npm - @clawos-dev/clawd - Versions diffs - 0.2.64-beta.106.42f5a70 → 0.2.65-beta.107.ac81439 - Mend

@clawos-dev/clawd 0.2.64-beta.106.42f5a70 → 0.2.65-beta.107.ac81439

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/cli.cjs +409 -657
package/package.json +1 -1

package/dist/cli.cjs CHANGED Viewed

@@ -110,17 +110,12 @@ var init_methods = __esm({
       //   触发频率低（仅 window resize），response 也是 ack。
       "session:pty:input",
       "session:pty:resize",
-      // ---- attachment.* file-sharing（spec §5；详见 attachment-schemas.ts） ----
+      // ---- attachment.* file-sharing（详见 attachment-schemas.ts） ----
       // 命名警告：这里的 `attachment.*` RPC 与 CC v2.x 上行 `type:"attachment"` 系统行
       // （attachment-skills / attachment-deferred-tools / attachment_memories）是不同概念。
       // 全部管理类 RPC handler 入口 requireOwner（personal token 调任意一个都 403）；
-      // 实际文件传输走 HTTP 路由（GET/POST，详见 spec §5），不在白名单内。
-      "attachment.outboxCreate",
-      "attachment.outboxRevoke",
-      "attachment.outboxList",
-      "attachment.mountAdd",
-      "attachment.mountRemove",
-      "attachment.mountList",
+      // 实际文件传输走 HTTP 路由（GET /files?p=&e=&s=，签名验证），不在白名单内。
+      "attachment.signUrl",
       "attachment.groupAdd",
       "attachment.groupRemove",
       "attachment.groupList",
@@ -617,8 +612,8 @@ var init_parseUtil = __esm({
     init_errors2();
     init_en();
     makeIssue = (params) => {
-      const { data, path: path33, errorMaps, issueData } = params;
-      const fullPath = [...path33, ...issueData.path || []];
+      const { data, path: path31, errorMaps, issueData } = params;
+      const fullPath = [...path31, ...issueData.path || []];
       const fullIssue = {
         ...issueData,
         path: fullPath
@@ -929,11 +924,11 @@ var init_types = __esm({
     init_parseUtil();
     init_util();
     ParseInputLazyPath = class {
-      constructor(parent, value, path33, key) {
+      constructor(parent, value, path31, key) {
         this._cachedPath = [];
         this.parent = parent;
         this.data = value;
-        this._path = path33;
+        this._path = path31;
         this._key = key;
       }
       get path() {
@@ -4317,116 +4312,47 @@ var init_zod = __esm({
 });
 // ../protocol/src/attachment-schemas.ts
-var TOKEN_ROLES, GROUP_FILE_SOURCES, MOUNT_MODES, GroupFileEntrySchema, MountEntrySchema, OutboxScopeSchema, OutboxCapEntrySchema, AttachmentOutboxCreateArgs, AttachmentOutboxCreateResponseSchema, AttachmentOutboxRevokeArgs, AttachmentOutboxRevokeResponseSchema, AttachmentOutboxListArgs, AttachmentOutboxListResponseSchema, AttachmentMountAddArgs, AttachmentMountAddResponseSchema, AttachmentMountRemoveArgs, AttachmentMountRemoveResponseSchema, AttachmentMountListArgs, AttachmentMountListResponseSchema, AttachmentGroupAddArgs, AttachmentGroupAddResponseSchema, AttachmentGroupRemoveArgs, AttachmentGroupRemoveResponseSchema, AttachmentGroupListArgs, AttachmentGroupListResponseSchema, AttachmentGroupListPersonaArgs, AttachmentGroupListPersonaResponseSchema;
+var TOKEN_ROLES, GROUP_FILE_SOURCES, GroupFileEntrySchema, AttachmentSignUrlArgs, AttachmentSignUrlResponseSchema, AttachmentGroupAddArgs, AttachmentGroupAddResponseSchema, AttachmentGroupRemoveArgs, AttachmentGroupRemoveResponseSchema, AttachmentGroupListArgs, AttachmentGroupListResponseSchema, AttachmentGroupListPersonaArgs, AttachmentGroupListPersonaResponseSchema;
 var init_attachment_schemas = __esm({
   "../protocol/src/attachment-schemas.ts"() {
     "use strict";
     init_zod();
     TOKEN_ROLES = ["owner", "personal"];
     GROUP_FILE_SOURCES = ["agent", "owner"];
-    MOUNT_MODES = ["link", "copy"];
     GroupFileEntrySchema = external_exports.object({
       /** daemon 派发的稳定 id（用于 RPC remove / UI key） */
       id: external_exports.string().min(1),
       /** 相对 personaDir / sessionCwd 的路径 */
       relPath: external_exports.string().min(1),
       from: external_exports.enum(GROUP_FILE_SOURCES),
-      /** owner 手动加群时的可选备注 */
+      /** owner 手动加入时的可选备注 */
       label: external_exports.string().optional(),
       /** 文件字节数（stat 时拍） */
       size: external_exports.number().int().nonnegative(),
       mime: external_exports.string().min(1),
-      /** 入群时间戳（ms） */
+      /** 加入清单时间戳（ms） */
       addedAt: external_exports.number().int().nonnegative(),
       /** 最近一次 agent Write/Edit 时间戳（agent 反复改同 path 时更新） */
       lastEditedAt: external_exports.number().int().nonnegative().optional(),
       /** agent rm / 文件不见了时打标；UI 灰显，不能再 share */
       stale: external_exports.boolean().optional()
     });
-    MountEntrySchema = external_exports.object({
-      /** personaDir 下的 basename（link 目标 / copy 目的名） */
-      basename: external_exports.string().min(1),
-      /** 原始绝对路径（link 模式下 realpath 后用于 sandbox.allowRead 派生） */
+    AttachmentSignUrlArgs = external_exports.object({
+      /** 要分享的绝对路径；签名只关心 absPath，不区分 persona/session */
       absPath: external_exports.string().min(1),
-      mode: external_exports.enum(MOUNT_MODES)
+      /** TTL 秒数；缺省 24h；'never' 走 null 不带 exp 字段（永久有效） */
+      ttlSeconds: external_exports.number().int().positive().nullable().optional()
     });
-    OutboxScopeSchema = external_exports.discriminatedUnion("kind", [
-      external_exports.object({ kind: external_exports.literal("public") }),
-      external_exports.object({ kind: external_exports.literal("personal"), personalId: external_exports.string().min(1) })
-    ]);
-    OutboxCapEntrySchema = external_exports.object({
-      capToken: external_exports.string().min(1),
-      /** 归属：persona 域 cap 带 personaId；direct 会话 cap 带 sessionId */
-      scopeRef: external_exports.union([
-        external_exports.object({ kind: external_exports.literal("persona"), personaId: external_exports.string().min(1) }),
-        external_exports.object({ kind: external_exports.literal("session"), sessionId: external_exports.string().min(1) })
-      ]),
-      absPath: external_exports.string().min(1),
-      /** display name（UI 列表显示 + Share dialog 标题），通常等于 basename */
-      name: external_exports.string().min(1),
-      expiresAt: external_exports.number().int().nonnegative().nullable(),
-      oneShot: external_exports.boolean(),
-      scope: OutboxScopeSchema,
-      hits: external_exports.number().int().nonnegative(),
-      revoked: external_exports.boolean().optional(),
-      createdAt: external_exports.number().int().nonnegative()
-    });
-    AttachmentOutboxCreateArgs = external_exports.object({
-      /** persona 域：传 personaId；direct 会话：传 sessionId（二选一） */
-      personaId: external_exports.string().min(1).optional(),
-      sessionId: external_exports.string().min(1).optional(),
-      absPath: external_exports.string().min(1),
-      /** TTL 秒数；缺省 24h；'never' 走 null */
-      ttlSeconds: external_exports.number().int().positive().nullable().optional(),
-      oneShot: external_exports.boolean().optional(),
-      scope: OutboxScopeSchema.optional()
-    });
-    AttachmentOutboxCreateResponseSchema = external_exports.object({
-      capToken: external_exports.string().min(1),
-      /** 完整 URL（含 httpBaseUrl 前缀），UI 直接复制到剪贴板 */
+    AttachmentSignUrlResponseSchema = external_exports.object({
+      /** 完整 URL（含 httpBaseUrl 前缀），UI 直接 window.open / 复制到剪贴板 */
       url: external_exports.string().min(1),
+      /** 失效时间戳（ms）；null = 永久 */
       expiresAt: external_exports.number().int().nonnegative().nullable()
     });
-    AttachmentOutboxRevokeArgs = external_exports.object({
-      capToken: external_exports.string().min(1)
-    });
-    AttachmentOutboxRevokeResponseSchema = external_exports.object({
-      revoked: external_exports.literal(true)
-    });
-    AttachmentOutboxListArgs = external_exports.object({
-      /** 缺省 = 全部（含 direct 会话）；传 personaId 过滤到该 persona */
-      personaId: external_exports.string().min(1).optional()
-    });
-    AttachmentOutboxListResponseSchema = external_exports.object({
-      entries: external_exports.array(OutboxCapEntrySchema)
-    });
-    AttachmentMountAddArgs = external_exports.object({
-      personaId: external_exports.string().min(1),
-      absPath: external_exports.string().min(1),
-      mode: external_exports.enum(MOUNT_MODES)
-    });
-    AttachmentMountAddResponseSchema = external_exports.object({
-      entry: MountEntrySchema,
-      /** sandbox.allowRead 派生后是否需要重启 session 才能让 CC 子进程跟 symlink */
-      sandboxRestartNeeded: external_exports.boolean()
-    });
-    AttachmentMountRemoveArgs = external_exports.object({
-      personaId: external_exports.string().min(1),
-      basename: external_exports.string().min(1)
-    });
-    AttachmentMountRemoveResponseSchema = external_exports.object({
-      removed: external_exports.literal(true)
-    });
-    AttachmentMountListArgs = external_exports.object({
-      personaId: external_exports.string().min(1)
-    });
-    AttachmentMountListResponseSchema = external_exports.object({
-      entries: external_exports.array(MountEntrySchema)
-    });
     AttachmentGroupAddArgs = external_exports.object({
       sessionId: external_exports.string().min(1),
       relPath: external_exports.string().min(1),
-      /** owner 手动加群时可选备注；agent 自动入清单不走此 RPC */
+      /** owner 手动加入时可选备注；agent 自动入清单不走此 RPC */
       label: external_exports.string().optional()
     });
     AttachmentGroupAddResponseSchema = external_exports.object({
@@ -5543,8 +5469,8 @@ var require_req = __commonJS({
       if (req.originalUrl) {
         _req.url = req.originalUrl;
       } else {
-        const path33 = req.path;
-        _req.url = typeof path33 === "string" ? path33 : req.url ? req.url.path || req.url : void 0;
+        const path31 = req.path;
+        _req.url = typeof path31 === "string" ? path31 : req.url ? req.url.path || req.url : void 0;
       }
       if (req.query) {
         _req.query = req.query;
@@ -5709,14 +5635,14 @@ var require_redact = __commonJS({
       }
       return obj;
     }
-    function parsePath(path33) {
+    function parsePath(path31) {
       const parts = [];
       let current = "";
       let inBrackets = false;
       let inQuotes = false;
       let quoteChar = "";
-      for (let i = 0; i < path33.length; i++) {
-        const char = path33[i];
+      for (let i = 0; i < path31.length; i++) {
+        const char = path31[i];
         if (!inBrackets && char === ".") {
           if (current) {
             parts.push(current);
@@ -5847,10 +5773,10 @@ var require_redact = __commonJS({
       return current;
     }
     function redactPaths(obj, paths, censor, remove = false) {
-      for (const path33 of paths) {
-        const parts = parsePath(path33);
+      for (const path31 of paths) {
+        const parts = parsePath(path31);
         if (parts.includes("*")) {
-          redactWildcardPath(obj, parts, censor, path33, remove);
+          redactWildcardPath(obj, parts, censor, path31, remove);
         } else {
           if (remove) {
             removeKey(obj, parts);
@@ -5935,8 +5861,8 @@ var require_redact = __commonJS({
           }
         } else {
           if (afterWildcard.includes("*")) {
-            const wrappedCensor = typeof censor === "function" ? (value, path33) => {
-              const fullPath = [...pathArray.slice(0, pathLength), ...path33];
+            const wrappedCensor = typeof censor === "function" ? (value, path31) => {
+              const fullPath = [...pathArray.slice(0, pathLength), ...path31];
               return censor(value, fullPath);
             } : censor;
             redactWildcardPath(current, afterWildcard, wrappedCensor, originalPath, remove);
@@ -5971,8 +5897,8 @@ var require_redact = __commonJS({
         return null;
       }
       const pathStructure = /* @__PURE__ */ new Map();
-      for (const path33 of pathsToClone) {
-        const parts = parsePath(path33);
+      for (const path31 of pathsToClone) {
+        const parts = parsePath(path31);
         let current = pathStructure;
         for (let i = 0; i < parts.length; i++) {
           const part = parts[i];
@@ -6024,24 +5950,24 @@ var require_redact = __commonJS({
       }
       return cloneSelectively(obj, pathStructure);
     }
-    function validatePath(path33) {
-      if (typeof path33 !== "string") {
+    function validatePath(path31) {
+      if (typeof path31 !== "string") {
         throw new Error("Paths must be (non-empty) strings");
       }
-      if (path33 === "") {
+      if (path31 === "") {
         throw new Error("Invalid redaction path ()");
       }
-      if (path33.includes("..")) {
-        throw new Error(`Invalid redaction path (${path33})`);
+      if (path31.includes("..")) {
+        throw new Error(`Invalid redaction path (${path31})`);
       }
-      if (path33.includes(",")) {
-        throw new Error(`Invalid redaction path (${path33})`);
+      if (path31.includes(",")) {
+        throw new Error(`Invalid redaction path (${path31})`);
       }
       let bracketCount = 0;
       let inQuotes = false;
       let quoteChar = "";
-      for (let i = 0; i < path33.length; i++) {
-        const char = path33[i];
+      for (let i = 0; i < path31.length; i++) {
+        const char = path31[i];
         if ((char === '"' || char === "'") && bracketCount > 0) {
           if (!inQuotes) {
             inQuotes = true;
@@ -6055,20 +5981,20 @@ var require_redact = __commonJS({
         } else if (char === "]" && !inQuotes) {
           bracketCount--;
           if (bracketCount < 0) {
-            throw new Error(`Invalid redaction path (${path33})`);
+            throw new Error(`Invalid redaction path (${path31})`);
           }
         }
       }
       if (bracketCount !== 0) {
-        throw new Error(`Invalid redaction path (${path33})`);
+        throw new Error(`Invalid redaction path (${path31})`);
       }
     }
     function validatePaths(paths) {
       if (!Array.isArray(paths)) {
         throw new TypeError("paths must be an array");
       }
-      for (const path33 of paths) {
-        validatePath(path33);
+      for (const path31 of paths) {
+        validatePath(path31);
       }
     }
     function slowRedact(options = {}) {
@@ -6236,8 +6162,8 @@ var require_redaction = __commonJS({
         if (shape[k2] === null) {
           o[k2] = (value) => topCensor(value, [k2]);
         } else {
-          const wrappedCensor = typeof censor === "function" ? (value, path33) => {
-            return censor(value, [k2, ...path33]);
+          const wrappedCensor = typeof censor === "function" ? (value, path31) => {
+            return censor(value, [k2, ...path31]);
           } : censor;
           o[k2] = Redact({
             paths: shape[k2],
@@ -6455,10 +6381,10 @@ var require_atomic_sleep = __commonJS({
 var require_sonic_boom = __commonJS({
   "../node_modules/.pnpm/sonic-boom@4.2.1/node_modules/sonic-boom/index.js"(exports2, module2) {
     "use strict";
-    var fs30 = require("fs");
+    var fs28 = require("fs");
     var EventEmitter2 = require("events");
     var inherits = require("util").inherits;
-    var path33 = require("path");
+    var path31 = require("path");
     var sleep = require_atomic_sleep();
     var assert = require("assert");
     var BUSY_WRITE_TIMEOUT = 100;
@@ -6512,20 +6438,20 @@ var require_sonic_boom = __commonJS({
       const mode = sonic.mode;
       if (sonic.sync) {
         try {
-          if (sonic.mkdir) fs30.mkdirSync(path33.dirname(file), { recursive: true });
-          const fd = fs30.openSync(file, flags, mode);
+          if (sonic.mkdir) fs28.mkdirSync(path31.dirname(file), { recursive: true });
+          const fd = fs28.openSync(file, flags, mode);
           fileOpened(null, fd);
         } catch (err) {
           fileOpened(err);
           throw err;
         }
       } else if (sonic.mkdir) {
-        fs30.mkdir(path33.dirname(file), { recursive: true }, (err) => {
+        fs28.mkdir(path31.dirname(file), { recursive: true }, (err) => {
           if (err) return fileOpened(err);
-          fs30.open(file, flags, mode, fileOpened);
+          fs28.open(file, flags, mode, fileOpened);
         });
       } else {
-        fs30.open(file, flags, mode, fileOpened);
+        fs28.open(file, flags, mode, fileOpened);
       }
     }
     function SonicBoom(opts) {
@@ -6566,8 +6492,8 @@ var require_sonic_boom = __commonJS({
         this.flush = flushBuffer;
         this.flushSync = flushBufferSync;
         this._actualWrite = actualWriteBuffer;
-        fsWriteSync = () => fs30.writeSync(this.fd, this._writingBuf);
-        fsWrite = () => fs30.write(this.fd, this._writingBuf, this.release);
+        fsWriteSync = () => fs28.writeSync(this.fd, this._writingBuf);
+        fsWrite = () => fs28.write(this.fd, this._writingBuf, this.release);
       } else if (contentMode === void 0 || contentMode === kContentModeUtf8) {
         this._writingBuf = "";
         this.write = write;
@@ -6576,15 +6502,15 @@ var require_sonic_boom = __commonJS({
         this._actualWrite = actualWrite;
         fsWriteSync = () => {
           if (Buffer.isBuffer(this._writingBuf)) {
-            return fs30.writeSync(this.fd, this._writingBuf);
+            return fs28.writeSync(this.fd, this._writingBuf);
           }
-          return fs30.writeSync(this.fd, this._writingBuf, "utf8");
+          return fs28.writeSync(this.fd, this._writingBuf, "utf8");
         };
         fsWrite = () => {
           if (Buffer.isBuffer(this._writingBuf)) {
-            return fs30.write(this.fd, this._writingBuf, this.release);
+            return fs28.write(this.fd, this._writingBuf, this.release);
           }
-          return fs30.write(this.fd, this._writingBuf, "utf8", this.release);
+          return fs28.write(this.fd, this._writingBuf, "utf8", this.release);
         };
       } else {
         throw new Error(`SonicBoom supports "${kContentModeUtf8}" and "${kContentModeBuffer}", but passed ${contentMode}`);
@@ -6641,7 +6567,7 @@ var require_sonic_boom = __commonJS({
           }
         }
         if (this._fsync) {
-          fs30.fsyncSync(this.fd);
+          fs28.fsyncSync(this.fd);
         }
         const len = this._len;
         if (this._reopening) {
@@ -6755,7 +6681,7 @@ var require_sonic_boom = __commonJS({
       const onDrain = () => {
         if (!this._fsync) {
           try {
-            fs30.fsync(this.fd, (err) => {
+            fs28.fsync(this.fd, (err) => {
               this._flushPending = false;
               cb(err);
             });
@@ -6857,7 +6783,7 @@ var require_sonic_boom = __commonJS({
       const fd = this.fd;
       this.once("ready", () => {
         if (fd !== this.fd) {
-          fs30.close(fd, (err) => {
+          fs28.close(fd, (err) => {
             if (err) {
               return this.emit("error", err);
             }
@@ -6906,7 +6832,7 @@ var require_sonic_boom = __commonJS({
           buf = this._bufs[0];
         }
         try {
-          const n = Buffer.isBuffer(buf) ? fs30.writeSync(this.fd, buf) : fs30.writeSync(this.fd, buf, "utf8");
+          const n = Buffer.isBuffer(buf) ? fs28.writeSync(this.fd, buf) : fs28.writeSync(this.fd, buf, "utf8");
           const releasedBufObj = releaseWritingBuf(buf, this._len, n);
           buf = releasedBufObj.writingBuf;
           this._len = releasedBufObj.len;
@@ -6922,7 +6848,7 @@ var require_sonic_boom = __commonJS({
         }
       }
       try {
-        fs30.fsyncSync(this.fd);
+        fs28.fsyncSync(this.fd);
       } catch {
       }
     }
@@ -6943,7 +6869,7 @@ var require_sonic_boom = __commonJS({
           buf = mergeBuf(this._bufs[0], this._lens[0]);
         }
         try {
-          const n = fs30.writeSync(this.fd, buf);
+          const n = fs28.writeSync(this.fd, buf);
           buf = buf.subarray(n);
           this._len = Math.max(this._len - n, 0);
           if (buf.length <= 0) {
@@ -6971,13 +6897,13 @@ var require_sonic_boom = __commonJS({
       this._writingBuf = this._writingBuf.length ? this._writingBuf : this._bufs.shift() || "";
       if (this.sync) {
         try {
-          const written = Buffer.isBuffer(this._writingBuf) ? fs30.writeSync(this.fd, this._writingBuf) : fs30.writeSync(this.fd, this._writingBuf, "utf8");
+          const written = Buffer.isBuffer(this._writingBuf) ? fs28.writeSync(this.fd, this._writingBuf) : fs28.writeSync(this.fd, this._writingBuf, "utf8");
           release(null, written);
         } catch (err) {
           release(err);
         }
       } else {
-        fs30.write(this.fd, this._writingBuf, release);
+        fs28.write(this.fd, this._writingBuf, release);
       }
     }
     function actualWriteBuffer() {
@@ -6986,7 +6912,7 @@ var require_sonic_boom = __commonJS({
       this._writingBuf = this._writingBuf.length ? this._writingBuf : mergeBuf(this._bufs.shift(), this._lens.shift());
       if (this.sync) {
         try {
-          const written = fs30.writeSync(this.fd, this._writingBuf);
+          const written = fs28.writeSync(this.fd, this._writingBuf);
           release(null, written);
         } catch (err) {
           release(err);
@@ -6995,7 +6921,7 @@ var require_sonic_boom = __commonJS({
         if (kCopyBuffer) {
           this._writingBuf = Buffer.from(this._writingBuf);
         }
-        fs30.write(this.fd, this._writingBuf, release);
+        fs28.write(this.fd, this._writingBuf, release);
       }
     }
     function actualClose(sonic) {
@@ -7011,12 +6937,12 @@ var require_sonic_boom = __commonJS({
       sonic._lens = [];
       assert(typeof sonic.fd === "number", `sonic.fd must be a number, got ${typeof sonic.fd}`);
       try {
-        fs30.fsync(sonic.fd, closeWrapped);
+        fs28.fsync(sonic.fd, closeWrapped);
       } catch {
       }
       function closeWrapped() {
         if (sonic.fd !== 1 && sonic.fd !== 2) {
-          fs30.close(sonic.fd, done);
+          fs28.close(sonic.fd, done);
         } else {
           done();
         }
@@ -10151,11 +10077,11 @@ var init_lib = __esm({
           }
         }
       },
-      addToPath: function addToPath(path33, added, removed, oldPosInc, options) {
-        var last = path33.lastComponent;
+      addToPath: function addToPath(path31, added, removed, oldPosInc, options) {
+        var last = path31.lastComponent;
         if (last && !options.oneChangePerToken && last.added === added && last.removed === removed) {
           return {
-            oldPos: path33.oldPos + oldPosInc,
+            oldPos: path31.oldPos + oldPosInc,
             lastComponent: {
               count: last.count + 1,
               added,
@@ -10165,7 +10091,7 @@ var init_lib = __esm({
           };
         } else {
           return {
-            oldPos: path33.oldPos + oldPosInc,
+            oldPos: path31.oldPos + oldPosInc,
             lastComponent: {
               count: 1,
               added,
@@ -10596,10 +10522,10 @@ function attachmentToHistoryMessage(o, ts) {
     const memories = raw.map((m2) => {
       if (!m2 || typeof m2 !== "object") return null;
       const rec = m2;
-      const path33 = typeof rec.path === "string" ? rec.path : null;
+      const path31 = typeof rec.path === "string" ? rec.path : null;
       const content = typeof rec.content === "string" ? rec.content : null;
-      if (!path33 || content == null) return null;
-      const entry = { path: path33, content };
+      if (!path31 || content == null) return null;
+      const entry = { path: path31, content };
       if (typeof rec.mtimeMs === "number") entry.mtimeMs = rec.mtimeMs;
       return entry;
     }).filter((m2) => m2 !== null);
@@ -11403,10 +11329,10 @@ function parseAttachment(obj) {
     const memories = raw.map((m2) => {
       if (!m2 || typeof m2 !== "object") return null;
       const rec = m2;
-      const path33 = typeof rec.path === "string" ? rec.path : null;
+      const path31 = typeof rec.path === "string" ? rec.path : null;
       const content = typeof rec.content === "string" ? rec.content : null;
-      if (!path33 || content == null) return null;
-      const out = { path: path33, content };
+      if (!path31 || content == null) return null;
+      const out = { path: path31, content };
       if (typeof rec.mtimeMs === "number") out.mtimeMs = rec.mtimeMs;
       return out;
     }).filter((m2) => m2 !== null);
@@ -20320,7 +20246,7 @@ var require_websocket_server = __commonJS({
 // src/run-case/recorder.ts
 function startRunCaseRecorder(opts) {
   const now = opts.now ?? Date.now;
-  const dir = import_node_path29.default.dirname(opts.recordPath);
+  const dir = import_node_path27.default.dirname(opts.recordPath);
   let stream = null;
   let closing = false;
   let closedSettled = false;
@@ -20334,8 +20260,8 @@ function startRunCaseRecorder(opts) {
   });
   const ensureStream = () => {
     if (stream) return stream;
-    import_node_fs27.default.mkdirSync(dir, { recursive: true });
-    stream = import_node_fs27.default.createWriteStream(opts.recordPath, { flags: "a" });
+    import_node_fs25.default.mkdirSync(dir, { recursive: true });
+    stream = import_node_fs25.default.createWriteStream(opts.recordPath, { flags: "a" });
     stream.on("close", () => closedResolve());
     return stream;
   };
@@ -20360,12 +20286,12 @@ function startRunCaseRecorder(opts) {
   };
   return { tap, close, closed };
 }
-var import_node_fs27, import_node_path29;
+var import_node_fs25, import_node_path27;
 var init_recorder = __esm({
   "src/run-case/recorder.ts"() {
     "use strict";
-    import_node_fs27 = __toESM(require("fs"), 1);
-    import_node_path29 = __toESM(require("path"), 1);
+    import_node_fs25 = __toESM(require("fs"), 1);
+    import_node_path27 = __toESM(require("path"), 1);
   }
 });
@@ -20408,7 +20334,7 @@ var init_wire = __esm({
 // src/run-case/controller.ts
 async function runController(opts) {
   const now = opts.now ?? Date.now;
-  const cwd = opts.cwd ?? (0, import_node_fs28.mkdtempSync)(import_node_path30.default.join(import_node_os15.default.tmpdir(), "clawd-runcase-"));
+  const cwd = opts.cwd ?? (0, import_node_fs26.mkdtempSync)(import_node_path28.default.join(import_node_os15.default.tmpdir(), "clawd-runcase-"));
   const ownsCwd = opts.cwd === void 0;
   const recorder = startRunCaseRecorder({ recordPath: opts.record, now });
   const spawnCtx = { cwd };
@@ -20569,19 +20495,19 @@ async function runController(opts) {
   if (sigintHandler) process.off("SIGINT", sigintHandler);
   if (ownsCwd) {
     try {
-      (0, import_node_fs28.rmSync)(cwd, { recursive: true, force: true });
+      (0, import_node_fs26.rmSync)(cwd, { recursive: true, force: true });
     } catch {
     }
   }
   return exitCode ?? 0;
 }
-var import_node_fs28, import_node_os15, import_node_path30;
+var import_node_fs26, import_node_os15, import_node_path28;
 var init_controller = __esm({
   "src/run-case/controller.ts"() {
     "use strict";
-    import_node_fs28 = require("fs");
+    import_node_fs26 = require("fs");
     import_node_os15 = __toESM(require("os"), 1);
-    import_node_path30 = __toESM(require("path"), 1);
+    import_node_path28 = __toESM(require("path"), 1);
     init_claude();
     init_stdout_splitter();
     init_permission_stdio();
@@ -20813,8 +20739,8 @@ Env (advanced):
 `;
 // src/index.ts
-var import_node_path28 = __toESM(require("path"), 1);
-var import_node_fs26 = __toESM(require("fs"), 1);
+var import_node_path26 = __toESM(require("path"), 1);
+var import_node_fs24 = __toESM(require("fs"), 1);
 // src/logger.ts
 var import_node_fs2 = __toESM(require("fs"), 1);
@@ -26540,40 +26466,178 @@ function safeRealpath(p2) {
 // src/attachment/mime.ts
 var import_node_path15 = __toESM(require("path"), 1);
-var EXT_TO_MIME = {
-  ".md": "text/markdown",
-  ".markdown": "text/markdown",
-  ".txt": "text/plain",
-  ".log": "text/plain",
-  ".json": "application/json",
-  ".html": "text/html",
-  ".htm": "text/html",
-  ".css": "text/css",
-  ".js": "application/javascript",
-  ".ts": "application/typescript",
-  ".tsx": "application/typescript",
+var TEXT_PLAIN = "text/plain; charset=utf-8";
+var EXT_TO_NATIVE_MIME = {
+  // 图片
   ".png": "image/png",
   ".jpg": "image/jpeg",
   ".jpeg": "image/jpeg",
   ".gif": "image/gif",
   ".webp": "image/webp",
   ".svg": "image/svg+xml",
+  ".bmp": "image/bmp",
+  ".ico": "image/x-icon",
+  ".avif": "image/avif",
+  // 文档 / 富文本
   ".pdf": "application/pdf",
+  ".html": "text/html; charset=utf-8",
+  ".htm": "text/html; charset=utf-8",
+  // 视频 / 音频
   ".mp4": "video/mp4",
   ".webm": "video/webm",
+  ".mov": "video/quicktime",
   ".mp3": "audio/mpeg",
   ".wav": "audio/wav",
+  ".ogg": "audio/ogg",
+  ".flac": "audio/flac",
+  // 真二进制（让浏览器下载而不是错把它当文本明文）
   ".zip": "application/zip",
   ".gz": "application/gzip",
   ".tar": "application/x-tar",
-  ".csv": "text/csv",
-  ".xml": "application/xml",
-  ".yaml": "application/yaml",
-  ".yml": "application/yaml"
+  ".7z": "application/x-7z-compressed",
+  ".rar": "application/x-rar-compressed"
 };
+var TEXT_EXTENSIONS = /* @__PURE__ */ new Set([
+  // 文档
+  ".md",
+  ".markdown",
+  ".rst",
+  ".adoc",
+  ".txt",
+  ".log",
+  // 通用结构化
+  ".json",
+  ".jsonc",
+  ".json5",
+  ".yaml",
+  ".yml",
+  ".toml",
+  ".xml",
+  ".csv",
+  ".tsv",
+  ".ini",
+  ".conf",
+  ".cfg",
+  ".env",
+  // 前端
+  ".js",
+  ".jsx",
+  ".mjs",
+  ".cjs",
+  ".ts",
+  ".tsx",
+  ".css",
+  ".scss",
+  ".sass",
+  ".less",
+  ".vue",
+  ".svelte",
+  ".graphql",
+  ".gql",
+  // 后端 / 各语言
+  ".py",
+  ".rb",
+  ".go",
+  ".rs",
+  ".java",
+  ".kt",
+  ".kts",
+  ".scala",
+  ".c",
+  ".h",
+  ".cpp",
+  ".hpp",
+  ".cc",
+  ".hh",
+  ".cs",
+  ".php",
+  ".swift",
+  ".m",
+  ".mm",
+  ".dart",
+  ".lua",
+  ".pl",
+  ".r",
+  ".sh",
+  ".bash",
+  ".zsh",
+  ".fish",
+  // 其他
+  ".sql",
+  ".proto",
+  ".dockerfile",
+  ".diff",
+  ".patch",
+  ".makefile",
+  ".mk"
+]);
 function lookupMime(filePathOrName) {
   const ext = import_node_path15.default.extname(filePathOrName).toLowerCase();
-  return EXT_TO_MIME[ext] ?? "application/octet-stream";
+  if (EXT_TO_NATIVE_MIME[ext]) return EXT_TO_NATIVE_MIME[ext];
+  if (TEXT_EXTENSIONS.has(ext)) return TEXT_PLAIN;
+  return "application/octet-stream";
+}
+// src/attachment/sign-url.ts
+var import_node_crypto5 = __toESM(require("crypto"), 1);
+var HMAC_ALGO = "sha256";
+function base64urlEncode(buf) {
+  const b2 = typeof buf === "string" ? Buffer.from(buf, "utf8") : buf;
+  return b2.toString("base64url");
+}
+function base64urlDecodeBuf(s) {
+  return Buffer.from(s, "base64url");
+}
+function encodeAbsPathForUrl(absPath) {
+  return absPath.split("/").map(encodeURIComponent).join("/");
+}
+function decodeAbsPathFromUrl(encoded) {
+  return encoded.split("/").map(decodeURIComponent).join("/");
+}
+function computeSig(secret, absPath, e) {
+  const msg = e === null ? absPath : `${absPath}|${e}`;
+  return import_node_crypto5.default.createHmac(HMAC_ALGO, secret).update(msg).digest();
+}
+function signUrlParts(secret, absPath, ttlSeconds, now = Date.now) {
+  const e = ttlSeconds === null ? null : Math.floor(now() / 1e3) + ttlSeconds;
+  const s = base64urlEncode(computeSig(secret, absPath, e));
+  return { absPath, e, s };
+}
+function buildSignedFileUrl(httpBaseUrl, parts) {
+  const encodedPath = encodeAbsPathForUrl(parts.absPath);
+  const query = parts.e === null ? `s=${encodeURIComponent(parts.s)}` : `e=${parts.e}&s=${encodeURIComponent(parts.s)}`;
+  const base = httpBaseUrl.endsWith("/") ? httpBaseUrl.slice(0, -1) : httpBaseUrl;
+  return `${base}/files${encodedPath}?${query}`;
+}
+function verifySignedUrl(secret, absPath, eRaw, s, now = Date.now) {
+  let e;
+  if (eRaw === null || eRaw === void 0 || eRaw === "") {
+    e = null;
+  } else {
+    const parsed = Number.parseInt(eRaw, 10);
+    if (!Number.isFinite(parsed) || parsed < 0) {
+      return { ok: false, code: "MALFORMED" };
+    }
+    e = parsed;
+  }
+  if (!absPath || !s) return { ok: false, code: "MALFORMED" };
+  const expected = computeSig(secret, absPath, e);
+  let provided;
+  try {
+    provided = base64urlDecodeBuf(s);
+  } catch {
+    return { ok: false, code: "MALFORMED" };
+  }
+  if (provided.length !== expected.length) {
+    return { ok: false, code: "BAD_SIG" };
+  }
+  if (!import_node_crypto5.default.timingSafeEqual(provided, expected)) {
+    return { ok: false, code: "BAD_SIG" };
+  }
+  if (e !== null && now() / 1e3 > e) {
+    return { ok: false, code: "EXPIRED" };
+  }
+  return { ok: true, absPath };
 }
 // src/transport/http-router.ts
@@ -26588,43 +26652,37 @@ function createHttpRouter(deps) {
       sendJson(res, 200, { ok: true, version: deps.daemonVersion });
       return true;
     }
-    if (!url.pathname.startsWith("/persona/") && !url.pathname.startsWith("/session/") && url.pathname !== "/outbox" && !url.pathname.startsWith("/outbox/")) {
+    if (!url.pathname.startsWith("/persona/") && !url.pathname.startsWith("/session/") && !url.pathname.startsWith("/files/")) {
       return false;
     }
-    {
-      const directMatch = url.pathname.match(/^\/outbox\/([^/]+)$/);
-      const personaMatch = url.pathname.match(/^\/persona\/([^/]+)\/outbox\/([^/]+)$/);
-      if (directMatch || personaMatch) {
-        if (!deps.outboxStore) {
-          sendJson(res, 501, { code: "NOT_IMPLEMENTED", message: "outbox store not wired" });
-          return true;
-        }
-        const capToken = directMatch ? directMatch[1] : personaMatch[2];
-        const lookup = deps.outboxStore.lookup(capToken);
-        if (!lookup.ok) {
-          const statusByCode = {
-            NOT_FOUND: 404,
-            EXPIRED: 410,
-            REVOKED: 410
-          };
-          sendJson(res, statusByCode[lookup.code], { code: lookup.code, message: "outbox cap not usable" });
-          return true;
-        }
-        const { entry } = lookup;
-        if (entry.scope.kind === "personal") {
-          const ctx2 = deps.authResolver.resolveFromHeader(
-            req.headers.authorization,
-            req.socket.remoteAddress ?? void 0
-          );
-          if (!ctx2 || ctx2.role !== "personal" || ctx2.personaId !== entry.scope.personalId) {
-            sendJson(res, 403, { code: "FORBIDDEN", message: "personal-scoped cap requires matching token" });
-            return true;
-          }
-        }
-        const outboxStore = deps.outboxStore;
-        streamFile(res, entry.absPath, deps.logger, () => outboxStore.consume(capToken));
+    if (url.pathname.startsWith("/files/") && req.method === "GET") {
+      const secret = deps.getSignSecret?.();
+      if (!secret) {
+        sendJson(res, 501, { code: "NOT_IMPLEMENTED", message: "signed URL secret unavailable (noAuth?)" });
+        return true;
+      }
+      const encodedPath = url.pathname.slice("/files".length);
+      let absPath;
+      try {
+        absPath = decodeAbsPathFromUrl(encodedPath);
+      } catch {
+        sendJson(res, 400, { code: "MALFORMED", message: "invalid path encoding" });
+        return true;
+      }
+      const e = url.searchParams.get("e");
+      const s = url.searchParams.get("s") ?? "";
+      const r = verifySignedUrl(secret, absPath, e, s);
+      if (!r.ok) {
+        const statusByCode = {
+          BAD_SIG: 403,
+          EXPIRED: 410,
+          MALFORMED: 400
+        };
+        sendJson(res, statusByCode[r.code], { code: r.code, message: "signed URL invalid" });
         return true;
       }
+      streamFile(res, r.absPath, deps.logger);
+      return true;
     }
     const ctx = deps.authResolver.resolveFromHeader(
       req.headers.authorization,
@@ -26694,10 +26752,6 @@ function createHttpRouter(deps) {
       streamFile(res, absPath, deps.logger);
       return true;
     }
-    if (/^\/persona\/[^/]+\/attachment-meta$/.test(url.pathname) && req.method === "GET") {
-      sendJson(res, 501, withCtx(ctx, { code: "NOT_IMPLEMENTED", message: "attachment-meta \u2014 PR 6" }));
-      return true;
-    }
     sendJson(res, 404, { code: "NOT_FOUND", message: `no route for ${req.method} ${url.pathname}` });
     return true;
   };
@@ -26723,7 +26777,7 @@ function isContainedIn(abs, root) {
   if (normalized === normalizedRoot) return true;
   return normalized.startsWith(normalizedRoot + import_node_path16.default.sep);
 }
-function streamFile(res, absPath, logger, onComplete) {
+function streamFile(res, absPath, logger) {
   let stat;
   try {
     stat = import_node_fs14.default.statSync(absPath);
@@ -26741,10 +26795,12 @@ function streamFile(res, absPath, logger, onComplete) {
     return;
   }
   const mime = lookupMime(absPath);
+  const basename = import_node_path16.default.basename(absPath);
   res.writeHead(200, {
     "Content-Type": mime,
     "Content-Length": String(stat.size),
-    // 防止浏览器把任意 mime 当 html 渲染（spec §11 #8 安全心智）
+    "Content-Disposition": `inline; filename*=UTF-8''${encodeURIComponent(basename)}`,
+    // 防止浏览器把任意 mime 当 html 渲染
     "X-Content-Type-Options": "nosniff"
   });
   const stream = import_node_fs14.default.createReadStream(absPath);
@@ -26752,228 +26808,14 @@ function streamFile(res, absPath, logger, onComplete) {
     logger?.warn("streamFile read error", { absPath, err: err.message });
     res.destroy();
   });
-  if (onComplete) {
-    res.once("finish", onComplete);
-  }
   stream.pipe(res);
 }
-// src/attachment/outbox.ts
+// src/discovery/state-file.ts
 var import_node_fs15 = __toESM(require("fs"), 1);
 var import_node_path17 = __toESM(require("path"), 1);
-var import_node_crypto5 = __toESM(require("crypto"), 1);
-init_protocol();
-var FILE_NAME = "outbox-caps.json";
-var OutboxStore = class {
-  file;
-  now;
-  logger;
-  cache = [];
-  constructor(opts) {
-    this.file = import_node_path17.default.join(opts.dataDir, FILE_NAME);
-    this.now = opts.now ?? Date.now;
-    this.logger = opts.logger;
-    this.reload();
-  }
-  reload() {
-    try {
-      const raw = import_node_fs15.default.readFileSync(this.file, "utf8");
-      const parsed = JSON.parse(raw);
-      if (!Array.isArray(parsed)) {
-        this.logger?.warn("OutboxStore.reload: outbox-caps.json is not an array; resetting", {
-          file: this.file
-        });
-        this.cache = [];
-        return;
-      }
-      const out = [];
-      for (const item of parsed) {
-        const r = OutboxCapEntrySchema.safeParse(item);
-        if (r.success) out.push(r.data);
-      }
-      this.cache = out;
-    } catch (err) {
-      const code = err?.code;
-      if (code !== "ENOENT") {
-        this.logger?.warn("OutboxStore.reload failed; outbox-caps.json may be corrupt", {
-          file: this.file,
-          err: err.message
-        });
-      }
-      this.cache = [];
-    }
-  }
-  persist() {
-    import_node_fs15.default.mkdirSync(import_node_path17.default.dirname(this.file), { recursive: true });
-    const tmp = `${this.file}.tmp-${process.pid}-${Date.now()}`;
-    import_node_fs15.default.writeFileSync(tmp, JSON.stringify(this.cache, null, 2), { mode: 384 });
-    import_node_fs15.default.renameSync(tmp, this.file);
-  }
-  /** 列出当前缓存（含 revoked / 过期，UI Drawer 显灰；过滤靠调用方） */
-  list() {
-    return this.cache.slice();
-  }
-  /** 按 personaId / sessionId 过滤；为 outbox Drawer 服务 */
-  listByPersona(personaId) {
-    return this.cache.filter(
-      (c) => c.scopeRef.kind === "persona" && c.scopeRef.personaId === personaId
-    );
-  }
-  /**
-   * Mint a new cap. capToken = 32B 随机 base64url（256-bit entropy），spec §11 #8 防剪贴板/微信
-   * 截图泄露通过短码的暴力面。返回完整 entry 让 caller 拼 URL。
-   *
-   * @param ttlSeconds null = 永久；undefined = 默认 24h（spec §12）
-   */
-  mint(input) {
-    const ts = this.now();
-    const ttl = input.ttlSeconds === null ? null : input.ttlSeconds ?? 24 * 3600;
-    const entry = {
-      capToken: import_node_crypto5.default.randomBytes(32).toString("base64url"),
-      scopeRef: input.scopeRef,
-      absPath: input.absPath,
-      name: input.name,
-      expiresAt: ttl === null ? null : ts + ttl * 1e3,
-      oneShot: input.oneShot ?? false,
-      scope: input.scope ?? { kind: "public" },
-      hits: 0,
-      createdAt: ts
-    };
-    this.cache.push(entry);
-    this.persist();
-    return entry;
-  }
-  /** Mark revoked；不删除条目（便于审计），上层 lookup 后返回 410 */
-  revoke(capToken) {
-    const idx = this.cache.findIndex((c) => c.capToken === capToken);
-    if (idx < 0) return false;
-    if (this.cache[idx].revoked) return false;
-    this.cache[idx] = { ...this.cache[idx], revoked: true };
-    this.persist();
-    return true;
-  }
-  /**
-   * HTTP 层用：根据 capToken 找到 entry 并判定能不能用。
-   * 三种结果：
-   *   - { ok: true, entry }                可用，调用方流文件
-   *   - { ok: false, code: 'EXPIRED' | 'REVOKED' | 'NOT_FOUND' }
-   *
-   * 命中 + oneShot=true 时由调用方调 consume() 把 cache 中 hits 自增并立即 revoke
-   * （consume 应当在 response 'finish' 后才触发，避免中途断流误算消费）。
-   */
-  lookup(capToken) {
-    const entry = this.cache.find((c) => c.capToken === capToken);
-    if (!entry) return { ok: false, code: "NOT_FOUND" };
-    if (entry.revoked) return { ok: false, code: "REVOKED" };
-    if (entry.expiresAt !== null && this.now() > entry.expiresAt) {
-      return { ok: false, code: "EXPIRED" };
-    }
-    return { ok: true, entry };
-  }
-  /** 命中后真正"消费"一次：hits++ + oneShot 时 revoke。daemon HTTP 层 stream 成功后再调 */
-  consume(capToken) {
-    const idx = this.cache.findIndex((c) => c.capToken === capToken);
-    if (idx < 0) return;
-    const prev = this.cache[idx];
-    this.cache[idx] = {
-      ...prev,
-      hits: prev.hits + 1,
-      revoked: prev.oneShot ? true : prev.revoked
-    };
-    this.persist();
-  }
-};
-// src/attachment/mount.ts
-var import_node_fs16 = __toESM(require("fs"), 1);
-var import_node_path18 = __toESM(require("path"), 1);
-init_protocol();
-var MountStore = class {
-  constructor(opts) {
-    this.opts = opts;
-  }
-  opts;
-  filePath(personaId) {
-    return import_node_path18.default.join(this.opts.personaDirPath(personaId), ".clawd", "shared-files.json");
-  }
-  list(personaId) {
-    try {
-      const raw = import_node_fs16.default.readFileSync(this.filePath(personaId), "utf8");
-      const parsed = JSON.parse(raw);
-      if (!Array.isArray(parsed)) return [];
-      const out = [];
-      for (const item of parsed) {
-        const r = MountEntrySchema.safeParse(item);
-        if (r.success) out.push(r.data);
-      }
-      return out;
-    } catch {
-      return [];
-    }
-  }
-  /**
-   * Add a mount。在 personaDir 创建 link/copy + 写 manifest。冲突 basename 抛错（caller
-   * 决定是覆盖还是改名）。
-   */
-  add(personaId, input) {
-    const personaDir = this.opts.personaDirPath(personaId);
-    if (!import_node_fs16.default.existsSync(personaDir)) {
-      throw new Error(`personaDir not found: ${personaDir}`);
-    }
-    const source = import_node_path18.default.resolve(input.absPath);
-    if (!import_node_fs16.default.existsSync(source)) {
-      throw new Error(`source path not found: ${source}`);
-    }
-    const basename = import_node_path18.default.basename(source);
-    const dest = import_node_path18.default.join(personaDir, basename);
-    if (import_node_fs16.default.existsSync(dest)) {
-      throw new Error(`destination already exists: ${dest}`);
-    }
-    if (input.mode === "link") {
-      import_node_fs16.default.symlinkSync(source, dest);
-    } else {
-      import_node_fs16.default.copyFileSync(source, dest);
-    }
-    const entry = {
-      basename,
-      absPath: source,
-      mode: input.mode
-    };
-    const next = this.list(personaId).concat([entry]);
-    this.writeManifest(personaId, next);
-    return entry;
-  }
-  remove(personaId, basename) {
-    const entries = this.list(personaId);
-    const idx = entries.findIndex((e) => e.basename === basename);
-    if (idx < 0) return false;
-    const entry = entries[idx];
-    const personaDir = this.opts.personaDirPath(personaId);
-    const dest = import_node_path18.default.join(personaDir, basename);
-    try {
-      import_node_fs16.default.unlinkSync(dest);
-    } catch {
-    }
-    const next = entries.slice();
-    next.splice(idx, 1);
-    this.writeManifest(personaId, next);
-    void entry;
-    return true;
-  }
-  writeManifest(personaId, entries) {
-    const file = this.filePath(personaId);
-    import_node_fs16.default.mkdirSync(import_node_path18.default.dirname(file), { recursive: true });
-    const tmp = `${file}.tmp-${process.pid}-${Date.now()}`;
-    import_node_fs16.default.writeFileSync(tmp, JSON.stringify(entries, null, 2), { mode: 384 });
-    import_node_fs16.default.renameSync(tmp, file);
-  }
-};
-// src/discovery/state-file.ts
-var import_node_fs17 = __toESM(require("fs"), 1);
-var import_node_path19 = __toESM(require("path"), 1);
 function defaultStateFilePath(dataDir) {
-  return import_node_path19.default.join(dataDir, "state.json");
+  return import_node_path17.default.join(dataDir, "state.json");
 }
 function isPidAlive(pid) {
   if (!Number.isFinite(pid) || pid <= 0) return false;
@@ -26995,7 +26837,7 @@ var StateFileManager = class {
   }
   read() {
     try {
-      const raw = import_node_fs17.default.readFileSync(this.file, "utf8");
+      const raw = import_node_fs15.default.readFileSync(this.file, "utf8");
       const parsed = JSON.parse(raw);
       return parsed;
     } catch {
@@ -27009,34 +26851,34 @@ var StateFileManager = class {
     return { status: "stale", existing };
   }
   write(state) {
-    import_node_fs17.default.mkdirSync(import_node_path19.default.dirname(this.file), { recursive: true });
+    import_node_fs15.default.mkdirSync(import_node_path17.default.dirname(this.file), { recursive: true });
     const tmp = `${this.file}.tmp.${process.pid}.${Date.now()}`;
-    import_node_fs17.default.writeFileSync(tmp, JSON.stringify(state, null, 2), { mode: 384 });
-    import_node_fs17.default.renameSync(tmp, this.file);
+    import_node_fs15.default.writeFileSync(tmp, JSON.stringify(state, null, 2), { mode: 384 });
+    import_node_fs15.default.renameSync(tmp, this.file);
     if (process.platform !== "win32") {
       try {
-        import_node_fs17.default.chmodSync(this.file, 384);
+        import_node_fs15.default.chmodSync(this.file, 384);
       } catch {
       }
     }
   }
   delete() {
     try {
-      import_node_fs17.default.unlinkSync(this.file);
+      import_node_fs15.default.unlinkSync(this.file);
     } catch {
     }
   }
 };
 // src/tunnel/tunnel-manager.ts
-var import_node_fs21 = __toESM(require("fs"), 1);
-var import_node_path23 = __toESM(require("path"), 1);
+var import_node_fs19 = __toESM(require("fs"), 1);
+var import_node_path21 = __toESM(require("path"), 1);
 var import_node_crypto6 = __toESM(require("crypto"), 1);
 var import_node_child_process5 = require("child_process");
 // src/tunnel/tunnel-store.ts
-var import_node_fs18 = __toESM(require("fs"), 1);
-var import_node_path20 = __toESM(require("path"), 1);
+var import_node_fs16 = __toESM(require("fs"), 1);
+var import_node_path18 = __toESM(require("path"), 1);
 var TunnelStore = class {
   constructor(filePath) {
     this.filePath = filePath;
@@ -27044,7 +26886,7 @@ var TunnelStore = class {
   filePath;
   async get() {
     try {
-      const raw = await import_node_fs18.default.promises.readFile(this.filePath, "utf8");
+      const raw = await import_node_fs16.default.promises.readFile(this.filePath, "utf8");
       const obj = JSON.parse(raw);
       if (!isPersistedTunnel(obj)) return null;
       return obj;
@@ -27055,22 +26897,22 @@ var TunnelStore = class {
     }
   }
   async set(v2) {
-    const dir = import_node_path20.default.dirname(this.filePath);
-    await import_node_fs18.default.promises.mkdir(dir, { recursive: true });
+    const dir = import_node_path18.default.dirname(this.filePath);
+    await import_node_fs16.default.promises.mkdir(dir, { recursive: true });
     const data = JSON.stringify(v2, null, 2);
     const tmp = `${this.filePath}.tmp.${process.pid}.${Date.now()}`;
-    await import_node_fs18.default.promises.writeFile(tmp, data, { mode: 384 });
+    await import_node_fs16.default.promises.writeFile(tmp, data, { mode: 384 });
     if (process.platform !== "win32") {
       try {
-        await import_node_fs18.default.promises.chmod(tmp, 384);
+        await import_node_fs16.default.promises.chmod(tmp, 384);
       } catch {
       }
     }
-    await import_node_fs18.default.promises.rename(tmp, this.filePath);
+    await import_node_fs16.default.promises.rename(tmp, this.filePath);
   }
   async clear() {
     try {
-      await import_node_fs18.default.promises.unlink(this.filePath);
+      await import_node_fs16.default.promises.unlink(this.filePath);
     } catch (err) {
       const code = err?.code;
       if (code !== "ENOENT") throw err;
@@ -27165,9 +27007,9 @@ function escape(v2) {
 }
 // src/tunnel/frpc-binary.ts
-var import_node_fs19 = __toESM(require("fs"), 1);
+var import_node_fs17 = __toESM(require("fs"), 1);
 var import_node_os9 = __toESM(require("os"), 1);
-var import_node_path21 = __toESM(require("path"), 1);
+var import_node_path19 = __toESM(require("path"), 1);
 var import_node_child_process3 = require("child_process");
 var import_node_stream2 = require("stream");
 var import_promises = require("stream/promises");
@@ -27199,20 +27041,20 @@ function frpcDownloadUrl(version2, p2) {
 }
 async function ensureFrpcBinary(opts) {
   if (opts.override) {
-    if (!import_node_fs19.default.existsSync(opts.override)) {
+    if (!import_node_fs17.default.existsSync(opts.override)) {
       throw new Error(`frpc binary not found at override path: ${opts.override}`);
     }
     return opts.override;
   }
   const version2 = opts.version ?? FRPC_VERSION;
   const platform = opts.platform ?? detectPlatform();
-  const binDir = import_node_path21.default.join(opts.dataDir, "bin");
-  import_node_fs19.default.mkdirSync(binDir, { recursive: true });
+  const binDir = import_node_path19.default.join(opts.dataDir, "bin");
+  import_node_fs17.default.mkdirSync(binDir, { recursive: true });
   cleanupStaleArtifacts(binDir);
-  const stableBin = import_node_path21.default.join(binDir, "frpc");
-  if (import_node_fs19.default.existsSync(stableBin)) return stableBin;
+  const stableBin = import_node_path19.default.join(binDir, "frpc");
+  if (import_node_fs17.default.existsSync(stableBin)) return stableBin;
   const partialBin = `${stableBin}.partial`;
-  const tarballPath = import_node_path21.default.join(binDir, `frp_${version2}_${platform.os}_${platform.arch}.tar.gz.partial`);
+  const tarballPath = import_node_path19.default.join(binDir, `frp_${version2}_${platform.os}_${platform.arch}.tar.gz.partial`);
   try {
     const url = frpcDownloadUrl(version2, platform);
     await downloadToFile(url, tarballPath, opts.fetchImpl);
@@ -27221,8 +27063,8 @@ async function ensureFrpcBinary(opts) {
     } else {
       await extractFrpcFromTarball(tarballPath, binDir, version2, platform, partialBin);
     }
-    import_node_fs19.default.chmodSync(partialBin, 493);
-    import_node_fs19.default.renameSync(partialBin, stableBin);
+    import_node_fs17.default.chmodSync(partialBin, 493);
+    import_node_fs17.default.renameSync(partialBin, stableBin);
   } finally {
     safeUnlink(tarballPath);
     safeUnlink(partialBin);
@@ -27232,15 +27074,15 @@ async function ensureFrpcBinary(opts) {
 function cleanupStaleArtifacts(binDir) {
   let entries;
   try {
-    entries = import_node_fs19.default.readdirSync(binDir);
+    entries = import_node_fs17.default.readdirSync(binDir);
   } catch {
     return;
   }
   for (const name of entries) {
     if (name.endsWith(".partial") || name.startsWith("extract-")) {
-      const full = import_node_path21.default.join(binDir, name);
+      const full = import_node_path19.default.join(binDir, name);
       try {
-        import_node_fs19.default.rmSync(full, { recursive: true, force: true });
+        import_node_fs17.default.rmSync(full, { recursive: true, force: true });
       } catch {
       }
     }
@@ -27248,7 +27090,7 @@ function cleanupStaleArtifacts(binDir) {
 }
 function safeUnlink(p2) {
   try {
-    import_node_fs19.default.unlinkSync(p2);
+    import_node_fs17.default.unlinkSync(p2);
   } catch {
   }
 }
@@ -27259,13 +27101,13 @@ async function downloadToFile(url, dest, fetchImpl) {
   if (!res.ok || !res.body) {
     throw new Error(`download failed: ${res.status} ${res.statusText}`);
   }
-  const out = import_node_fs19.default.createWriteStream(dest);
+  const out = import_node_fs17.default.createWriteStream(dest);
   const nodeStream = import_node_stream2.Readable.fromWeb(res.body);
   await (0, import_promises.pipeline)(nodeStream, out);
 }
 async function extractFrpcFromTarball(tarball, binDir, version2, platform, destBin) {
-  const work = import_node_path21.default.join(binDir, `extract-${process.pid}-${Date.now()}`);
-  import_node_fs19.default.mkdirSync(work, { recursive: true });
+  const work = import_node_path19.default.join(binDir, `extract-${process.pid}-${Date.now()}`);
+  import_node_fs17.default.mkdirSync(work, { recursive: true });
   try {
     await new Promise((resolve2, reject) => {
       const proc = (0, import_node_child_process3.spawn)("tar", ["xzf", tarball, "-C", work], { stdio: "pipe" });
@@ -27273,32 +27115,32 @@ async function extractFrpcFromTarball(tarball, binDir, version2, platform, destB
       proc.on("exit", (code) => code === 0 ? resolve2() : reject(new Error(`tar exited ${code}`)));
     });
     const dirName = `frp_${version2}_${platform.os}_${platform.arch}`;
-    const src = import_node_path21.default.join(work, dirName, "frpc");
-    if (!import_node_fs19.default.existsSync(src)) {
+    const src = import_node_path19.default.join(work, dirName, "frpc");
+    if (!import_node_fs17.default.existsSync(src)) {
       throw new Error(`frpc not found inside tarball at ${src}`);
     }
-    import_node_fs19.default.copyFileSync(src, destBin);
+    import_node_fs17.default.copyFileSync(src, destBin);
   } finally {
-    import_node_fs19.default.rmSync(work, { recursive: true, force: true });
+    import_node_fs17.default.rmSync(work, { recursive: true, force: true });
   }
 }
 // src/tunnel/frpc-process.ts
-var import_node_fs20 = __toESM(require("fs"), 1);
-var import_node_path22 = __toESM(require("path"), 1);
+var import_node_fs18 = __toESM(require("fs"), 1);
+var import_node_path20 = __toESM(require("path"), 1);
 var import_node_child_process4 = require("child_process");
 function frpcPidFilePath(dataDir) {
-  return import_node_path22.default.join(dataDir, "frpc.pid");
+  return import_node_path20.default.join(dataDir, "frpc.pid");
 }
 function writeFrpcPid(dataDir, pid) {
   try {
-    import_node_fs20.default.writeFileSync(frpcPidFilePath(dataDir), String(pid), { mode: 384 });
+    import_node_fs18.default.writeFileSync(frpcPidFilePath(dataDir), String(pid), { mode: 384 });
   } catch {
   }
 }
 function clearFrpcPid(dataDir) {
   try {
-    import_node_fs20.default.unlinkSync(frpcPidFilePath(dataDir));
+    import_node_fs18.default.unlinkSync(frpcPidFilePath(dataDir));
   } catch {
   }
 }
@@ -27314,7 +27156,7 @@ function defaultIsPidAlive(pid) {
 }
 function defaultReadPidFile(file) {
   try {
-    return import_node_fs20.default.readFileSync(file, "utf8");
+    return import_node_fs18.default.readFileSync(file, "utf8");
   } catch {
     return null;
   }
@@ -27330,7 +27172,7 @@ function defaultSleep(ms) {
 }
 async function killStaleFrpc(deps) {
   const pidFile = frpcPidFilePath(deps.dataDir);
-  const tomlPath = import_node_path22.default.join(deps.dataDir, "frpc.toml");
+  const tomlPath = import_node_path20.default.join(deps.dataDir, "frpc.toml");
   const readPidFile = deps.readPidFileImpl ?? defaultReadPidFile;
   const isAlive = deps.isPidAliveImpl ?? defaultIsPidAlive;
   const killPid = deps.killPidImpl ?? defaultKillPid;
@@ -27354,7 +27196,7 @@ async function killStaleFrpc(deps) {
   }
   if (victims.size === 0) {
     try {
-      import_node_fs20.default.unlinkSync(pidFile);
+      import_node_fs18.default.unlinkSync(pidFile);
     } catch {
     }
     return;
@@ -27365,7 +27207,7 @@ async function killStaleFrpc(deps) {
   }
   await sleep(deps.reapWaitMs ?? 300);
   try {
-    import_node_fs20.default.unlinkSync(pidFile);
+    import_node_fs18.default.unlinkSync(pidFile);
   } catch {
   }
 }
@@ -27402,7 +27244,7 @@ var DEFAULT_TUNNEL_TTL_MS = 7 * 24 * 60 * 60 * 1e3;
 var TunnelManager = class {
   constructor(deps) {
     this.deps = deps;
-    this.store = deps.store ?? new TunnelStore(import_node_path23.default.join(deps.dataDir, "tunnel.json"));
+    this.store = deps.store ?? new TunnelStore(import_node_path21.default.join(deps.dataDir, "tunnel.json"));
     this.ttlMs = deps.ttlMs ?? DEFAULT_TUNNEL_TTL_MS;
     this.startupTimeoutMs = deps.startupTimeoutMs ?? 15e3;
   }
@@ -27529,7 +27371,7 @@ var TunnelManager = class {
         dataDir: this.deps.dataDir,
         override: this.deps.frpcBinaryOverride ?? void 0
       });
-      const tomlPath = import_node_path23.default.join(this.deps.dataDir, "frpc.toml");
+      const tomlPath = import_node_path21.default.join(this.deps.dataDir, "frpc.toml");
       const proxyName = `clawd-${t.subdomain}-${localPort}-${import_node_crypto6.default.randomBytes(3).toString("hex")}`;
       const toml = buildFrpcToml({
         serverAddr: t.frpsHost,
@@ -27540,12 +27382,12 @@ var TunnelManager = class {
         localPort,
         logLevel: "info"
       });
-      await import_node_fs21.default.promises.writeFile(tomlPath, toml, { mode: 384 });
+      await import_node_fs19.default.promises.writeFile(tomlPath, toml, { mode: 384 });
       const proc = (this.deps.spawnImpl ?? import_node_child_process5.spawn)(frpcBin, ["-c", tomlPath], {
         stdio: ["ignore", "pipe", "pipe"]
       });
-      const logFilePath = import_node_path23.default.join(this.deps.dataDir, "frpc.log");
-      const logStream = import_node_fs21.default.createWriteStream(logFilePath, { flags: "a", mode: 384 });
+      const logFilePath = import_node_path21.default.join(this.deps.dataDir, "frpc.log");
+      const logStream = import_node_fs19.default.createWriteStream(logFilePath, { flags: "a", mode: 384 });
       logStream.on("error", () => {
       });
       const tee = (chunk) => {
@@ -27638,12 +27480,12 @@ function deriveStableDeviceKey(opts = {}) {
 }
 // src/auth-store.ts
-var import_node_fs22 = __toESM(require("fs"), 1);
-var import_node_path24 = __toESM(require("path"), 1);
+var import_node_fs20 = __toESM(require("fs"), 1);
+var import_node_path22 = __toESM(require("path"), 1);
 var import_node_crypto8 = __toESM(require("crypto"), 1);
 var AUTH_FILE_NAME = "auth.json";
 function authFilePath(dataDir) {
-  return import_node_path24.default.join(dataDir, AUTH_FILE_NAME);
+  return import_node_path22.default.join(dataDir, AUTH_FILE_NAME);
 }
 function loadOrCreateAuthToken(opts) {
   const file = authFilePath(opts.dataDir);
@@ -27659,7 +27501,7 @@ function defaultGenerate() {
 }
 function readAuthFile(file) {
   try {
-    const raw = import_node_fs22.default.readFileSync(file, "utf8");
+    const raw = import_node_fs20.default.readFileSync(file, "utf8");
     const parsed = JSON.parse(raw);
     if (typeof parsed?.token === "string" && parsed.token.length > 0) {
       return {
@@ -27675,25 +27517,25 @@ function readAuthFile(file) {
   }
 }
 function writeAuthFile(file, content) {
-  import_node_fs22.default.mkdirSync(import_node_path24.default.dirname(file), { recursive: true });
-  import_node_fs22.default.writeFileSync(file, JSON.stringify(content, null, 2), { mode: 384 });
+  import_node_fs20.default.mkdirSync(import_node_path22.default.dirname(file), { recursive: true });
+  import_node_fs20.default.writeFileSync(file, JSON.stringify(content, null, 2), { mode: 384 });
   try {
-    import_node_fs22.default.chmodSync(file, 384);
+    import_node_fs20.default.chmodSync(file, 384);
   } catch {
   }
 }
 // src/owner-profile.ts
-var import_node_fs23 = __toESM(require("fs"), 1);
+var import_node_fs21 = __toESM(require("fs"), 1);
 var import_node_os11 = __toESM(require("os"), 1);
-var import_node_path25 = __toESM(require("path"), 1);
+var import_node_path23 = __toESM(require("path"), 1);
 var PROFILE_FILENAME = "profile.json";
 function loadOwnerDisplayName(dataDir) {
   const fallback = import_node_os11.default.userInfo().username;
-  const profilePath = import_node_path25.default.join(dataDir, PROFILE_FILENAME);
+  const profilePath = import_node_path23.default.join(dataDir, PROFILE_FILENAME);
   let raw;
   try {
-    raw = import_node_fs23.default.readFileSync(profilePath, "utf8");
+    raw = import_node_fs21.default.readFileSync(profilePath, "utf8");
   } catch {
     return fallback;
   }
@@ -27722,12 +27564,12 @@ init_protocol();
 init_protocol();
 // src/session/fork.ts
-var import_node_fs24 = __toESM(require("fs"), 1);
+var import_node_fs22 = __toESM(require("fs"), 1);
 var import_node_os12 = __toESM(require("os"), 1);
-var import_node_path26 = __toESM(require("path"), 1);
+var import_node_path24 = __toESM(require("path"), 1);
 init_claude_history();
 function readJsonlEntries(file) {
-  const raw = import_node_fs24.default.readFileSync(file, "utf8");
+  const raw = import_node_fs22.default.readFileSync(file, "utf8");
   const out = [];
   for (const line of raw.split("\n")) {
     const t = line.trim();
@@ -27740,10 +27582,10 @@ function readJsonlEntries(file) {
   return out;
 }
 function forkSession(input) {
-  const baseDir = input.baseDir ?? import_node_path26.default.join(import_node_os12.default.homedir(), ".claude");
-  const projectDir = import_node_path26.default.join(baseDir, "projects", cwdToHashDir(input.cwd));
-  const sourceFile = import_node_path26.default.join(projectDir, `${input.toolSessionId}.jsonl`);
-  if (!import_node_fs24.default.existsSync(sourceFile)) {
+  const baseDir = input.baseDir ?? import_node_path24.default.join(import_node_os12.default.homedir(), ".claude");
+  const projectDir = import_node_path24.default.join(baseDir, "projects", cwdToHashDir(input.cwd));
+  const sourceFile = import_node_path24.default.join(projectDir, `${input.toolSessionId}.jsonl`);
+  if (!import_node_fs22.default.existsSync(sourceFile)) {
     throw new Error(`fork: source transcript not found: ${sourceFile}`);
   }
   const entries = readJsonlEntries(sourceFile);
@@ -27773,9 +27615,9 @@ function forkSession(input) {
     }
     forkedLines.push(JSON.stringify(forked));
   }
-  const forkedFilePath = import_node_path26.default.join(projectDir, `${forkedToolSessionId}.jsonl`);
-  import_node_fs24.default.mkdirSync(projectDir, { recursive: true });
-  import_node_fs24.default.writeFileSync(forkedFilePath, forkedLines.join("\n") + "\n", { mode: 384 });
+  const forkedFilePath = import_node_path24.default.join(projectDir, `${forkedToolSessionId}.jsonl`);
+  import_node_fs22.default.mkdirSync(projectDir, { recursive: true });
+  import_node_fs22.default.writeFileSync(forkedFilePath, forkedLines.join("\n") + "\n", { mode: 384 });
   return { forkedToolSessionId, forkedFilePath };
 }
@@ -28096,9 +27938,9 @@ init_protocol();
 // src/workspace/git.ts
 var import_node_child_process6 = require("child_process");
-var import_node_fs25 = __toESM(require("fs"), 1);
+var import_node_fs23 = __toESM(require("fs"), 1);
 var import_node_os13 = __toESM(require("os"), 1);
-var import_node_path27 = __toESM(require("path"), 1);
+var import_node_path25 = __toESM(require("path"), 1);
 var import_node_util = require("util");
 var pexec = (0, import_node_util.promisify)(import_node_child_process6.execFile);
 function formatChildProcessError(err) {
@@ -28113,9 +27955,9 @@ function formatChildProcessError(err) {
   return e.message ?? "unknown error";
 }
 function normalizePath(p2) {
-  const resolved = import_node_path27.default.resolve(p2);
+  const resolved = import_node_path25.default.resolve(p2);
   try {
-    return import_node_fs25.default.realpathSync(resolved);
+    return import_node_fs23.default.realpathSync(resolved);
   } catch {
     return resolved;
   }
@@ -28216,13 +28058,13 @@ function flattenToDirName(branch) {
 }
 function encodeClaudeProjectDir(absPath) {
   if (!absPath || typeof absPath !== "string") return "";
-  let canonical = import_node_path27.default.resolve(absPath);
+  let canonical = import_node_path25.default.resolve(absPath);
   try {
-    canonical = import_node_fs25.default.realpathSync(canonical);
+    canonical = import_node_fs23.default.realpathSync(canonical);
   } catch {
     try {
-      const parent = import_node_fs25.default.realpathSync(import_node_path27.default.dirname(canonical));
-      canonical = import_node_path27.default.join(parent, import_node_path27.default.basename(canonical));
+      const parent = import_node_fs23.default.realpathSync(import_node_path25.default.dirname(canonical));
+      canonical = import_node_path25.default.join(parent, import_node_path25.default.basename(canonical));
     } catch {
     }
   }
@@ -28246,11 +28088,11 @@ async function createWorktree(input) {
   if (!isGitRoot) {
     throw new Error(`\u76EE\u5F55 ${cwd} \u4E0D\u662F git repo \u6839`);
   }
-  const parent = import_node_path27.default.dirname(import_node_path27.default.resolve(cwd));
-  if (parent === "/" || parent === import_node_path27.default.resolve(cwd)) {
+  const parent = import_node_path25.default.dirname(import_node_path25.default.resolve(cwd));
+  if (parent === "/" || parent === import_node_path25.default.resolve(cwd)) {
     throw new Error("repo \u5728\u78C1\u76D8\u6839\u76EE\u5F55\uFF0C\u65E0\u6CD5\u5728\u540C\u7EA7\u521B\u5EFA worktree");
   }
-  const worktreeRoot = import_node_path27.default.join(parent, dirName);
+  const worktreeRoot = import_node_path25.default.join(parent, dirName);
   try {
     await pexec("git", ["-C", cwd, "fetch", "origin", baseBranch, "--no-tags"], {
       timeout: 3e4
@@ -28269,7 +28111,7 @@ async function createWorktree(input) {
     const msg = err.message;
     if (msg.startsWith("\u5206\u652F ")) throw err;
   }
-  if (import_node_fs25.default.existsSync(worktreeRoot)) {
+  if (import_node_fs23.default.existsSync(worktreeRoot)) {
     throw new Error(`\u76EE\u5F55 ${worktreeRoot} \u5DF2\u5B58\u5728\uFF0C\u8BF7\u6362\u4E00\u4E2A label \u6216\u6E05\u7406\u540E\u91CD\u8BD5`);
   }
   try {
@@ -28297,8 +28139,8 @@ async function removeWorktree(input) {
     );
     const gitCommonDir = stdout.trim();
     if (!gitCommonDir) throw new Error("empty git-common-dir");
-    const absGitCommon = import_node_path27.default.isAbsolute(gitCommonDir) ? gitCommonDir : import_node_path27.default.resolve(worktreeRoot, gitCommonDir);
-    repoRoot = import_node_path27.default.dirname(absGitCommon);
+    const absGitCommon = import_node_path25.default.isAbsolute(gitCommonDir) ? gitCommonDir : import_node_path25.default.resolve(worktreeRoot, gitCommonDir);
+    repoRoot = import_node_path25.default.dirname(absGitCommon);
   } catch {
     repoRoot = null;
   }
@@ -28310,7 +28152,7 @@ async function removeWorktree(input) {
     } catch (err) {
       const stderr = err.stderr ?? "";
       const lower = stderr.toLowerCase();
-      const vanished = lower.includes("not a working tree") || lower.includes("is not a working tree") || !import_node_fs25.default.existsSync(worktreeRoot);
+      const vanished = lower.includes("not a working tree") || lower.includes("is not a working tree") || !import_node_fs23.default.existsSync(worktreeRoot);
       if (!vanished) {
         throw new Error(`\u6E05\u7406 worktree \u5931\u8D25\uFF1A${formatChildProcessError(err)}`);
       }
@@ -28329,10 +28171,10 @@ async function removeWorktree(input) {
   try {
     const encoded = encodeClaudeProjectDir(worktreeRoot);
     if (encoded) {
-      const projectsRoot = import_node_path27.default.join(import_node_os13.default.homedir(), ".claude", "projects");
-      const target = import_node_path27.default.resolve(projectsRoot, encoded);
-      if (target.startsWith(projectsRoot + import_node_path27.default.sep) && target !== projectsRoot) {
-        import_node_fs25.default.rmSync(target, { recursive: true, force: true });
+      const projectsRoot = import_node_path25.default.join(import_node_os13.default.homedir(), ".claude", "projects");
+      const target = import_node_path25.default.resolve(projectsRoot, encoded);
+      if (target.startsWith(projectsRoot + import_node_path25.default.sep) && target !== projectsRoot) {
+        import_node_fs23.default.rmSync(target, { recursive: true, force: true });
       }
     }
   } catch {
@@ -28554,115 +28396,39 @@ function buildPersonaHandlers(deps) {
 // src/handlers/attachment.ts
 init_protocol();
 init_protocol();
+var DEFAULT_TTL_SECONDS = 24 * 3600;
 function buildAttachmentHandlers(deps) {
-  const outboxCreate = async (frame) => {
-    const parsed = AttachmentOutboxCreateArgs.safeParse(frame);
+  const signUrl = async (frame) => {
+    const parsed = AttachmentSignUrlArgs.safeParse(frame);
     if (!parsed.success) {
       throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, parsed.error.message);
     }
     const args = parsed.data;
-    if (args.personaId && args.sessionId || !args.personaId && !args.sessionId) {
+    const secret = deps.getSignSecret();
+    if (!secret) {
       throw new ClawdError(
-        ERROR_CODES.VALIDATION_ERROR,
-        "outboxCreate requires exactly one of personaId / sessionId"
+        ERROR_CODES.METHOD_NOT_IMPLEMENTED,
+        "signUrl requires an owner token (daemon noAuth mode disables share URLs)"
       );
     }
-    const scopeRef = deps.getPersonaScopeForRequest(args);
-    if (!scopeRef) {
-      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, "invalid scope");
-    }
-    const name = args.absPath.split("/").pop() || args.absPath;
-    const entry = deps.outboxStore.mint({
-      scopeRef,
-      absPath: args.absPath,
-      name,
-      ttlSeconds: args.ttlSeconds,
-      oneShot: args.oneShot,
-      scope: args.scope
-    });
     const httpBaseUrl = deps.getHttpBaseUrl();
-    const urlPath = scopeRef.kind === "persona" ? `/persona/${encodeURIComponent(scopeRef.personaId)}/outbox/${entry.capToken}` : `/outbox/${entry.capToken}`;
-    const url = httpBaseUrl ? `${httpBaseUrl}${urlPath}` : urlPath;
+    if (!httpBaseUrl) {
+      throw new ClawdError(
+        ERROR_CODES.METHOD_NOT_IMPLEMENTED,
+        "httpBaseUrl unavailable (daemon HTTP not ready)"
+      );
+    }
+    const ttl = args.ttlSeconds === null ? null : args.ttlSeconds ?? DEFAULT_TTL_SECONDS;
+    const parts = signUrlParts(secret, args.absPath, ttl);
+    const url = buildSignedFileUrl(httpBaseUrl, parts);
     return {
       response: {
-        type: "attachment.outboxCreate",
-        capToken: entry.capToken,
+        type: "attachment.signUrl",
         url,
-        expiresAt: entry.expiresAt
+        expiresAt: parts.e === null ? null : parts.e * 1e3
       }
     };
   };
-  const outboxRevoke = async (frame) => {
-    const parsed = AttachmentOutboxRevokeArgs.safeParse(frame);
-    if (!parsed.success) {
-      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, parsed.error.message);
-    }
-    const ok = deps.outboxStore.revoke(parsed.data.capToken);
-    if (!ok) {
-      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, `capToken not found / already revoked`);
-    }
-    return { response: { type: "attachment.outboxRevoke", revoked: true } };
-  };
-  const outboxList = async (frame) => {
-    const parsed = AttachmentOutboxListArgs.safeParse(frame);
-    if (!parsed.success) {
-      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, parsed.error.message);
-    }
-    const entries = parsed.data.personaId ? deps.outboxStore.listByPersona(parsed.data.personaId) : deps.outboxStore.list();
-    return {
-      response: { type: "attachment.outboxList", entries }
-    };
-  };
-  const mountAdd = async (frame) => {
-    if (!deps.mountStore) {
-      throw new ClawdError(ERROR_CODES.METHOD_NOT_IMPLEMENTED, "mountStore not wired");
-    }
-    const parsed = AttachmentMountAddArgs.safeParse(frame);
-    if (!parsed.success) {
-      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, parsed.error.message);
-    }
-    const args = parsed.data;
-    try {
-      const entry = deps.mountStore.add(args.personaId, {
-        absPath: args.absPath,
-        mode: args.mode
-      });
-      return {
-        response: {
-          type: "attachment.mountAdd",
-          entry,
-          sandboxRestartNeeded: true
-        }
-      };
-    } catch (err) {
-      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, err.message);
-    }
-  };
-  const mountRemove = async (frame) => {
-    if (!deps.mountStore) {
-      throw new ClawdError(ERROR_CODES.METHOD_NOT_IMPLEMENTED, "mountStore not wired");
-    }
-    const parsed = AttachmentMountRemoveArgs.safeParse(frame);
-    if (!parsed.success) {
-      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, parsed.error.message);
-    }
-    const ok = deps.mountStore.remove(parsed.data.personaId, parsed.data.basename);
-    if (!ok) {
-      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, "mount not found");
-    }
-    return { response: { type: "attachment.mountRemove", removed: true } };
-  };
-  const mountList = async (frame) => {
-    if (!deps.mountStore) {
-      throw new ClawdError(ERROR_CODES.METHOD_NOT_IMPLEMENTED, "mountStore not wired");
-    }
-    const parsed = AttachmentMountListArgs.safeParse(frame);
-    if (!parsed.success) {
-      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, parsed.error.message);
-    }
-    const entries = deps.mountStore.list(parsed.data.personaId);
-    return { response: { type: "attachment.mountList", entries } };
-  };
   const groupAdd = async (frame) => {
     if (!deps.groupFileStore || !deps.getSessionScope) {
       throw new ClawdError(ERROR_CODES.METHOD_NOT_IMPLEMENTED, "groupFileStore not wired");
@@ -28732,12 +28498,7 @@ function buildAttachmentHandlers(deps) {
     return { response: { type: "attachment.groupListPersona", perSession } };
   };
   return {
-    "attachment.outboxCreate": outboxCreate,
-    "attachment.outboxRevoke": outboxRevoke,
-    "attachment.outboxList": outboxList,
-    "attachment.mountAdd": mountAdd,
-    "attachment.mountRemove": mountRemove,
-    "attachment.mountList": mountList,
+    "attachment.signUrl": signUrl,
     "attachment.groupAdd": groupAdd,
     "attachment.groupRemove": groupRemove,
     "attachment.groupList": groupList,
@@ -28769,7 +28530,7 @@ function buildMethodHandlers(deps) {
 async function startDaemon(config) {
   const logger = createLogger({
     level: config.logLevel,
-    file: import_node_path28.default.join(config.dataDir, "clawd.log")
+    file: import_node_path26.default.join(config.dataDir, "clawd.log")
   });
   logger.info("starting clawd", { version, config: { port: config.port, host: config.host, dataDir: config.dataDir } });
   const stateMgr = new StateFileManager({ dataDir: config.dataDir });
@@ -28801,7 +28562,7 @@ async function startDaemon(config) {
   const agents = new AgentsScanner();
   const history = new ClaudeHistoryReader();
   let transport = null;
-  const personaStore = new PersonaStore(import_node_path28.default.join(config.dataDir, "personas"));
+  const personaStore = new PersonaStore(import_node_path26.default.join(config.dataDir, "personas"));
   const defaultsRoot = findDefaultsRoot();
   if (defaultsRoot) {
     seedDefaultPersonas({ store: personaStore, defaultsRoot, logger });
@@ -28810,17 +28571,13 @@ async function startDaemon(config) {
   }
   const ownerDisplayName = loadOwnerDisplayName(config.dataDir);
   const groupFileStore = new GroupFileStore({ dataDir: config.dataDir, logger });
-  const outboxStore = new OutboxStore({ dataDir: config.dataDir, logger });
-  const mountStore = new MountStore({
-    personaDirPath: (pid) => personaStore.personaDirPath(pid)
-  });
   const manager = new SessionManager({
     store,
     logger,
     getAdapter,
     historyReader: history,
     dataDir: config.dataDir,
-    personaRoot: import_node_path28.default.join(config.dataDir, "personas"),
+    personaRoot: import_node_path26.default.join(config.dataDir, "personas"),
     personaStore,
     ownerDisplayName,
     mode: config.mode,
@@ -28843,10 +28600,10 @@ async function startDaemon(config) {
     // 文件可能 agent 写完又被自己删（罕见），用 size=0 / fallback mime 兜底。
     attachmentGroup: {
       onFileEdit: (input) => {
-        const absPath = import_node_path28.default.isAbsolute(input.relPath) ? input.relPath : import_node_path28.default.join(input.cwd, input.relPath);
+        const absPath = import_node_path26.default.isAbsolute(input.relPath) ? input.relPath : import_node_path26.default.join(input.cwd, input.relPath);
         let size = 0;
         try {
-          size = import_node_fs26.default.statSync(absPath).size;
+          size = import_node_fs24.default.statSync(absPath).size;
         } catch (err) {
           logger.warn("attachment.onFileEdit stat failed", {
             sessionId: input.sessionId,
@@ -28951,22 +28708,16 @@ async function startDaemon(config) {
     // 时禁用文件 GET/POST，保持 1.0 行为兼容）。
     getHttpBaseUrl,
     httpToken: resolvedAuthToken,
-    // file-sharing attachment.* RPC（spec §5 PR 6+）。getPersonaScopeForRequest 把 RPC
-    // args 里的 personaId/sessionId 翻译成 scopeRef 给 OutboxStore；mountAdd/groupAdd
-    // 后续 PR 复用同一份装配。
+    // file-sharing attachment.* RPC。signUrl 用 owner token 做 HMAC secret；group RPC
+    // 根据 sessionId 反查 scope 写盘。
     attachment: {
-      outboxStore,
-      mountStore,
       groupFileStore,
-      personaDirPath: (pid) => personaStore.personaDirPath(pid),
       getHttpBaseUrl,
-      getPersonaScopeForRequest: (args) => {
-        if (args.personaId) return { kind: "persona", personaId: args.personaId };
-        if (args.sessionId) return { kind: "session", sessionId: args.sessionId };
-        return null;
-      },
+      // HMAC sign secret：复用 ~/.clawd/auth.json owner token（持久跨重启）。
+      // noAuth 模式 resolvedAuthToken 为 null → handler 自己返 NOT_IMPLEMENTED。
+      getSignSecret: () => resolvedAuthToken ?? "",
       // group RPC：根据 sessionId 反查 scope；owner-mode persona session 走
-      // 'persona/<pid>/owner'，default 走 'default'。PR 9 UI Drawer 用。
+      // 'persona/<pid>/owner'，default 走 'default'。
       getSessionScope: (sessionId) => {
         const file = store.read(sessionId);
         if (!file) return null;
@@ -28988,7 +28739,8 @@ async function startDaemon(config) {
     personaStore,
     groupFileStore,
     sessionStore: store,
-    outboxStore
+    // /files HMAC verify 用同一份 owner token 做 secret（与 attachment.signUrl 同源）
+    getSignSecret: () => resolvedAuthToken ?? null
   });
   wsServer = new LocalWsServer({
     host: config.host,
@@ -29127,8 +28879,8 @@ async function startDaemon(config) {
       const lines = [
         `Tunnel:      ${r.url}`,
         ...resolvedAuthToken ? [`Connect:     ${connectUrl}`] : [],
-        `Frpc config: ${import_node_path28.default.join(config.dataDir, "frpc.toml")}`,
-        `Frpc log:    ${import_node_path28.default.join(config.dataDir, "frpc.log")}`
+        `Frpc config: ${import_node_path26.default.join(config.dataDir, "frpc.toml")}`,
+        `Frpc log:    ${import_node_path26.default.join(config.dataDir, "frpc.log")}`
       ];
       const width = Math.max(...lines.map((l) => l.length));
       const bar = "\u2550".repeat(width + 4);
@@ -29141,8 +28893,8 @@ ${bar}
 `);
       try {
-        const connectPath = import_node_path28.default.join(config.dataDir, "connect.txt");
-        import_node_fs26.default.writeFileSync(connectPath, lines.join("\n") + "\n", { mode: 384 });
+        const connectPath = import_node_path26.default.join(config.dataDir, "connect.txt");
+        import_node_fs24.default.writeFileSync(connectPath, lines.join("\n") + "\n", { mode: 384 });
       } catch {
       }
     } catch (err) {