwnerChat = isOwnerChatRoom(msg);
             if (slot.timedOut) {
-                await this.sendReply(channel, {
-                    channel: msg.channel,
-                    accountId: msg.accountId,
-                    conversationId: msg.conversation.id,
-                    threadId: msg.conversation.threadId ?? null,
-                    text: `⚠️ Runtime timeout after ${Math.round(this.turnTimeoutMs / 60000)} minute(s); aborted`,
-                    replyTo: msg.id,
-                    traceId: msg.trace?.id ?? null,
-                });
+                if (isOwnerChat) {
+                    await this.sendReply(channel, {
+                        channel: msg.channel,
+                        accountId: msg.accountId,
+                        conversationId: msg.conversation.id,
+                        threadId: msg.conversation.threadId ?? null,
+                        text: `⚠️ Runtime timeout after ${Math.round(this.turnTimeoutMs / 60000)} minute(s); aborted`,
+                        replyTo: msg.id,
+                        traceId: msg.trace?.id ?? null,
+                    });
+                }
+                else {
+                    this.log.warn("dispatcher: timeout in non-owner-chat room — error reply suppressed", {
+                        queueKey,
+                        conversationId: msg.conversation.id,
+                        timeoutMs: this.turnTimeoutMs,
+                    });
+                }
                 return;
             }
             if (threw) {
@@ -308,16 +484,24 @@ export class Dispatcher {
                     runtime: route.runtime,
                     error: threw instanceof Error ? threw.message : String(threw),
                 });
-                const shortMsg = threw instanceof Error ? threw.message : String(threw);
-                await this.sendReply(channel, {
-                    channel: msg.channel,
-                    accountId: msg.accountId,
-                    conversationId: msg.conversation.id,
-                    threadId: msg.conversation.threadId ?? null,
-                    text: `⚠️ Runtime error: ${truncate(shortMsg, 500)}`,
-                    replyTo: msg.id,
-                    traceId: msg.trace?.id ?? null,
-                });
+                if (isOwnerChat) {
+                    const shortMsg = threw instanceof Error ? threw.message : String(threw);
+                    await this.sendReply(channel, {
+                        channel: msg.channel,
+                        accountId: msg.accountId,
+                        conversationId: msg.conversation.id,
+                        threadId: msg.conversation.threadId ?? null,
+                        text: `⚠️ Runtime error: ${truncate(shortMsg, 500)}`,
+                        replyTo: msg.id,
+                        traceId: msg.trace?.id ?? null,
+                    });
+                }
+                else {
+                    this.log.warn("dispatcher: runtime error in non-owner-chat room — error reply suppressed", {
+                        queueKey,
+                        conversationId: msg.conversation.id,
+                    });
+                }
                 return;
             }
             if (!result)
@@ -379,6 +563,18 @@ export class Dispatcher {
             const replyText = (result.text || "").trim();
             if (!replyText)
                 return;
+            if (!isOwnerChat) {
+                // Non-owner-chat rooms: result.text never goes out. The agent is
+                // expected to have used the `botcord_send` tool / `botcord send` CLI
+                // already; whatever it left in the runtime's final assistant text is
+                // discarded so it doesn't leak into the room.
+                this.log.debug("dispatcher: non-owner-chat — discarding result.text (agent must use botcord_send)", {
+                    queueKey,
+                    conversationId: msg.conversation.id,
+                    replyTextLen: replyText.length,
+                });
+                return;
+            }
             // One last abort check immediately before the send. Narrows the window
             // in which a cancel-previous arriving during session-store.set could
             // still slip a stale reply past us.
@@ -435,6 +631,29 @@ function buildQueueKey(msg) {
     const thread = msg.conversation.threadId ?? "";
     return `${msg.channel}:${msg.accountId}:${msg.conversation.id}:${thread}`;
 }
+/**
+ * Owner-chat predicate used by the dispatcher's reply gating. Matches the
+ * dual check in `sender-classify.ts:classifyActivitySender` so the
+ * dispatcher's gate stays consistent with the composer's owner-bypass:
+ *
+ *   1. `rm_oc_*` room id, OR
+ *   2. `source_type === "dashboard_user_chat"` on the raw envelope.
+ *
+ * The latter exists because the dashboard's user-chat surface can route
+ * messages through non-`rm_oc_` rooms in some flows; treating them as
+ * owner-trust here keeps the agent's plain reply text reachable.
+ */
+function isOwnerChatRoom(msg) {
+    if (msg.conversation.id.startsWith(OWNER_CHAT_ROOM_PREFIX))
+        return true;
+    const raw = msg.raw;
+    if (raw && typeof raw === "object") {
+        const sourceType = raw.source_type;
+        if (sourceType === "dashboard_user_chat")
+            return true;
+    }
+    return false;
+}
 function resolveQueueMode(route, kind) {
     if (route.queueMode)
         return route.queueMode;

package/dist/provision.d.ts

@@ -52,8 +52,7 @@ export declare function reloadConfig(ctx: {
     gateway: Gateway;
 }): Promise<ReloadResult>;
 /**
- * Per-agent entry returned by `list_agents`. Shape follows
- * `docs/daemon-control-plane-api-contract.md` §3.2 — `{id, name, online}`.
+ * Per-agent entry returned by `list_agents`. Wire shape: `{id, name, online}`.
  * `status` and `lastMessageAt` are extra daemon-only fields the dashboard
  * may ignore; kept so future contract revisions can promote them without
  * breaking the wire.

package/dist/provision.js

@@ -3,8 +3,6 @@
  * to this module with the parsed {@link ControlFrame}; we execute the
  * side effects (register agent, write credentials, load route, add/remove
  * gateway channel) and return an ack payload.
- *
- * See `docs/daemon-control-plane-plan.md` §4.3, §5.3, §8.
  */
 import { existsSync, rmSync, unlinkSync } from "node:fs";
 import { homedir } from "node:os";
@@ -222,9 +220,9 @@ async function provisionAgent(params, ctx) {
     };
 }
 async function materializeCredentials(params, cfg, ctx, explicitCwd) {
-    // Runtime is an agent property (docs/agent-runtime-property-plan.md §4.1).
-    // Hub is authoritative; top-level `runtime` wins, `adapter` is a one-release
-    // alias, and `credentials.runtime` is the per-agent cached copy.
+    // Runtime is an agent property. Hub is authoritative; top-level `runtime`
+    // wins, `adapter` is a one-release alias, and `credentials.runtime` is the
+    // per-agent cached copy.
     const runtime = pickRuntime(params);
     if (runtime)
         assertKnownRuntime(runtime);

package/dist/turn-text.js

@@ -4,6 +4,16 @@ const GROUP_HINT = '[In group chats, do NOT reply unless you are explicitly ment
     'If no response is needed, reply with exactly "NO_REPLY" and nothing else.]';
 const DIRECT_HINT = '[If the conversation has naturally concluded or no response is needed, ' +
     'reply with exactly "NO_REPLY" and nothing else.]';
+/**
+ * Reminder appended to every wrapped (non-owner-chat) inbound message. The
+ * dispatcher discards `result.text` for any room that is not `rm_oc_*`, so
+ * the agent must call the `botcord_send` tool (or the `botcord send` CLI
+ * via Bash) to actually deliver a reply. Plain assistant text in those
+ * rooms is logged and dropped.
+ */
+const NON_OWNER_REPLY_HINT = "[This room is NOT owner-chat. Plain text output WILL NOT be sent. " +
+    "To reply, call the `botcord_send` tool, or run " +
+    '`botcord send --room <room_id> --text "..."` via Bash.]';
 /**
  * Read the BotCord envelope type from a raw inbound message. Returns
  * `undefined` when the message didn't come from the BotCord channel or the
@@ -116,6 +126,8 @@ export function composeBotCordUserTurn(msg) {
         `</${tag}>`,
         "",
         hint,
+        "",
+        NON_OWNER_REPLY_HINT,
     ];
     if (contactRequestHint) {
         lines.push("", contactRequestHint);
@@ -160,7 +172,14 @@ function composeBatchedTurn(msg, batch) {
         }
     }
     const hint = isGroup ? GROUP_HINT : DIRECT_HINT;
-    const lines = [header.join(" | "), blocks.join("\n"), "", hint];
+    const lines = [
+        header.join(" | "),
+        blocks.join("\n"),
+        "",
+        hint,
+        "",
+        NON_OWNER_REPLY_HINT,
+    ];
     if (contactRequestSenders.length > 0) {
         // Dedup + list — multiple distinct senders show as "A, B".
         const unique = Array.from(new Set(contactRequestSenders));

package/dist/user-auth.js

@@ -5,8 +5,6 @@
  * `~/.botcord/credentials/*.json`), the user-auth record is singular —
  * the daemon only logs in as *one* user at a time. Stored at
  * `~/.botcord/daemon/user-auth.json` with `0600` permissions.
- *
- * See `docs/daemon-control-plane-plan.md` §6–§7.
  */
 import { chmodSync, existsSync, mkdirSync, readFileSync, renameSync, statSync, unlinkSync, writeFileSync, } from "node:fs";
 import path from "node:path";

package/dist/working-memory.js

@@ -2,7 +2,7 @@
  * Working memory — persistent, account-scoped notes injected into every turn.
  *
  * Stored at `~/.botcord/agents/{agentId}/state/working-memory.json` (the
- * per-agent state dir owned by the daemon; see docs/daemon-agent-workspace-plan.md §8).
+ * per-agent state dir owned by the daemon).
  *
  * Ported from plugin/src/memory.ts (dropping workspace + OpenClaw runtime
  * branches) and plugin/src/memory-protocol.ts (prompt builder).

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@botcord/daemon",
-  "version": "0.2.4",
+  "version": "0.2.5",
   "description": "BotCord local daemon — bridges Hub inbox push to local Claude Code / Codex / Gemini CLIs",
   "type": "module",
   "bin": {

package/src/agent-discovery.ts

@@ -31,9 +31,9 @@ export interface DiscoveredAgentCredential {
   hubUrl: string;
   displayName?: string;
   /**
-   * Runtime cached in the credentials file (docs/agent-runtime-property-plan.md).
-   * Null for legacy bind-code credentials without the field; the daemon
-   * falls back to `defaultRoute` in that case.
+   * Runtime cached in the credentials file. Null for legacy bind-code
+   * credentials without the field; the daemon falls back to `defaultRoute`
+   * in that case.
    */
   runtime?: string;
   /** Working directory cached alongside `runtime`. */
@@ -221,7 +221,7 @@ export function resolveBootAgents(
     // Best-effort enrich with runtime/cwd cached in credentials. A missing
     // or unreadable file is not fatal — the gateway channel will surface the
     // real error at start. The fields we're after are purely for router
-    // fallback (docs/agent-runtime-property-plan.md §4.3).
+    // fallback.
     const agents: DiscoveredAgentCredential[] = explicit.map((agentId) => {
       const credentialsFile = defaultCredentialsFile(agentId);
       const entry: DiscoveredAgentCredential = {

package/src/agent-workspace.ts

@@ -7,8 +7,6 @@
  *   codex-home/  — per-agent CODEX_HOME used by the codex adapter so codex
  *                  reads a daemon-written AGENTS.md (systemContext carrier)
  *                  and stores its sessions/ without touching ~/.codex.
- *
- * See docs/daemon-agent-workspace-plan.md §4 for the full layout rationale.
  */
 import {
   chmodSync,

package/src/control-channel.ts

@@ -5,8 +5,6 @@
  * Independent from the agent data-plane WS: different auth (user access
  * token vs agent JWT), different endpoint (`/daemon/ws`), different
  * lifecycle (alive even when zero agents are bound).
- *
- * See `docs/daemon-control-plane-plan.md` §4.1, §4.3, §8.
  */
 import WebSocket from "ws";
 import {
@@ -31,8 +29,7 @@ const REPLAY_DEDUPE_CAP = 256;
 
 /**
  * Build the canonical signing input for a control frame: RFC 8785 (JCS)
- * canonicalization of `{id, type, params, ts}`. Per
- * `docs/daemon-control-plane-api-contract.md` §3.3 — the Hub uses Python
+ * canonicalization of `{id, type, params, ts}`. The Hub uses Python
  * `jcs.canonicalize` over the same object before signing.
  *
  * Excludes `sig` by definition. `params` defaults to `{}` (empty object)

package/src/daemon-config-map.ts

@@ -19,9 +19,8 @@ export interface ToGatewayConfigOptions {
    */
   agentIds?: string[];
   /**
-   * Per-agent runtime/cwd cached from credentials (see
-   * `docs/agent-runtime-property-plan.md`). When present for an agent id,
-   * `toGatewayConfig` synthesizes a terminal route pinning that agent's
+   * Per-agent runtime/cwd cached from credentials. When present for an agent
+   * id, `toGatewayConfig` synthesizes a terminal route pinning that agent's
    * turns to its runtime. Explicit `cfg.routes` entries still win because
    * synthesized routes are appended after them.
    */