npm - @clawos-dev/clawd - Versions diffs - 0.2.71-beta.132.6fed21c → 0.2.71-beta.135.eac0f51 - Mend

@clawos-dev/clawd 0.2.71-beta.132.6fed21c → 0.2.71-beta.135.eac0f51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/cli.cjs +1291 -837
package/package.json +1 -1

package/dist/cli.cjs CHANGED Viewed

@@ -92,10 +92,6 @@ var init_methods = __esm({
       "persona:get",
       "persona:update",
       "persona:delete",
-      // token 颁发 / 吊销：file-sharing HTTP Bearer 鉴权用（PersonaRegistry.findByToken
-      // 反查 personaId / label）。owner UI 在 PersonaSettingsDrawer "分享 Token" section 管理。
-      "persona:issueToken",
-      "persona:revokeToken",
       // ---- session:pty 双向透传（仅 CLAWD_CC_MODE=tui 才生效，对应 session:pty push 帧的上行） ----
       // session:pty:input — UI 把用户键盘字节（base64 UTF-8）发给 daemon，daemon 直写 pty stdin。
       //   高频帧（每次按键 1 帧），不入 reducer / 不广播。response 是 fire-and-forget 风格 ack。
@@ -106,21 +102,21 @@ var init_methods = __esm({
       // ---- attachment.* file-sharing（详见 attachment-schemas.ts） ----
       // 命名警告：这里的 `attachment.*` RPC 与 CC v2.x 上行 `type:"attachment"` 系统行
       // （attachment-skills / attachment-deferred-tools / attachment_memories）是不同概念。
-      // 全部管理类 RPC handler 入口 requireOwner（personal token 调任意一个都 403）；
-      // 实际文件传输走 HTTP 路由（GET /files?p=&e=&s=，签名验证），不在白名单内。
+      // 全部管理类 RPC dispatcher grant 限 owner（capability admin-only）；
+      // 实际文件传输走 HTTP 路由（GET /files?p=&e=&s=，HMAC 签名自包含，不在白名单内）。
       "attachment.signUrl",
       "attachment.groupAdd",
       "attachment.groupRemove",
       "attachment.groupList",
-      // v2：跨 session 聚合（本期 UI 不调，保留槽位用于 HTTP ACL 内部判定 / 未来 "All files" tab）
-      "attachment.groupListPersona",
       // ---- capability:* (capability platform 鉴权底座) ----
-      // owner 颁发 / 列出 / 撤销给 guest 的 capability。三者均需 admin 权限（METHOD_GRANT_MAP
+      // owner 颁发 / 列出 / 删除给 guest 的 capability。三者均需 admin 权限（METHOD_GRANT_MAP
       // 在 daemon 端固定为 `{ resource: '*', action: 'admin' }`，owner 自动满足）。
-      // 颁发后 daemon 推 'capability:tokenIssued' 帧；撤销推 'capability:revoked' 帧。
+      // 颁发后 daemon 推 'capability:tokenIssued' 帧；删除推 'capability:tokenDeleted' 帧。
+      // 删除是 hard delete：CapabilityStore 物理移除 + 关该 cap 的所有活跃 ws + rm
+      // personas/<pid>/.clawd/sessions/guests/<capId>/ guest sessions 目录。
       "capability:issue",
       "capability:list",
-      "capability:revoke",
+      "capability:delete",
       // ---- inbox:* (capability platform Phase 3 跨用户通知 + Phase 4 DM) ----
       // owner 接 guest 的 cross-principal 消息事件 + DM 双向私聊.
       // inbox:list / markRead: admin-only (Phase 3); inbox:postMessage: DM 自带能力,
@@ -139,7 +135,20 @@ var init_methods = __esm({
       // 的 preview 一次性临时 client 用它判定身份和可用 persona。
       "whoami",
       "info",
-      "ping"
+      "ping",
+      // ---- person:* (Person identity Phase 1, spec v5) ----
+      // Person 抽象 = People panel 顶层 entity（一个 Person 聚合 N 个 cap + M 个 remote
+      // alias）。owner admin-only。daemon 维护 PersonStore + PersonAliasStore。
+      //   - list 返回 PersonWithLinks[]（含派生 linkedCapabilityIds / linkedRemoteAliases）
+      //   - create / update / delete 操作 Person 实体（delete 触发 cascade：revoke 全部
+      //     linked cap + remove subscribed alias + clear linked inbox events）
+      //   - link 重新指向某 principal 到目标 personId（手动合并 / 重链入口；自动 link
+      //     在 capability:issue / remote-persona:add handler 内部直接写 PersonAliasStore）
+      "person:list",
+      "person:create",
+      "person:update",
+      "person:delete",
+      "person:link"
     ];
   }
 });
@@ -629,8 +638,8 @@ var init_parseUtil = __esm({
     init_errors2();
     init_en();
     makeIssue = (params) => {
-      const { data, path: path37, errorMaps, issueData } = params;
-      const fullPath = [...path37, ...issueData.path || []];
+      const { data, path: path39, errorMaps, issueData } = params;
+      const fullPath = [...path39, ...issueData.path || []];
       const fullIssue = {
         ...issueData,
         path: fullPath
@@ -941,11 +950,11 @@ var init_types = __esm({
     init_parseUtil();
     init_util();
     ParseInputLazyPath = class {
-      constructor(parent, value, path37, key) {
+      constructor(parent, value, path39, key) {
         this._cachedPath = [];
         this.parent = parent;
         this.data = value;
-        this._path = path37;
+        this._path = path39;
         this._key = key;
       }
       get path() {
@@ -4329,12 +4338,12 @@ var init_zod = __esm({
 });
 // ../protocol/src/attachment-schemas.ts
-var TOKEN_ROLES, GROUP_FILE_SOURCES, GroupFileEntrySchema, AttachmentSignUrlArgs, AttachmentSignUrlResponseSchema, AttachmentGroupAddArgs, AttachmentGroupAddResponseSchema, AttachmentGroupRemoveArgs, AttachmentGroupRemoveResponseSchema, AttachmentGroupListArgs, AttachmentGroupListResponseSchema, AttachmentGroupListPersonaArgs, AttachmentGroupListPersonaResponseSchema;
+var TOKEN_ROLES, GROUP_FILE_SOURCES, GroupFileEntrySchema, AttachmentSignUrlArgs, AttachmentSignUrlResponseSchema, AttachmentGroupAddArgs, AttachmentGroupAddResponseSchema, AttachmentGroupRemoveArgs, AttachmentGroupRemoveResponseSchema, AttachmentGroupListArgs, AttachmentGroupListResponseSchema;
 var init_attachment_schemas = __esm({
   "../protocol/src/attachment-schemas.ts"() {
     "use strict";
     init_zod();
-    TOKEN_ROLES = ["owner", "personal"];
+    TOKEN_ROLES = ["owner"];
     GROUP_FILE_SOURCES = ["agent", "owner"];
     GroupFileEntrySchema = external_exports.object({
       /** daemon 派发的稳定 id（用于 RPC remove / UI key） */
@@ -4388,31 +4397,15 @@ var init_attachment_schemas = __esm({
     AttachmentGroupListResponseSchema = external_exports.object({
       entries: external_exports.array(GroupFileEntrySchema)
     });
-    AttachmentGroupListPersonaArgs = external_exports.object({
-      personaId: external_exports.string().min(1)
-    });
-    AttachmentGroupListPersonaResponseSchema = external_exports.object({
-      perSession: external_exports.array(
-        external_exports.object({
-          sessionId: external_exports.string().min(1),
-          entries: external_exports.array(GroupFileEntrySchema)
-        })
-      )
-    });
   }
 });
 // ../protocol/src/persona-schemas.ts
-var PersonaTokenEntrySchema, PersonaFileSchema, PersonaSkillSummarySchema, PersonaSandboxSettingsSchema, PersonaInfoResponseSchema, PersonaCreateArgsSchema, PersonaIdArgsSchema, PersonaUpdateArgsSchema, PersonaIssueTokenArgsSchema, PersonaRevokeTokenArgsSchema;
+var PersonaFileSchema, PersonaSkillSummarySchema, PersonaSandboxSettingsSchema, PersonaInfoResponseSchema, PersonaCreateArgsSchema, PersonaIdArgsSchema, PersonaUpdateArgsSchema;
 var init_persona_schemas = __esm({
   "../protocol/src/persona-schemas.ts"() {
     "use strict";
     init_zod();
-    PersonaTokenEntrySchema = external_exports.object({
-      label: external_exports.string(),
-      issuedAt: external_exports.number(),
-      revoked: external_exports.boolean()
-    });
     PersonaFileSchema = external_exports.object({
       personaId: external_exports.string(),
       label: external_exports.string(),
@@ -4421,13 +4414,6 @@ var init_persona_schemas = __esm({
       // 8-key set defined UI-side in `lib/session-icons.ts`; protocol stays plain string
       // for forward compatibility, consumer fallbacks to default when key not found.
       iconKey: external_exports.string().optional(),
-      /**
-       * Persona token 列表：file-sharing HTTP Bearer 鉴权用。
-       * - 写：`PersonaManager.issueToken` / `revokeToken`
-       * - 读：`PersonaRegistry.findByToken` 反向查表（需 persona.public === true）
-       * - optional：兼容历史 persona.json 不含此字段的情形（旧 daemon 写文件时省略）
-       */
-      tokenMap: external_exports.record(external_exports.string(), PersonaTokenEntrySchema).optional(),
       createdAt: external_exports.number(),
       updatedAt: external_exports.number()
     }).strict();
@@ -4480,14 +4466,6 @@ var init_persona_schemas = __esm({
         iconKey: external_exports.string().nullable().optional()
       }).strict()
     }).strict();
-    PersonaIssueTokenArgsSchema = external_exports.object({
-      personaId: external_exports.string().min(1),
-      label: external_exports.string().min(1)
-    });
-    PersonaRevokeTokenArgsSchema = external_exports.object({
-      personaId: external_exports.string().min(1),
-      token: external_exports.string().min(1)
-    });
   }
 });
@@ -4594,6 +4572,15 @@ var init_schemas = __esm({
       // 才能让 alice 重连同一 sub-session（持久化在 alice localStorage 之外，由 daemon push 同步）。
       // optional 是因为 owner-mode session 不带；只要写入就是 listener-mode 必填三元组。
       chatId: external_exports.string().min(1).optional(),
+      /**
+       * 创建该 session 的 principal id（owner uuid 或 guest cap.id），从 session:create handler
+       * 的 ctx.principal.id 派生。Person identity Q2「按对端人聚合 sessions」需要它：
+       * UI 端按 `creatorPrincipalId === ownerPrincipalId` 区分「我自己」vs「别人接入」，
+       * 后者再通过 PersonAlias 表反查 personId 二级分组。
+       *
+       * optional：兼容 2026-05-21 之前的老 session 数据，新建一定有值。
+       */
+      creatorPrincipalId: external_exports.string().min(1).optional(),
       createdAt: external_exports.string().min(1),
       updatedAt: external_exports.string().min(1)
     });
@@ -5003,7 +4990,18 @@ var init_schemas = __esm({
     AuthRequestFrameSchema = external_exports.object({
       type: external_exports.literal("auth"),
       token: external_exports.string().min(1),
-      scheme: external_exports.literal("bearer").optional()
+      scheme: external_exports.literal("bearer").optional(),
+      /**
+       * Person identity Phase 1: 如果 guest 自己也是 daemon owner，把自己的稳定
+       * ownerPrincipalId 主动上报，让对端 daemon 反查 PersonAliasStore 自动 link 到
+       * 已有 Person（避免出现"两个 Bob"）。纯访客 / 老 daemon 客户端可省略。
+       *
+       * daemon transport/auth.ts 在 verify token 成功后：
+       *   - 若 cap.linkedPrincipalId 未设 → 更新 cap.linkedPrincipalId = selfPrincipalId
+       *     + PersonAliasStore.rekey(cap.id, selfPrincipalId)
+       *   - 若已设但与本次不一致 → 仅 warn log（潜在协议异常但不阻断）
+       */
+      selfPrincipalId: external_exports.string().min(1).optional()
     });
     AuthOkFrameSchema = external_exports.object({
       type: external_exports.literal("auth:ok"),
@@ -5036,10 +5034,9 @@ var init_schemas = __esm({
       // PR 2 daemon 实现 single HTTP server + auth-context 后，daemon 必返这五个字段，
       // 届时可考虑改成 required。spec §11 第 3 条："tokenRole 是协议字段，daemon 查 token
       // 表后显式下发，UI 不自行推导"——所以 UI 一律读这里，禁止本地推导。
-      /** 'owner' = 拿到 owner-token 的连接（不限来源 IP）；'personal' = persona 派发的访客 token。来源 TOKEN_ROLES（spec §11 #1 中央真理源） */
+      /** 'owner' = 拿到 owner-token 的连接（不限来源 IP）。来源 TOKEN_ROLES（spec §11 #1 中央真理源）。
+       *  历史 'personal' role（persona file-sharing token）在 2026-05-21 删除；tokenPersonaId 一同移除。 */
       tokenRole: external_exports.enum(TOKEN_ROLES).optional(),
-      /** tokenRole='personal' 时携带（绑定到具体 persona）；owner 不携带 */
-      tokenPersonaId: external_exports.string().min(1).optional(),
       /** socket.remoteAddress 是否落在 127.0.0.1 / ::1；本期无 RPC 消费，保留协议槽位给未来 "Reveal in Finder" 等本机动作 */
       isLoopback: external_exports.boolean().optional(),
       /** UI 拼 file-sharing HTTP 路由的前缀（http(s)://host:port），不含尾斜杠；frpc 反代时返反代地址 */
@@ -5067,7 +5064,10 @@ var init_persona_mode = __esm({
 });
 // ../protocol/src/principal.ts
-var PrincipalKindSchema, PrincipalSchema, OWNER_PRINCIPAL;
+function makeOwnerPrincipal(id, displayName) {
+  return PrincipalSchema.parse({ id, kind: "owner", displayName });
+}
+var PrincipalKindSchema, PrincipalSchema;
 var init_principal = __esm({
   "../protocol/src/principal.ts"() {
     "use strict";
@@ -5078,11 +5078,6 @@ var init_principal = __esm({
       kind: PrincipalKindSchema,
       displayName: external_exports.string()
     }).strict();
-    OWNER_PRINCIPAL = {
-      id: "owner",
-      kind: "owner",
-      displayName: "owner"
-    };
   }
 });
@@ -5091,7 +5086,7 @@ function stripSecretHash(cap) {
   const { secretHash: _hash, ...wire } = cap;
   return wire;
 }
-var ResourceSchema, ActionSchema, GrantSchema, CapabilitySchema, CapabilityWireSchema, CapabilityErrorCodeSchema, WhoamiResponseSchema;
+var ResourceSchema, ActionSchema, GrantSchema, CapabilitySchema, CapabilityWireSchema, CapabilityErrorCodeSchema, WhoamiResponseSchema, CapabilityIssueArgsSchema;
 var init_capability = __esm({
   "../protocol/src/capability.ts"() {
     "use strict";
@@ -5117,7 +5112,13 @@ var init_capability = __esm({
       expiresAt: external_exports.number().int().positive().optional(),
       maxUses: external_exports.number().int().positive().optional(),
       usedCount: external_exports.number().int().nonnegative(),
-      revokedAt: external_exports.number().int().positive().optional()
+      /**
+       * Person identity Phase 1: guest 真实身份。
+       * - 纯访客 / 尚未 authenticate 时 undefined
+       * - guest authenticate 上报 selfPrincipalId 后 daemon 落入此字段（immutable，不允许 owner 修改）
+       * - PersonAliasStore 的 alias key 来源优先 linkedPrincipalId，否则 fallback cap.id
+       */
+      linkedPrincipalId: external_exports.string().min(1).optional()
     }).strict();
     CapabilityWireSchema = CapabilitySchema.omit({ secretHash: true });
     CapabilityErrorCodeSchema = external_exports.enum([
@@ -5141,43 +5142,41 @@ var init_capability = __esm({
         }).strict()
       )
     }).strict();
+    CapabilityIssueArgsSchema = external_exports.object({
+      displayName: external_exports.string().min(1),
+      grants: external_exports.array(GrantSchema),
+      personId: external_exports.string().min(1),
+      expiresAt: external_exports.number().int().positive().optional(),
+      maxUses: external_exports.number().int().positive().optional()
+    }).strict();
   }
 });
 // ../protocol/src/inbox.ts
-var INBOX_EVENT_KIND_VALUES, InboxEventKindSchema, INBOX_PREVIEW_MAX_LENGTH, InboxEventSchema, InboxListArgsSchema, InboxMarkReadArgsSchema, InboxPostMessageArgsSchema;
+var InboxMessageSchema, InboxPostMessageArgsSchema, InboxListArgsSchema, InboxMarkReadArgsSchema;
 var init_inbox = __esm({
   "../protocol/src/inbox.ts"() {
     "use strict";
     init_zod();
-    init_principal();
-    init_capability();
-    INBOX_EVENT_KIND_VALUES = ["persona-mention", "direct-message"];
-    InboxEventKindSchema = external_exports.enum(INBOX_EVENT_KIND_VALUES);
-    INBOX_PREVIEW_MAX_LENGTH = 140;
-    InboxEventSchema = external_exports.object({
+    InboxMessageSchema = external_exports.object({
       id: external_exports.string().min(1),
-      kind: InboxEventKindSchema,
-      fromPrincipal: PrincipalSchema,
-      toPrincipal: PrincipalSchema,
-      // persona-mention 才有, direct-message 不带
-      resource: ResourceSchema.optional(),
-      preview: external_exports.string().max(INBOX_PREVIEW_MAX_LENGTH),
+      capabilityId: external_exports.string().min(1),
+      senderPrincipalId: external_exports.string().min(1),
+      text: external_exports.string().min(1),
       createdAt: external_exports.number().int().nonnegative(),
-      readAt: external_exports.number().int().positive().optional(),
-      // direct-message 才有, sha256 hex 64; 派生规则: sha256(min(A,B) + '/' + max(A,B))
-      threadId: external_exports.string().regex(/^[a-f0-9]{64}$/).optional()
+      readBy: external_exports.record(external_exports.string().min(1), external_exports.number().int().positive()).default({})
+    }).strict();
+    InboxPostMessageArgsSchema = external_exports.object({
+      capabilityId: external_exports.string().min(1),
+      text: external_exports.string().min(1)
     }).strict();
     InboxListArgsSchema = external_exports.object({
-      // false / 缺省 = 只返回未读; true = 含已读 (历史回溯用)
-      includeRead: external_exports.boolean().optional()
+      capabilityId: external_exports.string().min(1),
+      sinceCreatedAt: external_exports.number().int().nonnegative().optional()
     }).strict();
     InboxMarkReadArgsSchema = external_exports.object({
-      eventId: external_exports.string().min(1)
-    }).strict();
-    InboxPostMessageArgsSchema = external_exports.object({
-      peerPrincipalId: external_exports.string().min(1),
-      text: external_exports.string().min(1).max(INBOX_PREVIEW_MAX_LENGTH)
+      capabilityId: external_exports.string().min(1),
+      upToCreatedAt: external_exports.number().int().nonnegative()
     }).strict();
   }
 });
@@ -5200,6 +5199,11 @@ var init_remote_persona = __esm({
       // capability.id 直接存进来。旧 v1 持久化文件没此字段 → schema parse fail →
       // RemotePersonaStore.list 静默跳过 (alpha 阶段可接受, 老板重新 add 即可)。
       myCapabilityId: external_exports.string().min(1),
+      // owner-id stabilization: 远端 daemon 的稳定 ownerPrincipalId（whoami.owner.id）。
+      // UI DM 时作为 peerPrincipalId 传给远端 daemon（取代字面量 'owner' sentinel），
+      // 让 inbox event from/to 路由 + UI useDm fromOwner 判定都用真实 id。
+      // 旧持久化文件缺该字段 → schema parse fail → store.list 静默跳过（同 myCapabilityId）。
+      ownerPrincipalId: external_exports.string().min(1),
       remotePersonaId: external_exports.string().min(1),
       remoteDisplayName: external_exports.string(),
       ownerDisplayName: external_exports.string().optional(),
@@ -5213,9 +5217,17 @@ var init_remote_persona = __esm({
       capabilityToken: external_exports.string().min(1),
       // v2 Phase 7: UI 调 preview 后从 whoami response 取 capability.id 传入
       myCapabilityId: external_exports.string().min(1),
+      // owner-id stabilization: UI 从 whoami.owner.id 取，远端 daemon 稳定身份
+      ownerPrincipalId: external_exports.string().min(1),
       remotePersonaId: external_exports.string().min(1),
       remoteDisplayName: external_exports.string(),
-      ownerDisplayName: external_exports.string().optional()
+      ownerDisplayName: external_exports.string().optional(),
+      /**
+       * Person identity Phase 1: add 时必须关联到一个 Person（owner 视角的"对方是谁"）。
+       * daemon handler 内 atomic 写 RemotePersona + 写 PersonAliasStore
+       * (alias key = ownerPrincipalId)。
+       */
+      personId: external_exports.string().min(1)
     }).strict();
     RemotePersonaRemoveArgsSchema = external_exports.object({
       alias: external_exports.string().min(1)
@@ -5223,6 +5235,75 @@ var init_remote_persona = __esm({
   }
 });
+// ../protocol/src/person.ts
+var PersonSchema, PersonAliasSchema, PersonWithLinksSchema, PersonCreateArgsSchema, PersonUpdateArgsSchema, PersonDeleteArgsSchema, PersonLinkArgsSchema, PersonListResponseSchema, PersonCreateResponseSchema, PersonUpdateResponseSchema, PersonDeleteResponseSchema, PersonLinkResponseSchema;
+var init_person = __esm({
+  "../protocol/src/person.ts"() {
+    "use strict";
+    init_zod();
+    PersonSchema = external_exports.object({
+      id: external_exports.string().min(1),
+      displayName: external_exports.string().min(1),
+      notes: external_exports.string().optional(),
+      /** 默认 true（owner 可关闭以阻断该 Person 的入站 DM） */
+      dmEnabled: external_exports.boolean(),
+      createdAt: external_exports.number().int().nonnegative(),
+      updatedAt: external_exports.number().int().nonnegative()
+    }).strict();
+    PersonAliasSchema = external_exports.object({
+      principalId: external_exports.string().min(1),
+      personId: external_exports.string().min(1)
+    }).strict();
+    PersonWithLinksSchema = PersonSchema.extend({
+      linkedCapabilityIds: external_exports.array(external_exports.string()),
+      linkedRemoteAliases: external_exports.array(external_exports.string())
+    }).strict();
+    PersonCreateArgsSchema = external_exports.object({
+      displayName: external_exports.string().min(1),
+      notes: external_exports.string().optional(),
+      /** 缺省 true（在 daemon handler 内 default） */
+      dmEnabled: external_exports.boolean().optional()
+    }).strict();
+    PersonUpdateArgsSchema = external_exports.object({
+      id: external_exports.string().min(1),
+      displayName: external_exports.string().min(1).optional(),
+      notes: external_exports.string().optional(),
+      dmEnabled: external_exports.boolean().optional()
+    }).strict();
+    PersonDeleteArgsSchema = external_exports.object({
+      id: external_exports.string().min(1)
+    }).strict();
+    PersonLinkArgsSchema = external_exports.object({
+      principalId: external_exports.string().min(1),
+      personId: external_exports.string().min(1)
+    }).strict();
+    PersonListResponseSchema = external_exports.object({
+      type: external_exports.literal("person:list:ok"),
+      persons: external_exports.array(PersonWithLinksSchema)
+    }).strict();
+    PersonCreateResponseSchema = external_exports.object({
+      type: external_exports.literal("person:create:ok"),
+      person: PersonSchema
+    }).strict();
+    PersonUpdateResponseSchema = external_exports.object({
+      type: external_exports.literal("person:update:ok"),
+      person: PersonSchema
+    }).strict();
+    PersonDeleteResponseSchema = external_exports.object({
+      type: external_exports.literal("person:delete:ok"),
+      /** cascade 删了哪些 capability id */
+      deletedCapabilityIds: external_exports.array(external_exports.string()),
+      /** cascade 移除了哪些 remote alias */
+      removedRemoteAliases: external_exports.array(external_exports.string()),
+      /** cascade 清掉了多少条 inbox 事件 */
+      deletedInboxEvents: external_exports.number().int().nonnegative()
+    }).strict();
+    PersonLinkResponseSchema = external_exports.object({
+      type: external_exports.literal("person:link:ok")
+    }).strict();
+  }
+});
 // ../protocol/src/runtime.ts
 var init_runtime = __esm({
   "../protocol/src/runtime.ts"() {
@@ -5239,6 +5320,7 @@ var init_runtime = __esm({
     init_capability();
     init_inbox();
     init_remote_persona();
+    init_person();
   }
 });
@@ -5513,8 +5595,8 @@ var require_req = __commonJS({
       if (req.originalUrl) {
         _req.url = req.originalUrl;
       } else {
-        const path37 = req.path;
-        _req.url = typeof path37 === "string" ? path37 : req.url ? req.url.path || req.url : void 0;
+        const path39 = req.path;
+        _req.url = typeof path39 === "string" ? path39 : req.url ? req.url.path || req.url : void 0;
       }
       if (req.query) {
         _req.query = req.query;
@@ -5679,14 +5761,14 @@ var require_redact = __commonJS({
       }
       return obj;
     }
-    function parsePath(path37) {
+    function parsePath(path39) {
       const parts = [];
       let current = "";
       let inBrackets = false;
       let inQuotes = false;
       let quoteChar = "";
-      for (let i = 0; i < path37.length; i++) {
-        const char = path37[i];
+      for (let i = 0; i < path39.length; i++) {
+        const char = path39[i];
         if (!inBrackets && char === ".") {
           if (current) {
             parts.push(current);
@@ -5817,10 +5899,10 @@ var require_redact = __commonJS({
       return current;
     }
     function redactPaths(obj, paths, censor, remove = false) {
-      for (const path37 of paths) {
-        const parts = parsePath(path37);
+      for (const path39 of paths) {
+        const parts = parsePath(path39);
         if (parts.includes("*")) {
-          redactWildcardPath(obj, parts, censor, path37, remove);
+          redactWildcardPath(obj, parts, censor, path39, remove);
         } else {
           if (remove) {
             removeKey(obj, parts);
@@ -5905,8 +5987,8 @@ var require_redact = __commonJS({
           }
         } else {
           if (afterWildcard.includes("*")) {
-            const wrappedCensor = typeof censor === "function" ? (value, path37) => {
-              const fullPath = [...pathArray.slice(0, pathLength), ...path37];
+            const wrappedCensor = typeof censor === "function" ? (value, path39) => {
+              const fullPath = [...pathArray.slice(0, pathLength), ...path39];
               return censor(value, fullPath);
             } : censor;
             redactWildcardPath(current, afterWildcard, wrappedCensor, originalPath, remove);
@@ -5941,8 +6023,8 @@ var require_redact = __commonJS({
         return null;
       }
       const pathStructure = /* @__PURE__ */ new Map();
-      for (const path37 of pathsToClone) {
-        const parts = parsePath(path37);
+      for (const path39 of pathsToClone) {
+        const parts = parsePath(path39);
         let current = pathStructure;
         for (let i = 0; i < parts.length; i++) {
           const part = parts[i];
@@ -5994,24 +6076,24 @@ var require_redact = __commonJS({
       }
       return cloneSelectively(obj, pathStructure);
     }
-    function validatePath(path37) {
-      if (typeof path37 !== "string") {
+    function validatePath(path39) {
+      if (typeof path39 !== "string") {
         throw new Error("Paths must be (non-empty) strings");
       }
-      if (path37 === "") {
+      if (path39 === "") {
         throw new Error("Invalid redaction path ()");
       }
-      if (path37.includes("..")) {
-        throw new Error(`Invalid redaction path (${path37})`);
+      if (path39.includes("..")) {
+        throw new Error(`Invalid redaction path (${path39})`);
       }
-      if (path37.includes(",")) {
-        throw new Error(`Invalid redaction path (${path37})`);
+      if (path39.includes(",")) {
+        throw new Error(`Invalid redaction path (${path39})`);
       }
       let bracketCount = 0;
       let inQuotes = false;
       let quoteChar = "";
-      for (let i = 0; i < path37.length; i++) {
-        const char = path37[i];
+      for (let i = 0; i < path39.length; i++) {
+        const char = path39[i];
         if ((char === '"' || char === "'") && bracketCount > 0) {
           if (!inQuotes) {
             inQuotes = true;
@@ -6025,20 +6107,20 @@ var require_redact = __commonJS({
         } else if (char === "]" && !inQuotes) {
           bracketCount--;
           if (bracketCount < 0) {
-            throw new Error(`Invalid redaction path (${path37})`);
+            throw new Error(`Invalid redaction path (${path39})`);
           }
         }
       }
       if (bracketCount !== 0) {
-        throw new Error(`Invalid redaction path (${path37})`);
+        throw new Error(`Invalid redaction path (${path39})`);
       }
     }
     function validatePaths(paths) {
       if (!Array.isArray(paths)) {
         throw new TypeError("paths must be an array");
       }
-      for (const path37 of paths) {
-        validatePath(path37);
+      for (const path39 of paths) {
+        validatePath(path39);
       }
     }
     function slowRedact(options = {}) {
@@ -6206,8 +6288,8 @@ var require_redaction = __commonJS({
         if (shape[k2] === null) {
           o[k2] = (value) => topCensor(value, [k2]);
         } else {
-          const wrappedCensor = typeof censor === "function" ? (value, path37) => {
-            return censor(value, [k2, ...path37]);
+          const wrappedCensor = typeof censor === "function" ? (value, path39) => {
+            return censor(value, [k2, ...path39]);
           } : censor;
           o[k2] = Redact({
             paths: shape[k2],
@@ -6425,10 +6507,10 @@ var require_atomic_sleep = __commonJS({
 var require_sonic_boom = __commonJS({
   "../node_modules/.pnpm/sonic-boom@4.2.1/node_modules/sonic-boom/index.js"(exports2, module2) {
     "use strict";
-    var fs33 = require("fs");
+    var fs35 = require("fs");
     var EventEmitter2 = require("events");
     var inherits = require("util").inherits;
-    var path37 = require("path");
+    var path39 = require("path");
     var sleep = require_atomic_sleep();
     var assert = require("assert");
     var BUSY_WRITE_TIMEOUT = 100;
@@ -6482,20 +6564,20 @@ var require_sonic_boom = __commonJS({
       const mode = sonic.mode;
       if (sonic.sync) {
         try {
-          if (sonic.mkdir) fs33.mkdirSync(path37.dirname(file), { recursive: true });
-          const fd = fs33.openSync(file, flags, mode);
+          if (sonic.mkdir) fs35.mkdirSync(path39.dirname(file), { recursive: true });
+          const fd = fs35.openSync(file, flags, mode);
           fileOpened(null, fd);
         } catch (err) {
           fileOpened(err);
           throw err;
         }
       } else if (sonic.mkdir) {
-        fs33.mkdir(path37.dirname(file), { recursive: true }, (err) => {
+        fs35.mkdir(path39.dirname(file), { recursive: true }, (err) => {
           if (err) return fileOpened(err);
-          fs33.open(file, flags, mode, fileOpened);
+          fs35.open(file, flags, mode, fileOpened);
         });
       } else {
-        fs33.open(file, flags, mode, fileOpened);
+        fs35.open(file, flags, mode, fileOpened);
       }
     }
     function SonicBoom(opts) {
@@ -6536,8 +6618,8 @@ var require_sonic_boom = __commonJS({
         this.flush = flushBuffer;
         this.flushSync = flushBufferSync;
         this._actualWrite = actualWriteBuffer;
-        fsWriteSync = () => fs33.writeSync(this.fd, this._writingBuf);
-        fsWrite = () => fs33.write(this.fd, this._writingBuf, this.release);
+        fsWriteSync = () => fs35.writeSync(this.fd, this._writingBuf);
+        fsWrite = () => fs35.write(this.fd, this._writingBuf, this.release);
       } else if (contentMode === void 0 || contentMode === kContentModeUtf8) {
         this._writingBuf = "";
         this.write = write;
@@ -6546,15 +6628,15 @@ var require_sonic_boom = __commonJS({
         this._actualWrite = actualWrite;
         fsWriteSync = () => {
           if (Buffer.isBuffer(this._writingBuf)) {
-            return fs33.writeSync(this.fd, this._writingBuf);
+            return fs35.writeSync(this.fd, this._writingBuf);
           }
-          return fs33.writeSync(this.fd, this._writingBuf, "utf8");
+          return fs35.writeSync(this.fd, this._writingBuf, "utf8");
         };
         fsWrite = () => {
           if (Buffer.isBuffer(this._writingBuf)) {
-            return fs33.write(this.fd, this._writingBuf, this.release);
+            return fs35.write(this.fd, this._writingBuf, this.release);
           }
-          return fs33.write(this.fd, this._writingBuf, "utf8", this.release);
+          return fs35.write(this.fd, this._writingBuf, "utf8", this.release);
         };
       } else {
         throw new Error(`SonicBoom supports "${kContentModeUtf8}" and "${kContentModeBuffer}", but passed ${contentMode}`);
@@ -6611,7 +6693,7 @@ var require_sonic_boom = __commonJS({
           }
         }
         if (this._fsync) {
-          fs33.fsyncSync(this.fd);
+          fs35.fsyncSync(this.fd);
         }
         const len = this._len;
         if (this._reopening) {
@@ -6725,7 +6807,7 @@ var require_sonic_boom = __commonJS({
       const onDrain = () => {
         if (!this._fsync) {
           try {
-            fs33.fsync(this.fd, (err) => {
+            fs35.fsync(this.fd, (err) => {
               this._flushPending = false;
               cb(err);
             });
@@ -6827,7 +6909,7 @@ var require_sonic_boom = __commonJS({
       const fd = this.fd;
       this.once("ready", () => {
         if (fd !== this.fd) {
-          fs33.close(fd, (err) => {
+          fs35.close(fd, (err) => {
             if (err) {
               return this.emit("error", err);
             }
@@ -6876,7 +6958,7 @@ var require_sonic_boom = __commonJS({
           buf = this._bufs[0];
         }
         try {
-          const n = Buffer.isBuffer(buf) ? fs33.writeSync(this.fd, buf) : fs33.writeSync(this.fd, buf, "utf8");
+          const n = Buffer.isBuffer(buf) ? fs35.writeSync(this.fd, buf) : fs35.writeSync(this.fd, buf, "utf8");
           const releasedBufObj = releaseWritingBuf(buf, this._len, n);
           buf = releasedBufObj.writingBuf;
           this._len = releasedBufObj.len;
@@ -6892,7 +6974,7 @@ var require_sonic_boom = __commonJS({
         }
       }
       try {
-        fs33.fsyncSync(this.fd);
+        fs35.fsyncSync(this.fd);
       } catch {
       }
     }
@@ -6913,7 +6995,7 @@ var require_sonic_boom = __commonJS({
           buf = mergeBuf(this._bufs[0], this._lens[0]);
         }
         try {
-          const n = fs33.writeSync(this.fd, buf);
+          const n = fs35.writeSync(this.fd, buf);
           buf = buf.subarray(n);
           this._len = Math.max(this._len - n, 0);
           if (buf.length <= 0) {
@@ -6941,13 +7023,13 @@ var require_sonic_boom = __commonJS({
       this._writingBuf = this._writingBuf.length ? this._writingBuf : this._bufs.shift() || "";
       if (this.sync) {
         try {
-          const written = Buffer.isBuffer(this._writingBuf) ? fs33.writeSync(this.fd, this._writingBuf) : fs33.writeSync(this.fd, this._writingBuf, "utf8");
+          const written = Buffer.isBuffer(this._writingBuf) ? fs35.writeSync(this.fd, this._writingBuf) : fs35.writeSync(this.fd, this._writingBuf, "utf8");
           release(null, written);
         } catch (err) {
           release(err);
         }
       } else {
-        fs33.write(this.fd, this._writingBuf, release);
+        fs35.write(this.fd, this._writingBuf, release);
       }
     }
     function actualWriteBuffer() {
@@ -6956,7 +7038,7 @@ var require_sonic_boom = __commonJS({
       this._writingBuf = this._writingBuf.length ? this._writingBuf : mergeBuf(this._bufs.shift(), this._lens.shift());
       if (this.sync) {
         try {
-          const written = fs33.writeSync(this.fd, this._writingBuf);
+          const written = fs35.writeSync(this.fd, this._writingBuf);
           release(null, written);
         } catch (err) {
           release(err);
@@ -6965,7 +7047,7 @@ var require_sonic_boom = __commonJS({
         if (kCopyBuffer) {
           this._writingBuf = Buffer.from(this._writingBuf);
         }
-        fs33.write(this.fd, this._writingBuf, release);
+        fs35.write(this.fd, this._writingBuf, release);
       }
     }
     function actualClose(sonic) {
@@ -6981,12 +7063,12 @@ var require_sonic_boom = __commonJS({
       sonic._lens = [];
       assert(typeof sonic.fd === "number", `sonic.fd must be a number, got ${typeof sonic.fd}`);
       try {
-        fs33.fsync(sonic.fd, closeWrapped);
+        fs35.fsync(sonic.fd, closeWrapped);
       } catch {
       }
       function closeWrapped() {
         if (sonic.fd !== 1 && sonic.fd !== 2) {
-          fs33.close(sonic.fd, done);
+          fs35.close(sonic.fd, done);
         } else {
           done();
         }
@@ -7243,7 +7325,7 @@ var require_thread_stream = __commonJS({
     var { version: version2 } = require_package();
     var { EventEmitter: EventEmitter2 } = require("events");
     var { Worker } = require("worker_threads");
-    var { join: join10 } = require("path");
+    var { join: join12 } = require("path");
     var { pathToFileURL } = require("url");
     var { wait } = require_wait();
     var {
@@ -7279,7 +7361,7 @@ var require_thread_stream = __commonJS({
     function createWorker(stream, opts) {
       const { filename, workerData } = opts;
       const bundlerOverrides = "__bundlerPathsOverrides" in globalThis ? globalThis.__bundlerPathsOverrides : {};
-      const toExecute = bundlerOverrides["thread-stream-worker"] || join10(__dirname, "lib", "worker.js");
+      const toExecute = bundlerOverrides["thread-stream-worker"] || join12(__dirname, "lib", "worker.js");
       const worker = new Worker(toExecute, {
         ...opts.workerOpts,
         trackUnmanagedFds: false,
@@ -7665,7 +7747,7 @@ var require_transport = __commonJS({
     "use strict";
     var { createRequire } = require("module");
     var getCallers = require_caller();
-    var { join: join10, isAbsolute, sep: sep2 } = require("path");
+    var { join: join12, isAbsolute, sep: sep2 } = require("path");
     var sleep = require_atomic_sleep();
     var onExit = require_on_exit_leak_free();
     var ThreadStream = require_thread_stream();
@@ -7728,7 +7810,7 @@ var require_transport = __commonJS({
         throw new Error("only one of target or targets can be specified");
       }
       if (targets) {
-        target = bundlerOverrides["pino-worker"] || join10(__dirname, "worker.js");
+        target = bundlerOverrides["pino-worker"] || join12(__dirname, "worker.js");
         options.targets = targets.filter((dest) => dest.target).map((dest) => {
           return {
             ...dest,
@@ -7746,7 +7828,7 @@ var require_transport = __commonJS({
           });
         });
       } else if (pipeline2) {
-        target = bundlerOverrides["pino-worker"] || join10(__dirname, "worker.js");
+        target = bundlerOverrides["pino-worker"] || join12(__dirname, "worker.js");
         options.pipelines = [pipeline2.map((dest) => {
           return {
             ...dest,
@@ -7768,7 +7850,7 @@ var require_transport = __commonJS({
           return origin;
         }
         if (origin === "pino/file") {
-          return join10(__dirname, "..", "file.js");
+          return join12(__dirname, "..", "file.js");
         }
         let fixTarget2;
         for (const filePath of callers) {
@@ -8758,7 +8840,7 @@ var require_safe_stable_stringify = __commonJS({
               return circularValue;
             }
             let res = "";
-            let join10 = ",";
+            let join12 = ",";
             const originalIndentation = indentation;
             if (Array.isArray(value)) {
               if (value.length === 0) {
@@ -8772,7 +8854,7 @@ var require_safe_stable_stringify = __commonJS({
                 indentation += spacer;
                 res += `
 ${indentation}`;
-                join10 = `,
+                join12 = `,
 ${indentation}`;
               }
               const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
@@ -8780,13 +8862,13 @@ ${indentation}`;
               for (; i < maximumValuesToStringify - 1; i++) {
                 const tmp2 = stringifyFnReplacer(String(i), value, stack, replacer, spacer, indentation);
                 res += tmp2 !== void 0 ? tmp2 : "null";
-                res += join10;
+                res += join12;
               }
               const tmp = stringifyFnReplacer(String(i), value, stack, replacer, spacer, indentation);
               res += tmp !== void 0 ? tmp : "null";
               if (value.length - 1 > maximumBreadth) {
                 const removedKeys = value.length - maximumBreadth - 1;
-                res += `${join10}"... ${getItemCount(removedKeys)} not stringified"`;
+                res += `${join12}"... ${getItemCount(removedKeys)} not stringified"`;
               }
               if (spacer !== "") {
                 res += `
@@ -8807,7 +8889,7 @@ ${originalIndentation}`;
             let separator = "";
             if (spacer !== "") {
               indentation += spacer;
-              join10 = `,
+              join12 = `,
 ${indentation}`;
               whitespace = " ";
             }
@@ -8821,13 +8903,13 @@ ${indentation}`;
               const tmp = stringifyFnReplacer(key2, value, stack, replacer, spacer, indentation);
               if (tmp !== void 0) {
                 res += `${separator}${strEscape(key2)}:${whitespace}${tmp}`;
-                separator = join10;
+                separator = join12;
               }
             }
             if (keyLength > maximumBreadth) {
               const removedKeys = keyLength - maximumBreadth;
               res += `${separator}"...":${whitespace}"${getItemCount(removedKeys)} not stringified"`;
-              separator = join10;
+              separator = join12;
             }
             if (spacer !== "" && separator.length > 1) {
               res = `
@@ -8868,7 +8950,7 @@ ${originalIndentation}`;
             }
             const originalIndentation = indentation;
             let res = "";
-            let join10 = ",";
+            let join12 = ",";
             if (Array.isArray(value)) {
               if (value.length === 0) {
                 return "[]";
@@ -8881,7 +8963,7 @@ ${originalIndentation}`;
                 indentation += spacer;
                 res += `
 ${indentation}`;
-                join10 = `,
+                join12 = `,
 ${indentation}`;
               }
               const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
@@ -8889,13 +8971,13 @@ ${indentation}`;
               for (; i < maximumValuesToStringify - 1; i++) {
                 const tmp2 = stringifyArrayReplacer(String(i), value[i], stack, replacer, spacer, indentation);
                 res += tmp2 !== void 0 ? tmp2 : "null";
-                res += join10;
+                res += join12;
               }
               const tmp = stringifyArrayReplacer(String(i), value[i], stack, replacer, spacer, indentation);
               res += tmp !== void 0 ? tmp : "null";
               if (value.length - 1 > maximumBreadth) {
                 const removedKeys = value.length - maximumBreadth - 1;
-                res += `${join10}"... ${getItemCount(removedKeys)} not stringified"`;
+                res += `${join12}"... ${getItemCount(removedKeys)} not stringified"`;
               }
               if (spacer !== "") {
                 res += `
@@ -8908,7 +8990,7 @@ ${originalIndentation}`;
             let whitespace = "";
             if (spacer !== "") {
               indentation += spacer;
-              join10 = `,
+              join12 = `,
 ${indentation}`;
               whitespace = " ";
             }
@@ -8917,7 +8999,7 @@ ${indentation}`;
               const tmp = stringifyArrayReplacer(key2, value[key2], stack, replacer, spacer, indentation);
               if (tmp !== void 0) {
                 res += `${separator}${strEscape(key2)}:${whitespace}${tmp}`;
-                separator = join10;
+                separator = join12;
               }
             }
             if (spacer !== "" && separator.length > 1) {
@@ -8975,20 +9057,20 @@ ${originalIndentation}`;
               indentation += spacer;
               let res2 = `
 ${indentation}`;
-              const join11 = `,
+              const join13 = `,
 ${indentation}`;
               const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
               let i = 0;
               for (; i < maximumValuesToStringify - 1; i++) {
                 const tmp2 = stringifyIndent(String(i), value[i], stack, spacer, indentation);
                 res2 += tmp2 !== void 0 ? tmp2 : "null";
-                res2 += join11;
+                res2 += join13;
               }
               const tmp = stringifyIndent(String(i), value[i], stack, spacer, indentation);
               res2 += tmp !== void 0 ? tmp : "null";
               if (value.length - 1 > maximumBreadth) {
                 const removedKeys = value.length - maximumBreadth - 1;
-                res2 += `${join11}"... ${getItemCount(removedKeys)} not stringified"`;
+                res2 += `${join13}"... ${getItemCount(removedKeys)} not stringified"`;
               }
               res2 += `
 ${originalIndentation}`;
@@ -9004,16 +9086,16 @@ ${originalIndentation}`;
               return '"[Object]"';
             }
             indentation += spacer;
-            const join10 = `,
+            const join12 = `,
 ${indentation}`;
             let res = "";
             let separator = "";
             let maximumPropertiesToStringify = Math.min(keyLength, maximumBreadth);
             if (isTypedArrayWithEntries(value)) {
-              res += stringifyTypedArray(value, join10, maximumBreadth);
+              res += stringifyTypedArray(value, join12, maximumBreadth);
               keys = keys.slice(value.length);
               maximumPropertiesToStringify -= value.length;
-              separator = join10;
+              separator = join12;
             }
             if (deterministic) {
               keys = sort(keys, comparator);
@@ -9024,13 +9106,13 @@ ${indentation}`;
               const tmp = stringifyIndent(key2, value[key2], stack, spacer, indentation);
               if (tmp !== void 0) {
                 res += `${separator}${strEscape(key2)}: ${tmp}`;
-                separator = join10;
+                separator = join12;
               }
             }
             if (keyLength > maximumBreadth) {
               const removedKeys = keyLength - maximumBreadth;
               res += `${separator}"...": "${getItemCount(removedKeys)} not stringified"`;
-              separator = join10;
+              separator = join12;
             }
             if (separator !== "") {
               res = `
@@ -10121,11 +10203,11 @@ var init_lib = __esm({
           }
         }
       },
-      addToPath: function addToPath(path37, added, removed, oldPosInc, options) {
-        var last = path37.lastComponent;
+      addToPath: function addToPath(path39, added, removed, oldPosInc, options) {
+        var last = path39.lastComponent;
         if (last && !options.oneChangePerToken && last.added === added && last.removed === removed) {
           return {
-            oldPos: path37.oldPos + oldPosInc,
+            oldPos: path39.oldPos + oldPosInc,
             lastComponent: {
               count: last.count + 1,
               added,
@@ -10135,7 +10217,7 @@ var init_lib = __esm({
           };
         } else {
           return {
-            oldPos: path37.oldPos + oldPosInc,
+            oldPos: path39.oldPos + oldPosInc,
             lastComponent: {
               count: 1,
               added,
@@ -10566,10 +10648,10 @@ function attachmentToHistoryMessage(o, ts) {
     const memories = raw.map((m2) => {
       if (!m2 || typeof m2 !== "object") return null;
       const rec = m2;
-      const path37 = typeof rec.path === "string" ? rec.path : null;
+      const path39 = typeof rec.path === "string" ? rec.path : null;
       const content = typeof rec.content === "string" ? rec.content : null;
-      if (!path37 || content == null) return null;
-      const entry = { path: path37, content };
+      if (!path39 || content == null) return null;
+      const entry = { path: path39, content };
       if (typeof rec.mtimeMs === "number") entry.mtimeMs = rec.mtimeMs;
       return entry;
     }).filter((m2) => m2 !== null);
@@ -11395,10 +11477,10 @@ function parseAttachment(obj) {
     const memories = raw.map((m2) => {
       if (!m2 || typeof m2 !== "object") return null;
       const rec = m2;
-      const path37 = typeof rec.path === "string" ? rec.path : null;
+      const path39 = typeof rec.path === "string" ? rec.path : null;
       const content = typeof rec.content === "string" ? rec.content : null;
-      if (!path37 || content == null) return null;
-      const out = { path: path37, content };
+      if (!path39 || content == null) return null;
+      const out = { path: path39, content };
       if (typeof rec.mtimeMs === "number") out.mtimeMs = rec.mtimeMs;
       return out;
     }).filter((m2) => m2 !== null);
@@ -18897,7 +18979,7 @@ var require_websocket = __commonJS({
     var http2 = require("http");
     var net = require("net");
     var tls = require("tls");
-    var { randomBytes: randomBytes3, createHash: createHash4 } = require("crypto");
+    var { randomBytes: randomBytes3, createHash: createHash3 } = require("crypto");
     var { Duplex, Readable: Readable3 } = require("stream");
     var { URL: URL2 } = require("url");
     var PerMessageDeflate2 = require_permessage_deflate();
@@ -19557,7 +19639,7 @@ var require_websocket = __commonJS({
           abortHandshake(websocket, socket, "Invalid Upgrade header");
           return;
         }
-        const digest = createHash4("sha1").update(key + GUID).digest("base64");
+        const digest = createHash3("sha1").update(key + GUID).digest("base64");
         if (res.headers["sec-websocket-accept"] !== digest) {
           abortHandshake(websocket, socket, "Invalid Sec-WebSocket-Accept header");
           return;
@@ -19924,7 +20006,7 @@ var require_websocket_server = __commonJS({
     var EventEmitter2 = require("events");
     var http2 = require("http");
     var { Duplex } = require("stream");
-    var { createHash: createHash4 } = require("crypto");
+    var { createHash: createHash3 } = require("crypto");
     var extension2 = require_extension();
     var PerMessageDeflate2 = require_permessage_deflate();
     var subprotocol2 = require_subprotocol();
@@ -20225,7 +20307,7 @@ var require_websocket_server = __commonJS({
           );
         }
         if (this._state > RUNNING) return abortHandshake(socket, 503);
-        const digest = createHash4("sha1").update(key + GUID).digest("base64");
+        const digest = createHash3("sha1").update(key + GUID).digest("base64");
         const headers = [
           "HTTP/1.1 101 Switching Protocols",
           "Upgrade: websocket",
@@ -22551,7 +22633,7 @@ var SessionManager = class {
     }
   }
   // ---- 命令方法：均返回 { response, broadcast[] }，由 dispatcher 聚合 ----
-  create(args) {
+  create(args, creatorPrincipalId) {
     let cwd;
     if (args.ownerPersonaId) {
       cwd = derivePersonaSpawnCwd(
@@ -22592,6 +22674,7 @@ var SessionManager = class {
       iconKey: args.iconKey,
       forkedFromSessionId: args.forkedFromSessionId,
       ownerPersonaId: args.ownerPersonaId,
+      creatorPrincipalId,
       createdAt: iso,
       updatedAt: iso
     };
@@ -23536,6 +23619,10 @@ var PersonaStore = class {
     const p2 = this.metaPath(personaId);
     if (!fs6.existsSync(p2)) return null;
     const raw = JSON.parse(fs6.readFileSync(p2, "utf8"));
+    if (raw && typeof raw === "object" && "tokenMap" in raw) {
+      delete raw.tokenMap;
+      this.atomicWrite(p2, JSON.stringify(raw, null, 2));
+    }
     return PersonaFileSchema.parse(raw);
   }
   has(personaId) {
@@ -23591,12 +23678,19 @@ var PersonaRegistry = class {
   }
   store;
   cache = /* @__PURE__ */ new Map();
-  /** 从 store 全量重建缓存（boot 时 + 测试 setup 时） */
+  /**
+   * 从 store 全量重建缓存（boot 时 + 测试 setup 时）。
+   * 单个 persona 读失败（损坏的 persona.json / schema 不匹配）不应阻塞 daemon 启动 ——
+   * try/catch 隔离，让其它 persona 仍能加载。
+   */
   reload() {
     this.cache.clear();
     for (const id of this.store.list()) {
-      const p2 = this.store.read(id);
-      if (p2) this.cache.set(p2.personaId, p2);
+      try {
+        const p2 = this.store.read(id);
+        if (p2) this.cache.set(p2.personaId, p2);
+      } catch {
+      }
     }
   }
   get(personaId) {
@@ -23612,21 +23706,6 @@ var PersonaRegistry = class {
   list() {
     return Array.from(this.cache.values());
   }
-  /**
-   * file-sharing HTTP auth-context 用的逆向查表：只有 Bearer token，没有 personaId。
-   * 线性扫所有 persona.tokenMap 找到第一条 ok 命中的；revoked / non-public persona 跳过。
-   * persona 数量通常 < 100，性能可忽略。
-   */
-  findByToken(token) {
-    if (!token) return null;
-    for (const persona of this.cache.values()) {
-      if (!persona.public) continue;
-      const entry = persona.tokenMap?.[token];
-      if (!entry || entry.revoked) continue;
-      return { personaId: persona.personaId, label: entry.label };
-    }
-    return null;
-  }
 };
 // src/persona/manager.ts
@@ -23920,9 +23999,6 @@ var PersonaManager = class {
       model: args.model,
       public: args.public ?? false,
       iconKey: args.iconKey,
-      // 初始化空 token 集合；后续由 issueToken / revokeToken 维护，
-      // file-sharing HTTP Bearer 鉴权用 PersonaRegistry.findByToken 反查
-      tokenMap: {},
       createdAt: now,
       updatedAt: now
     };
@@ -23981,46 +24057,6 @@ var PersonaManager = class {
     this.deps.store.remove(personaId);
     this.deps.registry.remove(personaId);
   }
-  /**
-   * 生成 32-char base64url token 并写入 tokenMap，给 file-sharing HTTP Bearer
-   * 鉴权用（PersonaRegistry.findByToken 反查 personaId/label）。
-   */
-  issueToken(personaId, label) {
-    const existing = this.deps.registry.get(personaId);
-    if (!existing) throw new Error(`persona not found: ${personaId}`);
-    const token = import_node_crypto3.default.randomBytes(24).toString("base64url");
-    const entry = {
-      label,
-      issuedAt: Date.now(),
-      revoked: false
-    };
-    const updated = {
-      ...existing,
-      tokenMap: { ...existing.tokenMap ?? {}, [token]: entry },
-      updatedAt: Date.now()
-    };
-    this.deps.store.writeMeta(updated);
-    this.deps.registry.set(updated);
-    return { token, persona: updated };
-  }
-  /** 标记 token 为 revoked（保留条目用于审计）；不存在的 token 抛错。 */
-  revokeToken(personaId, token) {
-    const existing = this.deps.registry.get(personaId);
-    if (!existing) throw new Error(`persona not found: ${personaId}`);
-    const tokenEntry = existing.tokenMap?.[token];
-    if (!tokenEntry) throw new Error(`token not found in persona ${personaId}`);
-    const updated = {
-      ...existing,
-      tokenMap: {
-        ...existing.tokenMap ?? {},
-        [token]: { ...tokenEntry, revoked: true }
-      },
-      updatedAt: Date.now()
-    };
-    this.deps.store.writeMeta(updated);
-    this.deps.registry.set(updated);
-    return updated;
-  }
   /**
    * label 转 4-16 char slug。优先用 `persona-<slug>`；若 slug 已被占用，追加 4 char
    * base64url 随机后缀直到不撞为止（最多 5 次，理论冲突 ≈ 2^-24，留个 panic 上限）。
@@ -24126,7 +24162,6 @@ function seedDefaultPersonas(args) {
       model: entry.model,
       public: entry.public,
       iconKey: entry.iconKey,
-      tokenMap: {},
       createdAt: now,
       updatedAt: now
     };
@@ -25615,7 +25650,7 @@ var LocalWsServer = class {
     }
   }
   // Task 1.9 capability platform：仅广播给 owner 连接（跳过 guest ws）。
-  // 用于 capability:tokenIssued / capability:revoked 等 owner-only push frame——
+  // 用于 capability:tokenIssued / capability:tokenDeleted 等 owner-only push frame——
   // guest 没必要也无法消费这类管理帧。noAuth localhost ws 没有 ctx, 视作 owner.
   broadcastToOwners(frame) {
     const gate = this.opts.authGate;
@@ -25625,12 +25660,27 @@ var LocalWsServer = class {
       this.safeSend(c.ws, frame);
     }
   }
+  // capability platform v3 inbox 重写: 推给某条 cap channel 的两端 ws.
+  //   - 所有 owner ws (owner 看自家所有 channel)
+  //   - 该 capabilityId 的所有 guest ws (该 cap 持有人的多端/多 tab)
+  // 一次调用同时推两端, inbox:event push 帧由此走.
+  broadcastToCapabilityChannel(capabilityId, frame) {
+    this.broadcastToOwners(frame);
+    const set = this.capabilityIdToClients.get(capabilityId);
+    if (!set) return;
+    for (const id of set) {
+      const c = this.clients.get(id);
+      if (!c) continue;
+      this.safeSend(c.ws, frame);
+    }
+  }
   // Phase 4 capability platform DM: 广播到指定 principal 的所有活跃 ws.
-  //   principalId === 'owner'      → 同 broadcastToOwners (所有 owner ws)
-  //   principalId === 'cap_xxx'    → 该 capability 的所有 guest ws (多端 / 多 tab)
+  //   principalId === ownerPrincipalId  → 同 broadcastToOwners (所有 owner ws)
+  //   principalId === 'owner' sentinel  → 同上（向后兼容遗留 caller / 协议层 sentinel）
+  //   principalId === 'cap_xxx'         → 该 capability 的所有 guest ws (多端 / 多 tab)
   // 用于 DM inbox:event 路由: from + to 两侧各播一次, 让双方 UI 实时看到 thread 更新.
   broadcastToPrincipal(principalId, frame) {
-    if (principalId === "owner") {
+    if (principalId === "owner" || principalId === this.opts.ownerPrincipalId) {
       this.broadcastToOwners(frame);
       return;
     }
@@ -25793,6 +25843,11 @@ var LocalWsServer = class {
         return;
       }
     } else if (frame.type === "auth") {
+      const token = typeof frame.token === "string" ? frame.token ?? "" : "";
+      if (token && this.opts.tryVerifyCapabilityToken) {
+        const guestCtx = this.opts.tryVerifyCapabilityToken(token);
+        if (guestCtx) this.attachClientContext(client.id, guestCtx);
+      }
       this.safeSend(this.clients.get(client.id).ws, { type: "auth:ok" });
       return;
     }
@@ -25911,7 +25966,7 @@ var AuthGate = class {
     }
     let ctx = null;
     if (this.opts.authenticate) {
-      const r = this.opts.authenticate(parsed.data.token);
+      const r = this.opts.authenticate(parsed.data.token, parsed.data.selfPrincipalId);
       if (!r.ok) {
         this.opts.closeConnection(handle, 4401, r.code);
         this.markFailed(handle.id);
@@ -25973,7 +26028,7 @@ var AuthContextResolver = class {
   }
   opts;
   /**
-   * 从 `Authorization` 头解析。null = 无凭证 / 不识别 / revoked，调用方一律 401。
+   * 从 `Authorization` 头解析。null = 无凭证 / 不识别，调用方一律 401。
    * remoteAddress 用于 isLoopback 判定（loopback = 127.0.0.1 / ::1 / ::ffff:127.0.0.1）。
    */
   resolveFromHeader(authHeader, remoteAddress) {
@@ -25983,15 +26038,6 @@ var AuthContextResolver = class {
     if (this.opts.ownerToken && constantTimeEqual2(token, this.opts.ownerToken)) {
       return { role: "owner", isLoopback };
     }
-    const personalHit = this.opts.personaRegistry.findByToken(token);
-    if (personalHit) {
-      return {
-        role: "personal",
-        personaId: personalHit.personaId,
-        label: personalHit.label,
-        isLoopback
-      };
-    }
     return null;
   }
 };
@@ -26017,9 +26063,9 @@ function constantTimeEqual2(a, b2) {
 init_runtime();
 // src/transport/connection-context.ts
-function ownerContext() {
+function ownerContext(ownerPrincipalId, displayName) {
   return {
-    principal: OWNER_PRINCIPAL,
+    principal: makeOwnerPrincipal(ownerPrincipalId, displayName),
     grants: [{ resource: { type: "*" }, actions: ["admin"] }]
   };
 }
@@ -26032,7 +26078,9 @@ function guestContext(cap) {
 }
 function authenticate(token, deps) {
   if (!token) return { ok: false, code: "NO_TOKEN" };
-  if (deps.isOwnerToken(token)) return { ok: true, context: ownerContext() };
+  if (deps.isOwnerToken(token)) {
+    return { ok: true, context: ownerContext(deps.ownerPrincipalId, deps.ownerDisplayName) };
+  }
   if (!deps.capabilityRegistry) return { ok: false, code: "BAD_TOKEN" };
   const v2 = deps.capabilityRegistry.verifyToken(token);
   if (v2.ok) return { ok: true, context: guestContext(v2.capability) };
@@ -26137,7 +26185,6 @@ var CapabilityRegistry = class {
     const hash = sha256Hex(token);
     const cap = this.bySecretHash.get(hash);
     if (!cap) return { ok: false, code: "TOKEN_INVALID" };
-    if (cap.revokedAt) return { ok: false, code: "TOKEN_REVOKED" };
     if (cap.expiresAt && this.now() >= cap.expiresAt) {
       return { ok: false, code: "TOKEN_EXPIRED" };
     }
@@ -26153,18 +26200,37 @@ var CapabilityRegistry = class {
     this.bySecretHash.set(cap.secretHash, cap);
     this.store.upsert(cap);
   }
-  markRevoked(id, revokedAt) {
+  /**
+   * Hard delete：从 store 物理移除 + 从 Map 清掉 secretHash 索引。
+   * 后续 verifyToken 该 token 走 'TOKEN_INVALID' 分支（secretHash 已不在 Map）。
+   * idempotent：不存在 → null。
+   */
+  delete(id) {
     const current = this.store.list().find((c) => c.id === id);
     if (!current) return null;
-    if (current.revokedAt) return current;
-    const updated = { ...current, revokedAt };
-    this.bySecretHash.set(updated.secretHash, updated);
-    this.store.upsert(updated);
-    return updated;
+    this.bySecretHash.delete(current.secretHash);
+    this.store.remove(id);
+    return current;
   }
   findById(id) {
     return this.store.list().find((c) => c.id === id) ?? null;
   }
+  /**
+   * Person identity Phase 1 (B11): guest authenticate 上报 selfPrincipalId 时
+   * daemon 把它落到 cap.linkedPrincipalId（之前 undefined）。设计上 immutable：
+   * 只允许 undefined → set；已设置后再调本方法 noop（reject 留给 caller 判断）。
+   *
+   * 返回 true = 实际写入；false = 不存在 / 已设置过（caller 用此区分用户行为）。
+   */
+  updateLinkedPrincipalId(id, principalId) {
+    const current = this.store.list().find((c) => c.id === id);
+    if (!current) return false;
+    if (current.linkedPrincipalId !== void 0) return false;
+    const updated = { ...current, linkedPrincipalId: principalId };
+    this.bySecretHash.set(updated.secretHash, updated);
+    this.store.upsert(updated);
+    return true;
+  }
 };
 function sha256Hex(s) {
   return crypto4.createHash("sha256").update(s).digest("hex");
@@ -26205,20 +26271,38 @@ var CapabilityManager = class {
       ...args.maxUses !== void 0 ? { maxUses: args.maxUses } : {}
     };
     this.registry.upsertCapability(cap);
+    if (args.atomicAfterPersist) {
+      try {
+        args.atomicAfterPersist(cap);
+      } catch (err) {
+        try {
+          this.registry.delete(cap.id);
+        } catch {
+        }
+        throw err;
+      }
+    }
     this.hooks.onIssued?.(cap, token);
     return { token, capability: cap };
   }
-  revoke(id) {
-    const existing = this.registry.findById(id);
-    if (!existing) return null;
-    const now = (this.hooks.now ?? Date.now)();
-    if (existing.revokedAt) {
-      return { revokedAt: existing.revokedAt, capability: existing };
-    }
-    const updated = this.registry.markRevoked(id, now);
-    if (!updated) return null;
-    this.hooks.onRevoked?.(updated);
-    return { revokedAt: now, capability: updated };
+  /**
+   * Hard delete：从 registry / store 物理移除 capability。
+   * idempotent：不存在 → null（handler 翻译成 VALIDATION_ERROR）
+   * onDeleted hook 在 daemon/index.ts wire 负责 close 连接 + cleanup 文件 + 广播
+   */
+  delete(id) {
+    const removed = this.registry.delete(id);
+    if (!removed) return null;
+    this.hooks.onDeleted?.(removed);
+    return { capability: removed };
+  }
+  /**
+   * Person identity Phase 1 (B11) passthrough：guest authenticate 上报
+   * selfPrincipalId 时升级 cap.linkedPrincipalId（一次性，undefined → set）。
+   * 详见 CapabilityRegistry.updateLinkedPrincipalId JSDoc。
+   */
+  updateLinkedPrincipalId(id, principalId) {
+    return this.registry.updateLinkedPrincipalId(id, principalId);
   }
 };
 function defaultGenerateToken() {
@@ -26250,15 +26334,20 @@ function cleanupGuestSessionsForCapability(cap, factory) {
 // src/inbox/inbox-store.ts
 var fs17 = __toESM(require("fs"), 1);
 var path19 = __toESM(require("path"), 1);
-var INBOX_FILE_NAME = "inbox.jsonl";
+var INBOX_SUBDIR = "inbox";
 var InboxStore = class {
   constructor(dataDir) {
     this.dataDir = dataDir;
-    fs17.mkdirSync(dataDir, { recursive: true });
+    fs17.mkdirSync(this.dirPath(), { recursive: true });
   }
   dataDir;
-  list() {
-    const file = this.filePath();
+  /**
+   * 列出某条 channel 的消息, 按 createdAt 升序.
+   * sinceCreatedAt 缺省时返回全量; 提供时仅返回 createdAt > sinceCreatedAt 的增量.
+   * channel 文件不存在时返回 [] (不抛, 不创建).
+   */
+  list(capabilityId, sinceCreatedAt) {
+    const file = this.filePath(capabilityId);
     let raw;
     try {
       raw = fs17.readFileSync(file, "utf8");
@@ -26266,11 +26355,28 @@ var InboxStore = class {
       if (err?.code === "ENOENT") return [];
       return [];
     }
-    return parseAllLines(raw);
+    const all = parseAllLines(raw);
+    if (sinceCreatedAt === void 0) return all;
+    return all.filter((m2) => m2.createdAt > sinceCreatedAt);
   }
-  append(ev) {
-    const file = this.filePath();
-    const line = JSON.stringify(ev) + "\n";
+  /**
+   * 列出所有 channel 的 capabilityId (扫目录所有 *.jsonl 文件名).
+   * 用于 daemon 启动时构建 index (跨 cap 聚合 unread 计数等).
+   */
+  listAllCapabilityIds() {
+    const dir = this.dirPath();
+    let entries;
+    try {
+      entries = fs17.readdirSync(dir);
+    } catch (err) {
+      if (err?.code === "ENOENT") return [];
+      return [];
+    }
+    return entries.filter((name) => name.endsWith(".jsonl")).map((name) => name.slice(0, -".jsonl".length));
+  }
+  append(message) {
+    const file = this.filePath(message.capabilityId);
+    const line = JSON.stringify(message) + "\n";
     fs17.appendFileSync(file, line, { mode: 384 });
     try {
       fs17.chmodSync(file, 384);
@@ -26278,25 +26384,40 @@ var InboxStore = class {
     }
   }
   /**
-   * 标记某条 event 为已读. 已有 readAt 时不覆盖 (idempotent: 第二次调用维持第一次时间).
-   * 未知 id 静默 no-op (不抛, 不写文件).
+   * 把该 channel 所有 createdAt<=upToCreatedAt 且 sender!=principalId 的消息
+   * readBy[principalId] 写成 upToCreatedAt. O(N) rewrite 整个 channel 文件.
+   * 返写入了几条 (用于测试断言 / index 维护).
    */
-  markRead(id, at) {
-    const events = this.list();
-    let changed = false;
-    const next = events.map((e) => {
-      if (e.id !== id) return e;
-      if (e.readAt !== void 0) return e;
-      changed = true;
-      return { ...e, readAt: at };
+  markRead(capabilityId, principalId, upToCreatedAt) {
+    const messages = this.list(capabilityId);
+    let changed = 0;
+    const next = messages.map((m2) => {
+      if (m2.senderPrincipalId === principalId) return m2;
+      if (m2.createdAt > upToCreatedAt) return m2;
+      const cur = m2.readBy[principalId];
+      if (cur !== void 0 && cur >= upToCreatedAt) return m2;
+      changed++;
+      return { ...m2, readBy: { ...m2.readBy, [principalId]: upToCreatedAt } };
     });
-    if (!changed) return;
-    this.rewrite(next);
+    if (changed === 0) return 0;
+    this.rewriteChannel(capabilityId, next);
+    return changed;
   }
-  rewrite(events) {
-    const file = this.filePath();
+  /**
+   * 删整条 channel (capability:delete cascade). 文件不存在 no-op.
+   */
+  removeByCapabilityId(capabilityId) {
+    const file = this.filePath(capabilityId);
+    try {
+      fs17.unlinkSync(file);
+    } catch (err) {
+      if (err?.code === "ENOENT") return;
+    }
+  }
+  rewriteChannel(capabilityId, messages) {
+    const file = this.filePath(capabilityId);
     const tmp = `${file}.tmp-${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2)}`;
-    const content = events.map((e) => JSON.stringify(e)).join("\n") + (events.length > 0 ? "\n" : "");
+    const content = messages.map((m2) => JSON.stringify(m2)).join("\n") + (messages.length > 0 ? "\n" : "");
     fs17.writeFileSync(tmp, content, { mode: 384 });
     fs17.renameSync(tmp, file);
     try {
@@ -26304,8 +26425,11 @@ var InboxStore = class {
     } catch {
     }
   }
-  filePath() {
-    return path19.join(this.dataDir, INBOX_FILE_NAME);
+  dirPath() {
+    return path19.join(this.dataDir, INBOX_SUBDIR);
+  }
+  filePath(capabilityId) {
+    return path19.join(this.dirPath(), `${capabilityId}.jsonl`);
   }
 };
 function parseAllLines(raw) {
@@ -26319,23 +26443,14 @@ function parseAllLines(raw) {
     } catch {
       continue;
     }
-    const r = InboxEventSchema.safeParse(parsed);
+    const r = InboxMessageSchema.safeParse(parsed);
     if (r.success) out.push(r.data);
   }
   return out;
 }
 // src/inbox/inbox-manager.ts
-var crypto7 = __toESM(require("crypto"), 1);
-// src/inbox/dm.ts
 var crypto6 = __toESM(require("crypto"), 1);
-function deriveDmThreadId(idA, idB) {
-  const [low, high] = idA < idB ? [idA, idB] : [idB, idA];
-  return crypto6.createHash("sha256").update(`${low}/${high}`).digest("hex");
-}
-// src/inbox/inbox-manager.ts
 var InboxManager = class {
   constructor(store, broadcast, opts = {}) {
     this.store = store;
@@ -26348,64 +26463,51 @@ var InboxManager = class {
   now;
   genId;
   /**
-   * persona VM 内某 sender 给 CC 发消息 → 跨 principal 时记 inbox event.
-   * 返回 null = owner 自己 (no-op); 否则返回写入的 event (含派生 id / createdAt).
-   */
-  recordPersonaMention(args) {
-    if (args.sender.kind === "owner") return null;
-    const resource = { type: "persona", id: args.personaId };
-    const ev = {
-      id: this.genId(),
-      kind: "persona-mention",
-      fromPrincipal: args.sender,
-      toPrincipal: OWNER_PRINCIPAL,
-      resource,
-      preview: truncatePreview(args.preview),
-      createdAt: this.now()
-    };
-    this.store.append(ev);
-    this.broadcast({ type: "inbox:event", event: ev });
-    return ev;
-  }
-  /**
-   * Phase 4 Task 4.2: DM 私聊事件. 与 recordPersonaMention 区别:
-   *   - kind = 'direct-message' (不是 persona-mention)
-   *   - 不带 resource (DM 不挂某个 persona)
-   *   - threadId 由 from.id + to.id 派生 (sha256), 双向消息共享同一 thread
-   *   - 调用方 (handler) 已校验 sender = ctx.principal (防伪造)
-   *
-   * 返回值是 InboxEvent (含派生 threadId), daemon/index.ts 装配 broadcast 路由:
-   *   broadcastToPrincipal(from.id) + broadcastToPrincipal(to.id) (双侧 ws 都收).
+   * 写入一条消息到 channel + broadcast 给该 channel 两端 ws.
+   * caller 必须已通过 handler 鉴权 (guest ctx.capabilityId === args.capabilityId, 否则拦截).
    */
-  recordDirectMessage(args) {
-    const ev = {
+  postMessage(args) {
+    const msg = {
       id: this.genId(),
-      kind: "direct-message",
-      fromPrincipal: args.from,
-      toPrincipal: args.to,
-      preview: truncatePreview(args.text),
+      capabilityId: args.capabilityId,
+      senderPrincipalId: args.senderPrincipalId,
+      text: args.text,
       createdAt: this.now(),
-      threadId: deriveDmThreadId(args.from.id, args.to.id)
+      readBy: {}
     };
-    this.store.append(ev);
-    this.broadcast({ type: "inbox:event", event: ev });
-    return ev;
+    this.store.append(msg);
+    this.broadcast(args.capabilityId, { type: "inbox:event", message: msg });
+    return msg;
   }
-  list(opts = {}) {
-    const all = this.store.list();
-    if (opts.includeRead) return all;
-    return all.filter((e) => e.readAt === void 0);
+  list(capabilityId, sinceCreatedAt) {
+    return this.store.list(capabilityId, sinceCreatedAt);
   }
-  markRead(eventId) {
-    this.store.markRead(eventId, this.now());
+  /**
+   * 标已读. 返写入了几条 (sender !== self 且 createdAt <= upToCreatedAt 的消息).
+   * broadcast 已更新 readBy 的每条消息 (单帧一消息, 复用 inbox:event 通道),
+   * 让对端 UI 实时看到 "对方已读到哪了".
+   */
+  markRead(args) {
+    const before = this.store.list(args.capabilityId);
+    const changed = this.store.markRead(args.capabilityId, args.principalId, args.upToCreatedAt);
+    if (changed === 0) return 0;
+    const after = this.store.list(args.capabilityId);
+    const beforeById = new Map(before.map((m2) => [m2.id, m2]));
+    for (const m2 of after) {
+      const prev = beforeById.get(m2.id);
+      if (!prev) continue;
+      if (prev.readBy[args.principalId] === m2.readBy[args.principalId]) continue;
+      this.broadcast(args.capabilityId, { type: "inbox:event", message: m2 });
+    }
+    return changed;
+  }
+  /** capability:delete cascade. 删整个 channel 文件. */
+  removeChannel(capabilityId) {
+    this.store.removeByCapabilityId(capabilityId);
   }
 };
-function truncatePreview(s) {
-  if (s.length <= INBOX_PREVIEW_MAX_LENGTH) return s;
-  return s.slice(0, INBOX_PREVIEW_MAX_LENGTH);
-}
 function defaultGenId() {
-  return "inb_" + crypto7.randomBytes(6).toString("base64url");
+  return "m_" + crypto6.randomBytes(6).toString("base64url");
 }
 // src/remote-persona/store.ts
@@ -26508,299 +26610,300 @@ var RemotePersonaStore = class {
   }
 };
-// src/migrations/2026-05-20-flatten-sessions.ts
+// src/person/store.ts
 var fs19 = __toESM(require("fs"), 1);
 var path21 = __toESM(require("path"), 1);
-var MIGRATION_FLAG_NAME = ".migration.v1.done";
-function migrateFlattenSessions(opts) {
-  const dataDir = opts.dataDir;
-  const now = opts.now ?? Date.now;
-  const sessionsDir = path21.join(dataDir, "sessions");
-  const flagPath = path21.join(sessionsDir, MIGRATION_FLAG_NAME);
-  if (existsSync4(flagPath)) {
-    return { skipped: true, flagWritten: false, movedBare: 0, movedVmOwner: 0, archivedListener: 0 };
+var PERSONS_DIR = "persons";
+var PersonStore = class {
+  constructor(dataDir) {
+    this.dataDir = dataDir;
+    fs19.mkdirSync(this.rootDir(), { recursive: true });
   }
-  let movedBare = 0;
-  let movedVmOwner = 0;
-  let archivedListener = 0;
-  const defaultDir = path21.join(sessionsDir, "default");
-  if (existsSync4(defaultDir)) {
-    for (const entry of readdirSafe(defaultDir)) {
-      if (!entry.endsWith(".json")) continue;
-      const src = path21.join(defaultDir, entry);
-      const dst = path21.join(sessionsDir, entry);
-      fs19.renameSync(src, dst);
-      movedBare += 1;
+  dataDir;
+  list() {
+    let entries;
+    try {
+      entries = fs19.readdirSync(this.rootDir());
+    } catch (err) {
+      if (err?.code === "ENOENT") return [];
+      return [];
     }
-    rmdirIfEmpty(defaultDir);
-  }
-  for (const pid of readdirSafe(sessionsDir)) {
-    const personaDir = path21.join(sessionsDir, pid);
-    if (!isDir(personaDir)) continue;
-    if (pid === "default") continue;
-    const ownerSrc = path21.join(personaDir, "owner");
-    if (existsSync4(ownerSrc) && isDir(ownerSrc)) {
-      const ownerDst = path21.join(dataDir, "personas", pid, ".clawd", "sessions", "owner");
-      fs19.mkdirSync(ownerDst, { recursive: true });
-      for (const file of readdirSafe(ownerSrc)) {
-        if (!file.endsWith(".json")) continue;
-        fs19.renameSync(path21.join(ownerSrc, file), path21.join(ownerDst, file));
-        movedVmOwner += 1;
+    const out = [];
+    for (const name of entries) {
+      if (!name.endsWith(".json")) continue;
+      if (name.includes(".tmp-")) continue;
+      const file = path21.join(this.rootDir(), name);
+      let raw;
+      try {
+        raw = fs19.readFileSync(file, "utf8");
+      } catch {
+        continue;
       }
-      rmdirIfEmpty(ownerSrc);
-    }
-    const listenerSrc = path21.join(personaDir, "listener");
-    if (existsSync4(listenerSrc) && isDir(listenerSrc)) {
-      const archiveDst = path21.join(dataDir, ".legacy", `listener-${pid}`);
-      fs19.mkdirSync(archiveDst, { recursive: true });
-      for (const file of readdirSafe(listenerSrc)) {
-        if (!file.endsWith(".json")) continue;
-        fs19.renameSync(path21.join(listenerSrc, file), path21.join(archiveDst, file));
-        archivedListener += 1;
+      let parsed;
+      try {
+        parsed = JSON.parse(raw);
+      } catch {
+        continue;
       }
-      rmdirIfEmpty(listenerSrc);
+      const r = PersonSchema.safeParse(parsed);
+      if (r.success) out.push(r.data);
     }
-    rmdirIfEmpty(personaDir);
-  }
-  fs19.mkdirSync(sessionsDir, { recursive: true });
-  fs19.writeFileSync(flagPath, JSON.stringify({ migratedAt: now() }, null, 2));
-  return {
-    skipped: false,
-    flagWritten: true,
-    movedBare,
-    movedVmOwner,
-    archivedListener
-  };
-}
-function existsSync4(p2) {
-  try {
-    fs19.statSync(p2);
-    return true;
-  } catch {
-    return false;
+    return out.sort((a, b2) => a.updatedAt > b2.updatedAt ? -1 : a.updatedAt < b2.updatedAt ? 1 : 0);
   }
-}
-function isDir(p2) {
-  try {
-    return fs19.statSync(p2).isDirectory();
-  } catch {
-    return false;
+  get(id) {
+    const file = this.filePath(id);
+    let raw;
+    try {
+      raw = fs19.readFileSync(file, "utf8");
+    } catch {
+      return null;
+    }
+    try {
+      const parsed = JSON.parse(raw);
+      const r = PersonSchema.safeParse(parsed);
+      return r.success ? r.data : null;
+    } catch {
+      return null;
+    }
   }
-}
-function readdirSafe(p2) {
-  try {
-    return fs19.readdirSync(p2);
-  } catch {
-    return [];
+  add(person) {
+    const file = this.filePath(person.id);
+    if (fs19.existsSync(file)) {
+      throw new Error(`PersonStore.add: person id already exists: ${person.id}`);
+    }
+    this.atomicWrite(file, person);
   }
-}
-function rmdirIfEmpty(p2) {
-  try {
-    fs19.rmdirSync(p2);
-  } catch {
+  /**
+   * Merge patch into existing person + bump updatedAt to `now`.
+   * 不存在 id → no-op（caller 应预先 get 校验）。
+   * 只允许 patch displayName / notes / dmEnabled（id / createdAt 不可改）。
+   */
+  update(id, patch, now) {
+    const cur = this.get(id);
+    if (!cur) return;
+    const next = {
+      ...cur,
+      ...patch.displayName !== void 0 ? { displayName: patch.displayName } : {},
+      ...patch.notes !== void 0 ? { notes: patch.notes } : {},
+      ...patch.dmEnabled !== void 0 ? { dmEnabled: patch.dmEnabled } : {},
+      updatedAt: now
+    };
+    this.atomicWrite(this.filePath(id), next);
   }
-}
-// src/transport/http-router.ts
-var import_node_fs14 = __toESM(require("fs"), 1);
-var import_node_path16 = __toESM(require("path"), 1);
-// src/attachment/group.ts
-var import_node_fs13 = __toESM(require("fs"), 1);
-var import_node_path14 = __toESM(require("path"), 1);
-var import_node_crypto4 = __toESM(require("crypto"), 1);
-init_protocol();
-var GroupFileStore = class {
-  dataDir;
-  logger;
-  cache = /* @__PURE__ */ new Map();
-  constructor(opts) {
-    this.dataDir = opts.dataDir;
-    this.logger = opts.logger;
+  remove(id) {
+    const file = this.filePath(id);
+    try {
+      fs19.unlinkSync(file);
+      return true;
+    } catch (err) {
+      if (err?.code === "ENOENT") return false;
+      throw err;
+    }
   }
-  rootForScope(scope) {
-    return import_node_path14.default.join(this.dataDir, "sessions", ...scopeSubPath(scope).map(safeFileName));
+  rootDir() {
+    return path21.join(this.dataDir, PERSONS_DIR);
   }
-  /** 与 SessionStore.filePath 平级，扩展名 .group-files.json */
-  filePath(scope, sessionId) {
-    return import_node_path14.default.join(this.rootForScope(scope), `${safeFileName(sessionId)}.group-files.json`);
+  filePath(id) {
+    return path21.join(this.rootDir(), `${safeFileName(id)}.json`);
   }
-  cacheKey(scope, sessionId) {
-    return scope.kind === "default" ? `default::${sessionId}` : `persona:${scope.personaId}:${scope.mode}::${sessionId}`;
+  atomicWrite(file, content) {
+    fs19.mkdirSync(this.rootDir(), { recursive: true });
+    const tmp = `${file}.tmp-${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2)}`;
+    fs19.writeFileSync(tmp, JSON.stringify(content, null, 2), { mode: 384 });
+    fs19.renameSync(tmp, file);
+    try {
+      fs19.chmodSync(file, 384);
+    } catch {
+    }
   }
-  /** 从磁盘读一份；不存在 → 空数组；schema 不匹配的条目 → 跳过（防腐） */
-  readFile(scope, sessionId) {
-    const file = this.filePath(scope, sessionId);
+};
+// src/person/alias-store.ts
+var fs20 = __toESM(require("fs"), 1);
+var path22 = __toESM(require("path"), 1);
+var PERSON_ALIASES_SUBDIR = "persons-meta";
+var PERSON_ALIASES_FILE = "aliases.json";
+var PersonAliasStore = class {
+  constructor(dataDir) {
+    this.dataDir = dataDir;
+    fs20.mkdirSync(path22.join(this.dataDir, PERSON_ALIASES_SUBDIR), { recursive: true });
+  }
+  dataDir;
+  get filePath() {
+    return path22.join(this.dataDir, PERSON_ALIASES_SUBDIR, PERSON_ALIASES_FILE);
+  }
+  list() {
+    let raw;
     try {
-      const raw = import_node_fs13.default.readFileSync(file, "utf8");
-      const parsed = JSON.parse(raw);
-      if (!Array.isArray(parsed)) {
-        this.logger?.warn("GroupFileStore.readFile: not an array; resetting session entries", {
-          file
-        });
-        return [];
-      }
-      const out = [];
-      for (const entry of parsed) {
-        const r = GroupFileEntrySchema.safeParse(entry);
-        if (r.success) out.push(r.data);
-      }
-      return out;
+      raw = fs20.readFileSync(this.filePath, "utf8");
     } catch (err) {
-      const code = err?.code;
-      if (code === "ENOENT") return [];
-      this.logger?.warn("GroupFileStore.readFile failed", {
-        file,
-        err: err.message
-      });
+      if (err?.code === "ENOENT") return [];
+      return [];
+    }
+    let parsed;
+    try {
+      parsed = JSON.parse(raw);
+    } catch {
       return [];
     }
+    if (!Array.isArray(parsed)) return [];
+    const out = [];
+    for (const item of parsed) {
+      const r = PersonAliasSchema.safeParse(item);
+      if (r.success) out.push(r.data);
+    }
+    return out;
   }
-  writeFile(scope, sessionId, entries) {
-    const file = this.filePath(scope, sessionId);
-    import_node_fs13.default.mkdirSync(import_node_path14.default.dirname(file), { recursive: true });
-    const tmp = `${file}.tmp-${process.pid}-${Date.now()}`;
-    import_node_fs13.default.writeFileSync(tmp, JSON.stringify(entries, null, 2), { mode: 384 });
-    import_node_fs13.default.renameSync(tmp, file);
+  get(principalId) {
+    return this.list().find((a) => a.principalId === principalId)?.personId;
   }
-  /** 拉一份当前 session 的清单。读盘 → cache；之后调用复用 cache */
-  list(scope, sessionId) {
-    const key = this.cacheKey(scope, sessionId);
-    const cached = this.cache.get(key);
-    if (cached) return cached.entries;
-    const entries = this.readFile(scope, sessionId);
-    this.cache.set(key, { entries, scope });
-    return entries;
+  set(principalId, personId) {
+    const all = this.list().filter((a) => a.principalId !== principalId);
+    all.push({ principalId, personId });
+    this.write(all);
+  }
+  remove(principalId) {
+    const all = this.list();
+    const next = all.filter((a) => a.principalId !== principalId);
+    if (next.length === all.length) return false;
+    this.write(next);
+    return true;
+  }
+  removeAllByPerson(personId) {
+    const all = this.list();
+    const next = all.filter((a) => a.personId !== personId);
+    if (next.length === all.length) return;
+    this.write(next);
   }
   /**
-   * upsert：
-   *   - 同 relPath 已存在 → 更新 lastEditedAt + clear stale；不动 from / addedAt / id
-   *     （保留首次入群人 / 入群时刻）
-   *   - 不存在 → append，id 派生稳定 uuid，addedAt = now
+   * 把某条 alias 的 principalId 改为新 key，personId 不变。
+   * 用于 guest 第一次 authenticate 上报 selfPrincipalId 时，把 alias key 从
+   * cap.id（fallback）升级到真实 ownerPrincipalId。
    *
-   * 返回最新 entry（caller 可用来 broadcast 通知）。
+   * 若 oldKey 不存在 → no-op。
+   * 若 newKey 已存在另一条 entry → 用 oldKey 的 personId 覆盖（"old wins"），并去重。
    */
-  upsert(scope, sessionId, input, now = Date.now()) {
-    const entries = this.list(scope, sessionId).slice();
-    const idx = entries.findIndex((e) => e.relPath === input.relPath);
-    let next;
-    if (idx >= 0) {
-      const prev = entries[idx];
-      next = {
-        ...prev,
-        size: input.size,
-        mime: input.mime,
-        lastEditedAt: now,
-        stale: false
-        // label 不在 upsert 路径覆盖（owner +Add 走另一条路径）
-      };
-      entries[idx] = next;
-    } else {
-      next = {
-        id: `gf-${import_node_crypto4.default.randomBytes(6).toString("base64url")}`,
-        relPath: input.relPath,
-        from: input.from,
-        label: input.label,
-        size: input.size,
-        mime: input.mime,
-        addedAt: now
-        // agent 第一次 upsert 时不写 lastEditedAt（语义上 = 首次"编辑" = addedAt）
-      };
-      entries.push(next);
+  rekey(oldPrincipalId, newPrincipalId) {
+    const all = this.list();
+    const old = all.find((a) => a.principalId === oldPrincipalId);
+    if (!old) return;
+    const filtered = all.filter(
+      (a) => a.principalId !== oldPrincipalId && a.principalId !== newPrincipalId
+    );
+    filtered.push({ principalId: newPrincipalId, personId: old.personId });
+    this.write(filtered);
+  }
+  write(entries) {
+    fs20.mkdirSync(path22.join(this.dataDir, PERSON_ALIASES_SUBDIR), { recursive: true });
+    const tmp = `${this.filePath}.tmp-${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2)}`;
+    fs20.writeFileSync(tmp, JSON.stringify(entries, null, 2), { mode: 384 });
+    fs20.renameSync(tmp, this.filePath);
+    try {
+      fs20.chmodSync(this.filePath, 384);
+    } catch {
     }
-    this.writeFile(scope, sessionId, entries);
-    this.cache.set(this.cacheKey(scope, sessionId), { entries, scope });
-    return next;
   }
-  /**
-   * 标记一个 relPath stale（agent rm / mv 后文件不在）。
-   * - 命中 → stale=true，UI 灰显
-   * - 未命中 → noop（不需要为不在群里的文件创建 stale 条目）
-   *
-   * 注：spec §6 "Bash 命令是 rm 形态"启发式不强求 — runner 暂不调，留给后续优化
-   */
-  markStale(scope, sessionId, relPath) {
-    const entries = this.list(scope, sessionId).slice();
-    const idx = entries.findIndex((e) => e.relPath === relPath);
-    if (idx < 0) return;
-    if (entries[idx].stale) return;
-    entries[idx] = { ...entries[idx], stale: true };
-    this.writeFile(scope, sessionId, entries);
-    this.cache.set(this.cacheKey(scope, sessionId), { entries, scope });
+};
+// src/migrations/2026-05-20-flatten-sessions.ts
+var fs21 = __toESM(require("fs"), 1);
+var path23 = __toESM(require("path"), 1);
+var MIGRATION_FLAG_NAME = ".migration.v1.done";
+function migrateFlattenSessions(opts) {
+  const dataDir = opts.dataDir;
+  const now = opts.now ?? Date.now;
+  const sessionsDir = path23.join(dataDir, "sessions");
+  const flagPath = path23.join(sessionsDir, MIGRATION_FLAG_NAME);
+  if (existsSync5(flagPath)) {
+    return { skipped: true, flagWritten: false, movedBare: 0, movedVmOwner: 0, archivedListener: 0 };
   }
-  /**
-   * 真删一条群文件条目（用于 owner 撤销自己 +Add 的入群操作）。
-   * agent 自动入群的不应走这条 —— 用 markStale 表达"文件不在了"语义；
-   * owner 手动加错了，应该能彻底从列表移除而不是留个 stale 占位。
-   *
-   * 返回值：true=命中并删除；false=relPath 不在群里。
-   */
-  remove(scope, sessionId, relPath) {
-    const entries = this.list(scope, sessionId).slice();
-    const idx = entries.findIndex((e) => e.relPath === relPath);
-    if (idx < 0) return false;
-    entries.splice(idx, 1);
-    this.writeFile(scope, sessionId, entries);
-    this.cache.set(this.cacheKey(scope, sessionId), { entries, scope });
-    return true;
+  let movedBare = 0;
+  let movedVmOwner = 0;
+  let archivedListener = 0;
+  const defaultDir = path23.join(sessionsDir, "default");
+  if (existsSync5(defaultDir)) {
+    for (const entry of readdirSafe(defaultDir)) {
+      if (!entry.endsWith(".json")) continue;
+      const src = path23.join(defaultDir, entry);
+      const dst = path23.join(sessionsDir, entry);
+      fs21.renameSync(src, dst);
+      movedBare += 1;
+    }
+    rmdirIfEmpty(defaultDir);
   }
-  /**
-   * 跨 session 聚合查询（spec §4 HTTP ACL：personal 视野并集）。
-   *
-   * 扫 <dataDir>/sessions/<personaId>/owner/*.group-files.json 和
-   * <dataDir>/sessions/<personaId>/listener/*.group-files.json，每文件读一份。
-   *
-   * 复杂度 O(N sessions × N entries)，N 通常 < 100，可接受。
-   */
-  listByPersona(personaId) {
-    const out = [];
-    for (const mode of ["owner", "listener"]) {
-      const scope = { kind: "persona", personaId, mode };
-      const root = this.rootForScope(scope);
-      let names;
-      try {
-        names = import_node_fs13.default.readdirSync(root);
-      } catch (err) {
-        const code = err?.code;
-        if (code === "ENOENT") continue;
-        continue;
+  for (const pid of readdirSafe(sessionsDir)) {
+    const personaDir = path23.join(sessionsDir, pid);
+    if (!isDir(personaDir)) continue;
+    if (pid === "default") continue;
+    const ownerSrc = path23.join(personaDir, "owner");
+    if (existsSync5(ownerSrc) && isDir(ownerSrc)) {
+      const ownerDst = path23.join(dataDir, "personas", pid, ".clawd", "sessions", "owner");
+      fs21.mkdirSync(ownerDst, { recursive: true });
+      for (const file of readdirSafe(ownerSrc)) {
+        if (!file.endsWith(".json")) continue;
+        fs21.renameSync(path23.join(ownerSrc, file), path23.join(ownerDst, file));
+        movedVmOwner += 1;
       }
-      for (const name of names) {
-        if (!name.endsWith(".group-files.json")) continue;
-        const sessionId = name.slice(0, -".group-files.json".length);
-        if (!sessionId) continue;
-        const entries = this.list(scope, sessionId);
-        out.push({ sessionId, entries });
+      rmdirIfEmpty(ownerSrc);
+    }
+    const listenerSrc = path23.join(personaDir, "listener");
+    if (existsSync5(listenerSrc) && isDir(listenerSrc)) {
+      const archiveDst = path23.join(dataDir, ".legacy", `listener-${pid}`);
+      fs21.mkdirSync(archiveDst, { recursive: true });
+      for (const file of readdirSafe(listenerSrc)) {
+        if (!file.endsWith(".json")) continue;
+        fs21.renameSync(path23.join(listenerSrc, file), path23.join(archiveDst, file));
+        archivedListener += 1;
       }
+      rmdirIfEmpty(listenerSrc);
     }
-    return out;
+    rmdirIfEmpty(personaDir);
   }
-};
-function personalViewable(groupStore, personaDir, personaId, absPath) {
-  const realTarget = safeRealpath(absPath);
-  if (!realTarget) {
+  fs21.mkdirSync(sessionsDir, { recursive: true });
+  fs21.writeFileSync(flagPath, JSON.stringify({ migratedAt: now() }, null, 2));
+  return {
+    skipped: false,
+    flagWritten: true,
+    movedBare,
+    movedVmOwner,
+    archivedListener
+  };
+}
+function existsSync5(p2) {
+  try {
+    fs21.statSync(p2);
+    return true;
+  } catch {
     return false;
   }
-  const personasUnion = groupStore.listByPersona(personaId);
-  for (const { entries } of personasUnion) {
-    for (const e of entries) {
-      if (e.stale) continue;
-      const realEntry = safeRealpath(import_node_path14.default.join(personaDir, e.relPath));
-      if (realEntry && realEntry === realTarget) return true;
-    }
+}
+function isDir(p2) {
+  try {
+    return fs21.statSync(p2).isDirectory();
+  } catch {
+    return false;
   }
-  return false;
 }
-function safeRealpath(p2) {
+function readdirSafe(p2) {
   try {
-    return import_node_fs13.default.realpathSync(p2);
+    return fs21.readdirSync(p2);
+  } catch {
+    return [];
+  }
+}
+function rmdirIfEmpty(p2) {
+  try {
+    fs21.rmdirSync(p2);
   } catch {
-    return null;
   }
 }
-// src/attachment/mime.ts
+// src/transport/http-router.ts
+var import_node_fs13 = __toESM(require("fs"), 1);
 var import_node_path15 = __toESM(require("path"), 1);
+// src/attachment/mime.ts
+var import_node_path14 = __toESM(require("path"), 1);
 var TEXT_PLAIN = "text/plain; charset=utf-8";
 var EXT_TO_NATIVE_MIME = {
   // 图片
@@ -26907,14 +27010,14 @@ var TEXT_EXTENSIONS = /* @__PURE__ */ new Set([
   ".mk"
 ]);
 function lookupMime(filePathOrName) {
-  const ext = import_node_path15.default.extname(filePathOrName).toLowerCase();
+  const ext = import_node_path14.default.extname(filePathOrName).toLowerCase();
   if (EXT_TO_NATIVE_MIME[ext]) return EXT_TO_NATIVE_MIME[ext];
   if (TEXT_EXTENSIONS.has(ext)) return TEXT_PLAIN;
   return "application/octet-stream";
 }
 // src/attachment/sign-url.ts
-var import_node_crypto5 = __toESM(require("crypto"), 1);
+var import_node_crypto4 = __toESM(require("crypto"), 1);
 var HMAC_ALGO = "sha256";
 function base64urlEncode(buf) {
   const b2 = typeof buf === "string" ? Buffer.from(buf, "utf8") : buf;
@@ -26931,7 +27034,7 @@ function decodeAbsPathFromUrl(encoded) {
 }
 function computeSig(secret, absPath, e) {
   const msg = e === null ? absPath : `${absPath}|${e}`;
-  return import_node_crypto5.default.createHmac(HMAC_ALGO, secret).update(msg).digest();
+  return import_node_crypto4.default.createHmac(HMAC_ALGO, secret).update(msg).digest();
 }
 function signUrlParts(secret, absPath, ttlSeconds, now = Date.now) {
   const e = ttlSeconds === null ? null : Math.floor(now() / 1e3) + ttlSeconds;
@@ -26966,7 +27069,7 @@ function verifySignedUrl(secret, absPath, eRaw, s, now = Date.now) {
   if (provided.length !== expected.length) {
     return { ok: false, code: "BAD_SIG" };
   }
-  if (!import_node_crypto5.default.timingSafeEqual(provided, expected)) {
+  if (!import_node_crypto4.default.timingSafeEqual(provided, expected)) {
     return { ok: false, code: "BAD_SIG" };
   }
   if (e !== null && now() / 1e3 > e) {
@@ -26987,7 +27090,7 @@ function createHttpRouter(deps) {
       sendJson(res, 200, { ok: true, version: deps.daemonVersion });
       return true;
     }
-    if (!url.pathname.startsWith("/persona/") && !url.pathname.startsWith("/session/") && !url.pathname.startsWith("/files/")) {
+    if (!url.pathname.startsWith("/session/") && !url.pathname.startsWith("/files/")) {
       return false;
     }
     if (url.pathname.startsWith("/files/") && req.method === "GET") {
@@ -27027,43 +27130,8 @@ function createHttpRouter(deps) {
       sendJson(res, 401, { code: "UNAUTHORIZED", message: "missing or invalid bearer token" });
       return true;
     }
-    const personaFilesMatch = url.pathname.match(/^\/persona\/([^/]+)\/files$/);
-    if (personaFilesMatch && req.method === "GET") {
-      const pid = personaFilesMatch[1];
-      const pathParam = url.searchParams.get("path");
-      if (!pathParam) {
-        sendJson(res, 400, { code: "INVALID_PARAM", message: "missing `path` query" });
-        return true;
-      }
-      if (!deps.personaStore || !deps.groupFileStore) {
-        sendJson(res, 501, withCtx(ctx, { code: "NOT_IMPLEMENTED", message: "files endpoint not wired" }));
-        return true;
-      }
-      const personaDir = deps.personaStore.personaDirPath(pid);
-      const absPath = import_node_path16.default.isAbsolute(pathParam) ? pathParam : import_node_path16.default.join(personaDir, pathParam);
-      if (!import_node_path16.default.isAbsolute(pathParam) && !isContainedIn(absPath, personaDir)) {
-        sendJson(res, 400, { code: "PATH_TRAVERSAL", message: "rel path escapes personaDir" });
-        return true;
-      }
-      if (ctx.role === "personal") {
-        if (ctx.personaId !== pid) {
-          sendJson(res, 403, { code: "FORBIDDEN", message: "personal token bound to other persona" });
-          return true;
-        }
-        if (!personalViewable(deps.groupFileStore, personaDir, pid, absPath)) {
-          sendJson(res, 403, { code: "FORBIDDEN", message: "path not in personal viewable scope" });
-          return true;
-        }
-      }
-      streamFile(res, absPath, deps.logger);
-      return true;
-    }
     const sessionFilesMatch = url.pathname.match(/^\/session\/([^/]+)\/files$/);
     if (sessionFilesMatch && req.method === "GET") {
-      if (ctx.role !== "owner") {
-        sendJson(res, 403, { code: "FORBIDDEN", message: "direct session files are owner-only" });
-        return true;
-      }
       const sid = sessionFilesMatch[1];
       const pathParam = url.searchParams.get("path");
       if (!pathParam) {
@@ -27071,7 +27139,7 @@ function createHttpRouter(deps) {
         return true;
       }
       let absPath;
-      if (import_node_path16.default.isAbsolute(pathParam)) {
+      if (import_node_path15.default.isAbsolute(pathParam)) {
         absPath = pathParam;
       } else if (deps.sessionStore) {
         const file = deps.sessionStore.read(sid);
@@ -27079,7 +27147,7 @@ function createHttpRouter(deps) {
           sendJson(res, 404, { code: "NOT_FOUND", message: `session ${sid} not found` });
           return true;
         }
-        absPath = import_node_path16.default.join(file.cwd, pathParam);
+        absPath = import_node_path15.default.join(file.cwd, pathParam);
       } else {
         sendJson(res, 501, withCtx(ctx, { code: "NOT_IMPLEMENTED", message: "sessionStore not wired" }));
         return true;
@@ -27098,53 +27166,188 @@ function parseUrl(rawUrl) {
   } catch {
     return null;
   }
-}
-function sendJson(res, status, body) {
-  res.writeHead(status, { "Content-Type": "application/json; charset=utf-8" });
-  res.end(JSON.stringify(body));
-}
-function withCtx(ctx, body) {
-  return { ...body, role: ctx.role, personaId: ctx.personaId };
-}
-function isContainedIn(abs, root) {
-  const normalized = import_node_path16.default.resolve(abs);
-  const normalizedRoot = import_node_path16.default.resolve(root);
-  if (normalized === normalizedRoot) return true;
-  return normalized.startsWith(normalizedRoot + import_node_path16.default.sep);
-}
-function streamFile(res, absPath, logger) {
-  let stat;
-  try {
-    stat = import_node_fs14.default.statSync(absPath);
-  } catch (err) {
-    const code = err?.code;
-    if (code === "ENOENT") {
-      sendJson(res, 404, { code: "NOT_FOUND", message: "file not found" });
+}
+function sendJson(res, status, body) {
+  res.writeHead(status, { "Content-Type": "application/json; charset=utf-8" });
+  res.end(JSON.stringify(body));
+}
+function withCtx(ctx, body) {
+  return { ...body, role: ctx.role };
+}
+function streamFile(res, absPath, logger) {
+  let stat;
+  try {
+    stat = import_node_fs13.default.statSync(absPath);
+  } catch (err) {
+    const code = err?.code;
+    if (code === "ENOENT") {
+      sendJson(res, 404, { code: "NOT_FOUND", message: "file not found" });
+    } else {
+      sendJson(res, 500, { code: "STAT_FAILED", message: err.message });
+    }
+    return;
+  }
+  if (!stat.isFile()) {
+    sendJson(res, 400, { code: "NOT_A_FILE", message: "path is not a regular file" });
+    return;
+  }
+  const mime = lookupMime(absPath);
+  const basename = import_node_path15.default.basename(absPath);
+  res.writeHead(200, {
+    "Content-Type": mime,
+    "Content-Length": String(stat.size),
+    "Content-Disposition": `inline; filename*=UTF-8''${encodeURIComponent(basename)}`,
+    // 防止浏览器把任意 mime 当 html 渲染
+    "X-Content-Type-Options": "nosniff"
+  });
+  const stream = import_node_fs13.default.createReadStream(absPath);
+  stream.on("error", (err) => {
+    logger?.warn("streamFile read error", { absPath, err: err.message });
+    res.destroy();
+  });
+  stream.pipe(res);
+}
+// src/attachment/group.ts
+var import_node_fs14 = __toESM(require("fs"), 1);
+var import_node_path16 = __toESM(require("path"), 1);
+var import_node_crypto5 = __toESM(require("crypto"), 1);
+init_protocol();
+var GroupFileStore = class {
+  dataDir;
+  logger;
+  cache = /* @__PURE__ */ new Map();
+  constructor(opts) {
+    this.dataDir = opts.dataDir;
+    this.logger = opts.logger;
+  }
+  rootForScope(scope) {
+    return import_node_path16.default.join(this.dataDir, "sessions", ...scopeSubPath(scope).map(safeFileName));
+  }
+  /** 与 SessionStore.filePath 平级，扩展名 .group-files.json */
+  filePath(scope, sessionId) {
+    return import_node_path16.default.join(this.rootForScope(scope), `${safeFileName(sessionId)}.group-files.json`);
+  }
+  cacheKey(scope, sessionId) {
+    return scope.kind === "default" ? `default::${sessionId}` : `persona:${scope.personaId}:${scope.mode}::${sessionId}`;
+  }
+  /** 从磁盘读一份；不存在 → 空数组；schema 不匹配的条目 → 跳过（防腐） */
+  readFile(scope, sessionId) {
+    const file = this.filePath(scope, sessionId);
+    try {
+      const raw = import_node_fs14.default.readFileSync(file, "utf8");
+      const parsed = JSON.parse(raw);
+      if (!Array.isArray(parsed)) {
+        this.logger?.warn("GroupFileStore.readFile: not an array; resetting session entries", {
+          file
+        });
+        return [];
+      }
+      const out = [];
+      for (const entry of parsed) {
+        const r = GroupFileEntrySchema.safeParse(entry);
+        if (r.success) out.push(r.data);
+      }
+      return out;
+    } catch (err) {
+      const code = err?.code;
+      if (code === "ENOENT") return [];
+      this.logger?.warn("GroupFileStore.readFile failed", {
+        file,
+        err: err.message
+      });
+      return [];
+    }
+  }
+  writeFile(scope, sessionId, entries) {
+    const file = this.filePath(scope, sessionId);
+    import_node_fs14.default.mkdirSync(import_node_path16.default.dirname(file), { recursive: true });
+    const tmp = `${file}.tmp-${process.pid}-${Date.now()}`;
+    import_node_fs14.default.writeFileSync(tmp, JSON.stringify(entries, null, 2), { mode: 384 });
+    import_node_fs14.default.renameSync(tmp, file);
+  }
+  /** 拉一份当前 session 的清单。读盘 → cache；之后调用复用 cache */
+  list(scope, sessionId) {
+    const key = this.cacheKey(scope, sessionId);
+    const cached = this.cache.get(key);
+    if (cached) return cached.entries;
+    const entries = this.readFile(scope, sessionId);
+    this.cache.set(key, { entries });
+    return entries;
+  }
+  /**
+   * upsert：
+   *   - 同 relPath 已存在 → 更新 lastEditedAt + clear stale；不动 from / addedAt / id
+   *     （保留首次入群人 / 入群时刻）
+   *   - 不存在 → append，id 派生稳定 uuid，addedAt = now
+   *
+   * 返回最新 entry（caller 可用来 broadcast 通知）。
+   */
+  upsert(scope, sessionId, input, now = Date.now()) {
+    const entries = this.list(scope, sessionId).slice();
+    const idx = entries.findIndex((e) => e.relPath === input.relPath);
+    let next;
+    if (idx >= 0) {
+      const prev = entries[idx];
+      next = {
+        ...prev,
+        size: input.size,
+        mime: input.mime,
+        lastEditedAt: now,
+        stale: false
+        // label 不在 upsert 路径覆盖（owner +Add 走另一条路径）
+      };
+      entries[idx] = next;
     } else {
-      sendJson(res, 500, { code: "STAT_FAILED", message: err.message });
+      next = {
+        id: `gf-${import_node_crypto5.default.randomBytes(6).toString("base64url")}`,
+        relPath: input.relPath,
+        from: input.from,
+        label: input.label,
+        size: input.size,
+        mime: input.mime,
+        addedAt: now
+        // agent 第一次 upsert 时不写 lastEditedAt（语义上 = 首次"编辑" = addedAt）
+      };
+      entries.push(next);
     }
-    return;
+    this.writeFile(scope, sessionId, entries);
+    this.cache.set(this.cacheKey(scope, sessionId), { entries });
+    return next;
   }
-  if (!stat.isFile()) {
-    sendJson(res, 400, { code: "NOT_A_FILE", message: "path is not a regular file" });
-    return;
+  /**
+   * 标记一个 relPath stale（agent rm / mv 后文件不在）。
+   * - 命中 → stale=true，UI 灰显
+   * - 未命中 → noop（不需要为不在群里的文件创建 stale 条目）
+   *
+   * 注：spec §6 "Bash 命令是 rm 形态"启发式不强求 — runner 暂不调，留给后续优化
+   */
+  markStale(scope, sessionId, relPath) {
+    const entries = this.list(scope, sessionId).slice();
+    const idx = entries.findIndex((e) => e.relPath === relPath);
+    if (idx < 0) return;
+    if (entries[idx].stale) return;
+    entries[idx] = { ...entries[idx], stale: true };
+    this.writeFile(scope, sessionId, entries);
+    this.cache.set(this.cacheKey(scope, sessionId), { entries });
   }
-  const mime = lookupMime(absPath);
-  const basename = import_node_path16.default.basename(absPath);
-  res.writeHead(200, {
-    "Content-Type": mime,
-    "Content-Length": String(stat.size),
-    "Content-Disposition": `inline; filename*=UTF-8''${encodeURIComponent(basename)}`,
-    // 防止浏览器把任意 mime 当 html 渲染
-    "X-Content-Type-Options": "nosniff"
-  });
-  const stream = import_node_fs14.default.createReadStream(absPath);
-  stream.on("error", (err) => {
-    logger?.warn("streamFile read error", { absPath, err: err.message });
-    res.destroy();
-  });
-  stream.pipe(res);
-}
+  /**
+   * 真删一条群文件条目（用于 owner 撤销自己 +Add 的入群操作）。
+   * agent 自动入群的不应走这条 —— 用 markStale 表达"文件不在了"语义；
+   * owner 手动加错了，应该能彻底从列表移除而不是留个 stale 占位。
+   *
+   * 返回值：true=命中并删除；false=relPath 不在群里。
+   */
+  remove(scope, sessionId, relPath) {
+    const entries = this.list(scope, sessionId).slice();
+    const idx = entries.findIndex((e) => e.relPath === relPath);
+    if (idx < 0) return false;
+    entries.splice(idx, 1);
+    this.writeFile(scope, sessionId, entries);
+    this.cache.set(this.cacheKey(scope, sessionId), { entries });
+    return true;
+  }
+};
 // src/discovery/state-file.ts
 var import_node_fs15 = __toESM(require("fs"), 1);
@@ -27822,29 +28025,45 @@ var AUTH_FILE_NAME = "auth.json";
 function authFilePath(dataDir) {
   return import_node_path22.default.join(dataDir, AUTH_FILE_NAME);
 }
-function loadOrCreateAuthToken(opts) {
+function loadOrCreateAuth(opts) {
   const file = authFilePath(opts.dataDir);
   const existing = readAuthFile(file);
-  if (existing && existing.token) return existing.token;
-  const token = (opts.generate ?? defaultGenerate)();
+  const genToken = opts.generate ?? defaultGenerateToken2;
+  const genId = opts.genOwnerPrincipalId ?? defaultGenerateOwnerPrincipalId;
   const now = (opts.now ?? (() => /* @__PURE__ */ new Date()))();
-  writeAuthFile(file, { token, createdAt: now.toISOString() });
-  return token;
+  if (existing) {
+    if (!existing.ownerPrincipalId) {
+      const ownerPrincipalId2 = genId();
+      writeAuthFile(file, {
+        token: existing.token,
+        ownerPrincipalId: ownerPrincipalId2,
+        createdAt: existing.createdAt
+      });
+      return { token: existing.token, ownerPrincipalId: ownerPrincipalId2 };
+    }
+    return { token: existing.token, ownerPrincipalId: existing.ownerPrincipalId };
+  }
+  const token = genToken();
+  const ownerPrincipalId = genId();
+  writeAuthFile(file, { token, ownerPrincipalId, createdAt: now.toISOString() });
+  return { token, ownerPrincipalId };
 }
-function defaultGenerate() {
+function defaultGenerateToken2() {
   return import_node_crypto8.default.randomBytes(32).toString("base64url");
 }
+function defaultGenerateOwnerPrincipalId() {
+  return `owner-${import_node_crypto8.default.randomUUID()}`;
+}
 function readAuthFile(file) {
   try {
     const raw = import_node_fs20.default.readFileSync(file, "utf8");
     const parsed = JSON.parse(raw);
-    if (typeof parsed?.token === "string" && parsed.token.length > 0) {
-      return {
-        token: parsed.token,
-        createdAt: typeof parsed.createdAt === "string" ? parsed.createdAt : (/* @__PURE__ */ new Date(0)).toISOString()
-      };
-    }
-    return null;
+    if (typeof parsed?.token !== "string" || parsed.token.length === 0) return null;
+    return {
+      token: parsed.token,
+      ownerPrincipalId: typeof parsed.ownerPrincipalId === "string" && parsed.ownerPrincipalId.length > 0 ? parsed.ownerPrincipalId : "",
+      createdAt: typeof parsed.createdAt === "string" ? parsed.createdAt : (/* @__PURE__ */ new Date(0)).toISOString()
+    };
   } catch (err) {
     const code = err?.code;
     if (code === "ENOENT") return null;
@@ -28020,7 +28239,8 @@ function buildSessionHandlers(deps) {
       }
     }
     ensurePersonaAccess(ctx, args.ownerPersonaId, "send");
-    const { response, broadcast } = manager.create(args);
+    const creatorPrincipalId = ctx?.principal.id ?? "";
+    const { response, broadcast } = manager.create(args, creatorPrincipalId);
     return { response: { type: "session:info", ...response }, broadcast };
   };
   const list = async (_frame, _client, ctx) => {
@@ -28469,21 +28689,27 @@ function buildCapabilitiesHandlers(deps) {
 // src/handlers/capability.ts
 init_zod();
 init_protocol();
-var IssueArgsSchema = external_exports.object({
-  displayName: external_exports.string().min(1),
-  grants: external_exports.array(GrantSchema),
-  expiresAt: external_exports.number().int().positive().optional(),
-  maxUses: external_exports.number().int().positive().optional()
-}).strict();
-var RevokeArgsSchema = external_exports.object({
+var DeleteArgsSchema = external_exports.object({
   capabilityId: external_exports.string().min(1)
 }).strict();
 function buildCapabilityHandlers(deps) {
-  const { manager, getShareBaseUrl } = deps;
+  const { manager, getShareBaseUrl, personStore, aliasStore } = deps;
   const issue = async (frame) => {
     const { type: _type, requestId: _requestId, ...rest } = frame;
-    const args = IssueArgsSchema.parse(rest);
-    const { token, capability } = manager.issue(args);
+    const args = CapabilityIssueArgsSchema.parse(rest);
+    if (!personStore.get(args.personId)) {
+      throw new ClawdError(
+        ERROR_CODES.VALIDATION_ERROR,
+        `Person not found: ${args.personId}`
+      );
+    }
+    const { personId, ...managerArgs } = args;
+    const { token, capability } = manager.issue({
+      ...managerArgs,
+      atomicAfterPersist: (cap) => {
+        aliasStore.set(cap.id, personId);
+      }
+    });
     const base = getShareBaseUrl().replace(/\/$/, "");
     const shareUrl = `${base}/?token=${encodeURIComponent(token)}`;
     return {
@@ -28503,97 +28729,132 @@ function buildCapabilityHandlers(deps) {
       }
     };
   };
-  const revoke = async (frame) => {
+  const del = async (frame) => {
     const { type: _type, requestId: _requestId, ...rest } = frame;
-    const args = RevokeArgsSchema.parse(rest);
-    const result = manager.revoke(args.capabilityId);
+    const args = DeleteArgsSchema.parse(rest);
+    const result = manager.delete(args.capabilityId);
     if (!result) {
       throw new ClawdError(
         ERROR_CODES.VALIDATION_ERROR,
         `capability not found: ${args.capabilityId}`
       );
     }
+    aliasStore.remove(args.capabilityId);
+    if (result.capability.linkedPrincipalId !== void 0) {
+      aliasStore.remove(result.capability.linkedPrincipalId);
+    }
     return {
       response: {
-        type: "capability:revoked",
-        capabilityId: args.capabilityId,
-        revokedAt: result.revokedAt
+        type: "capability:deleted",
+        capabilityId: args.capabilityId
       }
     };
   };
   return {
     "capability:issue": issue,
     "capability:list": list,
-    "capability:revoke": revoke
+    "capability:delete": del
   };
 }
 // src/handlers/inbox.ts
 init_protocol();
+function assertChannelAccess(ctx, capabilityId) {
+  if (ctx.principal.kind === "owner") return;
+  if (ctx.capabilityId === capabilityId) return;
+  throw new ClawdError(
+    ERROR_CODES.UNAUTHORIZED,
+    `inbox: guest can only access own channel (capabilityId=${capabilityId}, ctx.capabilityId=${ctx.capabilityId ?? "none"})`
+  );
+}
 function buildInboxHandlers(deps) {
-  const { manager, capabilityRegistry } = deps;
-  function resolvePeerPrincipal(peerId) {
-    if (peerId === "owner") {
-      return { id: "owner", kind: "owner", displayName: "owner" };
+  const { manager, personStore, aliasStore } = deps;
+  const postMessage = async (frame, _client, ctx) => {
+    const { type: _t, requestId: _r, ...rest } = frame;
+    const args = InboxPostMessageArgsSchema.parse(rest);
+    if (!ctx) {
+      throw new ClawdError(ERROR_CODES.INTERNAL, "inbox:postMessage: missing ConnectionContext");
     }
-    const cap = capabilityRegistry.findById(peerId);
-    if (!cap) {
-      throw new ClawdError(
-        ERROR_CODES.VALIDATION_ERROR,
-        `peer principal not found: ${peerId}`
-      );
+    assertChannelAccess(ctx, args.capabilityId);
+    if (ctx.principal.kind === "guest") {
+      const senderPrincipalId = ctx.principal.id;
+      const personId = aliasStore.get(senderPrincipalId);
+      if (personId !== void 0) {
+        const person = personStore.get(personId);
+        if (person && !person.dmEnabled) {
+          throw new ClawdError(
+            ERROR_CODES.VALIDATION_ERROR,
+            `DM_BLOCKED: Person ${person.displayName} has DM disabled`
+          );
+        }
+      }
     }
-    return { id: cap.id, kind: "guest", displayName: cap.displayName };
-  }
-  const list = async (frame) => {
-    const { type: _t, requestId: _r, ...rest } = frame;
-    const args = InboxListArgsSchema.parse(rest);
-    const events = manager.list({ includeRead: args.includeRead ?? false });
+    const message = manager.postMessage({
+      capabilityId: args.capabilityId,
+      senderPrincipalId: ctx.principal.id,
+      text: args.text
+    });
     return {
-      response: { type: "inbox:list", events }
+      response: { type: "inbox:postMessage:ok", message }
     };
   };
-  const markRead = async (frame) => {
+  const list = async (frame, _client, ctx) => {
     const { type: _t, requestId: _r, ...rest } = frame;
-    const args = InboxMarkReadArgsSchema.parse(rest);
-    manager.markRead(args.eventId);
+    const args = InboxListArgsSchema.parse(rest);
+    if (!ctx) {
+      throw new ClawdError(ERROR_CODES.INTERNAL, "inbox:list: missing ConnectionContext");
+    }
+    assertChannelAccess(ctx, args.capabilityId);
+    const messages = manager.list(args.capabilityId, args.sinceCreatedAt);
     return {
-      response: { type: "inbox:markRead:ok", eventId: args.eventId }
+      response: { type: "inbox:list:ok", capabilityId: args.capabilityId, messages }
     };
   };
-  const postMessage = async (frame, _client, ctx) => {
+  const markRead = async (frame, _client, ctx) => {
     const { type: _t, requestId: _r, ...rest } = frame;
-    const args = InboxPostMessageArgsSchema.parse(rest);
+    const args = InboxMarkReadArgsSchema.parse(rest);
     if (!ctx) {
-      throw new ClawdError(ERROR_CODES.INTERNAL, "inbox:postMessage: missing ConnectionContext");
+      throw new ClawdError(ERROR_CODES.INTERNAL, "inbox:markRead: missing ConnectionContext");
     }
-    const peer = resolvePeerPrincipal(args.peerPrincipalId);
-    const ev = manager.recordDirectMessage({
-      from: ctx.principal,
-      to: peer,
-      text: args.text
+    assertChannelAccess(ctx, args.capabilityId);
+    const updated = manager.markRead({
+      capabilityId: args.capabilityId,
+      principalId: ctx.principal.id,
+      upToCreatedAt: args.upToCreatedAt
     });
     return {
-      response: { type: "inbox:postMessage:ok", event: ev }
+      response: {
+        type: "inbox:markRead:ok",
+        capabilityId: args.capabilityId,
+        upToCreatedAt: args.upToCreatedAt,
+        updated
+      }
     };
   };
   return {
+    "inbox:postMessage": postMessage,
     "inbox:list": list,
-    "inbox:markRead": markRead,
-    "inbox:postMessage": postMessage
+    "inbox:markRead": markRead
   };
 }
 // src/handlers/remote-persona.ts
 init_protocol();
 function buildRemotePersonaHandlers(deps) {
-  const { store } = deps;
+  const { store, personStore, aliasStore } = deps;
   const now = deps.now ?? Date.now;
   const add = async (frame) => {
     const { type: _t, requestId: _r, ...rest } = frame;
     const args = RemotePersonaAddArgsSchema.parse(rest);
+    if (!personStore.get(args.personId)) {
+      throw new ClawdError(
+        ERROR_CODES.VALIDATION_ERROR,
+        `Person not found: ${args.personId}`
+      );
+    }
+    const { personId, ...persistFields } = args;
     const rp = {
-      ...args,
+      ...persistFields,
       addedAt: now()
     };
     try {
@@ -28607,6 +28868,15 @@ function buildRemotePersonaHandlers(deps) {
       }
       throw err;
     }
+    try {
+      aliasStore.set(rp.ownerPrincipalId, personId);
+    } catch (err) {
+      try {
+        store.remove(rp.alias);
+      } catch {
+      }
+      throw err;
+    }
     return {
       response: { type: "remote-persona:add:ok", remotePersona: stripRemotePersonaSecret(rp) }
     };
@@ -28624,7 +28894,11 @@ function buildRemotePersonaHandlers(deps) {
   const remove = async (frame) => {
     const { type: _t, requestId: _r, ...rest } = frame;
     const args = RemotePersonaRemoveArgsSchema.parse(rest);
+    const existing = store.get(args.alias);
     const removed = store.remove(args.alias);
+    if (existing) {
+      aliasStore.remove(existing.ownerPrincipalId);
+    }
     return {
       response: { type: "remote-persona:remove:ok", alias: args.alias, removed }
     };
@@ -28643,11 +28917,11 @@ function buildWhoamiHandler(deps) {
     if (!ctx) {
       throw new ClawdError(ERROR_CODES.INTERNAL, "whoami: missing ConnectionContext");
     }
-    const owner = { ...OWNER_PRINCIPAL, displayName: deps.ownerDisplayName };
+    const owner = makeOwnerPrincipal(deps.ownerPrincipalId, deps.ownerDisplayName);
     let capability;
     if (ctx.principal.kind === "owner") {
       capability = {
-        id: "owner",
+        id: deps.ownerPrincipalId,
         displayName: deps.ownerDisplayName,
         grants: ctx.grants,
         issuedAt: 0,
@@ -28664,11 +28938,13 @@ function buildWhoamiHandler(deps) {
       capability = stripSecretHash(cap);
     }
     const grantedPersonas = [];
+    const isGuest = ctx.principal.kind === "guest";
     const hasWildcard = capability.grants.some((g2) => g2.resource.type === "*");
     if (hasWildcard) {
       for (const id of deps.personaStore.list()) {
         const file = deps.personaStore.read(id);
         if (!file) continue;
+        if (isGuest && !file.public) continue;
         grantedPersonas.push({ id: file.personaId, displayName: file.label });
       }
     } else {
@@ -28791,28 +29067,151 @@ function buildPersonaHandlers(deps) {
       response: { type: "persona:deleted", personaId: args.personaId }
     };
   };
-  const issueToken = async (frame) => {
-    const args = PersonaIssueTokenArgsSchema.parse(frame);
-    const { token, persona } = personaManager.issueToken(args.personaId, args.label);
-    return {
-      response: { type: "persona:tokenIssued", token, persona }
-    };
-  };
-  const revokeToken = async (frame) => {
-    const args = PersonaRevokeTokenArgsSchema.parse(frame);
-    const persona = personaManager.revokeToken(args.personaId, args.token);
-    return { response: { type: "persona:info", ...persona } };
-  };
   return {
     "persona:create": create,
     "persona:list": list,
     "persona:get": get,
     "persona:update": update,
-    "persona:delete": del,
-    "persona:issueToken": issueToken,
-    "persona:revokeToken": revokeToken
+    "persona:delete": del
+  };
+}
+// src/handlers/person.ts
+var import_node_crypto9 = require("crypto");
+init_protocol();
+// src/person/cascade.ts
+var EMPTY_RESULT = {
+  deletedCapabilityIds: [],
+  removedRemoteAliases: [],
+  deletedInboxEvents: 0
+};
+function cascadeDeletePerson(personId, deps) {
+  if (!deps.personStore.get(personId)) return { ...EMPTY_RESULT };
+  const principalIds = deps.aliasStore.list().filter((a) => a.personId === personId).map((a) => a.principalId);
+  const principalSet = new Set(principalIds);
+  const allCaps = deps.capabilityManager.list();
+  const capsToDelete = allCaps.filter(
+    (c) => principalSet.has(c.id) || c.linkedPrincipalId !== void 0 && principalSet.has(c.linkedPrincipalId)
+  );
+  let deletedInboxEvents = 0;
+  for (const c of capsToDelete) {
+    deletedInboxEvents += deps.inboxStore.list(c.id).length;
+  }
+  const deletedCapabilityIds = [];
+  for (const c of capsToDelete) {
+    if (deps.capabilityManager.delete(c.id) !== null) {
+      deletedCapabilityIds.push(c.id);
+    }
+  }
+  const allRemotes = deps.remotePersonaStore.list();
+  const remotesToRemove = allRemotes.filter((r) => principalSet.has(r.ownerPrincipalId));
+  const removedRemoteAliases = [];
+  for (const r of remotesToRemove) {
+    if (deps.remotePersonaStore.remove(r.alias)) {
+      removedRemoteAliases.push(r.alias);
+    }
+  }
+  deps.aliasStore.removeAllByPerson(personId);
+  deps.personStore.remove(personId);
+  return { deletedCapabilityIds, removedRemoteAliases, deletedInboxEvents };
+}
+// src/handlers/person.ts
+function buildPersonHandlers(deps) {
+  const now = deps.now ?? Date.now;
+  const genId = deps.genId ?? defaultGenId2;
+  const list = async () => {
+    const persons = deps.personStore.list();
+    const aliases = deps.aliasStore.list();
+    const personIdByPrincipal = new Map(aliases.map((a) => [a.principalId, a.personId]));
+    const allCaps = deps.capabilityManager.list();
+    const allRemotes = deps.remotePersonaStore.list();
+    const out = persons.map((p2) => {
+      const linkedCapabilityIds = [];
+      for (const c of allCaps) {
+        const key = c.linkedPrincipalId ?? c.id;
+        if (personIdByPrincipal.get(key) === p2.id) linkedCapabilityIds.push(c.id);
+      }
+      const linkedRemoteAliases = [];
+      for (const r of allRemotes) {
+        if (personIdByPrincipal.get(r.ownerPrincipalId) === p2.id) linkedRemoteAliases.push(r.alias);
+      }
+      return { ...p2, linkedCapabilityIds, linkedRemoteAliases };
+    });
+    return { response: { type: "person:list:ok", persons: out } };
+  };
+  const create = async (frame) => {
+    const { type: _t, requestId: _r, ...rest } = frame;
+    const args = PersonCreateArgsSchema.parse(rest);
+    const t = now();
+    const person = {
+      id: genId(),
+      displayName: args.displayName,
+      ...args.notes !== void 0 ? { notes: args.notes } : {},
+      dmEnabled: args.dmEnabled ?? true,
+      createdAt: t,
+      updatedAt: t
+    };
+    deps.personStore.add(person);
+    return { response: { type: "person:create:ok", person } };
+  };
+  const update = async (frame) => {
+    const { type: _t, requestId: _r, ...rest } = frame;
+    const args = PersonUpdateArgsSchema.parse(rest);
+    const existing = deps.personStore.get(args.id);
+    if (!existing) {
+      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, `Person not found: ${args.id}`);
+    }
+    const t = now();
+    deps.personStore.update(
+      args.id,
+      {
+        ...args.displayName !== void 0 ? { displayName: args.displayName } : {},
+        ...args.notes !== void 0 ? { notes: args.notes } : {},
+        ...args.dmEnabled !== void 0 ? { dmEnabled: args.dmEnabled } : {}
+      },
+      t
+    );
+    const next = deps.personStore.get(args.id);
+    return { response: { type: "person:update:ok", person: next } };
+  };
+  const del = async (frame) => {
+    const { type: _t, requestId: _r, ...rest } = frame;
+    const args = PersonDeleteArgsSchema.parse(rest);
+    if (!deps.personStore.get(args.id)) {
+      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, `Person not found: ${args.id}`);
+    }
+    const result = cascadeDeletePerson(args.id, deps);
+    return {
+      response: {
+        type: "person:delete:ok",
+        deletedCapabilityIds: result.deletedCapabilityIds,
+        removedRemoteAliases: result.removedRemoteAliases,
+        deletedInboxEvents: result.deletedInboxEvents
+      }
+    };
+  };
+  const link = async (frame) => {
+    const { type: _t, requestId: _r, ...rest } = frame;
+    const args = PersonLinkArgsSchema.parse(rest);
+    if (!deps.personStore.get(args.personId)) {
+      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, `Person not found: ${args.personId}`);
+    }
+    deps.aliasStore.set(args.principalId, args.personId);
+    return { response: { type: "person:link:ok" } };
+  };
+  return {
+    "person:list": list,
+    "person:create": create,
+    "person:update": update,
+    "person:delete": del,
+    "person:link": link
   };
 }
+function defaultGenId2() {
+  return `p_${(0, import_node_crypto9.randomUUID)()}`;
+}
 // src/handlers/attachment.ts
 init_protocol();
@@ -28907,23 +29306,11 @@ function buildAttachmentHandlers(deps) {
     const entries = deps.groupFileStore.list(scope, parsed.data.sessionId);
     return { response: { type: "attachment.groupList", entries } };
   };
-  const groupListPersona = async (frame) => {
-    if (!deps.groupFileStore) {
-      throw new ClawdError(ERROR_CODES.METHOD_NOT_IMPLEMENTED, "groupFileStore not wired");
-    }
-    const parsed = AttachmentGroupListPersonaArgs.safeParse(frame);
-    if (!parsed.success) {
-      throw new ClawdError(ERROR_CODES.VALIDATION_ERROR, parsed.error.message);
-    }
-    const perSession = deps.groupFileStore.listByPersona(parsed.data.personaId);
-    return { response: { type: "attachment.groupListPersona", perSession } };
-  };
   return {
     "attachment.signUrl": signUrl,
     "attachment.groupAdd": groupAdd,
     "attachment.groupRemove": groupRemove,
-    "attachment.groupList": groupList,
-    "attachment.groupListPersona": groupListPersona
+    "attachment.groupList": groupList
   };
 }
@@ -28943,15 +29330,33 @@ function buildMethodHandlers(deps) {
     }),
     ...buildCapabilityHandlers({
       manager: deps.capabilityManager,
-      getShareBaseUrl: deps.getShareBaseUrl
+      getShareBaseUrl: deps.getShareBaseUrl,
+      personStore: deps.personStore,
+      aliasStore: deps.personAliasStore
     }),
     ...buildInboxHandlers({
       manager: deps.inboxManager,
-      capabilityRegistry: deps.capabilityRegistry
+      personStore: deps.personStore,
+      aliasStore: deps.personAliasStore
+    }),
+    ...buildRemotePersonaHandlers({
+      store: deps.remotePersonaStore,
+      personStore: deps.personStore,
+      aliasStore: deps.personAliasStore
+    }),
+    ...buildPersonHandlers({
+      personStore: deps.personStore,
+      aliasStore: deps.personAliasStore,
+      capabilityManager: deps.capabilityManager,
+      remotePersonaStore: deps.remotePersonaStore,
+      // inbox channel cascade: person:delete 时用 inboxStore.list 统计每个 cap channel
+      // 消息数 sum 起来作为 deletedInboxEvents 返回 (实际删除走 capability:delete
+      // onDeleted hook → inboxManager.removeChannel, cascade 不主动 rm 文件).
+      inboxStore: deps.inboxStore
     }),
-    ...buildRemotePersonaHandlers({ store: deps.remotePersonaStore }),
     whoami: buildWhoamiHandler({
       ownerDisplayName: deps.ownerDisplayName,
+      ownerPrincipalId: deps.ownerPrincipalId,
       personaStore: deps.personaStore,
       capabilityManager: deps.capabilityManager
     }),
@@ -28977,17 +29382,23 @@ var METHOD_GRANT_MAP = {
   // ---- capability platform（admin-only，本 PR 新增） ----
   "capability:issue": ADMIN_ANY,
   "capability:list": ADMIN_ANY,
-  "capability:revoke": ADMIN_ANY,
-  // ---- inbox 跨用户通知 (Phase 3 admin-only, owner 调; Phase 4 加 postMessage) ----
-  "inbox:list": ADMIN_ANY,
-  "inbox:markRead": ADMIN_ANY,
-  // Phase 4 Task 4.2: DM 是 capability 自带能力 (plan §2),
-  // 任何 principal (owner / guest) 可调, 不通过 grant 表达.
+  "capability:delete": ADMIN_ANY,
+  // ---- inbox: channel-based IM (capability platform v3) ----
+  // 三条都 'public' — capability 本身就是授权凭证. handler 内额外校验
+  // guest ctx.capabilityId === args.capabilityId, 防 guest 越权操作别的 channel.
+  "inbox:list": { kind: "public" },
+  "inbox:markRead": { kind: "public" },
   "inbox:postMessage": { kind: "public" },
   // Phase 4 Task 4.3: 远程 persona 仅 owner 管理 (admin-only)
   "remote-persona:add": ADMIN_ANY,
   "remote-persona:list": ADMIN_ANY,
   "remote-persona:remove": ADMIN_ANY,
+  // Person identity Phase 1: 联系人本质是 owner 视角的 People 列表，仅 owner 管理。
+  "person:list": ADMIN_ANY,
+  "person:create": ADMIN_ANY,
+  "person:update": ADMIN_ANY,
+  "person:delete": ADMIN_ANY,
+  "person:link": ADMIN_ANY,
   // ---- session:* / chat:* 业务方法（v2 Phase 8 两层模型）----
   // dispatcher 不验资源，handler 内按 ctx + frame.args 反查 ownerPersonaId 调 assertGrant。
   // owner 自动通过（ctx 自带 '*':'admin' grant 一切 match）；guest 在被授权 persona 内可调。
@@ -29034,17 +29445,14 @@ var METHOD_GRANT_MAP = {
   "persona:get": ADMIN_ANY,
   "persona:update": ADMIN_ANY,
   "persona:delete": ADMIN_ANY,
-  "persona:issueToken": ADMIN_ANY,
-  "persona:revokeToken": ADMIN_ANY,
   "session:pty:input": ADMIN_ANY,
   "session:pty:resize": ADMIN_ANY,
-  // file-sharing attachment.*：handler 内部已有 requireOwner（HTTP 路径同），dispatcher 这里
-  // 用 admin-only 兜底（双保险，wire-level 也拦）
+  // file-sharing attachment.* RPC：dispatcher 用 admin-only 兜底（wire-level 拦），
+  // 实际只有 owner 能调（personal token 链路 2026-05-21 删除，HTTP Bearer 只识别 owner）
   "attachment.signUrl": ADMIN_ANY,
   "attachment.groupAdd": ADMIN_ANY,
   "attachment.groupRemove": ADMIN_ANY,
-  "attachment.groupList": ADMIN_ANY,
-  "attachment.groupListPersona": ADMIN_ANY
+  "attachment.groupList": ADMIN_ANY
 };
 function computeGrantForFrame(method, frame) {
   const rule = METHOD_GRANT_MAP[method];
@@ -29074,13 +29482,20 @@ async function startDaemon(config) {
   if (pre.status === "stale") {
     logger.warn("stale state file detected, overwriting", { pid: pre.existing.pid });
   }
+  const auth = loadOrCreateAuth({ dataDir: config.dataDir });
   let resolvedAuthToken = null;
   if (config.authToken && config.authToken.trim()) {
     resolvedAuthToken = config.authToken.trim();
   } else if (config.tunnel) {
-    resolvedAuthToken = loadOrCreateAuthToken({ dataDir: config.dataDir });
+    resolvedAuthToken = auth.token;
   }
+  const ownerPrincipalId = auth.ownerPrincipalId;
+  const ownerDisplayName = loadOwnerDisplayName(config.dataDir);
   const authMode = resolvedAuthToken == null ? "none" : "first-message";
+  const inboxStore = new InboxStore(config.dataDir);
+  const inboxManager = new InboxManager(inboxStore, (capabilityId, frame) => {
+    wsServer?.broadcastToCapabilityChannel(capabilityId, frame);
+  });
   const capabilityStore = new CapabilityStore(config.dataDir);
   const capabilityRegistry = new CapabilityRegistry(capabilityStore);
   const capabilityManager = new CapabilityManager(capabilityRegistry, {
@@ -29091,46 +29506,66 @@ async function startDaemon(config) {
         token
       });
     },
-    onRevoked: (cap) => {
+    onDeleted: (cap) => {
+      const deletedAt = Date.now();
       wsServer?.broadcastToOwners({
-        type: "capability:tokenRevoked",
+        type: "capability:tokenDeleted",
         capabilityId: cap.id,
-        revokedAt: cap.revokedAt
+        deletedAt
       });
       wsServer?.closeConnectionsByCapability(cap.id);
       const cleanup = cleanupGuestSessionsForCapability(cap, sessionStoreFactory);
       if (cleanup.removed.length > 0) {
-        logger.info("capability revoke cascade: guest sessions removed", {
+        logger.info("capability delete cascade: guest sessions removed", {
           capabilityId: cap.id,
           removedDirs: cleanup.removed
         });
       }
+      inboxManager.removeChannel(cap.id);
     }
   });
-  const inboxStore = new InboxStore(config.dataDir);
   const remotePersonaStore = new RemotePersonaStore(config.dataDir);
-  const inboxManager = new InboxManager(inboxStore, (frame) => {
-    if (frame.event.kind === "direct-message") {
-      const fromId = frame.event.fromPrincipal.id;
-      const toId = frame.event.toPrincipal.id;
-      wsServer?.broadcastToPrincipal(fromId, frame);
-      if (toId !== fromId) wsServer?.broadcastToPrincipal(toId, frame);
-      return;
-    }
-    wsServer?.broadcastToOwners(frame);
-  });
+  const personStore = new PersonStore(config.dataDir);
+  const personAliasStore = new PersonAliasStore(config.dataDir);
   let wsServer = null;
   const authGate = authMode === "first-message" ? new AuthGate({
     shouldEnforce: buildShouldEnforce({ tunnel: config.tunnel }),
     // Task 1.7：authenticate 注入路径替代 expectedToken 单 token 比对。
     // owner 路径 constantTimeEqual 防侧信道；guest 路径走 capabilityRegistry.
     expectedToken: resolvedAuthToken,
-    authenticate: (t) => authenticate(t, {
-      isOwnerToken: (x) => resolvedAuthToken != null && constantTimeEqual(x, resolvedAuthToken),
-      capabilityRegistry
-    }),
+    authenticate: (t, selfPrincipalId) => {
+      const r = authenticate(t, {
+        isOwnerToken: (x) => resolvedAuthToken != null && constantTimeEqual(x, resolvedAuthToken),
+        ownerPrincipalId,
+        ownerDisplayName,
+        capabilityRegistry
+      });
+      if (r.ok && selfPrincipalId && r.context.principal.kind === "guest" && r.context.capabilityId) {
+        const capId = r.context.capabilityId;
+        const cap = capabilityManager.findById(capId);
+        if (cap && cap.linkedPrincipalId === void 0) {
+          capabilityManager.updateLinkedPrincipalId(capId, selfPrincipalId);
+          try {
+            personAliasStore.rekey(capId, selfPrincipalId);
+          } catch (e) {
+            logger.warn("auth.alias.rekey.failed", {
+              capId,
+              selfPrincipalId,
+              err: e.message
+            });
+          }
+        } else if (cap && cap.linkedPrincipalId !== selfPrincipalId) {
+          logger.warn("auth.selfPrincipalId.mismatch", {
+            capId,
+            expected: cap.linkedPrincipalId,
+            got: selfPrincipalId
+          });
+        }
+      }
+      return r;
+    },
     onAuthed: (h, ctx) => wsServer?.attachClientContext(h.id, ctx),
-    buildOwnerContext: ownerContext,
+    buildOwnerContext: () => ownerContext(ownerPrincipalId, ownerDisplayName),
     closeConnection: (h, code, reason) => wsServer?.closeClient(h.id, code, reason),
     sendOk: (h, payload) => wsServer?.sendToClient(h.id, payload)
   }) : null;
@@ -29157,7 +29592,6 @@ async function startDaemon(config) {
   } else {
     logger.warn("persona.seed.skip", { reason: "defaults-root-not-found" });
   }
-  const ownerDisplayName = loadOwnerDisplayName(config.dataDir);
   const groupFileStore = new GroupFileStore({ dataDir: config.dataDir, logger });
   const manager = new SessionManager({
     store,
@@ -29314,24 +29748,29 @@ async function startDaemon(config) {
     getShareBaseUrl: () => currentTunnelUrl ?? `ws://${config.host}:${config.port}`,
     // v2 Phase 6: whoami handler 装在 owner principal.displayName + persona 解析
     ownerDisplayName,
+    // owner-id stabilization: whoami 用稳定 ownerPrincipalId 替代 'owner' 字面量
+    ownerPrincipalId,
     personaStore,
-    // Phase 4 Task 4.2: inbox:postMessage 要查 capabilityRegistry 解析 peer Principal
+    // capability handler 也用 (capability:issue 走 registry / capability:list)
     capabilityRegistry,
-    // Phase 3 Task 3.4: inbox:list/markRead handler 依赖
+    // capability platform v3 inbox: handler 接 manager (post/list/markRead),
+    // cascade 接 store (list 统计 deletedInboxEvents).
     inboxManager,
+    inboxStore,
     // Phase 4 Task 4.3: remote-persona:* handler 依赖 (本地存储, v1 不接 outgoing WS)
-    remotePersonaStore
+    remotePersonaStore,
+    // Person identity Phase 1 (B13): person:* RPC handlers + 给 capability:issue /
+    // remote-persona:add atomic 写 alias / cascade 删 Person 用
+    personStore,
+    personAliasStore
   });
   const authResolver = new AuthContextResolver({
-    ownerToken: resolvedAuthToken,
-    personaRegistry
+    ownerToken: resolvedAuthToken
   });
   const httpRouter = createHttpRouter({
     authResolver,
     daemonVersion: version,
     logger,
-    personaStore,
-    groupFileStore,
     sessionStore: store,
     // /files HMAC verify 用同一份 owner token 做 secret（与 attachment.signUrl 同源）
     getSignSecret: () => resolvedAuthToken ?? null
@@ -29340,6 +29779,8 @@ async function startDaemon(config) {
     host: config.host,
     port: config.port,
     logger,
+    // broadcastToPrincipal 用此 id 路由 owner-targeted 帧（替代字面量 'owner' sentinel）
+    ownerPrincipalId,
     readyFrameBuilder: (ctx) => buildReadyFrame(
       {
         manager,
@@ -29355,6 +29796,19 @@ async function startDaemon(config) {
     ),
     protocolVersion: PROTOCOL_VERSION,
     authGate: authGate ?? void 0,
+    // noAuth 模式下仍验 capability token: 修 capability platform 漏洞 — 远端 client
+    // 用 cap token 连 noAuth daemon 时若无此 hook 会 fallback owner ctx, whoami 错返
+    // capability.id = ownerPrincipalId, 导致 myCapabilityId 写错 → inbox channel 写错.
+    // 命中 cap → attach guest ctx; 空 token / 未命中 → 保持 noAuth 行为 (handler fallback owner).
+    tryVerifyCapabilityToken: (token) => {
+      const v2 = capabilityRegistry.verifyToken(token);
+      if (!v2.ok) return null;
+      return {
+        principal: { id: v2.capability.id, kind: "guest", displayName: v2.capability.displayName },
+        grants: v2.capability.grants,
+        capabilityId: v2.capability.id
+      };
+    },
     // file-sharing HTTP 路由复用 daemon 同端口（spec §5 第 3 条）；router 自己处理 auth + 404
     httpRequestHandler: httpRouter,
     // 订阅成功后给该 client 重放 in-flight pendingQuestions（plan: clawd-question-server-truth）。
@@ -29407,7 +29861,7 @@ async function startDaemon(config) {
     const requestId = typeof frame.requestId === "string" ? frame.requestId : void 0;
     const handler = handlers[type];
     if (!handler) throw new ClawdError(ERROR_CODES.METHOD_NOT_IMPLEMENTED, `not implemented: ${type}`);
-    const ctx = wsServer.getClientContext(client.id) ?? ownerContext();
+    const ctx = wsServer.getClientContext(client.id) ?? ownerContext(ownerPrincipalId, ownerDisplayName);
     const verdict = computeGrantForFrame(type, frame);
     if (verdict.kind === "check") {
       const ok = assertGrant(ctx.grants, verdict.resource, verdict.action);