@botcord/daemon 0.2.78 → 0.2.80

package/dist/gateway/channels/login-session.js

@@ -35,10 +35,28 @@ export class LoginSessionStore {
         this.sessions.set(session.loginId, session);
         return session;
     }
+    /**
+     * Distinguish whether `loginId` is unknown to the store ("missing") vs
+     * known-but-past-TTL ("expired"). When the entry is expired this also
+     * evicts it from the internal map so callers do not need to follow up
+     * with a separate `delete`. Use this when the caller wants to surface
+     * a precise error code to the user; prefer `get` when a single nullable
+     * result is enough.
+     */
+    resolve(loginId) {
+        const s = this.sessions.get(loginId);
+        if (!s)
+            return { state: "missing" };
+        if (s.expiresAt <= this.now()) {
+            this.sessions.delete(loginId);
+            return { state: "expired" };
+        }
+        return { state: "live", session: s };
+    }
     /** Get a non-expired session by id, or `null` when missing/expired. */
     get(loginId) {
-        this.sweep();
-        return this.sessions.get(loginId) ?? null;
+        const { state, session } = this.resolve(loginId);
+        return state === "live" && session ? session : null;
     }
     /**
      * Apply a partial patch to the session in place. No-op when the session

package/dist/gateway/channels/sanitize.d.ts

@@ -1,20 +1,7 @@
 /**
- * Sanitize untrusted inbound content before handing it off to a local runtime.
- *
- * Copied from `packages/daemon/src/sanitize.ts` so the gateway channel adapter
- * does not depend back on the daemon package. Keep these two files in sync —
- * any new structural marker added in one place should be mirrored in the other.
- *
- * Neutralizes:
- *   - BotCord structural markers the channel itself emits (so peers can't forge them).
- *   - Common LLM prompt-injection patterns (<system>, [INST], <<SYS>>, <|im_start|>, etc.).
- *   - Wrapper XML tags the channel uses to frame inbound content
- *     (<agent-message>, <human-message>, <room-rule>).
+ * Thin re-export — `sanitizeUntrustedContent` / `sanitizeSenderName` live
+ * in `@botcord/protocol-core` so the daemon channel adapters and the
+ * `gateway-ingress` provider adapters use one canonical implementation.
+ * Existing imports of this module keep working unchanged.
  */
-export declare function sanitizeUntrustedContent(text: string): string;
-/**
- * Sanitize a sender label so it's safe to embed inside
- * `<agent-message sender="...">`. Must not contain newlines, structural
- * markers, or characters that could break the XML attribute boundary.
- */
-export declare function sanitizeSenderName(name: string): string;
+export { sanitizeUntrustedContent, sanitizeSenderName, } from "@botcord/protocol-core";

package/dist/gateway/channels/sanitize.js

@@ -1,56 +1,7 @@
 /**
- * Sanitize untrusted inbound content before handing it off to a local runtime.
- *
- * Copied from `packages/daemon/src/sanitize.ts` so the gateway channel adapter
- * does not depend back on the daemon package. Keep these two files in sync —
- * any new structural marker added in one place should be mirrored in the other.
- *
- * Neutralizes:
- *   - BotCord structural markers the channel itself emits (so peers can't forge them).
- *   - Common LLM prompt-injection patterns (<system>, [INST], <<SYS>>, <|im_start|>, etc.).
- *   - Wrapper XML tags the channel uses to frame inbound content
- *     (<agent-message>, <human-message>, <room-rule>).
+ * Thin re-export — `sanitizeUntrustedContent` / `sanitizeSenderName` live
+ * in `@botcord/protocol-core` so the daemon channel adapters and the
+ * `gateway-ingress` provider adapters use one canonical implementation.
+ * Existing imports of this module keep working unchanged.
  */
-export function sanitizeUntrustedContent(text) {
-    let s = text;
-    s = s.replace(/<\/?a[\s]*g[\s]*e[\s]*n[\s]*t[\s]*-[\s]*m[\s]*e[\s]*s[\s]*s[\s]*a[\s]*g[\s]*e[\s\S]*?>/gi, "[⚠ stripped: agent-message tag]");
-    s = s.replace(/<\/?h[\s]*u[\s]*m[\s]*a[\s]*n[\s]*-[\s]*m[\s]*e[\s]*s[\s]*s[\s]*a[\s]*g[\s]*e[\s\S]*?>/gi, "[⚠ stripped: human-message tag]");
-    s = s.replace(/<\/?r[\s]*o[\s]*o[\s]*m[\s]*-[\s]*r[\s]*u[\s]*l[\s]*e[\s\S]*?>/gi, "[⚠ stripped: room-rule tag]");
-    return s
-        .split(/\r?\n/)
-        .map((line) => {
-        let l = line;
-        l = l.replace(/^\[(BotCord (?:Message|Notification))\]/i, "[⚠ fake: $1]");
-        l = l.replace(/^\[Room Rule\]/i, "[⚠ fake: Room Rule]");
-        l = l.replace(/^\[房间规则\]/i, "[⚠ fake: 房间规则]");
-        l = l.replace(/^\[系统提示\]/i, "[⚠ fake: 系统提示]");
-        l = l.replace(/^\[BotCord\s+([^\]\r\n]+)\]/i, (_m, label) => {
-            const head = String(label).split(":")[0].trim() || String(label).trim();
-            return `[⚠ fake: BotCord ${head}]`;
-        });
-        l = l.replace(/^\[(System|SYSTEM|Assistant|ASSISTANT|User|USER)\]/, "[⚠ fake: $1]");
-        l = l.replace(/<\/?\s*system(?:-reminder)?\s*>/gi, "[⚠ stripped: system tag]");
-        l = l.replace(/<\|im_start\|>/gi, "[⚠ stripped: im_start]");
-        l = l.replace(/<\|im_end\|>/gi, "[⚠ stripped: im_end]");
-        l = l.replace(/\[\/?INST\]/gi, "[⚠ stripped: INST]");
-        l = l.replace(/<<\/?SYS>>/gi, "[⚠ stripped: SYS]");
-        l = l.replace(/<\s*\/?\|(?:system|user|assistant)\|?\s*>/gi, "[⚠ stripped: role tag]");
-        return l;
-    })
-        .join("\n");
-}
-/**
- * Sanitize a sender label so it's safe to embed inside
- * `<agent-message sender="...">`. Must not contain newlines, structural
- * markers, or characters that could break the XML attribute boundary.
- */
-export function sanitizeSenderName(name) {
-    return name
-        .replace(/[\n\r]/g, " ")
-        .replace(/\[/g, "⟦")
-        .replace(/\]/g, "⟧")
-        .replace(/"/g, "'")
-        .replace(/</g, "＜")
-        .replace(/>/g, "＞")
-        .slice(0, 100);
-}
+export { sanitizeUntrustedContent, sanitizeSenderName, } from "@botcord/protocol-core";

package/dist/gateway/channels/text-split.d.ts

@@ -1,13 +1,7 @@
 /**
- * Split a long message into chunks <= `limit` characters each. Prefers to cut
- * on newline boundaries so multi-paragraph replies don't fragment mid-line.
- *
- * Shared by third-party channel adapters (Telegram, WeChat) which both have a
- * per-message size cap from upstream and no native streaming. WeChat caller
- * passes a smaller `limit` (~1800), Telegram a larger one (~4000, since the
- * raw Telegram limit is 4096).
- *
- * Empty input returns `[""]` so callers can iterate uniformly without a length
- * check.
+ * Thin re-export — `splitText` lives in `@botcord/protocol-core` so the
+ * daemon channel adapters and the `gateway-ingress` provider adapters use
+ * one canonical implementation. Existing imports of this module keep
+ * working unchanged.
  */
-export declare function splitText(text: string, limit: number): string[];
+export { splitText } from "@botcord/protocol-core";

package/dist/gateway/channels/text-split.js

@@ -1,33 +1,7 @@
 /**
- * Split a long message into chunks <= `limit` characters each. Prefers to cut
- * on newline boundaries so multi-paragraph replies don't fragment mid-line.
- *
- * Shared by third-party channel adapters (Telegram, WeChat) which both have a
- * per-message size cap from upstream and no native streaming. WeChat caller
- * passes a smaller `limit` (~1800), Telegram a larger one (~4000, since the
- * raw Telegram limit is 4096).
- *
- * Empty input returns `[""]` so callers can iterate uniformly without a length
- * check.
+ * Thin re-export — `splitText` lives in `@botcord/protocol-core` so the
+ * daemon channel adapters and the `gateway-ingress` provider adapters use
+ * one canonical implementation. Existing imports of this module keep
+ * working unchanged.
  */
-export function splitText(text, limit) {
-    if (limit <= 0)
-        return [text];
-    if (text.length === 0)
-        return [""];
-    if (text.length <= limit)
-        return [text];
-    const out = [];
-    let remaining = text;
-    while (remaining.length > limit) {
-        let cut = remaining.lastIndexOf("\n", limit);
-        if (cut <= 0)
-            cut = limit;
-        out.push(remaining.slice(0, cut));
-        // Drop the leading newline so the next chunk doesn't start with a blank line.
-        remaining = remaining.slice(cut).replace(/^\n/, "");
-    }
-    if (remaining.length > 0)
-        out.push(remaining);
-    return out;
-}
+export { splitText } from "@botcord/protocol-core";

package/dist/gateway/dispatcher.d.ts

@@ -1,7 +1,7 @@
 import type { GatewayLogger } from "./log.js";
 import { type SessionStore } from "./session-store.js";
 import { type TranscriptWriter } from "./transcript.js";
-import type { ChannelAdapter, GatewayConfig, GatewayInboundEnvelope, GatewayInboundMessage, GatewayRoute, InboundObserver, MemoryContextBuilder, OutboundObserver, RuntimeAdapter, RuntimeRunResult, RuntimeCircuitBreakerSnapshot, SystemContextBuilder, TurnStatusSnapshot, UserTurnBuilder } from "./types.js";
+import type { ChannelAdapter, GatewayConfig, GatewayInboundEnvelope, GatewayInboundMessage, GatewayRoute, InboundObserver, MemoryContextBuilder, OutboundObserver, RuntimeAdapter, RuntimeRecoveryContextBuilder, RuntimeRunResult, RuntimeCircuitBreakerSnapshot, SystemContextBuilder, TurnStatusSnapshot, UserTurnBuilder } from "./types.js";
 /** Factory signature for building a runtime adapter at turn dispatch time. */
 export type RuntimeFactory = (runtimeId: string, extraArgs?: string[]) => RuntimeAdapter;
 /** Constructor options for `Dispatcher`. */
@@ -33,6 +33,11 @@ export interface DispatcherOptions {
      * keep following stale memory.
      */
     buildMemoryContext?: MemoryContextBuilder;
+    /**
+     * Optional hook that returns recent room context for a fresh-session retry
+     * after a runtime resume session becomes unrecoverable.
+     */
+    buildRuntimeRecoveryContext?: RuntimeRecoveryContextBuilder;
     /**
      * Optional side-effect hook invoked after ack, before the turn runs.
      * Intended for bookkeeping (e.g. activity tracking). Errors are logged
@@ -116,6 +121,7 @@ export declare class Dispatcher {
     private readonly runtimeAuthFailureCooldownMs;
     private readonly buildSystemContext?;
     private readonly buildMemoryContext?;
+    private readonly buildRuntimeRecoveryContext?;
     private readonly onInbound?;
     private readonly onOutbound?;
     private readonly onTurnComplete?;

package/dist/gateway/dispatcher.js

@@ -124,6 +124,25 @@ function extractCloudRunBudget(msg) {
     }
     return out.maxWallTimeMs !== undefined || out.maxToolCalls !== undefined ? out : undefined;
 }
+function looksLikeRecoverableSessionFailure(error) {
+    return /compact|compaction|context|token limit|maximum context|too many tokens|conversation found|session .*not found|resume/i
+        .test(error);
+}
+function buildRuntimeRecoveryPrompt(args) {
+    return [
+        "[BotCord Runtime Recovery Notice]",
+        "The previous Codex runtime session for this room became unrecoverable while resuming or compacting context.",
+        `Previous runtime error: ${truncate(args.error, 1000)}`,
+        "You are now running in a fresh Codex session.",
+        "Use the recent room messages below, current filesystem state, and available BotCord memory/context tools to reconstruct the active task.",
+        "Continue the original user request without asking the user to repeat information unless it is missing from those sources.",
+        "",
+        args.recoveryContext?.trim() || "[Recent Room Messages]\n(unavailable)",
+        "",
+        "[Current User Turn]",
+        args.userTurn,
+    ].join("\n");
+}
 /**
  * Reason carried on `AbortController.abort()` when a cancel-previous wave
  * is taking over the slot. Distinguishing this from a timeout abort lets
@@ -164,6 +183,7 @@ export class Dispatcher {
     runtimeAuthFailureCooldownMs;
     buildSystemContext;
     buildMemoryContext;
+    buildRuntimeRecoveryContext;
     onInbound;
     onOutbound;
     onTurnComplete;
@@ -195,6 +215,7 @@ export class Dispatcher {
             opts.runtimeAuthFailureCooldownMs ?? DEFAULT_RUNTIME_AUTH_FAILURE_COOLDOWN_MS;
         this.buildSystemContext = opts.buildSystemContext;
         this.buildMemoryContext = opts.buildMemoryContext;
+        this.buildRuntimeRecoveryContext = opts.buildRuntimeRecoveryContext;
         this.onInbound = opts.onInbound;
         this.onOutbound = opts.onOutbound;
         this.onTurnComplete = opts.onTurnComplete;
@@ -1269,12 +1290,13 @@ export class Dispatcher {
         const runtime = this.runtimeFactory(route.runtime, route.extraArgs);
         let result;
         let threw;
+        let activeSessionId = sessionId;
         const turnStartedAt = Date.now();
         try {
             try {
-                result = await runtime.run({
-                    text: runtimeText,
-                    sessionId,
+                const runRuntime = (textForRun, sessionIdForRun) => runtime.run({
+                    text: textForRun,
+                    sessionId: sessionIdForRun,
                     cwd: route.cwd,
                     accountId: msg.accountId,
                     hubUrl: this.resolveHubUrl?.(msg.accountId),
@@ -1296,6 +1318,64 @@ export class Dispatcher {
                     gateway: route.gateway,
                     ...(route.hermesProfile ? { hermesProfile: route.hermesProfile } : {}),
                 });
+                result = await runRuntime(runtimeText, sessionId);
+                const firstError = result.error ?? "";
+                const firstReply = (result.text || "").trim();
+                const shouldRetryFresh = route.runtime === "codex" &&
+                    !!sessionId &&
+                    !!firstError &&
+                    !firstReply &&
+                    !looksLikeRuntimeAuthFailure(firstError) &&
+                    looksLikeRecoverableSessionFailure(firstError) &&
+                    !controller.signal.aborted &&
+                    !slot.timedOut &&
+                    !slot.budgetExceeded;
+                if (shouldRetryFresh) {
+                    try {
+                        await this.sessionStore.delete(key);
+                        this.log.info("dispatcher: dropped unrecoverable runtime session before fresh retry", {
+                            key,
+                            prevRuntimeSessionId: sessionId,
+                            runtime: route.runtime,
+                            error: firstError,
+                        });
+                    }
+                    catch (err) {
+                        this.log.warn("dispatcher: session-store.delete failed before fresh retry", {
+                            key,
+                            error: err instanceof Error ? err.message : String(err),
+                        });
+                    }
+                    let recoveryContext;
+                    if (this.buildRuntimeRecoveryContext) {
+                        try {
+                            recoveryContext = await this.buildRuntimeRecoveryContext(msg);
+                        }
+                        catch (err) {
+                            this.log.warn("dispatcher: buildRuntimeRecoveryContext threw — retrying without recent room context", {
+                                agentId: msg.accountId,
+                                roomId: msg.conversation.id,
+                                topicId: msg.conversation.threadId ?? null,
+                                turnId,
+                                error: err instanceof Error ? err.message : String(err),
+                            });
+                        }
+                    }
+                    activeSessionId = null;
+                    runtimeText = buildRuntimeRecoveryPrompt({
+                        userTurn: text,
+                        error: firstError,
+                        recoveryContext,
+                    });
+                    this.log.info("dispatcher: retrying codex turn in a fresh session with recovery context", {
+                        agentId: msg.accountId,
+                        roomId: msg.conversation.id,
+                        topicId: msg.conversation.threadId ?? null,
+                        turnId,
+                        queueKey,
+                    });
+                    result = await runRuntime(runtimeText, null);
+                }
             }
             catch (err) {
                 threw = err;
@@ -1477,12 +1557,12 @@ export class Dispatcher {
             //                                 even when the adapter echoes that id back
             //   result.newSessionId truthy  → upsert the entry
             //   otherwise                   → no-op (e.g. codex intentionally never persists)
-            if (sessionId && effectiveError && !replyText) {
+            if (activeSessionId && effectiveError && !replyText) {
                 try {
                     await this.sessionStore.delete(key);
                     this.log.info("dispatcher: dropped stale runtime session", {
                         key,
-                        prevRuntimeSessionId: sessionId,
+                        prevRuntimeSessionId: activeSessionId,
                         nextRuntimeSessionId: result.newSessionId || null,
                         error: effectiveError,
                     });
@@ -1509,7 +1589,7 @@ export class Dispatcher {
                     updatedAt: Date.now(),
                 };
                 try {
-                    const prevRuntimeSessionId = sessionId;
+                    const prevRuntimeSessionId = activeSessionId;
                     await this.sessionStore.set(session);
                     this.log.debug("dispatcher: persisted runtime session", {
                         key,
@@ -1524,12 +1604,12 @@ export class Dispatcher {
                     });
                 }
             }
-            else if (sessionId && effectiveError) {
+            else if (activeSessionId && effectiveError) {
                 try {
                     await this.sessionStore.delete(key);
                     this.log.info("dispatcher: dropped stale runtime session", {
                         key,
-                        prevRuntimeSessionId: sessionId,
+                        prevRuntimeSessionId: activeSessionId,
                         error: effectiveError,
                     });
                 }

package/dist/gateway/gateway.d.ts

@@ -2,7 +2,7 @@ import { type ChannelBackoffOptions } from "./channel-manager.js";
 import { type DispatcherOptions, type RuntimeFactory } from "./dispatcher.js";
 import { type GatewayLogger } from "./log.js";
 import { type TranscriptWriter } from "./transcript.js";
-import type { ChannelAdapter, GatewayChannelConfig, GatewayConfig, GatewayInboundMessage, GatewayOutboundMessage, GatewayRoute, GatewayRuntimeSnapshot, InboundObserver, MemoryContextBuilder, OutboundObserver, SystemContextBuilder, UserTurnBuilder } from "./types.js";
+import type { ChannelAdapter, GatewayChannelConfig, GatewayConfig, GatewayInboundMessage, GatewayOutboundMessage, GatewayRoute, GatewayRuntimeSnapshot, InboundObserver, MemoryContextBuilder, OutboundObserver, RuntimeRecoveryContextBuilder, SystemContextBuilder, UserTurnBuilder } from "./types.js";
 /** Constructor options for `Gateway`. */
 export interface GatewayBootOptions {
     config: GatewayConfig;
@@ -25,6 +25,11 @@ export interface GatewayBootOptions {
      * resumed runtime sessions get an explicit prompt when memory changes.
      */
     buildMemoryContext?: MemoryContextBuilder;
+    /**
+     * Recent room context provider used by dispatcher when it must discard a
+     * broken runtime session and retry the same turn in a fresh session.
+     */
+    buildRuntimeRecoveryContext?: RuntimeRecoveryContextBuilder;
     /**
      * Observer called after the dispatcher acks each inbound message. Useful
      * for activity tracking or metrics. Errors are logged and swallowed.
@@ -137,6 +142,16 @@ export declare class Gateway {
      * routing, queueing, transcript, and runtime behavior as channel messages.
      */
     injectInbound(message: GatewayInboundMessage): Promise<void>;
+    /**
+     * Inject an inbound message while routing replies through a caller-owned
+     * channel adapter. Cloud gateway runtime sessions use this to execute a
+     * provider message without loading provider credentials inside the sandbox:
+     * the temporary adapter captures the runtime's final reply and the always-on
+     * ingress service performs the provider send.
+     */
+    injectInboundThrough(message: GatewayInboundMessage, channel: ChannelAdapter, ack?: {
+        accept: () => Promise<void>;
+    }): Promise<void>;
     /**
      * Send a daemon-control initiated outbound message through a registered
      * channel. Used by proactive third-party gateway sends where the runtime

package/dist/gateway/gateway.js

@@ -69,6 +69,7 @@ export class Gateway {
             turnTimeoutMs: opts.turnTimeoutMs,
             buildSystemContext: opts.buildSystemContext,
             buildMemoryContext: opts.buildMemoryContext,
+            buildRuntimeRecoveryContext: opts.buildRuntimeRecoveryContext,
             onInbound: opts.onInbound,
             composeUserTurn: opts.composeUserTurn,
             onOutbound: opts.onOutbound,
@@ -178,6 +179,26 @@ export class Gateway {
     async injectInbound(message) {
         await this.dispatcher.handle({ message });
     }
+    /**
+     * Inject an inbound message while routing replies through a caller-owned
+     * channel adapter. Cloud gateway runtime sessions use this to execute a
+     * provider message without loading provider credentials inside the sandbox:
+     * the temporary adapter captures the runtime's final reply and the always-on
+     * ingress service performs the provider send.
+     */
+    async injectInboundThrough(message, channel, ack) {
+        const previous = this.channelMap.get(channel.id);
+        this.channelMap.set(channel.id, channel);
+        try {
+            await this.dispatcher.handle({ message, ...(ack ? { ack } : {}) });
+        }
+        finally {
+            if (previous)
+                this.channelMap.set(channel.id, previous);
+            else
+                this.channelMap.delete(channel.id);
+        }
+    }
     /**
      * Send a daemon-control initiated outbound message through a registered
      * channel. Used by proactive third-party gateway sends where the runtime

package/dist/gateway/policy-resolver.js

@@ -24,16 +24,24 @@
 const DEFAULT_TTL_MS = 5 * 60 * 1000;
 const FETCH_FAILED = Symbol("fetch_failed");
 /**
- * Force DM rooms (`rm_dm_*`) to `mode: "always"` per design §4.2 — UI never
+ * Force direct conversations to `mode: "always"` per design §4.2 — UI never
  * lets the user mute a DM, but a stale cache from before a UX bug is cheap
- * to defend against here.
+ * to defend against here. Third-party 1:1 gateway chats have the same
+ * expectation: they do not carry BotCord mention metadata, so applying a
+ * global mention-only policy would silently drop ordinary direct messages.
  */
-function maybeForceDm(roomId, policy) {
-    if (roomId && roomId.startsWith("rm_dm_") && policy.mode !== "always") {
+function maybeForceDirectConversation(roomId, policy) {
+    if (roomId && isDirectConversation(roomId) && policy.mode !== "always") {
         return { ...policy, mode: "always" };
     }
     return policy;
 }
+function isDirectConversation(roomId) {
+    return (roomId.startsWith("rm_dm_") ||
+        roomId.startsWith("telegram:user:") ||
+        roomId.startsWith("wechat:user:") ||
+        roomId.startsWith("feishu:user:"));
+}
 function defaultPolicy() {
     return { mode: "always", keywords: [] };
 }
@@ -65,10 +73,10 @@ export class PolicyResolver {
                 return defaultPolicy();
             const policy = fetched ?? defaultPolicy();
             this.cache.set(cacheKey(agentId, roomId), {
-                policy: maybeForceDm(roomId, policy),
+                policy: maybeForceDirectConversation(roomId, policy),
                 expiresAt: now + this.ttlMs,
             });
-            return maybeForceDm(roomId, policy);
+            return maybeForceDirectConversation(roomId, policy);
         }
         // 3. No room override known — inherit from the cached agent-wide global.
         //    Without this layer, group messages collapsed to mode=always whenever
@@ -77,7 +85,7 @@ export class PolicyResolver {
         const globalKey = cacheKey(agentId, null);
         const globalHit = this.cache.get(globalKey);
         if (globalHit && globalHit.expiresAt > now) {
-            return maybeForceDm(roomId, globalHit.policy);
+            return maybeForceDirectConversation(roomId, globalHit.policy);
         }
         // 4. Cold start for global.
         const fetched = await this.safeFetch(() => this.fetchGlobal(agentId));
@@ -85,7 +93,7 @@ export class PolicyResolver {
             return defaultPolicy();
         const policy = fetched ?? defaultPolicy();
         this.cache.set(globalKey, { policy, expiresAt: now + this.ttlMs });
-        return maybeForceDm(roomId, policy);
+        return maybeForceDirectConversation(roomId, policy);
     }
     async safeFetch(fn) {
         try {
@@ -113,7 +121,7 @@ export class PolicyResolver {
     put(agentId, roomId, policy) {
         const key = cacheKey(agentId, roomId);
         this.cache.set(key, {
-            policy: maybeForceDm(roomId, policy),
+            policy: maybeForceDirectConversation(roomId, policy),
             expiresAt: Date.now() + this.ttlMs,
         });
     }

package/dist/gateway/runtimes/deepseek-tui.js

@@ -97,10 +97,12 @@ export class DeepseekTuiAdapter {
                 signal: turnAbort.signal,
             });
             const text = runResult.text;
+            const error = runResult.error ??
+                (text === "" ? emptyCompletionError(handle.stderrTail) : undefined);
             return {
                 text,
                 newSessionId: threadId,
-                ...(runResult.error ? { error: runResult.error } : {}),
+                ...(error ? { error } : {}),
             };
         }
         catch (err) {
@@ -316,14 +318,18 @@ export class DeepseekTuiAdapter {
                 if (eventName === "message.delta") {
                     append(stringField(payload, "content") ?? "");
                 }
-                else if (eventName === "item.delta" && payload?.payload?.kind === "agent_message") {
-                    append(stringField(payload.payload, "delta") ?? "");
+                else if (eventName === "item.delta" && isAgentMessageDelta(payload)) {
+                    append(extractDeepseekDelta(payload));
                 }
                 if (eventName === "turn.started" || embeddedDeepseekEvent(payload) === "turn.started") {
                     opts.onStatus?.({ kind: "thinking", phase: "started", label: "Thinking" });
                 }
-                else if (eventName === "tool.started" || isToolStarted(payload)) {
-                    const label = stringField(payload, "name") ?? stringField(payload?.payload?.tool, "name") ?? "tool";
+                else if (eventName === "tool.started" || isToolStarted(eventName, payload)) {
+                    const label = stringField(payload, "name") ??
+                        stringField(payload?.tool, "name") ??
+                        stringField(payload?.payload?.tool, "name") ??
+                        inferDeepseekToolName(payload?.item ?? payload?.payload?.item) ??
+                        "tool";
                     opts.onStatus?.({ kind: "thinking", phase: "updated", label });
                 }
                 else if (isDeepseekTerminalEvent(eventName, payload)) {
@@ -385,15 +391,18 @@ function normalizeDeepseekEvent(eventName, payload, seq) {
     if (eventName === "message.delta") {
         return { raw: { event: eventName, payload }, kind: "assistant_text", seq };
     }
-    if (eventName === "tool.started" || isToolStarted(payload)) {
+    if (eventName === "tool.started" || isToolStarted(eventName, payload)) {
         return { raw: { event: eventName, payload }, kind: "tool_use", seq };
     }
-    if (eventName === "tool.completed" || isToolCompleted(payload)) {
+    if (eventName === "tool.completed" || isToolCompleted(eventName, payload)) {
         return { raw: { event: eventName, payload }, kind: "tool_result", seq };
     }
-    if (eventName === "item.delta" && payload?.payload?.kind === "agent_message") {
+    if (eventName === "item.delta" && isAgentMessageDelta(payload)) {
         return { raw: { event: eventName, payload }, kind: "assistant_text", seq };
     }
+    if (eventName === "item.completed" && isAgentReasoningItem(payload)) {
+        return { raw: { event: eventName, payload }, kind: "thinking", seq };
+    }
     if (eventName === "turn.started" || eventName === "status" || embeddedDeepseekEvent(payload) === "turn.started") {
         return { raw: { event: eventName, payload }, kind: "system", seq };
     }
@@ -416,14 +425,48 @@ function isDeepseekTerminalEvent(eventName, payload) {
         embedded === "turn.done" ||
         embedded === "done");
 }
-function isToolStarted(payload) {
-    return payload?.event === "item.started" && !!payload?.payload?.tool;
+function isToolStarted(eventName, payload) {
+    return ((eventName === "item.started" &&
+        (!!payload?.tool || payload?.item?.kind === "tool_call" || payload?.payload?.item?.kind === "tool_call")) ||
+        (payload?.event === "item.started" && !!payload?.payload?.tool));
 }
-function isToolCompleted(payload) {
-    const kind = payload?.payload?.item?.kind;
-    return ((payload?.event === "item.completed" || payload?.event === "item.failed") &&
+function isToolCompleted(eventName, payload) {
+    const kind = payload?.payload?.item?.kind ?? payload?.item?.kind;
+    return ((eventName === "item.completed" ||
+        eventName === "item.failed" ||
+        payload?.event === "item.completed" ||
+        payload?.event === "item.failed") &&
         (kind === "tool_call" || kind === "file_change" || kind === "command_execution"));
 }
+function isAgentMessageDelta(payload) {
+    return payload?.kind === "agent_message" || payload?.payload?.kind === "agent_message";
+}
+function isAgentReasoningItem(payload) {
+    return payload?.item?.kind === "agent_reasoning" || payload?.payload?.item?.kind === "agent_reasoning";
+}
+function extractDeepseekDelta(payload) {
+    return stringField(payload, "delta") ?? stringField(payload?.payload, "delta") ?? "";
+}
+function inferDeepseekToolName(item) {
+    const candidates = [stringField(item, "summary"), stringField(item, "detail")];
+    for (const candidate of candidates) {
+        if (!candidate)
+            continue;
+        const match = candidate.match(/^([A-Za-z0-9_.:-]+)\s*(?:started|completed|failed|returned|:)/);
+        if (match?.[1] && match[1] !== "tool_call")
+            return match[1];
+    }
+    return undefined;
+}
+function emptyCompletionError(stderrTail) {
+    const tail = stderrTail.trim();
+    if (!tail) {
+        return "deepseek runtime completed with no assistant_message (check DEEPSEEK_API_KEY / model availability)";
+    }
+    const lines = tail.split(/\r?\n/).filter((line) => line.trim().length > 0);
+    const lastLines = lines.slice(-5).join("\n").slice(-500);
+    return `deepseek runtime completed with no assistant_message; stderr tail: ${lastLines}`;
+}
 function extractDeepseekError(eventName, payload) {
     if (eventName === "error") {
         return (stringField(payload, "message") ??