npm - @clawos-dev/clawd - Versions diffs - 0.2.70-beta.122.93375b1 → 0.2.71-beta.123.6a5ed6f - Mend

@clawos-dev/clawd 0.2.70-beta.122.93375b1 → 0.2.71-beta.123.6a5ed6f

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/cli.cjs +667 -202
package/package.json +1 -1

package/dist/cli.cjs CHANGED Viewed

@@ -114,6 +114,13 @@ var init_methods = __esm({
       "attachment.groupList",
       // v2：跨 session 聚合（本期 UI 不调，保留槽位用于 HTTP ACL 内部判定 / 未来 "All files" tab）
       "attachment.groupListPersona",
+      // ---- capability:* (capability platform 鉴权底座) ----
+      // owner 颁发 / 列出 / 撤销给 guest 的 capability。三者均需 admin 权限（METHOD_GRANT_MAP
+      // 在 daemon 端固定为 `{ resource: '*', action: 'admin' }`，owner 自动满足）。
+      // 颁发后 daemon 推 'capability:tokenIssued' 帧；撤销推 'capability:revoked' 帧。
+      "capability:issue",
+      "capability:list",
+      "capability:revoke",
       "info",
       "ping"
     ];
@@ -4331,11 +4338,9 @@ var init_attachment_schemas = __esm({
       stale: external_exports.boolean().optional()
     });
     AttachmentSignUrlArgs = external_exports.object({
-      /** 群文件所属的 session */
-      sessionId: external_exports.string().min(1),
-      /** 相对 session.cwd 的路径；允许传绝对路径，daemon 端会归一化（必须在 cwd 内） */
-      relPath: external_exports.string().min(1),
-      /** TTL 秒数；缺省 24h；null 走永久 URL（不带 exp 字段） */
+      /** 要分享的绝对路径；签名只关心 absPath，不区分 persona/session */
+      absPath: external_exports.string().min(1),
+      /** TTL 秒数；缺省 24h；'never' 走 null 不带 exp 字段（永久有效） */
       ttlSeconds: external_exports.number().int().positive().nullable().optional()
     });
     AttachmentSignUrlResponseSchema = external_exports.object({
@@ -4470,7 +4475,7 @@ var init_persona_schemas = __esm({
 });
 // ../protocol/src/schemas.ts
-var SessionStatusSchema, UsageSchema, ContextUsageSchema, sessionMetaShape, SessionMetaSchema, ModelInfoSchema, ModeInfoSchema, ConfigFieldSchemaSchema, CapabilitiesGetArgs, CapabilitiesResponseSchema, AllowRuleSchema, SessionFileSchema, ParsedEventBase, HistoryUserMetaSchema, SubagentToolStatsSchema, StructuredPatchHunkSchema, ToolResultExtraSchema, MemoryEntrySchema, AskQuestionOptionSchema, AskQuestionItemSchema, ParsedEventSchema, SessionCreateArgs, SessionIdArgs, SessionUpdateArgs, SessionSendArgs, SessionRewindArgs, SessionRewindResponseSchema, SessionRewindDiffArgs, RewindDiffHunkSchema, RewindDiffFileSchema, SessionRewindDiffResponseSchema, SessionRewindableMessageIdsArgs, SessionRewindableMessageIdsResponseSchema, SessionResumeArgs, SessionForkArgs, SessionForkResponseSchema, SessionObserveArgs, SessionEventsArgs, PermissionRespondArgs, HistoryListArgs, HistoryReadArgs, HistorySubagentsArgs, HistorySubagentReadArgs, WorkspaceListArgs, WorkspaceReadArgs, SkillsListArgs, SkillEntrySchema, AgentEntrySchema, AgentsListArgs, AgentsListResponseSchema, SessionSubscribeArgs, SessionPinArgs, SessionReorderPinsArgs, GitRootArgs, GitRootResponseSchema, GitBranchArgs, GitBranchResponseSchema, GitBranchesArgs, GitBranchesResponseSchema, HistoryRecentDirsArgs, RecentDirEntrySchema, HistoryRecentDirsResponseSchema, SessionQuestionFrameSchema, SessionQuestionClearedFrameSchema, AnswerQuestionArgs, AnswerQuestionResponseSchema, CancelQuestionArgs, CancelQuestionResponseSchema, AuthRequestFrameSchema, AuthOkFrameSchema, TunnelExitedEventSchema, TunnelUnavailableEventSchema, InfoRunningSessionSchema, InfoResponseSchema;
+var SessionStatusSchema, UsageSchema, ContextUsageSchema, sessionMetaShape, SessionMetaSchema, ModelInfoSchema, ModeInfoSchema, ConfigFieldSchemaSchema, CapabilitiesGetArgs, CapabilitiesResponseSchema, AllowRuleSchema, SessionFileSchema, ParsedEventBase, HistoryUserMetaSchema, SubagentToolStatsSchema, StructuredPatchHunkSchema, ToolResultExtraSchema, MemoryEntrySchema, AskQuestionOptionSchema, AskQuestionItemSchema, ParsedEventSchema, SessionCreateArgs, SessionIdArgs, SessionUpdateArgs, SessionSendArgs, SessionRewindArgs, SessionRewindResponseSchema, SessionRewindDiffArgs, RewindDiffHunkSchema, RewindDiffFileSchema, SessionRewindDiffResponseSchema, SessionRewindableMessageIdsArgs, SessionRewindableMessageIdsResponseSchema, SessionResumeArgs, SessionForkArgs, SessionForkResponseSchema, SessionObserveArgs, SessionEventsArgs, PermissionRespondArgs, HistoryListArgs, HistoryReadArgs, HistorySubagentsArgs, HistorySubagentReadArgs, WorkspaceListArgs, WorkspaceReadArgs, SkillsListArgs, SkillEntrySchema, AgentEntrySchema, AgentsListArgs, AgentsListResponseSchema, SessionSubscribeArgs, SessionPinArgs, SessionReorderPinsArgs, GitRootArgs, GitRootResponseSchema, GitBranchArgs, GitBranchResponseSchema, GitBranchesArgs, GitBranchesResponseSchema, HistoryRecentDirsArgs, RecentDirEntrySchema, HistoryRecentDirsResponseSchema, SessionQuestionFrameSchema, SessionQuestionClearedFrameSchema, AnswerQuestionArgs, AnswerQuestionResponseSchema, CancelQuestionArgs, CancelQuestionResponseSchema, AuthRequestFrameSchema, AuthOkFrameSchema, TunnelExitedEventSchema, InfoRunningSessionSchema, InfoResponseSchema;
 var init_schemas = __esm({
   "../protocol/src/schemas.ts"() {
     "use strict";
@@ -4994,11 +4999,6 @@ var init_schemas = __esm({
       subdomain: external_exports.string().nullable(),
       url: external_exports.string().nullable()
     });
-    TunnelUnavailableEventSchema = external_exports.object({
-      type: external_exports.literal("tunnel:unavailable"),
-      reason: external_exports.string().min(1),
-      failedAt: external_exports.string().min(1)
-    });
     InfoRunningSessionSchema = external_exports.object({
       sessionId: external_exports.string().min(1),
       status: SessionStatusSchema,
@@ -5049,6 +5049,69 @@ var init_persona_mode = __esm({
   }
 });
+// ../protocol/src/principal.ts
+var PrincipalKindSchema, PrincipalSchema, OWNER_PRINCIPAL;
+var init_principal = __esm({
+  "../protocol/src/principal.ts"() {
+    "use strict";
+    init_zod();
+    PrincipalKindSchema = external_exports.enum(["owner", "guest"]);
+    PrincipalSchema = external_exports.object({
+      id: external_exports.string().min(1),
+      kind: PrincipalKindSchema,
+      displayName: external_exports.string()
+    }).strict();
+    OWNER_PRINCIPAL = {
+      id: "owner",
+      kind: "owner",
+      displayName: "owner"
+    };
+  }
+});
+// ../protocol/src/capability.ts
+function stripSecretHash(cap) {
+  const { secretHash: _hash, ...wire } = cap;
+  return wire;
+}
+var ResourceSchema, ActionSchema, GrantSchema, CapabilitySchema, CapabilityWireSchema, CapabilityErrorCodeSchema;
+var init_capability = __esm({
+  "../protocol/src/capability.ts"() {
+    "use strict";
+    init_zod();
+    ResourceSchema = external_exports.discriminatedUnion("type", [
+      external_exports.object({ type: external_exports.literal("persona"), id: external_exports.string().min(1) }).strict(),
+      external_exports.object({ type: external_exports.literal("chat"), id: external_exports.string().min(1) }).strict(),
+      external_exports.object({ type: external_exports.literal("*") }).strict()
+    ]);
+    ActionSchema = external_exports.enum(["read", "send", "admin"]);
+    GrantSchema = external_exports.object({
+      resource: ResourceSchema,
+      actions: external_exports.array(ActionSchema).min(1)
+    }).strict();
+    CapabilitySchema = external_exports.object({
+      id: external_exports.string().min(1),
+      // sha256(token) hex 64
+      secretHash: external_exports.string().regex(/^[a-f0-9]{64}$/),
+      displayName: external_exports.string(),
+      // 空数组合法 = 纯访客（只能 DM）
+      grants: external_exports.array(GrantSchema),
+      issuedAt: external_exports.number().int().nonnegative(),
+      expiresAt: external_exports.number().int().positive().optional(),
+      maxUses: external_exports.number().int().positive().optional(),
+      usedCount: external_exports.number().int().nonnegative(),
+      revokedAt: external_exports.number().int().positive().optional()
+    }).strict();
+    CapabilityWireSchema = CapabilitySchema.omit({ secretHash: true });
+    CapabilityErrorCodeSchema = external_exports.enum([
+      "TOKEN_INVALID",
+      "TOKEN_REVOKED",
+      "TOKEN_EXPIRED",
+      "TOKEN_EXHAUSTED"
+    ]);
+  }
+});
 // ../protocol/src/runtime.ts
 var init_runtime = __esm({
   "../protocol/src/runtime.ts"() {
@@ -5061,6 +5124,8 @@ var init_runtime = __esm({
     init_persona_schemas();
     init_persona_mode();
     init_attachment_schemas();
+    init_principal();
+    init_capability();
   }
 });
@@ -6247,7 +6312,7 @@ var require_atomic_sleep = __commonJS({
 var require_sonic_boom = __commonJS({
   "../node_modules/.pnpm/sonic-boom@4.2.1/node_modules/sonic-boom/index.js"(exports2, module2) {
     "use strict";
-    var fs28 = require("fs");
+    var fs29 = require("fs");
     var EventEmitter2 = require("events");
     var inherits = require("util").inherits;
     var path32 = require("path");
@@ -6304,20 +6369,20 @@ var require_sonic_boom = __commonJS({
       const mode = sonic.mode;
       if (sonic.sync) {
         try {
-          if (sonic.mkdir) fs28.mkdirSync(path32.dirname(file), { recursive: true });
-          const fd = fs28.openSync(file, flags, mode);
+          if (sonic.mkdir) fs29.mkdirSync(path32.dirname(file), { recursive: true });
+          const fd = fs29.openSync(file, flags, mode);
           fileOpened(null, fd);
         } catch (err) {
           fileOpened(err);
           throw err;
         }
       } else if (sonic.mkdir) {
-        fs28.mkdir(path32.dirname(file), { recursive: true }, (err) => {
+        fs29.mkdir(path32.dirname(file), { recursive: true }, (err) => {
           if (err) return fileOpened(err);
-          fs28.open(file, flags, mode, fileOpened);
+          fs29.open(file, flags, mode, fileOpened);
         });
       } else {
-        fs28.open(file, flags, mode, fileOpened);
+        fs29.open(file, flags, mode, fileOpened);
       }
     }
     function SonicBoom(opts) {
@@ -6358,8 +6423,8 @@ var require_sonic_boom = __commonJS({
         this.flush = flushBuffer;
         this.flushSync = flushBufferSync;
         this._actualWrite = actualWriteBuffer;
-        fsWriteSync = () => fs28.writeSync(this.fd, this._writingBuf);
-        fsWrite = () => fs28.write(this.fd, this._writingBuf, this.release);
+        fsWriteSync = () => fs29.writeSync(this.fd, this._writingBuf);
+        fsWrite = () => fs29.write(this.fd, this._writingBuf, this.release);
       } else if (contentMode === void 0 || contentMode === kContentModeUtf8) {
         this._writingBuf = "";
         this.write = write;
@@ -6368,15 +6433,15 @@ var require_sonic_boom = __commonJS({
         this._actualWrite = actualWrite;
         fsWriteSync = () => {
           if (Buffer.isBuffer(this._writingBuf)) {
-            return fs28.writeSync(this.fd, this._writingBuf);
+            return fs29.writeSync(this.fd, this._writingBuf);
           }
-          return fs28.writeSync(this.fd, this._writingBuf, "utf8");
+          return fs29.writeSync(this.fd, this._writingBuf, "utf8");
         };
         fsWrite = () => {
           if (Buffer.isBuffer(this._writingBuf)) {
-            return fs28.write(this.fd, this._writingBuf, this.release);
+            return fs29.write(this.fd, this._writingBuf, this.release);
           }
-          return fs28.write(this.fd, this._writingBuf, "utf8", this.release);
+          return fs29.write(this.fd, this._writingBuf, "utf8", this.release);
         };
       } else {
         throw new Error(`SonicBoom supports "${kContentModeUtf8}" and "${kContentModeBuffer}", but passed ${contentMode}`);
@@ -6433,7 +6498,7 @@ var require_sonic_boom = __commonJS({
           }
         }
         if (this._fsync) {
-          fs28.fsyncSync(this.fd);
+          fs29.fsyncSync(this.fd);
         }
         const len = this._len;
         if (this._reopening) {
@@ -6547,7 +6612,7 @@ var require_sonic_boom = __commonJS({
       const onDrain = () => {
         if (!this._fsync) {
           try {
-            fs28.fsync(this.fd, (err) => {
+            fs29.fsync(this.fd, (err) => {
               this._flushPending = false;
               cb(err);
             });
@@ -6649,7 +6714,7 @@ var require_sonic_boom = __commonJS({
       const fd = this.fd;
       this.once("ready", () => {
         if (fd !== this.fd) {
-          fs28.close(fd, (err) => {
+          fs29.close(fd, (err) => {
             if (err) {
               return this.emit("error", err);
             }
@@ -6698,7 +6763,7 @@ var require_sonic_boom = __commonJS({
           buf = this._bufs[0];
         }
         try {
-          const n = Buffer.isBuffer(buf) ? fs28.writeSync(this.fd, buf) : fs28.writeSync(this.fd, buf, "utf8");
+          const n = Buffer.isBuffer(buf) ? fs29.writeSync(this.fd, buf) : fs29.writeSync(this.fd, buf, "utf8");
           const releasedBufObj = releaseWritingBuf(buf, this._len, n);
           buf = releasedBufObj.writingBuf;
           this._len = releasedBufObj.len;
@@ -6714,7 +6779,7 @@ var require_sonic_boom = __commonJS({
         }
       }
       try {
-        fs28.fsyncSync(this.fd);
+        fs29.fsyncSync(this.fd);
       } catch {
       }
     }
@@ -6735,7 +6800,7 @@ var require_sonic_boom = __commonJS({
           buf = mergeBuf(this._bufs[0], this._lens[0]);
         }
         try {
-          const n = fs28.writeSync(this.fd, buf);
+          const n = fs29.writeSync(this.fd, buf);
           buf = buf.subarray(n);
           this._len = Math.max(this._len - n, 0);
           if (buf.length <= 0) {
@@ -6763,13 +6828,13 @@ var require_sonic_boom = __commonJS({
       this._writingBuf = this._writingBuf.length ? this._writingBuf : this._bufs.shift() || "";
       if (this.sync) {
         try {
-          const written = Buffer.isBuffer(this._writingBuf) ? fs28.writeSync(this.fd, this._writingBuf) : fs28.writeSync(this.fd, this._writingBuf, "utf8");
+          const written = Buffer.isBuffer(this._writingBuf) ? fs29.writeSync(this.fd, this._writingBuf) : fs29.writeSync(this.fd, this._writingBuf, "utf8");
           release(null, written);
         } catch (err) {
           release(err);
         }
       } else {
-        fs28.write(this.fd, this._writingBuf, release);
+        fs29.write(this.fd, this._writingBuf, release);
       }
     }
     function actualWriteBuffer() {
@@ -6778,7 +6843,7 @@ var require_sonic_boom = __commonJS({
       this._writingBuf = this._writingBuf.length ? this._writingBuf : mergeBuf(this._bufs.shift(), this._lens.shift());
       if (this.sync) {
         try {
-          const written = fs28.writeSync(this.fd, this._writingBuf);
+          const written = fs29.writeSync(this.fd, this._writingBuf);
           release(null, written);
         } catch (err) {
           release(err);
@@ -6787,7 +6852,7 @@ var require_sonic_boom = __commonJS({
         if (kCopyBuffer) {
           this._writingBuf = Buffer.from(this._writingBuf);
         }
-        fs28.write(this.fd, this._writingBuf, release);
+        fs29.write(this.fd, this._writingBuf, release);
       }
     }
     function actualClose(sonic) {
@@ -6803,12 +6868,12 @@ var require_sonic_boom = __commonJS({
       sonic._lens = [];
       assert(typeof sonic.fd === "number", `sonic.fd must be a number, got ${typeof sonic.fd}`);
       try {
-        fs28.fsync(sonic.fd, closeWrapped);
+        fs29.fsync(sonic.fd, closeWrapped);
       } catch {
       }
       function closeWrapped() {
         if (sonic.fd !== 1 && sonic.fd !== 2) {
-          fs28.close(sonic.fd, done);
+          fs29.close(sonic.fd, done);
         } else {
           done();
         }
@@ -7065,7 +7130,7 @@ var require_thread_stream = __commonJS({
     var { version: version2 } = require_package();
     var { EventEmitter: EventEmitter2 } = require("events");
     var { Worker } = require("worker_threads");
-    var { join: join4 } = require("path");
+    var { join: join5 } = require("path");
     var { pathToFileURL } = require("url");
     var { wait } = require_wait();
     var {
@@ -7101,7 +7166,7 @@ var require_thread_stream = __commonJS({
     function createWorker(stream, opts) {
       const { filename, workerData } = opts;
       const bundlerOverrides = "__bundlerPathsOverrides" in globalThis ? globalThis.__bundlerPathsOverrides : {};
-      const toExecute = bundlerOverrides["thread-stream-worker"] || join4(__dirname, "lib", "worker.js");
+      const toExecute = bundlerOverrides["thread-stream-worker"] || join5(__dirname, "lib", "worker.js");
       const worker = new Worker(toExecute, {
         ...opts.workerOpts,
         trackUnmanagedFds: false,
@@ -7487,7 +7552,7 @@ var require_transport = __commonJS({
     "use strict";
     var { createRequire } = require("module");
     var getCallers = require_caller();
-    var { join: join4, isAbsolute, sep } = require("path");
+    var { join: join5, isAbsolute, sep } = require("path");
     var sleep = require_atomic_sleep();
     var onExit = require_on_exit_leak_free();
     var ThreadStream = require_thread_stream();
@@ -7550,7 +7615,7 @@ var require_transport = __commonJS({
         throw new Error("only one of target or targets can be specified");
       }
       if (targets) {
-        target = bundlerOverrides["pino-worker"] || join4(__dirname, "worker.js");
+        target = bundlerOverrides["pino-worker"] || join5(__dirname, "worker.js");
         options.targets = targets.filter((dest) => dest.target).map((dest) => {
           return {
             ...dest,
@@ -7568,7 +7633,7 @@ var require_transport = __commonJS({
           });
         });
       } else if (pipeline2) {
-        target = bundlerOverrides["pino-worker"] || join4(__dirname, "worker.js");
+        target = bundlerOverrides["pino-worker"] || join5(__dirname, "worker.js");
         options.pipelines = [pipeline2.map((dest) => {
           return {
             ...dest,
@@ -7590,7 +7655,7 @@ var require_transport = __commonJS({
           return origin;
         }
         if (origin === "pino/file") {
-          return join4(__dirname, "..", "file.js");
+          return join5(__dirname, "..", "file.js");
         }
         let fixTarget2;
         for (const filePath of callers) {
@@ -8580,7 +8645,7 @@ var require_safe_stable_stringify = __commonJS({
               return circularValue;
             }
             let res = "";
-            let join4 = ",";
+            let join5 = ",";
             const originalIndentation = indentation;
             if (Array.isArray(value)) {
               if (value.length === 0) {
@@ -8594,7 +8659,7 @@ var require_safe_stable_stringify = __commonJS({
                 indentation += spacer;
                 res += `
 ${indentation}`;
-                join4 = `,
+                join5 = `,
 ${indentation}`;
               }
               const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
@@ -8602,13 +8667,13 @@ ${indentation}`;
               for (; i < maximumValuesToStringify - 1; i++) {
                 const tmp2 = stringifyFnReplacer(String(i), value, stack, replacer, spacer, indentation);
                 res += tmp2 !== void 0 ? tmp2 : "null";
-                res += join4;
+                res += join5;
               }
               const tmp = stringifyFnReplacer(String(i), value, stack, replacer, spacer, indentation);
               res += tmp !== void 0 ? tmp : "null";
               if (value.length - 1 > maximumBreadth) {
                 const removedKeys = value.length - maximumBreadth - 1;
-                res += `${join4}"... ${getItemCount(removedKeys)} not stringified"`;
+                res += `${join5}"... ${getItemCount(removedKeys)} not stringified"`;
               }
               if (spacer !== "") {
                 res += `
@@ -8629,7 +8694,7 @@ ${originalIndentation}`;
             let separator = "";
             if (spacer !== "") {
               indentation += spacer;
-              join4 = `,
+              join5 = `,
 ${indentation}`;
               whitespace = " ";
             }
@@ -8643,13 +8708,13 @@ ${indentation}`;
               const tmp = stringifyFnReplacer(key2, value, stack, replacer, spacer, indentation);
               if (tmp !== void 0) {
                 res += `${separator}${strEscape(key2)}:${whitespace}${tmp}`;
-                separator = join4;
+                separator = join5;
               }
             }
             if (keyLength > maximumBreadth) {
               const removedKeys = keyLength - maximumBreadth;
               res += `${separator}"...":${whitespace}"${getItemCount(removedKeys)} not stringified"`;
-              separator = join4;
+              separator = join5;
             }
             if (spacer !== "" && separator.length > 1) {
               res = `
@@ -8690,7 +8755,7 @@ ${originalIndentation}`;
             }
             const originalIndentation = indentation;
             let res = "";
-            let join4 = ",";
+            let join5 = ",";
             if (Array.isArray(value)) {
               if (value.length === 0) {
                 return "[]";
@@ -8703,7 +8768,7 @@ ${originalIndentation}`;
                 indentation += spacer;
                 res += `
 ${indentation}`;
-                join4 = `,
+                join5 = `,
 ${indentation}`;
               }
               const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
@@ -8711,13 +8776,13 @@ ${indentation}`;
               for (; i < maximumValuesToStringify - 1; i++) {
                 const tmp2 = stringifyArrayReplacer(String(i), value[i], stack, replacer, spacer, indentation);
                 res += tmp2 !== void 0 ? tmp2 : "null";
-                res += join4;
+                res += join5;
               }
               const tmp = stringifyArrayReplacer(String(i), value[i], stack, replacer, spacer, indentation);
               res += tmp !== void 0 ? tmp : "null";
               if (value.length - 1 > maximumBreadth) {
                 const removedKeys = value.length - maximumBreadth - 1;
-                res += `${join4}"... ${getItemCount(removedKeys)} not stringified"`;
+                res += `${join5}"... ${getItemCount(removedKeys)} not stringified"`;
               }
               if (spacer !== "") {
                 res += `
@@ -8730,7 +8795,7 @@ ${originalIndentation}`;
             let whitespace = "";
             if (spacer !== "") {
               indentation += spacer;
-              join4 = `,
+              join5 = `,
 ${indentation}`;
               whitespace = " ";
             }
@@ -8739,7 +8804,7 @@ ${indentation}`;
               const tmp = stringifyArrayReplacer(key2, value[key2], stack, replacer, spacer, indentation);
               if (tmp !== void 0) {
                 res += `${separator}${strEscape(key2)}:${whitespace}${tmp}`;
-                separator = join4;
+                separator = join5;
               }
             }
             if (spacer !== "" && separator.length > 1) {
@@ -8797,20 +8862,20 @@ ${originalIndentation}`;
               indentation += spacer;
               let res2 = `
 ${indentation}`;
-              const join5 = `,
+              const join6 = `,
 ${indentation}`;
               const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
               let i = 0;
               for (; i < maximumValuesToStringify - 1; i++) {
                 const tmp2 = stringifyIndent(String(i), value[i], stack, spacer, indentation);
                 res2 += tmp2 !== void 0 ? tmp2 : "null";
-                res2 += join5;
+                res2 += join6;
               }
               const tmp = stringifyIndent(String(i), value[i], stack, spacer, indentation);
               res2 += tmp !== void 0 ? tmp : "null";
               if (value.length - 1 > maximumBreadth) {
                 const removedKeys = value.length - maximumBreadth - 1;
-                res2 += `${join5}"... ${getItemCount(removedKeys)} not stringified"`;
+                res2 += `${join6}"... ${getItemCount(removedKeys)} not stringified"`;
               }
               res2 += `
 ${originalIndentation}`;
@@ -8826,16 +8891,16 @@ ${originalIndentation}`;
               return '"[Object]"';
             }
             indentation += spacer;
-            const join4 = `,
+            const join5 = `,
 ${indentation}`;
             let res = "";
             let separator = "";
             let maximumPropertiesToStringify = Math.min(keyLength, maximumBreadth);
             if (isTypedArrayWithEntries(value)) {
-              res += stringifyTypedArray(value, join4, maximumBreadth);
+              res += stringifyTypedArray(value, join5, maximumBreadth);
               keys = keys.slice(value.length);
               maximumPropertiesToStringify -= value.length;
-              separator = join4;
+              separator = join5;
             }
             if (deterministic) {
               keys = sort(keys, comparator);
@@ -8846,13 +8911,13 @@ ${indentation}`;
               const tmp = stringifyIndent(key2, value[key2], stack, spacer, indentation);
               if (tmp !== void 0) {
                 res += `${separator}${strEscape(key2)}: ${tmp}`;
-                separator = join4;
+                separator = join5;
               }
             }
             if (keyLength > maximumBreadth) {
               const removedKeys = keyLength - maximumBreadth;
               res += `${separator}"...": "${getItemCount(removedKeys)} not stringified"`;
-              separator = join4;
+              separator = join5;
             }
             if (separator !== "") {
               res = `
@@ -18696,7 +18761,7 @@ var require_websocket = __commonJS({
     var http2 = require("http");
     var net = require("net");
     var tls = require("tls");
-    var { randomBytes, createHash } = require("crypto");
+    var { randomBytes: randomBytes2, createHash: createHash3 } = require("crypto");
     var { Duplex, Readable: Readable3 } = require("stream");
     var { URL: URL2 } = require("url");
     var PerMessageDeflate2 = require_permessage_deflate();
@@ -19226,7 +19291,7 @@ var require_websocket = __commonJS({
         }
       }
       const defaultPort = isSecure ? 443 : 80;
-      const key = randomBytes(16).toString("base64");
+      const key = randomBytes2(16).toString("base64");
       const request = isSecure ? https.request : http2.request;
       const protocolSet = /* @__PURE__ */ new Set();
       let perMessageDeflate;
@@ -19356,7 +19421,7 @@ var require_websocket = __commonJS({
           abortHandshake(websocket, socket, "Invalid Upgrade header");
           return;
         }
-        const digest = createHash("sha1").update(key + GUID).digest("base64");
+        const digest = createHash3("sha1").update(key + GUID).digest("base64");
         if (res.headers["sec-websocket-accept"] !== digest) {
           abortHandshake(websocket, socket, "Invalid Sec-WebSocket-Accept header");
           return;
@@ -19723,7 +19788,7 @@ var require_websocket_server = __commonJS({
     var EventEmitter2 = require("events");
     var http2 = require("http");
     var { Duplex } = require("stream");
-    var { createHash } = require("crypto");
+    var { createHash: createHash3 } = require("crypto");
     var extension2 = require_extension();
     var PerMessageDeflate2 = require_permessage_deflate();
     var subprotocol2 = require_subprotocol();
@@ -20024,7 +20089,7 @@ var require_websocket_server = __commonJS({
           );
         }
         if (this._state > RUNNING) return abortHandshake(socket, 503);
-        const digest = createHash("sha1").update(key + GUID).digest("base64");
+        const digest = createHash3("sha1").update(key + GUID).digest("base64");
         const headers = [
           "HTTP/1.1 101 Switching Protocols",
           "Upgrade: websocket",
@@ -20112,7 +20177,7 @@ var require_websocket_server = __commonJS({
 // src/run-case/recorder.ts
 function startRunCaseRecorder(opts) {
   const now = opts.now ?? Date.now;
-  const dir = import_node_path28.default.dirname(opts.recordPath);
+  const dir = import_node_path27.default.dirname(opts.recordPath);
   let stream = null;
   let closing = false;
   let closedSettled = false;
@@ -20152,12 +20217,12 @@ function startRunCaseRecorder(opts) {
   };
   return { tap, close, closed };
 }
-var import_node_fs25, import_node_path28;
+var import_node_fs25, import_node_path27;
 var init_recorder = __esm({
   "src/run-case/recorder.ts"() {
     "use strict";
     import_node_fs25 = __toESM(require("fs"), 1);
-    import_node_path28 = __toESM(require("path"), 1);
+    import_node_path27 = __toESM(require("path"), 1);
   }
 });
@@ -20200,7 +20265,7 @@ var init_wire = __esm({
 // src/run-case/controller.ts
 async function runController(opts) {
   const now = opts.now ?? Date.now;
-  const cwd = opts.cwd ?? (0, import_node_fs26.mkdtempSync)(import_node_path29.default.join(import_node_os14.default.tmpdir(), "clawd-runcase-"));
+  const cwd = opts.cwd ?? (0, import_node_fs26.mkdtempSync)(import_node_path28.default.join(import_node_os14.default.tmpdir(), "clawd-runcase-"));
   const ownsCwd = opts.cwd === void 0;
   const recorder = startRunCaseRecorder({ recordPath: opts.record, now });
   const spawnCtx = { cwd };
@@ -20367,13 +20432,13 @@ async function runController(opts) {
   }
   return exitCode ?? 0;
 }
-var import_node_fs26, import_node_os14, import_node_path29;
+var import_node_fs26, import_node_os14, import_node_path28;
 var init_controller = __esm({
   "src/run-case/controller.ts"() {
     "use strict";
     import_node_fs26 = require("fs");
     import_node_os14 = __toESM(require("os"), 1);
-    import_node_path29 = __toESM(require("path"), 1);
+    import_node_path28 = __toESM(require("path"), 1);
     init_claude();
     init_stdout_splitter();
     init_permission_stdio();
@@ -20605,7 +20670,7 @@ Env (advanced):
 `;
 // src/index.ts
-var import_node_path27 = __toESM(require("path"), 1);
+var import_node_path26 = __toESM(require("path"), 1);
 var import_node_fs24 = __toESM(require("fs"), 1);
 // src/logger.ts
@@ -22106,19 +22171,9 @@ var SessionManager = class {
     return entries.filter((e) => e.isDirectory() && e.name !== "default").map((e) => e.name);
   }
   // owner / default 两个分类下按 sessionId 找文件——前端只传 sessionId 不带 scope，
-  // SessionManager 在这里定位。三层快慢路径：
-  //   1) active runner（用户当前在用的 session）：runner.state.file 是 SessionFile 内存权威副本，
-  //      直接返回，零磁盘 I/O。覆盖 attachment / file-sharing 等"用户操作 → 紧接着 RPC"的
-  //      绝大多数场景
-  //   2) default scope 磁盘：inactive default session 命中
-  //   3) 所有 persona owner 目录扫盘：inactive persona owner session 命中
+  // SessionManager 在这里扫盘定位（default 直接试，未命中再轮询所有 persona owner 目录）。
   // listener sub-session 不走这条——transport 始终明确传 (personaId, sessionId)。
-  //
-  // 公开方法：attachment / file-sharing handler 通过 deps 闭包消费，不应直接持 SessionStore
-  // （持 default-only store 是 file-sharing v1 的预存 bug 根因——见 fix #703）
   findOwnedSession(sessionId) {
-    const runner = this.runners.get(sessionId);
-    if (runner) return runner.getState().file;
     const dflt = this.deps.store.read(sessionId);
     if (dflt) return dflt;
     for (const personaId of this.listPersonaIdsOnDisk()) {
@@ -22128,13 +22183,6 @@ var SessionManager = class {
     }
     return null;
   }
-  // findOwnedSession + scopeForFile 收口。把"sessionId → SessionScope"的派生
-  // 集中到 manager（scope 单一来源），调用方拿 scope 不再自己拼 object 也不依赖
-  // ownerPersonaId 字段语义。给 attachment handler 通过 deps.getSessionScope 闭包消费。
-  findOwnedSessionScope(sessionId) {
-    const file = this.findOwnedSession(sessionId);
-    return file ? this.scopeForFile(file) : null;
-  }
   // 合并 default + 所有 persona owner 的 SessionFile —— 桌面 App 主 session 列表入口。
   // 同样不含 listener sub-session（listener 走 persona:listSubSessions RPC 单独入口）。
   listAllOwned() {
@@ -25240,6 +25288,9 @@ var LocalWsServer = class {
   httpServer = null;
   frameHandler = null;
   clients = /* @__PURE__ */ new Map();
+  // Task 1.7 capability platform：capId → Set<clientId>，撤销时 O(1) 找到该 cap 的
+  // 所有活跃连接做关闭级联（Task 1.10）。同一 cap 可能多端同时连（多设备 / 多 tab）。
+  capabilityIdToClients = /* @__PURE__ */ new Map();
   logger;
   pingIntervalMs;
   async start() {
@@ -25330,6 +25381,17 @@ var LocalWsServer = class {
       this.safeSend(c.ws, frame);
     }
   }
+  // Task 1.9 capability platform：仅广播给 owner 连接（跳过 guest ws）。
+  // 用于 capability:tokenIssued / capability:revoked 等 owner-only push frame——
+  // guest 没必要也无法消费这类管理帧。noAuth localhost ws 没有 ctx, 视作 owner.
+  broadcastToOwners(frame) {
+    const gate = this.opts.authGate;
+    for (const c of this.clients.values()) {
+      if (gate && !gate.isAuthed(c.handle.id)) continue;
+      if (c.ctx && c.ctx.principal.kind !== "owner") continue;
+      this.safeSend(c.ws, frame);
+    }
+  }
   firstSubscriber(sessionId) {
     for (const c of this.clients.values()) {
       if (c.handle.subscribedSessions.has(sessionId)) return c.handle;
@@ -25351,6 +25413,40 @@ var LocalWsServer = class {
     if (!c) return;
     this.safeSend(c.ws, frame);
   }
+  // Task 1.7 capability platform：AuthGate.onAuthed 回调里调本方法，把 ConnectionContext
+  // 绑到 client；guest 连接同时进 capId 索引（Task 1.10 撤销级联用）。
+  attachClientContext(clientId, ctx) {
+    const c = this.clients.get(clientId);
+    if (!c) return;
+    c.ctx = ctx;
+    if (ctx.capabilityId) {
+      let set = this.capabilityIdToClients.get(ctx.capabilityId);
+      if (!set) {
+        set = /* @__PURE__ */ new Set();
+        this.capabilityIdToClients.set(ctx.capabilityId, set);
+      }
+      set.add(clientId);
+    }
+  }
+  // 测试 / Task 1.8 dispatcher 用：拿 client 当前 ConnectionContext（null = 未鉴权 / noAuth）
+  getClientContext(clientId) {
+    return this.clients.get(clientId)?.ctx ?? null;
+  }
+  // Task 1.10 撤销级联：关闭某 capability 的所有活跃 ws 连接。close code 4401
+  // 让客户端识别 'capability revoked' 而非普通断连。
+  closeConnectionsByCapability(capabilityId, code = 4401, reason = "TOKEN_REVOKED") {
+    const set = this.capabilityIdToClients.get(capabilityId);
+    if (!set) return;
+    const ids = [...set];
+    for (const id of ids) {
+      const c = this.clients.get(id);
+      if (!c) continue;
+      try {
+        c.ws.close(code, reason);
+      } catch {
+      }
+    }
+  }
   // URL path 路由：'/' → 主连接路径；其他 → close 4404
   routeConnection(socket, req) {
     const remoteAddress = req?.socket?.remoteAddress;
@@ -25385,7 +25481,7 @@ var LocalWsServer = class {
       } catch {
       }
     }, this.pingIntervalMs);
-    this.clients.set(id, { handle, ws: socket, pingTimer });
+    this.clients.set(id, { handle, ws: socket, pingTimer, ctx: null });
     this.logger?.info("client connected", { clientId: id, total: this.clients.size, remoteAddress });
     const authGate = this.opts.authGate;
     let authed = true;
@@ -25409,6 +25505,12 @@ var LocalWsServer = class {
     socket.on("close", () => {
       const c = this.clients.get(id);
       if (c?.pingTimer) clearInterval(c.pingTimer);
+      const capId = c?.ctx?.capabilityId;
+      if (capId) {
+        const set = this.capabilityIdToClients.get(capId);
+        set?.delete(id);
+        if (set && set.size === 0) this.capabilityIdToClients.delete(capId);
+      }
       this.clients.delete(id);
       authGate?.unregister(id);
       this.logger?.info("client disconnected", { clientId: id, remaining: this.clients.size });
@@ -25557,15 +25659,27 @@ var AuthGate = class {
       this.markFailed(handle.id);
       return frame.type === "auth" ? "consumed" : "reject";
     }
-    if (!this.opts.expectedToken) {
-      this.opts.closeConnection(handle, 1008, "auth not configured");
-      this.markFailed(handle.id);
-      return "consumed";
-    }
-    if (!constantTimeEqual(parsed.data.token, this.opts.expectedToken)) {
-      this.opts.closeConnection(handle, 1008, "auth failed");
-      this.markFailed(handle.id);
-      return "consumed";
+    let ctx = null;
+    if (this.opts.authenticate) {
+      const r = this.opts.authenticate(parsed.data.token);
+      if (!r.ok) {
+        this.opts.closeConnection(handle, 4401, r.code);
+        this.markFailed(handle.id);
+        return "consumed";
+      }
+      ctx = r.context;
+    } else {
+      if (!this.opts.expectedToken) {
+        this.opts.closeConnection(handle, 1008, "auth not configured");
+        this.markFailed(handle.id);
+        return "consumed";
+      }
+      if (!constantTimeEqual(parsed.data.token, this.opts.expectedToken)) {
+        this.opts.closeConnection(handle, 1008, "auth failed");
+        this.markFailed(handle.id);
+        return "consumed";
+      }
+      ctx = this.opts.buildOwnerContext?.() ?? null;
     }
     if (st.timer != null) {
       const clear = this.opts.clearTimer ?? ((h) => clearTimeout(h));
@@ -25573,6 +25687,7 @@ var AuthGate = class {
     }
     st.authed = true;
     st.timer = null;
+    if (ctx && this.opts.onAuthed) this.opts.onAuthed(handle, ctx);
     this.opts.sendOk(handle, { type: "auth:ok" });
     return "consumed";
   }
@@ -25648,6 +25763,219 @@ function constantTimeEqual2(a, b2) {
   return diff2 === 0;
 }
+// ../protocol/src/index.ts
+init_runtime();
+// src/transport/connection-context.ts
+function ownerContext() {
+  return {
+    principal: OWNER_PRINCIPAL,
+    grants: [{ resource: { type: "*" }, actions: ["admin"] }]
+  };
+}
+function guestContext(cap) {
+  return {
+    principal: { id: cap.id, kind: "guest", displayName: cap.displayName },
+    grants: cap.grants,
+    capabilityId: cap.id
+  };
+}
+function authenticate(token, deps) {
+  if (!token) return { ok: false, code: "NO_TOKEN" };
+  if (deps.isOwnerToken(token)) return { ok: true, context: ownerContext() };
+  if (!deps.capabilityRegistry) return { ok: false, code: "BAD_TOKEN" };
+  const v2 = deps.capabilityRegistry.verifyToken(token);
+  if (v2.ok) return { ok: true, context: guestContext(v2.capability) };
+  if (v2.code === "TOKEN_INVALID") return { ok: false, code: "BAD_TOKEN" };
+  return { ok: false, code: v2.code };
+}
+// src/permission/capability-store.ts
+var fs15 = __toESM(require("fs"), 1);
+var path16 = __toESM(require("path"), 1);
+var CAPABILITIES_FILE_NAME = "capabilities.json";
+var FILE_VERSION = 1;
+var CapabilityStore = class {
+  constructor(dataDir) {
+    this.dataDir = dataDir;
+    fs15.mkdirSync(dataDir, { recursive: true });
+    this.cache = this.readFromDisk();
+  }
+  dataDir;
+  cache;
+  list() {
+    return [...this.cache];
+  }
+  upsert(cap) {
+    const idx = this.cache.findIndex((c) => c.id === cap.id);
+    if (idx >= 0) {
+      this.cache[idx] = cap;
+    } else {
+      this.cache.push(cap);
+    }
+    this.flush();
+  }
+  remove(id) {
+    const next = this.cache.filter((c) => c.id !== id);
+    if (next.length === this.cache.length) return;
+    this.cache = next;
+    this.flush();
+  }
+  filePath() {
+    return path16.join(this.dataDir, CAPABILITIES_FILE_NAME);
+  }
+  readFromDisk() {
+    const file = this.filePath();
+    let raw;
+    try {
+      raw = fs15.readFileSync(file, "utf8");
+    } catch (err) {
+      if (err?.code === "ENOENT") return [];
+      return [];
+    }
+    if (!raw.trim()) return [];
+    let parsed;
+    try {
+      parsed = JSON.parse(raw);
+    } catch {
+      return [];
+    }
+    if (!parsed || typeof parsed !== "object") return [];
+    const arr = parsed.capabilities;
+    if (!Array.isArray(arr)) return [];
+    const out = [];
+    for (const item of arr) {
+      const r = CapabilitySchema.safeParse(item);
+      if (r.success) out.push(r.data);
+    }
+    return out;
+  }
+  flush() {
+    const content = { version: FILE_VERSION, capabilities: this.cache };
+    this.atomicWrite(this.filePath(), JSON.stringify(content, null, 2));
+  }
+  atomicWrite(file, content) {
+    const tmp = `${file}.tmp-${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2)}`;
+    fs15.writeFileSync(tmp, content, { mode: 384 });
+    fs15.renameSync(tmp, file);
+    try {
+      fs15.chmodSync(file, 384);
+    } catch {
+    }
+  }
+};
+// src/permission/capability-registry.ts
+var crypto4 = __toESM(require("crypto"), 1);
+var CapabilityRegistry = class {
+  constructor(store, now = () => Date.now()) {
+    this.store = store;
+    this.now = now;
+    for (const cap of store.list()) {
+      this.bySecretHash.set(cap.secretHash, cap);
+    }
+  }
+  store;
+  now;
+  // sha256(token) → Capability
+  bySecretHash = /* @__PURE__ */ new Map();
+  list() {
+    return this.store.list();
+  }
+  verifyToken(token) {
+    if (!token) return { ok: false, code: "TOKEN_INVALID" };
+    const hash = sha256Hex(token);
+    const cap = this.bySecretHash.get(hash);
+    if (!cap) return { ok: false, code: "TOKEN_INVALID" };
+    if (cap.revokedAt) return { ok: false, code: "TOKEN_REVOKED" };
+    if (cap.expiresAt && this.now() >= cap.expiresAt) {
+      return { ok: false, code: "TOKEN_EXPIRED" };
+    }
+    if (cap.maxUses && cap.usedCount >= cap.maxUses) {
+      return { ok: false, code: "TOKEN_EXHAUSTED" };
+    }
+    const updated = { ...cap, usedCount: cap.usedCount + 1 };
+    this.bySecretHash.set(hash, updated);
+    this.store.upsert(updated);
+    return { ok: true, capability: updated };
+  }
+  upsertCapability(cap) {
+    this.bySecretHash.set(cap.secretHash, cap);
+    this.store.upsert(cap);
+  }
+  markRevoked(id, revokedAt) {
+    const current = this.store.list().find((c) => c.id === id);
+    if (!current) return null;
+    if (current.revokedAt) return current;
+    const updated = { ...current, revokedAt };
+    this.bySecretHash.set(updated.secretHash, updated);
+    this.store.upsert(updated);
+    return updated;
+  }
+  findById(id) {
+    return this.store.list().find((c) => c.id === id) ?? null;
+  }
+};
+function sha256Hex(s) {
+  return crypto4.createHash("sha256").update(s).digest("hex");
+}
+// src/permission/capability-manager.ts
+var crypto5 = __toESM(require("crypto"), 1);
+var CapabilityManager = class {
+  constructor(registry2, hooks = {}) {
+    this.registry = registry2;
+    this.hooks = hooks;
+  }
+  registry;
+  hooks;
+  list() {
+    return this.registry.list();
+  }
+  issue(args) {
+    if (!args.displayName.trim()) {
+      throw new Error("CapabilityManager.issue: displayName must be non-empty");
+    }
+    const token = (this.hooks.generateToken ?? defaultGenerateToken)();
+    const id = (this.hooks.generateId ?? defaultGenerateId)();
+    const now = (this.hooks.now ?? Date.now)();
+    const cap = {
+      id,
+      secretHash: sha256Hex2(token),
+      displayName: args.displayName,
+      grants: args.grants,
+      issuedAt: now,
+      usedCount: 0,
+      ...args.expiresAt !== void 0 ? { expiresAt: args.expiresAt } : {},
+      ...args.maxUses !== void 0 ? { maxUses: args.maxUses } : {}
+    };
+    this.registry.upsertCapability(cap);
+    this.hooks.onIssued?.(cap, token);
+    return { token, capability: cap };
+  }
+  revoke(id) {
+    const existing = this.registry.findById(id);
+    if (!existing) return null;
+    const now = (this.hooks.now ?? Date.now)();
+    if (existing.revokedAt) {
+      return { revokedAt: existing.revokedAt, capability: existing };
+    }
+    const updated = this.registry.markRevoked(id, now);
+    if (!updated) return null;
+    this.hooks.onRevoked?.(updated);
+    return { revokedAt: now, capability: updated };
+  }
+};
+function defaultGenerateToken() {
+  return crypto5.randomBytes(24).toString("base64url");
+}
+function defaultGenerateId() {
+  return "cap_" + crypto5.randomBytes(6).toString("base64url");
+}
+function sha256Hex2(s) {
+  return crypto5.createHash("sha256").update(s).digest("hex");
+}
 // src/transport/http-router.ts
 var import_node_fs14 = __toESM(require("fs"), 1);
 var import_node_path16 = __toESM(require("path"), 1);
@@ -26869,24 +27197,14 @@ var AUTH_FILE_NAME = "auth.json";
 function authFilePath(dataDir) {
   return import_node_path22.default.join(dataDir, AUTH_FILE_NAME);
 }
-function loadOrCreateAuthFile(opts) {
+function loadOrCreateAuthToken(opts) {
   const file = authFilePath(opts.dataDir);
-  const generate = opts.generate ?? defaultGenerate;
-  const now = opts.now ?? (() => /* @__PURE__ */ new Date());
   const existing = readAuthFile(file);
-  if (existing && existing.token && existing.signSecret) {
-    return {
-      token: existing.token,
-      signSecret: existing.signSecret,
-      createdAt: existing.createdAt ?? (/* @__PURE__ */ new Date(0)).toISOString()
-    };
-  }
-  const token = existing?.token || generate();
-  const signSecret = existing?.signSecret || generate();
-  const createdAt = existing?.createdAt || now().toISOString();
-  const next = { token, signSecret, createdAt };
-  writeAuthFile(file, next);
-  return next;
+  if (existing && existing.token) return existing.token;
+  const token = (opts.generate ?? defaultGenerate)();
+  const now = (opts.now ?? (() => /* @__PURE__ */ new Date()))();
+  writeAuthFile(file, { token, createdAt: now.toISOString() });
+  return token;
 }
 function defaultGenerate() {
   return import_node_crypto8.default.randomBytes(32).toString("base64url");
@@ -26895,14 +27213,13 @@ function readAuthFile(file) {
   try {
     const raw = import_node_fs20.default.readFileSync(file, "utf8");
     const parsed = JSON.parse(raw);
-    if (typeof parsed?.token !== "string" || parsed.token.length === 0) {
-      return null;
+    if (typeof parsed?.token === "string" && parsed.token.length > 0) {
+      return {
+        token: parsed.token,
+        createdAt: typeof parsed.createdAt === "string" ? parsed.createdAt : (/* @__PURE__ */ new Date(0)).toISOString()
+      };
     }
-    return {
-      token: parsed.token,
-      signSecret: typeof parsed.signSecret === "string" && parsed.signSecret.length > 0 ? parsed.signSecret : void 0,
-      createdAt: typeof parsed.createdAt === "string" ? parsed.createdAt : void 0
-    };
+    return null;
   } catch (err) {
     const code = err?.code;
     if (code === "ENOENT") return null;
@@ -27446,6 +27763,65 @@ function buildCapabilitiesHandlers(deps) {
   };
 }
+// src/handlers/capability.ts
+init_zod();
+init_protocol();
+var IssueArgsSchema = external_exports.object({
+  displayName: external_exports.string().min(1),
+  grants: external_exports.array(GrantSchema),
+  expiresAt: external_exports.number().int().positive().optional(),
+  maxUses: external_exports.number().int().positive().optional()
+}).strict();
+var RevokeArgsSchema = external_exports.object({
+  capabilityId: external_exports.string().min(1)
+}).strict();
+function buildCapabilityHandlers(deps) {
+  const { manager } = deps;
+  const issue = async (frame) => {
+    const { type: _type, requestId: _requestId, ...rest } = frame;
+    const args = IssueArgsSchema.parse(rest);
+    const { token, capability } = manager.issue(args);
+    return {
+      response: {
+        type: "capability:issued",
+        token,
+        capability: stripSecretHash(capability)
+      }
+    };
+  };
+  const list = async () => {
+    return {
+      response: {
+        type: "capability:list",
+        capabilities: manager.list().map(stripSecretHash)
+      }
+    };
+  };
+  const revoke = async (frame) => {
+    const { type: _type, requestId: _requestId, ...rest } = frame;
+    const args = RevokeArgsSchema.parse(rest);
+    const result = manager.revoke(args.capabilityId);
+    if (!result) {
+      throw new ClawdError(
+        ERROR_CODES.VALIDATION_ERROR,
+        `capability not found: ${args.capabilityId}`
+      );
+    }
+    return {
+      response: {
+        type: "capability:revoked",
+        capabilityId: args.capabilityId,
+        revokedAt: result.revokedAt
+      }
+    };
+  };
+  return {
+    "capability:issue": issue,
+    "capability:list": list,
+    "capability:revoke": revoke
+  };
+}
 // src/handlers/meta.ts
 var import_node_os13 = __toESM(require("os"), 1);
 init_protocol();
@@ -27571,7 +27947,6 @@ function buildPersonaHandlers(deps) {
 }
 // src/handlers/attachment.ts
-var import_node_path26 = __toESM(require("path"), 1);
 init_protocol();
 init_protocol();
 var DEFAULT_TTL_SECONDS = 24 * 3600;
@@ -27596,41 +27971,8 @@ function buildAttachmentHandlers(deps) {
         "httpBaseUrl unavailable (daemon HTTP not ready)"
       );
     }
-    if (!deps.sessionStore || !deps.getSessionScope || !deps.groupFileStore) {
-      throw new ClawdError(
-        ERROR_CODES.METHOD_NOT_IMPLEMENTED,
-        "signUrl requires session/group stores"
-      );
-    }
-    const sessionFile = deps.sessionStore.read(args.sessionId);
-    if (!sessionFile) {
-      throw new ClawdError(
-        ERROR_CODES.VALIDATION_ERROR,
-        `session ${args.sessionId} not found`
-      );
-    }
-    const scope = deps.getSessionScope(args.sessionId);
-    if (!scope) {
-      throw new ClawdError(
-        ERROR_CODES.VALIDATION_ERROR,
-        `session ${args.sessionId} scope unresolved`
-      );
-    }
-    const cwdAbs = import_node_path26.default.resolve(sessionFile.cwd);
-    const candidateAbs = import_node_path26.default.isAbsolute(args.relPath) ? import_node_path26.default.resolve(args.relPath) : import_node_path26.default.resolve(cwdAbs, args.relPath);
-    const entries = deps.groupFileStore.list(scope, args.sessionId);
-    const entry = entries.find((e) => {
-      const storedAbs = import_node_path26.default.isAbsolute(e.relPath) ? import_node_path26.default.resolve(e.relPath) : import_node_path26.default.resolve(cwdAbs, e.relPath);
-      return storedAbs === candidateAbs && !e.stale;
-    });
-    if (!entry) {
-      throw new ClawdError(
-        ERROR_CODES.VALIDATION_ERROR,
-        `relPath not in session group files or stale: ${args.relPath}`
-      );
-    }
     const ttl = args.ttlSeconds === null ? null : args.ttlSeconds ?? DEFAULT_TTL_SECONDS;
-    const parts = signUrlParts(secret, candidateAbs, ttl);
+    const parts = signUrlParts(secret, args.absPath, ttl);
     const url = buildSignedFileUrl(httpBaseUrl, parts);
     return {
       response: {
@@ -27731,15 +28073,112 @@ function buildMethodHandlers(deps) {
       personaManager: deps.personaManager,
       personaRegistry: deps.personaRegistry
     }),
+    ...buildCapabilityHandlers({ manager: deps.capabilityManager }),
     ...deps.attachment ? buildAttachmentHandlers(deps.attachment) : {}
   };
 }
+// src/handlers/method-grants.ts
+var ADMIN_ANY = {
+  kind: "fixed",
+  resource: { type: "*" },
+  action: "admin"
+};
+var METHOD_GRANT_MAP = {
+  // ---- public（meta-only，guest 也能调） ----
+  "info": { kind: "public" },
+  "ping": { kind: "public" },
+  // ---- capability platform（admin-only，本 PR 新增） ----
+  "capability:issue": ADMIN_ANY,
+  "capability:list": ADMIN_ANY,
+  "capability:revoke": ADMIN_ANY,
+  // ---- 业务方法：Phase 1 全 admin-only（owner 自动通过；guest 无法调用） ----
+  "session:create": ADMIN_ANY,
+  "session:list": ADMIN_ANY,
+  "session:get": ADMIN_ANY,
+  "session:update": ADMIN_ANY,
+  "session:delete": ADMIN_ANY,
+  "session:send": ADMIN_ANY,
+  "session:stop": ADMIN_ANY,
+  "session:interrupt": ADMIN_ANY,
+  "session:rewind": ADMIN_ANY,
+  "session:rewind-diff": ADMIN_ANY,
+  "session:rewindable-message-ids": ADMIN_ANY,
+  "session:fork": ADMIN_ANY,
+  "session:new": ADMIN_ANY,
+  "session:resume": ADMIN_ANY,
+  "session:observe": ADMIN_ANY,
+  "session:events": ADMIN_ANY,
+  "session:subscribe": ADMIN_ANY,
+  "session:unsubscribe": ADMIN_ANY,
+  "session:pin": ADMIN_ANY,
+  "session:reorderPins": ADMIN_ANY,
+  "permission:respond": ADMIN_ANY,
+  "session:answerQuestion": ADMIN_ANY,
+  "session:cancelQuestion": ADMIN_ANY,
+  "history:projects": ADMIN_ANY,
+  "history:list": ADMIN_ANY,
+  "history:read": ADMIN_ANY,
+  "history:subagents": ADMIN_ANY,
+  "history:subagent-read": ADMIN_ANY,
+  "history:recentDirs": ADMIN_ANY,
+  "workspace:list": ADMIN_ANY,
+  "workspace:read": ADMIN_ANY,
+  "skills:list": ADMIN_ANY,
+  "agents:list": ADMIN_ANY,
+  "git:root": ADMIN_ANY,
+  "git:branch": ADMIN_ANY,
+  "git:branches": ADMIN_ANY,
+  "capabilities:get": ADMIN_ANY,
+  "persona:create": ADMIN_ANY,
+  "persona:list": ADMIN_ANY,
+  "persona:get": ADMIN_ANY,
+  "persona:update": ADMIN_ANY,
+  "persona:delete": ADMIN_ANY,
+  "persona:issueToken": ADMIN_ANY,
+  "persona:revokeToken": ADMIN_ANY,
+  "session:pty:input": ADMIN_ANY,
+  "session:pty:resize": ADMIN_ANY,
+  // file-sharing attachment.*：handler 内部已有 requireOwner（HTTP 路径同），dispatcher 这里
+  // 用 admin-only 兜底（双保险，wire-level 也拦）
+  "attachment.signUrl": ADMIN_ANY,
+  "attachment.groupAdd": ADMIN_ANY,
+  "attachment.groupRemove": ADMIN_ANY,
+  "attachment.groupList": ADMIN_ANY,
+  "attachment.groupListPersona": ADMIN_ANY
+};
+function computeGrantForFrame(method, frame) {
+  const rule = METHOD_GRANT_MAP[method];
+  if (!rule) return { kind: "public" };
+  if (rule.kind === "public") return { kind: "public" };
+  if (rule.kind === "fixed") {
+    return { kind: "check", resource: rule.resource, action: rule.action };
+  }
+  const picked = rule.pick(frame);
+  if (!picked) return { kind: "public" };
+  return { kind: "check", resource: picked.resource, action: picked.action };
+}
+// src/permission/capability.ts
+function matchResource(grant, target) {
+  if (grant.type === "*") return true;
+  if (grant.type !== target.type) return false;
+  return grant.id === target.id;
+}
+function assertGrant(grants, resource, action) {
+  for (const g2 of grants) {
+    if (!matchResource(g2.resource, resource)) continue;
+    if (g2.actions.includes(action)) return true;
+    if (g2.actions.includes("admin")) return true;
+  }
+  return false;
+}
 // src/index.ts
 async function startDaemon(config) {
   const logger = createLogger({
     level: config.logLevel,
-    file: import_node_path27.default.join(config.dataDir, "clawd.log")
+    file: import_node_path26.default.join(config.dataDir, "clawd.log")
   });
   logger.info("starting clawd", { version, config: { port: config.port, host: config.host, dataDir: config.dataDir } });
   const stateMgr = new StateFileManager({ dataDir: config.dataDir });
@@ -27751,18 +28190,43 @@ async function startDaemon(config) {
     logger.warn("stale state file detected, overwriting", { pid: pre.existing.pid });
   }
   let resolvedAuthToken = null;
-  let authFile = null;
   if (config.authToken && config.authToken.trim()) {
     resolvedAuthToken = config.authToken.trim();
   } else if (config.tunnel) {
-    authFile = loadOrCreateAuthFile({ dataDir: config.dataDir });
-    resolvedAuthToken = authFile.token;
+    resolvedAuthToken = loadOrCreateAuthToken({ dataDir: config.dataDir });
   }
   const authMode = resolvedAuthToken == null ? "none" : "first-message";
+  const capabilityStore = new CapabilityStore(config.dataDir);
+  const capabilityRegistry = new CapabilityRegistry(capabilityStore);
+  const capabilityManager = new CapabilityManager(capabilityRegistry, {
+    onIssued: (cap, token) => {
+      wsServer?.broadcastToOwners({
+        type: "capability:tokenIssued",
+        capability: stripSecretHash(cap),
+        token
+      });
+    },
+    onRevoked: (cap) => {
+      wsServer?.broadcastToOwners({
+        type: "capability:tokenRevoked",
+        capabilityId: cap.id,
+        revokedAt: cap.revokedAt
+      });
+      wsServer?.closeConnectionsByCapability(cap.id);
+    }
+  });
   let wsServer = null;
   const authGate = authMode === "first-message" ? new AuthGate({
     shouldEnforce: buildShouldEnforce({ tunnel: config.tunnel }),
+    // Task 1.7：authenticate 注入路径替代 expectedToken 单 token 比对。
+    // owner 路径 constantTimeEqual 防侧信道；guest 路径走 capabilityRegistry.
     expectedToken: resolvedAuthToken,
+    authenticate: (t) => authenticate(t, {
+      isOwnerToken: (x) => resolvedAuthToken != null && constantTimeEqual(x, resolvedAuthToken),
+      capabilityRegistry
+    }),
+    onAuthed: (h, ctx) => wsServer?.attachClientContext(h.id, ctx),
+    buildOwnerContext: ownerContext,
     closeConnection: (h, code, reason) => wsServer?.closeClient(h.id, code, reason),
     sendOk: (h, payload) => wsServer?.sendToClient(h.id, payload)
   }) : null;
@@ -27773,7 +28237,7 @@ async function startDaemon(config) {
   const agents = new AgentsScanner();
   const history = new ClaudeHistoryReader();
   let transport = null;
-  const personaStore = new PersonaStore(import_node_path27.default.join(config.dataDir, "personas"));
+  const personaStore = new PersonaStore(import_node_path26.default.join(config.dataDir, "personas"));
   const defaultsRoot = findDefaultsRoot();
   if (defaultsRoot) {
     seedDefaultPersonas({ store: personaStore, defaultsRoot, logger });
@@ -27788,7 +28252,7 @@ async function startDaemon(config) {
     getAdapter,
     historyReader: history,
     dataDir: config.dataDir,
-    personaRoot: import_node_path27.default.join(config.dataDir, "personas"),
+    personaRoot: import_node_path26.default.join(config.dataDir, "personas"),
     personaStore,
     ownerDisplayName,
     mode: config.mode,
@@ -27811,7 +28275,7 @@ async function startDaemon(config) {
     // 文件可能 agent 写完又被自己删（罕见），用 size=0 / fallback mime 兜底。
     attachmentGroup: {
       onFileEdit: (input) => {
-        const absPath = import_node_path27.default.isAbsolute(input.relPath) ? input.relPath : import_node_path27.default.join(input.cwd, input.relPath);
+        const absPath = import_node_path26.default.isAbsolute(input.relPath) ? input.relPath : import_node_path26.default.join(input.cwd, input.relPath);
         let size = 0;
         try {
           size = import_node_fs24.default.statSync(absPath).size;
@@ -27910,23 +28374,25 @@ async function startDaemon(config) {
     httpToken: resolvedAuthToken,
     // file-sharing attachment.* RPC。signUrl 用 owner token 做 HMAC secret；group RPC
     // 根据 sessionId 反查 scope 写盘。
-    //
-    // sessionStore / getSessionScope 都走 manager 的跨 scope 公开 API（findOwnedSession /
-    // findOwnedSessionScope）—— 否则 default-only SessionStore 找不到 persona owner-mode
-    // session，attachment 整套 RPC 对 persona session 都会报 "session not found"。
-    // 详见 fix(daemon) #703：file-sharing v1 预存 wiring bug，#701 把 desktop 默认 --tunnel
-    // 后首次让 desktop 用户用上 file-sharing 才被暴露。
     attachment: {
       groupFileStore,
-      sessionStore: { read: (sid) => manager.findOwnedSession(sid) },
       getHttpBaseUrl,
-      // HMAC sign secret：~/.clawd/auth.json signSecret 字段（与 WS Bearer token 独立）。
-      // --auth-token CLI 模式 / noAuth 模式 authFile 为 null → handler 自己返 NOT_IMPLEMENTED。
-      getSignSecret: () => authFile?.signSecret ?? "",
-      // group RPC + sign 都用：根据 sessionId 反查 scope。owner-mode persona session 走
+      // HMAC sign secret：复用 ~/.clawd/auth.json owner token（持久跨重启）。
+      // noAuth 模式 resolvedAuthToken 为 null → handler 自己返 NOT_IMPLEMENTED。
+      getSignSecret: () => resolvedAuthToken ?? "",
+      // group RPC：根据 sessionId 反查 scope；owner-mode persona session 走
       // 'persona/<pid>/owner'，default 走 'default'。
-      getSessionScope: (sid) => manager.findOwnedSessionScope(sid)
-    }
+      getSessionScope: (sessionId) => {
+        const file = store.read(sessionId);
+        if (!file) return null;
+        if (file.ownerPersonaId) {
+          return { kind: "persona", personaId: file.ownerPersonaId, mode: "owner" };
+        }
+        return { kind: "default" };
+      }
+    },
+    // Task 1.9: capability:issue/list/revoke handler 依赖
+    capabilityManager
   });
   const authResolver = new AuthContextResolver({
     ownerToken: resolvedAuthToken,
@@ -27939,9 +28405,8 @@ async function startDaemon(config) {
     personaStore,
     groupFileStore,
     sessionStore: store,
-    // /files HMAC verify 用 auth.json 的 signSecret 字段（与 attachment.signUrl 同源）。
-    // --auth-token CLI 模式没 signSecret → 路由返 501，sign URL 功能整体禁用。
-    getSignSecret: () => authFile?.signSecret ?? null
+    // /files HMAC verify 用同一份 owner token 做 secret（与 attachment.signUrl 同源）
+    getSignSecret: () => resolvedAuthToken ?? null
   });
   wsServer = new LocalWsServer({
     host: config.host,
@@ -28014,7 +28479,18 @@ async function startDaemon(config) {
     const requestId = typeof frame.requestId === "string" ? frame.requestId : void 0;
     const handler = handlers[type];
     if (!handler) throw new ClawdError(ERROR_CODES.METHOD_NOT_IMPLEMENTED, `not implemented: ${type}`);
-    const result = await handler(frame, client);
+    const ctx = wsServer.getClientContext(client.id) ?? ownerContext();
+    const verdict = computeGrantForFrame(type, frame);
+    if (verdict.kind === "check") {
+      const ok = assertGrant(ctx.grants, verdict.resource, verdict.action);
+      if (!ok) {
+        throw new ClawdError(
+          ERROR_CODES.UNAUTHORIZED,
+          `principal ${ctx.principal.kind}:${ctx.principal.id} cannot ${verdict.action} on ${verdict.resource.type}${"id" in verdict.resource ? ":" + verdict.resource.id : ""}`
+        );
+      }
+    }
+    const result = await handler(frame, client, ctx);
     if (requestId && result.response) {
       client.send({ ...result.response, requestId });
     }
@@ -28072,15 +28548,15 @@ async function startDaemon(config) {
     });
     try {
       const r = await tunnelMgr.start({ localPort: config.port });
-      stateSnapshot = { ...stateSnapshot, tunnelUrl: r.url, tunnelError: void 0 };
+      stateSnapshot = { ...stateSnapshot, tunnelUrl: r.url };
       stateMgr.write(stateSnapshot);
       currentTunnelUrl = r.url;
       const connectUrl = resolvedAuthToken ? `${r.url}#token=${resolvedAuthToken}` : r.url;
       const lines = [
         `Tunnel:      ${r.url}`,
         ...resolvedAuthToken ? [`Connect:     ${connectUrl}`] : [],
-        `Frpc config: ${import_node_path27.default.join(config.dataDir, "frpc.toml")}`,
-        `Frpc log:    ${import_node_path27.default.join(config.dataDir, "frpc.log")}`
+        `Frpc config: ${import_node_path26.default.join(config.dataDir, "frpc.toml")}`,
+        `Frpc log:    ${import_node_path26.default.join(config.dataDir, "frpc.log")}`
       ];
       const width = Math.max(...lines.map((l) => l.length));
       const bar = "\u2550".repeat(width + 4);
@@ -28093,30 +28569,19 @@ ${bar}
 `);
       try {
-        const connectPath = import_node_path27.default.join(config.dataDir, "connect.txt");
+        const connectPath = import_node_path26.default.join(config.dataDir, "connect.txt");
         import_node_fs24.default.writeFileSync(connectPath, lines.join("\n") + "\n", { mode: 384 });
       } catch {
       }
     } catch (err) {
-      const tunnelError = err?.message ?? String(err);
       try {
         await tunnelMgr.stop();
       } catch {
       }
       tunnelMgr = null;
-      stateSnapshot = { ...stateSnapshot, tunnelUrl: void 0, tunnelError };
-      try {
-        stateMgr.write(stateSnapshot);
-      } catch {
-      }
-      wss.broadcastAll({
-        type: "tunnel:unavailable",
-        reason: tunnelError,
-        failedAt: (/* @__PURE__ */ new Date()).toISOString()
-      });
-      process.stdout.write(`Tunnel:      unavailable (local mode) \u2014 ${tunnelError}
-`);
-      logger.warn("tunnel unavailable, degraded to local mode", { reason: tunnelError });
+      stateMgr.delete();
+      await wss.stop();
+      throw err;
     }
   }
   const shutdown = async () => {