npm - @clawos-dev/clawd - Versions diffs - 0.2.64 → 0.2.65-beta.107.ac81439 - Mend

@clawos-dev/clawd 0.2.64 → 0.2.65-beta.107.ac81439

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/cli.cjs +1247 -270
package/package.json +1 -1

package/dist/cli.cjs CHANGED Viewed

@@ -110,6 +110,17 @@ var init_methods = __esm({
       //   触发频率低（仅 window resize），response 也是 ack。
       "session:pty:input",
       "session:pty:resize",
+      // ---- attachment.* file-sharing（详见 attachment-schemas.ts） ----
+      // 命名警告：这里的 `attachment.*` RPC 与 CC v2.x 上行 `type:"attachment"` 系统行
+      // （attachment-skills / attachment-deferred-tools / attachment_memories）是不同概念。
+      // 全部管理类 RPC handler 入口 requireOwner（personal token 调任意一个都 403）；
+      // 实际文件传输走 HTTP 路由（GET /files?p=&e=&s=，签名验证），不在白名单内。
+      "attachment.signUrl",
+      "attachment.groupAdd",
+      "attachment.groupRemove",
+      "attachment.groupList",
+      // v2：跨 session 聚合（本期 UI 不调，保留槽位用于 HTTP ACL 内部判定 / 未来 "All files" tab）
+      "attachment.groupListPersona",
       "info",
       "ping"
     ];
@@ -601,8 +612,8 @@ var init_parseUtil = __esm({
     init_errors2();
     init_en();
     makeIssue = (params) => {
-      const { data, path: path28, errorMaps, issueData } = params;
-      const fullPath = [...path28, ...issueData.path || []];
+      const { data, path: path31, errorMaps, issueData } = params;
+      const fullPath = [...path31, ...issueData.path || []];
       const fullIssue = {
         ...issueData,
         path: fullPath
@@ -913,11 +924,11 @@ var init_types = __esm({
     init_parseUtil();
     init_util();
     ParseInputLazyPath = class {
-      constructor(parent, value, path28, key) {
+      constructor(parent, value, path31, key) {
         this._cachedPath = [];
         this.parent = parent;
         this.data = value;
-        this._path = path28;
+        this._path = path31;
         this._key = key;
       }
       get path() {
@@ -4300,6 +4311,80 @@ var init_zod = __esm({
   }
 });
+// ../protocol/src/attachment-schemas.ts
+var TOKEN_ROLES, GROUP_FILE_SOURCES, GroupFileEntrySchema, AttachmentSignUrlArgs, AttachmentSignUrlResponseSchema, AttachmentGroupAddArgs, AttachmentGroupAddResponseSchema, AttachmentGroupRemoveArgs, AttachmentGroupRemoveResponseSchema, AttachmentGroupListArgs, AttachmentGroupListResponseSchema, AttachmentGroupListPersonaArgs, AttachmentGroupListPersonaResponseSchema;
+var init_attachment_schemas = __esm({
+  "../protocol/src/attachment-schemas.ts"() {
+    "use strict";
+    init_zod();
+    TOKEN_ROLES = ["owner", "personal"];
+    GROUP_FILE_SOURCES = ["agent", "owner"];
+    GroupFileEntrySchema = external_exports.object({
+      /** daemon 派发的稳定 id（用于 RPC remove / UI key） */
+      id: external_exports.string().min(1),
+      /** 相对 personaDir / sessionCwd 的路径 */
+      relPath: external_exports.string().min(1),
+      from: external_exports.enum(GROUP_FILE_SOURCES),
+      /** owner 手动加入时的可选备注 */
+      label: external_exports.string().optional(),
+      /** 文件字节数（stat 时拍） */
+      size: external_exports.number().int().nonnegative(),
+      mime: external_exports.string().min(1),
+      /** 加入清单时间戳（ms） */
+      addedAt: external_exports.number().int().nonnegative(),
+      /** 最近一次 agent Write/Edit 时间戳（agent 反复改同 path 时更新） */
+      lastEditedAt: external_exports.number().int().nonnegative().optional(),
+      /** agent rm / 文件不见了时打标；UI 灰显，不能再 share */
+      stale: external_exports.boolean().optional()
+    });
+    AttachmentSignUrlArgs = external_exports.object({
+      /** 要分享的绝对路径；签名只关心 absPath，不区分 persona/session */
+      absPath: external_exports.string().min(1),
+      /** TTL 秒数；缺省 24h；'never' 走 null 不带 exp 字段（永久有效） */
+      ttlSeconds: external_exports.number().int().positive().nullable().optional()
+    });
+    AttachmentSignUrlResponseSchema = external_exports.object({
+      /** 完整 URL（含 httpBaseUrl 前缀），UI 直接 window.open / 复制到剪贴板 */
+      url: external_exports.string().min(1),
+      /** 失效时间戳（ms）；null = 永久 */
+      expiresAt: external_exports.number().int().nonnegative().nullable()
+    });
+    AttachmentGroupAddArgs = external_exports.object({
+      sessionId: external_exports.string().min(1),
+      relPath: external_exports.string().min(1),
+      /** owner 手动加入时可选备注；agent 自动入清单不走此 RPC */
+      label: external_exports.string().optional()
+    });
+    AttachmentGroupAddResponseSchema = external_exports.object({
+      entry: GroupFileEntrySchema
+    });
+    AttachmentGroupRemoveArgs = external_exports.object({
+      sessionId: external_exports.string().min(1),
+      relPath: external_exports.string().min(1)
+    });
+    AttachmentGroupRemoveResponseSchema = external_exports.object({
+      removed: external_exports.literal(true)
+    });
+    AttachmentGroupListArgs = external_exports.object({
+      sessionId: external_exports.string().min(1)
+    });
+    AttachmentGroupListResponseSchema = external_exports.object({
+      entries: external_exports.array(GroupFileEntrySchema)
+    });
+    AttachmentGroupListPersonaArgs = external_exports.object({
+      personaId: external_exports.string().min(1)
+    });
+    AttachmentGroupListPersonaResponseSchema = external_exports.object({
+      perSession: external_exports.array(
+        external_exports.object({
+          sessionId: external_exports.string().min(1),
+          entries: external_exports.array(GroupFileEntrySchema)
+        })
+      )
+    });
+  }
+});
 // ../protocol/src/persona-schemas.ts
 var PersonaTokenEntrySchema, PersonaFileSchema, PersonaSkillSummarySchema, PersonaSandboxSettingsSchema, PersonaInfoResponseSchema, PersonaCreateArgsSchema, PersonaIdArgsSchema, PersonaUpdateArgsSchema, PersonaIssueTokenArgsSchema, PersonaRevokeTokenArgsSchema, PersonaAppendOwnerMessageArgsSchema, FRAME_TYPE_CHAT_OPEN, FRAME_TYPE_CHAT_RENAME, FRAME_TYPE_CHAT_DELETE, FRAME_TYPE_CHAT_LIST, FRAME_TYPE_CHAT_CREATED, FRAME_TYPE_CHAT_RENAMED, FRAME_TYPE_CHAT_DELETED, FRAME_TYPE_PERSONA_LISTENER_CHAT_CREATED, FRAME_TYPE_PERSONA_LISTENER_CHAT_RENAMED, FRAME_TYPE_PERSONA_LISTENER_CHAT_DELETED, FRAME_TYPE_PERSONA_LISTENER_STATUS, ChatSummarySchema, ChatOpenRequestSchema, ChatRenameRequestSchema, ChatDeleteRequestSchema, ChatRenameResponseSchema, ChatDeleteResponseSchema, ChatListPushSchema, ChatCreatedFrameSchema, ChatRenamedFrameSchema, ChatDeletedFrameSchema, PersonaListenerChatCreatedFrameSchema, PersonaListenerChatRenamedFrameSchema, PersonaListenerChatDeletedFrameSchema, PersonaListenerStatusFrameSchema, PersonaListListenerChatsForTokenArgsSchema, PersonaListListenerChatsForTokenResponseSchema;
 var init_persona_schemas = __esm({
@@ -4505,6 +4590,7 @@ var init_schemas = __esm({
     "use strict";
     init_zod();
     init_events();
+    init_attachment_schemas();
     init_persona_schemas();
     SessionStatusSchema = external_exports.enum(SESSION_STATUS_VALUES);
     UsageSchema = external_exports.object({
@@ -5061,7 +5147,22 @@ var init_schemas = __esm({
       hostname: external_exports.string(),
       os: external_exports.string(),
       tools: external_exports.array(external_exports.object({ id: external_exports.string(), available: external_exports.boolean() })),
-      runningSessions: external_exports.array(InfoRunningSessionSchema)
+      runningSessions: external_exports.array(InfoRunningSessionSchema),
+      // ── file-sharing 会话身份回执（spec: superpowers/specs/2026-05-19-clawd-file-sharing-design.md §8） ──
+      // PR 1 阶段标 optional（daemon 还没下发，旧 daemon info 响应不带这五个字段）；
+      // PR 2 daemon 实现 single HTTP server + auth-context 后，daemon 必返这五个字段，
+      // 届时可考虑改成 required。spec §11 第 3 条："tokenRole 是协议字段，daemon 查 token
+      // 表后显式下发，UI 不自行推导"——所以 UI 一律读这里，禁止本地推导。
+      /** 'owner' = 拿到 owner-token 的连接（不限来源 IP）；'personal' = persona 派发的访客 token。来源 TOKEN_ROLES（spec §11 #1 中央真理源） */
+      tokenRole: external_exports.enum(TOKEN_ROLES).optional(),
+      /** tokenRole='personal' 时携带（绑定到具体 persona）；owner 不携带 */
+      tokenPersonaId: external_exports.string().min(1).optional(),
+      /** socket.remoteAddress 是否落在 127.0.0.1 / ::1；本期无 RPC 消费，保留协议槽位给未来 "Reveal in Finder" 等本机动作 */
+      isLoopback: external_exports.boolean().optional(),
+      /** UI 拼 file-sharing HTTP 路由的前缀（http(s)://host:port），不含尾斜杠；frpc 反代时返反代地址 */
+      httpBaseUrl: external_exports.string().optional(),
+      /** file-sharing HTTP 路由的 Authorization: Bearer token；与 WS token 解耦，HTTP 401 仅触发 ReAuth 不强踢 WS（spec §11 第 4 条） */
+      httpToken: external_exports.string().optional()
     });
   }
 });
@@ -5093,6 +5194,7 @@ var init_runtime = __esm({
     init_frames();
     init_persona_schemas();
     init_persona_mode();
+    init_attachment_schemas();
   }
 });
@@ -5367,8 +5469,8 @@ var require_req = __commonJS({
       if (req.originalUrl) {
         _req.url = req.originalUrl;
       } else {
-        const path28 = req.path;
-        _req.url = typeof path28 === "string" ? path28 : req.url ? req.url.path || req.url : void 0;
+        const path31 = req.path;
+        _req.url = typeof path31 === "string" ? path31 : req.url ? req.url.path || req.url : void 0;
       }
       if (req.query) {
         _req.query = req.query;
@@ -5533,14 +5635,14 @@ var require_redact = __commonJS({
       }
       return obj;
     }
-    function parsePath(path28) {
+    function parsePath(path31) {
       const parts = [];
       let current = "";
       let inBrackets = false;
       let inQuotes = false;
       let quoteChar = "";
-      for (let i = 0; i < path28.length; i++) {
-        const char = path28[i];
+      for (let i = 0; i < path31.length; i++) {
+        const char = path31[i];
         if (!inBrackets && char === ".") {
           if (current) {
             parts.push(current);
@@ -5671,10 +5773,10 @@ var require_redact = __commonJS({
       return current;
     }
     function redactPaths(obj, paths, censor, remove = false) {
-      for (const path28 of paths) {
-        const parts = parsePath(path28);
+      for (const path31 of paths) {
+        const parts = parsePath(path31);
         if (parts.includes("*")) {
-          redactWildcardPath(obj, parts, censor, path28, remove);
+          redactWildcardPath(obj, parts, censor, path31, remove);
         } else {
           if (remove) {
             removeKey(obj, parts);
@@ -5759,8 +5861,8 @@ var require_redact = __commonJS({
           }
         } else {
           if (afterWildcard.includes("*")) {
-            const wrappedCensor = typeof censor === "function" ? (value, path28) => {
-              const fullPath = [...pathArray.slice(0, pathLength), ...path28];
+            const wrappedCensor = typeof censor === "function" ? (value, path31) => {
+              const fullPath = [...pathArray.slice(0, pathLength), ...path31];
               return censor(value, fullPath);
             } : censor;
             redactWildcardPath(current, afterWildcard, wrappedCensor, originalPath, remove);
@@ -5795,8 +5897,8 @@ var require_redact = __commonJS({
         return null;
       }
       const pathStructure = /* @__PURE__ */ new Map();
-      for (const path28 of pathsToClone) {
-        const parts = parsePath(path28);
+      for (const path31 of pathsToClone) {
+        const parts = parsePath(path31);
         let current = pathStructure;
         for (let i = 0; i < parts.length; i++) {
           const part = parts[i];
@@ -5848,24 +5950,24 @@ var require_redact = __commonJS({
       }
       return cloneSelectively(obj, pathStructure);
     }
-    function validatePath(path28) {
-      if (typeof path28 !== "string") {
+    function validatePath(path31) {
+      if (typeof path31 !== "string") {
         throw new Error("Paths must be (non-empty) strings");
       }
-      if (path28 === "") {
+      if (path31 === "") {
         throw new Error("Invalid redaction path ()");
       }
-      if (path28.includes("..")) {
-        throw new Error(`Invalid redaction path (${path28})`);
+      if (path31.includes("..")) {
+        throw new Error(`Invalid redaction path (${path31})`);
       }
-      if (path28.includes(",")) {
-        throw new Error(`Invalid redaction path (${path28})`);
+      if (path31.includes(",")) {
+        throw new Error(`Invalid redaction path (${path31})`);
       }
       let bracketCount = 0;
       let inQuotes = false;
       let quoteChar = "";
-      for (let i = 0; i < path28.length; i++) {
-        const char = path28[i];
+      for (let i = 0; i < path31.length; i++) {
+        const char = path31[i];
         if ((char === '"' || char === "'") && bracketCount > 0) {
           if (!inQuotes) {
             inQuotes = true;
@@ -5879,20 +5981,20 @@ var require_redact = __commonJS({
         } else if (char === "]" && !inQuotes) {
           bracketCount--;
           if (bracketCount < 0) {
-            throw new Error(`Invalid redaction path (${path28})`);
+            throw new Error(`Invalid redaction path (${path31})`);
           }
         }
       }
       if (bracketCount !== 0) {
-        throw new Error(`Invalid redaction path (${path28})`);
+        throw new Error(`Invalid redaction path (${path31})`);
       }
     }
     function validatePaths(paths) {
       if (!Array.isArray(paths)) {
         throw new TypeError("paths must be an array");
       }
-      for (const path28 of paths) {
-        validatePath(path28);
+      for (const path31 of paths) {
+        validatePath(path31);
       }
     }
     function slowRedact(options = {}) {
@@ -6060,8 +6162,8 @@ var require_redaction = __commonJS({
         if (shape[k2] === null) {
           o[k2] = (value) => topCensor(value, [k2]);
         } else {
-          const wrappedCensor = typeof censor === "function" ? (value, path28) => {
-            return censor(value, [k2, ...path28]);
+          const wrappedCensor = typeof censor === "function" ? (value, path31) => {
+            return censor(value, [k2, ...path31]);
           } : censor;
           o[k2] = Redact({
             paths: shape[k2],
@@ -6279,10 +6381,10 @@ var require_atomic_sleep = __commonJS({
 var require_sonic_boom = __commonJS({
   "../node_modules/.pnpm/sonic-boom@4.2.1/node_modules/sonic-boom/index.js"(exports2, module2) {
     "use strict";
-    var fs26 = require("fs");
+    var fs28 = require("fs");
     var EventEmitter2 = require("events");
     var inherits = require("util").inherits;
-    var path28 = require("path");
+    var path31 = require("path");
     var sleep = require_atomic_sleep();
     var assert = require("assert");
     var BUSY_WRITE_TIMEOUT = 100;
@@ -6336,20 +6438,20 @@ var require_sonic_boom = __commonJS({
       const mode = sonic.mode;
       if (sonic.sync) {
         try {
-          if (sonic.mkdir) fs26.mkdirSync(path28.dirname(file), { recursive: true });
-          const fd = fs26.openSync(file, flags, mode);
+          if (sonic.mkdir) fs28.mkdirSync(path31.dirname(file), { recursive: true });
+          const fd = fs28.openSync(file, flags, mode);
           fileOpened(null, fd);
         } catch (err) {
           fileOpened(err);
           throw err;
         }
       } else if (sonic.mkdir) {
-        fs26.mkdir(path28.dirname(file), { recursive: true }, (err) => {
+        fs28.mkdir(path31.dirname(file), { recursive: true }, (err) => {
           if (err) return fileOpened(err);
-          fs26.open(file, flags, mode, fileOpened);
+          fs28.open(file, flags, mode, fileOpened);
         });
       } else {
-        fs26.open(file, flags, mode, fileOpened);
+        fs28.open(file, flags, mode, fileOpened);
       }
     }
     function SonicBoom(opts) {
@@ -6390,8 +6492,8 @@ var require_sonic_boom = __commonJS({
         this.flush = flushBuffer;
         this.flushSync = flushBufferSync;
         this._actualWrite = actualWriteBuffer;
-        fsWriteSync = () => fs26.writeSync(this.fd, this._writingBuf);
-        fsWrite = () => fs26.write(this.fd, this._writingBuf, this.release);
+        fsWriteSync = () => fs28.writeSync(this.fd, this._writingBuf);
+        fsWrite = () => fs28.write(this.fd, this._writingBuf, this.release);
       } else if (contentMode === void 0 || contentMode === kContentModeUtf8) {
         this._writingBuf = "";
         this.write = write;
@@ -6400,15 +6502,15 @@ var require_sonic_boom = __commonJS({
         this._actualWrite = actualWrite;
         fsWriteSync = () => {
           if (Buffer.isBuffer(this._writingBuf)) {
-            return fs26.writeSync(this.fd, this._writingBuf);
+            return fs28.writeSync(this.fd, this._writingBuf);
           }
-          return fs26.writeSync(this.fd, this._writingBuf, "utf8");
+          return fs28.writeSync(this.fd, this._writingBuf, "utf8");
         };
         fsWrite = () => {
           if (Buffer.isBuffer(this._writingBuf)) {
-            return fs26.write(this.fd, this._writingBuf, this.release);
+            return fs28.write(this.fd, this._writingBuf, this.release);
           }
-          return fs26.write(this.fd, this._writingBuf, "utf8", this.release);
+          return fs28.write(this.fd, this._writingBuf, "utf8", this.release);
         };
       } else {
         throw new Error(`SonicBoom supports "${kContentModeUtf8}" and "${kContentModeBuffer}", but passed ${contentMode}`);
@@ -6465,7 +6567,7 @@ var require_sonic_boom = __commonJS({
           }
         }
         if (this._fsync) {
-          fs26.fsyncSync(this.fd);
+          fs28.fsyncSync(this.fd);
         }
         const len = this._len;
         if (this._reopening) {
@@ -6579,7 +6681,7 @@ var require_sonic_boom = __commonJS({
       const onDrain = () => {
         if (!this._fsync) {
           try {
-            fs26.fsync(this.fd, (err) => {
+            fs28.fsync(this.fd, (err) => {
               this._flushPending = false;
               cb(err);
             });
@@ -6681,7 +6783,7 @@ var require_sonic_boom = __commonJS({
       const fd = this.fd;
       this.once("ready", () => {
         if (fd !== this.fd) {
-          fs26.close(fd, (err) => {
+          fs28.close(fd, (err) => {
             if (err) {
               return this.emit("error", err);
             }
@@ -6730,7 +6832,7 @@ var require_sonic_boom = __commonJS({
           buf = this._bufs[0];
         }
         try {
-          const n = Buffer.isBuffer(buf) ? fs26.writeSync(this.fd, buf) : fs26.writeSync(this.fd, buf, "utf8");
+          const n = Buffer.isBuffer(buf) ? fs28.writeSync(this.fd, buf) : fs28.writeSync(this.fd, buf, "utf8");
           const releasedBufObj = releaseWritingBuf(buf, this._len, n);
           buf = releasedBufObj.writingBuf;
           this._len = releasedBufObj.len;
@@ -6746,7 +6848,7 @@ var require_sonic_boom = __commonJS({
         }
       }
       try {
-        fs26.fsyncSync(this.fd);
+        fs28.fsyncSync(this.fd);
       } catch {
       }
     }
@@ -6767,7 +6869,7 @@ var require_sonic_boom = __commonJS({
           buf = mergeBuf(this._bufs[0], this._lens[0]);
         }
         try {
-          const n = fs26.writeSync(this.fd, buf);
+          const n = fs28.writeSync(this.fd, buf);
           buf = buf.subarray(n);
           this._len = Math.max(this._len - n, 0);
           if (buf.length <= 0) {
@@ -6795,13 +6897,13 @@ var require_sonic_boom = __commonJS({
       this._writingBuf = this._writingBuf.length ? this._writingBuf : this._bufs.shift() || "";
       if (this.sync) {
         try {
-          const written = Buffer.isBuffer(this._writingBuf) ? fs26.writeSync(this.fd, this._writingBuf) : fs26.writeSync(this.fd, this._writingBuf, "utf8");
+          const written = Buffer.isBuffer(this._writingBuf) ? fs28.writeSync(this.fd, this._writingBuf) : fs28.writeSync(this.fd, this._writingBuf, "utf8");
           release(null, written);
         } catch (err) {
           release(err);
         }
       } else {
-        fs26.write(this.fd, this._writingBuf, release);
+        fs28.write(this.fd, this._writingBuf, release);
       }
     }
     function actualWriteBuffer() {
@@ -6810,7 +6912,7 @@ var require_sonic_boom = __commonJS({
       this._writingBuf = this._writingBuf.length ? this._writingBuf : mergeBuf(this._bufs.shift(), this._lens.shift());
       if (this.sync) {
         try {
-          const written = fs26.writeSync(this.fd, this._writingBuf);
+          const written = fs28.writeSync(this.fd, this._writingBuf);
           release(null, written);
         } catch (err) {
           release(err);
@@ -6819,7 +6921,7 @@ var require_sonic_boom = __commonJS({
         if (kCopyBuffer) {
           this._writingBuf = Buffer.from(this._writingBuf);
         }
-        fs26.write(this.fd, this._writingBuf, release);
+        fs28.write(this.fd, this._writingBuf, release);
       }
     }
     function actualClose(sonic) {
@@ -6835,12 +6937,12 @@ var require_sonic_boom = __commonJS({
       sonic._lens = [];
       assert(typeof sonic.fd === "number", `sonic.fd must be a number, got ${typeof sonic.fd}`);
       try {
-        fs26.fsync(sonic.fd, closeWrapped);
+        fs28.fsync(sonic.fd, closeWrapped);
       } catch {
       }
       function closeWrapped() {
         if (sonic.fd !== 1 && sonic.fd !== 2) {
-          fs26.close(sonic.fd, done);
+          fs28.close(sonic.fd, done);
         } else {
           done();
         }
@@ -9975,11 +10077,11 @@ var init_lib = __esm({
           }
         }
       },
-      addToPath: function addToPath(path28, added, removed, oldPosInc, options) {
-        var last = path28.lastComponent;
+      addToPath: function addToPath(path31, added, removed, oldPosInc, options) {
+        var last = path31.lastComponent;
         if (last && !options.oneChangePerToken && last.added === added && last.removed === removed) {
           return {
-            oldPos: path28.oldPos + oldPosInc,
+            oldPos: path31.oldPos + oldPosInc,
             lastComponent: {
               count: last.count + 1,
               added,
@@ -9989,7 +10091,7 @@ var init_lib = __esm({
           };
         } else {
           return {
-            oldPos: path28.oldPos + oldPosInc,
+            oldPos: path31.oldPos + oldPosInc,
             lastComponent: {
               count: 1,
               added,
@@ -10420,10 +10522,10 @@ function attachmentToHistoryMessage(o, ts) {
     const memories = raw.map((m2) => {
       if (!m2 || typeof m2 !== "object") return null;
       const rec = m2;
-      const path28 = typeof rec.path === "string" ? rec.path : null;
+      const path31 = typeof rec.path === "string" ? rec.path : null;
       const content = typeof rec.content === "string" ? rec.content : null;
-      if (!path28 || content == null) return null;
-      const entry = { path: path28, content };
+      if (!path31 || content == null) return null;
+      const entry = { path: path31, content };
       if (typeof rec.mtimeMs === "number") entry.mtimeMs = rec.mtimeMs;
       return entry;
     }).filter((m2) => m2 !== null);
@@ -11227,10 +11329,10 @@ function parseAttachment(obj) {
     const memories = raw.map((m2) => {
       if (!m2 || typeof m2 !== "object") return null;
       const rec = m2;
-      const path28 = typeof rec.path === "string" ? rec.path : null;
+      const path31 = typeof rec.path === "string" ? rec.path : null;
       const content = typeof rec.content === "string" ? rec.content : null;
-      if (!path28 || content == null) return null;
-      const out = { path: path28, content };
+      if (!path31 || content == null) return null;
+      const out = { path: path31, content };
       if (typeof rec.mtimeMs === "number") out.mtimeMs = rec.mtimeMs;
       return out;
     }).filter((m2) => m2 !== null);
@@ -18725,7 +18827,7 @@ var require_websocket = __commonJS({
     "use strict";
     var EventEmitter2 = require("events");
     var https = require("https");
-    var http = require("http");
+    var http2 = require("http");
     var net = require("net");
     var tls = require("tls");
     var { randomBytes, createHash } = require("crypto");
@@ -19259,7 +19361,7 @@ var require_websocket = __commonJS({
       }
       const defaultPort = isSecure ? 443 : 80;
       const key = randomBytes(16).toString("base64");
-      const request = isSecure ? https.request : http.request;
+      const request = isSecure ? https.request : http2.request;
       const protocolSet = /* @__PURE__ */ new Set();
       let perMessageDeflate;
       opts.createConnection = opts.createConnection || (isSecure ? tlsConnect : netConnect);
@@ -19753,7 +19855,7 @@ var require_websocket_server = __commonJS({
   "../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/websocket-server.js"(exports2, module2) {
     "use strict";
     var EventEmitter2 = require("events");
-    var http = require("http");
+    var http2 = require("http");
     var { Duplex } = require("stream");
     var { createHash } = require("crypto");
     var extension2 = require_extension();
@@ -19828,8 +19930,8 @@ var require_websocket_server = __commonJS({
           );
         }
         if (options.port != null) {
-          this._server = http.createServer((req, res) => {
-            const body = http.STATUS_CODES[426];
+          this._server = http2.createServer((req, res) => {
+            const body = http2.STATUS_CODES[426];
             res.writeHead(426, {
               "Content-Length": body.length,
               "Content-Type": "text/plain"
@@ -20116,7 +20218,7 @@ var require_websocket_server = __commonJS({
       this.destroy();
     }
     function abortHandshake(socket, code, message, headers) {
-      message = message || http.STATUS_CODES[code];
+      message = message || http2.STATUS_CODES[code];
       headers = {
         Connection: "close",
         "Content-Type": "text/html",
@@ -20125,7 +20227,7 @@ var require_websocket_server = __commonJS({
       };
       socket.once("finish", socket.destroy);
       socket.end(
-        `HTTP/1.1 ${code} ${http.STATUS_CODES[code]}\r
+        `HTTP/1.1 ${code} ${http2.STATUS_CODES[code]}\r
 ` + Object.keys(headers).map((h) => `${h}: ${headers[h]}`).join("\r\n") + "\r\n\r\n" + message
       );
     }
@@ -20144,7 +20246,7 @@ var require_websocket_server = __commonJS({
 // src/run-case/recorder.ts
 function startRunCaseRecorder(opts) {
   const now = opts.now ?? Date.now;
-  const dir = import_node_path24.default.dirname(opts.recordPath);
+  const dir = import_node_path27.default.dirname(opts.recordPath);
   let stream = null;
   let closing = false;
   let closedSettled = false;
@@ -20158,8 +20260,8 @@ function startRunCaseRecorder(opts) {
   });
   const ensureStream = () => {
     if (stream) return stream;
-    import_node_fs23.default.mkdirSync(dir, { recursive: true });
-    stream = import_node_fs23.default.createWriteStream(opts.recordPath, { flags: "a" });
+    import_node_fs25.default.mkdirSync(dir, { recursive: true });
+    stream = import_node_fs25.default.createWriteStream(opts.recordPath, { flags: "a" });
     stream.on("close", () => closedResolve());
     return stream;
   };
@@ -20184,12 +20286,12 @@ function startRunCaseRecorder(opts) {
   };
   return { tap, close, closed };
 }
-var import_node_fs23, import_node_path24;
+var import_node_fs25, import_node_path27;
 var init_recorder = __esm({
   "src/run-case/recorder.ts"() {
     "use strict";
-    import_node_fs23 = __toESM(require("fs"), 1);
-    import_node_path24 = __toESM(require("path"), 1);
+    import_node_fs25 = __toESM(require("fs"), 1);
+    import_node_path27 = __toESM(require("path"), 1);
   }
 });
@@ -20232,7 +20334,7 @@ var init_wire = __esm({
 // src/run-case/controller.ts
 async function runController(opts) {
   const now = opts.now ?? Date.now;
-  const cwd = opts.cwd ?? (0, import_node_fs24.mkdtempSync)(import_node_path25.default.join(import_node_os15.default.tmpdir(), "clawd-runcase-"));
+  const cwd = opts.cwd ?? (0, import_node_fs26.mkdtempSync)(import_node_path28.default.join(import_node_os15.default.tmpdir(), "clawd-runcase-"));
   const ownsCwd = opts.cwd === void 0;
   const recorder = startRunCaseRecorder({ recordPath: opts.record, now });
   const spawnCtx = { cwd };
@@ -20393,19 +20495,19 @@ async function runController(opts) {
   if (sigintHandler) process.off("SIGINT", sigintHandler);
   if (ownsCwd) {
     try {
-      (0, import_node_fs24.rmSync)(cwd, { recursive: true, force: true });
+      (0, import_node_fs26.rmSync)(cwd, { recursive: true, force: true });
     } catch {
     }
   }
   return exitCode ?? 0;
 }
-var import_node_fs24, import_node_os15, import_node_path25;
+var import_node_fs26, import_node_os15, import_node_path28;
 var init_controller = __esm({
   "src/run-case/controller.ts"() {
     "use strict";
-    import_node_fs24 = require("fs");
+    import_node_fs26 = require("fs");
     import_node_os15 = __toESM(require("os"), 1);
-    import_node_path25 = __toESM(require("path"), 1);
+    import_node_path28 = __toESM(require("path"), 1);
     init_claude();
     init_stdout_splitter();
     init_permission_stdio();
@@ -20637,8 +20739,8 @@ Env (advanced):
 `;
 // src/index.ts
-var import_node_path23 = __toESM(require("path"), 1);
-var import_node_fs22 = __toESM(require("fs"), 1);
+var import_node_path26 = __toESM(require("path"), 1);
+var import_node_fs24 = __toESM(require("fs"), 1);
 // src/logger.ts
 var import_node_fs2 = __toESM(require("fs"), 1);
@@ -21630,6 +21732,11 @@ var SessionRunner = class {
   // sub-session idle-kill timer ref；key = sessionId（实际同一 runner 只对应一个 session，
   // 但 reducer Effect schema 带 sessionId 作为唯一键，对齐 schedule/cancel 配对）
   idleKillTimers = /* @__PURE__ */ new Map();
+  // file-sharing 待配对的 file-edit tool_use（spec §6 PR 3）：在同一 session 流里
+  // tool_use（kind='tool_call'）与 tool_result 通过 toolUseId 配对。tool_use 提前到，
+  // 等 tool_result 来时反查 path 调 onFileEdit。条目 in-flight 期间很少（个位数），
+  // 不需要 LRU；session 退出时整个 runner 销毁自然清理。
+  pendingFileEdits = /* @__PURE__ */ new Map();
   getState() {
     return this.state;
   }
@@ -21638,7 +21745,13 @@ var SessionRunner = class {
     const personaStore = this.hooks.personaStore;
     const adapter = this.hooks.adapter;
     const deps = {
-      parseLine: (l) => adapter.parseLine(l),
+      // file-sharing (spec §6 PR 3)：在 stdout-line 解析时同步观察 file-edit 工具事件，
+      // 配对 tool_use ↔ tool_result 调 onFileEdit。原 reducer 路径不变。
+      parseLine: (l) => {
+        const events = adapter.parseLine(l);
+        if (this.hooks.onFileEdit) this.observeForFileEdit(events);
+        return events;
+      },
       // persona mention injection 在 deps 装配处包一层，对 reducer 完全透明。
       // 命中 mention 时拆成两条 stdin 帧（先 system-reminder 块、后 user 原文）：
       //   - CC stream-json 按行处理，落盘是两条独立 user message；
@@ -21706,8 +21819,54 @@ var SessionRunner = class {
   // reducer 的 batch dedup 按 events[0].uuid 整组处理，避免跨路径重复。
   feedObserverEvents(events) {
     if (events.length === 0) return;
+    if (this.hooks.onFileEdit) this.observeForFileEdit(events);
     this.input({ kind: "inject-events", events });
   }
+  /**
+   * file-sharing tool_use ↔ tool_result 配对（spec §6 PR 3）。
+   *
+   * 1) tool_call kind + tool ∈ FILE_EDIT_TOOLS → cache toolUseId → { tool, relPath }
+   *    relPath 从 input 里取（Write/Edit/MultiEdit 是 file_path，NotebookEdit 是 notebook_path）。
+   * 2) tool_result kind + cache 命中 + 非 error → 调 onFileEdit + 删 cache
+   * 3) tool_result kind + cache 命中 + 是 error → 删 cache，不调（spec 只要"成功"才入清单）
+   * 4) tool_call 但 input 没有 path → 不 cache（防御）
+   *
+   * 不破坏 reducer 路径——纯只读扫描 events 数组。
+   */
+  observeForFileEdit(events) {
+    const cb = this.hooks.onFileEdit;
+    if (!cb) return;
+    for (const ev of events) {
+      if (ev.kind === "tool_call") {
+        const tool = ev.tool;
+        if (!isFileEditTool(tool)) continue;
+        const relPath = extractEditPath(ev.input);
+        if (!relPath) continue;
+        this.pendingFileEdits.set(ev.toolUseId, {
+          tool,
+          relPath
+        });
+      } else if (ev.kind === "tool_result") {
+        const pending = this.pendingFileEdits.get(ev.toolUseId);
+        if (!pending) continue;
+        this.pendingFileEdits.delete(ev.toolUseId);
+        if (ev.error != null) continue;
+        try {
+          cb({
+            toolUseId: ev.toolUseId,
+            tool: pending.tool,
+            relPath: pending.relPath,
+            cwd: this.state.file.cwd
+          });
+        } catch (err) {
+          this.hooks.logger?.warn("onFileEdit hook threw", {
+            err: err.message,
+            sessionId: this.state.file.sessionId
+          });
+        }
+      }
+    }
+  }
   // 向子进程 stdin 写一条 CC IPC `control_request` 并返回 Promise<response>
   // —— CC 侧会异步回写匹配 request_id 的 `control_response` 帧，
   // 在 stdout 行处理入口被 tryHandleControlResponse 拦截并 resolve pending
@@ -21897,6 +22056,15 @@ var SessionRunner = class {
     }
   }
 };
+function isFileEditTool(name) {
+  return name === "Write" || name === "Edit" || name === "MultiEdit" || name === "NotebookEdit";
+}
+function extractEditPath(input) {
+  if (!input || typeof input !== "object") return null;
+  const o = input;
+  const candidate = typeof o.file_path === "string" && o.file_path || typeof o.notebook_path === "string" && o.notebook_path || typeof o.path === "string" && o.path || null;
+  return candidate || null;
+}
 // src/session/manager.ts
 function compressFrameForWire(frame) {
@@ -21953,16 +22121,6 @@ function nowIso2(deps) {
 function newSessionId() {
   return v4_default().replace(/-/g, "").slice(0, 16);
 }
-function derivePersonaSpawnCwd(file, personaRoot) {
-  const personaId = file.ownerPersonaId;
-  if (!personaId) return file.cwd;
-  if (!personaRoot) {
-    throw new Error(
-      `derivePersonaSpawnCwd: personaRoot missing for owner session ${file.sessionId} (ownerPersonaId=${personaId})`
-    );
-  }
-  return import_node_path6.default.join(personaRoot, safeFileName(personaId));
-}
 function makeInitialState(file, subSessionMeta) {
   return {
     file,
@@ -22121,24 +22279,7 @@ var SessionManager = class {
     const adapter = this.deps.getAdapter(file.tool ?? "claude");
     const store = this.storeFor(scope);
     const subSessionMeta = metaFromScope(scope, this.deps.personaRoot ?? "");
-    const correctedCwd = derivePersonaSpawnCwd(file, this.deps.personaRoot);
-    if (correctedCwd !== file.cwd) {
-      this.deps.logger?.warn("owner session cwd drifted from persona dir; auto-correcting", {
-        sessionId: file.sessionId,
-        ownerPersonaId: file.ownerPersonaId,
-        stale: file.cwd,
-        corrected: correctedCwd
-      });
-      file = { ...file, cwd: correctedCwd, updatedAt: nowIso2(this.deps) };
-      try {
-        store.write(file);
-      } catch (err) {
-        this.deps.logger?.warn("failed to persist auto-corrected owner cwd", {
-          sessionId: file.sessionId,
-          error: err.message
-        });
-      }
-    }
+    const attachmentGroup = this.deps.attachmentGroup;
     const runner = new SessionRunner(makeInitialState(file, subSessionMeta), {
       broadcastFrame: (frame, target) => this.routeFromRunner(frame, target),
       store,
@@ -22151,7 +22292,15 @@ var SessionManager = class {
       resolveContextWindow: (tool, modelId) => this.deps.getAdapter(tool).resolveContextWindow(modelId),
       dataDir: this.deps.dataDir,
       personaStore: this.deps.personaStore,
-      ownerDisplayName: this.deps.ownerDisplayName
+      ownerDisplayName: this.deps.ownerDisplayName,
+      // file-sharing (spec §6 PR 3)：闭包 scope + sessionId，runner 只暴露 tool/relPath/cwd
+      onFileEdit: attachmentGroup ? (input) => attachmentGroup.onFileEdit({
+        scope,
+        sessionId: file.sessionId,
+        tool: input.tool,
+        relPath: input.relPath,
+        cwd: input.cwd
+      }) : void 0
     });
     if (this.deps.mode === "tui" && !file.toolSessionId) {
       const newTsid = v4_default();
@@ -22239,31 +22388,14 @@ var SessionManager = class {
   }
   // ---- 命令方法：均返回 { response, broadcast[] }，由 dispatcher 聚合 ----
   create(args) {
-    this.deps.logger?.warn("[spawn-cwd-debug] manager.create entry", {
-      argsOwnerPersonaId: args.ownerPersonaId,
-      argsCwd: args.cwd,
-      personaRoot: this.deps.personaRoot
-    });
-    let cwd;
-    if (args.ownerPersonaId) {
-      cwd = derivePersonaSpawnCwd(
-        {
-          sessionId: "",
-          cwd: args.cwd ?? "",
-          tool: "claude",
-          ownerPersonaId: args.ownerPersonaId,
-          createdAt: "",
-          updatedAt: ""
-        },
-        this.deps.personaRoot
-      );
-      this.deps.logger?.warn("[spawn-cwd-debug] derived persona cwd", { derivedCwd: cwd });
-    } else if (args.cwd) {
-      cwd = args.cwd;
-      this.deps.logger?.warn("[spawn-cwd-debug] using args.cwd (no ownerPersonaId)", {
-        cwd
-      });
-    } else {
+    let cwd = args.cwd;
+    if (args.ownerPersonaId && !cwd) {
+      if (!this.deps.personaRoot) {
+        throw new Error("personaRoot required to derive cwd from ownerPersonaId");
+      }
+      cwd = import_node_path6.default.join(this.deps.personaRoot, safeFileName(args.ownerPersonaId));
+    }
+    if (!cwd) {
       throw new ClawdError(ERROR_CODES.INVALID_CWD, "cwd required when ownerPersonaId is absent");
     }
     try {
@@ -23319,6 +23451,21 @@ var PersonaRegistry = class {
     if (entry.revoked) return { ok: false, code: "TOKEN_REVOKED" };
     return { ok: true, label: entry.label };
   }
+  /**
+   * file-sharing HTTP auth-context 用的逆向查表：只有 Bearer token，没有 personaId。
+   * 线性扫所有 persona.tokenMap 找到第一条 ok 命中的；revoked / non-public persona 跳过。
+   * persona 数量通常 < 100，性能可忽略。
+   */
+  findByToken(token) {
+    if (!token) return null;
+    for (const persona of this.cache.values()) {
+      if (!persona.public) continue;
+      const entry = persona.tokenMap[token];
+      if (!entry || entry.revoked) continue;
+      return { personaId: persona.personaId, label: entry.label };
+    }
+    return null;
+  }
 };
 // src/persona/manager.ts
@@ -25260,6 +25407,7 @@ var import_websocket = __toESM(require_websocket(), 1);
 var import_websocket_server = __toESM(require_websocket_server(), 1);
 // src/transport/local-ws-server.ts
+var import_node_http = __toESM(require("http"), 1);
 var PERSONA_PATH_RE = /^\/personas\/([a-zA-Z0-9._-]+)$/;
 var LocalWsServer = class {
   constructor(opts) {
@@ -25269,6 +25417,7 @@ var LocalWsServer = class {
   }
   opts;
   wss = null;
+  httpServer = null;
   frameHandler = null;
   clients = /* @__PURE__ */ new Map();
   logger;
@@ -25276,25 +25425,28 @@ var LocalWsServer = class {
   async start() {
     const host = this.opts.host ?? "127.0.0.1";
     await new Promise((resolve2, reject) => {
-      const wss = new import_websocket_server.default({
-        host,
-        port: this.opts.port,
-        clientTracking: true
+      const httpServer = import_node_http.default.createServer((req, res) => this.handleHttpRequest(req, res));
+      const wss = new import_websocket_server.default({ noServer: true, clientTracking: true });
+      httpServer.on("upgrade", (req, socket, head) => {
+        wss.handleUpgrade(req, socket, head, (ws) => {
+          this.routeConnection(ws, req);
+        });
       });
-      wss.on("listening", () => {
+      httpServer.on("listening", () => {
         this.logger?.info("ws listening", { host, port: this.opts.port });
         resolve2();
       });
-      wss.on("error", (err) => {
+      httpServer.on("error", (err) => {
         this.logger?.error("ws server error", { err: err.message });
         reject(err);
       });
-      wss.on("connection", (socket, req) => this.routeConnection(socket, req));
+      httpServer.listen(this.opts.port, host);
+      this.httpServer = httpServer;
       this.wss = wss;
     });
   }
   async stop() {
-    if (!this.wss) return;
+    if (!this.httpServer) return;
     for (const c of this.clients.values()) {
       try {
         c.ws.close(1001, "shutdown");
@@ -25306,7 +25458,32 @@ var LocalWsServer = class {
     await new Promise((resolve2) => {
       this.wss?.close(() => resolve2());
     });
+    await new Promise((resolve2) => {
+      this.httpServer?.close(() => resolve2());
+    });
     this.wss = null;
+    this.httpServer = null;
+  }
+  /** http.createServer 'request' 入口：file-sharing 路由优先，未命中走 404 */
+  async handleHttpRequest(req, res) {
+    const handler = this.opts.httpRequestHandler;
+    if (handler) {
+      try {
+        const handled = await handler(req, res);
+        if (handled) return;
+      } catch (err) {
+        this.logger?.warn("http handler threw", { err: err.message });
+        if (!res.headersSent) {
+          res.writeHead(500, { "Content-Type": "application/json; charset=utf-8" });
+          res.end(JSON.stringify({ code: "INTERNAL", message: "http handler error" }));
+        }
+        return;
+      }
+    }
+    if (!res.headersSent) {
+      res.writeHead(404, { "Content-Type": "application/json; charset=utf-8" });
+      res.end(JSON.stringify({ code: "NOT_FOUND", message: "no route" }));
+    }
   }
   onFrame(handler) {
     this.frameHandler = handler;
@@ -25408,7 +25585,7 @@ var LocalWsServer = class {
     }
     try {
       if (authed) {
-        const readyFrame = this.opts.readyFrameBuilder();
+        const readyFrame = this.opts.readyFrameBuilder({ remoteAddress });
         this.safeSend(socket, { type: "ready", ...readyFrame });
       } else {
         this.safeSend(socket, { type: "ready", protocolVersion: this.opts.protocolVersion });
@@ -25445,7 +25622,7 @@ var LocalWsServer = class {
       if (verdict !== "pass") {
         if (!wasAuthed && authGate.isAuthed(client.id)) {
           try {
-            const full = this.opts.readyFrameBuilder();
+            const full = this.opts.readyFrameBuilder({ remoteAddress });
             this.safeSend(this.clients.get(client.id).ws, { type: "ready", ...full });
           } catch (err) {
             this.logger?.warn("post-auth ready frame build failed", { err: err.message });
@@ -26042,11 +26219,603 @@ function isLocalhost(addr) {
   return addr === "127.0.0.1" || addr === "::1" || addr === "::ffff:127.0.0.1";
 }
-// src/discovery/state-file.ts
+// src/transport/auth-context.ts
+var AuthContextResolver = class {
+  constructor(opts) {
+    this.opts = opts;
+  }
+  opts;
+  /**
+   * 从 `Authorization` 头解析。null = 无凭证 / 不识别 / revoked，调用方一律 401。
+   * remoteAddress 用于 isLoopback 判定（loopback = 127.0.0.1 / ::1 / ::ffff:127.0.0.1）。
+   */
+  resolveFromHeader(authHeader, remoteAddress) {
+    const token = parseBearer(authHeader);
+    if (!token) return null;
+    const isLoopback = isLoopbackAddr(remoteAddress);
+    if (this.opts.ownerToken && constantTimeEqual2(token, this.opts.ownerToken)) {
+      return { role: "owner", isLoopback };
+    }
+    const personalHit = this.opts.personaRegistry.findByToken(token);
+    if (personalHit) {
+      return {
+        role: "personal",
+        personaId: personalHit.personaId,
+        label: personalHit.label,
+        isLoopback
+      };
+    }
+    return null;
+  }
+};
+function parseBearer(header) {
+  if (!header) return null;
+  const raw = Array.isArray(header) ? header[0] : header;
+  if (typeof raw !== "string") return null;
+  const m2 = /^Bearer\s+(\S+)$/i.exec(raw.trim());
+  return m2 ? m2[1] : null;
+}
+function isLoopbackAddr(addr) {
+  if (!addr) return false;
+  return addr === "127.0.0.1" || addr === "::1" || addr === "::ffff:127.0.0.1";
+}
+function constantTimeEqual2(a, b2) {
+  if (a.length !== b2.length) return false;
+  let diff2 = 0;
+  for (let i = 0; i < a.length; i++) diff2 |= a.charCodeAt(i) ^ b2.charCodeAt(i);
+  return diff2 === 0;
+}
+// src/transport/http-router.ts
+var import_node_fs14 = __toESM(require("fs"), 1);
+var import_node_path16 = __toESM(require("path"), 1);
+// src/attachment/group.ts
 var import_node_fs13 = __toESM(require("fs"), 1);
 var import_node_path14 = __toESM(require("path"), 1);
+var import_node_crypto4 = __toESM(require("crypto"), 1);
+init_protocol();
+var GroupFileStore = class {
+  dataDir;
+  logger;
+  cache = /* @__PURE__ */ new Map();
+  constructor(opts) {
+    this.dataDir = opts.dataDir;
+    this.logger = opts.logger;
+  }
+  rootForScope(scope) {
+    return import_node_path14.default.join(this.dataDir, "sessions", ...scopeSubPath(scope).map(safeFileName));
+  }
+  /** 与 SessionStore.filePath 平级，扩展名 .group-files.json */
+  filePath(scope, sessionId) {
+    return import_node_path14.default.join(this.rootForScope(scope), `${safeFileName(sessionId)}.group-files.json`);
+  }
+  cacheKey(scope, sessionId) {
+    return scope.kind === "default" ? `default::${sessionId}` : `persona:${scope.personaId}:${scope.mode}::${sessionId}`;
+  }
+  /** 从磁盘读一份；不存在 → 空数组；schema 不匹配的条目 → 跳过（防腐） */
+  readFile(scope, sessionId) {
+    const file = this.filePath(scope, sessionId);
+    try {
+      const raw = import_node_fs13.default.readFileSync(file, "utf8");
+      const parsed = JSON.parse(raw);
+      if (!Array.isArray(parsed)) {
+        this.logger?.warn("GroupFileStore.readFile: not an array; resetting session entries", {
+          file
+        });
+        return [];
+      }
+      const out = [];
+      for (const entry of parsed) {
+        const r = GroupFileEntrySchema.safeParse(entry);
+        if (r.success) out.push(r.data);
+      }
+      return out;
+    } catch (err) {
+      const code = err?.code;
+      if (code === "ENOENT") return [];
+      this.logger?.warn("GroupFileStore.readFile failed", {
+        file,
+        err: err.message
+      });
+      return [];
+    }
+  }
+  writeFile(scope, sessionId, entries) {
+    const file = this.filePath(scope, sessionId);
+    import_node_fs13.default.mkdirSync(import_node_path14.default.dirname(file), { recursive: true });
+    const tmp = `${file}.tmp-${process.pid}-${Date.now()}`;
+    import_node_fs13.default.writeFileSync(tmp, JSON.stringify(entries, null, 2), { mode: 384 });
+    import_node_fs13.default.renameSync(tmp, file);
+  }
+  /** 拉一份当前 session 的清单。读盘 → cache；之后调用复用 cache */
+  list(scope, sessionId) {
+    const key = this.cacheKey(scope, sessionId);
+    const cached = this.cache.get(key);
+    if (cached) return cached.entries;
+    const entries = this.readFile(scope, sessionId);
+    this.cache.set(key, { entries, scope });
+    return entries;
+  }
+  /**
+   * upsert：
+   *   - 同 relPath 已存在 → 更新 lastEditedAt + clear stale；不动 from / addedAt / id
+   *     （保留首次入群人 / 入群时刻）
+   *   - 不存在 → append，id 派生稳定 uuid，addedAt = now
+   *
+   * 返回最新 entry（caller 可用来 broadcast 通知）。
+   */
+  upsert(scope, sessionId, input, now = Date.now()) {
+    const entries = this.list(scope, sessionId).slice();
+    const idx = entries.findIndex((e) => e.relPath === input.relPath);
+    let next;
+    if (idx >= 0) {
+      const prev = entries[idx];
+      next = {
+        ...prev,
+        size: input.size,
+        mime: input.mime,
+        lastEditedAt: now,
+        stale: false
+        // label 不在 upsert 路径覆盖（owner +Add 走另一条路径）
+      };
+      entries[idx] = next;
+    } else {
+      next = {
+        id: `gf-${import_node_crypto4.default.randomBytes(6).toString("base64url")}`,
+        relPath: input.relPath,
+        from: input.from,
+        label: input.label,
+        size: input.size,
+        mime: input.mime,
+        addedAt: now
+        // agent 第一次 upsert 时不写 lastEditedAt（语义上 = 首次"编辑" = addedAt）
+      };
+      entries.push(next);
+    }
+    this.writeFile(scope, sessionId, entries);
+    this.cache.set(this.cacheKey(scope, sessionId), { entries, scope });
+    return next;
+  }
+  /**
+   * 标记一个 relPath stale（agent rm / mv 后文件不在）。
+   * - 命中 → stale=true，UI 灰显
+   * - 未命中 → noop（不需要为不在群里的文件创建 stale 条目）
+   *
+   * 注：spec §6 "Bash 命令是 rm 形态"启发式不强求 — runner 暂不调，留给后续优化
+   */
+  markStale(scope, sessionId, relPath) {
+    const entries = this.list(scope, sessionId).slice();
+    const idx = entries.findIndex((e) => e.relPath === relPath);
+    if (idx < 0) return;
+    if (entries[idx].stale) return;
+    entries[idx] = { ...entries[idx], stale: true };
+    this.writeFile(scope, sessionId, entries);
+    this.cache.set(this.cacheKey(scope, sessionId), { entries, scope });
+  }
+  /**
+   * 真删一条群文件条目（用于 owner 撤销自己 +Add 的入群操作）。
+   * agent 自动入群的不应走这条 —— 用 markStale 表达"文件不在了"语义；
+   * owner 手动加错了，应该能彻底从列表移除而不是留个 stale 占位。
+   *
+   * 返回值：true=命中并删除；false=relPath 不在群里。
+   */
+  remove(scope, sessionId, relPath) {
+    const entries = this.list(scope, sessionId).slice();
+    const idx = entries.findIndex((e) => e.relPath === relPath);
+    if (idx < 0) return false;
+    entries.splice(idx, 1);
+    this.writeFile(scope, sessionId, entries);
+    this.cache.set(this.cacheKey(scope, sessionId), { entries, scope });
+    return true;
+  }
+  /**
+   * 跨 session 聚合查询（spec §4 HTTP ACL：personal 视野并集）。
+   *
+   * 扫 <dataDir>/sessions/<personaId>/owner/*.group-files.json 和
+   * <dataDir>/sessions/<personaId>/listener/*.group-files.json，每文件读一份。
+   *
+   * 复杂度 O(N sessions × N entries)，N 通常 < 100，可接受。
+   */
+  listByPersona(personaId) {
+    const out = [];
+    for (const mode of ["owner", "listener"]) {
+      const scope = { kind: "persona", personaId, mode };
+      const root = this.rootForScope(scope);
+      let names;
+      try {
+        names = import_node_fs13.default.readdirSync(root);
+      } catch (err) {
+        const code = err?.code;
+        if (code === "ENOENT") continue;
+        continue;
+      }
+      for (const name of names) {
+        if (!name.endsWith(".group-files.json")) continue;
+        const sessionId = name.slice(0, -".group-files.json".length);
+        if (!sessionId) continue;
+        const entries = this.list(scope, sessionId);
+        out.push({ sessionId, entries });
+      }
+    }
+    return out;
+  }
+};
+function personalViewable(groupStore, personaDir, personaId, absPath) {
+  const realTarget = safeRealpath(absPath);
+  if (!realTarget) {
+    return false;
+  }
+  const personasUnion = groupStore.listByPersona(personaId);
+  for (const { entries } of personasUnion) {
+    for (const e of entries) {
+      if (e.stale) continue;
+      const realEntry = safeRealpath(import_node_path14.default.join(personaDir, e.relPath));
+      if (realEntry && realEntry === realTarget) return true;
+    }
+  }
+  return false;
+}
+function safeRealpath(p2) {
+  try {
+    return import_node_fs13.default.realpathSync(p2);
+  } catch {
+    return null;
+  }
+}
+// src/attachment/mime.ts
+var import_node_path15 = __toESM(require("path"), 1);
+var TEXT_PLAIN = "text/plain; charset=utf-8";
+var EXT_TO_NATIVE_MIME = {
+  // 图片
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".gif": "image/gif",
+  ".webp": "image/webp",
+  ".svg": "image/svg+xml",
+  ".bmp": "image/bmp",
+  ".ico": "image/x-icon",
+  ".avif": "image/avif",
+  // 文档 / 富文本
+  ".pdf": "application/pdf",
+  ".html": "text/html; charset=utf-8",
+  ".htm": "text/html; charset=utf-8",
+  // 视频 / 音频
+  ".mp4": "video/mp4",
+  ".webm": "video/webm",
+  ".mov": "video/quicktime",
+  ".mp3": "audio/mpeg",
+  ".wav": "audio/wav",
+  ".ogg": "audio/ogg",
+  ".flac": "audio/flac",
+  // 真二进制（让浏览器下载而不是错把它当文本明文）
+  ".zip": "application/zip",
+  ".gz": "application/gzip",
+  ".tar": "application/x-tar",
+  ".7z": "application/x-7z-compressed",
+  ".rar": "application/x-rar-compressed"
+};
+var TEXT_EXTENSIONS = /* @__PURE__ */ new Set([
+  // 文档
+  ".md",
+  ".markdown",
+  ".rst",
+  ".adoc",
+  ".txt",
+  ".log",
+  // 通用结构化
+  ".json",
+  ".jsonc",
+  ".json5",
+  ".yaml",
+  ".yml",
+  ".toml",
+  ".xml",
+  ".csv",
+  ".tsv",
+  ".ini",
+  ".conf",
+  ".cfg",
+  ".env",
+  // 前端
+  ".js",
+  ".jsx",
+  ".mjs",
+  ".cjs",
+  ".ts",
+  ".tsx",
+  ".css",
+  ".scss",
+  ".sass",
+  ".less",
+  ".vue",
+  ".svelte",
+  ".graphql",
+  ".gql",
+  // 后端 / 各语言
+  ".py",
+  ".rb",
+  ".go",
+  ".rs",
+  ".java",
+  ".kt",
+  ".kts",
+  ".scala",
+  ".c",
+  ".h",
+  ".cpp",
+  ".hpp",
+  ".cc",
+  ".hh",
+  ".cs",
+  ".php",
+  ".swift",
+  ".m",
+  ".mm",
+  ".dart",
+  ".lua",
+  ".pl",
+  ".r",
+  ".sh",
+  ".bash",
+  ".zsh",
+  ".fish",
+  // 其他
+  ".sql",
+  ".proto",
+  ".dockerfile",
+  ".diff",
+  ".patch",
+  ".makefile",
+  ".mk"
+]);
+function lookupMime(filePathOrName) {
+  const ext = import_node_path15.default.extname(filePathOrName).toLowerCase();
+  if (EXT_TO_NATIVE_MIME[ext]) return EXT_TO_NATIVE_MIME[ext];
+  if (TEXT_EXTENSIONS.has(ext)) return TEXT_PLAIN;
+  return "application/octet-stream";
+}
+// src/attachment/sign-url.ts
+var import_node_crypto5 = __toESM(require("crypto"), 1);
+var HMAC_ALGO = "sha256";
+function base64urlEncode(buf) {
+  const b2 = typeof buf === "string" ? Buffer.from(buf, "utf8") : buf;
+  return b2.toString("base64url");
+}
+function base64urlDecodeBuf(s) {
+  return Buffer.from(s, "base64url");
+}
+function encodeAbsPathForUrl(absPath) {
+  return absPath.split("/").map(encodeURIComponent).join("/");
+}
+function decodeAbsPathFromUrl(encoded) {
+  return encoded.split("/").map(decodeURIComponent).join("/");
+}
+function computeSig(secret, absPath, e) {
+  const msg = e === null ? absPath : `${absPath}|${e}`;
+  return import_node_crypto5.default.createHmac(HMAC_ALGO, secret).update(msg).digest();
+}
+function signUrlParts(secret, absPath, ttlSeconds, now = Date.now) {
+  const e = ttlSeconds === null ? null : Math.floor(now() / 1e3) + ttlSeconds;
+  const s = base64urlEncode(computeSig(secret, absPath, e));
+  return { absPath, e, s };
+}
+function buildSignedFileUrl(httpBaseUrl, parts) {
+  const encodedPath = encodeAbsPathForUrl(parts.absPath);
+  const query = parts.e === null ? `s=${encodeURIComponent(parts.s)}` : `e=${parts.e}&s=${encodeURIComponent(parts.s)}`;
+  const base = httpBaseUrl.endsWith("/") ? httpBaseUrl.slice(0, -1) : httpBaseUrl;
+  return `${base}/files${encodedPath}?${query}`;
+}
+function verifySignedUrl(secret, absPath, eRaw, s, now = Date.now) {
+  let e;
+  if (eRaw === null || eRaw === void 0 || eRaw === "") {
+    e = null;
+  } else {
+    const parsed = Number.parseInt(eRaw, 10);
+    if (!Number.isFinite(parsed) || parsed < 0) {
+      return { ok: false, code: "MALFORMED" };
+    }
+    e = parsed;
+  }
+  if (!absPath || !s) return { ok: false, code: "MALFORMED" };
+  const expected = computeSig(secret, absPath, e);
+  let provided;
+  try {
+    provided = base64urlDecodeBuf(s);
+  } catch {
+    return { ok: false, code: "MALFORMED" };
+  }
+  if (provided.length !== expected.length) {
+    return { ok: false, code: "BAD_SIG" };
+  }
+  if (!import_node_crypto5.default.timingSafeEqual(provided, expected)) {
+    return { ok: false, code: "BAD_SIG" };
+  }
+  if (e !== null && now() / 1e3 > e) {
+    return { ok: false, code: "EXPIRED" };
+  }
+  return { ok: true, absPath };
+}
+// src/transport/http-router.ts
+function createHttpRouter(deps) {
+  return async (req, res) => {
+    const url = parseUrl(req.url);
+    if (!url) {
+      sendJson(res, 400, { code: "INVALID_URL", message: "malformed request URL" });
+      return true;
+    }
+    if (url.pathname === "/healthz" && req.method === "GET") {
+      sendJson(res, 200, { ok: true, version: deps.daemonVersion });
+      return true;
+    }
+    if (!url.pathname.startsWith("/persona/") && !url.pathname.startsWith("/session/") && !url.pathname.startsWith("/files/")) {
+      return false;
+    }
+    if (url.pathname.startsWith("/files/") && req.method === "GET") {
+      const secret = deps.getSignSecret?.();
+      if (!secret) {
+        sendJson(res, 501, { code: "NOT_IMPLEMENTED", message: "signed URL secret unavailable (noAuth?)" });
+        return true;
+      }
+      const encodedPath = url.pathname.slice("/files".length);
+      let absPath;
+      try {
+        absPath = decodeAbsPathFromUrl(encodedPath);
+      } catch {
+        sendJson(res, 400, { code: "MALFORMED", message: "invalid path encoding" });
+        return true;
+      }
+      const e = url.searchParams.get("e");
+      const s = url.searchParams.get("s") ?? "";
+      const r = verifySignedUrl(secret, absPath, e, s);
+      if (!r.ok) {
+        const statusByCode = {
+          BAD_SIG: 403,
+          EXPIRED: 410,
+          MALFORMED: 400
+        };
+        sendJson(res, statusByCode[r.code], { code: r.code, message: "signed URL invalid" });
+        return true;
+      }
+      streamFile(res, r.absPath, deps.logger);
+      return true;
+    }
+    const ctx = deps.authResolver.resolveFromHeader(
+      req.headers.authorization,
+      req.socket.remoteAddress ?? void 0
+    );
+    if (!ctx) {
+      sendJson(res, 401, { code: "UNAUTHORIZED", message: "missing or invalid bearer token" });
+      return true;
+    }
+    const personaFilesMatch = url.pathname.match(/^\/persona\/([^/]+)\/files$/);
+    if (personaFilesMatch && req.method === "GET") {
+      const pid = personaFilesMatch[1];
+      const pathParam = url.searchParams.get("path");
+      if (!pathParam) {
+        sendJson(res, 400, { code: "INVALID_PARAM", message: "missing `path` query" });
+        return true;
+      }
+      if (!deps.personaStore || !deps.groupFileStore) {
+        sendJson(res, 501, withCtx(ctx, { code: "NOT_IMPLEMENTED", message: "files endpoint not wired" }));
+        return true;
+      }
+      const personaDir = deps.personaStore.personaDirPath(pid);
+      const absPath = import_node_path16.default.isAbsolute(pathParam) ? pathParam : import_node_path16.default.join(personaDir, pathParam);
+      if (!import_node_path16.default.isAbsolute(pathParam) && !isContainedIn(absPath, personaDir)) {
+        sendJson(res, 400, { code: "PATH_TRAVERSAL", message: "rel path escapes personaDir" });
+        return true;
+      }
+      if (ctx.role === "personal") {
+        if (ctx.personaId !== pid) {
+          sendJson(res, 403, { code: "FORBIDDEN", message: "personal token bound to other persona" });
+          return true;
+        }
+        if (!personalViewable(deps.groupFileStore, personaDir, pid, absPath)) {
+          sendJson(res, 403, { code: "FORBIDDEN", message: "path not in personal viewable scope" });
+          return true;
+        }
+      }
+      streamFile(res, absPath, deps.logger);
+      return true;
+    }
+    const sessionFilesMatch = url.pathname.match(/^\/session\/([^/]+)\/files$/);
+    if (sessionFilesMatch && req.method === "GET") {
+      if (ctx.role !== "owner") {
+        sendJson(res, 403, { code: "FORBIDDEN", message: "direct session files are owner-only" });
+        return true;
+      }
+      const sid = sessionFilesMatch[1];
+      const pathParam = url.searchParams.get("path");
+      if (!pathParam) {
+        sendJson(res, 400, { code: "INVALID_PARAM", message: "missing `path` query" });
+        return true;
+      }
+      let absPath;
+      if (import_node_path16.default.isAbsolute(pathParam)) {
+        absPath = pathParam;
+      } else if (deps.sessionStore) {
+        const file = deps.sessionStore.read(sid);
+        if (!file) {
+          sendJson(res, 404, { code: "NOT_FOUND", message: `session ${sid} not found` });
+          return true;
+        }
+        absPath = import_node_path16.default.join(file.cwd, pathParam);
+      } else {
+        sendJson(res, 501, withCtx(ctx, { code: "NOT_IMPLEMENTED", message: "sessionStore not wired" }));
+        return true;
+      }
+      streamFile(res, absPath, deps.logger);
+      return true;
+    }
+    sendJson(res, 404, { code: "NOT_FOUND", message: `no route for ${req.method} ${url.pathname}` });
+    return true;
+  };
+}
+function parseUrl(rawUrl) {
+  if (!rawUrl) return null;
+  try {
+    return new URL(rawUrl, "http://placeholder");
+  } catch {
+    return null;
+  }
+}
+function sendJson(res, status, body) {
+  res.writeHead(status, { "Content-Type": "application/json; charset=utf-8" });
+  res.end(JSON.stringify(body));
+}
+function withCtx(ctx, body) {
+  return { ...body, role: ctx.role, personaId: ctx.personaId };
+}
+function isContainedIn(abs, root) {
+  const normalized = import_node_path16.default.resolve(abs);
+  const normalizedRoot = import_node_path16.default.resolve(root);
+  if (normalized === normalizedRoot) return true;
+  return normalized.startsWith(normalizedRoot + import_node_path16.default.sep);
+}
+function streamFile(res, absPath, logger) {
+  let stat;
+  try {
+    stat = import_node_fs14.default.statSync(absPath);
+  } catch (err) {
+    const code = err?.code;
+    if (code === "ENOENT") {
+      sendJson(res, 404, { code: "NOT_FOUND", message: "file not found" });
+    } else {
+      sendJson(res, 500, { code: "STAT_FAILED", message: err.message });
+    }
+    return;
+  }
+  if (!stat.isFile()) {
+    sendJson(res, 400, { code: "NOT_A_FILE", message: "path is not a regular file" });
+    return;
+  }
+  const mime = lookupMime(absPath);
+  const basename = import_node_path16.default.basename(absPath);
+  res.writeHead(200, {
+    "Content-Type": mime,
+    "Content-Length": String(stat.size),
+    "Content-Disposition": `inline; filename*=UTF-8''${encodeURIComponent(basename)}`,
+    // 防止浏览器把任意 mime 当 html 渲染
+    "X-Content-Type-Options": "nosniff"
+  });
+  const stream = import_node_fs14.default.createReadStream(absPath);
+  stream.on("error", (err) => {
+    logger?.warn("streamFile read error", { absPath, err: err.message });
+    res.destroy();
+  });
+  stream.pipe(res);
+}
+// src/discovery/state-file.ts
+var import_node_fs15 = __toESM(require("fs"), 1);
+var import_node_path17 = __toESM(require("path"), 1);
 function defaultStateFilePath(dataDir) {
-  return import_node_path14.default.join(dataDir, "state.json");
+  return import_node_path17.default.join(dataDir, "state.json");
 }
 function isPidAlive(pid) {
   if (!Number.isFinite(pid) || pid <= 0) return false;
@@ -26068,7 +26837,7 @@ var StateFileManager = class {
   }
   read() {
     try {
-      const raw = import_node_fs13.default.readFileSync(this.file, "utf8");
+      const raw = import_node_fs15.default.readFileSync(this.file, "utf8");
       const parsed = JSON.parse(raw);
       return parsed;
     } catch {
@@ -26082,34 +26851,34 @@ var StateFileManager = class {
     return { status: "stale", existing };
   }
   write(state) {
-    import_node_fs13.default.mkdirSync(import_node_path14.default.dirname(this.file), { recursive: true });
+    import_node_fs15.default.mkdirSync(import_node_path17.default.dirname(this.file), { recursive: true });
     const tmp = `${this.file}.tmp.${process.pid}.${Date.now()}`;
-    import_node_fs13.default.writeFileSync(tmp, JSON.stringify(state, null, 2), { mode: 384 });
-    import_node_fs13.default.renameSync(tmp, this.file);
+    import_node_fs15.default.writeFileSync(tmp, JSON.stringify(state, null, 2), { mode: 384 });
+    import_node_fs15.default.renameSync(tmp, this.file);
     if (process.platform !== "win32") {
       try {
-        import_node_fs13.default.chmodSync(this.file, 384);
+        import_node_fs15.default.chmodSync(this.file, 384);
       } catch {
       }
     }
   }
   delete() {
     try {
-      import_node_fs13.default.unlinkSync(this.file);
+      import_node_fs15.default.unlinkSync(this.file);
     } catch {
     }
   }
 };
 // src/tunnel/tunnel-manager.ts
-var import_node_fs17 = __toESM(require("fs"), 1);
-var import_node_path18 = __toESM(require("path"), 1);
-var import_node_crypto4 = __toESM(require("crypto"), 1);
+var import_node_fs19 = __toESM(require("fs"), 1);
+var import_node_path21 = __toESM(require("path"), 1);
+var import_node_crypto6 = __toESM(require("crypto"), 1);
 var import_node_child_process5 = require("child_process");
 // src/tunnel/tunnel-store.ts
-var import_node_fs14 = __toESM(require("fs"), 1);
-var import_node_path15 = __toESM(require("path"), 1);
+var import_node_fs16 = __toESM(require("fs"), 1);
+var import_node_path18 = __toESM(require("path"), 1);
 var TunnelStore = class {
   constructor(filePath) {
     this.filePath = filePath;
@@ -26117,7 +26886,7 @@ var TunnelStore = class {
   filePath;
   async get() {
     try {
-      const raw = await import_node_fs14.default.promises.readFile(this.filePath, "utf8");
+      const raw = await import_node_fs16.default.promises.readFile(this.filePath, "utf8");
       const obj = JSON.parse(raw);
       if (!isPersistedTunnel(obj)) return null;
       return obj;
@@ -26128,22 +26897,22 @@ var TunnelStore = class {
     }
   }
   async set(v2) {
-    const dir = import_node_path15.default.dirname(this.filePath);
-    await import_node_fs14.default.promises.mkdir(dir, { recursive: true });
+    const dir = import_node_path18.default.dirname(this.filePath);
+    await import_node_fs16.default.promises.mkdir(dir, { recursive: true });
     const data = JSON.stringify(v2, null, 2);
     const tmp = `${this.filePath}.tmp.${process.pid}.${Date.now()}`;
-    await import_node_fs14.default.promises.writeFile(tmp, data, { mode: 384 });
+    await import_node_fs16.default.promises.writeFile(tmp, data, { mode: 384 });
     if (process.platform !== "win32") {
       try {
-        await import_node_fs14.default.promises.chmod(tmp, 384);
+        await import_node_fs16.default.promises.chmod(tmp, 384);
       } catch {
       }
     }
-    await import_node_fs14.default.promises.rename(tmp, this.filePath);
+    await import_node_fs16.default.promises.rename(tmp, this.filePath);
   }
   async clear() {
     try {
-      await import_node_fs14.default.promises.unlink(this.filePath);
+      await import_node_fs16.default.promises.unlink(this.filePath);
     } catch (err) {
       const code = err?.code;
       if (code !== "ENOENT") throw err;
@@ -26238,9 +27007,9 @@ function escape(v2) {
 }
 // src/tunnel/frpc-binary.ts
-var import_node_fs15 = __toESM(require("fs"), 1);
+var import_node_fs17 = __toESM(require("fs"), 1);
 var import_node_os9 = __toESM(require("os"), 1);
-var import_node_path16 = __toESM(require("path"), 1);
+var import_node_path19 = __toESM(require("path"), 1);
 var import_node_child_process3 = require("child_process");
 var import_node_stream2 = require("stream");
 var import_promises = require("stream/promises");
@@ -26272,20 +27041,20 @@ function frpcDownloadUrl(version2, p2) {
 }
 async function ensureFrpcBinary(opts) {
   if (opts.override) {
-    if (!import_node_fs15.default.existsSync(opts.override)) {
+    if (!import_node_fs17.default.existsSync(opts.override)) {
       throw new Error(`frpc binary not found at override path: ${opts.override}`);
     }
     return opts.override;
   }
   const version2 = opts.version ?? FRPC_VERSION;
   const platform = opts.platform ?? detectPlatform();
-  const binDir = import_node_path16.default.join(opts.dataDir, "bin");
-  import_node_fs15.default.mkdirSync(binDir, { recursive: true });
+  const binDir = import_node_path19.default.join(opts.dataDir, "bin");
+  import_node_fs17.default.mkdirSync(binDir, { recursive: true });
   cleanupStaleArtifacts(binDir);
-  const stableBin = import_node_path16.default.join(binDir, "frpc");
-  if (import_node_fs15.default.existsSync(stableBin)) return stableBin;
+  const stableBin = import_node_path19.default.join(binDir, "frpc");
+  if (import_node_fs17.default.existsSync(stableBin)) return stableBin;
   const partialBin = `${stableBin}.partial`;
-  const tarballPath = import_node_path16.default.join(binDir, `frp_${version2}_${platform.os}_${platform.arch}.tar.gz.partial`);
+  const tarballPath = import_node_path19.default.join(binDir, `frp_${version2}_${platform.os}_${platform.arch}.tar.gz.partial`);
   try {
     const url = frpcDownloadUrl(version2, platform);
     await downloadToFile(url, tarballPath, opts.fetchImpl);
@@ -26294,8 +27063,8 @@ async function ensureFrpcBinary(opts) {
     } else {
       await extractFrpcFromTarball(tarballPath, binDir, version2, platform, partialBin);
     }
-    import_node_fs15.default.chmodSync(partialBin, 493);
-    import_node_fs15.default.renameSync(partialBin, stableBin);
+    import_node_fs17.default.chmodSync(partialBin, 493);
+    import_node_fs17.default.renameSync(partialBin, stableBin);
   } finally {
     safeUnlink(tarballPath);
     safeUnlink(partialBin);
@@ -26305,15 +27074,15 @@ async function ensureFrpcBinary(opts) {
 function cleanupStaleArtifacts(binDir) {
   let entries;
   try {
-    entries = import_node_fs15.default.readdirSync(binDir);
+    entries = import_node_fs17.default.readdirSync(binDir);
   } catch {
     return;
   }
   for (const name of entries) {
     if (name.endsWith(".partial") || name.startsWith("extract-")) {
-      const full = import_node_path16.default.join(binDir, name);
+      const full = import_node_path19.default.join(binDir, name);
       try {
-        import_node_fs15.default.rmSync(full, { recursive: true, force: true });
+        import_node_fs17.default.rmSync(full, { recursive: true, force: true });
       } catch {
       }
     }
@@ -26321,7 +27090,7 @@ function cleanupStaleArtifacts(binDir) {
 }
 function safeUnlink(p2) {
   try {
-    import_node_fs15.default.unlinkSync(p2);
+    import_node_fs17.default.unlinkSync(p2);
   } catch {
   }
 }
@@ -26332,13 +27101,13 @@ async function downloadToFile(url, dest, fetchImpl) {
   if (!res.ok || !res.body) {
     throw new Error(`download failed: ${res.status} ${res.statusText}`);
   }
-  const out = import_node_fs15.default.createWriteStream(dest);
+  const out = import_node_fs17.default.createWriteStream(dest);
   const nodeStream = import_node_stream2.Readable.fromWeb(res.body);
   await (0, import_promises.pipeline)(nodeStream, out);
 }
 async function extractFrpcFromTarball(tarball, binDir, version2, platform, destBin) {
-  const work = import_node_path16.default.join(binDir, `extract-${process.pid}-${Date.now()}`);
-  import_node_fs15.default.mkdirSync(work, { recursive: true });
+  const work = import_node_path19.default.join(binDir, `extract-${process.pid}-${Date.now()}`);
+  import_node_fs17.default.mkdirSync(work, { recursive: true });
   try {
     await new Promise((resolve2, reject) => {
       const proc = (0, import_node_child_process3.spawn)("tar", ["xzf", tarball, "-C", work], { stdio: "pipe" });
@@ -26346,32 +27115,32 @@ async function extractFrpcFromTarball(tarball, binDir, version2, platform, destB
       proc.on("exit", (code) => code === 0 ? resolve2() : reject(new Error(`tar exited ${code}`)));
     });
     const dirName = `frp_${version2}_${platform.os}_${platform.arch}`;
-    const src = import_node_path16.default.join(work, dirName, "frpc");
-    if (!import_node_fs15.default.existsSync(src)) {
+    const src = import_node_path19.default.join(work, dirName, "frpc");
+    if (!import_node_fs17.default.existsSync(src)) {
       throw new Error(`frpc not found inside tarball at ${src}`);
     }
-    import_node_fs15.default.copyFileSync(src, destBin);
+    import_node_fs17.default.copyFileSync(src, destBin);
   } finally {
-    import_node_fs15.default.rmSync(work, { recursive: true, force: true });
+    import_node_fs17.default.rmSync(work, { recursive: true, force: true });
   }
 }
 // src/tunnel/frpc-process.ts
-var import_node_fs16 = __toESM(require("fs"), 1);
-var import_node_path17 = __toESM(require("path"), 1);
+var import_node_fs18 = __toESM(require("fs"), 1);
+var import_node_path20 = __toESM(require("path"), 1);
 var import_node_child_process4 = require("child_process");
 function frpcPidFilePath(dataDir) {
-  return import_node_path17.default.join(dataDir, "frpc.pid");
+  return import_node_path20.default.join(dataDir, "frpc.pid");
 }
 function writeFrpcPid(dataDir, pid) {
   try {
-    import_node_fs16.default.writeFileSync(frpcPidFilePath(dataDir), String(pid), { mode: 384 });
+    import_node_fs18.default.writeFileSync(frpcPidFilePath(dataDir), String(pid), { mode: 384 });
   } catch {
   }
 }
 function clearFrpcPid(dataDir) {
   try {
-    import_node_fs16.default.unlinkSync(frpcPidFilePath(dataDir));
+    import_node_fs18.default.unlinkSync(frpcPidFilePath(dataDir));
   } catch {
   }
 }
@@ -26387,7 +27156,7 @@ function defaultIsPidAlive(pid) {
 }
 function defaultReadPidFile(file) {
   try {
-    return import_node_fs16.default.readFileSync(file, "utf8");
+    return import_node_fs18.default.readFileSync(file, "utf8");
   } catch {
     return null;
   }
@@ -26403,7 +27172,7 @@ function defaultSleep(ms) {
 }
 async function killStaleFrpc(deps) {
   const pidFile = frpcPidFilePath(deps.dataDir);
-  const tomlPath = import_node_path17.default.join(deps.dataDir, "frpc.toml");
+  const tomlPath = import_node_path20.default.join(deps.dataDir, "frpc.toml");
   const readPidFile = deps.readPidFileImpl ?? defaultReadPidFile;
   const isAlive = deps.isPidAliveImpl ?? defaultIsPidAlive;
   const killPid = deps.killPidImpl ?? defaultKillPid;
@@ -26427,7 +27196,7 @@ async function killStaleFrpc(deps) {
   }
   if (victims.size === 0) {
     try {
-      import_node_fs16.default.unlinkSync(pidFile);
+      import_node_fs18.default.unlinkSync(pidFile);
     } catch {
     }
     return;
@@ -26438,7 +27207,7 @@ async function killStaleFrpc(deps) {
   }
   await sleep(deps.reapWaitMs ?? 300);
   try {
-    import_node_fs16.default.unlinkSync(pidFile);
+    import_node_fs18.default.unlinkSync(pidFile);
   } catch {
   }
 }
@@ -26475,7 +27244,7 @@ var DEFAULT_TUNNEL_TTL_MS = 7 * 24 * 60 * 60 * 1e3;
 var TunnelManager = class {
   constructor(deps) {
     this.deps = deps;
-    this.store = deps.store ?? new TunnelStore(import_node_path18.default.join(deps.dataDir, "tunnel.json"));
+    this.store = deps.store ?? new TunnelStore(import_node_path21.default.join(deps.dataDir, "tunnel.json"));
     this.ttlMs = deps.ttlMs ?? DEFAULT_TUNNEL_TTL_MS;
     this.startupTimeoutMs = deps.startupTimeoutMs ?? 15e3;
   }
@@ -26602,8 +27371,8 @@ var TunnelManager = class {
         dataDir: this.deps.dataDir,
         override: this.deps.frpcBinaryOverride ?? void 0
       });
-      const tomlPath = import_node_path18.default.join(this.deps.dataDir, "frpc.toml");
-      const proxyName = `clawd-${t.subdomain}-${localPort}-${import_node_crypto4.default.randomBytes(3).toString("hex")}`;
+      const tomlPath = import_node_path21.default.join(this.deps.dataDir, "frpc.toml");
+      const proxyName = `clawd-${t.subdomain}-${localPort}-${import_node_crypto6.default.randomBytes(3).toString("hex")}`;
       const toml = buildFrpcToml({
         serverAddr: t.frpsHost,
         serverPort: t.frpsPort,
@@ -26613,12 +27382,12 @@ var TunnelManager = class {
         localPort,
         logLevel: "info"
       });
-      await import_node_fs17.default.promises.writeFile(tomlPath, toml, { mode: 384 });
+      await import_node_fs19.default.promises.writeFile(tomlPath, toml, { mode: 384 });
       const proc = (this.deps.spawnImpl ?? import_node_child_process5.spawn)(frpcBin, ["-c", tomlPath], {
         stdio: ["ignore", "pipe", "pipe"]
       });
-      const logFilePath = import_node_path18.default.join(this.deps.dataDir, "frpc.log");
-      const logStream = import_node_fs17.default.createWriteStream(logFilePath, { flags: "a", mode: 384 });
+      const logFilePath = import_node_path21.default.join(this.deps.dataDir, "frpc.log");
+      const logStream = import_node_fs19.default.createWriteStream(logFilePath, { flags: "a", mode: 384 });
       logStream.on("error", () => {
       });
       const tee = (chunk) => {
@@ -26701,22 +27470,22 @@ async function waitForFrpcReady(proc, timeoutMs) {
 // src/tunnel/device-key.ts
 var import_node_os10 = __toESM(require("os"), 1);
-var import_node_crypto5 = __toESM(require("crypto"), 1);
+var import_node_crypto7 = __toESM(require("crypto"), 1);
 var DERIVE_SALT = "clawd-tunnel-device-v1";
 function deriveStableDeviceKey(opts = {}) {
   const hostname = opts.hostname ?? import_node_os10.default.hostname();
   const uid = opts.uid ?? (typeof import_node_os10.default.userInfo === "function" ? import_node_os10.default.userInfo().uid : 0);
   const input = `${hostname}::${uid}`;
-  return import_node_crypto5.default.createHmac("sha256", DERIVE_SALT).update(input).digest("hex").slice(0, 32);
+  return import_node_crypto7.default.createHmac("sha256", DERIVE_SALT).update(input).digest("hex").slice(0, 32);
 }
 // src/auth-store.ts
-var import_node_fs18 = __toESM(require("fs"), 1);
-var import_node_path19 = __toESM(require("path"), 1);
-var import_node_crypto6 = __toESM(require("crypto"), 1);
+var import_node_fs20 = __toESM(require("fs"), 1);
+var import_node_path22 = __toESM(require("path"), 1);
+var import_node_crypto8 = __toESM(require("crypto"), 1);
 var AUTH_FILE_NAME = "auth.json";
 function authFilePath(dataDir) {
-  return import_node_path19.default.join(dataDir, AUTH_FILE_NAME);
+  return import_node_path22.default.join(dataDir, AUTH_FILE_NAME);
 }
 function loadOrCreateAuthToken(opts) {
   const file = authFilePath(opts.dataDir);
@@ -26728,11 +27497,11 @@ function loadOrCreateAuthToken(opts) {
   return token;
 }
 function defaultGenerate() {
-  return import_node_crypto6.default.randomBytes(32).toString("base64url");
+  return import_node_crypto8.default.randomBytes(32).toString("base64url");
 }
 function readAuthFile(file) {
   try {
-    const raw = import_node_fs18.default.readFileSync(file, "utf8");
+    const raw = import_node_fs20.default.readFileSync(file, "utf8");
     const parsed = JSON.parse(raw);
     if (typeof parsed?.token === "string" && parsed.token.length > 0) {
       return {
@@ -26748,25 +27517,25 @@ function readAuthFile(file) {
   }
 }
 function writeAuthFile(file, content) {
-  import_node_fs18.default.mkdirSync(import_node_path19.default.dirname(file), { recursive: true });
-  import_node_fs18.default.writeFileSync(file, JSON.stringify(content, null, 2), { mode: 384 });
+  import_node_fs20.default.mkdirSync(import_node_path22.default.dirname(file), { recursive: true });
+  import_node_fs20.default.writeFileSync(file, JSON.stringify(content, null, 2), { mode: 384 });
   try {
-    import_node_fs18.default.chmodSync(file, 384);
+    import_node_fs20.default.chmodSync(file, 384);
   } catch {
   }
 }
 // src/owner-profile.ts
-var import_node_fs19 = __toESM(require("fs"), 1);
+var import_node_fs21 = __toESM(require("fs"), 1);
 var import_node_os11 = __toESM(require("os"), 1);
-var import_node_path20 = __toESM(require("path"), 1);
+var import_node_path23 = __toESM(require("path"), 1);
 var PROFILE_FILENAME = "profile.json";
 function loadOwnerDisplayName(dataDir) {
   const fallback = import_node_os11.default.userInfo().username;
-  const profilePath = import_node_path20.default.join(dataDir, PROFILE_FILENAME);
+  const profilePath = import_node_path23.default.join(dataDir, PROFILE_FILENAME);
   let raw;
   try {
-    raw = import_node_fs19.default.readFileSync(profilePath, "utf8");
+    raw = import_node_fs21.default.readFileSync(profilePath, "utf8");
   } catch {
     return fallback;
   }
@@ -26795,12 +27564,12 @@ init_protocol();
 init_protocol();
 // src/session/fork.ts
-var import_node_fs20 = __toESM(require("fs"), 1);
+var import_node_fs22 = __toESM(require("fs"), 1);
 var import_node_os12 = __toESM(require("os"), 1);
-var import_node_path21 = __toESM(require("path"), 1);
+var import_node_path24 = __toESM(require("path"), 1);
 init_claude_history();
 function readJsonlEntries(file) {
-  const raw = import_node_fs20.default.readFileSync(file, "utf8");
+  const raw = import_node_fs22.default.readFileSync(file, "utf8");
   const out = [];
   for (const line of raw.split("\n")) {
     const t = line.trim();
@@ -26813,10 +27582,10 @@ function readJsonlEntries(file) {
   return out;
 }
 function forkSession(input) {
-  const baseDir = input.baseDir ?? import_node_path21.default.join(import_node_os12.default.homedir(), ".claude");
-  const projectDir = import_node_path21.default.join(baseDir, "projects", cwdToHashDir(input.cwd));
-  const sourceFile = import_node_path21.default.join(projectDir, `${input.toolSessionId}.jsonl`);
-  if (!import_node_fs20.default.existsSync(sourceFile)) {
+  const baseDir = input.baseDir ?? import_node_path24.default.join(import_node_os12.default.homedir(), ".claude");
+  const projectDir = import_node_path24.default.join(baseDir, "projects", cwdToHashDir(input.cwd));
+  const sourceFile = import_node_path24.default.join(projectDir, `${input.toolSessionId}.jsonl`);
+  if (!import_node_fs22.default.existsSync(sourceFile)) {
     throw new Error(`fork: source transcript not found: ${sourceFile}`);
   }
   const entries = readJsonlEntries(sourceFile);
@@ -26846,9 +27615,9 @@ function forkSession(input) {
     }
     forkedLines.push(JSON.stringify(forked));
   }
-  const forkedFilePath = import_node_path21.default.join(projectDir, `${forkedToolSessionId}.jsonl`);
-  import_node_fs20.default.mkdirSync(projectDir, { recursive: true });
-  import_node_fs20.default.writeFileSync(forkedFilePath, forkedLines.join("\n") + "\n", { mode: 384 });
+  const forkedFilePath = import_node_path24.default.join(projectDir, `${forkedToolSessionId}.jsonl`);
+  import_node_fs22.default.mkdirSync(projectDir, { recursive: true });
+  import_node_fs22.default.writeFileSync(forkedFilePath, forkedLines.join("\n") + "\n", { mode: 384 });
   return { forkedToolSessionId, forkedFilePath };
 }
@@ -27169,9 +27938,9 @@ init_protocol();
 // src/workspace/git.ts
 var import_node_child_process6 = require("child_process");
-var import_node_fs21 = __toESM(require("fs"), 1);
+var import_node_fs23 = __toESM(require("fs"), 1);
 var import_node_os13 = __toESM(require("os"), 1);
-var import_node_path22 = __toESM(require("path"), 1);
+var import_node_path25 = __toESM(require("path"), 1);
 var import_node_util = require("util");
 var pexec = (0, import_node_util.promisify)(import_node_child_process6.execFile);
 function formatChildProcessError(err) {
@@ -27186,9 +27955,9 @@ function formatChildProcessError(err) {
   return e.message ?? "unknown error";
 }
 function normalizePath(p2) {
-  const resolved = import_node_path22.default.resolve(p2);
+  const resolved = import_node_path25.default.resolve(p2);
   try {
-    return import_node_fs21.default.realpathSync(resolved);
+    return import_node_fs23.default.realpathSync(resolved);
   } catch {
     return resolved;
   }
@@ -27289,13 +28058,13 @@ function flattenToDirName(branch) {
 }
 function encodeClaudeProjectDir(absPath) {
   if (!absPath || typeof absPath !== "string") return "";
-  let canonical = import_node_path22.default.resolve(absPath);
+  let canonical = import_node_path25.default.resolve(absPath);
   try {
-    canonical = import_node_fs21.default.realpathSync(canonical);
+    canonical = import_node_fs23.default.realpathSync(canonical);
   } catch {
     try {
-      const parent = import_node_fs21.default.realpathSync(import_node_path22.default.dirname(canonical));
-      canonical = import_node_path22.default.join(parent, import_node_path22.default.basename(canonical));
+      const parent = import_node_fs23.default.realpathSync(import_node_path25.default.dirname(canonical));
+      canonical = import_node_path25.default.join(parent, import_node_path25.default.basename(canonical));
     } catch {
     }
   }
@@ -27319,11 +28088,11 @@ async function createWorktree(input) {
   if (!isGitRoot) {
     throw new Error(`\u76EE\u5F55 ${cwd} \u4E0D\u662F git repo \u6839`);
   }
-  const parent = import_node_path22.default.dirname(import_node_path22.default.resolve(cwd));
-  if (parent === "/" || parent === import_node_path22.default.resolve(cwd)) {
+  const parent = import_node_path25.default.dirname(import_node_path25.default.resolve(cwd));
+  if (parent === "/" || parent === import_node_path25.default.resolve(cwd)) {
     throw new Error("repo \u5728\u78C1\u76D8\u6839\u76EE\u5F55\uFF0C\u65E0\u6CD5\u5728\u540C\u7EA7\u521B\u5EFA worktree");
   }
-  const worktreeRoot = import_node_path22.default.join(parent, dirName);
+  const worktreeRoot = import_node_path25.default.join(parent, dirName);
   try {
     await pexec("git", ["-C", cwd, "fetch", "origin", baseBranch, "--no-tags"], {
       timeout: 3e4
@@ -27342,7 +28111,7 @@ async function createWorktree(input) {
     const msg = err.message;
     if (msg.startsWith("\u5206\u652F ")) throw err;
   }
-  if (import_node_fs21.default.existsSync(worktreeRoot)) {
+  if (import_node_fs23.default.existsSync(worktreeRoot)) {
     throw new Error(`\u76EE\u5F55 ${worktreeRoot} \u5DF2\u5B58\u5728\uFF0C\u8BF7\u6362\u4E00\u4E2A label \u6216\u6E05\u7406\u540E\u91CD\u8BD5`);
   }
   try {
@@ -27370,8 +28139,8 @@ async function removeWorktree(input) {
     );
     const gitCommonDir = stdout.trim();
     if (!gitCommonDir) throw new Error("empty git-common-dir");
-    const absGitCommon = import_node_path22.default.isAbsolute(gitCommonDir) ? gitCommonDir : import_node_path22.default.resolve(worktreeRoot, gitCommonDir);
-    repoRoot = import_node_path22.default.dirname(absGitCommon);
+    const absGitCommon = import_node_path25.default.isAbsolute(gitCommonDir) ? gitCommonDir : import_node_path25.default.resolve(worktreeRoot, gitCommonDir);
+    repoRoot = import_node_path25.default.dirname(absGitCommon);
   } catch {
     repoRoot = null;
   }
@@ -27383,7 +28152,7 @@ async function removeWorktree(input) {
     } catch (err) {
       const stderr = err.stderr ?? "";
       const lower = stderr.toLowerCase();
-      const vanished = lower.includes("not a working tree") || lower.includes("is not a working tree") || !import_node_fs21.default.existsSync(worktreeRoot);
+      const vanished = lower.includes("not a working tree") || lower.includes("is not a working tree") || !import_node_fs23.default.existsSync(worktreeRoot);
       if (!vanished) {
         throw new Error(`\u6E05\u7406 worktree \u5931\u8D25\uFF1A${formatChildProcessError(err)}`);
       }
@@ -27402,10 +28171,10 @@ async function removeWorktree(input) {
   try {
     const encoded = encodeClaudeProjectDir(worktreeRoot);
     if (encoded) {
-      const projectsRoot = import_node_path22.default.join(import_node_os13.default.homedir(), ".claude", "projects");
-      const target = import_node_path22.default.resolve(projectsRoot, encoded);
-      if (target.startsWith(projectsRoot + import_node_path22.default.sep) && target !== projectsRoot) {
-        import_node_fs21.default.rmSync(target, { recursive: true, force: true });
+      const projectsRoot = import_node_path25.default.join(import_node_os13.default.homedir(), ".claude", "projects");
+      const target = import_node_path25.default.resolve(projectsRoot, encoded);
+      if (target.startsWith(projectsRoot + import_node_path25.default.sep) && target !== projectsRoot) {
+        import_node_fs23.default.rmSync(target, { recursive: true, force: true });
       }
     }
   } catch {
@@ -27484,7 +28253,7 @@ init_protocol();
 var version = "0.2.6".length > 0 ? "0.2.6" : "dev";
 // src/handlers/meta.ts
-function buildReadyFrame(deps) {
+function buildReadyFrame(deps, client) {
   const info = deps.manager.info();
   const tools = [];
   for (const id of listRegistered()) {
@@ -27496,6 +28265,14 @@ function buildReadyFrame(deps) {
     }
   }
   const tunnelUrl = deps.getTunnelUrl ? deps.getTunnelUrl() : null;
+  const fileSharing = {};
+  const httpBaseUrl = deps.getHttpBaseUrl ? deps.getHttpBaseUrl() : null;
+  if (httpBaseUrl) {
+    fileSharing.tokenRole = "owner";
+    fileSharing.isLoopback = isLoopbackAddr(client?.remoteAddress);
+    fileSharing.httpBaseUrl = httpBaseUrl;
+    if (deps.httpToken) fileSharing.httpToken = deps.httpToken;
+  }
   return {
     version,
     protocolVersion: PROTOCOL_VERSION,
@@ -27504,7 +28281,8 @@ function buildReadyFrame(deps) {
     tools,
     runningSessions: info.runningSessions,
     tunnelUrl,
-    mode: deps.mode
+    mode: deps.mode,
+    ...fileSharing
   };
 }
 function buildMetaHandlers(deps) {
@@ -27615,6 +28393,119 @@ function buildPersonaHandlers(deps) {
   };
 }
+// src/handlers/attachment.ts
+init_protocol();
+init_protocol();
+var DEFAULT_TTL_SECONDS = 24 * 3600;
+function buildAttachmentHandlers(deps) {
+  const signUrl = async (frame) => {
+    const parsed = AttachmentSignUrlArgs.safeParse(frame);
+    if (!parsed.success) {
+      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, parsed.error.message);
+    }
+    const args = parsed.data;
+    const secret = deps.getSignSecret();
+    if (!secret) {
+      throw new ClawdError(
+        ERROR_CODES.METHOD_NOT_IMPLEMENTED,
+        "signUrl requires an owner token (daemon noAuth mode disables share URLs)"
+      );
+    }
+    const httpBaseUrl = deps.getHttpBaseUrl();
+    if (!httpBaseUrl) {
+      throw new ClawdError(
+        ERROR_CODES.METHOD_NOT_IMPLEMENTED,
+        "httpBaseUrl unavailable (daemon HTTP not ready)"
+      );
+    }
+    const ttl = args.ttlSeconds === null ? null : args.ttlSeconds ?? DEFAULT_TTL_SECONDS;
+    const parts = signUrlParts(secret, args.absPath, ttl);
+    const url = buildSignedFileUrl(httpBaseUrl, parts);
+    return {
+      response: {
+        type: "attachment.signUrl",
+        url,
+        expiresAt: parts.e === null ? null : parts.e * 1e3
+      }
+    };
+  };
+  const groupAdd = async (frame) => {
+    if (!deps.groupFileStore || !deps.getSessionScope) {
+      throw new ClawdError(ERROR_CODES.METHOD_NOT_IMPLEMENTED, "groupFileStore not wired");
+    }
+    const parsed = AttachmentGroupAddArgs.safeParse(frame);
+    if (!parsed.success) {
+      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, parsed.error.message);
+    }
+    const args = parsed.data;
+    const scope = deps.getSessionScope(args.sessionId);
+    if (!scope) {
+      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, `session ${args.sessionId} not found`);
+    }
+    const size = 0;
+    const entry = deps.groupFileStore.upsert(scope, args.sessionId, {
+      relPath: args.relPath,
+      from: "owner",
+      label: args.label,
+      size,
+      mime: lookupMime(args.relPath)
+    });
+    return { response: { type: "attachment.groupAdd", entry } };
+  };
+  const groupRemove = async (frame) => {
+    if (!deps.groupFileStore || !deps.getSessionScope) {
+      throw new ClawdError(ERROR_CODES.METHOD_NOT_IMPLEMENTED, "groupFileStore not wired");
+    }
+    const parsed = AttachmentGroupRemoveArgs.safeParse(frame);
+    if (!parsed.success) {
+      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, parsed.error.message);
+    }
+    const scope = deps.getSessionScope(parsed.data.sessionId);
+    if (!scope) {
+      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, "session not found");
+    }
+    const entries = deps.groupFileStore.list(scope, parsed.data.sessionId);
+    const target = entries.find((e) => e.relPath === parsed.data.relPath);
+    if (target?.from === "owner") {
+      deps.groupFileStore.remove(scope, parsed.data.sessionId, parsed.data.relPath);
+    } else {
+      deps.groupFileStore.markStale(scope, parsed.data.sessionId, parsed.data.relPath);
+    }
+    return { response: { type: "attachment.groupRemove", removed: true } };
+  };
+  const groupList = async (frame) => {
+    if (!deps.groupFileStore || !deps.getSessionScope) {
+      throw new ClawdError(ERROR_CODES.METHOD_NOT_IMPLEMENTED, "groupFileStore not wired");
+    }
+    const parsed = AttachmentGroupListArgs.safeParse(frame);
+    if (!parsed.success) {
+      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, parsed.error.message);
+    }
+    const scope = deps.getSessionScope(parsed.data.sessionId);
+    if (!scope) return { response: { type: "attachment.groupList", entries: [] } };
+    const entries = deps.groupFileStore.list(scope, parsed.data.sessionId);
+    return { response: { type: "attachment.groupList", entries } };
+  };
+  const groupListPersona = async (frame) => {
+    if (!deps.groupFileStore) {
+      throw new ClawdError(ERROR_CODES.METHOD_NOT_IMPLEMENTED, "groupFileStore not wired");
+    }
+    const parsed = AttachmentGroupListPersonaArgs.safeParse(frame);
+    if (!parsed.success) {
+      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, parsed.error.message);
+    }
+    const perSession = deps.groupFileStore.listByPersona(parsed.data.personaId);
+    return { response: { type: "attachment.groupListPersona", perSession } };
+  };
+  return {
+    "attachment.signUrl": signUrl,
+    "attachment.groupAdd": groupAdd,
+    "attachment.groupRemove": groupRemove,
+    "attachment.groupList": groupList,
+    "attachment.groupListPersona": groupListPersona
+  };
+}
 // src/handlers/index.ts
 function buildMethodHandlers(deps) {
   return {
@@ -27630,7 +28521,8 @@ function buildMethodHandlers(deps) {
       personaRegistry: deps.personaRegistry,
       sessionManager: deps.manager,
       personaBoundHandler: deps.personaBoundHandler
-    })
+    }),
+    ...deps.attachment ? buildAttachmentHandlers(deps.attachment) : {}
   };
 }
@@ -27638,7 +28530,7 @@ function buildMethodHandlers(deps) {
 async function startDaemon(config) {
   const logger = createLogger({
     level: config.logLevel,
-    file: import_node_path23.default.join(config.dataDir, "clawd.log")
+    file: import_node_path26.default.join(config.dataDir, "clawd.log")
   });
   logger.info("starting clawd", { version, config: { port: config.port, host: config.host, dataDir: config.dataDir } });
   const stateMgr = new StateFileManager({ dataDir: config.dataDir });
@@ -27670,7 +28562,7 @@ async function startDaemon(config) {
   const agents = new AgentsScanner();
   const history = new ClaudeHistoryReader();
   let transport = null;
-  const personaStore = new PersonaStore(import_node_path23.default.join(config.dataDir, "personas"));
+  const personaStore = new PersonaStore(import_node_path26.default.join(config.dataDir, "personas"));
   const defaultsRoot = findDefaultsRoot();
   if (defaultsRoot) {
     seedDefaultPersonas({ store: personaStore, defaultsRoot, logger });
@@ -27678,13 +28570,14 @@ async function startDaemon(config) {
     logger.warn("persona.seed.skip", { reason: "defaults-root-not-found" });
   }
   const ownerDisplayName = loadOwnerDisplayName(config.dataDir);
+  const groupFileStore = new GroupFileStore({ dataDir: config.dataDir, logger });
   const manager = new SessionManager({
     store,
     logger,
     getAdapter,
     historyReader: history,
     dataDir: config.dataDir,
-    personaRoot: import_node_path23.default.join(config.dataDir, "personas"),
+    personaRoot: import_node_path26.default.join(config.dataDir, "personas"),
     personaStore,
     ownerDisplayName,
     mode: config.mode,
@@ -27701,6 +28594,38 @@ async function startDaemon(config) {
         return;
       }
       transport?.broadcastToSession(sid, frame);
+    },
+    // file-sharing (spec §6 PR 3)：runner 检测到成功 file-edit tool_result 时，
+    // 闭包 stat + mime 写入群清单。stat 失败不阻塞主流程（log warn + 跳过本条），
+    // 文件可能 agent 写完又被自己删（罕见），用 size=0 / fallback mime 兜底。
+    attachmentGroup: {
+      onFileEdit: (input) => {
+        const absPath = import_node_path26.default.isAbsolute(input.relPath) ? input.relPath : import_node_path26.default.join(input.cwd, input.relPath);
+        let size = 0;
+        try {
+          size = import_node_fs24.default.statSync(absPath).size;
+        } catch (err) {
+          logger.warn("attachment.onFileEdit stat failed", {
+            sessionId: input.sessionId,
+            absPath,
+            err: err.message
+          });
+        }
+        try {
+          groupFileStore.upsert(input.scope, input.sessionId, {
+            relPath: input.relPath,
+            from: "agent",
+            size,
+            mime: lookupMime(input.relPath)
+          });
+        } catch (err) {
+          logger.warn("attachment.onFileEdit upsert failed", {
+            sessionId: input.sessionId,
+            relPath: input.relPath,
+            err: err.message
+          });
+        }
+      }
     }
   });
   const observer = new SessionObserver({
@@ -27746,6 +28671,12 @@ async function startDaemon(config) {
     sessionManager: manager
   });
   let currentTunnelUrl = null;
+  const getHttpBaseUrl = () => {
+    if (currentTunnelUrl) {
+      return currentTunnelUrl.replace(/^wss:/i, "https:").replace(/^ws:/i, "http:");
+    }
+    return `http://${config.host}:${config.port}`;
+  };
   const personaBoundHandler = new PersonaBoundHandler({
     registry: personaRegistry,
     personaManager,
@@ -27771,22 +28702,68 @@ async function startDaemon(config) {
     getTunnelUrl: () => currentTunnelUrl,
     // ready / info 帧的 mode = daemon CC spawn 模式（'sdk' | 'tui'）。UI 据此挂 XtermPanel +
     // 订阅 session:pty / session:control；业务帧名两种 mode 完全一致，UI 业务订阅代码不变
-    mode: config.mode
+    mode: config.mode,
+    // file-sharing (spec §8)：ready / info 帧把 httpBaseUrl + httpToken 下发给 UI。
+    // PR 2 阶段 httpToken 复用 owner WS token；noAuth 模式下为 null（UI 看到无 httpToken
+    // 时禁用文件 GET/POST，保持 1.0 行为兼容）。
+    getHttpBaseUrl,
+    httpToken: resolvedAuthToken,
+    // file-sharing attachment.* RPC。signUrl 用 owner token 做 HMAC secret；group RPC
+    // 根据 sessionId 反查 scope 写盘。
+    attachment: {
+      groupFileStore,
+      getHttpBaseUrl,
+      // HMAC sign secret：复用 ~/.clawd/auth.json owner token（持久跨重启）。
+      // noAuth 模式 resolvedAuthToken 为 null → handler 自己返 NOT_IMPLEMENTED。
+      getSignSecret: () => resolvedAuthToken ?? "",
+      // group RPC：根据 sessionId 反查 scope；owner-mode persona session 走
+      // 'persona/<pid>/owner'，default 走 'default'。
+      getSessionScope: (sessionId) => {
+        const file = store.read(sessionId);
+        if (!file) return null;
+        if (file.ownerPersonaId) {
+          return { kind: "persona", personaId: file.ownerPersonaId, mode: "owner" };
+        }
+        return { kind: "default" };
+      }
+    }
+  });
+  const authResolver = new AuthContextResolver({
+    ownerToken: resolvedAuthToken,
+    personaRegistry
+  });
+  const httpRouter = createHttpRouter({
+    authResolver,
+    daemonVersion: version,
+    logger,
+    personaStore,
+    groupFileStore,
+    sessionStore: store,
+    // /files HMAC verify 用同一份 owner token 做 secret（与 attachment.signUrl 同源）
+    getSignSecret: () => resolvedAuthToken ?? null
   });
   wsServer = new LocalWsServer({
     host: config.host,
     port: config.port,
     logger,
-    readyFrameBuilder: () => buildReadyFrame({
-      manager,
-      getAdapter,
-      getTunnelUrl: () => currentTunnelUrl,
-      // ready 帧 mode = daemon CC spawn 模式（'sdk' | 'tui'）；UI 用它挂 XtermPanel
-      mode: config.mode
-    }),
+    readyFrameBuilder: (ctx) => buildReadyFrame(
+      {
+        manager,
+        getAdapter,
+        getTunnelUrl: () => currentTunnelUrl,
+        // ready 帧 mode = daemon CC spawn 模式（'sdk' | 'tui'）；UI 用它挂 XtermPanel
+        mode: config.mode,
+        // file-sharing 字段：httpBaseUrl 跟 tunnel 状态走；httpToken 复用 owner WS token
+        getHttpBaseUrl,
+        httpToken: resolvedAuthToken
+      },
+      ctx
+    ),
     protocolVersion: PROTOCOL_VERSION,
     authGate: authGate ?? void 0,
     personaBoundHandler,
+    // file-sharing HTTP 路由复用 daemon 同端口（spec §5 第 3 条）；router 自己处理 auth + 404
+    httpRequestHandler: httpRouter,
     // 订阅成功后给该 client 重放 in-flight pendingQuestions（plan: clawd-question-server-truth）。
     // daemon 是 pendingQuestions 的唯一 source of truth；新 client 接入 / 刷新页面时
     // 把当前所有未决 question 以 session:question 帧定向回放，让 UI 不再误显示 Ended。
@@ -27902,8 +28879,8 @@ async function startDaemon(config) {
       const lines = [
         `Tunnel:      ${r.url}`,
         ...resolvedAuthToken ? [`Connect:     ${connectUrl}`] : [],
-        `Frpc config: ${import_node_path23.default.join(config.dataDir, "frpc.toml")}`,
-        `Frpc log:    ${import_node_path23.default.join(config.dataDir, "frpc.log")}`
+        `Frpc config: ${import_node_path26.default.join(config.dataDir, "frpc.toml")}`,
+        `Frpc log:    ${import_node_path26.default.join(config.dataDir, "frpc.log")}`
       ];
       const width = Math.max(...lines.map((l) => l.length));
       const bar = "\u2550".repeat(width + 4);
@@ -27916,8 +28893,8 @@ ${bar}
 `);
       try {
-        const connectPath = import_node_path23.default.join(config.dataDir, "connect.txt");
-        import_node_fs22.default.writeFileSync(connectPath, lines.join("\n") + "\n", { mode: 384 });
+        const connectPath = import_node_path26.default.join(config.dataDir, "connect.txt");
+        import_node_fs24.default.writeFileSync(connectPath, lines.join("\n") + "\n", { mode: 384 });
       } catch {
       }
     } catch (err) {