@co0ontty/wand 1.9.0 → 1.14.2

package/dist/resume-policy.js

@@ -10,168 +10,6 @@ export function hasRealConversationMessages(messages) {
         && turn.content.some((block) => block.type === "text" && block.text.trim().length > 0));
     return hasUser && hasAssistant;
 }
-export function hasRuntimeConversationSignal(messages) {
-    if (!messages || messages.length === 0) {
-        return false;
-    }
-    const hasUser = messages.some((turn) => turn.role === "user"
-        && turn.content.some((block) => block.type === "text" && block.text.trim().length > 0));
-    const hasAssistant = messages.some((turn) => turn.role === "assistant");
-    return hasUser && hasAssistant;
-}
-export function hasStoredConversationHistory(messages) {
-    return hasRealConversationMessages(messages);
-}
-export function shouldBindClaudeSessionId(record) {
-    return hasRuntimeConversationSignal(record.messages);
-}
-export function shouldAllowResume(record) {
-    return Boolean(record.claudeSessionId) && hasStoredConversationHistory(record.messages);
-}
-export function shouldBackfillFromStoredHistory(record) {
-    return hasStoredConversationHistory(record.messages);
-}
-export function shouldDisplayResumeAction(messages) {
-    return hasStoredConversationHistory(messages);
-}
-export function shouldAutoResumeMessages(messages) {
-    return hasStoredConversationHistory(messages);
-}
-export function shouldBackfillMessages(messages) {
-    return hasStoredConversationHistory(messages);
-}
-export function shouldPromoteProjectSessionId(record) {
-    return shouldBindClaudeSessionId(record);
-}
-export function shouldPromoteStoredSessionId(record) {
-    return shouldBackfillMessages(record.messages);
-}
-export function shouldPromoteUiSessionId(messages) {
-    return shouldDisplayResumeAction(messages);
-}
-export function shouldPromoteResumeSessionId(messages) {
-    return shouldAutoResumeMessages(messages);
-}
-export function hasBindableConversation(messages) {
-    return shouldBindFromRuntimeMessages({ messages: messages ?? [] });
-}
-export function hasBackfillableConversation(messages) {
-    return shouldBackfillMessages(messages);
-}
-export function hasUiConversation(messages) {
-    return shouldPromoteUiSessionId(messages);
-}
-export function hasResumeConversation(messages) {
-    return shouldPromoteResumeSessionId(messages);
-}
-export function isRuntimeConversationReady(messages) {
-    return hasBindableConversation(messages);
-}
-export function isStoredConversationReady(messages) {
-    return hasBackfillableConversation(messages);
-}
-export function isResumeConversationReady(messages) {
-    return hasResumeConversation(messages);
-}
-export function shouldBindFromRuntimeMessages(record) {
-    return isRuntimeConversationReady(record.messages);
-}
-export function shouldAllowUiResume(messages) {
-    return hasUiConversation(messages);
-}
-export function shouldPromoteResumeAction(record) {
-    return shouldAllowResume(record);
-}
-export function shouldBackfillClaudeSessionIdFromDisk(record) {
-    return isStoredConversationReady(record.messages);
-}
-export function shouldUseProjectCandidate(record) {
-    return shouldBindFromRuntimeMessages(record);
-}
-export function shouldResumeProjectCandidate(record) {
-    return shouldPromoteResumeAction(record);
-}
-export function shouldBackfillProjectCandidate(record) {
-    return shouldBackfillClaudeSessionIdFromDisk(record);
-}
-export function hasMinimumRuntimeConversation(messages) {
-    return shouldBindFromRuntimeMessages({ messages: messages ?? [] });
-}
-export function hasMinimumStoredConversation(messages) {
-    return shouldAllowUiResume(messages);
-}
-export function hasMinimumResumeConversation(messages) {
-    return isResumeConversationReady(messages);
-}
-export function hasMinimumBackfillConversation(messages) {
-    return isStoredConversationReady(messages);
-}
-export function hasProjectConversationSignal(messages) {
-    return hasMinimumRuntimeConversation(messages);
-}
-export function hasStoredProjectConversationSignal(messages) {
-    return hasMinimumBackfillConversation(messages);
-}
-export function hasUiProjectConversationSignal(messages) {
-    return hasMinimumStoredConversation(messages);
-}
-export function hasResumeProjectConversationSignal(messages) {
-    return hasMinimumResumeConversation(messages);
-}
-export function canBindFromProjectConversation(messages) {
-    return hasProjectConversationSignal(messages);
-}
-export function canBackfillFromProjectConversation(messages) {
-    return hasStoredProjectConversationSignal(messages);
-}
-export function canShowUiProjectConversation(messages) {
-    return hasUiProjectConversationSignal(messages);
-}
-export function canResumeProjectConversation(messages) {
-    return hasResumeProjectConversationSignal(messages);
-}
-export function shouldUseRuntimeProjectConversation(messages) {
-    return canBindFromProjectConversation(messages);
-}
-export function shouldUseStoredProjectConversation(messages) {
-    return canBackfillFromProjectConversation(messages);
-}
-export function shouldUseUiProjectConversation(messages) {
-    return canShowUiProjectConversation(messages);
-}
-export function shouldUseResumeProjectConversation(messages) {
-    return canResumeProjectConversation(messages);
-}
-export function hasProjectConversationForBinding(messages) {
-    return shouldUseRuntimeProjectConversation(messages);
-}
-export function hasProjectConversationForBackfill(messages) {
-    return shouldUseStoredProjectConversation(messages);
-}
-export function hasProjectConversationForUi(messages) {
-    return shouldUseUiProjectConversation(messages);
-}
-export function hasProjectConversationForResume(messages) {
-    return shouldUseResumeProjectConversation(messages);
-}
-export function isBindableProjectConversation(messages) {
-    return hasProjectConversationForBinding(messages);
-}
-export function isBackfillableProjectConversation(messages) {
-    return hasProjectConversationForBackfill(messages);
-}
-export function isUiProjectConversation(messages) {
-    return hasProjectConversationForUi(messages);
-}
-export function isResumeProjectConversation(messages) {
-    return hasProjectConversationForResume(messages);
-}
-export function hasLiveProjectConversation(messages) {
-    return isBindableProjectConversation(messages);
-}
-export function hasStoredProjectConversation(messages) {
-    return isBackfillableProjectConversation(messages);
-}
 export function getResumeCommandSessionId(command) {
     const match = RESUME_COMMAND_ID_PATTERN.exec(command);
     return match?.[1] ?? null;

package/dist/server-session-routes.js

@@ -71,6 +71,11 @@ function listAllSessions(processes, structured) {
     return [...structured.list(), ...processes.list()]
         .sort((a, b) => b.startedAt.localeCompare(a.startedAt));
 }
+/** Lightweight session list — omits output and messages to reduce payload. */
+function listAllSessionsSlim(processes, structured) {
+    return [...structured.listSlim(), ...processes.listSlim()]
+        .sort((a, b) => b.startedAt.localeCompare(a.startedAt));
+}
 function requireWorktreeSession(snapshot) {
     if (!snapshot) {
         throw new Error("未找到该会话。");
@@ -133,7 +138,7 @@ function isMergeActionAllowed(snapshot) {
 }
 export function registerSessionRoutes(app, processes, structured, storage, defaultMode) {
     app.get("/api/sessions", (_req, res) => {
-        const all = listAllSessions(processes, structured);
+        const all = listAllSessionsSlim(processes, structured);
         console.log("[WAND] GET /api/sessions count:", all.length, "sessions:", all.map(s => ({ id: s.id.substring(0, 8), kind: s.sessionKind, runner: s.runner, status: s.status })));
         res.json(all);
     });
@@ -178,6 +183,29 @@ export function registerSessionRoutes(app, processes, structured, storage, defau
             res.status(400).json({ error: getErrorMessage(error, "无法发送结构化消息。") });
         }
     });
+    // ── Tool content lazy-load endpoint ──
+    app.get("/api/sessions/:id/tool-content/:toolUseId", (req, res) => {
+        const snapshot = getSessionById(processes, structured, req.params.id);
+        if (!snapshot) {
+            res.status(404).json({ error: "未找到该会话。" });
+            return;
+        }
+        const toolUseId = req.params.toolUseId;
+        const messages = snapshot.messages ?? [];
+        for (const turn of messages) {
+            for (const block of turn.content) {
+                if (block.type === "tool_result" && block.tool_use_id === toolUseId) {
+                    res.json({
+                        tool_use_id: block.tool_use_id,
+                        content: block.content,
+                        is_error: block.is_error || false,
+                    });
+                    return;
+                }
+            }
+        }
+        res.status(404).json({ error: "未找到该工具结果。" });
+    });
     app.post("/api/sessions/:id/worktree/merge/check", (req, res) => {
         try {
             const current = requireWorktreeSession(getLatestSessionSnapshot(processes, structured, storage, req.params.id));

package/dist/server.js

@@ -1,9 +1,10 @@
+import crypto from "node:crypto";
 import express from "express";
-import { readdir, readFile, stat } from "node:fs/promises";
-import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { createReadStream, existsSync, readFileSync, writeFileSync } from "node:fs";
+import { mkdir, readdir, readFile, stat } from "node:fs/promises";
 import { createServer as createHttpServer } from "node:http";
 import { createServer as createHttpsServer } from "node:https";
-import { exec } from "node:child_process";
+import { exec, spawn } from "node:child_process";
 import { promisify } from "node:util";
 import path from "node:path";
 import process from "node:process";
@@ -11,7 +12,7 @@ import { WebSocketServer } from "ws";
 import { ensureAvatarSeed, getAvatarSvg } from "./avatar.js";
 import { createSession, revokeSession, setAuthStorage, validateSession } from "./auth.js";
 import { ensureCertificates } from "./cert.js";
-import { isExecutionMode, resolveConfigDir, saveConfig } from "./config.js";
+import { isExecutionMode, normalizeCardDefaults, resolveConfigDir, saveConfig } from "./config.js";
 import { ProcessManager } from "./process-manager.js";
 import { StructuredSessionManager } from "./structured-session-manager.js";
 import { generatePwaManifest, generateServiceWorker } from "./pwa.js";
@@ -65,6 +66,65 @@ function compareSemver(a, b) {
     }
     return 0;
 }
+let cachedGitHubApk = null;
+let gitHubApkCacheTs = 0;
+const GITHUB_APK_CACHE_TTL = 10 * 60 * 1000; // 10 minutes
+async function fetchGitHubLatestApk(forceRefresh = false) {
+    const now = Date.now();
+    if (!forceRefresh && cachedGitHubApk && (now - gitHubApkCacheTs < GITHUB_APK_CACHE_TTL)) {
+        return cachedGitHubApk;
+    }
+    try {
+        const apiUrl = PKG_REPO_URL.replace("github.com", "api.github.com/repos") + "/releases/latest";
+        const resp = await fetch(apiUrl, {
+            headers: { "Accept": "application/vnd.github.v3+json", "User-Agent": "wand-server" },
+            signal: AbortSignal.timeout(10000),
+        });
+        if (!resp.ok)
+            return cachedGitHubApk ?? null;
+        const release = await resp.json();
+        const apkAsset = release.assets.find(a => a.name.toLowerCase().endsWith(".apk"));
+        if (!apkAsset)
+            return cachedGitHubApk ?? null;
+        const version = extractAndroidApkVersion(release.tag_name) ?? release.tag_name.replace(/^v/, "");
+        cachedGitHubApk = {
+            version,
+            downloadUrl: apkAsset.browser_download_url,
+            fileName: apkAsset.name,
+            size: apkAsset.size,
+        };
+        gitHubApkCacheTs = now;
+        return cachedGitHubApk;
+    }
+    catch {
+        return cachedGitHubApk ?? null;
+    }
+}
+async function resolveLatestApkVersion(configDir, config) {
+    // Priority 1: local APK file
+    const localApk = await resolveAndroidApkAsset(configDir, config);
+    if (localApk && localApk.version) {
+        return {
+            version: localApk.version,
+            downloadUrl: localApk.downloadUrl,
+            fileName: localApk.fileName,
+            size: localApk.size,
+            source: "local",
+        };
+    }
+    // Priority 2: GitHub Release
+    const ghApk = await fetchGitHubLatestApk();
+    if (ghApk) {
+        return {
+            version: ghApk.version,
+            downloadUrl: ghApk.downloadUrl,
+            fileName: ghApk.fileName,
+            size: ghApk.size,
+            source: "github",
+        };
+    }
+    return null;
+}
 function isExternalAvatarSource(value) {
     return /^(https?:|data:)/i.test(value);
 }
@@ -238,9 +298,99 @@ function readSessionCookie(req) {
     const match = cookie.split(";").map((part) => part.trim()).find((part) => part.startsWith("wand_session="));
     return match?.slice("wand_session=".length);
 }
+// ── App connection token helpers ──
+function generateAppToken(password, secret) {
+    return crypto.createHmac("sha256", secret).update(password).digest("hex");
+}
+function verifyAppToken(token, password, secret) {
+    const expected = generateAppToken(password, secret);
+    return crypto.timingSafeEqual(Buffer.from(token, "hex"), Buffer.from(expected, "hex"));
+}
+function encodeConnectCode(url, token) {
+    return Buffer.from(`${url}#${token}`).toString("base64");
+}
+function decodeConnectCode(code) {
+    try {
+        const decoded = Buffer.from(code, "base64").toString("utf8");
+        const hashIdx = decoded.lastIndexOf("#");
+        if (hashIdx < 1)
+            return null;
+        const url = decoded.substring(0, hashIdx);
+        const token = decoded.substring(hashIdx + 1);
+        if (!url.startsWith("http") || token.length < 16)
+            return null;
+        return { url, token };
+    }
+    catch {
+        return null;
+    }
+}
 function normalizeMode(input, fallback) {
     return isExecutionMode(input) ? input : fallback;
 }
+function resolveAndroidApkDir(configDir, config) {
+    const configuredDir = config.android?.apkDir?.trim();
+    if (!configuredDir) {
+        return path.join(configDir, "android");
+    }
+    return path.isAbsolute(configuredDir) ? configuredDir : path.resolve(configDir, configuredDir);
+}
+function extractAndroidApkVersion(fileName) {
+    const nameWithoutExt = fileName.replace(/\.apk$/i, "");
+    const match = nameWithoutExt.match(/(\d+\.\d+\.\d+(?:[-+][A-Za-z0-9.-]+)?)/);
+    return match ? match[1] : null;
+}
+async function resolveAndroidApkAsset(configDir, config) {
+    if (config.android?.enabled !== true)
+        return null;
+    const apkDir = resolveAndroidApkDir(configDir, config);
+    await mkdir(apkDir, { recursive: true });
+    const configuredFile = config.android?.currentApkFile?.trim();
+    if (configuredFile) {
+        const filePath = path.join(apkDir, path.basename(configuredFile));
+        try {
+            const fileStat = await stat(filePath);
+            if (!fileStat.isFile())
+                return null;
+            return {
+                fileName: path.basename(filePath),
+                filePath,
+                size: fileStat.size,
+                updatedAt: fileStat.mtime.toISOString(),
+                version: extractAndroidApkVersion(path.basename(filePath)),
+                downloadUrl: "/android/download",
+                source: "local",
+            };
+        }
+        catch {
+            return null;
+        }
+    }
+    const entries = await readdir(apkDir, { withFileTypes: true });
+    const apkFiles = entries.filter((entry) => entry.isFile() && entry.name.toLowerCase().endsWith(".apk"));
+    if (apkFiles.length === 0)
+        return null;
+    const candidates = await Promise.all(apkFiles.map(async (entry) => {
+        const filePath = path.join(apkDir, entry.name);
+        const fileStat = await stat(filePath);
+        return {
+            entry,
+            filePath,
+            fileStat,
+        };
+    }));
+    candidates.sort((a, b) => b.fileStat.mtimeMs - a.fileStat.mtimeMs);
+    const selected = candidates[0];
+    return {
+        fileName: selected.entry.name,
+        filePath: selected.filePath,
+        size: selected.fileStat.size,
+        updatedAt: selected.fileStat.mtime.toISOString(),
+        version: extractAndroidApkVersion(selected.entry.name),
+        downloadUrl: "/android/download",
+        source: "local",
+    };
+}
 async function listPathSuggestions(input, fallbackCwd) {
     const normalizedInput = input.trim();
     const baseInput = normalizedInput || fallbackCwd;
@@ -415,13 +565,26 @@ export async function startServer(config, configPath) {
             res.status(429).json({ error: "登录尝试次数过多，请在 15 分钟后再试。" });
             return;
         }
-        const { password } = req.body;
+        const { password, appToken } = req.body;
         const dbPassword = storage.getPassword();
         const effectivePassword = dbPassword ?? config.password;
-        if (password !== effectivePassword) {
-            recordFailedLogin(clientIp);
-            res.status(401).json({ error: "密码错误，请重试。" });
-            return;
+        // App token login — derived from password, so password change invalidates it
+        let authenticated = false;
+        if (appToken) {
+            try {
+                authenticated = verifyAppToken(appToken, effectivePassword, config.appSecret ?? "");
+            }
+            catch {
+                authenticated = false;
+            }
+        }
+        if (!authenticated) {
+            if (password !== effectivePassword) {
+                recordFailedLogin(clientIp);
+                res.status(401).json({ error: "密码错误，请重试。" });
+                return;
+            }
+            authenticated = true;
         }
         resetRateLimit(clientIp);
         const token = createSession();
@@ -447,6 +610,44 @@ export async function startServer(config, configPath) {
         storage.setPassword(password);
         res.json({ ok: true });
     });
+    // ── Android APK update & download (no auth required) ──
+    app.get("/api/android-apk-update", async (req, res) => {
+        const currentVersion = req.query.currentVersion?.trim();
+        if (!currentVersion) {
+            res.status(400).json({ error: "Missing currentVersion query parameter." });
+            return;
+        }
+        const latest = await resolveLatestApkVersion(configDir, config);
+        if (!latest) {
+            res.json({ updateAvailable: false, currentVersion, latestVersion: null, downloadUrl: null, source: null });
+            return;
+        }
+        const updateAvailable = compareSemver(latest.version, currentVersion) > 0;
+        res.json({
+            updateAvailable,
+            currentVersion,
+            latestVersion: latest.version,
+            downloadUrl: updateAvailable ? latest.downloadUrl : null,
+            fileName: updateAvailable ? latest.fileName : null,
+            size: updateAvailable ? latest.size : null,
+            source: latest.source,
+        });
+    });
+    app.get("/android/download", async (_req, res) => {
+        const androidApk = await resolveAndroidApkAsset(configDir, config);
+        if (config.android?.enabled !== true) {
+            res.status(404).json({ error: "Android APK 下载未启用。" });
+            return;
+        }
+        if (!androidApk) {
+            res.status(404).json({ error: "当前没有可下载的 APK 文件。" });
+            return;
+        }
+        res.setHeader("Content-Type", "application/vnd.android.package-archive");
+        res.setHeader("Content-Length", String(androidApk.size));
+        res.setHeader("Content-Disposition", `attachment; filename="${encodeURIComponent(androidApk.fileName)}"`);
+        createReadStream(androidApk.filePath).pipe(res);
+    });
     app.use("/api", requireAuth);
     // ── Config & Session info ──
     app.get("/api/config", async (_req, res) => {
@@ -459,18 +660,28 @@ export async function startServer(config, configPath) {
             commandPresets: config.commandPresets,
             structuredRunners: [{ label: "Claude Structured", runner: "claude-cli-print" }],
             structuredChatPersona,
+            cardDefaults: config.cardDefaults,
             updateAvailable: cachedUpdateInfo?.updateAvailable ?? false,
             latestVersion: cachedUpdateInfo?.latest ?? null,
             currentVersion: PKG_VERSION,
         });
     });
     // ── Settings endpoints ──
-    app.get("/api/settings", (_req, res) => {
+    app.get("/api/settings", async (_req, res) => {
         const certPaths = {
             keyPath: path.join(configDir, "server.key"),
             certPath: path.join(configDir, "server.crt"),
         };
         const { password: _pw, ...safeConfig } = config;
+        const localApk = await resolveAndroidApkAsset(configDir, config);
+        const ghApk = await fetchGitHubLatestApk();
+        const apkDir = resolveAndroidApkDir(configDir, config);
+        // Backward-compatible: pick best available for hasApk/version/downloadUrl
+        const resolvedApk = localApk
+            ? { hasApk: true, fileName: localApk.fileName, version: localApk.version, size: localApk.size, updatedAt: localApk.updatedAt, downloadUrl: localApk.downloadUrl, source: "local" }
+            : ghApk
+                ? { hasApk: true, fileName: ghApk.fileName, version: ghApk.version, size: ghApk.size, updatedAt: null, downloadUrl: ghApk.downloadUrl, source: "github" }
+                : null;
         res.json({
             version: PKG_VERSION,
             packageName: PKG_NAME,
@@ -478,8 +689,57 @@ export async function startServer(config, configPath) {
             repoUrl: PKG_REPO_URL,
             config: safeConfig,
             hasCert: existsSync(certPaths.keyPath) && existsSync(certPaths.certPath),
+            updateAvailable: cachedUpdateInfo?.updateAvailable ?? false,
+            latestVersion: cachedUpdateInfo?.latest ?? null,
+            androidApk: {
+                enabled: config.android?.enabled === true,
+                apkDir,
+                hasApk: resolvedApk?.hasApk ?? false,
+                fileName: resolvedApk?.fileName ?? null,
+                version: resolvedApk?.version ?? null,
+                size: resolvedApk?.size ?? null,
+                updatedAt: resolvedApk?.updatedAt ?? null,
+                downloadUrl: resolvedApk?.downloadUrl ?? null,
+                source: resolvedApk?.source ?? null,
+                local: localApk ? { fileName: localApk.fileName, version: localApk.version, size: localApk.size, updatedAt: localApk.updatedAt, downloadUrl: localApk.downloadUrl } : null,
+                github: ghApk ? { fileName: ghApk.fileName, version: ghApk.version, size: ghApk.size, downloadUrl: ghApk.downloadUrl } : null,
+            },
         });
     });
+    app.get("/api/android-apk", async (_req, res) => {
+        const localApk = await resolveAndroidApkAsset(configDir, config);
+        const ghApk = await fetchGitHubLatestApk();
+        const apkDir = resolveAndroidApkDir(configDir, config);
+        const resolvedApk = localApk
+            ? { hasApk: true, fileName: localApk.fileName, version: localApk.version, size: localApk.size, updatedAt: localApk.updatedAt, downloadUrl: localApk.downloadUrl, source: "local" }
+            : ghApk
+                ? { hasApk: true, fileName: ghApk.fileName, version: ghApk.version, size: ghApk.size, updatedAt: null, downloadUrl: ghApk.downloadUrl, source: "github" }
+                : null;
+        res.json({
+            enabled: config.android?.enabled === true,
+            apkDir,
+            hasApk: resolvedApk?.hasApk ?? false,
+            fileName: resolvedApk?.fileName ?? null,
+            version: resolvedApk?.version ?? null,
+            size: resolvedApk?.size ?? null,
+            updatedAt: resolvedApk?.updatedAt ?? null,
+            downloadUrl: resolvedApk?.downloadUrl ?? null,
+            source: resolvedApk?.source ?? null,
+            local: localApk ? { fileName: localApk.fileName, version: localApk.version, size: localApk.size, updatedAt: localApk.updatedAt, downloadUrl: localApk.downloadUrl } : null,
+            github: ghApk ? { fileName: ghApk.fileName, version: ghApk.version, size: ghApk.size, downloadUrl: ghApk.downloadUrl } : null,
+        });
+    });
+    app.get("/api/app-connect-code", requireAuth, (req, res) => {
+        const dbPassword = storage.getPassword();
+        const effectivePassword = dbPassword ?? config.password;
+        const protocol = useHttps ? "https" : "http";
+        const host = req.headers.host || `${config.host}:${config.port}`;
+        const serverUrl = `${protocol}://${host}`;
+        const appSecret = config.appSecret ?? "";
+        const token = generateAppToken(effectivePassword, appSecret);
+        const code = encodeConnectCode(serverUrl, token);
+        res.json({ code });
+    });
     app.post("/api/settings/config", async (req, res) => {
         const body = req.body;
         const allowedFields = ["host", "port", "https", "defaultMode", "defaultCwd", "shell", "language"];
@@ -519,48 +779,21 @@ export async function startServer(config, configPath) {
                 changed = true;
             }
         }
-        if (body.uiPreferences && typeof body.uiPreferences === "object") {
-            const defaultPanelStateInput = body.uiPreferences.defaultPanelState;
-            if (defaultPanelStateInput && typeof defaultPanelStateInput === "object") {
-                const nextDefaultPanelState = {
-                    ...config.uiPreferences?.defaultPanelState,
-                };
-                let panelChanged = false;
-                const panelFields = [
-                    "sessionsDrawerOpen",
-                    "filePanelOpen",
-                    "shortcutsExpanded",
-                    "claudeHistoryExpanded",
-                    "chatMessageExpanded",
-                    "structuredThinkingExpanded",
-                    "structuredToolGroupExpanded",
-                    "structuredInlineToolExpanded",
-                    "structuredTerminalExpanded",
-                    "structuredToolCardExpanded"
-                ];
-                for (const field of panelFields) {
-                    if (field in defaultPanelStateInput && typeof defaultPanelStateInput[field] === "boolean") {
-                        nextDefaultPanelState[field] = defaultPanelStateInput[field];
-                        panelChanged = true;
-                    }
-                }
-                if (panelChanged) {
-                    config.uiPreferences = {
-                        ...config.uiPreferences,
-                        defaultPanelState: nextDefaultPanelState,
-                    };
-                    changed = true;
-                }
-            }
+        // Handle cardDefaults separately (nested object, no restart needed)
+        if (body.cardDefaults !== undefined) {
+            config.cardDefaults = normalizeCardDefaults(body.cardDefaults);
+            changed = true;
         }
         if (!changed) {
             res.status(400).json({ error: "没有可更新的配置字段。" });
             return;
         }
+        // cardDefaults-only changes don't need restart
+        const restartRequired = allowedFields.some((f) => f in body && body[f] !== undefined);
         try {
             await saveConfig(configPath, config);
             const { password: _pw, ...safeConfig } = config;
-            res.json({ ok: true, config: safeConfig, restartRequired: true });
+            res.json({ ok: true, config: safeConfig, restartRequired });
         }
         catch (error) {
             res.status(500).json({ error: getErrorMessage(error, "保存配置失败。") });
@@ -910,7 +1143,7 @@ export async function startServer(config, configPath) {
         })()
         : createHttpServer(app);
     const wss = new WebSocketServer({ server, path: "/ws" });
-    const wsManager = new WsBroadcastManager(wss);
+    const wsManager = new WsBroadcastManager(wss, () => config.cardDefaults ?? {});
     wsManager.setup((id) => structuredSessions.get(id) ?? processes.get(id));
     // Wire process events to WebSocket broadcast
     processes.on("process", (event) => {
@@ -919,6 +1152,30 @@ export async function startServer(config, configPath) {
     structuredSessions.setEventEmitter((event) => {
         wsManager.emitEvent(event);
     });
+    // ── Restart endpoint (needs server + wss in scope) ──
+    app.post("/api/restart", async (_req, res) => {
+        res.json({ ok: true, message: "服务正在重启..." });
+        wsManager.emitEvent({
+            type: "notification",
+            sessionId: "__system__",
+            data: { kind: "restart" },
+        });
+        setTimeout(() => {
+            // Close all WebSocket connections first
+            wss.clients.forEach((client) => client.close());
+            server.close(() => {
+                spawn(process.execPath, process.argv.slice(1), {
+                    detached: true,
+                    stdio: "inherit",
+                    cwd: process.cwd(),
+                    env: process.env,
+                }).unref();
+                process.exit(0);
+            });
+            // Force exit after 5s if graceful shutdown stalls
+            setTimeout(() => process.exit(0), 5000);
+        }, 600);
+    });
     await new Promise((resolve, reject) => {
         server.listen(config.port, config.host, () => {
             const listenAddr = config.host === "0.0.0.0" ? "0.0.0.0 (所有接口)" : config.host;