@chanlerdev/scorel 0.0.1

package/docs/spec/ship/S0014-local-daemon-lifecycle.md

@@ -0,0 +1,64 @@
+# S0014: Local Daemon Lifecycle
+
+## Goal
+
+Implement a local standalone daemon process that can be started, discovered, and stopped independently from `scorel chat`.
+
+This spec establishes the process and lifecycle foundation for multiple local clients to share one daemon.
+
+## Scope
+
+- Implement a Node local server transport for the daemon side using Unix socket on macOS/Linux and a clear named-pipe-compatible abstraction boundary.
+- Implement the matching Node socket transport entrypoint for `@scorel/client/node`.
+- Add `scorel daemon start`, `scorel daemon status`, and `scorel daemon stop` command behavior.
+- Persist local daemon connection state under Scorel-owned product state, including socket path, pid, started time, local token, and connection metadata.
+- Keep `~/.scorel` and `~/.scorel/sessions` as fixed product paths, not user-exposed config flags.
+- Ensure clean shutdown closes the socket and removes stale state when possible.
+- Return clear errors for stale socket/state files and unavailable daemon processes.
+
+## Not In Scope
+
+- `scorel attach` interactive UX.
+- Multi-client broadcast smoke.
+- Remote WebSocket daemon.
+- Token refresh UX, remote token distribution, or permission tiers.
+- Crash recovery supervisor, auto-restart, launchd/systemd integration, Docker service.
+- Channel manager, GUI, WebUI, or IM integration.
+
+## Acceptance Criteria
+
+- `scorel daemon start` creates local daemon connection state and reserves the socket path/token needed by the standalone daemon lifecycle.
+- The reusable local socket server primitive can accept authenticated local connections; `scorel attach` consumes this lifecycle in S0015.
+- `scorel daemon status` reports whether a local daemon is reachable and includes pid/socket/session count when available.
+- `scorel daemon stop` gracefully shuts down the local daemon and cleans up local connection state.
+- A second start command detects an already-running daemon instead of starting a duplicate.
+- Stale state is detected and reported with an actionable error.
+- Local socket connections validate the stored local token or an equivalent local-only connection secret.
+- Socket transport tests cover successful connect, ping/pong, clean close, and connection failure.
+- Package boundary tests still enforce `@scorel/daemon` does not depend on `@scorel/client` or `apps/*`.
+
+## Tests
+
+- `pnpm --filter @scorel/client test`
+- `pnpm --filter @scorel/daemon test`
+- `pnpm --filter @scorel/app-daemon test`
+- `pnpm --filter @scorel/app-cli test`
+- `pnpm typecheck && pnpm test`
+
+## Affected Paths
+
+- `packages/client/src/`
+- `packages/daemon/src/`
+- `apps/daemon/src/index.ts`
+- `apps/daemon/src/index.test.ts`
+- `apps/cli/src/index.ts`
+- `apps/cli/src/index.test.ts`
+- `docs/spec/daemon.md`
+- `docs/spec/client.md`
+- `docs/ROADMAP.md`
+
+## Risks And Boundaries
+
+- A daemon process manager can grow into a supervisor. Keep this spec to explicit start/status/stop.
+- Cross-platform socket details can pollute protocol code. Keep transport implementation behind Node-only entrypoints.
+- Do not make product paths configurable just to simplify tests; tests can inject temporary paths through internal APIs.

package/docs/spec/ship/S0015-local-attach-and-broadcast.md

@@ -0,0 +1,58 @@
+# S0015: Local Attach And Broadcast
+
+## Goal
+
+Let local CLI clients attach to the standalone daemon and observe the same session event stream.
+
+This spec proves that M3 is more than a background process: multiple local clients share one daemon-owned session.
+
+## Scope
+
+- Add `scorel attach` for connecting to an existing local daemon.
+- Let `scorel chat` choose the local standalone daemon path when requested, while preserving the embedded default until the product default is intentionally changed.
+- Support attaching to a specific session with `--session`.
+- Broadcast persistent and transient events from one local client to all clients attached to the same session.
+- Keep session writes daemon-owned; CLI must not bypass the daemon to read/write JSONL directly.
+- Show CLI-visible tool calls, tool results, text deltas, and daemon errors through the existing event stream.
+- Add integration tests with two local clients attached to one daemon/session.
+
+## Not In Scope
+
+- Remote attach.
+- Browser/WebUI attach.
+- Rewind/branch UX polish.
+- Permission levels between local clients.
+- Offline command queue.
+- Automatically migrating all `scorel chat` usage to standalone daemon by default.
+
+## Acceptance Criteria
+
+- `scorel attach --session <id>` connects to an already-running local daemon and subscribes to that session.
+- When Client A sends a message, Client B receives the same ordered event stream for that session.
+- Tool call and tool result events remain visible in attached clients.
+- A client connecting to a missing daemon receives a clear error.
+- A client connecting to a missing session can either create it through the daemon or report the supported command path; the behavior is documented in the spec/client or CLI help text.
+- Tests prove CLI code uses `DaemonClient` + transport and does not directly instantiate runtime/session for attach.
+
+## Tests
+
+- `pnpm --filter @scorel/client test`
+- `pnpm --filter @scorel/daemon test`
+- `pnpm --filter @scorel/app-cli test`
+- `pnpm typecheck && pnpm test`
+
+## Affected Paths
+
+- `apps/cli/src/index.ts`
+- `apps/cli/src/index.test.ts`
+- `packages/client/src/`
+- `packages/daemon/src/`
+- `docs/spec/client.md`
+- `docs/spec/daemon.md`
+- `docs/ROADMAP.md`
+
+## Risks And Boundaries
+
+- Attach UX can become a second chat implementation. Keep it as a thin client path over `DaemonClient`.
+- Multi-client output can become noisy. Preserve machine-verifiable event behavior first; polish display later.
+- Do not add remote URI parsing here beyond local daemon discovery.

package/docs/spec/ship/S0016-local-daemon-resync-smoke.md

@@ -0,0 +1,60 @@
+# S0016: Local Daemon Resync Smoke
+
+## Goal
+
+Validate the full M3 local daemon product path: local daemon, multiple clients, disconnect/reconnect, missed event 补发, and a real `scorel chat` coding flow.
+
+This spec closes M3 only after local daemon behavior is proven end to end.
+
+## Scope
+
+- Implement and test `lastSeq`-based resync over local socket transport.
+- Cover the three M3 sync cases needed locally: buffer hit, JSONL persistent fallback, and clean full replay when a client has no usable seq.
+- Verify that transient loss does not corrupt final persistent session state.
+- Keep the existing CLI coding smoke green with a real temporary workspace and real JSONL session files.
+- Verify the local daemon path covers socket attach, multi-client broadcast, and resync fallback. A real external provider smoke can be run as an additional manual gate when credentials are available.
+- Update M3 Roadmap status only after the smoke and full check pass.
+
+## Not In Scope
+
+- Remote WebSocket reconnect.
+- Runtime in-progress partial reconstruction beyond what is already available through local event buffering.
+- Long-running background Bash monitor.
+- Daemon crash recovery after hard kill.
+- GUI/WebUI validation.
+
+## Acceptance Criteria
+
+- A disconnected local client can reconnect with `lastSeq` and receive missed events in order.
+- If the in-memory buffer cannot satisfy `lastSeq`, daemon falls back to JSONL persistent events and returns a correct final session state.
+- Reconnect without `lastSeq` can rebuild state through full session replay.
+- Tests prove seq remains per-session and does not leak across sessions.
+- Local daemon tests use the socket path, not only embedded in-memory transport.
+- Existing CLI coding smoke still covers search/read/edit/bash/TodoWrite and persistence with a temporary OpenAI-compatible test server.
+- `pnpm typecheck && pnpm test` passes.
+- `docs/ROADMAP.md` marks all M3 steps and M3 status as `Done`.
+
+## Tests
+
+- `pnpm --filter @scorel/client test`
+- `pnpm --filter @scorel/daemon test`
+- `pnpm --filter @scorel/app-cli test`
+- `pnpm --filter @scorel/app-daemon test`
+- `pnpm typecheck && pnpm test`
+- Optional manual smoke: local standalone daemon + real provider + real temporary coding workspace.
+
+## Affected Paths
+
+- `packages/client/src/`
+- `packages/daemon/src/`
+- `apps/cli/src/index.ts`
+- `apps/daemon/src/index.ts`
+- `docs/ROADMAP.md`
+- `docs/spec/client.md`
+- `docs/spec/daemon.md`
+
+## Risks And Boundaries
+
+- A local daemon smoke that only uses embedded daemon does not prove M3. Local daemon behavior must go through socket transport.
+- A resync test that only checks request/response shape does not prove user value. It must assert ordered event recovery and final session state.
+- Do not use fake providers as proof for provider/runtime quality; M3 completion is about local daemon transport, broadcast, and resync behavior.

package/docs/spec/ship/S0017-grep-files-output-mode.md

@@ -0,0 +1,49 @@
+# S0017: Grep Files Output Mode
+
+## Goal
+
+Simplify the `Grep` tool `output_mode` contract to the obvious `files` mode for matching file paths.
+
+This is a product-facing tool schema fix: agents should be able to ask for matching file paths with the obvious word `files`.
+
+## Scope
+
+- Change `Grep` schema to accept `files`, `content`, and `count`.
+- Change the default `Grep` mode to `files`.
+- Update `Grep` runtime details to report `mode: "files"`.
+- Update tool documentation that names the old mode.
+- Keep the ripgrep-backed behavior and pagination unchanged.
+
+## Not In Scope
+
+- Compatibility aliases for old or alternative names.
+- New search modes.
+- Broader provider schema description work.
+- Claude Code parity for every `Grep` parameter.
+
+## Acceptance Criteria
+
+- `Grep` with `output_mode: "files"` returns matching file paths.
+- `Grep` defaults to file-path output when `output_mode` is omitted.
+- Unknown `output_mode` values are rejected with a concise validation error.
+- The provider schema exposes `files`.
+- `pnpm --filter @scorel/core test -- tools` passes.
+- `pnpm typecheck && pnpm test` passes.
+
+## Tests
+
+- `pnpm --filter @scorel/core test -- tools`
+- `pnpm typecheck && pnpm test`
+
+## Affected Paths
+
+- `packages/core/src/tools/coding-tools.ts`
+- `packages/core/src/tools/coding-tools.test.ts`
+- `packages/core/src/provider/pi-ai.ts`
+- `docs/spec/tools.md`
+- `docs/spec/ship/S0012-coding-tools-maturity.md`
+
+## Risks And Boundaries
+
+- This intentionally keeps the public tool contract small before Scorel has a stable public tool API.
+- Existing session replays containing old tool calls may show the old error if re-executed; historical event display remains unaffected.

package/docs/spec/ship/S0018-daemon-entrypoint-smoke.md

@@ -0,0 +1,48 @@
+# S0018: Daemon Entrypoint Smoke
+
+## Goal
+
+Make the daemon app executable through the same direct `tsx src/index.ts ...` path used for local development.
+
+This fixes the M3 manual lifecycle experience: `start` must actually run the daemon command, print status, and create local daemon state.
+
+## Scope
+
+- Add the missing direct entrypoint guard to `@scorel/app-daemon`.
+- Cover the direct entrypoint path with a subprocess smoke test.
+- Keep daemon lifecycle behavior unchanged.
+- Move pnpm build settings out of `package.json` so modern pnpm does not print unrelated config warnings.
+
+## Not In Scope
+
+- Turning `scorel-daemon start` into a long-running runtime socket server.
+- Remote WebSocket transport.
+- Shell package installation or global binary linking.
+
+## Acceptance Criteria
+
+- `pnpm --filter @scorel/app-daemon exec tsx src/index.ts start` prints `scorel daemon started`.
+- `pnpm --filter @scorel/app-cli exec tsx src/index.ts daemon status` sees the state written by `start`.
+- `pnpm --filter @scorel/app-daemon exec tsx src/index.ts stop` clears the state.
+- Direct entrypoint behavior is covered by tests.
+- `pnpm typecheck && pnpm test` passes.
+
+## Tests
+
+- `pnpm --filter @scorel/app-daemon test`
+- Manual lifecycle smoke:
+  - `pnpm --filter @scorel/app-daemon exec tsx src/index.ts start`
+  - `pnpm --filter @scorel/app-cli exec tsx src/index.ts daemon status`
+  - `pnpm --filter @scorel/app-daemon exec tsx src/index.ts stop`
+- `pnpm typecheck && pnpm test`
+
+## Affected Paths
+
+- `apps/daemon/src/index.ts`
+- `apps/daemon/src/index.test.ts`
+- `package.json`
+- `pnpm-workspace.yaml`
+
+## Risks And Boundaries
+
+- This only fixes command execution for the current M3 lifecycle state. It does not make the daemon process stay alive as a runtime server.

package/docs/spec/ship/S0019-remote-transport-contract.md

@@ -0,0 +1,59 @@
+# S0019: Remote Transport Contract
+
+## Goal
+
+Lock the M4 remote control contract before implementing a WebSocket server.
+
+This spec defines how a local client connects to a remote daemon, how token auth is represented, and how remote reconnect/resync must preserve the same session semantics proven in M3.
+
+## Scope
+
+- Define the remote transport shape for `DaemonTransport`, including WebSocket URL fields, token auth fields, connection metadata, and error categories.
+- Align `@scorel/protocol` wire types with remote connection needs without breaking embedded or local socket transports.
+- Decide the product-facing CLI shape for remote endpoints, such as `scorel attach --remote <url> --token <token> --session <id>` or an equivalent explicit form.
+- Document which remote connection state may be stored locally and which secrets must not be written without an explicit product decision.
+- Specify reconnect behavior: client keeps `lastSeq`, reconnects to the same session, calls resync, and receives ordered missed events.
+- Add protocol/client/daemon documentation updates where public names or semantics change.
+- Define validation expectations around real product paths: M4 completion cannot depend on mock/fake providers, fake transports, or test-only protocol branches.
+
+## Not In Scope
+
+- Implementing the actual WebSocket server.
+- Implementing the actual WebSocket client transport.
+- TLS certificate automation, OAuth, account login, token rotation, or permission tiers.
+- Public relay service, tunnel service, NAT traversal, or cloud-hosted control plane.
+- WebUI / GUI.
+- Changing embedded or local socket behavior beyond shared protocol types.
+
+## Acceptance Criteria
+
+- `docs/spec/daemon.md` describes remote WebSocket transport, token auth, reconnect, and resync boundaries.
+- `docs/spec/client.md` describes WebSocket transport selection, connection state, and remote error handling expectations.
+- `@scorel/protocol` exposes any new remote-safe wire types needed by later S specs.
+- Remote auth failures, protocol version mismatch, connection loss, and resync failure have concise error categories.
+- The CLI UX for remote attach/serve is documented enough for S0022 to implement without redesigning command names.
+- Existing embedded and local socket tests still pass.
+
+## Tests
+
+- `pnpm --filter @scorel/protocol test`
+- `pnpm --filter @scorel/client test`
+- `pnpm --filter @scorel/daemon test`
+- `pnpm typecheck && pnpm test`
+
+## Affected Paths
+
+- `packages/protocol/src/`
+- `packages/client/src/`
+- `packages/daemon/src/`
+- `docs/spec/daemon.md`
+- `docs/spec/client.md`
+- `docs/ROADMAP.md`
+
+## Risks And Boundaries
+
+- If M4 starts by writing WebSocket code without a contract, remote UX and auth semantics will drift across packages.
+- If token auth is overbuilt now, M4 will become an account system instead of a remote control milestone. Use bearer-token style auth only.
+- Do not expose secrets in logs, session JSONL, or ordinary status output.
+- Keep remote transport behavior compatible with the existing `DaemonClient` abstraction; entry apps should not branch into a separate remote client implementation.
+- Avoid special validation-only behavior. Tests may exercise the same code path with temporary real resources, but should not add alternate product behavior just to pass tests.

package/docs/spec/ship/S0020-remote-websocket-server.md

@@ -0,0 +1,56 @@
+# S0020: Remote WebSocket Server
+
+## Goal
+
+Implement the daemon-side WebSocket server primitive needed for remote control.
+
+This spec proves that a daemon can accept authenticated remote clients over WebSocket and route the existing protocol messages without changing session ownership.
+
+## Scope
+
+- Add a daemon-owned WebSocket server primitive for remote connections.
+- Reuse the same protocol message model used by embedded and local socket transports.
+- Validate token auth during connection setup or the first protocol handshake, according to S0019.
+- Route connect, ping, request/response, subscribe, event broadcast, disconnect, and error messages through the daemon boundary.
+- Keep daemon as the only session writer and runtime holder.
+- Add tests for auth success, auth failure, malformed messages, clean close, event delivery, and request/response behavior.
+- Use the same WebSocket server primitive in tests and product commands; do not add test-only transports or protocol shortcuts.
+
+## Not In Scope
+
+- Browser/client `WsTransport` implementation.
+- CLI remote attach UX.
+- TLS termination or certificate management.
+- HTTP REST API.
+- Supervisor, auto-restart, daemon install service, or process manager.
+- Public network hardening beyond token validation and predictable error handling.
+
+## Acceptance Criteria
+
+- A daemon WebSocket server can start on an injected host/port in tests and close cleanly.
+- An authenticated remote connection can connect to a session and receive `connected`.
+- Invalid token connections are rejected with a structured error and do not attach to a session.
+- Ping/pong and at least one daemon request/response path work over WebSocket.
+- Session events generated inside the daemon are broadcast to authenticated WebSocket clients subscribed to that session.
+- Malformed JSON or unknown message types return clear errors without crashing the server.
+- Package boundary tests still enforce `@scorel/daemon` does not depend on `@scorel/client` or `apps/*`.
+
+## Tests
+
+- `pnpm --filter @scorel/daemon test`
+- `pnpm --filter @scorel/protocol test`
+- `pnpm typecheck && pnpm test`
+
+## Affected Paths
+
+- `packages/daemon/src/`
+- `packages/protocol/src/`
+- `docs/spec/daemon.md`
+- `docs/ROADMAP.md`
+
+## Risks And Boundaries
+
+- WebSocket server code can accidentally become an app-level daemon lifecycle. Keep this as a reusable primitive; product commands belong in S0022.
+- Avoid daemon-to-client package dependencies. The server consumes protocol messages, not `DaemonClient`.
+- Do not claim remote production security in this spec. Token auth is the M4 minimum; TLS and deployment hardening remain separate product work.
+- Do not introduce mock server behavior that differs from the product server path.

package/docs/spec/ship/S0021-remote-websocket-client-transport.md

@@ -0,0 +1,55 @@
+# S0021: Remote WebSocket Client Transport
+
+## Goal
+
+Implement the client-side WebSocket transport for remote daemon control.
+
+This spec makes `DaemonClient` able to use a remote WebSocket daemon while preserving the same API used by embedded and local socket modes.
+
+## Scope
+
+- Add a `WsTransport` implementation that satisfies `DaemonTransport`.
+- Keep the root `@scorel/client` export browser-safe while exposing remote WebSocket support from the appropriate entrypoint.
+- Support token-authenticated connect according to S0019.
+- Preserve request/response, event subscription, close, and parse-error behavior.
+- Add reconnect-oriented tests that verify a client can reconnect with `lastSeq` and resync missed events when used with the daemon WebSocket server primitive.
+- Ensure transport errors map to concise client-visible error messages.
+- Use the same `WsTransport` implementation for tests, CLI, and future browser clients; do not add validation-only transport branches.
+
+## Not In Scope
+
+- CLI command UX.
+- Daemon WebSocket server implementation beyond consuming the S0020 primitive in tests.
+- Token persistence, token prompts, or config file storage.
+- Browser UI.
+- Background retry policy beyond the minimum needed to prove reconnect/resync semantics.
+
+## Acceptance Criteria
+
+- `WsTransport` can connect to an authenticated daemon WebSocket endpoint and resolve `connect`.
+- `DaemonClient` can send a message, receive responses, and subscribe to events over `WsTransport`.
+- Closing the WebSocket tears down handlers without leaking subscriptions.
+- A reconnect path can provide `lastSeq` and recover missed events in order.
+- Browser-safety tests prove root `@scorel/client` does not import Node-only APIs.
+- Existing embedded and local socket client tests still pass.
+
+## Tests
+
+- `pnpm --filter @scorel/client test`
+- `pnpm --filter @scorel/daemon test`
+- `pnpm typecheck && pnpm test`
+
+## Affected Paths
+
+- `packages/client/src/`
+- `packages/daemon/src/`
+- `packages/protocol/src/`
+- `docs/spec/client.md`
+- `docs/ROADMAP.md`
+
+## Risks And Boundaries
+
+- Do not fork `DaemonClient` for remote mode. The product value is that deployment mode changes only the transport.
+- Node and browser WebSocket implementations may differ. Keep the transport contract small and test behavior rather than implementation details.
+- Do not add token storage here; storing secrets is a product UX/security decision for a later spec.
+- Do not use fake transports as proof that remote control works.

package/docs/spec/ship/S0022-remote-daemon-cli-lifecycle.md

@@ -0,0 +1,60 @@
+# S0022: Remote Daemon CLI Lifecycle
+
+## Goal
+
+Expose the remote daemon and remote attach product entrypoints through CLI commands.
+
+This spec turns the WebSocket primitives from S0020/S0021 into a user-visible remote control path.
+
+## Scope
+
+- Add a remote serve command for the daemon app, such as `scorel-daemon serve --host <host> --port <port> --token <token>`.
+- Add or extend CLI attach so a local client can connect to a remote daemon endpoint with an explicit session id and token.
+- Keep local attach behavior intact.
+- Ensure status/help output clearly distinguishes embedded chat, local daemon, and remote daemon paths.
+- Avoid writing tokens to disk by default; if a token is printed or accepted as an argument, redact it from ordinary status and error output.
+- Add CLI tests for serve argument validation, remote attach construction, missing token, missing endpoint, and connection failure.
+- Keep tests on the same CLI command construction and connection path users will run; do not add hidden validation-only flags.
+
+## Not In Scope
+
+- TLS certificate generation.
+- Long-running service installation through launchd/systemd/Docker.
+- Persistent remote profiles or named remotes.
+- WebUI / GUI.
+- Full interactive attach polish beyond sending prompts and streaming events needed for M4 end-to-end validation.
+- Permission approval, sandbox, or policy prompts.
+
+## Acceptance Criteria
+
+- Daemon app exposes a remote serve command that starts the WebSocket server primitive with host/port/token options.
+- CLI remote attach connects through `DaemonClient + WsTransport`, not by directly importing daemon internals.
+- Local attach tests remain green and still use `NodeSocketTransport`.
+- Missing or invalid remote options return actionable CLI errors.
+- Help text documents the minimum command path for remote control.
+- Tokens are not printed in normal status output.
+
+## Tests
+
+- `pnpm --filter @scorel/app-daemon test`
+- `pnpm --filter @scorel/app-cli test`
+- `pnpm --filter @scorel/client test`
+- `pnpm --filter @scorel/daemon test`
+- `pnpm typecheck && pnpm test`
+
+## Affected Paths
+
+- `apps/daemon/src/index.ts`
+- `apps/daemon/src/index.test.ts`
+- `apps/cli/src/index.ts`
+- `apps/cli/src/index.test.ts`
+- `packages/client/src/`
+- `packages/daemon/src/`
+- `docs/ROADMAP.md`
+
+## Risks And Boundaries
+
+- Command UX can sprawl into remote profile management. Keep M4 to explicit endpoint and token arguments.
+- A remote daemon command can be mistaken for production deployment. Keep docs clear: this is the first remote control path, not a hardened service manager.
+- Do not make `scorel chat` remote by default. Remote control should remain opt-in until end-to-end validation and security boundaries are proven.
+- Do not special-case test endpoints or bypass `DaemonClient + WsTransport` in CLI tests.

package/docs/spec/ship/S0023-remote-control-e2e-validation.md

@@ -0,0 +1,66 @@
+# S0023: Remote Control End-to-End Validation
+
+## Goal
+
+Validate the full M4 remote control product path end to end using real product behavior.
+
+This spec closes M4 only after a local client can securely control a daemon running as a remote WebSocket endpoint, recover from disconnects, and complete a real coding flow without losing session state.
+
+## Scope
+
+- Build an end-to-end validation path that starts a daemon WebSocket endpoint, connects a client through remote transport, sends prompts, receives streamed events, disconnects, reconnects with `lastSeq`, and verifies missed event recovery.
+- Use the same daemon, client, CLI, session, config, provider, and transport paths that users run.
+- Verify token auth failure and success through the same product path.
+- Verify persistent JSONL session state is owned by the daemon and remains correct after reconnect.
+- Verify a real coding task in a real temporary workspace through a real LLM provider and a real JSONL session.
+- Update `docs/ROADMAP.md` to mark M4 steps and M4 status Done only after this spec passes.
+
+## Not In Scope
+
+- Public Internet deployment guidance.
+- TLS hardening or reverse proxy configuration.
+- Remote profile persistence.
+- WebUI / GUI validation.
+- Daemon crash recovery after hard kill.
+- Permission approval UI, sandbox, checkpoint restore.
+
+## Acceptance Criteria
+
+- A local CLI/client can connect to a daemon WebSocket endpoint using token auth.
+- A prompt sent from the local client runs on the daemon-owned session and streams events back over WebSocket.
+- A disconnected remote client can reconnect with `lastSeq` and receive missed events in order.
+- If in-memory buffers cannot satisfy resync, daemon falls back to persistent JSONL session replay where applicable.
+- Invalid tokens cannot observe or mutate session state.
+- The validation proves remote transport, auth, event broadcast, request/response, and session persistence together.
+- A real-provider validation proves the remote `scorel chat` product path with a real temporary workspace and real JSONL session.
+- `pnpm typecheck && pnpm test` passes.
+- `docs/ROADMAP.md` marks all M4 steps and M4 status as `Done` only after verification.
+
+## Tests
+
+- `pnpm --filter @scorel/client test`
+- `pnpm --filter @scorel/daemon test`
+- `pnpm --filter @scorel/app-cli test`
+- `pnpm --filter @scorel/app-daemon test`
+- `pnpm typecheck && pnpm test`
+- Required real-provider validation before marking M4 Done: remote daemon WebSocket endpoint + real LLM provider + real temporary coding workspace + real JSONL session.
+
+## Affected Paths
+
+- `apps/cli/src/`
+- `apps/daemon/src/`
+- `packages/client/src/`
+- `packages/daemon/src/`
+- `packages/protocol/src/`
+- `docs/ROADMAP.md`
+- `docs/spec/client.md`
+- `docs/spec/daemon.md`
+
+## Risks And Boundaries
+
+- A validation that only tests raw WebSocket messages does not prove user value. It must use `DaemonClient` and the product CLI path where possible.
+- A remote validation without reconnect/resync does not close M4.
+- Do not mark M4 Done while auth or reconnect remains only unit-tested in isolation.
+- Do not use mock/fake providers as completion proof.
+- Do not add test-only branches, special protocol messages, fake transports, or product behavior that exists only for validation.
+- If real provider credentials are unavailable, record that limitation and keep M4 Planned.

package/docs/spec/ship/S0024-remote-attach-interactive-stream.md

@@ -0,0 +1,49 @@
+# S0024: Remote Attach Interactive Stream
+
+## Goal
+
+Fix `scorel attach` so remote attached clients behave like live session viewers, not only prompt senders.
+
+Multiple attached clients must see the same session event stream, and a client that reconnects while a turn is still running must receive subsequent streamed events without sending another prompt.
+
+## Scope
+
+- Keep `scorel attach --remote` connected to the session event stream for the whole interactive process.
+- Render text deltas, tool results, and daemon errors from any client attached to the same session.
+- Remove the send-only temporary subscription behavior from attach.
+- Keep local socket attach and remote attach on the same interactive attach code path.
+- Add tests that start a real WebSocket server and verify a passive remote attach client receives session events without sending a prompt.
+- Verify the behavior with real daemon/client processes.
+
+## Not In Scope
+
+- Full TUI polish, prompt rendering, scrollback, or terminal layout.
+- Persisting per-client `lastSeq` across CLI process restarts.
+- Automatic reconnect loop after network failure.
+- Reconstructing partial transient deltas that were already emitted before a client connected.
+- Cancel/interrupt propagation to stop an in-flight remote turn.
+
+## Acceptance Criteria
+
+- Two remote `scorel attach` clients connected to the same session can both receive streamed events from one client prompt.
+- A passive attach client receives future events without sending input.
+- Reattaching while the daemon continues a turn receives subsequent events.
+- Local attach behavior remains green.
+- `pnpm typecheck && pnpm test` passes.
+
+## Tests
+
+- `pnpm --filter @scorel/app-cli test`
+- `pnpm typecheck && pnpm test`
+- Manual real-process validation: one `scorel-daemon serve` process and two `scorel attach --remote` clients sharing one session.
+
+## Affected Paths
+
+- `apps/cli/src/index.ts`
+- `apps/cli/src/index.test.ts`
+- `docs/ROADMAP.md`
+
+## Risks And Boundaries
+
+- This does not promise replay of transient text that was emitted before a client connected. Only future events and persistent session recovery are covered.
+- Do not add a fake transport or test-only CLI branch. Use the same `DaemonClient` and transport path as the product.