npm - @clawos-dev/clawd - Versions diffs - 0.2.66 → 0.2.67-beta.119.a74a0cd - Mend

@clawos-dev/clawd 0.2.66 → 0.2.67-beta.119.a74a0cd

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/cli.cjs +182 -1005
package/package.json +1 -1

package/dist/cli.cjs CHANGED Viewed

@@ -85,24 +85,17 @@ var init_methods = __esm({
       "git:root",
       "git:branch",
       "git:branches",
-      "git:worktree:prefix",
-      "git:worktree:create",
-      "git:worktree:remove",
       "capabilities:get",
-      // ---- persona:* (老板侧管理 + 插话；alice 走 persona-bound WS 简化协议，不在此白名单) ----
+      // ---- persona:* (persona 管理) ----
       "persona:create",
       "persona:list",
       "persona:get",
       "persona:update",
       "persona:delete",
+      // token 颁发 / 吊销：file-sharing HTTP Bearer 鉴权用（PersonaRegistry.findByToken
+      // 反查 personaId / label）。owner UI 在 PersonaSettingsDrawer "分享 Token" section 管理。
       "persona:issueToken",
       "persona:revokeToken",
-      "persona:listSubSessions",
-      // owner-side bootstrap RPC：拉 (personaId, token) tuple 下所有 listener sub-session
-      // 元数据。后续增量靠 persona:listenerChat:* push 维护，本 RPC 仅在 owner ws connect /
-      // reconnect 时一次性补齐 cache。
-      "persona:listListenerChatsForToken",
-      "persona:appendOwnerMessage",
       // ---- session:pty 双向透传（仅 CLAWD_CC_MODE=tui 才生效，对应 session:pty push 帧的上行） ----
       // session:pty:input — UI 把用户键盘字节（base64 UTF-8）发给 daemon，daemon 直写 pty stdin。
       //   高频帧（每次按键 1 帧），不入 reducer / 不广播。response 是 fire-and-forget 风格 ack。
@@ -612,8 +605,8 @@ var init_parseUtil = __esm({
     init_errors2();
     init_en();
     makeIssue = (params) => {
-      const { data, path: path31, errorMaps, issueData } = params;
-      const fullPath = [...path31, ...issueData.path || []];
+      const { data, path: path32, errorMaps, issueData } = params;
+      const fullPath = [...path32, ...issueData.path || []];
       const fullIssue = {
         ...issueData,
         path: fullPath
@@ -924,11 +917,11 @@ var init_types = __esm({
     init_parseUtil();
     init_util();
     ParseInputLazyPath = class {
-      constructor(parent, value, path31, key) {
+      constructor(parent, value, path32, key) {
         this._cachedPath = [];
         this.parent = parent;
         this.data = value;
-        this._path = path31;
+        this._path = path32;
         this._key = key;
       }
       get path() {
@@ -4338,9 +4331,11 @@ var init_attachment_schemas = __esm({
       stale: external_exports.boolean().optional()
     });
     AttachmentSignUrlArgs = external_exports.object({
-      /** 要分享的绝对路径；签名只关心 absPath，不区分 persona/session */
-      absPath: external_exports.string().min(1),
-      /** TTL 秒数；缺省 24h；'never' 走 null 不带 exp 字段（永久有效） */
+      /** 群文件所属的 session */
+      sessionId: external_exports.string().min(1),
+      /** 相对 session.cwd 的路径；允许传绝对路径，daemon 端会归一化（必须在 cwd 内） */
+      relPath: external_exports.string().min(1),
+      /** TTL 秒数；缺省 24h；null 走永久 URL（不带 exp 字段） */
       ttlSeconds: external_exports.number().int().positive().nullable().optional()
     });
     AttachmentSignUrlResponseSchema = external_exports.object({
@@ -4386,7 +4381,7 @@ var init_attachment_schemas = __esm({
 });
 // ../protocol/src/persona-schemas.ts
-var PersonaTokenEntrySchema, PersonaFileSchema, PersonaSkillSummarySchema, PersonaSandboxSettingsSchema, PersonaInfoResponseSchema, PersonaCreateArgsSchema, PersonaIdArgsSchema, PersonaUpdateArgsSchema, PersonaIssueTokenArgsSchema, PersonaRevokeTokenArgsSchema, PersonaAppendOwnerMessageArgsSchema, FRAME_TYPE_CHAT_OPEN, FRAME_TYPE_CHAT_RENAME, FRAME_TYPE_CHAT_DELETE, FRAME_TYPE_CHAT_LIST, FRAME_TYPE_CHAT_CREATED, FRAME_TYPE_CHAT_RENAMED, FRAME_TYPE_CHAT_DELETED, FRAME_TYPE_PERSONA_LISTENER_CHAT_CREATED, FRAME_TYPE_PERSONA_LISTENER_CHAT_RENAMED, FRAME_TYPE_PERSONA_LISTENER_CHAT_DELETED, FRAME_TYPE_PERSONA_LISTENER_STATUS, ChatSummarySchema, ChatOpenRequestSchema, ChatRenameRequestSchema, ChatDeleteRequestSchema, ChatRenameResponseSchema, ChatDeleteResponseSchema, ChatListPushSchema, ChatCreatedFrameSchema, ChatRenamedFrameSchema, ChatDeletedFrameSchema, PersonaListenerChatCreatedFrameSchema, PersonaListenerChatRenamedFrameSchema, PersonaListenerChatDeletedFrameSchema, PersonaListenerStatusFrameSchema, PersonaListListenerChatsForTokenArgsSchema, PersonaListListenerChatsForTokenResponseSchema;
+var PersonaTokenEntrySchema, PersonaFileSchema, PersonaSkillSummarySchema, PersonaSandboxSettingsSchema, PersonaInfoResponseSchema, PersonaCreateArgsSchema, PersonaIdArgsSchema, PersonaUpdateArgsSchema, PersonaIssueTokenArgsSchema, PersonaRevokeTokenArgsSchema;
 var init_persona_schemas = __esm({
   "../protocol/src/persona-schemas.ts"() {
     "use strict";
@@ -4404,7 +4399,13 @@ var init_persona_schemas = __esm({
       // 8-key set defined UI-side in `lib/session-icons.ts`; protocol stays plain string
       // for forward compatibility, consumer fallbacks to default when key not found.
       iconKey: external_exports.string().optional(),
-      tokenMap: external_exports.record(external_exports.string(), PersonaTokenEntrySchema),
+      /**
+       * Persona token 列表：file-sharing HTTP Bearer 鉴权用。
+       * - 写：`PersonaManager.issueToken` / `revokeToken`
+       * - 读：`PersonaRegistry.findByToken` 反向查表（需 persona.public === true）
+       * - optional：兼容历史 persona.json 不含此字段的情形（旧 daemon 写文件时省略）
+       */
+      tokenMap: external_exports.record(external_exports.string(), PersonaTokenEntrySchema).optional(),
       createdAt: external_exports.number(),
       updatedAt: external_exports.number()
     }).strict();
@@ -4465,126 +4466,11 @@ var init_persona_schemas = __esm({
       personaId: external_exports.string().min(1),
       token: external_exports.string().min(1)
     });
-    PersonaAppendOwnerMessageArgsSchema = external_exports.object({
-      personaId: external_exports.string().min(1),
-      subSessionId: external_exports.string().min(1),
-      text: external_exports.string().min(1)
-    });
-    FRAME_TYPE_CHAT_OPEN = "chat:open";
-    FRAME_TYPE_CHAT_RENAME = "chat:rename";
-    FRAME_TYPE_CHAT_DELETE = "chat:delete";
-    FRAME_TYPE_CHAT_LIST = "chat:list";
-    FRAME_TYPE_CHAT_CREATED = "chat:created";
-    FRAME_TYPE_CHAT_RENAMED = "chat:renamed";
-    FRAME_TYPE_CHAT_DELETED = "chat:deleted";
-    FRAME_TYPE_PERSONA_LISTENER_CHAT_CREATED = "persona:listenerChat:created";
-    FRAME_TYPE_PERSONA_LISTENER_CHAT_RENAMED = "persona:listenerChat:renamed";
-    FRAME_TYPE_PERSONA_LISTENER_CHAT_DELETED = "persona:listenerChat:deleted";
-    FRAME_TYPE_PERSONA_LISTENER_STATUS = "persona:listenerStatus";
-    ChatSummarySchema = external_exports.object({
-      sessionId: external_exports.string().min(1),
-      /** 派生 sessionId 时使用的原始 chatId（永远三元组 hash 派生，无 default 特例） */
-      chatId: external_exports.string().min(1),
-      /** sub-session label，listener 视为 chat 名 */
-      label: external_exports.string(),
-      /** SessionFile.createdAt（ISO string） */
-      createdAt: external_exports.string()
-    });
-    ChatOpenRequestSchema = external_exports.object({
-      type: external_exports.literal(FRAME_TYPE_CHAT_OPEN),
-      /** 客户端生成的 chatId（uuid 推荐）；daemon 用三元组派生 sub-session sessionId */
-      chatId: external_exports.string().min(1),
-      /** 不存在时是否自动创建。true = 创建（典型：新建对话）；false/缺省 = 命中已有，否则 NOT_FOUND */
-      autoCreate: external_exports.boolean().optional(),
-      requestId: external_exports.string().min(1).optional()
-    });
-    ChatRenameRequestSchema = external_exports.object({
-      type: external_exports.literal(FRAME_TYPE_CHAT_RENAME),
-      requestId: external_exports.string().min(1).optional(),
-      sessionId: external_exports.string().min(1),
-      label: external_exports.string().min(1)
-    });
-    ChatDeleteRequestSchema = external_exports.object({
-      type: external_exports.literal(FRAME_TYPE_CHAT_DELETE),
-      requestId: external_exports.string().min(1).optional(),
-      sessionId: external_exports.string().min(1)
-    });
-    ChatRenameResponseSchema = external_exports.object({
-      type: external_exports.literal(FRAME_TYPE_CHAT_RENAME),
-      requestId: external_exports.string().min(1).optional(),
-      ok: external_exports.literal(true)
-    });
-    ChatDeleteResponseSchema = external_exports.object({
-      type: external_exports.literal(FRAME_TYPE_CHAT_DELETE),
-      requestId: external_exports.string().min(1).optional(),
-      ok: external_exports.literal(true)
-    });
-    ChatListPushSchema = external_exports.object({
-      type: external_exports.literal(FRAME_TYPE_CHAT_LIST),
-      chats: external_exports.array(ChatSummarySchema)
-    });
-    ChatCreatedFrameSchema = external_exports.object({
-      type: external_exports.literal(FRAME_TYPE_CHAT_CREATED),
-      sessionId: external_exports.string().min(1),
-      chatId: external_exports.string().min(1),
-      label: external_exports.string().optional(),
-      /** ISO timestamp */
-      createdAt: external_exports.string().min(1)
-    });
-    ChatRenamedFrameSchema = external_exports.object({
-      type: external_exports.literal(FRAME_TYPE_CHAT_RENAMED),
-      sessionId: external_exports.string().min(1),
-      label: external_exports.string().min(1)
-    });
-    ChatDeletedFrameSchema = external_exports.object({
-      type: external_exports.literal(FRAME_TYPE_CHAT_DELETED),
-      sessionId: external_exports.string().min(1)
-    });
-    PersonaListenerChatCreatedFrameSchema = external_exports.object({
-      type: external_exports.literal(FRAME_TYPE_PERSONA_LISTENER_CHAT_CREATED),
-      personaId: external_exports.string().min(1),
-      /** owner 同时持有 token 字符串：sidebar 已经按 token 维度渲染 listener leaf，
-       *  push 帧用 token 直接定位归属 leaf。token 不是密钥，owner 本来就持有。 */
-      token: external_exports.string().min(1),
-      sessionId: external_exports.string().min(1),
-      chatId: external_exports.string().min(1),
-      label: external_exports.string().optional(),
-      createdAt: external_exports.string().min(1)
-    });
-    PersonaListenerChatRenamedFrameSchema = external_exports.object({
-      type: external_exports.literal(FRAME_TYPE_PERSONA_LISTENER_CHAT_RENAMED),
-      personaId: external_exports.string().min(1),
-      token: external_exports.string().min(1),
-      sessionId: external_exports.string().min(1),
-      label: external_exports.string().min(1)
-    });
-    PersonaListenerChatDeletedFrameSchema = external_exports.object({
-      type: external_exports.literal(FRAME_TYPE_PERSONA_LISTENER_CHAT_DELETED),
-      personaId: external_exports.string().min(1),
-      token: external_exports.string().min(1),
-      sessionId: external_exports.string().min(1),
-      /** 原始 chatId（用于 owner UI 比对 personaView.chatId 清理 stale selection） */
-      chatId: external_exports.string().min(1)
-    });
-    PersonaListenerStatusFrameSchema = external_exports.object({
-      type: external_exports.literal(FRAME_TYPE_PERSONA_LISTENER_STATUS),
-      personaId: external_exports.string().min(1),
-      token: external_exports.string().min(1),
-      status: external_exports.enum(["online", "offline"]),
-      activeWsCount: external_exports.number().int().nonnegative()
-    });
-    PersonaListListenerChatsForTokenArgsSchema = external_exports.object({
-      personaId: external_exports.string().min(1),
-      token: external_exports.string().min(1)
-    });
-    PersonaListListenerChatsForTokenResponseSchema = external_exports.object({
-      chats: external_exports.array(ChatSummarySchema)
-    });
   }
 });
 // ../protocol/src/schemas.ts
-var SessionStatusSchema, UsageSchema, ContextUsageSchema, sessionMetaShape, SessionMetaSchema, ModelInfoSchema, ModeInfoSchema, ConfigFieldSchemaSchema, CapabilitiesGetArgs, CapabilitiesResponseSchema, AllowRuleSchema, SessionFileSchema, ParsedEventBase, HistoryUserMetaSchema, SubagentToolStatsSchema, StructuredPatchHunkSchema, ToolResultExtraSchema, MemoryEntrySchema, AskQuestionOptionSchema, AskQuestionItemSchema, ParsedEventSchema, SessionCreateArgs, SessionIdArgs, SessionUpdateArgs, SessionSendArgs, SessionRewindArgs, SessionRewindResponseSchema, SessionRewindDiffArgs, RewindDiffHunkSchema, RewindDiffFileSchema, SessionRewindDiffResponseSchema, SessionRewindableMessageIdsArgs, SessionRewindableMessageIdsResponseSchema, SessionResumeArgs, SessionForkArgs, SessionForkResponseSchema, SessionObserveArgs, SessionEventsArgs, PermissionRespondArgs, HistoryListArgs, HistoryReadArgs, HistorySubagentsArgs, HistorySubagentReadArgs, WorkspaceListArgs, WorkspaceReadArgs, SkillsListArgs, SkillEntrySchema, AgentEntrySchema, AgentsListArgs, AgentsListResponseSchema, SessionSubscribeArgs, SessionPinArgs, SessionReorderPinsArgs, GitRootArgs, GitRootResponseSchema, GitBranchArgs, GitBranchResponseSchema, GitBranchesArgs, GitBranchesResponseSchema, GitWorktreePrefixArgs, GitWorktreePrefixResponseSchema, GitWorktreeCreateArgs, GitWorktreeCreateResponseSchema, GitWorktreeRemoveArgs, GitWorktreeRemoveResponseSchema, HistoryRecentDirsArgs, RecentDirEntrySchema, HistoryRecentDirsResponseSchema, SessionQuestionFrameSchema, SessionQuestionClearedFrameSchema, AnswerQuestionArgs, AnswerQuestionResponseSchema, CancelQuestionArgs, CancelQuestionResponseSchema, AuthRequestFrameSchema, AuthOkFrameSchema, TunnelExitedEventSchema, InfoRunningSessionSchema, InfoResponseSchema;
+var SessionStatusSchema, UsageSchema, ContextUsageSchema, sessionMetaShape, SessionMetaSchema, ModelInfoSchema, ModeInfoSchema, ConfigFieldSchemaSchema, CapabilitiesGetArgs, CapabilitiesResponseSchema, AllowRuleSchema, SessionFileSchema, ParsedEventBase, HistoryUserMetaSchema, SubagentToolStatsSchema, StructuredPatchHunkSchema, ToolResultExtraSchema, MemoryEntrySchema, AskQuestionOptionSchema, AskQuestionItemSchema, ParsedEventSchema, SessionCreateArgs, SessionIdArgs, SessionUpdateArgs, SessionSendArgs, SessionRewindArgs, SessionRewindResponseSchema, SessionRewindDiffArgs, RewindDiffHunkSchema, RewindDiffFileSchema, SessionRewindDiffResponseSchema, SessionRewindableMessageIdsArgs, SessionRewindableMessageIdsResponseSchema, SessionResumeArgs, SessionForkArgs, SessionForkResponseSchema, SessionObserveArgs, SessionEventsArgs, PermissionRespondArgs, HistoryListArgs, HistoryReadArgs, HistorySubagentsArgs, HistorySubagentReadArgs, WorkspaceListArgs, WorkspaceReadArgs, SkillsListArgs, SkillEntrySchema, AgentEntrySchema, AgentsListArgs, AgentsListResponseSchema, SessionSubscribeArgs, SessionPinArgs, SessionReorderPinsArgs, GitRootArgs, GitRootResponseSchema, GitBranchArgs, GitBranchResponseSchema, GitBranchesArgs, GitBranchesResponseSchema, HistoryRecentDirsArgs, RecentDirEntrySchema, HistoryRecentDirsResponseSchema, SessionQuestionFrameSchema, SessionQuestionClearedFrameSchema, AnswerQuestionArgs, AnswerQuestionResponseSchema, CancelQuestionArgs, CancelQuestionResponseSchema, AuthRequestFrameSchema, AuthOkFrameSchema, TunnelExitedEventSchema, InfoRunningSessionSchema, InfoResponseSchema;
 var init_schemas = __esm({
   "../protocol/src/schemas.ts"() {
     "use strict";
@@ -4674,9 +4560,6 @@ var init_schemas = __esm({
       pinSortOrder: external_exports.number().int().nullable().optional(),
       // 用户在 NewSessionDialog 或 Edit modal 选择的 icon 标识；UI 端做 enum 兜底
       iconKey: external_exports.string().optional(),
-      // NewSessionDialog 勾选 worktree 创建的 session 才会持久化这两个字段
-      worktreeRoot: external_exports.string().min(1).optional(),
-      worktreeBranch: external_exports.string().min(1).optional(),
       // 由 session:fork 派生的 session 在 create 时记录源 session 的 sessionId（稳定 key，
       // 不受 parent clear / re-spawn 影响）；sidebar 据此挂 fork 图标。非 fork session 该字段缺省。
       // 旧字段 forkedFromToolSessionId 已弃用，daemon 启动时一次性迁移老数据
@@ -4897,9 +4780,6 @@ var init_schemas = __esm({
       effort: external_exports.string().optional(),
       // 用户在 NewSessionDialog 选择的 icon 标识；UI 端做 enum 兜底
       iconKey: external_exports.string().optional(),
-      // NewSessionDialog 勾选 worktree 时由 UI 传入，daemon 原样持久化，不做额外副作用
-      worktreeRoot: external_exports.string().min(1).optional(),
-      worktreeBranch: external_exports.string().min(1).optional(),
       // session:fork 派生 session 时由 UI 传入源 sessionId，daemon 写到 SessionFile.forkedFromSessionId
       forkedFromSessionId: external_exports.string().min(1).optional(),
       // owner-mode persona session：传此字段时 daemon 自行派生 cwd 和启动参数，
@@ -5064,25 +4944,6 @@ var init_schemas = __esm({
       branches: external_exports.array(external_exports.string()),
       head: external_exports.string().nullable()
     });
-    GitWorktreePrefixArgs = external_exports.object({}).optional();
-    GitWorktreePrefixResponseSchema = external_exports.object({
-      prefix: external_exports.string().min(1)
-    });
-    GitWorktreeCreateArgs = external_exports.object({
-      cwd: external_exports.string().min(1),
-      baseBranch: external_exports.string().min(1),
-      label: external_exports.string().min(1)
-    });
-    GitWorktreeCreateResponseSchema = external_exports.object({
-      worktreeRoot: external_exports.string().min(1),
-      branch: external_exports.string().min(1),
-      baseBranch: external_exports.string().min(1)
-    });
-    GitWorktreeRemoveArgs = external_exports.object({
-      worktreeRoot: external_exports.string().min(1),
-      worktreeBranch: external_exports.string().min(1)
-    });
-    GitWorktreeRemoveResponseSchema = external_exports.object({ ok: external_exports.literal(true) });
     HistoryRecentDirsArgs = external_exports.object({}).optional();
     RecentDirEntrySchema = external_exports.object({
       cwd: external_exports.string().min(1),
@@ -5469,8 +5330,8 @@ var require_req = __commonJS({
       if (req.originalUrl) {
         _req.url = req.originalUrl;
       } else {
-        const path31 = req.path;
-        _req.url = typeof path31 === "string" ? path31 : req.url ? req.url.path || req.url : void 0;
+        const path32 = req.path;
+        _req.url = typeof path32 === "string" ? path32 : req.url ? req.url.path || req.url : void 0;
       }
       if (req.query) {
         _req.query = req.query;
@@ -5635,14 +5496,14 @@ var require_redact = __commonJS({
       }
       return obj;
     }
-    function parsePath(path31) {
+    function parsePath(path32) {
       const parts = [];
       let current = "";
       let inBrackets = false;
       let inQuotes = false;
       let quoteChar = "";
-      for (let i = 0; i < path31.length; i++) {
-        const char = path31[i];
+      for (let i = 0; i < path32.length; i++) {
+        const char = path32[i];
         if (!inBrackets && char === ".") {
           if (current) {
             parts.push(current);
@@ -5773,10 +5634,10 @@ var require_redact = __commonJS({
       return current;
     }
     function redactPaths(obj, paths, censor, remove = false) {
-      for (const path31 of paths) {
-        const parts = parsePath(path31);
+      for (const path32 of paths) {
+        const parts = parsePath(path32);
         if (parts.includes("*")) {
-          redactWildcardPath(obj, parts, censor, path31, remove);
+          redactWildcardPath(obj, parts, censor, path32, remove);
         } else {
           if (remove) {
             removeKey(obj, parts);
@@ -5861,8 +5722,8 @@ var require_redact = __commonJS({
           }
         } else {
           if (afterWildcard.includes("*")) {
-            const wrappedCensor = typeof censor === "function" ? (value, path31) => {
-              const fullPath = [...pathArray.slice(0, pathLength), ...path31];
+            const wrappedCensor = typeof censor === "function" ? (value, path32) => {
+              const fullPath = [...pathArray.slice(0, pathLength), ...path32];
               return censor(value, fullPath);
             } : censor;
             redactWildcardPath(current, afterWildcard, wrappedCensor, originalPath, remove);
@@ -5897,8 +5758,8 @@ var require_redact = __commonJS({
         return null;
       }
       const pathStructure = /* @__PURE__ */ new Map();
-      for (const path31 of pathsToClone) {
-        const parts = parsePath(path31);
+      for (const path32 of pathsToClone) {
+        const parts = parsePath(path32);
         let current = pathStructure;
         for (let i = 0; i < parts.length; i++) {
           const part = parts[i];
@@ -5950,24 +5811,24 @@ var require_redact = __commonJS({
       }
       return cloneSelectively(obj, pathStructure);
     }
-    function validatePath(path31) {
-      if (typeof path31 !== "string") {
+    function validatePath(path32) {
+      if (typeof path32 !== "string") {
         throw new Error("Paths must be (non-empty) strings");
       }
-      if (path31 === "") {
+      if (path32 === "") {
         throw new Error("Invalid redaction path ()");
       }
-      if (path31.includes("..")) {
-        throw new Error(`Invalid redaction path (${path31})`);
+      if (path32.includes("..")) {
+        throw new Error(`Invalid redaction path (${path32})`);
       }
-      if (path31.includes(",")) {
-        throw new Error(`Invalid redaction path (${path31})`);
+      if (path32.includes(",")) {
+        throw new Error(`Invalid redaction path (${path32})`);
       }
       let bracketCount = 0;
       let inQuotes = false;
       let quoteChar = "";
-      for (let i = 0; i < path31.length; i++) {
-        const char = path31[i];
+      for (let i = 0; i < path32.length; i++) {
+        const char = path32[i];
         if ((char === '"' || char === "'") && bracketCount > 0) {
           if (!inQuotes) {
             inQuotes = true;
@@ -5981,20 +5842,20 @@ var require_redact = __commonJS({
         } else if (char === "]" && !inQuotes) {
           bracketCount--;
           if (bracketCount < 0) {
-            throw new Error(`Invalid redaction path (${path31})`);
+            throw new Error(`Invalid redaction path (${path32})`);
           }
         }
       }
       if (bracketCount !== 0) {
-        throw new Error(`Invalid redaction path (${path31})`);
+        throw new Error(`Invalid redaction path (${path32})`);
       }
     }
     function validatePaths(paths) {
       if (!Array.isArray(paths)) {
         throw new TypeError("paths must be an array");
       }
-      for (const path31 of paths) {
-        validatePath(path31);
+      for (const path32 of paths) {
+        validatePath(path32);
       }
     }
     function slowRedact(options = {}) {
@@ -6162,8 +6023,8 @@ var require_redaction = __commonJS({
         if (shape[k2] === null) {
           o[k2] = (value) => topCensor(value, [k2]);
         } else {
-          const wrappedCensor = typeof censor === "function" ? (value, path31) => {
-            return censor(value, [k2, ...path31]);
+          const wrappedCensor = typeof censor === "function" ? (value, path32) => {
+            return censor(value, [k2, ...path32]);
           } : censor;
           o[k2] = Redact({
             paths: shape[k2],
@@ -6384,7 +6245,7 @@ var require_sonic_boom = __commonJS({
     var fs28 = require("fs");
     var EventEmitter2 = require("events");
     var inherits = require("util").inherits;
-    var path31 = require("path");
+    var path32 = require("path");
     var sleep = require_atomic_sleep();
     var assert = require("assert");
     var BUSY_WRITE_TIMEOUT = 100;
@@ -6438,7 +6299,7 @@ var require_sonic_boom = __commonJS({
       const mode = sonic.mode;
       if (sonic.sync) {
         try {
-          if (sonic.mkdir) fs28.mkdirSync(path31.dirname(file), { recursive: true });
+          if (sonic.mkdir) fs28.mkdirSync(path32.dirname(file), { recursive: true });
           const fd = fs28.openSync(file, flags, mode);
           fileOpened(null, fd);
         } catch (err) {
@@ -6446,7 +6307,7 @@ var require_sonic_boom = __commonJS({
           throw err;
         }
       } else if (sonic.mkdir) {
-        fs28.mkdir(path31.dirname(file), { recursive: true }, (err) => {
+        fs28.mkdir(path32.dirname(file), { recursive: true }, (err) => {
           if (err) return fileOpened(err);
           fs28.open(file, flags, mode, fileOpened);
         });
@@ -9306,7 +9167,7 @@ var require_multistream = __commonJS({
 var require_pino = __commonJS({
   "../node_modules/.pnpm/pino@9.14.0/node_modules/pino/pino.js"(exports2, module2) {
     "use strict";
-    var os16 = require("os");
+    var os15 = require("os");
     var stdSerializers = require_pino_std_serializers();
     var caller = require_caller();
     var redaction = require_redaction();
@@ -9353,7 +9214,7 @@ var require_pino = __commonJS({
     } = symbols;
     var { epochTime, nullTime } = time;
     var { pid } = process;
-    var hostname = os16.hostname();
+    var hostname = os15.hostname();
     var defaultErrorSerializer = stdSerializers.err;
     var defaultOptions = {
       level: "info",
@@ -10077,11 +9938,11 @@ var init_lib = __esm({
           }
         }
       },
-      addToPath: function addToPath(path31, added, removed, oldPosInc, options) {
-        var last = path31.lastComponent;
+      addToPath: function addToPath(path32, added, removed, oldPosInc, options) {
+        var last = path32.lastComponent;
         if (last && !options.oneChangePerToken && last.added === added && last.removed === removed) {
           return {
-            oldPos: path31.oldPos + oldPosInc,
+            oldPos: path32.oldPos + oldPosInc,
             lastComponent: {
               count: last.count + 1,
               added,
@@ -10091,7 +9952,7 @@ var init_lib = __esm({
           };
         } else {
           return {
-            oldPos: path31.oldPos + oldPosInc,
+            oldPos: path32.oldPos + oldPosInc,
             lastComponent: {
               count: 1,
               added,
@@ -10522,10 +10383,10 @@ function attachmentToHistoryMessage(o, ts) {
     const memories = raw.map((m2) => {
       if (!m2 || typeof m2 !== "object") return null;
       const rec = m2;
-      const path31 = typeof rec.path === "string" ? rec.path : null;
+      const path32 = typeof rec.path === "string" ? rec.path : null;
       const content = typeof rec.content === "string" ? rec.content : null;
-      if (!path31 || content == null) return null;
-      const entry = { path: path31, content };
+      if (!path32 || content == null) return null;
+      const entry = { path: path32, content };
       if (typeof rec.mtimeMs === "number") entry.mtimeMs = rec.mtimeMs;
       return entry;
     }).filter((m2) => m2 !== null);
@@ -11329,10 +11190,10 @@ function parseAttachment(obj) {
     const memories = raw.map((m2) => {
       if (!m2 || typeof m2 !== "object") return null;
       const rec = m2;
-      const path31 = typeof rec.path === "string" ? rec.path : null;
+      const path32 = typeof rec.path === "string" ? rec.path : null;
       const content = typeof rec.content === "string" ? rec.content : null;
-      if (!path31 || content == null) return null;
-      const out = { path: path31, content };
+      if (!path32 || content == null) return null;
+      const out = { path: path32, content };
       if (typeof rec.mtimeMs === "number") out.mtimeMs = rec.mtimeMs;
       return out;
     }).filter((m2) => m2 !== null);
@@ -20246,7 +20107,7 @@ var require_websocket_server = __commonJS({
 // src/run-case/recorder.ts
 function startRunCaseRecorder(opts) {
   const now = opts.now ?? Date.now;
-  const dir = import_node_path27.default.dirname(opts.recordPath);
+  const dir = import_node_path28.default.dirname(opts.recordPath);
   let stream = null;
   let closing = false;
   let closedSettled = false;
@@ -20286,12 +20147,12 @@ function startRunCaseRecorder(opts) {
   };
   return { tap, close, closed };
 }
-var import_node_fs25, import_node_path27;
+var import_node_fs25, import_node_path28;
 var init_recorder = __esm({
   "src/run-case/recorder.ts"() {
     "use strict";
     import_node_fs25 = __toESM(require("fs"), 1);
-    import_node_path27 = __toESM(require("path"), 1);
+    import_node_path28 = __toESM(require("path"), 1);
   }
 });
@@ -20334,7 +20195,7 @@ var init_wire = __esm({
 // src/run-case/controller.ts
 async function runController(opts) {
   const now = opts.now ?? Date.now;
-  const cwd = opts.cwd ?? (0, import_node_fs26.mkdtempSync)(import_node_path28.default.join(import_node_os15.default.tmpdir(), "clawd-runcase-"));
+  const cwd = opts.cwd ?? (0, import_node_fs26.mkdtempSync)(import_node_path29.default.join(import_node_os14.default.tmpdir(), "clawd-runcase-"));
   const ownsCwd = opts.cwd === void 0;
   const recorder = startRunCaseRecorder({ recordPath: opts.record, now });
   const spawnCtx = { cwd };
@@ -20501,13 +20362,13 @@ async function runController(opts) {
   }
   return exitCode ?? 0;
 }
-var import_node_fs26, import_node_os15, import_node_path28;
+var import_node_fs26, import_node_os14, import_node_path29;
 var init_controller = __esm({
   "src/run-case/controller.ts"() {
     "use strict";
     import_node_fs26 = require("fs");
-    import_node_os15 = __toESM(require("os"), 1);
-    import_node_path28 = __toESM(require("path"), 1);
+    import_node_os14 = __toESM(require("os"), 1);
+    import_node_path29 = __toESM(require("path"), 1);
     init_claude();
     init_stdout_splitter();
     init_permission_stdio();
@@ -20739,7 +20600,7 @@ Env (advanced):
 `;
 // src/index.ts
-var import_node_path26 = __toESM(require("path"), 1);
+var import_node_path27 = __toESM(require("path"), 1);
 var import_node_fs24 = __toESM(require("fs"), 1);
 // src/logger.ts
@@ -22436,8 +22297,6 @@ var SessionManager = class {
       permissionMode: args.permissionMode,
       effort: args.effort,
       iconKey: args.iconKey,
-      worktreeRoot: args.worktreeRoot,
-      worktreeBranch: args.worktreeBranch,
       forkedFromSessionId: args.forkedFromSessionId,
       ownerPersonaId: args.ownerPersonaId,
       createdAt: iso,
@@ -23460,15 +23319,6 @@ var PersonaRegistry = class {
   list() {
     return Array.from(this.cache.values());
   }
-  verifyToken(personaId, token) {
-    const persona = this.cache.get(personaId);
-    if (!persona) return { ok: false, code: "PERSONA_DELETED" };
-    if (!persona.public) return { ok: false, code: "PERSONA_NOT_PUBLIC" };
-    const entry = persona.tokenMap[token];
-    if (!entry) return { ok: false, code: "TOKEN_INVALID" };
-    if (entry.revoked) return { ok: false, code: "TOKEN_REVOKED" };
-    return { ok: true, label: entry.label };
-  }
   /**
    * file-sharing HTTP auth-context 用的逆向查表：只有 Bearer token，没有 personaId。
    * 线性扫所有 persona.tokenMap 找到第一条 ok 命中的；revoked / non-public persona 跳过。
@@ -23478,7 +23328,7 @@ var PersonaRegistry = class {
     if (!token) return null;
     for (const persona of this.cache.values()) {
       if (!persona.public) continue;
-      const entry = persona.tokenMap[token];
+      const entry = persona.tokenMap?.[token];
       if (!entry || entry.revoked) continue;
       return { personaId: persona.personaId, label: entry.label };
     }
@@ -23777,6 +23627,8 @@ var PersonaManager = class {
       model: args.model,
       public: args.public ?? false,
       iconKey: args.iconKey,
+      // 初始化空 token 集合；后续由 issueToken / revokeToken 维护，
+      // file-sharing HTTP Bearer 鉴权用 PersonaRegistry.findByToken 反查
       tokenMap: {},
       createdAt: now,
       updatedAt: now
@@ -23820,15 +23672,16 @@ var PersonaManager = class {
   }
   /**
    * 删除 persona。
-   * PersonaStore.remove(personaId) 已级联删除整个 <personaRoot>/<personaId>/ 目录，
-   * 其中包含 .clawd/sub-sessions/——无需额外清理。
-   * 旧的 <dataDir>/sessions/<personaId>/ 路径已废弃，不再维护。
+   * PersonaStore.remove(personaId) 已级联删除整个 <personaRoot>/<personaId>/ 目录。
    */
   delete(personaId) {
     this.deps.store.remove(personaId);
     this.deps.registry.remove(personaId);
   }
-  /** 生成 32-char base64url token（24 bytes 随机），label 必填 */
+  /**
+   * 生成 32-char base64url token 并写入 tokenMap，给 file-sharing HTTP Bearer
+   * 鉴权用（PersonaRegistry.findByToken 反查 personaId/label）。
+   */
   issueToken(personaId, label) {
     const existing = this.deps.registry.get(personaId);
     if (!existing) throw new Error(`persona not found: ${personaId}`);
@@ -23840,22 +23693,23 @@ var PersonaManager = class {
     };
     const updated = {
       ...existing,
-      tokenMap: { ...existing.tokenMap, [token]: entry },
+      tokenMap: { ...existing.tokenMap ?? {}, [token]: entry },
       updatedAt: Date.now()
     };
     this.deps.store.writeMeta(updated);
     this.deps.registry.set(updated);
     return { token, persona: updated };
   }
+  /** 标记 token 为 revoked（保留条目用于审计）；不存在的 token 抛错。 */
   revokeToken(personaId, token) {
     const existing = this.deps.registry.get(personaId);
     if (!existing) throw new Error(`persona not found: ${personaId}`);
-    const tokenEntry = existing.tokenMap[token];
+    const tokenEntry = existing.tokenMap?.[token];
     if (!tokenEntry) throw new Error(`token not found in persona ${personaId}`);
     const updated = {
       ...existing,
       tokenMap: {
-        ...existing.tokenMap,
+        ...existing.tokenMap ?? {},
         [token]: { ...tokenEntry, revoked: true }
       },
       updatedAt: Date.now()
@@ -23864,70 +23718,6 @@ var PersonaManager = class {
     this.deps.registry.set(updated);
     return updated;
   }
-  /**
-   * 拿到（或按需创建）该 (token, chatId) 对应的 sub-session。subSessionId 由 personaId + token +
-   * chatId 三元组 hash 派生，保证 idempotent：同一 tuple 永远复用同一个 sub-session。
-   *
-   * chatId 必填 —— listener 协议从 v2 起拆 phase：客户端 auth 后通过 chat:open(chatId, autoCreate?)
-   * 显式进入某个 chat；不再有 'default' 默认值。chatId 通常是客户端生成的 uuid，落 listener 端
-   * 持久化由客户端负责（daemon 不替客户端记忆"最近哪个 chat"）。
-   *
-   * 创建路径：开启 idleKillEnabled，cwd 取 persona 目录，不再硬编码 permission mode / tool allowlist
-   * （sandbox 约束移到 persona dir 下的 .claude/settings.json，由 OS-level Seatbelt 执行）
-   */
-  getOrCreateSubSession(personaId, token, chatId) {
-    const persona = this.deps.registry.get(personaId);
-    if (!persona) throw new Error(`persona not found: ${personaId}`);
-    if (!chatId) throw new Error("chatId is required");
-    const subSessionId = this.deriveSubSessionId(personaId, token, chatId);
-    const scope = { kind: "persona", personaId, mode: "listener" };
-    const existing = this.deps.sessionManager.readForScope(subSessionId, scope);
-    if (existing) {
-      return { sessionFile: existing, isNew: false };
-    }
-    const tokenEntry = persona.tokenMap[token];
-    const subLabel = tokenEntry?.label ?? "unknown";
-    const sessionFile = this.deps.sessionManager.createForScope({
-      sessionId: subSessionId,
-      scope,
-      cwd: this.deps.store.personaDirPath(personaId),
-      tool: "claude",
-      label: subLabel,
-      model: persona.model,
-      chatId
-    });
-    return { sessionFile, isNew: true };
-  }
-  /**
-   * 检查 (token, chatId) 对应的 sub-session 是否存在；不存在返回 null。
-   * chat:open(autoCreate=false) 路径用：listener 想"只切已有 chat"时不能撞 auto-create。
-   */
-  getSubSession(personaId, token, chatId) {
-    if (!chatId) return null;
-    const subSessionId = this.deriveSubSessionId(personaId, token, chatId);
-    const scope = { kind: "persona", personaId, mode: "listener" };
-    return this.deps.sessionManager.readForScope(subSessionId, scope);
-  }
-  /**
-   * 校验 sessionId 是否属于 (personaId, token) tuple（前 12 字符 tokenHash 一致）。
-   * chat:rename / chat:delete 用：listener 只能操作自己 tuple 内的 chat。
-   */
-  tokenPrefixFor(personaId, token) {
-    const tokenHash = import_node_crypto3.default.createHash("sha256").update(token).digest("hex").slice(0, 12);
-    return `${personaId}-${tokenHash}`;
-  }
-  /**
-   * 老板插话：把"老板的话"作为 meta-text + metaSource='owner' 推到 sub-session 的事件流。
-   * 委托 SessionManager.injectOwnerMessage 路由到 reducer 'inject-owner-text' input
-   */
-  appendOwnerMessage(personaId, subSessionId, text) {
-    this.deps.sessionManager.injectOwnerMessage({
-      sessionId: subSessionId,
-      scope: { kind: "persona", personaId, mode: "listener" },
-      text
-    });
-  }
-  // ---------------- 内部 ----------------
   /**
    * label 转 4-16 char slug。优先用 `persona-<slug>`；若 slug 已被占用，追加 4 char
    * base64url 随机后缀直到不撞为止（最多 5 次，理论冲突 ≈ 2^-24，留个 panic 上限）。
@@ -23943,15 +23733,6 @@ var PersonaManager = class {
     }
     throw new Error(`failed to generate unique personaId for label=${label}`);
   }
-  /**
-   * subSessionId 派生：永远三元组 `${personaId}-${tokenHash12}-${chatHash8}`，无 default 特例。
-   * 旧 v1 实现保留 default 二元组兼容已废除。
-   */
-  deriveSubSessionId(personaId, token, chatId) {
-    const tokenHash = import_node_crypto3.default.createHash("sha256").update(token).digest("hex").slice(0, 12);
-    const chatHash = import_node_crypto3.default.createHash("sha256").update(chatId).digest("hex").slice(0, 8);
-    return `${personaId}-${tokenHash}-${chatHash}`;
-  }
 };
 // src/persona/seed.ts
@@ -25426,7 +25207,6 @@ var import_websocket_server = __toESM(require_websocket_server(), 1);
 // src/transport/local-ws-server.ts
 var import_node_http = __toESM(require("http"), 1);
-var PERSONA_PATH_RE = /^\/personas\/([a-zA-Z0-9._-]+)$/;
 var LocalWsServer = class {
   constructor(opts) {
     this.opts = opts;
@@ -25549,8 +25329,7 @@ var LocalWsServer = class {
     if (!c) return;
     this.safeSend(c.ws, frame);
   }
-  // URL path 路由：'/' → owner mode（first-message authToken gate 走 onConnection），
-  // '/personas/<id>' → personaBoundHandler，其它 → close 4404
+  // URL path 路由：'/' → 主连接路径；其他 → close 4404
   routeConnection(socket, req) {
     const remoteAddress = req?.socket?.remoteAddress;
     const urlPath = (() => {
@@ -25564,15 +25343,6 @@ var LocalWsServer = class {
       this.onConnection(socket, remoteAddress);
       return;
     }
-    const personaMatch = urlPath.match(PERSONA_PATH_RE);
-    if (personaMatch && this.opts.personaBoundHandler) {
-      this.logger?.info("persona ws connected", {
-        personaId: personaMatch[1],
-        remoteAddress
-      });
-      this.opts.personaBoundHandler.handle(socket, personaMatch[1]);
-      return;
-    }
     try {
       socket.close(4404, "unknown path");
     } catch {
@@ -25715,434 +25485,6 @@ function removeSubscription(client, sessionId) {
   else client.subscribedSessions.set(sessionId, next);
 }
-// src/transport/persona-bound-handler.ts
-init_protocol();
-var PersonaBoundHandler = class {
-  constructor(deps) {
-    this.deps = deps;
-  }
-  deps;
-  // tuple fan-out 表：tokenPrefix → 同 tuple 所有 listener ws 的 send fn 集合
-  tupleSubscribers = /* @__PURE__ */ new Map();
-  // tuple → 当前活跃 ws 数；从 0→1 emit online；从 1→0 emit offline
-  listenerWsCount = /* @__PURE__ */ new Map();
-  handle(ws, personaId) {
-    let phase = "pre-auth";
-    let scope = null;
-    let unsubscribeSession = null;
-    const send = (frame) => {
-      try {
-        ws.send(JSON.stringify(frame));
-      } catch (err) {
-        this.deps.logger.warn(`persona ws send failed: ${err.message}`);
-      }
-    };
-    const sendError = (requestId, code, message) => {
-      const errFrame = { type: "error", code, message };
-      if (requestId) errFrame.requestId = requestId;
-      send(errFrame);
-    };
-    const cleanupTupleRegistration = () => {
-      if (!scope) return;
-      const subs = this.tupleSubscribers.get(scope.tokenPrefix);
-      if (subs) {
-        subs.delete(send);
-        if (subs.size === 0) this.tupleSubscribers.delete(scope.tokenPrefix);
-      }
-      const before = this.listenerWsCount.get(scope.tokenPrefix) ?? 0;
-      const after = before - 1;
-      if (after <= 0) {
-        this.listenerWsCount.delete(scope.tokenPrefix);
-        this.deps.ownerBroadcast(
-          PersonaListenerStatusFrameSchema.parse({
-            type: FRAME_TYPE_PERSONA_LISTENER_STATUS,
-            personaId: scope.personaId,
-            token: scope.token,
-            status: "offline",
-            activeWsCount: 0
-          })
-        );
-      } else {
-        this.listenerWsCount.set(scope.tokenPrefix, after);
-        this.deps.ownerBroadcast(
-          PersonaListenerStatusFrameSchema.parse({
-            type: FRAME_TYPE_PERSONA_LISTENER_STATUS,
-            personaId: scope.personaId,
-            token: scope.token,
-            status: "online",
-            activeWsCount: after
-          })
-        );
-      }
-    };
-    ws.on("message", (raw) => {
-      let parsedRaw;
-      try {
-        parsedRaw = JSON.parse(raw.toString());
-      } catch {
-        ws.close(4400, "PROTOCOL_VIOLATION");
-        return;
-      }
-      if (typeof parsedRaw !== "object" || parsedRaw === null) {
-        ws.close(4400, "PROTOCOL_VIOLATION");
-        return;
-      }
-      const frame = parsedRaw;
-      if (phase === "pre-auth") {
-        const authParse = AuthRequestFrameSchema.safeParse(frame);
-        if (!authParse.success) {
-          ws.close(4400, "PROTOCOL_VIOLATION");
-          return;
-        }
-        const { token } = authParse.data;
-        const verify = this.deps.registry.verifyToken(personaId, token);
-        if (!verify.ok) {
-          const code = verify.code === "PERSONA_DELETED" ? 4404 : verify.code === "PERSONA_NOT_PUBLIC" ? 4403 : 4401;
-          ws.close(code, verify.code);
-          return;
-        }
-        const persona = this.deps.registry.get(personaId);
-        if (!persona) {
-          ws.close(4404, "PERSONA_DELETED");
-          return;
-        }
-        const tokenPrefix = this.deps.personaManager.tokenPrefixFor(personaId, token);
-        scope = { personaId, token, tokenPrefix };
-        phase = "tuple-watch";
-        let subs = this.tupleSubscribers.get(tokenPrefix);
-        if (!subs) {
-          subs = /* @__PURE__ */ new Set();
-          this.tupleSubscribers.set(tokenPrefix, subs);
-        }
-        subs.add(send);
-        const nextCount = (this.listenerWsCount.get(tokenPrefix) ?? 0) + 1;
-        this.listenerWsCount.set(tokenPrefix, nextCount);
-        this.deps.ownerBroadcast(
-          PersonaListenerStatusFrameSchema.parse({
-            type: FRAME_TYPE_PERSONA_LISTENER_STATUS,
-            personaId,
-            token,
-            status: "online",
-            activeWsCount: nextCount
-          })
-        );
-        send({ type: "auth:ok" });
-        send(
-          ChatListPushSchema.parse({
-            type: FRAME_TYPE_CHAT_LIST,
-            chats: this.listChatsForTuple(personaId, tokenPrefix)
-          })
-        );
-        return;
-      }
-      const type = frame.type;
-      const requestId = typeof frame.requestId === "string" ? frame.requestId : void 0;
-      if (type === "auth") {
-        ws.close(4400, "PROTOCOL_VIOLATION");
-        return;
-      }
-      if (type === "ping") {
-        send({ type: "pong", at: Date.now() });
-        return;
-      }
-      if (!scope) {
-        ws.close(4400, "PROTOCOL_VIOLATION");
-        return;
-      }
-      if (type === "chat:open") {
-        const parsed = ChatOpenRequestSchema.safeParse(frame);
-        if (!parsed.success) {
-          sendError(requestId, "VALIDATION_ERROR", parsed.error.message);
-          return;
-        }
-        const { chatId, autoCreate } = parsed.data;
-        let sessionFile;
-        let isNew = false;
-        try {
-          if (autoCreate) {
-            const r = this.deps.personaManager.getOrCreateSubSession(scope.personaId, scope.token, chatId);
-            sessionFile = r.sessionFile;
-            isNew = r.isNew;
-          } else {
-            sessionFile = this.deps.personaManager.getSubSession(scope.personaId, scope.token, chatId);
-            if (!sessionFile) {
-              sendError(requestId, "SESSION_NOT_FOUND", `chatId not found: ${chatId}`);
-              return;
-            }
-          }
-        } catch (err) {
-          sendError(requestId, "INTERNAL", err.message);
-          return;
-        }
-        if (unsubscribeSession && scope.activeSubSessionId !== sessionFile.sessionId) {
-          unsubscribeSession();
-          unsubscribeSession = null;
-        }
-        if (!unsubscribeSession) {
-          unsubscribeSession = this.deps.sessionManager.subscribe(
-            sessionFile.sessionId,
-            { kind: "persona", personaId: scope.personaId, mode: "listener" },
-            (eventFrame) => send(eventFrame)
-          );
-        }
-        scope.activeSubSessionId = sessionFile.sessionId;
-        phase = "chat-active";
-        const persona = this.deps.registry.get(scope.personaId);
-        const infoFrame = {
-          type: "session:info",
-          sessionId: sessionFile.sessionId,
-          chatId,
-          label: persona?.label ?? "",
-          cwd: sessionFile.cwd
-        };
-        if (persona?.model) infoFrame.model = persona.model;
-        if (requestId) infoFrame.requestId = requestId;
-        send(infoFrame);
-        send({
-          type: "session:status",
-          sessionId: sessionFile.sessionId,
-          status: this.deps.sessionManager.getCurrentStatus(sessionFile.sessionId)
-        });
-        if (isNew) {
-          const createdBase = {
-            sessionId: sessionFile.sessionId,
-            chatId,
-            label: sessionFile.label,
-            createdAt: sessionFile.createdAt
-          };
-          this.fanoutTuple(
-            scope.tokenPrefix,
-            ChatCreatedFrameSchema.parse({ type: FRAME_TYPE_CHAT_CREATED, ...createdBase })
-          );
-          this.deps.ownerBroadcast(
-            PersonaListenerChatCreatedFrameSchema.parse({
-              type: FRAME_TYPE_PERSONA_LISTENER_CHAT_CREATED,
-              personaId: scope.personaId,
-              token: scope.token,
-              ...createdBase
-            })
-          );
-        }
-        return;
-      }
-      if (type === "chat:rename") {
-        const parsed = ChatRenameRequestSchema.safeParse(frame);
-        if (!parsed.success) {
-          sendError(requestId, "VALIDATION_ERROR", parsed.error.message);
-          return;
-        }
-        const { sessionId: targetId, label } = parsed.data;
-        if (!this.isInTuple(targetId, scope.tokenPrefix)) {
-          sendError(requestId, "FORBIDDEN", "sessionId out of (persona, token) scope");
-          return;
-        }
-        try {
-          this.deps.sessionManager.renameForScope({
-            sessionId: targetId,
-            scope: { kind: "persona", personaId: scope.personaId, mode: "listener" },
-            label
-          });
-        } catch (err) {
-          const e = err;
-          sendError(requestId, e.code ?? "INTERNAL", e.message ?? String(err));
-          return;
-        }
-        if (requestId) send({ type: FRAME_TYPE_CHAT_RENAME, requestId, ok: true });
-        this.fanoutTuple(
-          scope.tokenPrefix,
-          ChatRenamedFrameSchema.parse({ type: FRAME_TYPE_CHAT_RENAMED, sessionId: targetId, label })
-        );
-        this.deps.ownerBroadcast(
-          PersonaListenerChatRenamedFrameSchema.parse({
-            type: FRAME_TYPE_PERSONA_LISTENER_CHAT_RENAMED,
-            personaId: scope.personaId,
-            token: scope.token,
-            sessionId: targetId,
-            label
-          })
-        );
-        return;
-      }
-      if (type === "chat:delete") {
-        const parsed = ChatDeleteRequestSchema.safeParse(frame);
-        if (!parsed.success) {
-          sendError(requestId, "VALIDATION_ERROR", parsed.error.message);
-          return;
-        }
-        const { sessionId: targetId } = parsed.data;
-        if (!this.isInTuple(targetId, scope.tokenPrefix)) {
-          sendError(requestId, "FORBIDDEN", "sessionId out of (persona, token) scope");
-          return;
-        }
-        const before = this.deps.sessionManager.readForScope(targetId, {
-          kind: "persona",
-          personaId: scope.personaId,
-          mode: "listener"
-        });
-        const chatIdForFrame = before?.chatId ?? "unknown";
-        try {
-          this.deps.sessionManager.deleteForScope({
-            sessionId: targetId,
-            scope: { kind: "persona", personaId: scope.personaId, mode: "listener" }
-          });
-        } catch (err) {
-          const e = err;
-          sendError(requestId, e.code ?? "INTERNAL", e.message ?? String(err));
-          return;
-        }
-        if (requestId) send({ type: FRAME_TYPE_CHAT_DELETE, requestId, ok: true });
-        this.fanoutTuple(
-          scope.tokenPrefix,
-          ChatDeletedFrameSchema.parse({ type: FRAME_TYPE_CHAT_DELETED, sessionId: targetId })
-        );
-        this.deps.ownerBroadcast(
-          PersonaListenerChatDeletedFrameSchema.parse({
-            type: FRAME_TYPE_PERSONA_LISTENER_CHAT_DELETED,
-            personaId: scope.personaId,
-            token: scope.token,
-            sessionId: targetId,
-            chatId: chatIdForFrame
-          })
-        );
-        if (scope.activeSubSessionId === targetId) {
-          unsubscribeSession?.();
-          unsubscribeSession = null;
-          scope.activeSubSessionId = void 0;
-          phase = "tuple-watch";
-        }
-        return;
-      }
-      if (phase !== "chat-active" || !scope.activeSubSessionId) {
-        sendError(
-          requestId,
-          "METHOD_NOT_ALLOWED",
-          `${typeof type === "string" ? type : "unknown"} requires chat:open first`
-        );
-        return;
-      }
-      const requireScopedSession = () => {
-        if (frame.sessionId !== scope.activeSubSessionId) {
-          sendError(requestId, "FORBIDDEN", "sessionId out of scope");
-          return false;
-        }
-        return true;
-      };
-      const listenerScope = () => ({
-        kind: "persona",
-        personaId: scope.personaId,
-        mode: "listener"
-      });
-      switch (type) {
-        case "session:send": {
-          if (!requireScopedSession()) return;
-          const text = frame.text;
-          if (typeof text !== "string") {
-            sendError(requestId, "VALIDATION_ERROR", "text must be string");
-            return;
-          }
-          try {
-            this.deps.sessionManager.sendForScope({
-              sessionId: scope.activeSubSessionId,
-              scope: listenerScope(),
-              text
-            });
-            if (requestId) send({ type: "session:send", ok: true, requestId });
-          } catch (err) {
-            const e = err;
-            sendError(requestId, e.code ?? "INTERNAL", e.message ?? String(err));
-          }
-          return;
-        }
-        case "session:new": {
-          if (!requireScopedSession()) return;
-          try {
-            this.deps.sessionManager.resetForScope({
-              sessionId: scope.activeSubSessionId,
-              scope: listenerScope()
-            });
-            if (requestId)
-              send({ type: "session:info", sessionId: scope.activeSubSessionId, requestId });
-          } catch (err) {
-            const e = err;
-            sendError(requestId, e.code ?? "INTERNAL", e.message ?? String(err));
-          }
-          return;
-        }
-        case "history:read": {
-          if (!requireScopedSession()) return;
-          const limit = typeof frame.limit === "number" && frame.limit > 0 ? frame.limit : 50;
-          const offset = typeof frame.offset === "number" && frame.offset >= 0 ? frame.offset : 0;
-          try {
-            const page = this.deps.sessionManager.readHistoryPageForScope(
-              scope.activeSubSessionId,
-              listenerScope(),
-              limit,
-              offset
-            );
-            if (requestId) {
-              send({
-                type: "history:read",
-                requestId,
-                events: page.events,
-                offset,
-                total: page.total
-              });
-            }
-          } catch (err) {
-            const e = err;
-            sendError(requestId, e.code ?? "INTERNAL", e.message ?? String(err));
-          }
-          return;
-        }
-        default:
-          sendError(
-            requestId,
-            "METHOD_NOT_ALLOWED",
-            `${typeof type === "string" ? type : "unknown"} not allowed for listener`
-          );
-          return;
-      }
-    });
-    ws.on("close", () => {
-      unsubscribeSession?.();
-      unsubscribeSession = null;
-      cleanupTupleRegistration();
-    });
-  }
-  // ---- helpers ----
-  fanoutTuple(tokenPrefix, frame) {
-    const subs = this.tupleSubscribers.get(tokenPrefix);
-    if (!subs) return;
-    for (const fn of subs) {
-      try {
-        fn(frame);
-      } catch {
-      }
-    }
-  }
-  isInTuple(sessionId, tokenPrefix) {
-    return sessionId === tokenPrefix || sessionId.startsWith(`${tokenPrefix}-`);
-  }
-  listChatsForTuple(personaId, tokenPrefix) {
-    const all = this.deps.sessionManager.listPersonaSessions(personaId, "listener");
-    return all.filter((s) => s.sessionId === tokenPrefix || s.sessionId.startsWith(`${tokenPrefix}-`)).map((s) => ({
-      sessionId: s.sessionId,
-      chatId: s.chatId ?? "unknown",
-      label: s.label ?? "",
-      createdAt: s.createdAt
-    }));
-  }
-  // ---------------- owner-side helpers ----------------
-  /**
-   * owner-side bootstrap RPC：拉 (personaId, token) tuple 下所有 listener sub-session 元数据。
-   * 由 handlers/persona.ts persona:listListenerChatsForToken 调用。
-   */
-  listChatsForOwner(personaId, token) {
-    const tokenPrefix = this.deps.personaManager.tokenPrefixFor(personaId, token);
-    return this.listChatsForTuple(personaId, tokenPrefix);
-  }
-};
 // src/transport/auth.ts
 init_protocol();
 var AuthGate = class {
@@ -27505,14 +26847,24 @@ var AUTH_FILE_NAME = "auth.json";
 function authFilePath(dataDir) {
   return import_node_path22.default.join(dataDir, AUTH_FILE_NAME);
 }
-function loadOrCreateAuthToken(opts) {
+function loadOrCreateAuthFile(opts) {
   const file = authFilePath(opts.dataDir);
+  const generate = opts.generate ?? defaultGenerate;
+  const now = opts.now ?? (() => /* @__PURE__ */ new Date());
   const existing = readAuthFile(file);
-  if (existing && existing.token) return existing.token;
-  const token = (opts.generate ?? defaultGenerate)();
-  const now = (opts.now ?? (() => /* @__PURE__ */ new Date()))();
-  writeAuthFile(file, { token, createdAt: now.toISOString() });
-  return token;
+  if (existing && existing.token && existing.signSecret) {
+    return {
+      token: existing.token,
+      signSecret: existing.signSecret,
+      createdAt: existing.createdAt ?? (/* @__PURE__ */ new Date(0)).toISOString()
+    };
+  }
+  const token = existing?.token || generate();
+  const signSecret = existing?.signSecret || generate();
+  const createdAt = existing?.createdAt || now().toISOString();
+  const next = { token, signSecret, createdAt };
+  writeAuthFile(file, next);
+  return next;
 }
 function defaultGenerate() {
   return import_node_crypto8.default.randomBytes(32).toString("base64url");
@@ -27521,13 +26873,14 @@ function readAuthFile(file) {
   try {
     const raw = import_node_fs20.default.readFileSync(file, "utf8");
     const parsed = JSON.parse(raw);
-    if (typeof parsed?.token === "string" && parsed.token.length > 0) {
-      return {
-        token: parsed.token,
-        createdAt: typeof parsed.createdAt === "string" ? parsed.createdAt : (/* @__PURE__ */ new Date(0)).toISOString()
-      };
+    if (typeof parsed?.token !== "string" || parsed.token.length === 0) {
+      return null;
     }
-    return null;
+    return {
+      token: parsed.token,
+      signSecret: typeof parsed.signSecret === "string" && parsed.signSecret.length > 0 ? parsed.signSecret : void 0,
+      createdAt: typeof parsed.createdAt === "string" ? parsed.createdAt : void 0
+    };
   } catch (err) {
     const code = err?.code;
     if (code === "ENOENT") return null;
@@ -27957,21 +27310,9 @@ init_protocol();
 // src/workspace/git.ts
 var import_node_child_process6 = require("child_process");
 var import_node_fs23 = __toESM(require("fs"), 1);
-var import_node_os13 = __toESM(require("os"), 1);
 var import_node_path25 = __toESM(require("path"), 1);
 var import_node_util = require("util");
 var pexec = (0, import_node_util.promisify)(import_node_child_process6.execFile);
-function formatChildProcessError(err) {
-  const e = err;
-  const stderrLine = (e.stderr ?? "").split("\n").map((s) => s.trim()).find((s) => s.length > 0);
-  if (stderrLine) return stderrLine;
-  const parts = [];
-  if (e.killed) parts.push("killed");
-  if (e.signal) parts.push(`signal=${e.signal}`);
-  if (e.code !== void 0 && e.code !== null) parts.push(`code=${e.code}`);
-  if (parts.length > 0) return parts.join(" ");
-  return e.message ?? "unknown error";
-}
 function normalizePath(p2) {
   const resolved = import_node_path25.default.resolve(p2);
   try {
@@ -28044,160 +27385,6 @@ async function listGitBranches(cwd) {
     return { branches: [], head: null };
   }
 }
-var LABEL_WHITELIST = /^[a-zA-Z0-9 _-]+$/;
-var MAX_SANITIZED_LABEL_LEN = 40;
-function sanitizeLabel(raw) {
-  if (typeof raw !== "string") return { sanitized: null, reason: "empty" };
-  if (raw.length === 0) return { sanitized: null, reason: "empty" };
-  if (!LABEL_WHITELIST.test(raw)) return { sanitized: null, reason: "invalid-chars" };
-  let s = raw.toLowerCase();
-  s = s.replace(/\s+/g, "-");
-  s = s.replace(/-+/g, "-");
-  s = s.replace(/^[-_]+|[-_]+$/g, "");
-  s = s.slice(0, MAX_SANITIZED_LABEL_LEN);
-  s = s.replace(/^[-_]+|[-_]+$/g, "");
-  if (!s) return { sanitized: null, reason: "empty" };
-  return { sanitized: s, reason: null };
-}
-function computePrefix() {
-  let username;
-  try {
-    username = import_node_os13.default.userInfo().username;
-  } catch {
-    username = void 0;
-  }
-  const { sanitized } = sanitizeLabel(username);
-  if (sanitized) return sanitized;
-  const rand = Math.floor(1e3 + Math.random() * 9e3).toString();
-  return `user-${rand}`;
-}
-function flattenToDirName(branch) {
-  return branch.replace(/\//g, "-");
-}
-function encodeClaudeProjectDir(absPath) {
-  if (!absPath || typeof absPath !== "string") return "";
-  let canonical = import_node_path25.default.resolve(absPath);
-  try {
-    canonical = import_node_fs23.default.realpathSync(canonical);
-  } catch {
-    try {
-      const parent = import_node_fs23.default.realpathSync(import_node_path25.default.dirname(canonical));
-      canonical = import_node_path25.default.join(parent, import_node_path25.default.basename(canonical));
-    } catch {
-    }
-  }
-  return canonical.replace(/[/.]/g, "-");
-}
-async function createWorktree(input) {
-  const { cwd, baseBranch, label } = input;
-  if (!cwd || typeof cwd !== "string") throw new Error("cwd \u4E0D\u80FD\u4E3A\u7A7A");
-  if (!baseBranch || typeof baseBranch !== "string") throw new Error("baseBranch \u4E0D\u80FD\u4E3A\u7A7A");
-  const labelResult = sanitizeLabel(label);
-  if (labelResult.reason === "invalid-chars") {
-    throw new Error("label \u4E0D\u80FD\u542B\u4E2D\u6587\u6216\u7279\u6B8A\u5B57\u7B26\uFF0C\u53EA\u5141\u8BB8\u82F1\u6587\u5B57\u6BCD\u3001\u6570\u5B57\u3001\u7A7A\u683C\u3001\u8FDE\u5B57\u7B26\u3001\u4E0B\u5212\u7EBF");
-  }
-  if (labelResult.reason === "empty" || !labelResult.sanitized) {
-    throw new Error("label \u5FC5\u987B\u5305\u542B\u81F3\u5C11\u4E00\u4E2A\u82F1\u6587\u5B57\u6BCD\u6216\u6570\u5B57");
-  }
-  const prefix = computePrefix();
-  const branch = `${prefix}/${labelResult.sanitized}`;
-  const dirName = flattenToDirName(branch);
-  const { isGitRoot } = await getGitRoot(cwd);
-  if (!isGitRoot) {
-    throw new Error(`\u76EE\u5F55 ${cwd} \u4E0D\u662F git repo \u6839`);
-  }
-  const parent = import_node_path25.default.dirname(import_node_path25.default.resolve(cwd));
-  if (parent === "/" || parent === import_node_path25.default.resolve(cwd)) {
-    throw new Error("repo \u5728\u78C1\u76D8\u6839\u76EE\u5F55\uFF0C\u65E0\u6CD5\u5728\u540C\u7EA7\u521B\u5EFA worktree");
-  }
-  const worktreeRoot = import_node_path25.default.join(parent, dirName);
-  try {
-    await pexec("git", ["-C", cwd, "fetch", "origin", baseBranch, "--no-tags"], {
-      timeout: 3e4
-    });
-  } catch (err) {
-    throw new Error(
-      `\u57FA\u51C6\u5206\u652F ${baseBranch} \u4E0D\u5B58\u5728\u6216 fetch \u8FDC\u7AEF\u5931\u8D25\uFF1A${formatChildProcessError(err)}`
-    );
-  }
-  try {
-    await pexec("git", ["-C", cwd, "rev-parse", "--verify", `refs/heads/${branch}`], {
-      timeout: 3e3
-    });
-    throw new Error(`\u5206\u652F ${branch} \u5DF2\u5B58\u5728\uFF0C\u8BF7\u6362\u4E00\u4E2A label`);
-  } catch (err) {
-    const msg = err.message;
-    if (msg.startsWith("\u5206\u652F ")) throw err;
-  }
-  if (import_node_fs23.default.existsSync(worktreeRoot)) {
-    throw new Error(`\u76EE\u5F55 ${worktreeRoot} \u5DF2\u5B58\u5728\uFF0C\u8BF7\u6362\u4E00\u4E2A label \u6216\u6E05\u7406\u540E\u91CD\u8BD5`);
-  }
-  try {
-    await pexec(
-      "git",
-      ["-C", cwd, "worktree", "add", worktreeRoot, "-b", branch, `origin/${baseBranch}`],
-      { timeout: 15e3 }
-    );
-  } catch (err) {
-    throw new Error(`\u521B\u5EFA worktree \u5931\u8D25\uFF1A${formatChildProcessError(err)}`);
-  }
-  return { worktreeRoot, branch, baseBranch };
-}
-async function removeWorktree(input) {
-  const { worktreeRoot, worktreeBranch } = input;
-  if (!worktreeRoot || !worktreeBranch) {
-    throw new Error("worktreeRoot \u548C worktreeBranch \u90FD\u4E0D\u80FD\u4E3A\u7A7A");
-  }
-  let repoRoot = null;
-  try {
-    const { stdout } = await pexec(
-      "git",
-      ["-C", worktreeRoot, "rev-parse", "--git-common-dir"],
-      { timeout: 3e3 }
-    );
-    const gitCommonDir = stdout.trim();
-    if (!gitCommonDir) throw new Error("empty git-common-dir");
-    const absGitCommon = import_node_path25.default.isAbsolute(gitCommonDir) ? gitCommonDir : import_node_path25.default.resolve(worktreeRoot, gitCommonDir);
-    repoRoot = import_node_path25.default.dirname(absGitCommon);
-  } catch {
-    repoRoot = null;
-  }
-  if (repoRoot) {
-    try {
-      await pexec("git", ["-C", repoRoot, "worktree", "remove", worktreeRoot, "--force"], {
-        timeout: 1e4
-      });
-    } catch (err) {
-      const stderr = err.stderr ?? "";
-      const lower = stderr.toLowerCase();
-      const vanished = lower.includes("not a working tree") || lower.includes("is not a working tree") || !import_node_fs23.default.existsSync(worktreeRoot);
-      if (!vanished) {
-        throw new Error(`\u6E05\u7406 worktree \u5931\u8D25\uFF1A${formatChildProcessError(err)}`);
-      }
-    }
-    try {
-      await pexec("git", ["-C", repoRoot, "branch", "-D", worktreeBranch], { timeout: 5e3 });
-    } catch (err) {
-      const stderr = err.stderr ?? "";
-      const lower = stderr.toLowerCase();
-      const vanished = lower.includes("not found") || lower.includes("no such");
-      if (!vanished) {
-        throw new Error(`\u6E05\u7406\u5206\u652F\u5931\u8D25\uFF1A${formatChildProcessError(err)}`);
-      }
-    }
-  }
-  try {
-    const encoded = encodeClaudeProjectDir(worktreeRoot);
-    if (encoded) {
-      const projectsRoot = import_node_path25.default.join(import_node_os13.default.homedir(), ".claude", "projects");
-      const target = import_node_path25.default.resolve(projectsRoot, encoded);
-      if (target.startsWith(projectsRoot + import_node_path25.default.sep) && target !== projectsRoot) {
-        import_node_fs23.default.rmSync(target, { recursive: true, force: true });
-      }
-    }
-  } catch {
-  }
-}
 // src/handlers/git.ts
 function buildGitHandlers() {
@@ -28216,36 +27403,10 @@ function buildGitHandlers() {
     const res = await listGitBranches(args.cwd);
     return { response: { type: "git:branches", ...res } };
   };
-  const worktreePrefix = async () => {
-    return {
-      response: { type: "git:worktree:prefix", prefix: computePrefix() }
-    };
-  };
-  const worktreeCreate = async (frame) => {
-    const args = GitWorktreeCreateArgs.parse(frame);
-    try {
-      const res = await createWorktree(args);
-      return { response: { type: "git:worktree:create", ...res } };
-    } catch (err) {
-      throw new ClawdError(ERROR_CODES.INTERNAL, err.message);
-    }
-  };
-  const worktreeRemove = async (frame) => {
-    const args = GitWorktreeRemoveArgs.parse(frame);
-    try {
-      await removeWorktree(args);
-      return { response: { type: "git:worktree:remove", ok: true } };
-    } catch (err) {
-      throw new ClawdError(ERROR_CODES.INTERNAL, err.message);
-    }
-  };
   return {
     "git:root": root,
     "git:branch": branch,
-    "git:branches": branches,
-    "git:worktree:prefix": worktreePrefix,
-    "git:worktree:create": worktreeCreate,
-    "git:worktree:remove": worktreeRemove
+    "git:branches": branches
   };
 }
@@ -28264,7 +27425,7 @@ function buildCapabilitiesHandlers(deps) {
 }
 // src/handlers/meta.ts
-var import_node_os14 = __toESM(require("os"), 1);
+var import_node_os13 = __toESM(require("os"), 1);
 init_protocol();
 // src/version.ts
@@ -28294,7 +27455,7 @@ function buildReadyFrame(deps, client) {
   return {
     version,
     protocolVersion: PROTOCOL_VERSION,
-    hostname: import_node_os14.default.hostname(),
+    hostname: import_node_os13.default.hostname(),
     os: process.platform,
     tools,
     runningSessions: info.runningSessions,
@@ -28319,7 +27480,7 @@ function buildMetaHandlers(deps) {
 // src/handlers/persona.ts
 init_protocol();
 function buildPersonaHandlers(deps) {
-  const { personaManager, personaRegistry, sessionManager, personaBoundHandler } = deps;
+  const { personaManager, personaRegistry } = deps;
   const create = async (frame) => {
     const { type: _type, requestId: _requestId, ...rest } = frame;
     const args = PersonaCreateArgsSchema.parse(rest);
@@ -28376,27 +27537,6 @@ function buildPersonaHandlers(deps) {
     const persona = personaManager.revokeToken(args.personaId, args.token);
     return { response: { type: "persona:info", ...persona } };
   };
-  const listSubSessions = async (frame) => {
-    const args = PersonaIdArgsSchema.parse(frame);
-    const sessions = sessionManager.listPersonaSessions(args.personaId, "listener");
-    return {
-      response: { type: "persona:subSessions", sessions }
-    };
-  };
-  const appendOwnerMessage = async (frame) => {
-    const args = PersonaAppendOwnerMessageArgsSchema.parse(frame);
-    personaManager.appendOwnerMessage(args.personaId, args.subSessionId, args.text);
-    return {
-      response: { type: "persona:appendOwnerMessage", ok: true }
-    };
-  };
-  const listListenerChatsForToken = async (frame) => {
-    const args = PersonaListListenerChatsForTokenArgsSchema.parse(frame);
-    const chats = personaBoundHandler.listChatsForOwner(args.personaId, args.token);
-    return {
-      response: { type: "persona:listListenerChatsForToken", chats }
-    };
-  };
   return {
     "persona:create": create,
     "persona:list": list,
@@ -28404,14 +27544,12 @@ function buildPersonaHandlers(deps) {
     "persona:update": update,
     "persona:delete": del,
     "persona:issueToken": issueToken,
-    "persona:revokeToken": revokeToken,
-    "persona:listSubSessions": listSubSessions,
-    "persona:listListenerChatsForToken": listListenerChatsForToken,
-    "persona:appendOwnerMessage": appendOwnerMessage
+    "persona:revokeToken": revokeToken
   };
 }
 // src/handlers/attachment.ts
+var import_node_path26 = __toESM(require("path"), 1);
 init_protocol();
 init_protocol();
 var DEFAULT_TTL_SECONDS = 24 * 3600;
@@ -28436,8 +27574,51 @@ function buildAttachmentHandlers(deps) {
         "httpBaseUrl unavailable (daemon HTTP not ready)"
       );
     }
+    if (!deps.sessionStore || !deps.getSessionScope || !deps.groupFileStore) {
+      throw new ClawdError(
+        ERROR_CODES.METHOD_NOT_IMPLEMENTED,
+        "signUrl requires session/group stores"
+      );
+    }
+    const sessionFile = deps.sessionStore.read(args.sessionId);
+    if (!sessionFile) {
+      throw new ClawdError(
+        ERROR_CODES.VALIDATION_ERROR,
+        `session ${args.sessionId} not found`
+      );
+    }
+    const scope = deps.getSessionScope(args.sessionId);
+    if (!scope) {
+      throw new ClawdError(
+        ERROR_CODES.VALIDATION_ERROR,
+        `session ${args.sessionId} scope unresolved`
+      );
+    }
+    const cwdAbs = import_node_path26.default.resolve(sessionFile.cwd);
+    const candidateAbs = import_node_path26.default.isAbsolute(args.relPath) ? import_node_path26.default.resolve(args.relPath) : import_node_path26.default.resolve(cwdAbs, args.relPath);
+    if (!isContainedIn2(candidateAbs, cwdAbs)) {
+      throw new ClawdError(
+        ERROR_CODES.VALIDATION_ERROR,
+        "relPath escapes session cwd"
+      );
+    }
+    const relPath = import_node_path26.default.relative(cwdAbs, candidateAbs);
+    if (relPath === "" || relPath.startsWith("..")) {
+      throw new ClawdError(
+        ERROR_CODES.VALIDATION_ERROR,
+        "relPath escapes session cwd"
+      );
+    }
+    const entries = deps.groupFileStore.list(scope, args.sessionId);
+    const entry = entries.find((e) => e.relPath === relPath && !e.stale);
+    if (!entry) {
+      throw new ClawdError(
+        ERROR_CODES.VALIDATION_ERROR,
+        `relPath not in session group files or stale: ${relPath}`
+      );
+    }
     const ttl = args.ttlSeconds === null ? null : args.ttlSeconds ?? DEFAULT_TTL_SECONDS;
-    const parts = signUrlParts(secret, args.absPath, ttl);
+    const parts = signUrlParts(secret, candidateAbs, ttl);
     const url = buildSignedFileUrl(httpBaseUrl, parts);
     return {
       response: {
@@ -28523,6 +27704,12 @@ function buildAttachmentHandlers(deps) {
     "attachment.groupListPersona": groupListPersona
   };
 }
+function isContainedIn2(abs, root) {
+  const normalized = import_node_path26.default.resolve(abs);
+  const normalizedRoot = import_node_path26.default.resolve(root);
+  if (normalized === normalizedRoot) return true;
+  return normalized.startsWith(normalizedRoot + import_node_path26.default.sep);
+}
 // src/handlers/index.ts
 function buildMethodHandlers(deps) {
@@ -28536,9 +27723,7 @@ function buildMethodHandlers(deps) {
     ...buildMetaHandlers(deps),
     ...buildPersonaHandlers({
       personaManager: deps.personaManager,
-      personaRegistry: deps.personaRegistry,
-      sessionManager: deps.manager,
-      personaBoundHandler: deps.personaBoundHandler
+      personaRegistry: deps.personaRegistry
     }),
     ...deps.attachment ? buildAttachmentHandlers(deps.attachment) : {}
   };
@@ -28548,7 +27733,7 @@ function buildMethodHandlers(deps) {
 async function startDaemon(config) {
   const logger = createLogger({
     level: config.logLevel,
-    file: import_node_path26.default.join(config.dataDir, "clawd.log")
+    file: import_node_path27.default.join(config.dataDir, "clawd.log")
   });
   logger.info("starting clawd", { version, config: { port: config.port, host: config.host, dataDir: config.dataDir } });
   const stateMgr = new StateFileManager({ dataDir: config.dataDir });
@@ -28560,10 +27745,12 @@ async function startDaemon(config) {
     logger.warn("stale state file detected, overwriting", { pid: pre.existing.pid });
   }
   let resolvedAuthToken = null;
+  let authFile = null;
   if (config.authToken && config.authToken.trim()) {
     resolvedAuthToken = config.authToken.trim();
   } else if (config.tunnel) {
-    resolvedAuthToken = loadOrCreateAuthToken({ dataDir: config.dataDir });
+    authFile = loadOrCreateAuthFile({ dataDir: config.dataDir });
+    resolvedAuthToken = authFile.token;
   }
   const authMode = resolvedAuthToken == null ? "none" : "first-message";
   let wsServer = null;
@@ -28580,7 +27767,7 @@ async function startDaemon(config) {
   const agents = new AgentsScanner();
   const history = new ClaudeHistoryReader();
   let transport = null;
-  const personaStore = new PersonaStore(import_node_path26.default.join(config.dataDir, "personas"));
+  const personaStore = new PersonaStore(import_node_path27.default.join(config.dataDir, "personas"));
   const defaultsRoot = findDefaultsRoot();
   if (defaultsRoot) {
     seedDefaultPersonas({ store: personaStore, defaultsRoot, logger });
@@ -28595,7 +27782,7 @@ async function startDaemon(config) {
     getAdapter,
     historyReader: history,
     dataDir: config.dataDir,
-    personaRoot: import_node_path26.default.join(config.dataDir, "personas"),
+    personaRoot: import_node_path27.default.join(config.dataDir, "personas"),
     personaStore,
     ownerDisplayName,
     mode: config.mode,
@@ -28618,7 +27805,7 @@ async function startDaemon(config) {
     // 文件可能 agent 写完又被自己删（罕见），用 size=0 / fallback mime 兜底。
     attachmentGroup: {
       onFileEdit: (input) => {
-        const absPath = import_node_path26.default.isAbsolute(input.relPath) ? input.relPath : import_node_path26.default.join(input.cwd, input.relPath);
+        const absPath = import_node_path27.default.isAbsolute(input.relPath) ? input.relPath : import_node_path27.default.join(input.cwd, input.relPath);
         let size = 0;
         try {
           size = import_node_fs24.default.statSync(absPath).size;
@@ -28695,16 +27882,6 @@ async function startDaemon(config) {
     }
     return `http://${config.host}:${config.port}`;
   };
-  const personaBoundHandler = new PersonaBoundHandler({
-    registry: personaRegistry,
-    personaManager,
-    personaStore,
-    sessionManager: manager,
-    logger,
-    ownerBroadcast: (frame) => {
-      transport?.broadcastAll(frame);
-    }
-  });
   const handlers = buildMethodHandlers({
     manager,
     workspace,
@@ -28716,7 +27893,6 @@ async function startDaemon(config) {
     store,
     personaManager,
     personaRegistry,
-    personaBoundHandler,
     getTunnelUrl: () => currentTunnelUrl,
     // ready / info 帧的 mode = daemon CC spawn 模式（'sdk' | 'tui'）。UI 据此挂 XtermPanel +
     // 订阅 session:pty / session:control；业务帧名两种 mode 完全一致，UI 业务订阅代码不变
@@ -28730,11 +27906,12 @@ async function startDaemon(config) {
     // 根据 sessionId 反查 scope 写盘。
     attachment: {
       groupFileStore,
+      sessionStore: store,
       getHttpBaseUrl,
-      // HMAC sign secret：复用 ~/.clawd/auth.json owner token（持久跨重启）。
-      // noAuth 模式 resolvedAuthToken 为 null → handler 自己返 NOT_IMPLEMENTED。
-      getSignSecret: () => resolvedAuthToken ?? "",
-      // group RPC：根据 sessionId 反查 scope；owner-mode persona session 走
+      // HMAC sign secret：~/.clawd/auth.json signSecret 字段（与 WS Bearer token 独立）。
+      // --auth-token CLI 模式 / noAuth 模式 authFile 为 null → handler 自己返 NOT_IMPLEMENTED。
+      getSignSecret: () => authFile?.signSecret ?? "",
+      // group RPC + sign 都用：根据 sessionId 反查 scope；owner-mode persona session 走
       // 'persona/<pid>/owner'，default 走 'default'。
       getSessionScope: (sessionId) => {
         const file = store.read(sessionId);
@@ -28757,8 +27934,9 @@ async function startDaemon(config) {
     personaStore,
     groupFileStore,
     sessionStore: store,
-    // /files HMAC verify 用同一份 owner token 做 secret（与 attachment.signUrl 同源）
-    getSignSecret: () => resolvedAuthToken ?? null
+    // /files HMAC verify 用 auth.json 的 signSecret 字段（与 attachment.signUrl 同源）。
+    // --auth-token CLI 模式没 signSecret → 路由返 501，sign URL 功能整体禁用。
+    getSignSecret: () => authFile?.signSecret ?? null
   });
   wsServer = new LocalWsServer({
     host: config.host,
@@ -28779,7 +27957,6 @@ async function startDaemon(config) {
     ),
     protocolVersion: PROTOCOL_VERSION,
     authGate: authGate ?? void 0,
-    personaBoundHandler,
     // file-sharing HTTP 路由复用 daemon 同端口（spec §5 第 3 条）；router 自己处理 auth + 404
     httpRequestHandler: httpRouter,
     // 订阅成功后给该 client 重放 in-flight pendingQuestions（plan: clawd-question-server-truth）。
@@ -28897,8 +28074,8 @@ async function startDaemon(config) {
       const lines = [
         `Tunnel:      ${r.url}`,
         ...resolvedAuthToken ? [`Connect:     ${connectUrl}`] : [],
-        `Frpc config: ${import_node_path26.default.join(config.dataDir, "frpc.toml")}`,
-        `Frpc log:    ${import_node_path26.default.join(config.dataDir, "frpc.log")}`
+        `Frpc config: ${import_node_path27.default.join(config.dataDir, "frpc.toml")}`,
+        `Frpc log:    ${import_node_path27.default.join(config.dataDir, "frpc.log")}`
       ];
       const width = Math.max(...lines.map((l) => l.length));
       const bar = "\u2550".repeat(width + 4);
@@ -28911,7 +28088,7 @@ ${bar}
 `);
       try {
-        const connectPath = import_node_path26.default.join(config.dataDir, "connect.txt");
+        const connectPath = import_node_path27.default.join(config.dataDir, "connect.txt");
         import_node_fs24.default.writeFileSync(connectPath, lines.join("\n") + "\n", { mode: 384 });
       } catch {
       }