@botcord/daemon 0.2.75 → 0.2.76

package/dist/gateway/runtimes/claude-code.js

@@ -1,8 +1,26 @@
+import { execFileSync } from "node:child_process";
 import path from "node:path";
 import { NdjsonStreamAdapter } from "./ndjson-stream.js";
+import { consoleLogger } from "../log.js";
+import { looksLikeRuntimeAuthFailure } from "../runtime-errors.js";
 import { firstExistingPath, readCommandVersion, resolveCommandOnPath, resolveHomePath, } from "./probe.js";
 const CLAUDE_DESKTOP_CLI_RELATIVE_PATH = path.join("Applications", "Claude Code URL Handler.app", "Contents", "MacOS", "claude");
 const CLAUDE_DESKTOP_CLI_SYSTEM_PATH = "/Applications/Claude Code URL Handler.app/Contents/MacOS/claude";
+const log = consoleLogger;
+const CLAUDE_CODE_AUTH_ENV_DENYLIST = [
+    "ANTHROPIC_API_KEY",
+    "ANTHROPIC_AUTH_TOKEN",
+    "ANTHROPIC_BASE_URL",
+    "ANTHROPIC_CUSTOM_HEADERS",
+    "CLAUDE_CODE_OAUTH_TOKEN",
+];
+export function scrubClaudeCodeAuthEnv(env) {
+    const out = { ...env };
+    for (const key of CLAUDE_CODE_AUTH_ENV_DENYLIST) {
+        delete out[key];
+    }
+    return out;
+}
 function isValidClaudeSessionId(sessionId) {
     if (sessionId.length === 0 || sessionId.length > 512)
         return false;
@@ -111,6 +129,59 @@ export function probeClaude(deps = {}) {
         version: readCommandVersion(command, [], deps) ?? undefined,
     };
 }
+export function probeClaudeAuth(deps = {}) {
+    const command = resolveClaudeCommand(deps);
+    if (!command)
+        return { checked: false, ok: false, message: "claude command not found" };
+    return runClaudeAuthProbe(command, deps);
+}
+function runClaudeAuthProbe(command, deps = {}) {
+    const execFn = deps.execFileSyncFn ?? execFileSync;
+    const env = scrubClaudeCodeAuthEnv(deps.env ?? process.env);
+    try {
+        const raw = execFn(command, ["-p", "ping", "--output-format", "stream-json"], {
+            stdio: ["ignore", "pipe", "pipe"],
+            env,
+            timeout: 20_000,
+        });
+        const output = Buffer.isBuffer(raw) ? raw.toString("utf8") : String(raw ?? "");
+        const authFailure = claudeAuthFailureFromOutput(output);
+        if (authFailure)
+            return { checked: true, ok: false, message: authFailure };
+        return { checked: true, ok: true, message: "claude-code auth ok" };
+    }
+    catch (err) {
+        const e = err;
+        const output = `${bufferishToString(e.stdout)}\n${bufferishToString(e.stderr)}`.trim();
+        const authFailure = claudeAuthFailureFromOutput(output);
+        return {
+            checked: true,
+            ok: false,
+            message: authFailure || e.message || "claude-code auth probe failed",
+        };
+    }
+}
+function bufferishToString(raw) {
+    return Buffer.isBuffer(raw) ? raw.toString("utf8") : String(raw ?? "");
+}
+function claudeAuthFailureFromOutput(output) {
+    for (const line of output.split(/\r?\n/)) {
+        const s = line.trim();
+        if (!s)
+            continue;
+        try {
+            const obj = JSON.parse(s);
+            if (obj.type === "result" && typeof obj.result === "string" && looksLikeRuntimeAuthFailure(obj.result)) {
+                return obj.result;
+            }
+        }
+        catch {
+            if (looksLikeRuntimeAuthFailure(s))
+                return s;
+        }
+    }
+    return looksLikeRuntimeAuthFailure(output) ? output : null;
+}
 /**
  * Claude Code adapter — spawns `claude -p "<text>" --output-format stream-json`
  * (with `--resume <sid>` when available) and parses the ndjson stream.
@@ -180,6 +251,9 @@ export class ClaudeCodeAdapter extends NdjsonStreamAdapter {
             args.push(...extraArgs);
         return args;
     }
+    spawnEnv(opts) {
+        return scrubClaudeCodeAuthEnv(super.spawnEnv(opts));
+    }
     handleEvent(raw, ctx) {
         const obj = raw;
         // Emit a thinking lifecycle hint BEFORE the block so the dispatcher's
@@ -204,10 +278,24 @@ export class ClaudeCodeAdapter extends NdjsonStreamAdapter {
             if (typeof obj.total_cost_usd === "number")
                 ctx.state.costUsd = obj.total_cost_usd;
             if (obj.subtype === "success") {
-                if (typeof obj.session_id === "string")
-                    ctx.state.newSessionId = obj.session_id;
-                if (typeof obj.result === "string")
-                    ctx.state.finalText = obj.result;
+                const result = typeof obj.result === "string" ? obj.result : "";
+                const looksLikeAuthFailure = obj.total_cost_usd === 0 && looksLikeRuntimeAuthFailure(result);
+                if (looksLikeAuthFailure) {
+                    log.error("claude-code authentication failed; check ~/.claude login or unset stale Anthropic env vars", {
+                        error: result,
+                    });
+                    ctx.state.newSessionId = "";
+                    ctx.state.finalText = "";
+                    ctx.state.assistantTextChunks = [];
+                    ctx.state.assistantTextBytes = 0;
+                    ctx.state.errorText = result;
+                }
+                else {
+                    if (typeof obj.session_id === "string")
+                        ctx.state.newSessionId = obj.session_id;
+                    if (typeof obj.result === "string")
+                        ctx.state.finalText = obj.result;
+                }
             }
             else {
                 // Non-success result (e.g. resume targeted a missing UUID). Claude Code

package/dist/gateway/runtimes/deepseek-tui.js

@@ -308,14 +308,14 @@ export class DeepseekTuiAdapter {
                 else if (eventName === "item.delta" && payload?.payload?.kind === "agent_message") {
                     append(stringField(payload.payload, "delta") ?? "");
                 }
-                if (eventName === "turn.started") {
+                if (eventName === "turn.started" || embeddedDeepseekEvent(payload) === "turn.started") {
                     opts.onStatus?.({ kind: "thinking", phase: "started", label: "Thinking" });
                 }
                 else if (eventName === "tool.started" || isToolStarted(payload)) {
                     const label = stringField(payload, "name") ?? stringField(payload?.payload?.tool, "name") ?? "tool";
                     opts.onStatus?.({ kind: "thinking", phase: "updated", label });
                 }
-                else if (eventName === "turn.completed" || eventName === "done") {
+                else if (isDeepseekTerminalEvent(eventName, payload)) {
                     opts.onStatus?.({ kind: "thinking", phase: "stopped" });
                     return true;
                 }
@@ -383,14 +383,28 @@ function normalizeDeepseekEvent(eventName, payload, seq) {
     if (eventName === "item.delta" && payload?.payload?.kind === "agent_message") {
         return { raw: { event: eventName, payload }, kind: "assistant_text", seq };
     }
-    if (eventName === "turn.started" || eventName === "status") {
+    if (eventName === "turn.started" || eventName === "status" || embeddedDeepseekEvent(payload) === "turn.started") {
         return { raw: { event: eventName, payload }, kind: "system", seq };
     }
-    if (eventName === "error" || eventName === "turn.completed" || eventName === "done") {
+    if (eventName === "error" || isDeepseekTerminalEvent(eventName, payload)) {
         return { raw: { event: eventName, payload }, kind: "other", seq };
     }
     return null;
 }
+function embeddedDeepseekEvent(payload) {
+    return stringField(payload, "event") ?? stringField(payload?.payload, "event");
+}
+function isDeepseekTerminalEvent(eventName, payload) {
+    const embedded = embeddedDeepseekEvent(payload);
+    return (eventName === "turn.completed" ||
+        eventName === "turn.finished" ||
+        eventName === "turn.done" ||
+        eventName === "done" ||
+        embedded === "turn.completed" ||
+        embedded === "turn.finished" ||
+        embedded === "turn.done" ||
+        embedded === "done");
+}
 function isToolStarted(payload) {
     return payload?.event === "item.started" && !!payload?.payload?.tool;
 }
@@ -411,7 +425,7 @@ function extractDeepseekError(eventName, payload) {
             stringField(payload?.payload?.item, "summary") ??
             stringField(payload?.payload, "error"));
     }
-    if (eventName === "turn.completed") {
+    if (isDeepseekTerminalEvent(eventName, payload)) {
         const turn = payload?.payload?.turn ?? payload?.turn;
         const status = stringField(turn, "status");
         const err = stringField(turn, "error");

package/dist/gateway/transcript.d.ts

@@ -84,7 +84,7 @@ export interface OutboundTranscriptRecord extends TranscriptRecordBase {
 }
 export interface TurnErrorTranscriptRecord extends TranscriptRecordBase {
     kind: "turn_error";
-    phase: "runtime" | "timeout";
+    phase: "runtime" | "timeout" | "budget";
     error: string;
     durationMs: number;
 }

package/dist/gateway/types.d.ts

@@ -196,10 +196,25 @@ export interface TurnStatusSnapshot {
     cwd: string;
     startedAt: number;
 }
+/** Per-runtime auth circuit breaker state exposed through daemon snapshots. */
+export interface RuntimeCircuitBreakerSnapshot {
+    key: string;
+    runtime: string;
+    channel: string;
+    accountId: string;
+    conversationId: string;
+    threadId?: string | null;
+    failures: number;
+    openedAt: number;
+    blockedUntil: number;
+    lastFailureAt: number;
+    lastError: string;
+}
 /** Aggregate gateway state combining channel and turn snapshots. */
 export interface GatewayRuntimeSnapshot {
     channels: Record<string, ChannelStatusSnapshot>;
     turns: Record<string, TurnStatusSnapshot>;
+    runtimeCircuitBreakers?: Record<string, RuntimeCircuitBreakerSnapshot>;
 }
 /** Context passed to `ChannelAdapter.start()` for its lifetime. */
 export interface ChannelStartContext {
@@ -322,6 +337,15 @@ export interface RuntimeRunOptions {
     systemContext?: string;
     /** Channel-agnostic bag for dispatch-time data (traceId, channel, conversation, etc.). */
     context?: Record<string, unknown>;
+    /**
+     * Cloud Agent run budget. Present only for Hub-issued `cloud_run` envelopes.
+     * Dispatcher enforces wall time and tool-call count; runtimes may also use it
+     * to apply provider-native limits when available.
+     */
+    budget?: {
+        maxWallTimeMs?: number;
+        maxToolCalls?: number;
+    };
     /** Called for every parsed block while the turn is in progress. */
     onBlock?: (block: StreamBlock) => void;
     /**
@@ -359,6 +383,15 @@ export interface RuntimeRunResult {
     costUsd?: number;
     /** Populated when the runtime reported a hard error. */
     error?: string;
+    /**
+     * Optional token-count breakdown reported by the runtime. Used by the
+     * cloud daemon's ``cloud_run`` settle hook to charge a run against the
+     * user's Cloud Credits. Adapters that don't surface usage data leave
+     * these undefined; the settle path treats undefined as ``0``.
+     */
+    inputCacheHitTokens?: number;
+    inputCacheMissTokens?: number;
+    outputTokens?: number;
 }
 /** Detection result for whether a runtime binary/SDK is usable on this machine. */
 export interface RuntimeProbeResult {

package/dist/index.js

@@ -1,10 +1,11 @@
 #!/usr/bin/env node
 import { spawn } from "node:child_process";
-import { existsSync, readFileSync, writeFileSync, unlinkSync, readdirSync, statSync, rmSync } from "node:fs";
+import { existsSync, readFileSync, unlinkSync, readdirSync, statSync, rmSync } from "node:fs";
 import { homedir, hostname } from "node:os";
 import path from "node:path";
 import { augmentProcessPath } from "./path-env.js";
-import { loadConfig, saveConfig, initDefaultConfig, resolveConfiguredAgentIds, PID_PATH, SNAPSHOT_PATH, CONFIG_FILE_PATH, CONFIG_MISSING, } from "./config.js";
+import { loadConfig, saveConfig, initDefaultConfig, resolveConfiguredAgentIds, SNAPSHOT_PATH, CONFIG_FILE_PATH, CONFIG_MISSING, } from "./config.js";
+import { ensureNoOtherDaemonFromPidFile, pidAlive, readPid, removePidFile, stopDaemonFromPidFileForRestart, writeCurrentPid, } from "./daemon-singleton.js";
 import { resolveBootAgents } from "./agent-discovery.js";
 import { defaultTranscriptRoot, resolveTranscriptEnabled, transcriptAgentRoot, transcriptFilePath, } from "./gateway/index.js";
 import { startDaemon } from "./daemon.js";
@@ -19,6 +20,8 @@ import { clearWorkingMemory, readWorkingMemory, resolveMemoryDir, updateWorkingM
 import { createDiagnosticBundle } from "./diagnostics.js";
 import { resolveStartAuthAction } from "./start-auth.js";
 import { discoverLocalOpenclawGateways, mergeOpenclawGateways, openclawDiscoveryConfigEnabled, } from "./openclaw-discovery.js";
+import { isCloudMode, loadCloudModeConfig } from "./cloud-mode.js";
+import { startCloudDaemon } from "./cloud-daemon.js";
 augmentProcessPath();
 const ADAPTER_LIST = listAdapterIds().join("|");
 const DEFAULT_HUB = "https://api.botcord.chat";
@@ -84,7 +87,10 @@ Commands:
   route list
   route remove --room <rm_xxx>|--prefix <rm_xxx>
   config                                  Print resolved config
-  doctor [--json] [--bundle] [--full-log] Scan local runtimes (${ADAPTER_LIST});
+  doctor [--json] [--auth-check] [--bundle] [--full-log]
+                                          Scan local runtimes (${ADAPTER_LIST});
+                                          --auth-check also runs a Claude Code
+                                          ping probe and may contact Anthropic.
                                           --bundle also writes a zip under
                                           ~/.botcord/diagnostics/. Bundles
                                           daemon.log plus the latest 5 rotated
@@ -166,64 +172,6 @@ function parseArgs(argv) {
     }
     return { cmd: cmd ?? "", sub, flags, lists };
 }
-function readPid() {
-    if (!existsSync(PID_PATH))
-        return null;
-    const raw = readFileSync(PID_PATH, "utf8").trim();
-    const pid = Number(raw);
-    return Number.isFinite(pid) && pid > 0 ? pid : null;
-}
-function pidAlive(pid) {
-    try {
-        process.kill(pid, 0);
-        return true;
-    }
-    catch {
-        return false;
-    }
-}
-async function waitForPidExit(pid, timeoutMs) {
-    const deadline = Date.now() + timeoutMs;
-    while (Date.now() < deadline) {
-        if (!pidAlive(pid))
-            return true;
-        await delay(100);
-    }
-    return !pidAlive(pid);
-}
-async function stopExistingDaemonForRestart(pid) {
-    if (pid === process.pid)
-        return;
-    log.info("existing daemon found; restarting", { pid });
-    try {
-        process.kill(pid, "SIGTERM");
-    }
-    catch {
-        try {
-            unlinkSync(PID_PATH);
-        }
-        catch {
-            // ignore
-        }
-        return;
-    }
-    if (!(await waitForPidExit(pid, 5_000))) {
-        log.warn("existing daemon did not stop after SIGTERM; sending SIGKILL", { pid });
-        try {
-            process.kill(pid, "SIGKILL");
-        }
-        catch {
-            // ignore
-        }
-        await waitForPidExit(pid, 2_000);
-    }
-    try {
-        unlinkSync(PID_PATH);
-    }
-    catch {
-        // ignore
-    }
-}
 /**
  * Load the daemon config, auto-creating `~/.botcord/daemon/config.json`
  * with sensible defaults on first run. `--agent` (repeated) pins explicit
@@ -493,6 +441,15 @@ async function ensureUserAuthForStart(args) {
     return runDeviceCodeFlow({ hubUrl, label });
 }
 async function cmdStart(args) {
+    // Cloud-mode short-circuit: the Hub-managed E2B sandbox launches the
+    // daemon with `BOTCORD_CLOUD_DAEMON_ACCESS_TOKEN` set in the environment.
+    // In that case we skip the entire device-code / install-token / on-disk
+    // user-auth flow and dial `/cloud/daemon/ws` directly with the injected
+    // JWT. See ``packages/daemon/src/cloud-mode.ts`` + the design doc §4.
+    if (isCloudMode()) {
+        await cmdStartCloud(args);
+        return;
+    }
     let cfg = loadOrInitConfig(args);
     cfg = await refreshDiscoveredOpenclawGateways(cfg, "start");
     // Foreground is now the default. --background (alias -d) detaches.
@@ -511,14 +468,11 @@ async function cmdStart(args) {
     // var so we don't try to re-prompt for credentials it already has.
     if (process.env.BOTCORD_DAEMON_CHILD !== "1") {
         await ensureUserAuthForStart(args);
-        const existing = readPid();
-        if (existing && pidAlive(existing)) {
-            await stopExistingDaemonForRestart(existing);
-        }
+        await stopDaemonFromPidFileForRestart({ logger: log });
     }
     else {
-        const existing = readPid();
-        if (existing && existing !== process.pid && pidAlive(existing)) {
+        const existing = ensureNoOtherDaemonFromPidFile();
+        if (existing) {
             console.error(`daemon already running (pid ${existing})`);
             process.exit(1);
         }
@@ -551,17 +505,12 @@ async function cmdStart(args) {
         return;
     }
     // Foreground: we ARE the daemon.
-    writeFileSync(PID_PATH, String(process.pid), { mode: 0o600 });
+    writeCurrentPid();
     const handle = await startDaemon({ config: cfg, configPath: CONFIG_FILE_PATH });
     const shutdown = async (sig) => {
         log.info("signal received", { sig });
         await handle.stop(sig);
-        try {
-            unlinkSync(PID_PATH);
-        }
-        catch {
-            // ignore
-        }
+        removePidFile();
         process.exit(0);
     };
     process.on("SIGTERM", () => shutdown("SIGTERM"));
@@ -572,6 +521,52 @@ async function cmdStart(args) {
         // Deliberately never resolves; `shutdown()` calls process.exit(0).
     });
 }
+/**
+ * Cloud-mode start: launched by the Hub-managed E2B sandbox provider.
+ *
+ * No login flow and no on-disk credentials at boot. The daemon still uses
+ * the same PID-file singleton guard as local foreground starts because E2B
+ * resume hooks can run the startup command more than once in one sandbox.
+ *
+ * Always foreground — `--background` / `-d` is silently ignored because
+ * E2B sandboxes don't have a meaningful detach concept.
+ */
+async function cmdStartCloud(_args) {
+    const cloudConfig = loadCloudModeConfig();
+    log.info("cmd start (cloud mode)", {
+        cloudDaemonInstanceId: cloudConfig.cloudDaemonInstanceId,
+        daemonInstanceId: cloudConfig.daemonInstanceId,
+        hubUrl: cloudConfig.hubUrl,
+    });
+    await stopDaemonFromPidFileForRestart({ logger: log });
+    writeCurrentPid();
+    // Cloud daemons always start with an empty in-memory config — every
+    // agent + route arrives over the control plane. We synthesize the
+    // shape `Gateway` expects without ever touching `~/.botcord/daemon/config.json`.
+    const cfg = {
+        defaultRoute: { adapter: "deepseek-tui", cwd: homedir() },
+        routes: [],
+        streamBlocks: true,
+    };
+    saveConfig(cfg);
+    log.info("cloud mode config initialized", { configPath: CONFIG_FILE_PATH });
+    const handle = await startCloudDaemon({
+        cloudConfig,
+        config: cfg,
+        configPath: CONFIG_FILE_PATH,
+    });
+    const shutdown = async (sig) => {
+        log.info("signal received", { sig });
+        await handle.stop(sig);
+        removePidFile();
+        process.exit(0);
+    };
+    process.on("SIGTERM", () => void shutdown("SIGTERM"));
+    process.on("SIGINT", () => void shutdown("SIGINT"));
+    await new Promise(() => {
+        // Deliberately never resolves; `shutdown()` calls `process.exit(0)`.
+    });
+}
 async function cmdStop() {
     const pid = readPid();
     log.info("cmd stop", { pid });
@@ -581,12 +576,7 @@ async function cmdStop() {
     }
     if (!pidAlive(pid)) {
         console.error(`pid ${pid} not alive; removing stale pid file`);
-        try {
-            unlinkSync(PID_PATH);
-        }
-        catch {
-            // ignore
-        }
+        removePidFile();
         process.exit(1);
     }
     process.kill(pid, "SIGTERM");
@@ -1273,6 +1263,7 @@ async function cmdDoctor(args) {
         fileReader: fsFileReader,
         fetcher: defaultHttpFetcher,
         timeoutMs: 5_000,
+        authCheck: args.flags["auth-check"] === true,
     });
     if (args.flags.json === true) {
         console.log(JSON.stringify(input, null, 2));

package/dist/provision.d.ts

@@ -1,6 +1,7 @@
 import { BotCordClient, type AgentIdentitySnapshot, type ControlAck, type ControlFrame, type ListRuntimesResult, type RevokeAgentParams, type RevokeAgentResult } from "@botcord/protocol-core";
 import type { Gateway } from "./gateway/index.js";
 import type { PolicyResolverLike } from "./gateway/policy-resolver.js";
+import type { GatewayRuntimeSnapshot } from "./gateway/index.js";
 import { type DaemonConfig } from "./config.js";
 import type { LoginSessionStore } from "./gateway/channels/login-session.js";
 /**
@@ -103,6 +104,7 @@ export declare function clearRuntimeProbeCache(): void;
 export declare function collectRuntimeSnapshot(opts?: {
     force?: boolean;
 }): ListRuntimesResult;
+export declare function attachRuntimeHealth(snapshot: ListRuntimesResult, live: GatewayRuntimeSnapshot): ListRuntimesResult;
 /** Maximum number of `endpoints[]` entries persisted per runtime (RFC §3.8.2). */
 export declare const RUNTIME_ENDPOINTS_CAP = 32;
 /** Injection seam for L2 + L3 endpoint probes — kept testable + side-effect-free. */

package/dist/provision.js

@@ -206,7 +206,7 @@ export function createProvisioner(opts) {
                 catch {
                     cfgForProbe = undefined;
                 }
-                const snapshot = await collectRuntimeSnapshotAsync({ cfg: cfgForProbe });
+                const snapshot = attachRuntimeHealth(await collectRuntimeSnapshotAsync({ cfg: cfgForProbe }), gateway.snapshot());
                 daemonLog.debug("list_runtimes", { count: snapshot.runtimes.length });
                 return { ok: true, result: snapshot };
             }
@@ -1462,6 +1462,44 @@ export function collectRuntimeSnapshot(opts = {}) {
     _runtimeProbeCache = { at: Date.now(), value };
     return value;
 }
+export function attachRuntimeHealth(snapshot, live) {
+    const breakers = Object.values(live.runtimeCircuitBreakers ?? {});
+    if (breakers.length === 0)
+        return snapshot;
+    const byRuntime = new Map();
+    for (const breaker of breakers) {
+        const list = byRuntime.get(breaker.runtime) ?? [];
+        if (list.length < 32)
+            list.push(breaker);
+        byRuntime.set(breaker.runtime, list);
+    }
+    return {
+        ...snapshot,
+        runtimes: snapshot.runtimes.map((runtime) => {
+            const runtimeBreakers = byRuntime.get(runtime.id);
+            if (!runtimeBreakers?.length)
+                return runtime;
+            return {
+                ...runtime,
+                health: {
+                    ...(runtime.health ?? {}),
+                    circuitBreakers: runtimeBreakers.map((b) => ({
+                        key: b.key,
+                        channel: b.channel,
+                        accountId: b.accountId,
+                        conversationId: b.conversationId,
+                        threadId: b.threadId ?? null,
+                        failures: b.failures,
+                        openedAt: b.openedAt,
+                        blockedUntil: b.blockedUntil,
+                        lastFailureAt: b.lastFailureAt,
+                        lastError: b.lastError,
+                    })),
+                },
+            };
+        }),
+    };
+}
 /** Maximum number of `endpoints[]` entries persisted per runtime (RFC §3.8.2). */
 export const RUNTIME_ENDPOINTS_CAP = 32;
 export function classifyOpenclawAuthError(message) {

package/dist/status-render.js

@@ -49,6 +49,21 @@ function renderTurns(snap, now) {
     }
     return out;
 }
+function renderRuntimeCircuitBreakers(snap, now) {
+    const entries = Object.values(snap.runtimeCircuitBreakers ?? {});
+    if (entries.length === 0)
+        return ["Runtime circuit breakers:", "  (none)"];
+    const out = ["Runtime circuit breakers:"];
+    const keyW = Math.max(3, ...entries.map((b) => b.key.length));
+    const rtW = Math.max(7, ...entries.map((b) => b.runtime.length));
+    const convW = Math.max(12, ...entries.map((b) => b.conversationId.length));
+    out.push(`  ${pad("KEY", keyW)}  ${pad("RUNTIME", rtW)}  ${pad("CONVERSATION", convW)}  FAILS  BLOCKED FOR  LAST ERROR`);
+    for (const b of entries) {
+        const blockedFor = relTime(b.blockedUntil - now).replace(" ago", "");
+        out.push(`  ${pad(b.key, keyW)}  ${pad(b.runtime, rtW)}  ${pad(b.conversationId, convW)}  ${pad(String(b.failures), 5)}  ${pad(blockedFor, 11)}  ${b.lastError}`);
+    }
+    return out;
+}
 /**
  * Format a human-readable status block. Kept pure so it can be unit-tested
  * without touching disk or spawning a daemon.
@@ -89,6 +104,8 @@ export function renderStatus(input, now = Date.now()) {
         lines.push(...renderChannels(input.snapshot));
         lines.push("");
         lines.push(...renderTurns(input.snapshot, now));
+        lines.push("");
+        lines.push(...renderRuntimeCircuitBreakers(input.snapshot, now));
     }
     else if (input.alive) {
         lines.push("snapshot: unavailable (daemon running but no snapshot file found)");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@botcord/daemon",
-  "version": "0.2.75",
+  "version": "0.2.76",
   "description": "BotCord local daemon — bridges Hub inbox push to local Claude Code / Codex / Gemini CLIs",
   "type": "module",
   "bin": {
@@ -28,7 +28,7 @@
   },
   "dependencies": {
     "@botcord/cli": "^0.1.7",
-    "@botcord/protocol-core": "^0.2.4",
+    "@botcord/protocol-core": "file:../protocol-core",
     "@larksuiteoapi/node-sdk": "^1.63.1",
     "ws": "^8.20.1"
   },

package/src/__tests__/cloud-auth.test.ts

@@ -0,0 +1,42 @@
+import { describe, expect, it } from "vitest";
+import { CloudAuthManager, asUserAuthManager } from "../cloud-auth.js";
+import type { CloudModeConfig } from "../cloud-mode.js";
+
+function makeCfg(overrides: Partial<CloudModeConfig> = {}): CloudModeConfig {
+  return {
+    hubUrl: "https://api.botcord.chat",
+    cloudDaemonInstanceId: "cloud_dm_abc",
+    daemonInstanceId: "dm_abc",
+    accessToken: "tok_xyz",
+    ...overrides,
+  };
+}
+
+describe("CloudAuthManager", () => {
+  it("exposes a UserAuthRecord-shaped current property", () => {
+    const mgr = new CloudAuthManager(makeCfg());
+    expect(mgr.current.hubUrl).toBe("https://api.botcord.chat");
+    expect(mgr.current.daemonInstanceId).toBe("dm_abc");
+    expect(mgr.current.accessToken).toBe("tok_xyz");
+    expect(mgr.current.refreshToken).toBe("");
+    // expiresAt should be effectively infinity so the channel doesn't try to
+    // refresh — provider relaunches the daemon on token rotation.
+    expect(mgr.current.expiresAt).toBe(Number.MAX_SAFE_INTEGER);
+  });
+
+  it("uses the cloud daemon instance id as the userId surrogate", () => {
+    const mgr = new CloudAuthManager(makeCfg({ cloudDaemonInstanceId: "cloud_dm_xyz" }));
+    expect(mgr.current.userId).toBe("cloud_dm_xyz");
+  });
+
+  it("ensureAccessToken returns the injected token", async () => {
+    const mgr = new CloudAuthManager(makeCfg({ accessToken: "tok_42" }));
+    expect(await mgr.ensureAccessToken()).toBe("tok_42");
+  });
+
+  it("asUserAuthManager casts to the UserAuthManager shape without copying", () => {
+    const mgr = new CloudAuthManager(makeCfg());
+    const cast = asUserAuthManager(mgr);
+    expect(cast.current).toBe(mgr.current);
+  });
+});