@botcord/daemon 0.2.78 → 0.2.80

package/dist/gateway/types.d.ts

@@ -1,4 +1,9 @@
 import type { GatewayLogger } from "./log.js";
+import type { GatewayInboundEnvelope as CanonicalGatewayInboundEnvelope, GatewayInboundMessage as CanonicalGatewayInboundMessage, GatewayOutboundAttachment as CanonicalGatewayOutboundAttachment, GatewayOutboundMessage as CanonicalGatewayOutboundMessage, RuntimeGatewayProvider } from "@botcord/protocol-core";
+export type GatewayInboundMessage = CanonicalGatewayInboundMessage;
+export type GatewayInboundEnvelope = CanonicalGatewayInboundEnvelope;
+export type GatewayOutboundAttachment = CanonicalGatewayOutboundAttachment;
+export type GatewayOutboundMessage = CanonicalGatewayOutboundMessage;
 /** Set of predicates matched against a normalized inbound message to pick a route. */
 export interface RouteMatch {
     channel?: string;
@@ -69,41 +74,6 @@ export interface GatewayConfig {
     managedRoutes?: GatewayRoute[];
     streamBlocks?: boolean;
 }
-/** Normalized inbound message produced by a channel adapter for the dispatcher. */
-export interface GatewayInboundMessage {
-    id: string;
-    /** Channel adapter id (`ChannelAdapter.id`), not channel type. */
-    channel: string;
-    accountId: string;
-    conversation: {
-        id: string;
-        kind: "direct" | "group";
-        title?: string;
-        threadId?: string | null;
-    };
-    sender: {
-        id: string;
-        name?: string;
-        kind: "user" | "agent" | "system";
-    };
-    text?: string;
-    raw: unknown;
-    replyTo?: string | null;
-    mentioned?: boolean;
-    receivedAt: number;
-    trace?: {
-        id: string;
-        streamable?: boolean;
-    };
-}
-/** Inbound envelope wrapping a normalized message with optional upstream ack callbacks. */
-export interface GatewayInboundEnvelope {
-    message: GatewayInboundMessage;
-    ack?: {
-        accept(): Promise<void>;
-        reject?(reason: string): Promise<void>;
-    };
-}
 /**
  * Channel-agnostic hook that produces a system-context string for a turn.
  * Called before every `runtime.run(...)`; returned value is passed through
@@ -137,33 +107,18 @@ export interface MemoryContextSnapshot {
     version: string;
 }
 export type MemoryContextBuilder = (message: GatewayInboundMessage) => Promise<MemoryContextSnapshot | null | undefined> | MemoryContextSnapshot | null | undefined;
+/**
+ * Optional hook used after a runtime session is discarded and retried fresh.
+ * The daemon implementation can pull recent room messages from Hub; gateway
+ * core treats the returned string as opaque recovery context.
+ */
+export type RuntimeRecoveryContextBuilder = (message: GatewayInboundMessage) => Promise<string | null | undefined> | string | null | undefined;
 /**
  * Optional hook fired after the dispatcher dispatches a reply to a channel.
  * Intended for outbound bookkeeping (loop-risk tracking, metrics). Errors
  * are caught and logged so observer failures never break the turn.
  */
 export type OutboundObserver = (message: GatewayOutboundMessage) => Promise<void> | void;
-/** Outbound reply payload passed to `ChannelAdapter.send()`. */
-export interface GatewayOutboundAttachment {
-    /** Local daemon-readable file path. */
-    filePath?: string;
-    /** In-memory bytes, primarily for tests and in-process tool callers. */
-    data?: Uint8Array;
-    filename?: string;
-    contentType?: string;
-    kind?: "image" | "file" | "video";
-}
-export interface GatewayOutboundMessage {
-    channel: string;
-    accountId: string;
-    conversationId: string;
-    threadId?: string | null;
-    type?: "message" | "error";
-    text: string;
-    attachments?: GatewayOutboundAttachment[];
-    replyTo?: string | null;
-    traceId?: string | null;
-}
 /** Per-channel status snapshot exposed for `status`/`doctor` style output. */
 export interface ChannelStatusSnapshot {
     channel: string;
@@ -176,7 +131,7 @@ export interface ChannelStatusSnapshot {
     lastStopAt?: number;
     lastError?: string | null;
     /** Third-party provider id when this channel is not the built-in BotCord. */
-    provider?: "wechat" | "telegram" | "feishu";
+    provider?: RuntimeGatewayProvider;
     /** Last time the adapter polled the upstream provider (ms epoch). */
     lastPollAt?: number;
     /** Last time the adapter accepted an inbound message (ms epoch). */

package/dist/gateway-control.js

@@ -108,13 +108,16 @@ export function createGatewayControl(ctx) {
             if (!loginId) {
                 return badParams("upsert_gateway: wechat requires loginId");
             }
-            const session = sessions.get(loginId);
-            if (!session) {
+            const resolved = sessions.resolve(loginId);
+            if (resolved.state !== "live") {
                 return {
                     ok: false,
-                    error: { code: "login_expired", message: `wechat login session "${loginId}" not found or expired` },
+                    error: resolved.state === "missing"
+                        ? { code: "login_missing", message: `wechat login session "${loginId}" not found` }
+                        : { code: "login_expired", message: `wechat login session "${loginId}" expired` },
                 };
             }
+            const session = resolved.session;
             if (session.provider !== "wechat") {
                 return badParams(`upsert_gateway: login session provider "${session.provider}" != "wechat"`);
             }
@@ -143,13 +146,16 @@ export function createGatewayControl(ctx) {
             if (!loginId) {
                 return badParams("upsert_gateway: feishu requires loginId");
             }
-            const session = sessions.get(loginId);
-            if (!session) {
+            const resolved = sessions.resolve(loginId);
+            if (resolved.state !== "live") {
                 return {
                     ok: false,
-                    error: { code: "login_expired", message: `feishu login session "${loginId}" not found or expired` },
+                    error: resolved.state === "missing"
+                        ? { code: "login_missing", message: `feishu login session "${loginId}" not found` }
+                        : { code: "login_expired", message: `feishu login session "${loginId}" expired` },
                 };
             }
+            const session = resolved.session;
             if (session.provider !== "feishu") {
                 return badParams(`upsert_gateway: login session provider "${session.provider}" != "feishu"`);
             }
@@ -659,13 +665,16 @@ export function createGatewayControl(ctx) {
         if (!params.accountId || typeof params.accountId !== "string") {
             return badParams("gateway_recent_senders: accountId is required");
         }
-        const session = sessions.get(params.loginId);
-        if (!session) {
+        const resolved = sessions.resolve(params.loginId);
+        if (resolved.state !== "live") {
             return {
                 ok: false,
-                error: { code: "login_expired", message: `wechat login session "${params.loginId}" not found or expired` },
+                error: resolved.state === "missing"
+                    ? { code: "login_missing", message: `wechat login session "${params.loginId}" not found` }
+                    : { code: "login_expired", message: `wechat login session "${params.loginId}" expired` },
             };
         }
+        const session = resolved.session;
         if (session.provider !== "wechat") {
             return badParams("gateway_recent_senders: provider does not match login session");
         }

package/dist/index.js

@@ -5,7 +5,7 @@ import { homedir, hostname } from "node:os";
 import path from "node:path";
 import { augmentProcessPath } from "./path-env.js";
 import { loadConfig, saveConfig, initDefaultConfig, resolveConfiguredAgentIds, SNAPSHOT_PATH, CONFIG_FILE_PATH, CONFIG_MISSING, } from "./config.js";
-import { ensureNoOtherDaemonFromPidFile, pidAlive, readPid, removePidFile, stopDaemonFromPidFileForRestart, writeCurrentPid, } from "./daemon-singleton.js";
+import { ensureNoOtherDaemonFromPidFile, findOtherDaemonProcesses, pidAlive, readPid, removePidFile, stopDaemonFromPidFileForRestart, stopOtherDaemonProcessesForRestart, writeCurrentPid, } from "./daemon-singleton.js";
 import { resolveBootAgents } from "./agent-discovery.js";
 import { defaultTranscriptRoot, resolveTranscriptEnabled, transcriptAgentRoot, transcriptFilePath, } from "./gateway/index.js";
 import { startDaemon } from "./daemon.js";
@@ -469,6 +469,7 @@ async function cmdStart(args) {
     if (process.env.BOTCORD_DAEMON_CHILD !== "1") {
         await ensureUserAuthForStart(args);
         await stopDaemonFromPidFileForRestart({ logger: log });
+        await stopOtherDaemonProcessesForRestart({ logger: log });
     }
     else {
         const existing = ensureNoOtherDaemonFromPidFile();
@@ -487,7 +488,7 @@ async function cmdStart(args) {
             env: { ...process.env, BOTCORD_DAEMON_CHILD: "1" },
         });
         child.unref();
-        const deadline = Date.now() + 500;
+        const deadline = Date.now() + 5_000;
         let observed = null;
         while (Date.now() < deadline) {
             const p = readPid();
@@ -498,7 +499,7 @@ async function cmdStart(args) {
             await new Promise((r) => setTimeout(r, 50));
         }
         if (!observed) {
-            console.error(`daemon did not record pid within 500ms (expected child pid ${child.pid})`);
+            console.error(`daemon did not record pid within 5000ms (expected child pid ${child.pid})`);
             process.exit(1);
         }
         console.log(`daemon started (pid ${observed})`);
@@ -539,6 +540,7 @@ async function cmdStartCloud(_args) {
         hubUrl: cloudConfig.hubUrl,
     });
     await stopDaemonFromPidFileForRestart({ logger: log });
+    await stopOtherDaemonProcessesForRestart({ logger: log });
     writeCurrentPid();
     // Cloud daemons always start with an empty in-memory config — every
     // agent + route arrives over the control plane. We synthesize the
@@ -628,6 +630,7 @@ async function cmdStatus(args) {
     const file = readSnapshotFile();
     const now = Date.now();
     const snapshotAgeMs = file ? now - file.writtenAt : null;
+    const daemonProcesses = findOtherDaemonProcesses().filter((p) => p.pid !== pid);
     if (args.flags.json === true) {
         const payload = {
             pid,
@@ -652,6 +655,7 @@ async function cmdStatus(args) {
             snapshotWrittenAt: file?.writtenAt ?? null,
             snapshotAgeMs,
             snapshotPath: SNAPSHOT_PATH,
+            daemonProcesses,
         };
         console.log(JSON.stringify(payload, null, 2));
         return;
@@ -664,6 +668,7 @@ async function cmdStatus(args) {
         configPath,
         snapshot: file?.snapshot ?? null,
         snapshotAgeMs,
+        daemonProcesses,
     };
     console.log(renderStatus(input, now));
     if (userAuth) {

package/dist/provision.d.ts

@@ -182,10 +182,14 @@ interface HelloIdentityResult {
     updated: number;
     skipped: number;
 }
+interface RuntimeSnapshotCtx {
+    gateway?: Gateway;
+}
 /**
  * Reconcile every agent identity carried by the `hello.agents` snapshot
- * against the on-disk `identity.md`. Best-effort: a malformed entry or a
- * file-system error for one agent never aborts the rest.
+ * against the on-disk `identity.md` and credentials runtime selectors.
+ * Best-effort: a malformed entry or a file-system error for one agent never
+ * aborts the rest.
  *
  * Identity-snapshot semantics intentionally only touch the metadata
  * line + Bio body — Role/Boundaries paragraphs the user authored locally
@@ -193,7 +197,7 @@ interface HelloIdentityResult {
  * (agent provisioned on a different daemon, or workspace cleared) are
  * silently skipped.
  */
-export declare function applyHelloIdentitySnapshot(snapshot: AgentIdentitySnapshot[] | undefined): HelloIdentityResult;
+export declare function applyHelloIdentitySnapshot(snapshot: AgentIdentitySnapshot[] | undefined, ctx?: RuntimeSnapshotCtx): HelloIdentityResult;
 interface ReloadResult {
     reloaded: true;
     added: string[];

package/dist/provision.js

@@ -20,6 +20,7 @@ import { discoverAgentCredentials } from "./agent-discovery.js";
 import { resolveMemoryDir } from "./working-memory.js";
 import { discoverRuntimeModelCatalog } from "./runtime-models.js";
 import { buildRuntimeSelectionExtraArgs, mergeRuntimeExtraArgs, } from "./runtime-route-options.js";
+import { handleCloudGatewayRuntimeInbound } from "./cloud-gateway-runtime.js";
 /**
  * Build a dispatcher function that routes a `ControlFrame` to the right
  * handler. Returned function signature matches
@@ -41,7 +42,7 @@ export function createProvisioner(opts) {
                 return { ok: true, result: { pong: true, ts: Date.now() } };
             case CONTROL_FRAME_TYPES.HELLO: {
                 const params = (frame.params ?? {});
-                const result = applyHelloIdentitySnapshot(params.agents);
+                const result = applyHelloIdentitySnapshot(params.agents, { gateway });
                 daemonLog.debug("hello: identity snapshot applied", {
                     frameId: frame.id,
                     received: params.agents?.length ?? 0,
@@ -62,12 +63,19 @@ export function createProvisioner(opts) {
                     displayName: params.displayName,
                     bio: params.bio,
                 });
+                const runtimeResult = applyAgentRuntimeSnapshot(params, { gateway });
+                const combined = {
+                    changed: result.changed || runtimeResult.changed,
+                    identity: result,
+                    runtime: runtimeResult,
+                };
                 daemonLog.info("update_agent applied", {
                     agentId: params.agentId,
-                    changed: result.changed,
-                    skipped: result.skipped ?? null,
+                    changed: combined.changed,
+                    identitySkipped: result.skipped ?? null,
+                    runtimeSkipped: runtimeResult.skipped ?? null,
                 });
-                return { ok: true, result };
+                return { ok: true, result: combined };
             }
             case CONTROL_FRAME_TYPES.PROVISION_AGENT: {
                 const params = (frame.params ?? {});
@@ -266,6 +274,30 @@ export function createProvisioner(opts) {
                     return v.ack;
                 return gatewayControl.handleSend(v.params);
             }
+            case "cloud_gateway_runtime_inbound": {
+                const params = (frame.params ?? {});
+                const runtimeFrame = params.frame;
+                if (!runtimeFrame || typeof runtimeFrame !== "object") {
+                    return {
+                        ok: false,
+                        error: {
+                            code: "bad_params",
+                            message: "cloud_gateway_runtime_inbound requires params.frame",
+                        },
+                    };
+                }
+                const result = await handleCloudGatewayRuntimeInbound(gateway, runtimeFrame);
+                return result.accepted
+                    ? { ok: true, result }
+                    : {
+                        ok: false,
+                        result,
+                        error: result.error ?? {
+                            code: "runtime_inbound_rejected",
+                            message: "cloud gateway runtime inbound was rejected",
+                        },
+                    };
+            }
             case "list_agent_files": {
                 const params = (frame.params ?? {});
                 if (!params.agentId) {
@@ -1998,10 +2030,84 @@ function openclawBindingIndex() {
     }
     return out;
 }
+function hasOwnField(obj, key) {
+    return Object.prototype.hasOwnProperty.call(obj, key);
+}
+function cleanNullableString(value) {
+    if (typeof value !== "string")
+        return undefined;
+    const trimmed = value.trim();
+    return trimmed || undefined;
+}
+function applyAgentRuntimeSnapshot(snapshot, ctx = {}) {
+    const hasRuntimeFields = (hasOwnField(snapshot, "runtime") ||
+        hasOwnField(snapshot, "runtimeModel") ||
+        hasOwnField(snapshot, "reasoningEffort") ||
+        hasOwnField(snapshot, "thinking"));
+    if (!hasRuntimeFields)
+        return { changed: false, skipped: "no_runtime_fields" };
+    const credentialsFile = defaultCredentialsFile(snapshot.agentId);
+    if (!existsSync(credentialsFile)) {
+        return { changed: false, skipped: "credentials_missing" };
+    }
+    const credentials = loadStoredCredentials(credentialsFile);
+    let changed = false;
+    if (hasOwnField(snapshot, "runtime")) {
+        const runtime = cleanNullableString(snapshot.runtime);
+        if (runtime !== credentials.runtime) {
+            if (runtime)
+                credentials.runtime = runtime;
+            else
+                delete credentials.runtime;
+            changed = true;
+        }
+    }
+    if (hasOwnField(snapshot, "runtimeModel")) {
+        const runtimeModel = cleanNullableString(snapshot.runtimeModel);
+        if (runtimeModel !== credentials.runtimeModel) {
+            if (runtimeModel)
+                credentials.runtimeModel = runtimeModel;
+            else
+                delete credentials.runtimeModel;
+            changed = true;
+        }
+    }
+    if (hasOwnField(snapshot, "reasoningEffort")) {
+        const reasoningEffort = cleanNullableString(snapshot.reasoningEffort);
+        if (reasoningEffort !== credentials.reasoningEffort) {
+            if (reasoningEffort)
+                credentials.reasoningEffort = reasoningEffort;
+            else
+                delete credentials.reasoningEffort;
+            changed = true;
+        }
+    }
+    if (hasOwnField(snapshot, "thinking")) {
+        if (typeof snapshot.thinking === "boolean") {
+            if (credentials.thinking !== snapshot.thinking) {
+                credentials.thinking = snapshot.thinking;
+                changed = true;
+            }
+        }
+        else if (typeof credentials.thinking === "boolean") {
+            delete credentials.thinking;
+            changed = true;
+        }
+    }
+    if (!changed)
+        return { changed: false };
+    writeCredentialsFile(credentialsFile, credentials);
+    if (ctx.gateway) {
+        upsertManagedRouteForCredentials(credentials, loadConfig(), ctx.gateway);
+        return { changed: true, routeUpdated: true };
+    }
+    return { changed: true };
+}
 /**
  * Reconcile every agent identity carried by the `hello.agents` snapshot
- * against the on-disk `identity.md`. Best-effort: a malformed entry or a
- * file-system error for one agent never aborts the rest.
+ * against the on-disk `identity.md` and credentials runtime selectors.
+ * Best-effort: a malformed entry or a file-system error for one agent never
+ * aborts the rest.
  *
  * Identity-snapshot semantics intentionally only touch the metadata
  * line + Bio body — Role/Boundaries paragraphs the user authored locally
@@ -2009,7 +2115,7 @@ function openclawBindingIndex() {
  * (agent provisioned on a different daemon, or workspace cleared) are
  * silently skipped.
  */
-export function applyHelloIdentitySnapshot(snapshot) {
+export function applyHelloIdentitySnapshot(snapshot, ctx = {}) {
     const out = { updated: 0, skipped: 0 };
     if (!Array.isArray(snapshot))
         return out;
@@ -2023,7 +2129,8 @@ export function applyHelloIdentitySnapshot(snapshot) {
                 displayName: entry.displayName,
                 bio: entry.bio,
             });
-            if (result.changed)
+            const runtimeResult = applyAgentRuntimeSnapshot(entry, ctx);
+            if (result.changed || runtimeResult.changed)
                 out.updated += 1;
             else
                 out.skipped += 1;

package/dist/room-recovery-context.d.ts

@@ -0,0 +1,11 @@
+import type { GatewayInboundMessage } from "./gateway/index.js";
+export interface RecentRoomMessagesRecoveryOptions {
+    credentialPathByAgentId: Map<string, string>;
+    defaultCredentialsPath?: string;
+    hubBaseUrl?: string;
+    limit?: number;
+    log?: {
+        warn: (msg: string, meta?: Record<string, unknown>) => void;
+    };
+}
+export declare function createRecentRoomMessagesRecoveryBuilder(opts: RecentRoomMessagesRecoveryOptions): (message: GatewayInboundMessage) => Promise<string | null>;

package/dist/room-recovery-context.js

@@ -0,0 +1,97 @@
+/**
+ * Build a compact, deterministic recovery block from recent Hub room messages.
+ * Used when a runtime-native session is discarded and the same turn is retried
+ * in a fresh session.
+ */
+import { BotCordClient, loadStoredCredentials } from "@botcord/protocol-core";
+import { sanitizeUntrustedContent } from "./gateway/index.js";
+const DEFAULT_RECENT_LIMIT = 20;
+const MAX_MESSAGE_TEXT_CHARS = 1200;
+function stripNewlines(s) {
+    return s.replace(/[\r\n]+/g, " ");
+}
+function messageLabel(m) {
+    const name = typeof m.from_name === "string" && m.from_name.trim()
+        ? m.from_name
+        : typeof m.from === "string" && m.from.trim()
+            ? m.from
+            : "unknown";
+    return sanitizeUntrustedContent(stripNewlines(name));
+}
+function formatRecentMessages(messages) {
+    if (messages.length === 0)
+        return "[Recent Room Messages]\n(none)";
+    const chronological = [...messages].reverse();
+    const lines = ["[Recent Room Messages]"];
+    for (const m of chronological) {
+        const text = typeof m.text === "string" ? m.text.trim() : "";
+        if (!text)
+            continue;
+        const ts = typeof m.ts === "string" ? m.ts : "";
+        const topic = typeof m.topic_title === "string" && m.topic_title.trim()
+            ? ` topic=${sanitizeUntrustedContent(stripNewlines(m.topic_title))}`
+            : typeof m.topic_id === "string" && m.topic_id
+                ? ` topic=${sanitizeUntrustedContent(stripNewlines(m.topic_id))}`
+                : "";
+        const safeText = sanitizeUntrustedContent(text.length > MAX_MESSAGE_TEXT_CHARS
+            ? `${text.slice(0, MAX_MESSAGE_TEXT_CHARS)}...`
+            : text);
+        lines.push(`- ${ts ? `${ts} ` : ""}${messageLabel(m)}${topic}: ${safeText}`);
+    }
+    return lines.join("\n");
+}
+export function createRecentRoomMessagesRecoveryBuilder(opts) {
+    const clients = new Map();
+    const limit = opts.limit ?? DEFAULT_RECENT_LIMIT;
+    function getClient(accountId) {
+        const existing = clients.get(accountId);
+        if (existing)
+            return existing.client;
+        const credsPath = opts.credentialPathByAgentId.get(accountId) ?? opts.defaultCredentialsPath;
+        if (!credsPath) {
+            opts.log?.warn("daemon.recovery-context.no-credentials", { accountId });
+            return null;
+        }
+        try {
+            const creds = loadStoredCredentials(credsPath);
+            const client = new BotCordClient({
+                hubUrl: opts.hubBaseUrl ?? creds.hubUrl,
+                agentId: creds.agentId,
+                keyId: creds.keyId,
+                privateKey: creds.privateKey,
+                ...(creds.token ? { token: creds.token } : {}),
+                ...(creds.tokenExpiresAt !== undefined
+                    ? { tokenExpiresAt: creds.tokenExpiresAt }
+                    : {}),
+            });
+            clients.set(accountId, { client, credentialsPath: credsPath });
+            return client;
+        }
+        catch (err) {
+            opts.log?.warn("daemon.recovery-context.client-init-failed", {
+                accountId,
+                credsPath,
+                error: err instanceof Error ? err.message : String(err),
+            });
+            return null;
+        }
+    }
+    return async (message) => {
+        const client = getClient(message.accountId);
+        if (!client)
+            return null;
+        try {
+            const body = await client.roomMessages(message.conversation.id, { limit });
+            const messages = Array.isArray(body?.messages) ? body.messages : [];
+            return formatRecentMessages(messages);
+        }
+        catch (err) {
+            opts.log?.warn("daemon.recovery-context.fetch-failed", {
+                accountId: message.accountId,
+                roomId: message.conversation.id,
+                error: err instanceof Error ? err.message : String(err),
+            });
+            return null;
+        }
+    };
+}

package/dist/status-render.d.ts

@@ -5,6 +5,10 @@ export declare const STALE_THRESHOLD_MS = 30000;
 export interface StatusRenderInput {
     pid: number | null;
     alive: boolean;
+    daemonProcesses?: Array<{
+        pid: number;
+        command?: string;
+    }> | null;
     /**
      * Effective list of agent ids the daemon is bound to. Single-agent installs
      * show one entry; multi-agent configs show all. `agentId` (scalar) is kept

package/dist/status-render.js

@@ -71,10 +71,23 @@ function renderRuntimeCircuitBreakers(snap, now) {
 export function renderStatus(input, now = Date.now()) {
     const lines = [];
     if (input.pid === null) {
-        lines.push("daemon: stopped");
+        const extras = input.daemonProcesses ?? [];
+        if (extras.length > 0) {
+            lines.push("daemon: no pid file");
+            lines.push(`warning: ${extras.length} daemon process${extras.length === 1 ? "" : "es"} detected without pid file`);
+            lines.push(`pids: ${extras.map((p) => p.pid).join(", ")}`);
+        }
+        else {
+            lines.push("daemon: stopped");
+        }
         return lines.join("\n");
     }
     lines.push(`daemon: pid ${input.pid} (${input.alive ? "alive" : "not alive"})`);
+    const extras = (input.daemonProcesses ?? []).filter((p) => p.pid !== input.pid);
+    if (extras.length > 0) {
+        lines.push(`warning: ${extras.length} additional daemon process${extras.length === 1 ? "" : "es"} detected`);
+        lines.push(`extra pids: ${extras.map((p) => p.pid).join(", ")}`);
+    }
     const agents = input.agents && input.agents.length > 0
         ? input.agents
         : input.agentId

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@botcord/daemon",
-  "version": "0.2.78",
+  "version": "0.2.80",
   "description": "BotCord local daemon — bridges Hub inbox push to local Claude Code / Codex / Gemini CLIs",
   "type": "module",
   "bin": {
@@ -28,7 +28,7 @@
   },
   "dependencies": {
     "@botcord/cli": "^0.1.7",
-    "@botcord/protocol-core": "^0.2.9",
+    "@botcord/protocol-core": "^0.2.10",
     "@larksuiteoapi/node-sdk": "^1.63.1",
     "ws": "^8.20.1"
   },

package/src/__tests__/attention-policy-fetcher.test.ts

@@ -0,0 +1,67 @@
+import { mkdtempSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import path from "node:path";
+import { afterEach, describe, expect, it, vi } from "vitest";
+import { generateKeypair } from "@botcord/protocol-core";
+import { createAttentionPolicyFetcher } from "../attention-policy-fetcher.js";
+
+function writeCredentials(agentId: string): string {
+  const dir = mkdtempSync(path.join(tmpdir(), "botcord-policy-"));
+  const file = path.join(dir, `${agentId}.json`);
+  const keys = generateKeypair();
+  writeFileSync(
+    file,
+    JSON.stringify({
+      version: 1,
+      hubUrl: "https://hub.test",
+      agentId,
+      keyId: "key_1",
+      privateKey: keys.privateKey,
+      publicKey: keys.publicKey,
+      savedAt: new Date().toISOString(),
+      token: "jwt",
+      tokenExpiresAt: Math.floor(Date.now() / 1000) + 3600,
+    }),
+  );
+  return file;
+}
+
+describe("createAttentionPolicyFetcher", () => {
+  afterEach(() => {
+    vi.unstubAllGlobals();
+  });
+
+  it("fetches effective room attention policy with agent credentials", async () => {
+    const credentialsPath = writeCredentials("ag_policy");
+    const fetchMock = vi.fn(async (url: string | URL | Request, init?: RequestInit) => {
+      expect(String(url)).toBe(
+        "https://hub.test/hub/attention-policy?room_id=rm_1",
+      );
+      expect((init?.headers as Record<string, string>).Authorization).toBe(
+        "Bearer jwt",
+      );
+      return new Response(
+        JSON.stringify({
+          mode: "mention_only",
+          keywords: [],
+          allowedSenderIds: [],
+        }),
+        { status: 200, headers: { "Content-Type": "application/json" } },
+      );
+    });
+    vi.stubGlobal("fetch", fetchMock);
+
+    const fetchPolicy = createAttentionPolicyFetcher({
+      credentialPathByAgentId: new Map([["ag_policy", credentialsPath]]),
+    });
+
+    await expect(
+      fetchPolicy({ agentId: "ag_policy", roomId: "rm_1" }),
+    ).resolves.toEqual({
+      mode: "mention_only",
+      keywords: [],
+      allowedSenderIds: [],
+    });
+    expect(fetchMock).toHaveBeenCalledTimes(1);
+  });
+});