npm - @clawos-dev/clawd - Versions diffs - 0.2.71-beta.123.6a5ed6f → 0.2.71-beta.125.4951782 - Mend

@clawos-dev/clawd 0.2.71-beta.123.6a5ed6f → 0.2.71-beta.125.4951782

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/cli.cjs +585 -134
package/package.json +1 -1

package/dist/cli.cjs CHANGED Viewed

@@ -121,6 +121,11 @@ var init_methods = __esm({
       "capability:issue",
       "capability:list",
       "capability:revoke",
+      // ---- inbox:* (capability platform Phase 3 跨用户通知) ----
+      // owner 接 guest 的 cross-principal 消息事件. 当前 Phase 3 仅 owner 调 (admin-only),
+      // Phase 4 DM 真接通后 guest 也能调 inbox:postMessage 等 (本批次不加 postMessage).
+      "inbox:list",
+      "inbox:markRead",
       "info",
       "ping"
     ];
@@ -612,8 +617,8 @@ var init_parseUtil = __esm({
     init_errors2();
     init_en();
     makeIssue = (params) => {
-      const { data, path: path32, errorMaps, issueData } = params;
-      const fullPath = [...path32, ...issueData.path || []];
+      const { data, path: path36, errorMaps, issueData } = params;
+      const fullPath = [...path36, ...issueData.path || []];
       const fullIssue = {
         ...issueData,
         path: fullPath
@@ -924,11 +929,11 @@ var init_types = __esm({
     init_parseUtil();
     init_util();
     ParseInputLazyPath = class {
-      constructor(parent, value, path32, key) {
+      constructor(parent, value, path36, key) {
         this._cachedPath = [];
         this.parent = parent;
         this.data = value;
-        this._path = path32;
+        this._path = path36;
         this._key = key;
       }
       get path() {
@@ -5112,6 +5117,40 @@ var init_capability = __esm({
   }
 });
+// ../protocol/src/inbox.ts
+var INBOX_EVENT_KIND_VALUES, InboxEventKindSchema, INBOX_PREVIEW_MAX_LENGTH, InboxEventSchema, InboxListArgsSchema, InboxMarkReadArgsSchema;
+var init_inbox = __esm({
+  "../protocol/src/inbox.ts"() {
+    "use strict";
+    init_zod();
+    init_principal();
+    init_capability();
+    INBOX_EVENT_KIND_VALUES = ["persona-mention", "direct-message"];
+    InboxEventKindSchema = external_exports.enum(INBOX_EVENT_KIND_VALUES);
+    INBOX_PREVIEW_MAX_LENGTH = 140;
+    InboxEventSchema = external_exports.object({
+      id: external_exports.string().min(1),
+      kind: InboxEventKindSchema,
+      fromPrincipal: PrincipalSchema,
+      toPrincipal: PrincipalSchema,
+      // persona-mention 才有, direct-message 不带
+      resource: ResourceSchema.optional(),
+      preview: external_exports.string().max(INBOX_PREVIEW_MAX_LENGTH),
+      createdAt: external_exports.number().int().nonnegative(),
+      readAt: external_exports.number().int().positive().optional(),
+      // direct-message 才有, sha256 hex 64; 派生规则: sha256(min(A,B) + '/' + max(A,B))
+      threadId: external_exports.string().regex(/^[a-f0-9]{64}$/).optional()
+    }).strict();
+    InboxListArgsSchema = external_exports.object({
+      // false / 缺省 = 只返回未读; true = 含已读 (历史回溯用)
+      includeRead: external_exports.boolean().optional()
+    }).strict();
+    InboxMarkReadArgsSchema = external_exports.object({
+      eventId: external_exports.string().min(1)
+    }).strict();
+  }
+});
 // ../protocol/src/runtime.ts
 var init_runtime = __esm({
   "../protocol/src/runtime.ts"() {
@@ -5126,6 +5165,7 @@ var init_runtime = __esm({
     init_attachment_schemas();
     init_principal();
     init_capability();
+    init_inbox();
   }
 });
@@ -5400,8 +5440,8 @@ var require_req = __commonJS({
       if (req.originalUrl) {
         _req.url = req.originalUrl;
       } else {
-        const path32 = req.path;
-        _req.url = typeof path32 === "string" ? path32 : req.url ? req.url.path || req.url : void 0;
+        const path36 = req.path;
+        _req.url = typeof path36 === "string" ? path36 : req.url ? req.url.path || req.url : void 0;
       }
       if (req.query) {
         _req.query = req.query;
@@ -5566,14 +5606,14 @@ var require_redact = __commonJS({
       }
       return obj;
     }
-    function parsePath(path32) {
+    function parsePath(path36) {
       const parts = [];
       let current = "";
       let inBrackets = false;
       let inQuotes = false;
       let quoteChar = "";
-      for (let i = 0; i < path32.length; i++) {
-        const char = path32[i];
+      for (let i = 0; i < path36.length; i++) {
+        const char = path36[i];
         if (!inBrackets && char === ".") {
           if (current) {
             parts.push(current);
@@ -5704,10 +5744,10 @@ var require_redact = __commonJS({
       return current;
     }
     function redactPaths(obj, paths, censor, remove = false) {
-      for (const path32 of paths) {
-        const parts = parsePath(path32);
+      for (const path36 of paths) {
+        const parts = parsePath(path36);
         if (parts.includes("*")) {
-          redactWildcardPath(obj, parts, censor, path32, remove);
+          redactWildcardPath(obj, parts, censor, path36, remove);
         } else {
           if (remove) {
             removeKey(obj, parts);
@@ -5792,8 +5832,8 @@ var require_redact = __commonJS({
           }
         } else {
           if (afterWildcard.includes("*")) {
-            const wrappedCensor = typeof censor === "function" ? (value, path32) => {
-              const fullPath = [...pathArray.slice(0, pathLength), ...path32];
+            const wrappedCensor = typeof censor === "function" ? (value, path36) => {
+              const fullPath = [...pathArray.slice(0, pathLength), ...path36];
               return censor(value, fullPath);
             } : censor;
             redactWildcardPath(current, afterWildcard, wrappedCensor, originalPath, remove);
@@ -5828,8 +5868,8 @@ var require_redact = __commonJS({
         return null;
       }
       const pathStructure = /* @__PURE__ */ new Map();
-      for (const path32 of pathsToClone) {
-        const parts = parsePath(path32);
+      for (const path36 of pathsToClone) {
+        const parts = parsePath(path36);
         let current = pathStructure;
         for (let i = 0; i < parts.length; i++) {
           const part = parts[i];
@@ -5881,24 +5921,24 @@ var require_redact = __commonJS({
       }
       return cloneSelectively(obj, pathStructure);
     }
-    function validatePath(path32) {
-      if (typeof path32 !== "string") {
+    function validatePath(path36) {
+      if (typeof path36 !== "string") {
         throw new Error("Paths must be (non-empty) strings");
       }
-      if (path32 === "") {
+      if (path36 === "") {
         throw new Error("Invalid redaction path ()");
       }
-      if (path32.includes("..")) {
-        throw new Error(`Invalid redaction path (${path32})`);
+      if (path36.includes("..")) {
+        throw new Error(`Invalid redaction path (${path36})`);
       }
-      if (path32.includes(",")) {
-        throw new Error(`Invalid redaction path (${path32})`);
+      if (path36.includes(",")) {
+        throw new Error(`Invalid redaction path (${path36})`);
       }
       let bracketCount = 0;
       let inQuotes = false;
       let quoteChar = "";
-      for (let i = 0; i < path32.length; i++) {
-        const char = path32[i];
+      for (let i = 0; i < path36.length; i++) {
+        const char = path36[i];
         if ((char === '"' || char === "'") && bracketCount > 0) {
           if (!inQuotes) {
             inQuotes = true;
@@ -5912,20 +5952,20 @@ var require_redact = __commonJS({
         } else if (char === "]" && !inQuotes) {
           bracketCount--;
           if (bracketCount < 0) {
-            throw new Error(`Invalid redaction path (${path32})`);
+            throw new Error(`Invalid redaction path (${path36})`);
           }
         }
       }
       if (bracketCount !== 0) {
-        throw new Error(`Invalid redaction path (${path32})`);
+        throw new Error(`Invalid redaction path (${path36})`);
       }
     }
     function validatePaths(paths) {
       if (!Array.isArray(paths)) {
         throw new TypeError("paths must be an array");
       }
-      for (const path32 of paths) {
-        validatePath(path32);
+      for (const path36 of paths) {
+        validatePath(path36);
       }
     }
     function slowRedact(options = {}) {
@@ -6093,8 +6133,8 @@ var require_redaction = __commonJS({
         if (shape[k2] === null) {
           o[k2] = (value) => topCensor(value, [k2]);
         } else {
-          const wrappedCensor = typeof censor === "function" ? (value, path32) => {
-            return censor(value, [k2, ...path32]);
+          const wrappedCensor = typeof censor === "function" ? (value, path36) => {
+            return censor(value, [k2, ...path36]);
           } : censor;
           o[k2] = Redact({
             paths: shape[k2],
@@ -6312,10 +6352,10 @@ var require_atomic_sleep = __commonJS({
 var require_sonic_boom = __commonJS({
   "../node_modules/.pnpm/sonic-boom@4.2.1/node_modules/sonic-boom/index.js"(exports2, module2) {
     "use strict";
-    var fs29 = require("fs");
+    var fs32 = require("fs");
     var EventEmitter2 = require("events");
     var inherits = require("util").inherits;
-    var path32 = require("path");
+    var path36 = require("path");
     var sleep = require_atomic_sleep();
     var assert = require("assert");
     var BUSY_WRITE_TIMEOUT = 100;
@@ -6369,20 +6409,20 @@ var require_sonic_boom = __commonJS({
       const mode = sonic.mode;
       if (sonic.sync) {
         try {
-          if (sonic.mkdir) fs29.mkdirSync(path32.dirname(file), { recursive: true });
-          const fd = fs29.openSync(file, flags, mode);
+          if (sonic.mkdir) fs32.mkdirSync(path36.dirname(file), { recursive: true });
+          const fd = fs32.openSync(file, flags, mode);
           fileOpened(null, fd);
         } catch (err) {
           fileOpened(err);
           throw err;
         }
       } else if (sonic.mkdir) {
-        fs29.mkdir(path32.dirname(file), { recursive: true }, (err) => {
+        fs32.mkdir(path36.dirname(file), { recursive: true }, (err) => {
           if (err) return fileOpened(err);
-          fs29.open(file, flags, mode, fileOpened);
+          fs32.open(file, flags, mode, fileOpened);
         });
       } else {
-        fs29.open(file, flags, mode, fileOpened);
+        fs32.open(file, flags, mode, fileOpened);
       }
     }
     function SonicBoom(opts) {
@@ -6423,8 +6463,8 @@ var require_sonic_boom = __commonJS({
         this.flush = flushBuffer;
         this.flushSync = flushBufferSync;
         this._actualWrite = actualWriteBuffer;
-        fsWriteSync = () => fs29.writeSync(this.fd, this._writingBuf);
-        fsWrite = () => fs29.write(this.fd, this._writingBuf, this.release);
+        fsWriteSync = () => fs32.writeSync(this.fd, this._writingBuf);
+        fsWrite = () => fs32.write(this.fd, this._writingBuf, this.release);
       } else if (contentMode === void 0 || contentMode === kContentModeUtf8) {
         this._writingBuf = "";
         this.write = write;
@@ -6433,15 +6473,15 @@ var require_sonic_boom = __commonJS({
         this._actualWrite = actualWrite;
         fsWriteSync = () => {
           if (Buffer.isBuffer(this._writingBuf)) {
-            return fs29.writeSync(this.fd, this._writingBuf);
+            return fs32.writeSync(this.fd, this._writingBuf);
           }
-          return fs29.writeSync(this.fd, this._writingBuf, "utf8");
+          return fs32.writeSync(this.fd, this._writingBuf, "utf8");
         };
         fsWrite = () => {
           if (Buffer.isBuffer(this._writingBuf)) {
-            return fs29.write(this.fd, this._writingBuf, this.release);
+            return fs32.write(this.fd, this._writingBuf, this.release);
           }
-          return fs29.write(this.fd, this._writingBuf, "utf8", this.release);
+          return fs32.write(this.fd, this._writingBuf, "utf8", this.release);
         };
       } else {
         throw new Error(`SonicBoom supports "${kContentModeUtf8}" and "${kContentModeBuffer}", but passed ${contentMode}`);
@@ -6498,7 +6538,7 @@ var require_sonic_boom = __commonJS({
           }
         }
         if (this._fsync) {
-          fs29.fsyncSync(this.fd);
+          fs32.fsyncSync(this.fd);
         }
         const len = this._len;
         if (this._reopening) {
@@ -6612,7 +6652,7 @@ var require_sonic_boom = __commonJS({
       const onDrain = () => {
         if (!this._fsync) {
           try {
-            fs29.fsync(this.fd, (err) => {
+            fs32.fsync(this.fd, (err) => {
               this._flushPending = false;
               cb(err);
             });
@@ -6714,7 +6754,7 @@ var require_sonic_boom = __commonJS({
       const fd = this.fd;
       this.once("ready", () => {
         if (fd !== this.fd) {
-          fs29.close(fd, (err) => {
+          fs32.close(fd, (err) => {
             if (err) {
               return this.emit("error", err);
             }
@@ -6763,7 +6803,7 @@ var require_sonic_boom = __commonJS({
           buf = this._bufs[0];
         }
         try {
-          const n = Buffer.isBuffer(buf) ? fs29.writeSync(this.fd, buf) : fs29.writeSync(this.fd, buf, "utf8");
+          const n = Buffer.isBuffer(buf) ? fs32.writeSync(this.fd, buf) : fs32.writeSync(this.fd, buf, "utf8");
           const releasedBufObj = releaseWritingBuf(buf, this._len, n);
           buf = releasedBufObj.writingBuf;
           this._len = releasedBufObj.len;
@@ -6779,7 +6819,7 @@ var require_sonic_boom = __commonJS({
         }
       }
       try {
-        fs29.fsyncSync(this.fd);
+        fs32.fsyncSync(this.fd);
       } catch {
       }
     }
@@ -6800,7 +6840,7 @@ var require_sonic_boom = __commonJS({
           buf = mergeBuf(this._bufs[0], this._lens[0]);
         }
         try {
-          const n = fs29.writeSync(this.fd, buf);
+          const n = fs32.writeSync(this.fd, buf);
           buf = buf.subarray(n);
           this._len = Math.max(this._len - n, 0);
           if (buf.length <= 0) {
@@ -6828,13 +6868,13 @@ var require_sonic_boom = __commonJS({
       this._writingBuf = this._writingBuf.length ? this._writingBuf : this._bufs.shift() || "";
       if (this.sync) {
         try {
-          const written = Buffer.isBuffer(this._writingBuf) ? fs29.writeSync(this.fd, this._writingBuf) : fs29.writeSync(this.fd, this._writingBuf, "utf8");
+          const written = Buffer.isBuffer(this._writingBuf) ? fs32.writeSync(this.fd, this._writingBuf) : fs32.writeSync(this.fd, this._writingBuf, "utf8");
           release(null, written);
         } catch (err) {
           release(err);
         }
       } else {
-        fs29.write(this.fd, this._writingBuf, release);
+        fs32.write(this.fd, this._writingBuf, release);
       }
     }
     function actualWriteBuffer() {
@@ -6843,7 +6883,7 @@ var require_sonic_boom = __commonJS({
       this._writingBuf = this._writingBuf.length ? this._writingBuf : mergeBuf(this._bufs.shift(), this._lens.shift());
       if (this.sync) {
         try {
-          const written = fs29.writeSync(this.fd, this._writingBuf);
+          const written = fs32.writeSync(this.fd, this._writingBuf);
           release(null, written);
         } catch (err) {
           release(err);
@@ -6852,7 +6892,7 @@ var require_sonic_boom = __commonJS({
         if (kCopyBuffer) {
           this._writingBuf = Buffer.from(this._writingBuf);
         }
-        fs29.write(this.fd, this._writingBuf, release);
+        fs32.write(this.fd, this._writingBuf, release);
       }
     }
     function actualClose(sonic) {
@@ -6868,12 +6908,12 @@ var require_sonic_boom = __commonJS({
       sonic._lens = [];
       assert(typeof sonic.fd === "number", `sonic.fd must be a number, got ${typeof sonic.fd}`);
       try {
-        fs29.fsync(sonic.fd, closeWrapped);
+        fs32.fsync(sonic.fd, closeWrapped);
       } catch {
       }
       function closeWrapped() {
         if (sonic.fd !== 1 && sonic.fd !== 2) {
-          fs29.close(sonic.fd, done);
+          fs32.close(sonic.fd, done);
         } else {
           done();
         }
@@ -7130,7 +7170,7 @@ var require_thread_stream = __commonJS({
     var { version: version2 } = require_package();
     var { EventEmitter: EventEmitter2 } = require("events");
     var { Worker } = require("worker_threads");
-    var { join: join5 } = require("path");
+    var { join: join9 } = require("path");
     var { pathToFileURL } = require("url");
     var { wait } = require_wait();
     var {
@@ -7166,7 +7206,7 @@ var require_thread_stream = __commonJS({
     function createWorker(stream, opts) {
       const { filename, workerData } = opts;
       const bundlerOverrides = "__bundlerPathsOverrides" in globalThis ? globalThis.__bundlerPathsOverrides : {};
-      const toExecute = bundlerOverrides["thread-stream-worker"] || join5(__dirname, "lib", "worker.js");
+      const toExecute = bundlerOverrides["thread-stream-worker"] || join9(__dirname, "lib", "worker.js");
       const worker = new Worker(toExecute, {
         ...opts.workerOpts,
         trackUnmanagedFds: false,
@@ -7552,7 +7592,7 @@ var require_transport = __commonJS({
     "use strict";
     var { createRequire } = require("module");
     var getCallers = require_caller();
-    var { join: join5, isAbsolute, sep } = require("path");
+    var { join: join9, isAbsolute, sep: sep2 } = require("path");
     var sleep = require_atomic_sleep();
     var onExit = require_on_exit_leak_free();
     var ThreadStream = require_thread_stream();
@@ -7615,7 +7655,7 @@ var require_transport = __commonJS({
         throw new Error("only one of target or targets can be specified");
       }
       if (targets) {
-        target = bundlerOverrides["pino-worker"] || join5(__dirname, "worker.js");
+        target = bundlerOverrides["pino-worker"] || join9(__dirname, "worker.js");
         options.targets = targets.filter((dest) => dest.target).map((dest) => {
           return {
             ...dest,
@@ -7633,7 +7673,7 @@ var require_transport = __commonJS({
           });
         });
       } else if (pipeline2) {
-        target = bundlerOverrides["pino-worker"] || join5(__dirname, "worker.js");
+        target = bundlerOverrides["pino-worker"] || join9(__dirname, "worker.js");
         options.pipelines = [pipeline2.map((dest) => {
           return {
             ...dest,
@@ -7655,12 +7695,12 @@ var require_transport = __commonJS({
           return origin;
         }
         if (origin === "pino/file") {
-          return join5(__dirname, "..", "file.js");
+          return join9(__dirname, "..", "file.js");
         }
         let fixTarget2;
         for (const filePath of callers) {
           try {
-            const context = filePath === "node:repl" ? process.cwd() + sep : filePath;
+            const context = filePath === "node:repl" ? process.cwd() + sep2 : filePath;
             fixTarget2 = createRequire(context).resolve(origin);
             break;
           } catch (err) {
@@ -8645,7 +8685,7 @@ var require_safe_stable_stringify = __commonJS({
               return circularValue;
             }
             let res = "";
-            let join5 = ",";
+            let join9 = ",";
             const originalIndentation = indentation;
             if (Array.isArray(value)) {
               if (value.length === 0) {
@@ -8659,7 +8699,7 @@ var require_safe_stable_stringify = __commonJS({
                 indentation += spacer;
                 res += `
 ${indentation}`;
-                join5 = `,
+                join9 = `,
 ${indentation}`;
               }
               const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
@@ -8667,13 +8707,13 @@ ${indentation}`;
               for (; i < maximumValuesToStringify - 1; i++) {
                 const tmp2 = stringifyFnReplacer(String(i), value, stack, replacer, spacer, indentation);
                 res += tmp2 !== void 0 ? tmp2 : "null";
-                res += join5;
+                res += join9;
               }
               const tmp = stringifyFnReplacer(String(i), value, stack, replacer, spacer, indentation);
               res += tmp !== void 0 ? tmp : "null";
               if (value.length - 1 > maximumBreadth) {
                 const removedKeys = value.length - maximumBreadth - 1;
-                res += `${join5}"... ${getItemCount(removedKeys)} not stringified"`;
+                res += `${join9}"... ${getItemCount(removedKeys)} not stringified"`;
               }
               if (spacer !== "") {
                 res += `
@@ -8694,7 +8734,7 @@ ${originalIndentation}`;
             let separator = "";
             if (spacer !== "") {
               indentation += spacer;
-              join5 = `,
+              join9 = `,
 ${indentation}`;
               whitespace = " ";
             }
@@ -8708,13 +8748,13 @@ ${indentation}`;
               const tmp = stringifyFnReplacer(key2, value, stack, replacer, spacer, indentation);
               if (tmp !== void 0) {
                 res += `${separator}${strEscape(key2)}:${whitespace}${tmp}`;
-                separator = join5;
+                separator = join9;
               }
             }
             if (keyLength > maximumBreadth) {
               const removedKeys = keyLength - maximumBreadth;
               res += `${separator}"...":${whitespace}"${getItemCount(removedKeys)} not stringified"`;
-              separator = join5;
+              separator = join9;
             }
             if (spacer !== "" && separator.length > 1) {
               res = `
@@ -8755,7 +8795,7 @@ ${originalIndentation}`;
             }
             const originalIndentation = indentation;
             let res = "";
-            let join5 = ",";
+            let join9 = ",";
             if (Array.isArray(value)) {
               if (value.length === 0) {
                 return "[]";
@@ -8768,7 +8808,7 @@ ${originalIndentation}`;
                 indentation += spacer;
                 res += `
 ${indentation}`;
-                join5 = `,
+                join9 = `,
 ${indentation}`;
               }
               const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
@@ -8776,13 +8816,13 @@ ${indentation}`;
               for (; i < maximumValuesToStringify - 1; i++) {
                 const tmp2 = stringifyArrayReplacer(String(i), value[i], stack, replacer, spacer, indentation);
                 res += tmp2 !== void 0 ? tmp2 : "null";
-                res += join5;
+                res += join9;
               }
               const tmp = stringifyArrayReplacer(String(i), value[i], stack, replacer, spacer, indentation);
               res += tmp !== void 0 ? tmp : "null";
               if (value.length - 1 > maximumBreadth) {
                 const removedKeys = value.length - maximumBreadth - 1;
-                res += `${join5}"... ${getItemCount(removedKeys)} not stringified"`;
+                res += `${join9}"... ${getItemCount(removedKeys)} not stringified"`;
               }
               if (spacer !== "") {
                 res += `
@@ -8795,7 +8835,7 @@ ${originalIndentation}`;
             let whitespace = "";
             if (spacer !== "") {
               indentation += spacer;
-              join5 = `,
+              join9 = `,
 ${indentation}`;
               whitespace = " ";
             }
@@ -8804,7 +8844,7 @@ ${indentation}`;
               const tmp = stringifyArrayReplacer(key2, value[key2], stack, replacer, spacer, indentation);
               if (tmp !== void 0) {
                 res += `${separator}${strEscape(key2)}:${whitespace}${tmp}`;
-                separator = join5;
+                separator = join9;
               }
             }
             if (spacer !== "" && separator.length > 1) {
@@ -8862,20 +8902,20 @@ ${originalIndentation}`;
               indentation += spacer;
               let res2 = `
 ${indentation}`;
-              const join6 = `,
+              const join10 = `,
 ${indentation}`;
               const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
               let i = 0;
               for (; i < maximumValuesToStringify - 1; i++) {
                 const tmp2 = stringifyIndent(String(i), value[i], stack, spacer, indentation);
                 res2 += tmp2 !== void 0 ? tmp2 : "null";
-                res2 += join6;
+                res2 += join10;
               }
               const tmp = stringifyIndent(String(i), value[i], stack, spacer, indentation);
               res2 += tmp !== void 0 ? tmp : "null";
               if (value.length - 1 > maximumBreadth) {
                 const removedKeys = value.length - maximumBreadth - 1;
-                res2 += `${join6}"... ${getItemCount(removedKeys)} not stringified"`;
+                res2 += `${join10}"... ${getItemCount(removedKeys)} not stringified"`;
               }
               res2 += `
 ${originalIndentation}`;
@@ -8891,16 +8931,16 @@ ${originalIndentation}`;
               return '"[Object]"';
             }
             indentation += spacer;
-            const join5 = `,
+            const join9 = `,
 ${indentation}`;
             let res = "";
             let separator = "";
             let maximumPropertiesToStringify = Math.min(keyLength, maximumBreadth);
             if (isTypedArrayWithEntries(value)) {
-              res += stringifyTypedArray(value, join5, maximumBreadth);
+              res += stringifyTypedArray(value, join9, maximumBreadth);
               keys = keys.slice(value.length);
               maximumPropertiesToStringify -= value.length;
-              separator = join5;
+              separator = join9;
             }
             if (deterministic) {
               keys = sort(keys, comparator);
@@ -8911,13 +8951,13 @@ ${indentation}`;
               const tmp = stringifyIndent(key2, value[key2], stack, spacer, indentation);
               if (tmp !== void 0) {
                 res += `${separator}${strEscape(key2)}: ${tmp}`;
-                separator = join5;
+                separator = join9;
               }
             }
             if (keyLength > maximumBreadth) {
               const removedKeys = keyLength - maximumBreadth;
               res += `${separator}"...": "${getItemCount(removedKeys)} not stringified"`;
-              separator = join5;
+              separator = join9;
             }
             if (separator !== "") {
               res = `
@@ -10008,11 +10048,11 @@ var init_lib = __esm({
           }
         }
       },
-      addToPath: function addToPath(path32, added, removed, oldPosInc, options) {
-        var last = path32.lastComponent;
+      addToPath: function addToPath(path36, added, removed, oldPosInc, options) {
+        var last = path36.lastComponent;
         if (last && !options.oneChangePerToken && last.added === added && last.removed === removed) {
           return {
-            oldPos: path32.oldPos + oldPosInc,
+            oldPos: path36.oldPos + oldPosInc,
             lastComponent: {
               count: last.count + 1,
               added,
@@ -10022,7 +10062,7 @@ var init_lib = __esm({
           };
         } else {
           return {
-            oldPos: path32.oldPos + oldPosInc,
+            oldPos: path36.oldPos + oldPosInc,
             lastComponent: {
               count: 1,
               added,
@@ -10080,7 +10120,7 @@ var init_lib = __esm({
       tokenize: function tokenize(value) {
         return Array.from(value);
       },
-      join: function join3(chars) {
+      join: function join4(chars) {
         return chars.join("");
       },
       postProcess: function postProcess(changeObjects) {
@@ -10453,10 +10493,10 @@ function attachmentToHistoryMessage(o, ts) {
     const memories = raw.map((m2) => {
       if (!m2 || typeof m2 !== "object") return null;
       const rec = m2;
-      const path32 = typeof rec.path === "string" ? rec.path : null;
+      const path36 = typeof rec.path === "string" ? rec.path : null;
       const content = typeof rec.content === "string" ? rec.content : null;
-      if (!path32 || content == null) return null;
-      const entry = { path: path32, content };
+      if (!path36 || content == null) return null;
+      const entry = { path: path36, content };
       if (typeof rec.mtimeMs === "number") entry.mtimeMs = rec.mtimeMs;
       return entry;
     }).filter((m2) => m2 !== null);
@@ -10916,6 +10956,27 @@ var init_claude_history = __esm({
   }
 });
+// src/tools/sandbox.ts
+function shouldSandbox(cwd, personaRoot) {
+  if (!personaRoot) return false;
+  const sep2 = personaRoot.endsWith(path12.sep) ? "" : path12.sep;
+  return cwd.startsWith(personaRoot + sep2) && cwd !== personaRoot;
+}
+function inferSandboxSettingsPath(cwd, personaRoot) {
+  if (!shouldSandbox(cwd, personaRoot)) return null;
+  const rel = path12.relative(personaRoot, cwd);
+  const personaId = rel.split(path12.sep)[0];
+  if (!personaId) return null;
+  return path12.join(personaRoot, personaId, ".clawd", "sandbox-settings.json");
+}
+var path12;
+var init_sandbox = __esm({
+  "src/tools/sandbox.ts"() {
+    "use strict";
+    path12 = __toESM(require("path"), 1);
+  }
+});
 // src/tools/claude.ts
 function macOSDesktopCandidates(home) {
   return [
@@ -10980,7 +11041,8 @@ function buildSpawnArgs(ctx) {
       throw new Error(`unexpected personaMode: ${String(_exhaustive)}`);
     }
   }
-  if (ctx.extraSettings) args.push("--settings", ctx.extraSettings);
+  const sandboxSettings = ctx.extraSettings ?? inferSandboxSettingsPath(ctx.cwd, ctx.personaRoot);
+  if (sandboxSettings) args.push("--settings", sandboxSettings);
   if (ctx.extraSystemPrompt) args.push("--append-system-prompt", ctx.extraSystemPrompt);
   if (ctx.effort) args.push("--effort", ctx.effort);
   if (ctx.toolSessionId) args.push("--resume", ctx.toolSessionId);
@@ -11260,10 +11322,10 @@ function parseAttachment(obj) {
     const memories = raw.map((m2) => {
       if (!m2 || typeof m2 !== "object") return null;
       const rec = m2;
-      const path32 = typeof rec.path === "string" ? rec.path : null;
+      const path36 = typeof rec.path === "string" ? rec.path : null;
       const content = typeof rec.content === "string" ? rec.content : null;
-      if (!path32 || content == null) return null;
-      const out = { path: path32, content };
+      if (!path36 || content == null) return null;
+      const out = { path: path36, content };
       if (typeof rec.mtimeMs === "number") out.mtimeMs = rec.mtimeMs;
       return out;
     }).filter((m2) => m2 !== null);
@@ -11379,6 +11441,7 @@ var init_claude = __esm({
     init_protocol();
     init_claude_history();
     init_tool_result_extra();
+    init_sandbox();
     ATTACHMENT_SILENT_SUBTYPES2 = /* @__PURE__ */ new Set([
       "hook_additional_context",
       "hook_success",
@@ -18761,7 +18824,7 @@ var require_websocket = __commonJS({
     var http2 = require("http");
     var net = require("net");
     var tls = require("tls");
-    var { randomBytes: randomBytes2, createHash: createHash3 } = require("crypto");
+    var { randomBytes: randomBytes3, createHash: createHash3 } = require("crypto");
     var { Duplex, Readable: Readable3 } = require("stream");
     var { URL: URL2 } = require("url");
     var PerMessageDeflate2 = require_permessage_deflate();
@@ -19291,7 +19354,7 @@ var require_websocket = __commonJS({
         }
       }
       const defaultPort = isSecure ? 443 : 80;
-      const key = randomBytes2(16).toString("base64");
+      const key = randomBytes3(16).toString("base64");
       const request = isSecure ? https.request : http2.request;
       const protocolSet = /* @__PURE__ */ new Set();
       let perMessageDeflate;
@@ -20708,6 +20771,9 @@ function createLogger(opts = {}) {
   return wrap(base);
 }
+// src/session/store-factory.ts
+var path5 = __toESM(require("path"), 1);
 // src/session/store.ts
 var import_node_fs3 = __toESM(require("fs"), 1);
 var import_node_path4 = __toESM(require("path"), 1);
@@ -20745,12 +20811,16 @@ function safeFileName(sessionId) {
 var SessionStore = class {
   root;
   constructor(opts) {
-    const scope = opts.scope ?? { kind: "default" };
-    this.root = import_node_path4.default.join(
-      opts.dataDir,
-      "sessions",
-      ...scopeSubPath(scope).map(safeFileName)
-    );
+    if ("root" in opts) {
+      this.root = opts.root;
+    } else {
+      const scope = opts.scope ?? { kind: "default" };
+      this.root = import_node_path4.default.join(
+        opts.dataDir,
+        "sessions",
+        ...scopeSubPath(scope).map(safeFileName)
+      );
+    }
   }
   filePath(sessionId) {
     return import_node_path4.default.join(this.root, `${safeFileName(sessionId)}.json`);
@@ -20815,6 +20885,66 @@ var SessionStore = class {
   }
 };
+// src/session/store-factory.ts
+var SessionStoreFactory = class {
+  dataDir;
+  bareStore = null;
+  vmOwnerStores = /* @__PURE__ */ new Map();
+  // vmGuest 索引 key = `${pid}::${capId}`
+  vmGuestStores = /* @__PURE__ */ new Map();
+  constructor(opts) {
+    this.dataDir = opts.dataDir;
+  }
+  // ---- root path 派生（暴露给 migration / revoke cascade 等外部消费方） ----
+  bareRoot() {
+    return path5.join(this.dataDir, "sessions");
+  }
+  vmOwnerRoot(personaId) {
+    return path5.join(
+      this.dataDir,
+      "personas",
+      safeFileName(personaId),
+      ".clawd",
+      "sessions",
+      "owner"
+    );
+  }
+  vmGuestRoot(personaId, capabilityId) {
+    return path5.join(
+      this.dataDir,
+      "personas",
+      safeFileName(personaId),
+      ".clawd",
+      "sessions",
+      "guests",
+      safeFileName(capabilityId)
+    );
+  }
+  // ---- SessionStore 工厂（缓存） ----
+  forBare() {
+    if (!this.bareStore) {
+      this.bareStore = new SessionStore({ root: this.bareRoot() });
+    }
+    return this.bareStore;
+  }
+  forVmOwner(personaId) {
+    const key = personaId;
+    const cached = this.vmOwnerStores.get(key);
+    if (cached) return cached;
+    const st = new SessionStore({ root: this.vmOwnerRoot(personaId) });
+    this.vmOwnerStores.set(key, st);
+    return st;
+  }
+  forVmGuest(personaId, capabilityId) {
+    const key = `${personaId}::${capabilityId}`;
+    const cached = this.vmGuestStores.get(key);
+    if (cached) return cached;
+    const st = new SessionStore({ root: this.vmGuestRoot(personaId, capabilityId) });
+    this.vmGuestStores.set(key, st);
+    return st;
+  }
+};
 // src/session/manager.ts
 var import_node_fs5 = __toESM(require("fs"), 1);
 var import_node_path6 = __toESM(require("path"), 1);
@@ -20974,7 +21104,10 @@ function buildSpawnContext(state, deps) {
     toolSessionId: file.toolSessionId,
     model: file.model,
     permissionMode: file.permissionMode,
-    effort: file.effort
+    effort: file.effort,
+    // Phase 2 capability platform (plan §3): personaRoot 透传给 buildSpawnArgs;
+    // 内部 shouldSandbox(cwd, personaRoot) 决定是否注入 --settings sandbox-settings.
+    personaRoot: deps.personaRoot
   };
   const meta = state.subSessionMeta;
   if (meta?.personaMode) {
@@ -21701,7 +21834,8 @@ var SessionRunner = class {
       now: this.hooks.now ?? Date.now,
       resolveContextWindow: this.hooks.resolveContextWindow,
       genUuid: this.hooks.genUuid ?? v4_default,
-      ownerDisplayName: this.hooks.ownerDisplayName
+      ownerDisplayName: this.hooks.ownerDisplayName,
+      personaRoot: this.hooks.personaRoot
     };
     const { state, effects } = reduceSession(this.state, inputMsg, deps);
     this.state = state;
@@ -22125,9 +22259,20 @@ var SessionManager = class {
   attachObserver(observer) {
     this.attachedObserver = observer;
   }
-  // 按 scope 拿对应的 SessionStore。default scope 复用 deps.store（保证与
-  // bootstrap 注入的 store 一致）；persona scope 第一次访问时按需创建并缓存。
+  // 按 scope 拿对应的 SessionStore.
+  // Phase 2 (capability platform plan §1) 路由切到 SessionStoreFactory:
+  //   default              → factory.forBare()        <dataDir>/sessions/
+  //   persona/<pid>/owner  → factory.forVmOwner(pid)  <dataDir>/personas/<pid>/.clawd/sessions/owner/
+  //   persona/<pid>/listener → throw (listener 角色 #698 已下线, schema 字段保留但运行时不该出现)
+  // 缺省 (无 factory 注入): 回退 dataDir+scope 老路径 (向后兼容旧 spec).
   storeFor(scope) {
+    if (this.deps.storeFactory) {
+      if (scope.kind === "default") return this.deps.storeFactory.forBare();
+      if (scope.mode === "owner") return this.deps.storeFactory.forVmOwner(scope.personaId);
+      throw new Error(
+        `SessionManager: listener scope is deprecated (#698); use forVmGuest in Phase 3+ instead`
+      );
+    }
     if (scope.kind === "default") return this.deps.store;
     const key = scopeKey(scope);
     const cached = this.storesByScope.get(key);
@@ -22155,11 +22300,13 @@ var SessionManager = class {
   scopeForFile(file) {
     return file.ownerPersonaId ? { kind: "persona", personaId: file.ownerPersonaId, mode: "owner" } : { kind: "default" };
   }
-  // 扫 <dataDir>/sessions/ 列出所有 persona 命名空间（不含 'default'）。
-  // 用于 findOwnedSession / listAllOwned 跨 scope 查询。
+  // 扫所有 persona 命名空间. 用于 findOwnedSession / listAllOwned 跨 scope 查询.
+  // Phase 2 capability platform: 新布局下 persona 资产在 <dataDir>/personas/<pid>/,
+  // 直接 readdir 这个目录拿所有 personaId. 老布局 (无 storeFactory) fallback 扫
+  // <dataDir>/sessions/ 列子目录 (排除 'default').
   listPersonaIdsOnDisk() {
     if (!this.deps.dataDir) return [];
-    const root = import_node_path6.default.join(this.deps.dataDir, "sessions");
+    const root = this.deps.storeFactory ? import_node_path6.default.join(this.deps.dataDir, "personas") : import_node_path6.default.join(this.deps.dataDir, "sessions");
     let entries;
     try {
       entries = import_node_fs5.default.readdirSync(root, { withFileTypes: true });
@@ -22234,6 +22381,9 @@ var SessionManager = class {
       dataDir: this.deps.dataDir,
       personaStore: this.deps.personaStore,
       ownerDisplayName: this.deps.ownerDisplayName,
+      // Phase 2 capability platform (plan §3): 透传 personaRoot, buildSpawnArgs 据
+      // cwd 是否在 personaRoot 下自动决定是否注入 --settings sandbox-settings.json.
+      personaRoot: this.deps.personaRoot,
       // file-sharing (spec §6 PR 3)：闭包 scope + sessionId，runner 只暴露 tool/relPath/cwd
       onFileEdit: attachmentGroup ? (input) => attachmentGroup.onFileEdit({
         scope,
@@ -23246,7 +23396,7 @@ var SessionManager = class {
 // src/persona/store.ts
 var fs6 = __toESM(require("fs"), 1);
-var path7 = __toESM(require("path"), 1);
+var path8 = __toESM(require("path"), 1);
 init_protocol();
 var DEFAULT_SETTINGS = {
   permissions: {
@@ -23275,13 +23425,13 @@ var PersonaStore = class {
   }
   root;
   personaDir(personaId) {
-    return path7.join(this.root, safeFileName(personaId));
+    return path8.join(this.root, safeFileName(personaId));
   }
   metaPath(personaId) {
-    return path7.join(this.personaDir(personaId), ".clawd", "persona.json");
+    return path8.join(this.personaDir(personaId), ".clawd", "persona.json");
   }
   claudeMdPath(personaId) {
-    return path7.join(this.personaDir(personaId), "CLAUDE.md");
+    return path8.join(this.personaDir(personaId), "CLAUDE.md");
   }
   /**
    * Sandbox settings 落盘路径 —— 故意放在 `.clawd/` 而不是 `.claude/`，让 CC 的
@@ -23291,11 +23441,11 @@ var PersonaStore = class {
    * 加载 persona 人格，只有 listener 多一层 OS sandbox。
    */
   sandboxSettingsPath(personaId) {
-    return path7.join(this.personaDir(personaId), ".clawd", "sandbox-settings.json");
+    return path8.join(this.personaDir(personaId), ".clawd", "sandbox-settings.json");
   }
   write(persona, personality) {
     const dir = this.personaDir(persona.personaId);
-    fs6.mkdirSync(path7.join(dir, ".clawd"), { recursive: true });
+    fs6.mkdirSync(path8.join(dir, ".clawd"), { recursive: true });
     this.atomicWrite(this.claudeMdPath(persona.personaId), personality);
     this.atomicWrite(
       this.sandboxSettingsPath(persona.personaId),
@@ -23338,12 +23488,12 @@ var PersonaStore = class {
   }
   /** Persona 私有 skills 目录路径：<personaDir>/.claude/skills */
   skillsDir(personaId) {
-    return path7.join(this.personaDir(personaId), ".claude", "skills");
+    return path8.join(this.personaDir(personaId), ".claude", "skills");
   }
   list() {
     if (!fs6.existsSync(this.root)) return [];
     return fs6.readdirSync(this.root).filter((name) => {
-      return fs6.existsSync(path7.join(this.root, name, ".clawd", "persona.json"));
+      return fs6.existsSync(path8.join(this.root, name, ".clawd", "persona.json"));
     });
   }
   remove(personaId) {
@@ -23742,7 +23892,17 @@ var PersonaManager = class {
   }
   /**
    * 删除 persona。
-   * PersonaStore.remove(personaId) 已级联删除整个 <personaRoot>/<personaId>/ 目录。
+   * PersonaStore.remove(personaId) 已级联删除整个 <personaRoot>/<personaId>/ 目录,
+   * Phase 2 capability platform 新布局下含 .clawd/sessions/owner/ +
+   * .clawd/sessions/guests/<capId>/, rmSync recursive force 一锅清.
+   *
+   * ⚠️ TODO (Phase 3+ design gap, reviewer P1 flagged):
+   * ~/.clawd/capabilities.json 里若有 cap.grants 含本 personaId, grant 会变成
+   * 悬空引用 (guest 仍能持 token 接入, 但调依赖该 persona 的 RPC 会 fail).
+   * 选项: (A) 这里扫所有 cap 过滤掉该 personaId 的 grant; (B) revoke 所有 grant
+   * 含该 personaId 的 cap. 当前因 cleanupGuestSessionsForCapability 用 rmSync
+   * force=true 吞 ENOENT 不会 crash, 但 UI CapabilityManagerDrawer 会展示
+   * "无效的 persona" grant. Phase 3 加 cross-reference 矩阵后正式实现.
    */
   delete(personaId) {
     this.deps.store.remove(personaId);
@@ -23807,7 +23967,7 @@ var PersonaManager = class {
 // src/persona/seed.ts
 var fs8 = __toESM(require("fs"), 1);
-var path9 = __toESM(require("path"), 1);
+var path10 = __toESM(require("path"), 1);
 var import_node_url = require("url");
 var import_meta = {};
 var DEFAULT_PERSONAS = [
@@ -23843,14 +24003,14 @@ var DEFAULT_PERSONAS = [
 function findDefaultsRoot() {
   const candidates = [];
   try {
-    const here = path9.dirname((0, import_node_url.fileURLToPath)(import_meta.url));
-    candidates.push(path9.resolve(here, "defaults"));
-    candidates.push(path9.resolve(here, "persona-defaults"));
+    const here = path10.dirname((0, import_node_url.fileURLToPath)(import_meta.url));
+    candidates.push(path10.resolve(here, "defaults"));
+    candidates.push(path10.resolve(here, "persona-defaults"));
   } catch {
   }
   if (process.argv[1]) {
-    const argvDir = path9.dirname(process.argv[1]);
-    candidates.push(path9.resolve(argvDir, "persona-defaults"));
+    const argvDir = path10.dirname(process.argv[1]);
+    candidates.push(path10.resolve(argvDir, "persona-defaults"));
   }
   for (const c of candidates) {
     try {
@@ -23867,7 +24027,7 @@ function seedDefaultPersonas(args) {
       args.logger.info("persona.seed.skip", { personaId: entry.personaId, reason: "exists" });
       continue;
     }
-    const bundleDir = path9.join(args.defaultsRoot, entry.personaId);
+    const bundleDir = path10.join(args.defaultsRoot, entry.personaId);
     if (!fs8.existsSync(bundleDir)) {
       args.logger.warn("persona.seed.skip", {
         personaId: entry.personaId,
@@ -23876,7 +24036,7 @@ function seedDefaultPersonas(args) {
       });
       continue;
     }
-    const claudeMdPath = path9.join(bundleDir, "CLAUDE.md");
+    const claudeMdPath = path10.join(bundleDir, "CLAUDE.md");
     if (!fs8.existsSync(claudeMdPath)) {
       args.logger.warn("persona.seed.skip", {
         personaId: entry.personaId,
@@ -23905,8 +24065,8 @@ function seedDefaultPersonas(args) {
 function copyBundleExtras(srcDir, dstDir) {
   for (const entry of fs8.readdirSync(srcDir, { withFileTypes: true })) {
     if (entry.name === "CLAUDE.md" || entry.name === ".clawd") continue;
-    const srcPath = path9.join(srcDir, entry.name);
-    const dstPath = path9.join(dstDir, entry.name);
+    const srcPath = path10.join(srcDir, entry.name);
+    const dstPath = path10.join(dstDir, entry.name);
     if (entry.isDirectory()) {
       fs8.cpSync(srcPath, dstPath, { recursive: true, dereference: true });
     } else if (entry.isFile()) {
@@ -25792,7 +25952,7 @@ function authenticate(token, deps) {
 // src/permission/capability-store.ts
 var fs15 = __toESM(require("fs"), 1);
-var path16 = __toESM(require("path"), 1);
+var path18 = __toESM(require("path"), 1);
 var CAPABILITIES_FILE_NAME = "capabilities.json";
 var FILE_VERSION = 1;
 var CapabilityStore = class {
@@ -25822,7 +25982,7 @@ var CapabilityStore = class {
     this.flush();
   }
   filePath() {
-    return path16.join(this.dataDir, CAPABILITIES_FILE_NAME);
+    return path18.join(this.dataDir, CAPABILITIES_FILE_NAME);
   }
   readFromDisk() {
     const file = this.filePath();
@@ -25976,6 +26136,243 @@ function sha256Hex2(s) {
   return crypto5.createHash("sha256").update(s).digest("hex");
 }
+// src/permission/cleanup.ts
+var fs16 = __toESM(require("fs"), 1);
+function cleanupGuestSessionsForCapability(cap, factory) {
+  const removed = [];
+  for (const g2 of cap.grants) {
+    if (g2.resource.type !== "persona") continue;
+    const dir = factory.vmGuestRoot(g2.resource.id, cap.id);
+    try {
+      fs16.rmSync(dir, { recursive: true, force: true });
+      removed.push(dir);
+    } catch {
+    }
+  }
+  return { removed };
+}
+// src/inbox/inbox-store.ts
+var fs17 = __toESM(require("fs"), 1);
+var path19 = __toESM(require("path"), 1);
+var INBOX_FILE_NAME = "inbox.jsonl";
+var InboxStore = class {
+  constructor(dataDir) {
+    this.dataDir = dataDir;
+    fs17.mkdirSync(dataDir, { recursive: true });
+  }
+  dataDir;
+  list() {
+    const file = this.filePath();
+    let raw;
+    try {
+      raw = fs17.readFileSync(file, "utf8");
+    } catch (err) {
+      if (err?.code === "ENOENT") return [];
+      return [];
+    }
+    return parseAllLines(raw);
+  }
+  append(ev) {
+    const file = this.filePath();
+    const line = JSON.stringify(ev) + "\n";
+    fs17.appendFileSync(file, line, { mode: 384 });
+    try {
+      fs17.chmodSync(file, 384);
+    } catch {
+    }
+  }
+  /**
+   * 标记某条 event 为已读. 已有 readAt 时不覆盖 (idempotent: 第二次调用维持第一次时间).
+   * 未知 id 静默 no-op (不抛, 不写文件).
+   */
+  markRead(id, at) {
+    const events = this.list();
+    let changed = false;
+    const next = events.map((e) => {
+      if (e.id !== id) return e;
+      if (e.readAt !== void 0) return e;
+      changed = true;
+      return { ...e, readAt: at };
+    });
+    if (!changed) return;
+    this.rewrite(next);
+  }
+  rewrite(events) {
+    const file = this.filePath();
+    const tmp = `${file}.tmp-${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2)}`;
+    const content = events.map((e) => JSON.stringify(e)).join("\n") + (events.length > 0 ? "\n" : "");
+    fs17.writeFileSync(tmp, content, { mode: 384 });
+    fs17.renameSync(tmp, file);
+    try {
+      fs17.chmodSync(file, 384);
+    } catch {
+    }
+  }
+  filePath() {
+    return path19.join(this.dataDir, INBOX_FILE_NAME);
+  }
+};
+function parseAllLines(raw) {
+  const out = [];
+  for (const line of raw.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed) continue;
+    let parsed;
+    try {
+      parsed = JSON.parse(trimmed);
+    } catch {
+      continue;
+    }
+    const r = InboxEventSchema.safeParse(parsed);
+    if (r.success) out.push(r.data);
+  }
+  return out;
+}
+// src/inbox/inbox-manager.ts
+var crypto6 = __toESM(require("crypto"), 1);
+var InboxManager = class {
+  constructor(store, broadcast, opts = {}) {
+    this.store = store;
+    this.broadcast = broadcast;
+    this.now = opts.now ?? Date.now;
+    this.genId = opts.genId ?? defaultGenId;
+  }
+  store;
+  broadcast;
+  now;
+  genId;
+  /**
+   * persona VM 内某 sender 给 CC 发消息 → 跨 principal 时记 inbox event.
+   * 返回 null = owner 自己 (no-op); 否则返回写入的 event (含派生 id / createdAt).
+   */
+  recordPersonaMention(args) {
+    if (args.sender.kind === "owner") return null;
+    const resource = { type: "persona", id: args.personaId };
+    const ev = {
+      id: this.genId(),
+      kind: "persona-mention",
+      fromPrincipal: args.sender,
+      toPrincipal: OWNER_PRINCIPAL,
+      resource,
+      preview: truncatePreview(args.preview),
+      createdAt: this.now()
+    };
+    this.store.append(ev);
+    this.broadcast({ type: "inbox:event", event: ev });
+    return ev;
+  }
+  list(opts = {}) {
+    const all = this.store.list();
+    if (opts.includeRead) return all;
+    return all.filter((e) => e.readAt === void 0);
+  }
+  markRead(eventId) {
+    this.store.markRead(eventId, this.now());
+  }
+};
+function truncatePreview(s) {
+  if (s.length <= INBOX_PREVIEW_MAX_LENGTH) return s;
+  return s.slice(0, INBOX_PREVIEW_MAX_LENGTH);
+}
+function defaultGenId() {
+  return "inb_" + crypto6.randomBytes(6).toString("base64url");
+}
+// src/migrations/2026-05-20-flatten-sessions.ts
+var fs18 = __toESM(require("fs"), 1);
+var path20 = __toESM(require("path"), 1);
+var MIGRATION_FLAG_NAME = ".migration.v1.done";
+function migrateFlattenSessions(opts) {
+  const dataDir = opts.dataDir;
+  const now = opts.now ?? Date.now;
+  const sessionsDir = path20.join(dataDir, "sessions");
+  const flagPath = path20.join(sessionsDir, MIGRATION_FLAG_NAME);
+  if (existsSync3(flagPath)) {
+    return { skipped: true, flagWritten: false, movedBare: 0, movedVmOwner: 0, archivedListener: 0 };
+  }
+  let movedBare = 0;
+  let movedVmOwner = 0;
+  let archivedListener = 0;
+  const defaultDir = path20.join(sessionsDir, "default");
+  if (existsSync3(defaultDir)) {
+    for (const entry of readdirSafe(defaultDir)) {
+      if (!entry.endsWith(".json")) continue;
+      const src = path20.join(defaultDir, entry);
+      const dst = path20.join(sessionsDir, entry);
+      fs18.renameSync(src, dst);
+      movedBare += 1;
+    }
+    rmdirIfEmpty(defaultDir);
+  }
+  for (const pid of readdirSafe(sessionsDir)) {
+    const personaDir = path20.join(sessionsDir, pid);
+    if (!isDir(personaDir)) continue;
+    if (pid === "default") continue;
+    const ownerSrc = path20.join(personaDir, "owner");
+    if (existsSync3(ownerSrc) && isDir(ownerSrc)) {
+      const ownerDst = path20.join(dataDir, "personas", pid, ".clawd", "sessions", "owner");
+      fs18.mkdirSync(ownerDst, { recursive: true });
+      for (const file of readdirSafe(ownerSrc)) {
+        if (!file.endsWith(".json")) continue;
+        fs18.renameSync(path20.join(ownerSrc, file), path20.join(ownerDst, file));
+        movedVmOwner += 1;
+      }
+      rmdirIfEmpty(ownerSrc);
+    }
+    const listenerSrc = path20.join(personaDir, "listener");
+    if (existsSync3(listenerSrc) && isDir(listenerSrc)) {
+      const archiveDst = path20.join(dataDir, ".legacy", `listener-${pid}`);
+      fs18.mkdirSync(archiveDst, { recursive: true });
+      for (const file of readdirSafe(listenerSrc)) {
+        if (!file.endsWith(".json")) continue;
+        fs18.renameSync(path20.join(listenerSrc, file), path20.join(archiveDst, file));
+        archivedListener += 1;
+      }
+      rmdirIfEmpty(listenerSrc);
+    }
+    rmdirIfEmpty(personaDir);
+  }
+  fs18.mkdirSync(sessionsDir, { recursive: true });
+  fs18.writeFileSync(flagPath, JSON.stringify({ migratedAt: now() }, null, 2));
+  return {
+    skipped: false,
+    flagWritten: true,
+    movedBare,
+    movedVmOwner,
+    archivedListener
+  };
+}
+function existsSync3(p2) {
+  try {
+    fs18.statSync(p2);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function isDir(p2) {
+  try {
+    return fs18.statSync(p2).isDirectory();
+  } catch {
+    return false;
+  }
+}
+function readdirSafe(p2) {
+  try {
+    return fs18.readdirSync(p2);
+  } catch {
+    return [];
+  }
+}
+function rmdirIfEmpty(p2) {
+  try {
+    fs18.rmdirSync(p2);
+  } catch {
+  }
+}
 // src/transport/http-router.ts
 var import_node_fs14 = __toESM(require("fs"), 1);
 var import_node_path16 = __toESM(require("path"), 1);
@@ -27822,6 +28219,31 @@ function buildCapabilityHandlers(deps) {
   };
 }
+// src/handlers/inbox.ts
+function buildInboxHandlers(deps) {
+  const { manager } = deps;
+  const list = async (frame) => {
+    const { type: _t, requestId: _r, ...rest } = frame;
+    const args = InboxListArgsSchema.parse(rest);
+    const events = manager.list({ includeRead: args.includeRead ?? false });
+    return {
+      response: { type: "inbox:list", events }
+    };
+  };
+  const markRead = async (frame) => {
+    const { type: _t, requestId: _r, ...rest } = frame;
+    const args = InboxMarkReadArgsSchema.parse(rest);
+    manager.markRead(args.eventId);
+    return {
+      response: { type: "inbox:markRead:ok", eventId: args.eventId }
+    };
+  };
+  return {
+    "inbox:list": list,
+    "inbox:markRead": markRead
+  };
+}
 // src/handlers/meta.ts
 var import_node_os13 = __toESM(require("os"), 1);
 init_protocol();
@@ -28074,6 +28496,7 @@ function buildMethodHandlers(deps) {
       personaRegistry: deps.personaRegistry
     }),
     ...buildCapabilityHandlers({ manager: deps.capabilityManager }),
+    ...buildInboxHandlers({ manager: deps.inboxManager }),
     ...deps.attachment ? buildAttachmentHandlers(deps.attachment) : {}
   };
 }
@@ -28092,6 +28515,9 @@ var METHOD_GRANT_MAP = {
   "capability:issue": ADMIN_ANY,
   "capability:list": ADMIN_ANY,
   "capability:revoke": ADMIN_ANY,
+  // ---- inbox 跨用户通知 (Phase 3 admin-only, owner 调; Phase 4 加 postMessage) ----
+  "inbox:list": ADMIN_ANY,
+  "inbox:markRead": ADMIN_ANY,
   // ---- 业务方法：Phase 1 全 admin-only（owner 自动通过；guest 无法调用） ----
   "session:create": ADMIN_ANY,
   "session:list": ADMIN_ANY,
@@ -28213,8 +28639,19 @@ async function startDaemon(config) {
         revokedAt: cap.revokedAt
       });
       wsServer?.closeConnectionsByCapability(cap.id);
+      const cleanup = cleanupGuestSessionsForCapability(cap, sessionStoreFactory);
+      if (cleanup.removed.length > 0) {
+        logger.info("capability revoke cascade: guest sessions removed", {
+          capabilityId: cap.id,
+          removedDirs: cleanup.removed
+        });
+      }
     }
   });
+  const inboxStore = new InboxStore(config.dataDir);
+  const inboxManager = new InboxManager(inboxStore, (frame) => {
+    wsServer?.broadcastToOwners(frame);
+  });
   let wsServer = null;
   const authGate = authMode === "first-message" ? new AuthGate({
     shouldEnforce: buildShouldEnforce({ tunnel: config.tunnel }),
@@ -28231,7 +28668,16 @@ async function startDaemon(config) {
     sendOk: (h, payload) => wsServer?.sendToClient(h.id, payload)
   }) : null;
   resetRegistry();
-  const store = new SessionStore({ dataDir: config.dataDir });
+  const migrateResult = migrateFlattenSessions({ dataDir: config.dataDir });
+  if (!migrateResult.skipped && (migrateResult.movedBare || migrateResult.movedVmOwner || migrateResult.archivedListener)) {
+    logger.info("sessions migration applied", {
+      movedBare: migrateResult.movedBare,
+      movedVmOwner: migrateResult.movedVmOwner,
+      archivedListener: migrateResult.archivedListener
+    });
+  }
+  const sessionStoreFactory = new SessionStoreFactory({ dataDir: config.dataDir });
+  const store = sessionStoreFactory.forBare();
   const workspace = new WorkspaceBrowser();
   const skills = new SkillsScanner();
   const agents = new AgentsScanner();
@@ -28248,6 +28694,9 @@ async function startDaemon(config) {
   const groupFileStore = new GroupFileStore({ dataDir: config.dataDir, logger });
   const manager = new SessionManager({
     store,
+    // Phase 2 (capability platform plan §1): factory 注入后 manager.storeFor 走
+    // 新布局派生 (sessions/* + personas/<pid>/.clawd/sessions/owner/*)
+    storeFactory: sessionStoreFactory,
     logger,
     getAdapter,
     historyReader: history,
@@ -28392,7 +28841,9 @@ async function startDaemon(config) {
       }
     },
     // Task 1.9: capability:issue/list/revoke handler 依赖
-    capabilityManager
+    capabilityManager,
+    // Phase 3 Task 3.4: inbox:list/markRead handler 依赖
+    inboxManager
   });
   const authResolver = new AuthContextResolver({
     ownerToken: resolvedAuthToken,