@cordfuse/llmux 0.10.5 → 0.12.0

package/dist/index.js

@@ -1,91 +1,3449 @@
 #!/usr/bin/env node
 
 // src/index.ts
-import { readFileSync } from "fs";
+import { readFileSync as readFileSync5 } from "fs";
+import { fileURLToPath as fileURLToPath2 } from "url";
+import { dirname as dirname4, resolve as resolve3 } from "path";
+
+// src/cli.ts
+function parseArgs(argv, specs) {
+  const aliasMap = /* @__PURE__ */ new Map();
+  for (const [name, spec] of Object.entries(specs)) {
+    if (spec.alias) aliasMap.set(spec.alias, name);
+  }
+  const resolveName = (raw) => aliasMap.get(raw) ?? raw;
+  const positional = [];
+  const flags = {};
+  for (let i = 0; i < argv.length; i++) {
+    const token = argv[i];
+    if (token === "--") {
+      positional.push(...argv.slice(i + 1));
+      break;
+    }
+    if (token.startsWith("--")) {
+      const body = token.slice(2);
+      const eq = body.indexOf("=");
+      const rawName = eq >= 0 ? body.slice(0, eq) : body;
+      const name = resolveName(rawName);
+      const spec = specs[name];
+      if (!spec) {
+        throw new Error(`unknown flag --${rawName}`);
+      }
+      if (spec.kind === "boolean") {
+        flags[name] = eq >= 0 ? body.slice(eq + 1) !== "false" : true;
+      } else {
+        if (eq >= 0) {
+          flags[name] = body.slice(eq + 1);
+        } else {
+          const next = argv[i + 1];
+          if (next === void 0 || next.startsWith("-")) {
+            throw new Error(`--${rawName} requires a value`);
+          }
+          flags[name] = next;
+          i++;
+        }
+      }
+      continue;
+    }
+    if (token.startsWith("-") && token.length > 1) {
+      const body = token.slice(1);
+      const name = resolveName(body);
+      const spec = specs[name];
+      if (!spec) {
+        throw new Error(`unknown flag -${body}`);
+      }
+      if (spec.kind === "boolean") {
+        flags[name] = true;
+      } else {
+        const next = argv[i + 1];
+        if (next === void 0 || next.startsWith("-")) {
+          throw new Error(`-${body} requires a value`);
+        }
+        flags[name] = next;
+        i++;
+      }
+      continue;
+    }
+    positional.push(token);
+  }
+  return { positional, flags };
+}
+
+// src/daemon/handlers.ts
+import { existsSync as existsSync5 } from "fs";
+import { resolve as resolve2 } from "path";
+import { createInterface } from "readline";
+import qrcodeTerminal from "qrcode-terminal";
+
+// src/daemon/agents.ts
+import { accessSync, constants, existsSync, readdirSync, readFileSync, statSync } from "fs";
+import { homedir } from "os";
+import { join, delimiter } from "path";
+function encodeClaudeCwd(cwd) {
+  return cwd.replace(/\//g, "-");
+}
+function extractClaudeUserText(msg) {
+  if (typeof msg !== "object" || msg === null) return void 0;
+  const content = msg.content;
+  if (typeof content === "string") return content;
+  if (Array.isArray(content)) {
+    for (const block of content) {
+      if (typeof block === "object" && block !== null) {
+        const b = block;
+        if (b.type === "text" && typeof b.text === "string") return b.text;
+      }
+    }
+  }
+  return void 0;
+}
+function looksLikeRealUserMessage(text) {
+  if (!text) return false;
+  if (text.startsWith("<local-command")) return false;
+  if (text.startsWith("<command-name>")) return false;
+  if (text.startsWith("<command-message>")) return false;
+  return true;
+}
+var claudeHistory = {
+  listConversations(cwd) {
+    const dir = join(homedir(), ".claude", "projects", encodeClaudeCwd(cwd));
+    if (!existsSync(dir)) return [];
+    let entries;
+    try {
+      entries = readdirSync(dir).filter((f) => f.endsWith(".jsonl"));
+    } catch {
+      return [];
+    }
+    const out = [];
+    for (const fname of entries) {
+      const id = fname.slice(0, -".jsonl".length);
+      const fpath = join(dir, fname);
+      try {
+        const raw = readFileSync(fpath, "utf8");
+        const lines = raw.split("\n").filter((l) => l.length > 0);
+        let title;
+        let firstTs;
+        let lastTs;
+        for (const line of lines) {
+          let evt;
+          try {
+            evt = JSON.parse(line);
+          } catch {
+            continue;
+          }
+          if (evt.timestamp) {
+            if (!firstTs) firstTs = evt.timestamp;
+            lastTs = evt.timestamp;
+          }
+          if (!title && evt.type === "user") {
+            const text = extractClaudeUserText(evt.message);
+            if (text && looksLikeRealUserMessage(text)) {
+              title = text.split("\n")[0].slice(0, 100).trim();
+            }
+          }
+        }
+        const stat = statSync(fpath);
+        out.push({
+          id,
+          title: title ?? "(no opener)",
+          startedAt: firstTs ?? new Date(stat.ctimeMs).toISOString(),
+          lastMessageAt: lastTs ?? new Date(stat.mtimeMs).toISOString(),
+          messageCount: lines.length
+        });
+      } catch {
+      }
+    }
+    return out.sort((a, b) => b.lastMessageAt.localeCompare(a.lastMessageAt));
+  },
+  resumeFlag(id) {
+    return `--resume ${id}`;
+  }
+};
+var which = (cmd) => {
+  const pathDirs = (process.env.PATH ?? "").split(delimiter);
+  for (const dir of pathDirs) {
+    if (!dir) continue;
+    try {
+      accessSync(join(dir, cmd), constants.X_OK);
+      return true;
+    } catch {
+    }
+  }
+  return false;
+};
+var copilotInstalled = () => {
+  return existsSync(join(homedir(), ".local/share/gh/copilot"));
+};
+var DEFAULT_AGENTS = {
+  claude: { key: "claude", displayName: "Claude Code", cmd: "claude", flags: "--dangerously-skip-permissions", readyPrompt: "^>", installHint: "curl -fsSL https://claude.ai/install.sh | bash", docsUrl: "https://docs.claude.com/en/docs/claude-code/overview", history: claudeHistory },
+  codex: { key: "codex", displayName: "Codex CLI", cmd: "codex", flags: "--dangerously-bypass-approvals-and-sandbox", readyPrompt: "^>", installHint: "npm install -g @openai/codex", docsUrl: "https://github.com/openai/codex" },
+  agy: { key: "agy", displayName: "Antigravity CLI", cmd: "agy", flags: "--dangerously-skip-permissions", readyPrompt: "^agy>", installHint: "curl -fsSL https://antigravity.google/cli/install.sh | bash", docsUrl: "https://antigravity.google/docs/cli-install" },
+  gemini: { key: "gemini", displayName: "Gemini CLI", cmd: "gemini", flags: "--yolo", readyPrompt: "^>", installHint: "npm install -g @google/gemini-cli", docsUrl: "https://github.com/google-gemini/gemini-cli" },
+  qwen: { key: "qwen", displayName: "Qwen Code", cmd: "qwen", flags: "--yolo", readyPrompt: "^>", installHint: "npm install -g @qwen-code/qwen-code", docsUrl: "https://github.com/QwenLM/qwen-code" },
+  // OpenCode's --dangerously-skip-permissions only applies to `opencode run`
+  // (one-shot). The TUI default mode rejects it and exits — danger mode in
+  // the TUI is controlled via OPENCODE_YOLO=1 instead.
+  // No model flag set — OpenCode honors the operator's own config at
+  // ~/.config/opencode/opencode.json (provider + default model). Operator
+  // overrides per-spawn via the flags field if they want a specific model
+  // (e.g. `-m openrouter/anthropic/claude-sonnet-4.6` or
+  // `-m ollama/qwen2.5-coder:14b`).
+  opencode: { key: "opencode", displayName: "OpenCode", cmd: "opencode", readyPrompt: "^>", installHint: "curl -fsSL https://opencode.ai/install | bash", docsUrl: "https://opencode.ai", envDefaults: { OPENCODE_YOLO: "1" } },
+  amp: { key: "amp", displayName: "Sourcegraph Amp", cmd: "amp", flags: "--dangerously-allow-all", readyPrompt: "^>", installHint: "npm install -g @sourcegraph/amp", docsUrl: "https://ampcode.com/manual" },
+  grok: { key: "grok", displayName: "Grok Build CLI", cmd: "grok", flags: "--always-approve", readyPrompt: "^grok>", installHint: "curl -fsSL https://x.ai/cli/install.sh | bash", docsUrl: "https://x.ai/cli" },
+  aider: { key: "aider", displayName: "Aider", cmd: "aider", flags: "--yes-always --model claude-opus-4-6", readyPrompt: "^> $", installHint: "python -m pip install aider-chat", docsUrl: "https://aider.chat" },
+  continue: { key: "continue", displayName: "Continue CLI", cmd: "cn", flags: "--auto", readyPrompt: "^>", installHint: "npm install -g @continuedev/cli", docsUrl: "https://docs.continue.dev/guides/cli" },
+  kiro: { key: "kiro", displayName: "Kiro CLI", cmd: "kiro-cli", flags: "--trust-all-tools", readyPrompt: "^>", installHint: "brew install kiro  # or see docs for Linux/Windows", docsUrl: "https://kiro.dev/docs/cli/installation/" },
+  cursor: { key: "cursor", displayName: "Cursor CLI", cmd: "cursor-agent", readyPrompt: "^>", installHint: "curl https://cursor.com/install -fsSL | bash", docsUrl: "https://cursor.com/docs/cli/installation" },
+  plandex: { key: "plandex", displayName: "Plandex", cmd: "plandex", readyPrompt: "^>", installHint: "curl -fsSL https://plandex.ai/install.sh | bash", docsUrl: "https://docs.plandex.ai" },
+  // goose has no launch flag — auto-approve is controlled via GOOSE_MODE=auto.
+  goose: { key: "goose", displayName: "Goose", cmd: "goose", readyPrompt: "Goose\u276F", installHint: "curl -fsSL https://github.com/block/goose/releases/download/stable/download_cli.sh | bash", docsUrl: "https://block.github.io/goose", envDefaults: { GOOSE_MODE: "auto" } },
+  copilot: { key: "copilot", displayName: "GitHub Copilot CLI", cmd: "gh copilot", readyPrompt: "\u25CF", detectInstalled: copilotInstalled, installHint: 'gh copilot suggest "hi"  # gh prerequisite; first run downloads', docsUrl: "https://docs.github.com/en/copilot/how-tos/use-copilot-in-the-cli" }
+};
+function isAgentInstalled(agent) {
+  if (agent.detectInstalled) return agent.detectInstalled();
+  const head = agent.cmd.split(/\s+/)[0];
+  return which(head);
+}
+
+// src/daemon/state.ts
+import { existsSync as existsSync2, mkdirSync, readFileSync as readFileSync2, writeFileSync } from "fs";
+import { homedir as homedir2 } from "os";
+import { dirname, join as join2 } from "path";
+var EMPTY = { version: 1, sessions: {} };
+function stateDir() {
+  const xdg = process.env.XDG_STATE_HOME;
+  return xdg ? join2(xdg, "llmuxd") : join2(homedir2(), ".local", "state", "llmuxd");
+}
+function statePath() {
+  return join2(stateDir(), "sessions.json");
+}
+function load() {
+  const path = statePath();
+  if (!existsSync2(path)) return structuredClone(EMPTY);
+  try {
+    const parsed = JSON.parse(readFileSync2(path, "utf8"));
+    if (parsed.version !== 1 || typeof parsed.sessions !== "object" || parsed.sessions === null) {
+      return structuredClone(EMPTY);
+    }
+    return { version: 1, sessions: parsed.sessions };
+  } catch {
+    return structuredClone(EMPTY);
+  }
+}
+function save(state) {
+  const path = statePath();
+  mkdirSync(dirname(path), { recursive: true });
+  writeFileSync(path, JSON.stringify(state, null, 2) + "\n", { mode: 384 });
+}
+function record(session) {
+  const state = load();
+  state.sessions[session.name] = session;
+  save(state);
+}
+function forget(name) {
+  const state = load();
+  delete state.sessions[name];
+  save(state);
+}
+function get(name) {
+  return load().sessions[name];
+}
+function list() {
+  return Object.values(load().sessions);
+}
+function children(parent) {
+  return list().filter((s) => s.parent === parent);
+}
+
+// src/daemon/tmux.ts
+import { spawnSync } from "child_process";
+var TMUX_FORMAT = "#{session_name}	#{session_windows}	#{session_attached}	#{session_created}";
+function requireTmux() {
+  const r = spawnSync("tmux", ["-V"], { stdio: "pipe" });
+  if (r.status !== 0) {
+    throw new Error("tmux is required but was not found on PATH");
+  }
+}
+function listSessions() {
+  const r = spawnSync("tmux", ["list-sessions", "-F", TMUX_FORMAT], { stdio: "pipe" });
+  if (r.status !== 0) return [];
+  return r.stdout.toString().trim().split("\n").filter(Boolean).map((line) => {
+    const [name, windows, attached, created] = line.split("	");
+    return {
+      name: name ?? "",
+      windows: Number(windows ?? "0"),
+      attached: attached === "1",
+      created: new Date(Number(created ?? "0") * 1e3)
+    };
+  });
+}
+function hasSession(name) {
+  const r = spawnSync("tmux", ["has-session", "-t", `=${name}`], { stdio: "pipe" });
+  return r.status === 0;
+}
+function newSession(opts) {
+  if (hasSession(opts.name)) {
+    throw new Error(`tmux session "${opts.name}" already exists`);
+  }
+  const args = ["new-session", "-d", "-s", opts.name];
+  if (opts.cwd) args.push("-c", opts.cwd);
+  args.push(opts.command);
+  const env = opts.env ? { ...process.env, ...opts.env } : process.env;
+  const r = spawnSync("tmux", args, { stdio: "pipe", env });
+  if (r.status !== 0) {
+    throw new Error(`tmux new-session failed: ${r.stderr.toString().trim() || `exit ${r.status}`}`);
+  }
+}
+function sendKeys(name, text, opts = {}) {
+  if (!hasSession(name)) {
+    throw new Error(`tmux session "${name}" not found`);
+  }
+  const literal = spawnSync("tmux", ["send-keys", "-t", name, "-l", text], { stdio: "pipe" });
+  if (literal.status !== 0) {
+    throw new Error(`tmux send-keys failed: ${literal.stderr.toString().trim() || `exit ${literal.status}`}`);
+  }
+  if (opts.enter) {
+    const enter = spawnSync("tmux", ["send-keys", "-t", name, "Enter"], { stdio: "pipe" });
+    if (enter.status !== 0) {
+      throw new Error(`tmux send-keys Enter failed: ${enter.stderr.toString().trim() || `exit ${enter.status}`}`);
+    }
+  }
+}
+function killSession(name) {
+  if (!hasSession(name)) return;
+  const r = spawnSync("tmux", ["kill-session", "-t", name], { stdio: "pipe" });
+  if (r.status !== 0) {
+    throw new Error(`tmux kill-session failed: ${r.stderr.toString().trim() || `exit ${r.status}`}`);
+  }
+}
+function renameSession(oldName, newName) {
+  if (!hasSession(oldName)) return;
+  const r = spawnSync("tmux", ["rename-session", "-t", oldName, newName], { stdio: "pipe" });
+  if (r.status !== 0) {
+    throw new Error(`tmux rename-session failed: ${r.stderr.toString().trim() || `exit ${r.status}`}`);
+  }
+}
+function attachOrSwitch(name) {
+  if (!hasSession(name)) {
+    throw new Error(`tmux session "${name}" not found`);
+  }
+  const inTmux = Boolean(process.env.TMUX);
+  const verb = inTmux ? "switch-client" : "attach-session";
+  const r = spawnSync("tmux", [verb, "-t", name], { stdio: "inherit" });
+  if (r.status !== 0) {
+    throw new Error(`tmux ${verb} exited with status ${r.status}`);
+  }
+}
+
+// src/daemon/auth-store.ts
+import { existsSync as existsSync3, mkdirSync as mkdirSync2, readFileSync as readFileSync3, writeFileSync as writeFileSync2 } from "fs";
+import { dirname as dirname2, join as join3 } from "path";
+
+// src/daemon/token.ts
+import { randomBytes } from "crypto";
+var TOKEN_PREFIX = "sas_";
+function generateToken() {
+  return TOKEN_PREFIX + randomBytes(32).toString("base64url");
+}
+function tokenId(token) {
+  return token.startsWith(TOKEN_PREFIX) ? token.slice(TOKEN_PREFIX.length, TOKEN_PREFIX.length + 8) : token.slice(0, 8);
+}
+
+// src/daemon/auth-store.ts
+var EMPTY2 = { version: 1, tokens: [] };
+function authPath() {
+  return join3(stateDir(), "auth.json");
+}
+function load2() {
+  const p = authPath();
+  if (!existsSync3(p)) return structuredClone(EMPTY2);
+  try {
+    const parsed = JSON.parse(readFileSync3(p, "utf8"));
+    if (parsed.version === 1 && Array.isArray(parsed.tokens)) {
+      return { version: 1, tokens: parsed.tokens };
+    }
+  } catch {
+  }
+  return structuredClone(EMPTY2);
+}
+function save2(file) {
+  const p = authPath();
+  mkdirSync2(dirname2(p), { recursive: true });
+  writeFileSync2(p, JSON.stringify(file, null, 2) + "\n", { mode: 384 });
+}
+function listAuthTokens() {
+  return load2().tokens;
+}
+function createAuthToken(opts = {}) {
+  const token = generateToken();
+  const rec = {
+    id: tokenId(token),
+    token,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    ...opts.name !== void 0 ? { name: opts.name } : {},
+    ...opts.expiresAt !== void 0 ? { expiresAt: opts.expiresAt } : {}
+  };
+  const file = load2();
+  file.tokens.push(rec);
+  save2(file);
+  return rec;
+}
+function revokeAuthToken(idPrefix) {
+  const file = load2();
+  const before = file.tokens.length;
+  file.tokens = file.tokens.filter((t) => t.id !== idPrefix);
+  if (file.tokens.length === before) return false;
+  save2(file);
+  return true;
+}
+function validateAuthToken(candidate) {
+  if (!candidate) return false;
+  const now = Date.now();
+  return load2().tokens.some((t) => {
+    if (t.token !== candidate) return false;
+    if (t.expiresAt && new Date(t.expiresAt).getTime() < now) return false;
+    return true;
+  });
+}
+function authEnabled() {
+  return load2().tokens.length > 0;
+}
+
+// src/daemon/web/server.ts
+import { createServer } from "http";
+import { readFileSync as readFileSync4, existsSync as existsSync4 } from "fs";
 import { fileURLToPath } from "url";
-import { dirname, resolve } from "path";
+import { dirname as dirname3, resolve } from "path";
+import { WebSocketServer } from "ws";
+import * as pty from "node-pty";
+
+// src/daemon/net.ts
+import { networkInterfaces } from "os";
+import { execSync } from "child_process";
+var TAILSCALE_CGNAT = /^100\.(6[4-9]|[7-9]\d|1[01]\d|12[0-7])\./;
+function detectTailscaleServe(port) {
+  try {
+    const raw = execSync("tailscale serve status --json", {
+      stdio: ["ignore", "pipe", "ignore"],
+      timeout: 1500
+    }).toString().trim();
+    if (!raw) return void 0;
+    const config = JSON.parse(raw);
+    const targets = [`http://127.0.0.1:${port}`, `http://localhost:${port}`];
+    let hostname;
+    let hasHttp = false;
+    let hasHttps = false;
+    let httpPort;
+    let httpsPort;
+    for (const [hostPort, web] of Object.entries(config.Web ?? {})) {
+      for (const handler of Object.values(web.Handlers ?? {})) {
+        if (!handler.Proxy || !targets.includes(handler.Proxy)) continue;
+        const [host, p] = hostPort.split(":");
+        if (!host || !p) continue;
+        hostname = host;
+        const tcp = (config.TCP ?? {})[p];
+        if (tcp?.HTTPS) {
+          hasHttps = true;
+          httpsPort = p;
+        } else if (tcp?.HTTP) {
+          hasHttp = true;
+          httpPort = p;
+        }
+      }
+    }
+    if (!hostname) return void 0;
+    return { hostname, hasHttp, hasHttps, ...httpPort ? { httpPort } : {}, ...httpsPort ? { httpsPort } : {} };
+  } catch {
+    return void 0;
+  }
+}
+function findTailscaleIp() {
+  for (const ifaces of Object.values(networkInterfaces())) {
+    for (const iface of ifaces ?? []) {
+      if (iface.family !== "IPv4" || iface.internal) continue;
+      if (TAILSCALE_CGNAT.test(iface.address)) return iface.address;
+    }
+  }
+  return void 0;
+}
+function getAddresses(port) {
+  const out = [];
+  const serve = detectTailscaleServe(port);
+  const tailscaleIp = findTailscaleIp();
+  if (serve?.hasHttps) {
+    const portSuffix = serve.httpsPort && serve.httpsPort !== "443" ? `:${serve.httpsPort}` : "";
+    out.push({ label: "Tailscale HTTPS", url: `https://${serve.hostname}${portSuffix}` });
+  }
+  if (serve?.hasHttp) {
+    const portSuffix = serve.httpPort && serve.httpPort !== "80" ? `:${serve.httpPort}` : "";
+    out.push({ label: "Tailscale HTTP", url: `http://${serve.hostname}${portSuffix}` });
+  } else if (tailscaleIp) {
+    out.push({ label: "Tailscale HTTP", url: `http://${tailscaleIp}:${port}` });
+  }
+  out.push({ label: "Local", url: `http://localhost:${port}` });
+  for (const ifaces of Object.values(networkInterfaces())) {
+    for (const iface of ifaces ?? []) {
+      if (iface.family !== "IPv4" || iface.internal) continue;
+      if (TAILSCALE_CGNAT.test(iface.address)) continue;
+      out.push({ label: "LAN", url: `http://${iface.address}:${port}` });
+    }
+  }
+  return out;
+}
+
+// src/daemon/web/server.ts
+function readDaemonVersion() {
+  try {
+    const here = dirname3(fileURLToPath(import.meta.url));
+    for (const candidate of [
+      resolve(here, "../../package.json"),
+      resolve(here, "../package.json"),
+      resolve(here, "./package.json")
+    ]) {
+      try {
+        const pkg = JSON.parse(readFileSync4(candidate, "utf8"));
+        if (pkg.name === "@cordfuse/llmux" && typeof pkg.version === "string") return pkg.version;
+      } catch {
+      }
+    }
+  } catch {
+  }
+  return "unknown";
+}
+var DAEMON_VERSION = readDaemonVersion();
+var XTERM_CSS = "https://cdn.jsdelivr.net/npm/@xterm/xterm@5.5.0/css/xterm.min.css";
+var XTERM_JS = "https://cdn.jsdelivr.net/npm/@xterm/xterm@5.5.0/lib/xterm.min.js";
+var XTERM_FIT_JS = "https://cdn.jsdelivr.net/npm/@xterm/addon-fit@0.10.0/lib/addon-fit.min.js";
+function escapeHtml(s) {
+  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+function shortenCwd(cwd) {
+  const home = process.env.HOME;
+  if (!home) return cwd;
+  if (cwd === home) return "~";
+  if (cwd.startsWith(home + "/")) return "~" + cwd.slice(home.length);
+  return cwd;
+}
+function expandTilde(p) {
+  const home = process.env.HOME;
+  if (!home) return p;
+  if (p === "~") return home;
+  if (p.startsWith("~/")) return home + p.slice(1);
+  return p;
+}
+function listSessionViews() {
+  const tracked = list();
+  const live = new Set(listSessions().map((s) => s.name));
+  return tracked.map((s) => viewOf(s, live.has(s.name))).sort((a, b) => b.createdAt.localeCompare(a.createdAt));
+}
+var FAVICON_SVG = `<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><rect width="32" height="32" rx="6" fill="#0b0c10"/><rect x="5" y="5" width="9" height="9" fill="#7cc4ff"/><rect x="18" y="5" width="9" height="9" fill="#7cc4ff"/><rect x="5" y="18" width="9" height="9" fill="#7cc4ff"/><rect x="18" y="18" width="9" height="9" fill="#7cc4ff"/></svg>`;
+var FAVICON_DATA_URL = `data:image/svg+xml,${encodeURIComponent(FAVICON_SVG)}`;
+function pickerPage() {
+  const sessions = listSessionViews();
+  return `<!doctype html><html lang="en"><head>
+<meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">
+<title>LLMUX: Sessions</title>
+<link rel="icon" href="${FAVICON_DATA_URL}">
+<link rel="apple-touch-icon" href="${FAVICON_DATA_URL}">
+<style>
+  :root{color-scheme:dark}
+  html,body{margin:0;background:#0b0c10;color:#e6e8eb;font-family:ui-monospace,monospace;font-size:14px;overflow-x:hidden}
+  body{padding:18px 16px 80px;max-width:980px;margin:0 auto;box-sizing:border-box}
+  header{display:flex;align-items:baseline;justify-content:space-between;gap:12px;margin-bottom:14px;flex-wrap:wrap}
+  h1{font-size:18px;margin:0}
+  h1 .brand{color:#7cc4ff;letter-spacing:.08em;font-weight:600}
+  #meta{color:#7a7f87;font-size:11px;display:flex;gap:10px;align-items:center}
+  #refresh-dot{display:inline-block;width:8px;height:8px;border-radius:50%;background:#7ee787;transition:background .25s;box-shadow:0 0 6px #7ee78766}
+  #refresh-dot.stale{background:#9aa0a6;box-shadow:none}
+  #refresh-dot.error{background:#f85149;box-shadow:0 0 6px #f8514966}
+  table{border-collapse:collapse;width:100%}
+  thead{display:table-header-group}
+  th,td{text-align:left;padding:9px 10px;border-bottom:1px solid #1f2329;vertical-align:middle}
+  th{font-weight:500;color:#9aa0a6;font-size:11px;text-transform:uppercase;letter-spacing:.05em}
+  a.session-link{color:#7cc4ff;text-decoration:none}
+  a.session-link:hover{text-decoration:underline}
+  .name{font-weight:600}
+  .started{color:#7a7f87;font-size:11px;margin-top:2px;display:block}
+  .state-running{color:#7ee787}
+  .state-exited{color:#7a7f87}
+  .cwd{color:#c9d1d9;font-size:12px;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;direction:rtl;text-align:left}
+  .cwd code{unicode-bidi:embed;direction:ltr}
+  .cwd-col{max-width:0}
+  .actions{text-align:right;white-space:nowrap}
+  .actions button{background:#1c2128;color:#e6e8eb;border:1px solid #262c34;border-radius:6px;padding:5px 9px;font:12px ui-monospace,monospace;cursor:pointer;margin-left:4px;display:inline-flex;align-items:center;gap:4px;transition:background 150ms ease,border-color 150ms ease,transform 100ms ease}
+  .actions button:hover{background:#252b34;border-color:#3a414b}
+  .actions button:active{transform:scale(.94)}
+  .actions button.respawn{color:#7cc4ff;border-color:#2d4a66}
+  .actions button.edit{color:#d29922;border-color:#574122}
+  .actions button.kill{color:#f85149;border-color:#4a2329}
+  .actions button.resume-btn{color:#a371f7;border-color:#3c2a59}
+  .actions button .icon{font-size:13px;line-height:1;display:inline-block;vertical-align:middle}
+  .actions button:disabled{opacity:.5;cursor:wait}
+  .empty{color:#7a7f87;padding:18px;text-align:center;border:1px dashed #1f2329;border-radius:8px}
+  .empty code{color:#c9d1d9;background:#11141a;padding:2px 6px;border-radius:4px}
+  tbody tr{transition:background 150ms ease}
+  tbody tr:hover{background:#0e1116}
+  #new-btn{background:#1c2128;color:#7cc4ff;border:1px solid #2d4a66;border-radius:6px;padding:6px 10px;font:12px ui-monospace,monospace;cursor:pointer}
+  #new-btn:hover{background:#252b34}
+  #new-form{background:#11141a;border:1px solid #1f2329;border-radius:8px;padding:14px;margin-bottom:14px;max-height:0;opacity:0;overflow:hidden;padding-top:0;padding-bottom:0;border-width:0;margin-bottom:0;transition:max-height 220ms ease,opacity 180ms ease,padding-top 220ms ease,padding-bottom 220ms ease,border-width 220ms ease,margin-bottom 220ms ease}
+  #new-form.open{max-height:900px;opacity:1;padding:14px;border-width:1px;margin-bottom:14px}
+  #new-form .form-title{margin:0 0 12px;font-size:13px;color:#c9d1d9;font-weight:600}
+  #new-form select:disabled{opacity:.6;cursor:not-allowed}
+  #new-form .field{display:flex;flex-direction:column;gap:4px;margin-bottom:10px}
+  #new-form label{font-size:11px;color:#9aa0a6;text-transform:uppercase;letter-spacing:.05em}
+  #new-form select,#new-form input,#new-form textarea{background:#0b0c10;color:#e6e8eb;border:1px solid #262c34;border-radius:6px;padding:8px 10px;font:13px ui-monospace,monospace;outline:none;width:100%;box-sizing:border-box;resize:vertical}
+  #new-form select:focus,#new-form input:focus,#new-form textarea:focus{border-color:#2d4a66}
+  #new-form .actions{display:flex;gap:8px;justify-content:flex-end}
+  #new-form button{background:#1c2128;color:#e6e8eb;border:1px solid #262c34;border-radius:6px;padding:8px 14px;font:12px ui-monospace,monospace;cursor:pointer}
+  #new-form button.primary{color:#7cc4ff;border-color:#2d4a66}
+  #new-form button:hover{background:#252b34}
+  #new-form button:disabled{opacity:.5;cursor:wait}
+  #new-form .hint{font-size:11px;color:#7a7f87;margin-top:-4px;margin-bottom:10px}
+  footer{position:fixed;bottom:0;left:0;right:0;background:#0b0c10;border-top:1px solid #1f2329;padding:10px 16px;font-size:11px;color:#7a7f87;display:flex;justify-content:space-between;gap:10px}
+  footer .warn{color:#d29922}
+  footer .ok{color:#7ee787}
+  #toast{position:fixed;bottom:50px;left:50%;transform:translateX(-50%);background:#11141a;border:1px solid #1f2329;color:#e6e8eb;padding:8px 14px;border-radius:6px;font-size:12px;opacity:0;transition:opacity .2s;pointer-events:none;z-index:30}
+  #toast.show{opacity:1}
+  #toast.error{border-color:#4a2329;color:#f85149}
+  #confirm-modal{position:fixed;inset:0;background:rgba(11,12,16,.85);display:flex;align-items:center;justify-content:center;z-index:60;padding:20px;opacity:0;visibility:hidden;transition:opacity 160ms ease,visibility 0s 160ms}
+  #confirm-modal.open{opacity:1;visibility:visible;transition:opacity 160ms ease}
+  #confirm-modal .panel{transform:translateY(8px) scale(.97);transition:transform 200ms ease}
+  #confirm-modal.open .panel{transform:translateY(0) scale(1)}
+  #confirm-modal .panel{background:#11141a;border:1px solid #1f2329;border-radius:10px;padding:20px;max-width:360px;width:100%}
+  #confirm-modal h3{margin:0 0 8px;font-size:15px;color:#e6e8eb}
+  #confirm-modal p{margin:0 0 16px;font-size:13px;color:#c9d1d9;line-height:1.5}
+  #confirm-modal p code{color:#7cc4ff;background:#0b0c10;padding:2px 5px;border-radius:3px}
+  #confirm-modal .actions{display:flex;gap:8px;justify-content:flex-end}
+  #confirm-modal button{background:#1c2128;color:#e6e8eb;border:1px solid #262c34;border-radius:6px;padding:8px 14px;font:13px ui-monospace,monospace;cursor:pointer}
+  #confirm-modal button.danger{color:#f85149;border-color:#4a2329}
+  #confirm-modal button.danger:hover{background:#2a1c1f}
+  #confirm-modal button:disabled{opacity:.5;cursor:wait}
+  .help-btn{background:#1c2128;color:#7cc4ff;border:1px solid #2d4a66;border-radius:50%;width:18px;height:18px;font:11px ui-monospace,monospace;cursor:pointer;padding:0;margin-left:4px;display:inline-flex;align-items:center;justify-content:center;vertical-align:middle}
+  .help-btn:hover{background:#252b34}
+  #agents-modal{position:fixed;inset:0;background:rgba(11,12,16,.85);display:flex;align-items:center;justify-content:center;z-index:40;padding:20px;opacity:0;visibility:hidden;transition:opacity 160ms ease,visibility 0s 160ms}
+  #agents-modal.open{opacity:1;visibility:visible;transition:opacity 160ms ease}
+  #agents-modal .panel{transform:translateY(8px) scale(.97);transition:transform 200ms ease}
+  #agents-modal.open .panel{transform:translateY(0) scale(1)}
+  #agents-modal .panel{background:#11141a;border:1px solid #1f2329;border-radius:10px;padding:18px;max-width:520px;width:100%;max-height:80vh;display:flex;flex-direction:column}
+  #agents-modal h3{margin:0 0 4px;font-size:15px;color:#e6e8eb}
+  #agents-modal .sub{margin:0 0 14px;font-size:11px;color:#7a7f87}
+  #agents-list{flex:1 1 auto;overflow-y:auto;margin-bottom:12px;min-height:0}
+  #agents-list .agent{padding:10px 0;border-bottom:1px solid #1f2329}
+  #agents-list .agent:last-child{border-bottom:none}
+  #agents-list .agent-head{display:flex;align-items:center;gap:8px;margin-bottom:4px}
+  #agents-list .agent-name{font-weight:600;color:#e6e8eb;font-size:13px}
+  #agents-list .agent-status{font-size:10px;padding:2px 6px;border-radius:3px;border:1px solid}
+  #agents-list .agent-status.ok{color:#7ee787;border-color:#235828;background:#0d1f10}
+  #agents-list .agent-status.miss{color:#7a7f87;border-color:#262c34;background:#0e1116}
+  #agents-list .agent-install{font:11px ui-monospace,monospace;color:#c9d1d9;background:#0b0c10;border:1px solid #1f2329;border-radius:4px;padding:6px 8px;margin-top:4px;word-break:break-all}
+  #agents-list .agent-docs{font-size:11px;color:#7cc4ff;text-decoration:none;margin-top:4px;display:inline-block}
+  #agents-list .agent-docs:hover{text-decoration:underline}
+  #agents-modal .actions{display:flex;justify-content:flex-end}
+  #agents-modal button{background:#1c2128;color:#e6e8eb;border:1px solid #262c34;border-radius:6px;padding:8px 14px;font:13px ui-monospace,monospace;cursor:pointer}
+  #agents-modal button:hover{background:#252b34}
+  #convs-modal{position:fixed;inset:0;background:rgba(11,12,16,.85);display:flex;align-items:center;justify-content:center;z-index:40;padding:20px;opacity:0;visibility:hidden;transition:opacity 160ms ease,visibility 0s 160ms}
+  #convs-modal.open{opacity:1;visibility:visible;transition:opacity 160ms ease}
+  #convs-modal .panel{transform:translateY(8px) scale(.97);transition:transform 200ms ease}
+  #convs-modal.open .panel{transform:translateY(0) scale(1)}
+  #convs-list .conv{transition:background 120ms ease}
+  #convs-modal .panel{background:#11141a;border:1px solid #1f2329;border-radius:10px;padding:18px;max-width:560px;width:100%;max-height:80vh;display:flex;flex-direction:column}
+  #convs-modal h3{margin:0 0 4px;font-size:15px;color:#e6e8eb}
+  #convs-modal .sub{margin:0 0 14px;font-size:11px;color:#7a7f87}
+  #convs-list{flex:1 1 auto;overflow-y:auto;margin-bottom:12px;min-height:0}
+  #convs-list .conv{padding:10px 0;border-bottom:1px solid #1f2329;cursor:pointer;display:block;width:100%;text-align:left;background:transparent;border-left:none;border-right:none;border-top:none;color:inherit;font-family:inherit;font-size:inherit}
+  #convs-list .conv:last-child{border-bottom:none}
+  #convs-list .conv:hover{background:#1a1d23}
+  #convs-list .conv-title{font-size:13px;color:#e6e8eb;font-weight:500;line-height:1.4;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block}
+  #convs-list .conv-meta{font-size:11px;color:#7a7f87;margin-top:2px;display:flex;gap:8px}
+  #convs-list .conv-meta .when{color:#9aa0a6}
+  #convs-list .conv-meta .count{color:#7a7f87}
+  #convs-list .conv-current{color:#a371f7;font-weight:600}
+  #convs-modal .actions{display:flex;justify-content:flex-end}
+  #convs-modal button.close-btn{background:#1c2128;color:#e6e8eb;border:1px solid #262c34;border-radius:6px;padding:8px 14px;font:13px ui-monospace,monospace;cursor:pointer}
+  #convs-modal button.close-btn:hover{background:#252b34}
+  /* Mobile: hide cwd column, show under name */
+  @media (max-width: 600px){
+    body{padding:14px 8px 72px}
+    th.cwd-col,td.cwd-col{display:none}
+    .name-block .cwd{display:block;margin-top:3px;max-width:100%}
+    th,td{padding:8px 4px;font-size:13px}
+    .name-block{max-width:42vw}
+    td.actions{white-space:nowrap;text-align:right;padding-right:0}
+    /* Buttons collapse to icon-only \u2014 long-press surfaces title= for label. */
+    .actions button .label{display:none}
+    .actions button{padding:5px 6px;min-width:28px;justify-content:center;margin-left:2px}
+  }
+  @media (min-width: 601px){
+    .name-block .cwd{display:none}
+  }
+</style></head>
+<body>
+<header>
+  <h1><span class="brand">LLMUX</span>: Sessions</h1>
+  <div id="meta">
+    <button id="new-btn" type="button">+ new session</button>
+    <span id="refresh-dot" title="updates every 3s"></span>
+    <span id="refresh-label">live</span>
+    <span>\xB7</span>
+    <span>v${escapeHtml(DAEMON_VERSION)}</span>
+  </div>
+</header>
+<div id="new-form" aria-hidden="true">
+  <h3 id="new-title" class="form-title">new session</h3>
+  <form id="new-session-form">
+    <div class="field">
+      <label for="new-agent">agent <button type="button" id="agent-help-btn" class="help-btn" title="Show all supported agents">?</button></label>
+      <select id="new-agent" required></select>
+    </div>
+    <div class="field">
+      <label for="new-name">name</label>
+      <input id="new-name" type="text" autocomplete="off" autocapitalize="off" autocorrect="off" spellcheck="false" placeholder="(defaults to agent key)" pattern="[a-zA-Z0-9][a-zA-Z0-9_-]*">
+    </div>
+    <div class="field">
+      <label for="new-cwd">cwd</label>
+      <input id="new-cwd" type="text" autocomplete="off" autocapitalize="off" autocorrect="off" spellcheck="false" placeholder="(defaults to $HOME on the daemon host)">
+    </div>
+    <div id="new-cwd-hint" class="hint" hidden>cwd changes apply immediately \u2014 if the session is running, it'll be killed and respawned in the new directory</div>
+    <div class="field">
+      <label for="new-flags">flags</label>
+      <input id="new-flags" type="text" autocomplete="off" autocapitalize="off" autocorrect="off" spellcheck="false">
+    </div>
+    <div id="new-flags-hint" class="hint" hidden></div>
+    <div class="field">
+      <label for="new-env">env vars</label>
+      <textarea id="new-env" rows="3" autocomplete="off" autocapitalize="off" autocorrect="off" spellcheck="false" placeholder="KEY=VALUE one per line"></textarea>
+    </div>
+    <div id="new-env-hint" class="hint" hidden></div>
+    <div class="actions">
+      <button type="button" id="new-cancel">cancel</button>
+      <button type="submit" class="primary" id="new-submit">spawn</button>
+    </div>
+  </form>
+</div>
+<div id="list-container">${renderSessionTable(sessions)}</div>
+<div id="toast"></div>
+<div id="confirm-modal" aria-hidden="true">
+  <div class="panel">
+    <h3 id="confirm-title">Kill session?</h3>
+    <p id="confirm-body"></p>
+    <div class="actions">
+      <button type="button" id="confirm-cancel">cancel</button>
+      <button type="button" class="danger" id="confirm-ok">kill</button>
+    </div>
+  </div>
+</div>
+<div id="agents-modal" aria-hidden="true">
+  <div class="panel">
+    <h3>Supported agents</h3>
+    <p class="sub">Only installed agents appear in the spawn dropdown. Install the others on the daemon host to enable them.</p>
+    <div id="agents-list">loading\u2026</div>
+    <div class="actions">
+      <button type="button" id="agents-close">close</button>
+    </div>
+  </div>
+</div>
+<div id="convs-modal" aria-hidden="true">
+  <div class="panel">
+    <h3 id="convs-title">Past conversations</h3>
+    <p class="sub" id="convs-sub">Pick one to resume. The current session will be killed and respawned with the agent's resume flag.</p>
+    <div id="convs-list">loading\u2026</div>
+    <div class="actions">
+      <button type="button" id="convs-close">cancel</button>
+    </div>
+  </div>
+</div>
+<footer>
+  <span>llmuxd v${escapeHtml(DAEMON_VERSION)}</span>
+  ${authEnabled() ? `<span class="ok">\u2713 auth required \u2014 ${listAuthTokens().length} active token${listAuthTokens().length === 1 ? "" : "s"}</span>` : `<span class="warn">\u26A0 no auth \u2014 anyone on the network can attach</span>`}
+</footer>
+<script>
+(function(){
+  const container = document.getElementById('list-container');
+  const dot = document.getElementById('refresh-dot');
+  const label = document.getElementById('refresh-label');
+  const toast = document.getElementById('toast');
+  let pollTimer = null;
+  let lastFetch = 0;
+
+  function showToast(msg, isError){
+    toast.textContent = msg;
+    toast.classList.toggle('error', !!isError);
+    toast.classList.add('show');
+    setTimeout(function(){ toast.classList.remove('show'); }, 2200);
+  }
+
+  function escapeHtml(s){
+    return String(s).replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/"/g,'&quot;');
+  }
+
+  function relativeTime(iso){
+    const ms = Date.now() - new Date(iso).getTime();
+    if (isNaN(ms) || ms < 0) return '';
+    if (ms < 60000) return 'just now';
+    const m = Math.floor(ms/60000);
+    if (m < 60) return m + 'm ago';
+    const h = Math.floor(m/60);
+    if (h < 24) return h + 'h ago';
+    const d = Math.floor(h/24);
+    return d + 'd ago';
+  }
+  function rowHtml(s){
+    const cls = 'state-' + s.status;
+    const linkOpen  = s.status === 'running' ? '<a class="session-link" href="/session/' + encodeURIComponent(s.name) + '">' : '<a class="session-link" href="/session/' + encodeURIComponent(s.name) + '" title="session is not running \u2014 click to respawn">';
+    const respawnText = s.status === 'running' ? 'restart' : 'respawn';
+    const respawnTitle = s.status === 'running' ? 'kill + relaunch with the persisted config (use after edit)' : 'launch the agent again with the persisted config';
+    const respawnBtn = '<button class="respawn" data-action="respawn" data-name="' + escapeHtml(s.name) + '" title="' + respawnTitle + '" aria-label="' + respawnText + '"><span class="icon">\u21BB</span><span class="label">' + respawnText + '</span></button>';
+    const editBtn = '<button class="edit" data-action="edit" data-name="' + escapeHtml(s.name) + '" data-cwd="' + escapeHtml(s.cwd) + '" data-agent="' + escapeHtml(s.agent) + '" data-flags="' + escapeHtml(s.flags || '') + '" data-env="' + escapeHtml(JSON.stringify(s.env || {})) + '" title="edit name, cwd, flags, or env" aria-label="edit"><span class="icon">\u270E</span><span class="label">edit</span></button>';
+    const resumeBtn = (s.hasHistory && s.conversationCount > 0)
+      ? '<button class="resume-btn" data-action="resume" data-name="' + escapeHtml(s.name) + '" title="resume a past conversation for this agent + cwd" aria-label="resume"><span class="icon">\u2630</span><span class="label">' + s.conversationCount + '</span></button>'
+      : '';
+    const when = relativeTime(s.createdAt);
+    const cwdShort = s.cwdDisplay || s.cwd;
+    return '<tr data-name="' + escapeHtml(s.name) + '">' +
+      '<td class="name-block"><span class="name">' + linkOpen + escapeHtml(s.name) + '</a></span>' + (when ? '<span class="started">started ' + when + '</span>' : '') + '<span class="cwd" title="' + escapeHtml(s.cwd) + '"><code>' + escapeHtml(cwdShort) + '</code></span></td>' +
+      '<td>' + escapeHtml(s.agent) + '</td>' +
+      '<td class="' + cls + '">' + s.status + '</td>' +
+      '<td class="cwd cwd-col" title="' + escapeHtml(s.cwd) + '"><code>' + escapeHtml(cwdShort) + '</code></td>' +
+      '<td class="actions">' + resumeBtn + respawnBtn + editBtn + '<button class="kill" data-action="kill" data-name="' + escapeHtml(s.name) + '" data-status="' + s.status + '" title="' + (s.status === 'running' ? 'kill the tmux session + remove the record' : 'remove the record') + '" aria-label="' + (s.status === 'running' ? 'kill' : 'remove') + '"><span class="icon">\u2715</span><span class="label">' + (s.status === 'running' ? 'kill' : 'remove') + '</span></button></td>' +
+      '</tr>';
+  }
+
+  function render(sessions){
+    if (!sessions || sessions.length === 0){
+      container.innerHTML = '<div class="empty">no sessions yet \u2014 spawn one from the CLI:<br><br><code>llmuxd spawn claude --name <em>name</em></code></div>';
+      return;
+    }
+    const rows = sessions.map(rowHtml).join('');
+    container.innerHTML = '<table><thead><tr><th>name</th><th>agent</th><th>state</th><th class="cwd-col">cwd</th><th></th></tr></thead><tbody>' + rows + '</tbody></table>';
+  }
+
+  async function poll(){
+    if (document.hidden) return;
+    try {
+      const r = await fetch('/api/sessions', { cache: 'no-store' });
+      if (!r.ok) throw new Error('http ' + r.status);
+      const data = await r.json();
+      render(data);
+      dot.classList.remove('stale','error');
+      label.textContent = 'live';
+      lastFetch = Date.now();
+    } catch(e){
+      dot.classList.add('error');
+      dot.classList.remove('stale');
+      label.textContent = 'offline';
+    }
+  }
+
+  function staleCheck(){
+    if (lastFetch && Date.now() - lastFetch > 8000 && !dot.classList.contains('error')){
+      dot.classList.add('stale');
+      label.textContent = 'stale';
+    }
+  }
+
+  async function action(name, kind, btn){
+    btn.disabled = true;
+    const original = btn.textContent;
+    btn.textContent = kind === 'respawn' ? '\u2026' : '\u2026';
+    try {
+      const r = await fetch('/api/sessions/' + encodeURIComponent(name) + '/' + kind, { method: 'POST' });
+      const body = await r.json().catch(function(){ return {}; });
+      if (!r.ok || body.ok === false) throw new Error(body.error || 'request failed');
+      showToast(kind === 'respawn' ? 'respawned ' + name : (body.status === 'running' ? 'killed ' + name : 'removed ' + name));
+      poll();
+    } catch(e){
+      showToast(kind + ' failed: ' + (e.message || e), true);
+      btn.disabled = false;
+      btn.textContent = original;
+    }
+  }
+
+  // ---- Agents help modal ----
+  const agentsModal = document.getElementById('agents-modal');
+  const agentsList = document.getElementById('agents-list');
+  const agentsClose = document.getElementById('agents-close');
+  const agentHelpBtn = document.getElementById('agent-help-btn');
+  let agentsAllLoaded = false;
+
+  async function loadAgentsAll(){
+    if (agentsAllLoaded) return;
+    try {
+      const r = await fetch('/api/agents/all', { cache: 'no-store' });
+      if (!r.ok) throw new Error('http ' + r.status);
+      const list = await r.json();
+      agentsList.innerHTML = list.map(function(a){
+        const status = a.installed
+          ? '<span class="agent-status ok">installed</span>'
+          : '<span class="agent-status miss">not installed</span>';
+        const install = a.installHint
+          ? '<div class="agent-install">' + escapeHtml(a.installHint) + '</div>'
+          : '';
+        const docs = a.docsUrl
+          ? '<a class="agent-docs" href="' + escapeHtml(a.docsUrl) + '" target="_blank" rel="noopener">docs \u2197</a>'
+          : '';
+        return '<div class="agent">' +
+          '<div class="agent-head"><span class="agent-name">' + escapeHtml(a.displayName) + '</span>' + status + '</div>' +
+          install + docs +
+          '</div>';
+      }).join('');
+      agentsAllLoaded = true;
+    } catch(e){
+      agentsList.innerHTML = '<div class="agent">failed to load agents: ' + escapeHtml(e.message || String(e)) + '</div>';
+    }
+  }
+
+  agentHelpBtn.addEventListener('click', async function(e){
+    e.preventDefault();
+    e.stopPropagation();
+    agentsModal.classList.add('open');
+    agentsModal.setAttribute('aria-hidden', 'false');
+    await loadAgentsAll();
+  });
+  agentsClose.addEventListener('click', function(){
+    agentsModal.classList.remove('open');
+    agentsModal.setAttribute('aria-hidden', 'true');
+  });
+  agentsModal.addEventListener('click', function(e){
+    if (e.target === agentsModal){
+      agentsModal.classList.remove('open');
+      agentsModal.setAttribute('aria-hidden', 'true');
+    }
+  });
+
+  // ---- Conversations modal ----
+  const convsModal = document.getElementById('convs-modal');
+  const convsTitle = document.getElementById('convs-title');
+  const convsList = document.getElementById('convs-list');
+  const convsClose = document.getElementById('convs-close');
+  let convsForSession = null;
+  let convsCurrentResumeFrom = null;
+
+  function relTime(iso){
+    const ms = Date.now() - new Date(iso).getTime();
+    if (isNaN(ms) || ms < 0) return iso;
+    if (ms < 60000) return 'just now';
+    const m = Math.floor(ms/60000);
+    if (m < 60) return m + 'm ago';
+    const h = Math.floor(m/60);
+    if (h < 24) return h + 'h ago';
+    const d = Math.floor(h/24);
+    return d + 'd ago';
+  }
+
+  async function openConvsModal(sessionName){
+    convsForSession = sessionName;
+    convsTitle.textContent = 'Past conversations \xB7 ' + sessionName;
+    convsList.innerHTML = 'loading\u2026';
+    convsModal.classList.add('open');
+    convsModal.setAttribute('aria-hidden', 'false');
+    // Track this row's current resumeFrom so we can flag the active conversation
+    convsCurrentResumeFrom = null;
+    try {
+      const sres = await fetch('/api/sessions', { cache: 'no-store' });
+      if (sres.ok){
+        const list = await sres.json();
+        const row = list.find(function(s){ return s.name === sessionName; });
+        if (row) convsCurrentResumeFrom = row.resumeFrom || null;
+      }
+    } catch(_){}
+    try {
+      const r = await fetch('/api/sessions/' + encodeURIComponent(sessionName) + '/conversations', { cache: 'no-store' });
+      if (!r.ok) throw new Error('http ' + r.status);
+      const list = await r.json();
+      if (!Array.isArray(list) || list.length === 0){
+        convsList.innerHTML = '<div class="conv">no past conversations for this agent + cwd</div>';
+        return;
+      }
+      convsList.innerHTML = list.map(function(c){
+        const isCurrent = c.id === convsCurrentResumeFrom;
+        const titleCls = isCurrent ? 'conv-title conv-current' : 'conv-title';
+        return '<button class="conv" data-conv-id="' + escapeHtml(c.id) + '" data-conv-title="' + escapeHtml(c.title) + '">' +
+          '<span class="' + titleCls + '">' + (isCurrent ? '\u21BB ' : '') + escapeHtml(c.title) + '</span>' +
+          '<span class="conv-meta"><span class="when">' + escapeHtml(relTime(c.lastMessageAt)) + '</span><span class="count">' + c.messageCount + ' msgs</span></span>' +
+          '</button>';
+      }).join('');
+    } catch(e){
+      convsList.innerHTML = '<div class="conv">failed to load conversations: ' + escapeHtml(e.message || String(e)) + '</div>';
+    }
+  }
+
+  function closeConvsModal(){
+    convsModal.classList.remove('open');
+    convsModal.setAttribute('aria-hidden', 'true');
+    convsForSession = null;
+  }
+  convsClose.addEventListener('click', closeConvsModal);
+  convsModal.addEventListener('click', function(e){
+    if (e.target === convsModal) closeConvsModal();
+  });
+
+  convsList.addEventListener('click', async function(e){
+    const btn = e.target.closest('button[data-conv-id]');
+    if (!btn || !convsForSession) return;
+    const convId = btn.dataset.convId;
+    const convTitle = btn.dataset.convTitle || '(conversation)';
+    const sessionName = convsForSession;
+    // Dismiss the conversations modal immediately so the confirm dialog
+    // doesn't stack underneath it (was a real bug \u2014 same z-index meant the
+    // confirm rendered behind the picker and tapping looked like nothing
+    // happened).
+    closeConvsModal();
+    const ok = await askConfirm({
+      title: 'Resume conversation?',
+      body: 'Kill <code>' + escapeHtmlSafe(sessionName) + '</code> and relaunch the agent with <code>--resume ' + escapeHtmlSafe(convId.slice(0, 8)) + '\u2026</code>. The current in-process state is lost; conversation history (on the agent\\'s side) is intact.<br><br><em>' + escapeHtmlSafe(convTitle) + '</em>',
+      okLabel: 'resume',
+      destructive: true,
+    });
+    if (!ok) return;
+    try {
+      const r = await fetch('/api/sessions/' + encodeURIComponent(sessionName) + '/resume', {
+        method: 'POST',
+        headers: { 'content-type': 'application/json' },
+        body: JSON.stringify({ conversationId: convId }),
+      });
+      const data = await r.json().catch(function(){ return {}; });
+      if (!r.ok || data.ok === false) throw new Error(data.error || 'resume failed');
+      showToast('resumed ' + sessionName);
+      poll();
+    } catch(err){
+      showToast('resume failed: ' + (err.message || err), true);
+    }
+  });
+
+  // ---- Confirm modal ----
+  const confirmModal = document.getElementById('confirm-modal');
+  const confirmTitle = document.getElementById('confirm-title');
+  const confirmBody = document.getElementById('confirm-body');
+  const confirmCancel = document.getElementById('confirm-cancel');
+  const confirmOk = document.getElementById('confirm-ok');
+  let confirmResolve = null;
+
+  function askConfirm(opts){
+    confirmTitle.textContent = opts.title;
+    confirmBody.innerHTML = opts.body;
+    confirmOk.textContent = opts.okLabel || 'confirm';
+    confirmOk.className = opts.destructive ? 'danger' : '';
+    confirmModal.classList.add('open');
+    confirmModal.setAttribute('aria-hidden', 'false');
+    return new Promise(function(resolve){ confirmResolve = resolve; });
+  }
+  function closeConfirm(answer){
+    confirmModal.classList.remove('open');
+    confirmModal.setAttribute('aria-hidden', 'true');
+    const r = confirmResolve;
+    confirmResolve = null;
+    if (r) r(answer);
+  }
+  confirmCancel.addEventListener('click', function(){ closeConfirm(false); });
+  confirmOk.addEventListener('click', function(){ closeConfirm(true); });
+  // Tapping the dim background = cancel
+  confirmModal.addEventListener('click', function(e){
+    if (e.target === confirmModal) closeConfirm(false);
+  });
+
+  function escapeHtmlSafe(s){
+    return String(s).replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/"/g,'&quot;');
+  }
+
+  container.addEventListener('click', async function(e){
+    const btn = e.target.closest('button[data-action]');
+    if (!btn) return;
+    e.preventDefault();
+    const name = btn.dataset.name;
+    const kind = btn.dataset.action;
+    if (kind === 'edit'){
+      let env = {};
+      try { env = JSON.parse(btn.dataset.env || '{}'); } catch(_){}
+      openEditForm({ name: name, agent: btn.dataset.agent, cwd: btn.dataset.cwd, flags: btn.dataset.flags, env: env });
+      return;
+    }
+    if (kind === 'resume'){
+      openConvsModal(name);
+      return;
+    }
+    if (kind === 'kill'){
+      const running = btn.dataset.status === 'running';
+      const ok = await askConfirm({
+        title: running ? 'Kill session?' : 'Remove session record?',
+        body: running
+          ? 'Terminate the tmux session <code>' + escapeHtmlSafe(name) + '</code> and remove its state record. The agent process inside will be killed. This cannot be undone.'
+          : 'Remove the state record for <code>' + escapeHtmlSafe(name) + '</code>. The tmux session is already exited; this just cleans up the row.',
+        okLabel: running ? 'kill' : 'remove',
+        destructive: true,
+      });
+      if (!ok) return;
+    }
+    action(name, kind, btn);
+  });
+
+  // ---- New / Edit session form ----
+  const newBtn = document.getElementById('new-btn');
+  const newForm = document.getElementById('new-form');
+  const newTitle = document.getElementById('new-title');
+  const newSessionForm = document.getElementById('new-session-form');
+  const newAgent = document.getElementById('new-agent');
+  const newName = document.getElementById('new-name');
+  const newCwd = document.getElementById('new-cwd');
+  const newFlags = document.getElementById('new-flags');
+  const newEnv = document.getElementById('new-env');
+  const newCwdHint = document.getElementById('new-cwd-hint');
+  const newFlagsHint = document.getElementById('new-flags-hint');
+  const newEnvHint = document.getElementById('new-env-hint');
+  const newCancel = document.getElementById('new-cancel');
+  const newSubmit = document.getElementById('new-submit');
+  let agentsLoaded = false;
+  let agentList = [];
+  // mode: null (closed) | 'new' | { edit: <original-name> }
+  let formMode = null;
+
+  function agentDefaultFlags(key){
+    const a = agentList.find(function(x){ return x.key === key; });
+    return (a && a.flags) || '';
+  }
+  function agentDefaultEnv(key){
+    const a = agentList.find(function(x){ return x.key === key; });
+    return (a && a.envDefaults) || {};
+  }
+  function envToText(envObj){
+    if (!envObj) return '';
+    return Object.keys(envObj).sort().map(function(k){ return k + '=' + envObj[k]; }).join('\\n');
+  }
+
+  async function loadAgents(){
+    if (agentsLoaded) return;
+    try {
+      const r = await fetch('/api/agents', { cache: 'no-store' });
+      if (!r.ok) throw new Error('http ' + r.status);
+      const list = await r.json();
+      if (!Array.isArray(list) || list.length === 0){
+        newAgent.innerHTML = '<option value="" disabled selected>no installed agents</option>';
+        agentList = [];
+      } else {
+        agentList = list;
+        newAgent.innerHTML = list.map(function(a){
+          const label = a.displayName || a.key;
+          return '<option value="' + escapeHtml(a.key) + '">' + escapeHtml(label) + '</option>';
+        }).join('');
+      }
+      agentsLoaded = true;
+    } catch(e){
+      showToast('couldn\\'t load agents: ' + (e.message || e), true);
+    }
+  }
+
+  function closeForm(){
+    newForm.classList.remove('open');
+    newForm.setAttribute('aria-hidden', 'true');
+    formMode = null;
+    newAgent.disabled = false;
+  }
+
+  function syncFlagsHint(agentKey){
+    const def = agentDefaultFlags(agentKey);
+    newFlagsHint.textContent = def
+      ? 'agent default: ' + def + '. Clear the input to spawn with no flags. Takes effect on next respawn.'
+      : 'this agent has no default flags. Takes effect on next respawn.';
+  }
+  function syncEnvHint(agentKey){
+    const def = agentDefaultEnv(agentKey);
+    const keys = Object.keys(def);
+    newEnvHint.textContent = keys.length > 0
+      ? 'agent defaults: ' + keys.join(', ') + '. KEY=VALUE one per line. Stored on the daemon host (auth-gated) \u2014 keep secrets out if you prefer to inject from a shell profile.'
+      : 'no defaults for this agent. KEY=VALUE one per line. Stored on the daemon host (auth-gated) \u2014 keep secrets out if you prefer to inject from a shell profile.';
+  }
+
+  async function openNewForm(){
+    formMode = 'new';
+    newTitle.textContent = 'new session';
+    newSubmit.textContent = 'spawn';
+    newName.value = '';
+    newCwd.value = '';
+    newAgent.disabled = false;
+    newCwdHint.hidden = true;
+    newFlagsHint.hidden = false;
+    newEnvHint.hidden = false;
+    newForm.classList.add('open');
+    newForm.setAttribute('aria-hidden', 'false');
+    await loadAgents();
+    // Pre-fill flags + env with the selected agent's defaults so the operator
+    // can edit/clear from there. Empty = spawn with no flags / no env override.
+    newFlags.value = agentDefaultFlags(newAgent.value);
+    newEnv.value = envToText(agentDefaultEnv(newAgent.value));
+    syncFlagsHint(newAgent.value);
+    syncEnvHint(newAgent.value);
+    newAgent.focus();
+  }
+
+  async function openEditForm(row){
+    formMode = { edit: row.name };
+    newTitle.textContent = 'edit "' + row.name + '"';
+    newSubmit.textContent = 'save';
+    newName.value = row.name;
+    newCwd.value = row.cwd || '';
+    newCwdHint.hidden = false;
+    newFlagsHint.hidden = false;
+    newEnvHint.hidden = false;
+    newForm.classList.add('open');
+    newForm.setAttribute('aria-hidden', 'false');
+    await loadAgents();
+    // Agent of an existing session can't be changed without kill+respawn;
+    // surface it as read-only so the user sees what they have.
+    if (row.agent) newAgent.value = row.agent;
+    newAgent.disabled = true;
+    // Pre-fill with the persisted override if present, else the agent default.
+    newFlags.value = row.flags !== undefined && row.flags !== ''
+      ? row.flags
+      : agentDefaultFlags(newAgent.value);
+    newEnv.value = row.env && Object.keys(row.env).length > 0
+      ? envToText(row.env)
+      : envToText(agentDefaultEnv(newAgent.value));
+    syncFlagsHint(newAgent.value);
+    syncEnvHint(newAgent.value);
+    newName.focus();
+    newName.select();
+  }
+
+  newAgent.addEventListener('change', function(){
+    if (formMode === 'new'){
+      // Reset flags + env to the new agent's defaults so fields reflect intent.
+      newFlags.value = agentDefaultFlags(newAgent.value);
+      newEnv.value = envToText(agentDefaultEnv(newAgent.value));
+      syncFlagsHint(newAgent.value);
+      syncEnvHint(newAgent.value);
+    }
+  });
+
+  newBtn.addEventListener('click', function(){
+    if (newForm.classList.contains('open') && formMode === 'new'){ closeForm(); return; }
+    openNewForm();
+  });
+
+  newCancel.addEventListener('click', function(){ closeForm(); });
+
+  newSessionForm.addEventListener('submit', async function(e){
+    e.preventDefault();
+    const name = newName.value.trim();
+    const cwd = newCwd.value.trim();
+    const flags = newFlags.value;
+    const env = newEnv.value;
+    newSubmit.disabled = true;
+    const originalLabel = newSubmit.textContent;
+    try {
+      if (formMode && formMode.edit){
+        newSubmit.textContent = 'saving\u2026';
+        // For edit, always send flags + env so input values are canonical.
+        // name/cwd still only sent if user typed (so blank = no change).
+        const body = { flags: flags, env: env };
+        if (name) body.name = name;
+        if (cwd) body.cwd = cwd;
+        const r = await fetch('/api/sessions/' + encodeURIComponent(formMode.edit), {
+          method: 'PATCH',
+          headers: { 'content-type': 'application/json' },
+          body: JSON.stringify(body),
+        });
+        const data = await r.json().catch(function(){ return {}; });
+        if (!r.ok || data.ok === false) throw new Error(data.error || 'edit failed');
+        showToast('updated ' + data.session.name);
+      } else {
+        const agent = newAgent.value;
+        if (!agent){ showToast('pick an agent', true); return; }
+        newSubmit.textContent = 'spawning\u2026';
+        const body = { agent };
+        if (name) body.name = name;
+        if (cwd) body.cwd = cwd;
+        // Always send flags + env as the inputs are pre-filled with agent defaults;
+        // empty values = explicit "no flags" / "no env override".
+        body.flags = flags;
+        body.env = env;
+        const r = await fetch('/api/sessions', {
+          method: 'POST',
+          headers: { 'content-type': 'application/json' },
+          body: JSON.stringify(body),
+        });
+        const data = await r.json().catch(function(){ return {}; });
+        if (!r.ok || data.ok === false) throw new Error(data.error || 'spawn failed');
+        showToast('spawned ' + data.session.name);
+      }
+      closeForm();
+      poll();
+    } catch(e){
+      showToast((formMode && formMode.edit ? 'edit' : 'spawn') + ' failed: ' + (e.message || e), true);
+    } finally {
+      newSubmit.disabled = false;
+      newSubmit.textContent = originalLabel;
+    }
+  });
+
+  document.addEventListener('visibilitychange', function(){
+    if (!document.hidden) poll();
+  });
+
+  poll();
+  pollTimer = setInterval(poll, 3000);
+  setInterval(staleCheck, 1000);
+})();
+</script>
+</body></html>`;
+}
+function renderSessionTable(sessions) {
+  if (sessions.length === 0) {
+    return `<div class="empty">no sessions yet \u2014 spawn one from the CLI:<br><br><code>llmuxd spawn claude --name <em>name</em></code></div>`;
+  }
+  const rows = sessions.map((s) => {
+    const cls = `state-${s.status}`;
+    const linkOpen = `<a class="session-link" href="/session/${encodeURIComponent(s.name)}">`;
+    const respawnText = s.status === "running" ? "restart" : "respawn";
+    const respawnBtn = `<button class="respawn" data-action="respawn" data-name="${escapeHtml(s.name)}" aria-label="${respawnText}"><span class="icon">\u21BB</span><span class="label">${respawnText}</span></button>`;
+    const editBtn = `<button class="edit" data-action="edit" data-name="${escapeHtml(s.name)}" data-cwd="${escapeHtml(s.cwd)}" data-agent="${escapeHtml(s.agent)}" data-flags="${escapeHtml(s.flags || "")}" data-env="${escapeHtml(JSON.stringify(s.env || {}))}" aria-label="edit"><span class="icon">\u270E</span><span class="label">edit</span></button>`;
+    const resumeBtn = s.hasHistory && s.conversationCount > 0 ? `<button class="resume-btn" data-action="resume" data-name="${escapeHtml(s.name)}" aria-label="resume"><span class="icon">\u2630</span><span class="label">${s.conversationCount}</span></button>` : "";
+    const killText = s.status === "running" ? "kill" : "remove";
+    const killBtn = `<button class="kill" data-action="kill" data-name="${escapeHtml(s.name)}" data-status="${s.status}" aria-label="${killText}"><span class="icon">\u2715</span><span class="label">${killText}</span></button>`;
+    const cwdShort = s.cwdDisplay || s.cwd;
+    return `<tr data-name="${escapeHtml(s.name)}">
+  <td class="name-block"><span class="name">${linkOpen}${escapeHtml(s.name)}</a></span><span class="cwd" title="${escapeHtml(s.cwd)}"><code>${escapeHtml(cwdShort)}</code></span></td>
+  <td>${escapeHtml(s.agent)}</td>
+  <td class="${cls}">${s.status}</td>
+  <td class="cwd cwd-col" title="${escapeHtml(s.cwd)}"><code>${escapeHtml(cwdShort)}</code></td>
+  <td class="actions">${resumeBtn}${respawnBtn}${editBtn}${killBtn}</td>
+</tr>`;
+  }).join("\n");
+  return `<table><thead><tr><th>name</th><th>agent</th><th>state</th><th class="cwd-col">cwd</th><th></th></tr></thead><tbody>${rows}</tbody></table>`;
+}
+function deadSessionPage(s) {
+  return `<!doctype html><html lang="en"><head>
+<meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">
+<title>${escapeHtml(s.name)} \u2014 exited</title>
+<style>
+  :root{color-scheme:dark}
+  html,body{margin:0;background:#0b0c10;color:#e6e8eb;font-family:ui-monospace,monospace;font-size:14px}
+  body{padding:24px;max-width:560px;margin:0 auto}
+  h1{font-size:18px;margin:0 0 4px}
+  .sub{color:#7a7f87;font-size:12px;margin-bottom:18px}
+  .card{background:#11141a;border:1px solid #1f2329;border-radius:8px;padding:18px}
+  dl{margin:0;display:grid;grid-template-columns:80px 1fr;gap:6px 12px;font-size:13px}
+  dt{color:#7a7f87}
+  dd{margin:0;color:#c9d1d9;word-break:break-all}
+  .row{display:flex;gap:8px;margin-top:16px;flex-wrap:wrap}
+  button{flex:1 1 auto;background:#1c2128;color:#e6e8eb;border:1px solid #262c34;border-radius:6px;padding:10px 14px;font:13px ui-monospace,monospace;cursor:pointer;min-width:120px}
+  button:hover{background:#252b34}
+  button.primary{color:#7cc4ff;border-color:#2d4a66}
+  button.danger{color:#f85149;border-color:#4a2329}
+  button.ghost{color:#9aa0a6}
+  button:disabled{opacity:.5;cursor:wait}
+  #status{margin-top:14px;font-size:12px;color:#9aa0a6;min-height:18px}
+  #status.error{color:#f85149}
+</style></head>
+<body>
+<h1>${escapeHtml(s.name)}</h1>
+<div class="sub">session is not running</div>
+<div class="card">
+  <dl>
+    <dt>agent</dt><dd>${escapeHtml(s.agent)}</dd>
+    <dt>cwd</dt><dd>${escapeHtml(s.cwd)}</dd>
+    <dt>created</dt><dd>${escapeHtml(s.createdAt)}</dd>
+    ${s.parent ? `<dt>parent</dt><dd>${escapeHtml(s.parent)}</dd>` : ""}
+  </dl>
+  <div class="row">
+    <button class="primary" id="btn-respawn">\u21BB respawn</button>
+    <button class="danger" id="btn-remove">\xD7 remove</button>
+    <button class="ghost" id="btn-back">\u2190 sessions</button>
+  </div>
+  <div id="status"></div>
+</div>
+<script>
+(function(){
+  const name = ${JSON.stringify(s.name)};
+  const status = document.getElementById('status');
+  function setStatus(msg, isError){
+    status.textContent = msg;
+    status.classList.toggle('error', !!isError);
+  }
+  async function call(kind){
+    const btns = document.querySelectorAll('button');
+    btns.forEach(function(b){ b.disabled = true; });
+    setStatus(kind === 'respawn' ? 'respawning\u2026' : 'removing\u2026');
+    try {
+      const r = await fetch('/api/sessions/' + encodeURIComponent(name) + '/' + kind, { method: 'POST' });
+      const body = await r.json().catch(function(){ return {}; });
+      if (!r.ok || body.ok === false) throw new Error(body.error || 'request failed');
+      if (kind === 'respawn') location.href = '/session/' + encodeURIComponent(name);
+      else location.href = '/';
+    } catch(e){
+      setStatus(kind + ' failed: ' + (e.message || e), true);
+      btns.forEach(function(b){ b.disabled = false; });
+    }
+  }
+  document.getElementById('btn-respawn').addEventListener('click', function(){ call('respawn'); });
+  document.getElementById('btn-remove').addEventListener('click', function(){ call('kill'); });
+  document.getElementById('btn-back').addEventListener('click', function(){ location.href = '/'; });
+})();
+</script>
+</body></html>`;
+}
+function sessionPage(name) {
+  const escapedName = escapeHtml(name);
+  const jsonName = JSON.stringify(name);
+  const jsonVersion = JSON.stringify(DAEMON_VERSION);
+  return `<!doctype html><html lang="en"><head>
+<meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,viewport-fit=cover,interactive-widget=resizes-content">
+<title>${escapedName} \u2014 llmuxd</title>
+<link rel="icon" href="${FAVICON_DATA_URL}">
+<link rel="apple-touch-icon" href="${FAVICON_DATA_URL}">
+<link rel="stylesheet" href="${XTERM_CSS}">
+<style>
+  :root{--topbar-h:38px;--bar-h:92px;--allkeys-h:0px;color-scheme:dark}
+  html,body{margin:0;background:#0b0c10;color:#eee;font-family:ui-monospace,monospace;overscroll-behavior:none}
+  html{height:100dvh}
+  body{height:100dvh;min-height:100dvh}
+  #topbar{position:fixed;top:0;left:0;right:0;height:var(--topbar-h);background:#11141a;border-bottom:1px solid #1f2329;display:flex;align-items:center;gap:8px;padding:0 10px;z-index:21;box-sizing:border-box}
+  #topbar #back{flex:0 0 auto;background:#1c2128;color:#e6e8eb;border:1px solid #262c34;border-radius:6px;height:26px;width:36px;display:inline-flex;align-items:center;justify-content:center;cursor:pointer;font-family:system-ui,sans-serif;font-size:16px;-webkit-tap-highlight-color:transparent;touch-action:manipulation;outline:none}
+  #topbar #back:active{background:#252b34;border-color:#3a414b}
+  #title-block{flex:1 1 auto;display:flex;align-items:center;gap:8px;color:#c9d1d9;font-size:12px;min-width:0}
+  #title-dot{flex:0 0 auto;width:9px;height:9px;border-radius:50%;background:#9aa0a6;transition:background .2s,box-shadow .2s;cursor:pointer}
+  #title-dot[data-state="live"]{background:#7ee787;box-shadow:0 0 6px #7ee78766}
+  #title-dot[data-state="error"],#title-dot[data-state="closed"],#title-dot[data-state="reconnecting"]{background:#f85149}
+  #title-dot[data-state="reconnecting"]{animation:pulse 1s ease-in-out infinite}
+  @keyframes pulse{0%,100%{opacity:1}50%{opacity:.4}}
+  #title-name{flex:0 1 auto;font-weight:600;color:#e6e8eb;white-space:nowrap;overflow:hidden;text-overflow:ellipsis}
+  #title-brand{flex:0 0 auto;color:#7cc4ff;font-size:11px;font-weight:600;letter-spacing:.08em;margin-left:auto;padding-left:8px}
+  #title-version{flex:0 0 auto;color:#7a7f87;font-size:10px;padding-left:6px}
+  #bar{position:fixed;bottom:0;left:0;right:0;height:var(--bar-h);background:#11141a;border-top:1px solid #1f2329;display:flex;flex-direction:column;gap:8px;padding:6px 0 14px;z-index:20;box-sizing:border-box}
+  #bar .row{display:flex;align-items:center;gap:6px;padding:0 6px;flex:0 0 auto;height:32px}
+  #bar .row.arrows{justify-content:center}
+  #bar .row.keys{justify-content:flex-start}
+  #bar #more{flex:0 0 auto;margin-left:auto}
+  #bar button{flex:0 0 auto;min-width:40px;height:30px;padding:0 10px;background:#1c2128;color:#e6e8eb;border:1px solid #262c34;border-radius:6px;font:13px ui-monospace,monospace;cursor:pointer;user-select:none;-webkit-user-select:none;-webkit-tap-highlight-color:transparent;touch-action:manipulation;outline:none;transition:background .15s,border-color .15s}
+  #bar button:active{background:#252b34;border-color:#3a414b}
+  #bar button[aria-pressed="true"]{background:#1e3a52;border-color:#2d5a85;color:#7cc4ff}
+  #bar button[aria-pressed="locked"]{background:#2d5a85;border-color:#4a7fae;color:#fff}
+  #bar button.fail{background:#4a2329;border-color:#f85149;color:#f85149}
+  #all-keys{position:fixed;bottom:var(--bar-h);left:0;right:0;background:#0e1116;border-top:1px solid #1f2329;display:none;padding:8px;z-index:19;max-height:40vh;overflow-y:auto;box-sizing:border-box}
+  #all-keys.open{display:block}
+  #all-keys h4{margin:14px 4px 6px;font:500 10px/1 ui-monospace,monospace;color:#7a7f87;text-transform:uppercase;letter-spacing:.06em}
+  #all-keys h4:first-child{margin-top:4px}
+  #all-keys .row{display:flex;flex-wrap:wrap;gap:8px;margin-bottom:8px}
+  #all-keys button{flex:0 0 auto;min-width:36px;height:30px;padding:0 8px;background:#1c2128;color:#e6e8eb;border:1px solid #262c34;border-radius:6px;font:12px ui-monospace,monospace;cursor:pointer;-webkit-tap-highlight-color:transparent;touch-action:manipulation;outline:none}
+  #all-keys button:active{background:#252b34;border-color:#3a414b}
+  #term{position:fixed;top:var(--topbar-h);left:0;right:0;bottom:var(--bar-h)}
+  body.allkeys-open #term{bottom:calc(var(--bar-h) + var(--allkeys-h))}
+  #overlay{position:fixed;inset:0;background:rgba(11,12,16,.92);display:none;align-items:center;justify-content:center;z-index:30;padding:20px}
+  #overlay.show{display:flex}
+  #overlay .panel{background:#11141a;border:1px solid #1f2329;border-radius:10px;padding:20px;max-width:340px;width:100%;text-align:center}
+  #overlay h3{margin:0 0 6px;font-size:15px;color:#f85149}
+  #overlay p{margin:0 0 14px;font-size:13px;color:#c9d1d9;line-height:1.5}
+  #overlay .actions{display:flex;gap:8px;justify-content:center;flex-wrap:wrap}
+  #overlay button{background:#1c2128;color:#e6e8eb;border:1px solid #262c34;border-radius:6px;padding:8px 14px;font:12px ui-monospace,monospace;cursor:pointer}
+  #overlay button.primary{color:#7cc4ff;border-color:#2d4a66}
+  @media (orientation: landscape) and (max-height: 500px){
+    :root{--topbar-h:28px;--bar-h:64px}
+    #topbar{padding:0 6px;gap:6px}
+    #topbar #back{height:20px;width:30px;font-size:13px}
+    #title-block{font-size:11px}
+    #title-brand{font-size:10px;padding-left:6px}
+    #title-version{font-size:9px;padding-left:4px}
+    #bar button{height:22px;min-width:36px;padding:0 8px;font-size:11px}
+    #bar{padding:4px 0 10px;gap:4px}
+    #bar .row{gap:4px;height:24px}
+    #all-keys{max-height:60vh}
+    #all-keys button{height:24px;min-width:30px;padding:0 7px;font-size:11px}
+  }
+</style></head>
+<body>
+<div id="topbar">
+  <button id="back" title="Back to sessions">\u2302</button>
+  <span id="title-block"><span id="title-dot" data-state="connecting" title="connecting\u2026"></span><span id="title-name">${escapedName}</span></span>
+  <span id="title-brand">LLMUX</span>
+  <span id="title-version">v${escapeHtml(DAEMON_VERSION)}</span>
+</div>
+<div id="bar">
+  <div class="row arrows">
+    <button data-mod="shift" title="Shift (next char uppercase; double-tap to lock)">Shift</button>
+    <button data-key="home"  title="Home">Home</button>
+    <button data-key="up"    title="Up">\u25B2</button>
+    <button data-key="down"  title="Down">\u25BC</button>
+    <button data-key="left"  title="Left">\u25C0</button>
+    <button data-key="right" title="Right">\u25B6</button>
+    <button data-key="end"   title="End">End</button>
+  </div>
+  <div class="row keys">
+    <button data-key="esc" title="Escape">Esc</button>
+    <button data-key="tab" title="Tab">Tab</button>
+    <button data-mod="ctrl"  title="Ctrl (tap then key, double-tap to lock)">Ctrl</button>
+    <button data-mod="alt"   title="Alt (tap then key, double-tap to lock)">Alt</button>
+    <button id="more" title="All keys">\u22EF</button>
+  </div>
+</div>
+<div id="all-keys" aria-hidden="true">
+  <h4>shell</h4>
+  <div class="row">
+    <button data-char="~" title="tilde">~</button>
+    <button data-char="\`" title="backtick">\`</button>
+    <button data-char="/" title="slash">/</button>
+    <button data-char="\\\\" title="backslash">\\</button>
+    <button data-char="|" title="pipe">|</button>
+    <button data-char="-" title="dash">-</button>
+    <button data-char="_" title="underscore">_</button>
+  </div>
+  <h4>numbers</h4>
+  <div class="row">
+    <button data-char="0">0</button><button data-char="1">1</button><button data-char="2">2</button>
+    <button data-char="3">3</button><button data-char="4">4</button><button data-char="5">5</button>
+    <button data-char="6">6</button><button data-char="7">7</button><button data-char="8">8</button>
+    <button data-char="9">9</button>
+  </div>
+  <h4>brackets &amp; quotes</h4>
+  <div class="row">
+    <button data-char="(">(</button><button data-char=")">)</button>
+    <button data-char="[">[</button><button data-char="]">]</button>
+    <button data-char="{">{</button><button data-char="}">}</button>
+    <button data-char="&lt;">&lt;</button><button data-char="&gt;">&gt;</button>
+    <button data-char="'">'</button><button data-char="&quot;">&quot;</button>
+  </div>
+  <h4>operators</h4>
+  <div class="row">
+    <button data-char="=">=</button><button data-char="+">+</button>
+    <button data-char="*">*</button><button data-char="&amp;">&amp;</button>
+    <button data-char="^">^</button><button data-char="%">%</button>
+    <button data-char="$">$</button><button data-char="#">#</button>
+    <button data-char="@">@</button><button data-char="!">!</button>
+    <button data-char="?">?</button>
+  </div>
+  <h4>punctuation</h4>
+  <div class="row">
+    <button data-char=":">:</button><button data-char=";">;</button>
+    <button data-char=",">,</button><button data-char=".">.</button>
+  </div>
+  <h4>navigation &amp; edit</h4>
+  <div class="row">
+    <button data-key="home">Home</button><button data-key="end">End</button>
+    <button data-key="pgup">PgUp</button><button data-key="pgdn">PgDn</button>
+    <button data-key="del">Del</button><button data-key="ins">Ins</button>
+    <button data-key="bsp">\u232B Bsp</button><button data-key="enter">\u21B5 Enter</button>
+  </div>
+  <h4>function keys</h4>
+  <div class="row">
+    <button data-key="f1">F1</button><button data-key="f2">F2</button>
+    <button data-key="f3">F3</button><button data-key="f4">F4</button>
+    <button data-key="f5">F5</button><button data-key="f6">F6</button>
+    <button data-key="f7">F7</button><button data-key="f8">F8</button>
+    <button data-key="f9">F9</button><button data-key="f10">F10</button>
+    <button data-key="f11">F11</button><button data-key="f12">F12</button>
+  </div>
+  <h4>actions</h4>
+  <div class="row">
+    <button id="reset-term" title="Clear xterm buffer and send Ctrl-L to redraw">Reset terminal</button>
+  </div>
+</div>
+<div id="term"></div>
+<div id="overlay" aria-hidden="true">
+  <div class="panel">
+    <h3 id="overlay-title">session ended</h3>
+    <p id="overlay-body">The tmux session exited. You can respawn it from the picker.</p>
+    <div class="actions">
+      <button class="primary" id="overlay-respawn">\u21BB respawn</button>
+      <button id="overlay-back">\u2190 sessions</button>
+    </div>
+  </div>
+</div>
+<script src="${XTERM_JS}"></script>
+<script src="${XTERM_FIT_JS}"></script>
+<script>
+(function(){
+  const name = ${jsonName};
+  const version = ${jsonVersion};
+  const dot = document.getElementById('title-dot');
+  const titleName = document.getElementById('title-name');
+  const termEl = document.getElementById('term');
+  const overlay = document.getElementById('overlay');
+  const overlayTitle = document.getElementById('overlay-title');
+  const overlayBody = document.getElementById('overlay-body');
+
+  function setStatus(state, label){
+    dot.dataset.state = state;
+    dot.title = name + ' \u2014 ' + label;
+  }
+
+  function showOverlay(title, body, kind){
+    overlayTitle.textContent = title;
+    overlayBody.textContent = body;
+    overlay.classList.add('show');
+    overlay.setAttribute('aria-hidden', 'false');
+    overlay.dataset.kind = kind || '';
+  }
+  function hideOverlay(){
+    overlay.classList.remove('show');
+    overlay.setAttribute('aria-hidden', 'true');
+  }
+
+  document.getElementById('overlay-back').addEventListener('click', function(){ location.href = '/'; });
+  document.getElementById('overlay-respawn').addEventListener('click', async function(){
+    const btn = this;
+    btn.disabled = true;
+    overlayBody.textContent = 'respawning\u2026';
+    try {
+      const r = await fetch('/api/sessions/' + encodeURIComponent(name) + '/respawn', { method: 'POST' });
+      const body = await r.json().catch(function(){ return {}; });
+      if (!r.ok || body.ok === false) throw new Error(body.error || 'request failed');
+      location.reload();
+    } catch(e){
+      overlayBody.textContent = 'respawn failed: ' + (e.message || e);
+      btn.disabled = false;
+    }
+  });
+
+  const term = new Terminal({fontSize:14,fontFamily:'ui-monospace,monospace',theme:{background:'#0b0c10'},cursorBlink:true,scrollback:5000});
+  const fit = new FitAddon.FitAddon();
+  term.loadAddon(fit);
+  term.open(termEl);
+
+  // ---- WebSocket with exponential backoff ----
+  const proto = location.protocol === 'https:' ? 'wss' : 'ws';
+  const wsUrl = proto + '://' + location.host + '/ws/' + encodeURIComponent(name);
+  let ws = null;
+  let dataPiped = false;
+  let reconnectTimer = null;
+  let backoffMs = 1000;
+  const BACKOFF_CAP = 30000;
+  let everConnected = false;
+  let intentionallyClosed = false;
+
+  function safeSend(data){
+    if (!ws || ws.readyState !== WebSocket.OPEN){
+      return false;
+    }
+    try { ws.send(data); return true; }
+    catch(e){ return false; }
+  }
+
+  function clearReconnect(){
+    if (reconnectTimer){
+      clearTimeout(reconnectTimer);
+      reconnectTimer = null;
+    }
+  }
+
+  function scheduleReconnect(){
+    if (intentionallyClosed) return;
+    clearReconnect();
+    setStatus('reconnecting', 'reconnecting in ' + Math.round(backoffMs/1000) + 's\u2026');
+    reconnectTimer = setTimeout(function(){
+      reconnectTimer = null;
+      connect();
+    }, backoffMs);
+    backoffMs = Math.min(BACKOFF_CAP, backoffMs * 2);
+  }
+
+  function ensureConnected(){
+    if (ws && (ws.readyState === WebSocket.OPEN || ws.readyState === WebSocket.CONNECTING)) return;
+    clearReconnect();
+    backoffMs = 1000;
+    connect();
+  }
+
+  function connect(){
+    setStatus('connecting', 'connecting\u2026');
+    try {
+      ws = new WebSocket(wsUrl);
+    } catch(e){
+      scheduleReconnect();
+      return;
+    }
+    ws.binaryType = 'arraybuffer';
+    ws.onopen = function(){
+      setStatus('live', 'live');
+      backoffMs = 1000;
+      everConnected = true;
+      hideOverlay();
+      if (!dataPiped){
+        // term.onData must only be wired once \u2014 repeat calls would
+        // double-deliver every keystroke.
+        term.onData(function(d){
+          if (!safeSend(consumeMods(d))) flashDot();
+        });
+        dataPiped = true;
+      }
+      scheduleResize();
+      term.focus();
+    };
+    ws.onmessage = function(ev){
+      if (typeof ev.data === 'string') term.write(ev.data);
+      else term.write(new Uint8Array(ev.data));
+    };
+    ws.onclose = function(ev){
+      // Close code 1011/4040 from the server means the tmux session is gone \u2014
+      // surface a session-ended overlay instead of reconnect-looping.
+      if (ev && (ev.code === 4040 || /pty exited/.test(ev.reason || ''))){
+        intentionallyClosed = true;
+        setStatus('closed', 'session ended');
+        showOverlay('session ended', 'The tmux session is no longer running.', 'ended');
+        return;
+      }
+      if (everConnected) setStatus('closed', 'disconnected \u2014 reconnecting');
+      scheduleReconnect();
+    };
+    ws.onerror = function(){
+      setStatus('error', 'connection error');
+    };
+  }
+
+  let flashTimer = null;
+  function flashDot(){
+    dot.style.boxShadow = '0 0 8px #f85149';
+    clearTimeout(flashTimer);
+    flashTimer = setTimeout(function(){ dot.style.boxShadow = ''; }, 250);
+  }
+  function flashBtnFail(btn){
+    btn.classList.add('fail');
+    setTimeout(function(){ btn.classList.remove('fail'); }, 250);
+  }
+
+  connect();
+
+  // ---- Key sequence table ----
+  const KEYS = {
+    esc: '\\x1b', tab: '\\t', enter: '\\r', bsp: '\\x7f',
+    up: '\\x1b[A', down: '\\x1b[B', right: '\\x1b[C', left: '\\x1b[D',
+    home: '\\x1b[H', end: '\\x1b[F',
+    pgup: '\\x1b[5~', pgdn: '\\x1b[6~',
+    del: '\\x1b[3~', ins: '\\x1b[2~',
+    f1:'\\x1bOP', f2:'\\x1bOQ', f3:'\\x1bOR', f4:'\\x1bOS',
+    f5:'\\x1b[15~', f6:'\\x1b[17~', f7:'\\x1b[18~', f8:'\\x1b[19~',
+    f9:'\\x1b[20~', f10:'\\x1b[21~', f11:'\\x1b[23~', f12:'\\x1b[24~'
+  };
+  Object.keys(KEYS).forEach(function(k){ KEYS[k] = KEYS[k].replace(/\\\\x([0-9a-f]{2})/gi, function(_,h){ return String.fromCharCode(parseInt(h,16)); }); });
+
+  // ---- Modifier state: 'off' | 'pending' | 'locked' ----
+  const mods = { ctrl: 'off', alt: 'off', shift: 'off' };
+  function setMod(mod, val){
+    mods[mod] = val;
+    const btn = document.querySelector('[data-mod="'+mod+'"]');
+    if (btn){
+      if (val === 'off') btn.removeAttribute('aria-pressed');
+      else btn.setAttribute('aria-pressed', val === 'locked' ? 'locked' : 'true');
+    }
+  }
+  function consumeMods(d){
+    let out = d;
+    if (mods.shift !== 'off' && d.length === 1){
+      out = d.toUpperCase();
+      if (mods.shift === 'pending') setMod('shift', 'off');
+    }
+    if (mods.ctrl !== 'off' && out.length === 1){
+      const c = out.charCodeAt(0);
+      if (c >= 0x40 && c <= 0x7f) out = String.fromCharCode(c & 0x1f);
+      else if (c === 0x20) out = '\\x00';
+      if (mods.ctrl === 'pending') setMod('ctrl', 'off');
+    }
+    if (mods.alt !== 'off'){
+      out = '\\x1b' + out;
+      if (mods.alt === 'pending') setMod('alt', 'off');
+    }
+    return out.replace(/\\\\x([0-9a-f]{2})/gi, function(_,h){ return String.fromCharCode(parseInt(h,16)); });
+  }
+
+  // ---- Layout / resize ----
+  let resizeTimer = null;
+  const allKeysEl = document.getElementById('all-keys');
+  function getAllKeysH(){
+    if (!allKeysEl.classList.contains('open')) return 0;
+    return Math.min(allKeysEl.scrollHeight, Math.floor((window.visualViewport ? window.visualViewport.height : window.innerHeight) * 0.4));
+  }
+  function applyLayout(){
+    const allKeysH = getAllKeysH();
+    document.documentElement.style.setProperty('--allkeys-h', allKeysH + 'px');
+    const cs = getComputedStyle(document.documentElement);
+    const barH = parseInt(cs.getPropertyValue('--bar-h'),10) || 42;
+    const topbarH = parseInt(cs.getPropertyValue('--topbar-h'),10) || 0;
+    const vv = window.visualViewport;
+    const visibleH = vv ? vv.height : window.innerHeight;
+    termEl.style.top = topbarH + 'px';
+    termEl.style.bottom = (barH + allKeysH) + 'px';
+    termEl.style.height = Math.max(60, visibleH - topbarH - barH - allKeysH) + 'px';
+  }
+  function scheduleResize(){
+    clearTimeout(resizeTimer);
+    resizeTimer = setTimeout(function(){
+      applyLayout();
+      try { fit.fit(); } catch(e){}
+      safeSend(JSON.stringify({type:'resize', cols:term.cols, rows:term.rows}));
+    }, 60);
+  }
+
+  applyLayout();
+  try { fit.fit(); } catch(e){}
+
+  // ---- Wire toolbar ----
+  document.querySelectorAll('#topbar button, #bar button, #all-keys button').forEach(function(b){ b.tabIndex = -1; });
+
+  document.getElementById('back').addEventListener('click', function(e){ e.preventDefault(); location.href = '/'; });
+
+  document.getElementById('reset-term').addEventListener('click', function(e){
+    e.preventDefault();
+    try { term.reset(); } catch(err){}
+    safeSend('\\x0c');
+    term.focus();
+  });
+
+  document.getElementById('more').addEventListener('click', function(e){
+    e.preventDefault();
+    const open = allKeysEl.classList.toggle('open');
+    allKeysEl.setAttribute('aria-hidden', open ? 'false' : 'true');
+    document.body.classList.toggle('allkeys-open', open);
+    scheduleResize();
+    term.focus();
+  });
+
+  document.querySelectorAll('[data-key]').forEach(function(btn){
+    btn.addEventListener('pointerdown', function(e){ e.preventDefault(); });
+    btn.addEventListener('click', function(e){
+      e.preventDefault();
+      const seq = KEYS[btn.dataset.key];
+      if (seq != null && !safeSend(consumeMods(seq))) flashBtnFail(btn);
+      term.focus();
+    });
+  });
+
+  document.querySelectorAll('[data-char]').forEach(function(btn){
+    btn.addEventListener('pointerdown', function(e){ e.preventDefault(); });
+    btn.addEventListener('click', function(e){
+      e.preventDefault();
+      if (!safeSend(consumeMods(btn.dataset.char))) flashBtnFail(btn);
+      term.focus();
+    });
+  });
+
+  document.querySelectorAll('[data-mod]').forEach(function(btn){
+    let lastTap = 0;
+    btn.addEventListener('pointerdown', function(e){ e.preventDefault(); });
+    btn.addEventListener('click', function(e){
+      e.preventDefault();
+      const mod = btn.dataset.mod;
+      const now = Date.now();
+      const fast = now - lastTap < 400;
+      lastTap = now;
+      if (mods[mod] === 'locked') setMod(mod, 'off');
+      else if (fast && mods[mod] === 'pending') setMod(mod, 'locked');
+      else if (mods[mod] === 'off') setMod(mod, 'pending');
+      else setMod(mod, 'off');
+      term.focus();
+    });
+  });
+
+  // ---- Resize triggers ----
+  addEventListener('resize', function(){ scheduleResize(); });
+  addEventListener('orientationchange', function(){ scheduleResize(); });
+  if (window.visualViewport){
+    window.visualViewport.addEventListener('resize', function(){ scheduleResize(); });
+    window.visualViewport.addEventListener('scroll', function(){ scheduleResize(); });
+  }
+  let pendingRefocus = false;
+  function armRefocus(){
+    if (pendingRefocus) return;
+    pendingRefocus = true;
+    function onUserTouch(){
+      pendingRefocus = false;
+      try { term.focus(); } catch(e){}
+      document.removeEventListener('touchstart', onUserTouch, true);
+      document.removeEventListener('mousedown', onUserTouch, true);
+    }
+    document.addEventListener('touchstart', onUserTouch, true);
+    document.addEventListener('mousedown', onUserTouch, true);
+  }
+  document.addEventListener('visibilitychange', function(){
+    if (!document.hidden){
+      ensureConnected();
+      scheduleResize();
+      try { term.focus(); } catch(e){}
+      armRefocus();
+    }
+  });
+  addEventListener('pageshow', function(){
+    ensureConnected();
+    scheduleResize();
+    try { term.focus(); } catch(e){}
+    armRefocus();
+  });
+})();
+</script>
+</body></html>`;
+}
+var COOKIE_NAME = "llmuxd_token";
+var COOKIE_RE = new RegExp(`(?:^|;\\s*)${COOKIE_NAME}=([^;]+)`);
+function isLocalhost(req) {
+  const ra = req.socket.remoteAddress;
+  return ra === "127.0.0.1" || ra === "::1" || ra === "::ffff:127.0.0.1";
+}
+function extractToken(req) {
+  const auth = req.headers["authorization"];
+  if (typeof auth === "string" && auth.startsWith("Bearer ")) {
+    return auth.slice("Bearer ".length).trim();
+  }
+  const cookie = req.headers["cookie"];
+  if (typeof cookie === "string") {
+    const m = COOKIE_RE.exec(cookie);
+    if (m) return decodeURIComponent(m[1] ?? "");
+  }
+  return void 0;
+}
+function extractWsToken(req, urlSearch) {
+  const fromQuery = urlSearch.get("token");
+  if (fromQuery) return fromQuery;
+  return extractToken(req);
+}
+function isAuthorized(req) {
+  if (isLocalhost(req)) return true;
+  if (!authEnabled()) return true;
+  return validateAuthToken(extractToken(req));
+}
+function isWsAuthorized(req, urlSearch) {
+  if (isLocalhost(req)) return true;
+  if (!authEnabled()) return true;
+  return validateAuthToken(extractWsToken(req, urlSearch));
+}
+function gatePage(reason) {
+  const message = reason === "invalid" ? "Token rejected. Try again." : "This llmuxd instance requires a token.";
+  return `<!doctype html><html lang="en"><head>
+<meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">
+<title>llmuxd \u2014 auth</title>
+<link rel="icon" href="${FAVICON_DATA_URL}">
+<style>
+  :root{color-scheme:dark}
+  html,body{margin:0;background:#0b0c10;color:#e6e8eb;font-family:ui-monospace,monospace;font-size:14px}
+  body{padding:24px;max-width:520px;margin:0 auto;min-height:100dvh;box-sizing:border-box;display:flex;flex-direction:column;justify-content:center}
+  h1{font-size:18px;margin:0 0 4px;display:flex;align-items:center;gap:8px}
+  h1 .brand{color:#7cc4ff;letter-spacing:.08em}
+  .sub{color:#7a7f87;font-size:12px;margin-bottom:18px}
+  .card{background:#11141a;border:1px solid #1f2329;border-radius:8px;padding:20px}
+  label{display:block;font-size:11px;color:#9aa0a6;text-transform:uppercase;letter-spacing:.05em;margin-bottom:6px}
+  input{width:100%;box-sizing:border-box;background:#0b0c10;color:#e6e8eb;border:1px solid #262c34;border-radius:6px;padding:10px;font:13px ui-monospace,monospace;outline:none}
+  input:focus{border-color:#2d4a66}
+  button{margin-top:14px;width:100%;background:#1c2128;color:#7cc4ff;border:1px solid #2d4a66;border-radius:6px;padding:10px 14px;font:13px ui-monospace,monospace;cursor:pointer}
+  button:hover{background:#252b34}
+  button:disabled{opacity:.5;cursor:wait}
+  .msg{margin-top:12px;font-size:12px;color:#f85149;min-height:18px}
+  .hint{margin-top:18px;font-size:11px;color:#7a7f87;line-height:1.5}
+  .hint code{color:#c9d1d9;background:#0b0c10;padding:2px 5px;border-radius:3px}
+</style></head>
+<body>
+<h1><span class="brand">LLMUX</span> \u2014 auth required</h1>
+<div class="sub">${escapeHtml(message)}</div>
+<div class="card">
+  <form id="auth-form">
+    <label for="token">access token</label>
+    <input id="token" type="password" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" placeholder="sas_\u2026" required>
+    <button type="submit">unlock</button>
+    <div class="msg" id="msg"></div>
+  </form>
+  <div class="hint">
+    Generate a token on the daemon host: <code>llmuxd token create</code><br>
+    The token is sent as a cookie after unlock. Localhost bypasses this gate.
+  </div>
+</div>
+<script>
+(function(){
+  const form = document.getElementById('auth-form');
+  const input = document.getElementById('token');
+  const msg = document.getElementById('msg');
+  form.addEventListener('submit', async function(e){
+    e.preventDefault();
+    const token = input.value.trim();
+    if (!token) return;
+    msg.textContent = '';
+    const btn = form.querySelector('button');
+    btn.disabled = true;
+    try {
+      const r = await fetch('/api/auth', {
+        method: 'POST',
+        headers: { 'content-type': 'application/json' },
+        body: JSON.stringify({ token })
+      });
+      if (!r.ok) {
+        const body = await r.json().catch(function(){ return {}; });
+        msg.textContent = body.error || 'token rejected';
+        btn.disabled = false;
+        input.focus();
+        input.select();
+        return;
+      }
+      // Cookie set by server; reload the originally requested URL so the
+      // user lands where they wanted, not at /. Strip any stale ?token= from
+      // the URL \u2014 if we left it, the canonical-url rule on the next request
+      // would invalidate the cookie we just set (infinite gate loop).
+      const params = new URLSearchParams(location.search);
+      params.delete('token');
+      const query = params.toString();
+      location.href = location.pathname + (query ? '?' + query : '');
+    } catch(err){
+      msg.textContent = 'request failed: ' + (err.message || err);
+      btn.disabled = false;
+    }
+  });
+  input.focus();
+})();
+</script>
+</body></html>`;
+}
+function sendGate(res, reason = "missing") {
+  res.writeHead(401, { "content-type": "text/html; charset=utf-8" });
+  res.end(gatePage(reason));
+}
+function buildCookie(token) {
+  return `${COOKIE_NAME}=${encodeURIComponent(token)}; Path=/; HttpOnly; SameSite=Lax`;
+}
+async function readJsonBody(req, limit = 64 * 1024) {
+  return new Promise((resolve4, reject) => {
+    let size = 0;
+    const chunks = [];
+    req.on("data", (chunk) => {
+      size += chunk.length;
+      if (size > limit) {
+        req.destroy();
+        reject(new Error("body too large"));
+        return;
+      }
+      chunks.push(chunk);
+    });
+    req.on("end", () => {
+      try {
+        const text = Buffer.concat(chunks).toString("utf8");
+        resolve4(text ? JSON.parse(text) : {});
+      } catch (e) {
+        reject(e);
+      }
+    });
+    req.on("error", reject);
+  });
+}
+function sendHtml(res, body, status2 = 200) {
+  res.writeHead(status2, { "content-type": "text/html; charset=utf-8" });
+  res.end(body);
+}
+function sendText(res, body, status2 = 200) {
+  res.writeHead(status2, { "content-type": "text/plain; charset=utf-8" });
+  res.end(body);
+}
+function sendJson(res, body, status2 = 200) {
+  res.writeHead(status2, { "content-type": "application/json" });
+  res.end(JSON.stringify(body));
+}
+function buildAgentCommand(agent, flagsOverride, resumeFrom) {
+  const flags = flagsOverride !== void 0 ? flagsOverride : agent.flags ?? "";
+  const resumeFragment = resumeFrom && agent.history ? agent.history.resumeFlag(resumeFrom) : "";
+  const tail = [flags, resumeFragment].filter((s) => s.length > 0).join(" ");
+  return tail ? `${agent.cmd} ${tail}` : agent.cmd;
+}
+function viewOf(s, live) {
+  const agentDef = DEFAULT_AGENTS[s.agent];
+  let conversationCount = 0;
+  if (agentDef?.history) {
+    try {
+      conversationCount = agentDef.history.listConversations(s.cwd).length;
+    } catch {
+      conversationCount = 0;
+    }
+  }
+  return {
+    name: s.name,
+    agent: s.agent,
+    cwd: s.cwd,
+    cwdDisplay: shortenCwd(s.cwd),
+    ...s.flags !== void 0 ? { flags: s.flags } : {},
+    defaultFlags: agentDef?.flags ?? "",
+    ...s.env !== void 0 ? { env: s.env } : {},
+    defaultEnv: agentDef?.envDefaults ?? {},
+    ...s.resumeFrom !== void 0 ? { resumeFrom: s.resumeFrom } : {},
+    hasHistory: Boolean(agentDef?.history),
+    conversationCount,
+    createdAt: s.createdAt,
+    parent: s.parent,
+    status: live ? "running" : "exited"
+  };
+}
+function parseEnvText(text) {
+  const out = {};
+  for (const raw of text.split(/\r?\n/)) {
+    const line = raw.trim();
+    if (!line || line.startsWith("#")) continue;
+    const eq = line.indexOf("=");
+    if (eq <= 0) continue;
+    const key = line.slice(0, eq).trim();
+    if (!key) continue;
+    out[key] = line.slice(eq + 1);
+  }
+  return out;
+}
+function mergeSpawnEnv(agent, sessionEnv, llmuxEnv) {
+  return { ...agent.envDefaults ?? {}, ...sessionEnv ?? {}, ...llmuxEnv };
+}
+var SESSION_NAME_RE = /^[a-zA-Z0-9][a-zA-Z0-9_-]*$/;
+function createSession(input) {
+  if (!input.agent) return { ok: false, error: "agent is required" };
+  const agentDef = DEFAULT_AGENTS[input.agent];
+  if (!agentDef) return { ok: false, error: `unknown agent "${input.agent}"` };
+  if (!isAgentInstalled(agentDef)) return { ok: false, error: `agent "${input.agent}" is not installed on the daemon host` };
+  const name = input.name && input.name.trim() || agentDef.key;
+  if (!SESSION_NAME_RE.test(name)) {
+    return { ok: false, error: "name must start alphanumeric and contain only letters, numbers, _ or -" };
+  }
+  if (get(name) || hasSession(name)) {
+    return { ok: false, error: `session "${name}" already exists` };
+  }
+  const cwdRaw = input.cwd && input.cwd.trim() || process.env.HOME || process.cwd();
+  const cwd = expandTilde(cwdRaw);
+  if (!existsSync4(cwd)) return { ok: false, error: `cwd does not exist: ${cwdRaw}` };
+  const flagsOverride = input.flags !== void 0 ? input.flags.trim() : void 0;
+  const envOverride = input.env !== void 0 ? parseEnvText(input.env) : void 0;
+  const resumeFrom = input.resumeFrom && agentDef.history ? input.resumeFrom : void 0;
+  try {
+    newSession({
+      name,
+      command: buildAgentCommand(agentDef, flagsOverride, resumeFrom),
+      cwd,
+      env: mergeSpawnEnv(agentDef, envOverride, { LLMUX_SESSION: name, LLMUX_AGENT: agentDef.key })
+    });
+  } catch (err) {
+    return { ok: false, error: err instanceof Error ? err.message : String(err) };
+  }
+  const session = {
+    name,
+    agent: agentDef.key,
+    cwd,
+    ...flagsOverride !== void 0 ? { flags: flagsOverride } : {},
+    ...envOverride !== void 0 ? { env: envOverride } : {},
+    ...resumeFrom !== void 0 ? { resumeFrom } : {},
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    parent: null,
+    restart: "on-failure"
+  };
+  record(session);
+  return { ok: true, session: viewOf(session, true) };
+}
+function respawnSession(name) {
+  const session = get(name);
+  if (!session) return { ok: false, error: `no tracked session "${name}"` };
+  const agent = DEFAULT_AGENTS[session.agent];
+  if (!agent) return { ok: false, error: `unknown agent "${session.agent}"` };
+  if (!isAgentInstalled(agent)) return { ok: false, error: `agent "${session.agent}" is not installed` };
+  if (hasSession(name)) {
+    try {
+      killSession(name);
+    } catch (err) {
+      return { ok: false, error: err instanceof Error ? err.message : String(err) };
+    }
+  }
+  try {
+    newSession({
+      name: session.name,
+      command: buildAgentCommand(agent, session.flags, session.resumeFrom),
+      cwd: session.cwd,
+      env: mergeSpawnEnv(agent, session.env, { LLMUX_SESSION: session.name, LLMUX_AGENT: session.agent })
+    });
+  } catch (err) {
+    return { ok: false, error: err instanceof Error ? err.message : String(err) };
+  }
+  const refreshed = { ...session, createdAt: (/* @__PURE__ */ new Date()).toISOString() };
+  record(refreshed);
+  return { ok: true, session: viewOf(refreshed, true) };
+}
+function resumeConversation(name, conversationId) {
+  const session = get(name);
+  if (!session) return { ok: false, error: `no tracked session "${name}"` };
+  const agent = DEFAULT_AGENTS[session.agent];
+  if (!agent) return { ok: false, error: `unknown agent "${session.agent}"` };
+  if (!agent.history) return { ok: false, error: `agent "${session.agent}" has no history adapter` };
+  if (!isAgentInstalled(agent)) return { ok: false, error: `agent "${session.agent}" is not installed` };
+  if (hasSession(name)) {
+    try {
+      killSession(name);
+    } catch (err) {
+      return { ok: false, error: err instanceof Error ? err.message : String(err) };
+    }
+  }
+  try {
+    newSession({
+      name: session.name,
+      command: buildAgentCommand(agent, session.flags, conversationId),
+      cwd: session.cwd,
+      env: mergeSpawnEnv(agent, session.env, { LLMUX_SESSION: session.name, LLMUX_AGENT: session.agent })
+    });
+  } catch (err) {
+    return { ok: false, error: err instanceof Error ? err.message : String(err) };
+  }
+  const refreshed = {
+    ...session,
+    resumeFrom: conversationId,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  record(refreshed);
+  return { ok: true, session: viewOf(refreshed, true) };
+}
+function editSession(oldName, patch) {
+  const session = get(oldName);
+  if (!session) return { ok: false, error: `no tracked session "${oldName}"` };
+  const newName = patch.name?.trim();
+  const newCwd = patch.cwd?.trim();
+  if (newName !== void 0 && newName !== oldName) {
+    if (!SESSION_NAME_RE.test(newName)) {
+      return { ok: false, error: "name must start alphanumeric and contain only letters, numbers, _ or -" };
+    }
+    if (get(newName) || hasSession(newName)) {
+      return { ok: false, error: `session "${newName}" already exists` };
+    }
+  }
+  if (newCwd !== void 0 && newCwd.length > 0 && !existsSync4(expandTilde(newCwd))) {
+    return { ok: false, error: `cwd does not exist: ${newCwd}` };
+  }
+  const renaming = newName !== void 0 && newName !== oldName && newName.length > 0;
+  if (renaming) {
+    try {
+      renameSession(oldName, newName);
+    } catch (err) {
+      return { ok: false, error: err instanceof Error ? err.message : String(err) };
+    }
+  }
+  const nextFlags = patch.flags !== void 0 ? patch.flags.trim() : session.flags;
+  const nextEnv = patch.env !== void 0 ? parseEnvText(patch.env) : session.env;
+  const updated = {
+    name: renaming ? newName : oldName,
+    agent: session.agent,
+    cwd: newCwd !== void 0 && newCwd.length > 0 ? expandTilde(newCwd) : session.cwd,
+    ...nextFlags !== void 0 ? { flags: nextFlags } : {},
+    ...nextEnv !== void 0 ? { env: nextEnv } : {},
+    ...session.resumeFrom !== void 0 ? { resumeFrom: session.resumeFrom } : {},
+    createdAt: session.createdAt,
+    parent: session.parent,
+    restart: session.restart
+  };
+  if (renaming) forget(oldName);
+  record(updated);
+  const cwdChanged = newCwd !== void 0 && newCwd.length > 0 && updated.cwd !== session.cwd;
+  if (cwdChanged && hasSession(updated.name)) {
+    const agent = DEFAULT_AGENTS[updated.agent];
+    if (agent && isAgentInstalled(agent)) {
+      try {
+        killSession(updated.name);
+        newSession({
+          name: updated.name,
+          command: buildAgentCommand(agent, updated.flags, updated.resumeFrom),
+          cwd: updated.cwd,
+          env: mergeSpawnEnv(agent, updated.env, { LLMUX_SESSION: updated.name, LLMUX_AGENT: updated.agent })
+        });
+        const refreshed = { ...updated, createdAt: (/* @__PURE__ */ new Date()).toISOString() };
+        record(refreshed);
+        return { ok: true, session: viewOf(refreshed, true) };
+      } catch (err) {
+        return { ok: false, error: `cwd updated but restart failed: ${err instanceof Error ? err.message : String(err)}` };
+      }
+    }
+  }
+  const live = listSessions().some((s) => s.name === updated.name);
+  return { ok: true, session: viewOf(updated, live) };
+}
+function killSession2(name) {
+  const session = get(name);
+  if (!session) return { ok: false, error: `no tracked session "${name}"` };
+  const wasRunning = hasSession(name);
+  try {
+    killSession(name);
+  } catch (err) {
+    return { ok: false, error: err instanceof Error ? err.message : String(err) };
+  }
+  forget(name);
+  return { ok: true, status: wasRunning ? "running" : "exited" };
+}
+var RESPAWN_RE = /^\/api\/sessions\/([^/]+)\/respawn$/;
+var KILL_RE = /^\/api\/sessions\/([^/]+)\/kill$/;
+var RESUME_RE = /^\/api\/sessions\/([^/]+)\/resume$/;
+var SEND_RE = /^\/api\/sessions\/([^/]+)\/send$/;
+var CONVERSATIONS_RE = /^\/api\/sessions\/([^/]+)\/conversations$/;
+var EDIT_RE = /^\/api\/sessions\/([^/]+)$/;
+function startServer(opts) {
+  const http = createServer(async (req, res) => {
+    const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
+    const method = req.method ?? "GET";
+    const queryToken = url.searchParams.get("token");
+    if (queryToken) {
+      if (validateAuthToken(queryToken)) {
+        url.searchParams.delete("token");
+        const cleanPath = url.pathname + (url.searchParams.toString() ? "?" + url.searchParams.toString() : "");
+        res.writeHead(302, {
+          location: cleanPath,
+          "set-cookie": buildCookie(queryToken)
+        });
+        return res.end();
+      }
+      res.writeHead(401, {
+        "content-type": "text/html; charset=utf-8",
+        "set-cookie": `${COOKIE_NAME}=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0`
+      });
+      return res.end(gatePage("invalid"));
+    }
+    if (url.pathname === "/health") {
+      return sendJson(res, {
+        ok: true,
+        version: DAEMON_VERSION,
+        sessions: list().length,
+        authEnabled: authEnabled()
+      });
+    }
+    if (url.pathname === "/api/version" && method === "GET") {
+      return sendJson(res, { version: DAEMON_VERSION });
+    }
+    if (url.pathname === "/api/auth" && method === "POST") {
+      try {
+        const body = await readJsonBody(req);
+        const candidate = typeof body.token === "string" ? body.token : "";
+        if (!validateAuthToken(candidate)) {
+          return sendJson(res, { ok: false, error: "invalid token" }, 401);
+        }
+        res.writeHead(200, {
+          "content-type": "application/json",
+          "set-cookie": buildCookie(candidate)
+        });
+        return res.end(JSON.stringify({ ok: true }));
+      } catch (err) {
+        return sendJson(res, { ok: false, error: err instanceof Error ? err.message : "bad request" }, 400);
+      }
+    }
+    if (!isAuthorized(req)) {
+      const isApi = url.pathname.startsWith("/api/");
+      if (isApi) {
+        return sendJson(res, { ok: false, error: "unauthorized" }, 401);
+      }
+      const hasInvalidToken = Boolean(extractToken(req));
+      return sendGate(res, hasInvalidToken ? "invalid" : "missing");
+    }
+    if (url.pathname === "/api/sessions" && method === "GET") {
+      return sendJson(res, listSessionViews());
+    }
+    if (url.pathname === "/api/agents" && method === "GET") {
+      const installed = Object.entries(DEFAULT_AGENTS).filter(([, def]) => isAgentInstalled(def)).map(([key, def]) => ({
+        key,
+        displayName: def.displayName,
+        cmd: def.cmd,
+        flags: def.flags ?? "",
+        envDefaults: def.envDefaults ?? {}
+      }));
+      return sendJson(res, installed);
+    }
+    if (url.pathname === "/api/agents/all" && method === "GET") {
+      const all = Object.entries(DEFAULT_AGENTS).map(([key, def]) => ({
+        key,
+        displayName: def.displayName,
+        cmd: def.cmd,
+        installed: isAgentInstalled(def),
+        installHint: def.installHint ?? "",
+        docsUrl: def.docsUrl ?? ""
+      }));
+      return sendJson(res, all);
+    }
+    if (url.pathname === "/api/sessions" && method === "POST") {
+      try {
+        const body = await readJsonBody(req);
+        const result = createSession({
+          agent: typeof body.agent === "string" ? body.agent : "",
+          ...typeof body.name === "string" ? { name: body.name } : {},
+          ...typeof body.cwd === "string" ? { cwd: body.cwd } : {},
+          ...typeof body.flags === "string" ? { flags: body.flags } : {},
+          ...typeof body.env === "string" ? { env: body.env } : {},
+          ...typeof body.resumeFrom === "string" ? { resumeFrom: body.resumeFrom } : {}
+        });
+        return sendJson(res, result, result.ok ? 200 : 400);
+      } catch (err) {
+        return sendJson(res, { ok: false, error: err instanceof Error ? err.message : "bad request" }, 400);
+      }
+    }
+    if (method === "POST") {
+      const mRespawn = url.pathname.match(RESPAWN_RE);
+      if (mRespawn) {
+        const name = decodeURIComponent(mRespawn[1]);
+        const result = respawnSession(name);
+        return sendJson(res, result, result.ok ? 200 : 400);
+      }
+      const mKill = url.pathname.match(KILL_RE);
+      if (mKill) {
+        const name = decodeURIComponent(mKill[1]);
+        const result = killSession2(name);
+        return sendJson(res, result, result.ok ? 200 : 400);
+      }
+      const mSend = url.pathname.match(SEND_RE);
+      if (mSend) {
+        const name = decodeURIComponent(mSend[1]);
+        try {
+          const body = await readJsonBody(req);
+          if (typeof body.prompt !== "string" || body.prompt.length === 0) {
+            return sendJson(res, { ok: false, error: "prompt required" }, 400);
+          }
+          if (!get(name)) return sendJson(res, { ok: false, error: `no tracked session "${name}"` }, 404);
+          if (!hasSession(name)) return sendJson(res, { ok: false, error: `session "${name}" is not running` }, 409);
+          const enter = body.enter !== false;
+          try {
+            sendKeys(name, body.prompt, { enter });
+          } catch (err) {
+            return sendJson(res, { ok: false, error: err instanceof Error ? err.message : String(err) }, 500);
+          }
+          return sendJson(res, { ok: true });
+        } catch (err) {
+          return sendJson(res, { ok: false, error: err instanceof Error ? err.message : "bad request" }, 400);
+        }
+      }
+      const mResume = url.pathname.match(RESUME_RE);
+      if (mResume) {
+        const name = decodeURIComponent(mResume[1]);
+        try {
+          const body = await readJsonBody(req);
+          if (typeof body.conversationId !== "string" || body.conversationId.length === 0) {
+            return sendJson(res, { ok: false, error: "conversationId required" }, 400);
+          }
+          const result = resumeConversation(name, body.conversationId);
+          return sendJson(res, result, result.ok ? 200 : 400);
+        } catch (err) {
+          return sendJson(res, { ok: false, error: err instanceof Error ? err.message : "bad request" }, 400);
+        }
+      }
+    }
+    if (method === "GET") {
+      const mConvs = url.pathname.match(CONVERSATIONS_RE);
+      if (mConvs) {
+        const name = decodeURIComponent(mConvs[1]);
+        const session = get(name);
+        if (!session) return sendJson(res, { ok: false, error: "session not found" }, 404);
+        const agent = DEFAULT_AGENTS[session.agent];
+        if (!agent?.history) return sendJson(res, []);
+        try {
+          const convs = agent.history.listConversations(session.cwd);
+          return sendJson(res, convs);
+        } catch (err) {
+          return sendJson(res, { ok: false, error: err instanceof Error ? err.message : "history read failed" }, 500);
+        }
+      }
+    }
+    if (method === "PATCH") {
+      const mEdit = url.pathname.match(EDIT_RE);
+      if (mEdit) {
+        const name = decodeURIComponent(mEdit[1]);
+        try {
+          const body = await readJsonBody(req);
+          const result = editSession(name, {
+            ...typeof body.name === "string" ? { name: body.name } : {},
+            ...typeof body.cwd === "string" ? { cwd: body.cwd } : {},
+            ...typeof body.flags === "string" ? { flags: body.flags } : {},
+            ...typeof body.env === "string" ? { env: body.env } : {}
+          });
+          return sendJson(res, result, result.ok ? 200 : 400);
+        } catch (err) {
+          return sendJson(res, { ok: false, error: err instanceof Error ? err.message : "bad request" }, 400);
+        }
+      }
+    }
+    if (url.pathname === "/") {
+      return sendHtml(res, pickerPage());
+    }
+    if (url.pathname.startsWith("/session/")) {
+      const name = decodeURIComponent(url.pathname.slice("/session/".length));
+      const session = get(name);
+      if (!session) return sendText(res, "session not found", 404);
+      if (!hasSession(name)) {
+        return sendHtml(res, deadSessionPage(viewOf(session, false)));
+      }
+      return sendHtml(res, sessionPage(name));
+    }
+    return sendText(res, "not found", 404);
+  });
+  const wss = new WebSocketServer({ noServer: true });
+  http.on("upgrade", (req, socket, head) => {
+    const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
+    if (!url.pathname.startsWith("/ws/")) {
+      socket.destroy();
+      return;
+    }
+    if (!isWsAuthorized(req, url.searchParams)) {
+      socket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
+      socket.destroy();
+      return;
+    }
+    const name = decodeURIComponent(url.pathname.slice("/ws/".length));
+    if (!get(name)) {
+      socket.write("HTTP/1.1 404 Not Found\r\n\r\n");
+      socket.destroy();
+      return;
+    }
+    if (!hasSession(name)) {
+      socket.write("HTTP/1.1 409 Conflict\r\n\r\n");
+      socket.destroy();
+      return;
+    }
+    wss.handleUpgrade(req, socket, head, (ws) => attachSession(ws, name));
+  });
+  http.listen(opts.port, opts.host);
+  return {
+    port: opts.port,
+    stop: () => new Promise((resolve4) => {
+      wss.close(() => http.close(() => resolve4()));
+    })
+  };
+}
+function attachSession(ws, sessionName) {
+  const env = {};
+  for (const [k, v] of Object.entries(process.env)) {
+    if (v === void 0) continue;
+    if (k === "TMUX" || k === "TMUX_PANE") continue;
+    env[k] = v;
+  }
+  env.TERM = "xterm-256color";
+  let term = null;
+  try {
+    term = pty.spawn("tmux", ["attach", "-t", sessionName], {
+      name: "xterm-256color",
+      cols: 80,
+      rows: 24,
+      cwd: process.env.HOME ?? process.cwd(),
+      env
+    });
+  } catch (err) {
+    ws.close(4040, `spawn failed: ${err instanceof Error ? err.message : String(err)}`);
+    return;
+  }
+  term.onData((d) => {
+    try {
+      ws.send(d);
+    } catch {
+      term?.kill();
+    }
+  });
+  term.onExit(({ exitCode, signal }) => {
+    try {
+      ws.close(4040, `pty exited code=${exitCode} signal=${signal ?? "none"}`);
+    } catch {
+    }
+  });
+  ws.on("message", (raw, isBinary) => {
+    if (!term) return;
+    const text = typeof raw === "string" ? raw : Buffer.isBuffer(raw) ? raw.toString("utf8") : Buffer.from(raw).toString("utf8");
+    if (!isBinary && text.startsWith("{")) {
+      try {
+        const parsed = JSON.parse(text);
+        if (parsed.type === "resize" && typeof parsed.cols === "number" && typeof parsed.rows === "number") {
+          term.resize(parsed.cols, parsed.rows);
+          return;
+        }
+      } catch {
+      }
+    }
+    term.write(text);
+  });
+  ws.on("close", () => {
+    term?.kill();
+    term = null;
+  });
+}
+function printBanner(port) {
+  console.log(`llmuxd v${DAEMON_VERSION}
+`);
+  const addrs = getAddresses(port);
+  const width = Math.max(10, ...addrs.map((a) => a.label.length + 2));
+  for (const addr of addrs) {
+    console.log(`  \u25B8 ${addr.label.padEnd(width)}${addr.url}`);
+  }
+  if (authEnabled()) {
+    const count = listAuthTokens().length;
+    console.log(`
+  \u2713 auth required \u2014 ${count} active token${count === 1 ? "" : "s"} (localhost bypasses)
+`);
+  } else {
+    console.log(`
+  \u26A0 running without auth \u2014 anyone on the network can attach.`);
+    console.log(`    create a token with \`llmuxd token create\` to enable auth.
+`);
+  }
+}
 
-// src/client.ts
-function notImplemented(command) {
-  console.error(`llmux ${command}: not yet implemented (scaffold)`);
-  process.exit(70);
+// src/daemon/handlers.ts
+function expandAgentList(spec) {
+  if (spec === "all") return Object.values(DEFAULT_AGENTS).filter(isAgentInstalled);
+  const keys = spec.split(",").map((k) => k.trim()).filter(Boolean);
+  const out = [];
+  for (const k of keys) {
+    const def = DEFAULT_AGENTS[k];
+    if (!def) throw new Error(`unknown agent "${k}". Known: ${Object.keys(DEFAULT_AGENTS).join(", ")}`);
+    if (!isAgentInstalled(def)) throw new Error(`agent "${k}" is not installed (looked for: ${def.cmd})`);
+    out.push(def);
+  }
+  return out;
+}
+function buildCommand(agent) {
+  return agent.flags ? `${agent.cmd} ${agent.flags}` : agent.cmd;
+}
+function resolveCwd(input) {
+  if (!input) return process.cwd();
+  const out = resolve2(input);
+  if (!existsSync5(out)) throw new Error(`cwd does not exist: ${out}`);
+  return out;
+}
+function resolveTarget(target) {
+  const direct = get(target);
+  if (direct) return { session: direct };
+  const byAgent = list().filter((s) => s.agent === target);
+  if (byAgent.length === 0) {
+    throw new Error(`no session matches "${target}" (not a session name; no agent of that type running)`);
+  }
+  if (byAgent.length > 1) {
+    const names = byAgent.map((s) => s.name).join(", ");
+    throw new Error(`"${target}" is ambiguous \u2014 ${byAgent.length} ${target} sessions: ${names}`);
+  }
+  return { session: byAgent[0] };
+}
+function handleSpawn(args) {
+  requireTmux();
+  const spec = args.positional[0];
+  if (!spec) throw new Error("spawn requires an agent (or `all`)");
+  const name = args.flags.name;
+  const prefix = args.flags.prefix;
+  const cwd = resolveCwd(args.flags.cwd);
+  if (name && prefix) throw new Error("--name and --prefix are mutually exclusive");
+  const agents2 = expandAgentList(spec);
+  if (name && agents2.length > 1) {
+    throw new Error("--name is only valid with a single agent");
+  }
+  const parent = process.env.LLMUX_SESSION ?? null;
+  const created = [];
+  for (const agent of agents2) {
+    const sessionName = name ?? (prefix ? `${prefix}${agent.key}` : agent.key);
+    if (get(sessionName) || hasSession(sessionName)) {
+      throw new Error(`session "${sessionName}" already exists`);
+    }
+    newSession({
+      name: sessionName,
+      command: buildCommand(agent),
+      cwd,
+      env: { LLMUX_SESSION: sessionName, LLMUX_AGENT: agent.key }
+    });
+    record({
+      name: sessionName,
+      agent: agent.key,
+      cwd,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+      parent,
+      restart: "on-failure"
+    });
+    created.push(sessionName);
+    console.log(`spawned ${sessionName} (agent: ${agent.key}, cwd: ${cwd})`);
+  }
+  if (created.length === 0) {
+    console.log("no sessions spawned");
+  }
+}
+function handleStatus(args) {
+  const tracked = list();
+  const live = new Set(listSessions().map((s) => s.name));
+  if (args.flags.json) {
+    const out = tracked.map((s) => ({
+      ...s,
+      state: live.has(s.name) ? "running" : "exited"
+    }));
+    console.log(JSON.stringify(out, null, 2));
+    return;
+  }
+  if (tracked.length === 0) {
+    console.log("no llmuxd sessions");
+    return;
+  }
+  const rows = tracked.map((s) => [
+    s.name,
+    s.agent,
+    live.has(s.name) ? "running" : "exited",
+    s.parent ?? "-",
+    s.cwd
+  ]);
+  const headers = ["NAME", "AGENT", "STATE", "PARENT", "CWD"];
+  const widths = headers.map((h, i) => Math.max(h.length, ...rows.map((r) => r[i].length)));
+  const fmt = (cols) => cols.map((c, i) => c.padEnd(widths[i])).join("  ");
+  console.log(fmt(headers));
+  for (const r of rows) console.log(fmt(r));
+}
+function handleSend(args) {
+  requireTmux();
+  const [target, ...promptParts] = args.positional;
+  if (!target || promptParts.length === 0) {
+    throw new Error('send requires <session> and "<prompt>"');
+  }
+  const prompt = promptParts.join(" ");
+  const { session } = resolveTarget(target);
+  if (!hasSession(session.name)) {
+    throw new Error(`session "${session.name}" is in state but not live in tmux (exited?). Try \`llmuxd respawn ${session.name}\`.`);
+  }
+  sendKeys(session.name, prompt, { enter: true });
+  console.log(`sent ${prompt.length} bytes \u2192 ${session.name}`);
+}
+function handleBroadcast(args) {
+  requireTmux();
+  const [agentKey, ...promptParts] = args.positional;
+  if (!agentKey || promptParts.length === 0) {
+    throw new Error('broadcast requires <agent> and "<prompt>"');
+  }
+  if (!DEFAULT_AGENTS[agentKey]) {
+    throw new Error(`unknown agent "${agentKey}". Known: ${Object.keys(DEFAULT_AGENTS).join(", ")}`);
+  }
+  const prompt = promptParts.join(" ");
+  const sessions = list().filter((s) => s.agent === agentKey);
+  if (sessions.length === 0) {
+    console.log(`no ${agentKey} sessions running`);
+    return;
+  }
+  let n = 0;
+  for (const s of sessions) {
+    if (!hasSession(s.name)) continue;
+    sendKeys(s.name, prompt, { enter: true });
+    console.log(`sent \u2192 ${s.name}`);
+    n++;
+  }
+  console.log(`broadcast to ${n}/${sessions.length} ${agentKey} sessions`);
+}
+function handleChat(args) {
+  requireTmux();
+  const target = args.positional[0];
+  if (!target) throw new Error("chat requires <session>");
+  if (args.flags.browser) {
+    throw new Error("--browser requires `llmuxd serve` (Phase 4). Use `llmuxd chat` without --browser for now.");
+  }
+  const { session } = resolveTarget(target);
+  if (!hasSession(session.name)) {
+    throw new Error(`session "${session.name}" is not live in tmux`);
+  }
+  attachOrSwitch(session.name);
+}
+async function handleServe(args) {
+  requireTmux();
+  const portRaw = args.flags.port ?? process.env.LLMUXD_PORT ?? "3000";
+  const port = Number(portRaw);
+  if (!Number.isFinite(port) || port <= 0 || port > 65535) {
+    throw new Error(`invalid port: ${portRaw}`);
+  }
+  const host = process.env.LLMUXD_HOST ?? "0.0.0.0";
+  const handle = startServer({ port, host });
+  printBanner(handle.port);
+  const shutdown = async (sig) => {
+    console.log(`
+${sig} received \u2014 shutting down`);
+    await handle.stop();
+    process.exit(0);
+  };
+  process.on("SIGINT", () => void shutdown("SIGINT"));
+  process.on("SIGTERM", () => void shutdown("SIGTERM"));
+  await new Promise(() => {
+  });
+}
+function endpointPort() {
+  return Number(process.env.LLMUX_PORT) || 3030;
+}
+function selectorOf(label) {
+  return label.toLowerCase().replace(/\s+/g, "-");
+}
+function resolveQrEndpoint(selector, port) {
+  const addrs = getAddresses(port);
+  const wanted = selector.toLowerCase().trim();
+  const matches = addrs.filter((a) => selectorOf(a.label) === wanted);
+  if (matches.length === 0) {
+    const available = Array.from(new Set(addrs.map((a) => selectorOf(a.label)))).join(", ");
+    throw new Error(`unknown --qr-endpoint "${selector}". Available: ${available}`);
+  }
+  if (matches.length > 1) {
+    throw new Error(
+      `--qr-endpoint "${selector}" is ambiguous (${matches.length} matches). Use \`llmuxd token create --qr\` without an endpoint to pick interactively.`
+    );
+  }
+  return matches[0];
+}
+async function pickEndpointInteractively(port) {
+  const addrs = getAddresses(port);
+  if (addrs.length === 0) throw new Error("no reachable endpoints found");
+  console.log("");
+  console.log("Pick an endpoint for the QR code:");
+  for (let i = 0; i < addrs.length; i++) {
+    console.log(`  ${i + 1}) ${addrs[i].label.padEnd(18)} ${addrs[i].url}`);
+  }
+  if (!process.stdin.isTTY) {
+    throw new Error("--qr without --qr-endpoint requires an interactive terminal");
+  }
+  const rl = createInterface({ input: process.stdin, output: process.stdout });
+  const answer = await new Promise((resolve4) => rl.question("  > ", (a) => resolve4(a)));
+  rl.close();
+  const idx = Number(answer.trim()) - 1;
+  if (!Number.isInteger(idx) || idx < 0 || idx >= addrs.length) {
+    throw new Error(`invalid selection "${answer}"`);
+  }
+  return addrs[idx];
+}
+function printQr(url, token, label) {
+  const deepLink = `${url.replace(/\/$/, "")}/?token=${encodeURIComponent(token)}`;
+  console.log("");
+  console.log(`QR for ${label}:`);
+  console.log("");
+  qrcodeTerminal.generate(deepLink, { small: true });
+  console.log(`  ${deepLink}`);
+}
+async function handleTokenCreate(args) {
+  const name = args.flags.name;
+  const expiry = args.flags.expiry;
+  const qrFlag = Boolean(args.flags.qr);
+  const qrEndpoint = args.flags["qr-endpoint"];
+  if (expiry && isNaN(new Date(expiry).getTime())) {
+    throw new Error(`--expiry must be an ISO-8601 timestamp (got "${expiry}")`);
+  }
+  const wantsQr = qrFlag || qrEndpoint !== void 0;
+  let endpoint;
+  if (wantsQr) {
+    const port = endpointPort();
+    endpoint = qrEndpoint ? resolveQrEndpoint(qrEndpoint, port) : await pickEndpointInteractively(port);
+  }
+  const wasEnabled = authEnabled();
+  const rec = createAuthToken({
+    ...name !== void 0 ? { name } : {},
+    ...expiry !== void 0 ? { expiresAt: expiry } : {}
+  });
+  console.log(`token created (id: ${rec.id})${rec.name ? ` "${rec.name}"` : ""}`);
+  console.log("");
+  console.log(`  ${rec.token}`);
+  console.log("");
+  console.log("Save this token now \u2014 it is shown once. Use in the LLMUX_TOKEN env var, the");
+  console.log("`Authorization: Bearer <token>` header, or paste it into the web gate page.");
+  if (!wasEnabled) {
+    console.log("");
+    console.log("Auth is now enabled. All non-localhost requests require this (or another) token.");
+  }
+  if (endpoint) {
+    printQr(endpoint.url, rec.token, endpoint.label);
+  }
+}
+function handleTokenShow(args) {
+  const tokens = listAuthTokens();
+  if (args.flags.json) {
+    const out = tokens.map((t) => ({ id: t.id, name: t.name, createdAt: t.createdAt, expiresAt: t.expiresAt }));
+    console.log(JSON.stringify(out, null, 2));
+    return;
+  }
+  if (tokens.length === 0) {
+    console.log("no tokens \u2014 auth is disabled. Create one with `llmuxd token create`.");
+    return;
+  }
+  const headers = ["ID", "NAME", "CREATED", "EXPIRES"];
+  const rows = tokens.map((t) => [t.id, t.name ?? "-", t.createdAt, t.expiresAt ?? "-"]);
+  const widths = headers.map((h, i) => Math.max(h.length, ...rows.map((r) => r[i].length)));
+  console.log(headers.map((h, i) => h.padEnd(widths[i])).join("  "));
+  for (const r of rows) console.log(r.map((c, i) => c.padEnd(widths[i])).join("  "));
+}
+function handleTokenRevoke(args) {
+  const idPrefix = args.positional[0] === "revoke" ? args.positional[1] : args.positional[0];
+  if (!idPrefix) throw new Error("token revoke requires an <id> (the 8-char prefix shown by `token show`)");
+  const ok = revokeAuthToken(idPrefix);
+  if (!ok) throw new Error(`no token with id "${idPrefix}"`);
+  console.log(`revoked ${idPrefix}`);
+  if (!authEnabled()) {
+    console.log("No tokens remain \u2014 auth is now disabled.");
+  }
+}
+function handleRespawn(args) {
+  requireTmux();
+  const target = args.positional[0];
+  if (!target) throw new Error("respawn requires <session>");
+  const session = get(target);
+  if (!session) throw new Error(`no tracked session "${target}"`);
+  const agent = DEFAULT_AGENTS[session.agent];
+  if (!agent) throw new Error(`unknown agent "${session.agent}" \u2014 cannot respawn`);
+  if (!isAgentInstalled(agent)) {
+    throw new Error(`agent "${session.agent}" is not installed (looked for: ${agent.cmd})`);
+  }
+  if (hasSession(target)) {
+    killSession(target);
+  }
+  newSession({
+    name: session.name,
+    command: buildCommand(agent),
+    cwd: session.cwd,
+    env: { LLMUX_SESSION: session.name, LLMUX_AGENT: session.agent }
+  });
+  record({ ...session, createdAt: (/* @__PURE__ */ new Date()).toISOString() });
+  console.log(`respawned ${target} (agent: ${session.agent}, cwd: ${session.cwd})`);
+}
+function handleKill(args) {
+  requireTmux();
+  const target = args.positional[0];
+  if (!target) throw new Error("kill requires <session> or `all`");
+  const cascade = Boolean(args.flags.cascade);
+  if (target === "all") {
+    const all = list();
+    for (const s of all) {
+      killSession(s.name);
+      forget(s.name);
+      console.log(`killed ${s.name}`);
+    }
+    if (all.length === 0) console.log("no sessions to kill");
+    return;
+  }
+  const session = get(target);
+  if (!session) throw new Error(`no tracked session "${target}"`);
+  if (cascade) {
+    const queue = [target];
+    const killed = /* @__PURE__ */ new Set();
+    while (queue.length) {
+      const name = queue.shift();
+      if (killed.has(name)) continue;
+      for (const child of children(name)) queue.push(child.name);
+      killSession(name);
+      forget(name);
+      killed.add(name);
+      console.log(`killed ${name}`);
+    }
+    return;
+  }
+  killSession(target);
+  forget(target);
+  console.log(`killed ${target}`);
 }
+
+// src/client/client.ts
+import { createConnection } from "net";
+import { Buffer as Buffer2 } from "buffer";
+import { createHash, randomBytes as randomBytes2 } from "crypto";
 function help(name, summary, usage) {
-  return () => [`llmux ${name} \u2014 ${summary}`, "", "Usage:", `  ${usage}`, ""].join("\n");
+  return () => [
+    `llmux ${name} \u2014 ${summary}`,
+    "",
+    "Usage:",
+    `  ${usage}`,
+    "",
+    "Environment:",
+    "  LLMUX_SERVER  base URL of the llmuxd daemon (e.g. http://localhost:3030)",
+    "  LLMUX_TOKEN   auth token (sas_\u2026); not required for localhost",
+    ""
+  ].join("\n");
 }
-var send = {
-  summary: "Send a prompt to a session (fire-and-forget)",
-  usage: 'llmux send <session> "<prompt>"',
-  help: help("send", "Send a prompt to a session (fire-and-forget)", 'llmux send <session> "<prompt>"'),
+function resolveContext() {
+  const baseUrl = process.env.LLMUX_SERVER;
+  if (!baseUrl) {
+    throw new Error("LLMUX_SERVER is not set. Point it at your llmuxd (e.g. http://localhost:3030).");
+  }
+  return { baseUrl: baseUrl.replace(/\/$/, ""), token: process.env.LLMUX_TOKEN };
+}
+async function request(ctx, method, path, body) {
+  const url = ctx.baseUrl + path;
+  const headers = { accept: "application/json" };
+  if (body !== void 0) headers["content-type"] = "application/json";
+  if (ctx.token) headers["authorization"] = `Bearer ${ctx.token}`;
+  const init = { method, headers };
+  if (body !== void 0) init.body = JSON.stringify(body);
+  let r;
+  try {
+    r = await fetch(url, init);
+  } catch (err) {
+    throw new Error(`network error reaching ${url}: ${err instanceof Error ? err.message : String(err)}`);
+  }
+  if (r.status === 401) {
+    throw new Error(
+      "unauthorized \u2014 set LLMUX_TOKEN (use `llmuxd token create` on the daemon host to mint one)"
+    );
+  }
+  if (r.status === 404) {
+    throw new Error("not found \u2014 check the session name (try `llmux ls`)");
+  }
+  const text = await r.text();
+  let parsed = void 0;
+  if (text.length > 0) {
+    try {
+      parsed = JSON.parse(text);
+    } catch {
+      throw new Error(`unexpected non-JSON response (${r.status}): ${text.slice(0, 200)}`);
+    }
+  }
+  if (!r.ok) {
+    const msg = parsed?.error ?? `http ${r.status}`;
+    throw new Error(msg);
+  }
+  return parsed;
+}
+function parseArgs2(argv) {
+  const positional = [];
+  const flags = {};
+  for (let i = 0; i < argv.length; i++) {
+    const token = argv[i];
+    if (token === "--") {
+      positional.push(...argv.slice(i + 1));
+      break;
+    }
+    if (token.startsWith("--")) {
+      const body = token.slice(2);
+      const eq = body.indexOf("=");
+      if (eq >= 0) {
+        flags[body.slice(0, eq)] = body.slice(eq + 1);
+        continue;
+      }
+      const next = argv[i + 1];
+      if (next === void 0 || next.startsWith("-")) {
+        flags[body] = true;
+      } else {
+        flags[body] = next;
+        i++;
+      }
+      continue;
+    }
+    positional.push(token);
+  }
+  return { positional, flags };
+}
+function flag(args, name) {
+  const v = args.flags[name];
+  return typeof v === "string" ? v : void 0;
+}
+function boolFlag(args, name) {
+  return args.flags[name] === true || args.flags[name] === "true";
+}
+function maybeJson(args, data, fallback) {
+  if (boolFlag(args, "json")) {
+    console.log(JSON.stringify(data, null, 2));
+  } else {
+    fallback();
+  }
+}
+function relTime(iso) {
+  const ms = Date.now() - new Date(iso).getTime();
+  if (isNaN(ms) || ms < 0) return iso;
+  if (ms < 6e4) return "just now";
+  const m = Math.floor(ms / 6e4);
+  if (m < 60) return `${m}m ago`;
+  const h = Math.floor(m / 60);
+  if (h < 24) return `${h}h ago`;
+  return `${Math.floor(h / 24)}d ago`;
+}
+function table(headers, rows) {
+  const widths = headers.map((h, i) => Math.max(h.length, ...rows.map((r) => (r[i] ?? "").length)));
+  const lines = [headers.map((h, i) => h.padEnd(widths[i])).join("  ")];
+  for (const r of rows) lines.push(r.map((c, i) => (c ?? "").padEnd(widths[i])).join("  "));
+  return lines.join("\n");
+}
+function openWs(opts) {
+  const u = new URL(opts.url);
+  if (opts.token && !u.searchParams.has("token")) u.searchParams.set("token", opts.token);
+  const isSecure = u.protocol === "wss:";
+  if (isSecure) throw new Error("wss:// not supported by the built-in client yet \u2014 use ws:// (tailscale serve terminates TLS for browsers)");
+  const port = u.port ? Number(u.port) : 80;
+  const host = u.hostname;
+  const path = u.pathname + u.search;
+  const key = randomBytes2(16).toString("base64");
+  const expectedAccept = createHash("sha1").update(key + "258EAFA5-E914-47DA-95CA-C5AB0DC85B11").digest("base64");
+  const socket = createConnection({ host, port });
+  let handshakeDone = false;
+  let recvBuf = Buffer2.alloc(0);
+  socket.on("connect", () => {
+    const lines = [
+      `GET ${path} HTTP/1.1`,
+      `Host: ${u.host}`,
+      `Upgrade: websocket`,
+      `Connection: Upgrade`,
+      `Sec-WebSocket-Key: ${key}`,
+      `Sec-WebSocket-Version: 13`,
+      ``,
+      ``
+    ];
+    socket.write(lines.join("\r\n"));
+  });
+  function parseHandshake(buf) {
+    const headerEnd = buf.indexOf("\r\n\r\n");
+    if (headerEnd < 0) return { ok: false, offset: 0 };
+    const head = buf.slice(0, headerEnd).toString("utf8");
+    const lines = head.split("\r\n");
+    const statusLine = lines[0] ?? "";
+    const m = statusLine.match(/^HTTP\/1\.[01] (\d+) /);
+    if (!m || m[1] !== "101") {
+      return { ok: false, offset: 0, err: `expected 101 Switching Protocols, got: ${statusLine}` };
+    }
+    let acceptOk = false;
+    for (const ln of lines.slice(1)) {
+      const idx = ln.indexOf(":");
+      if (idx < 0) continue;
+      const k = ln.slice(0, idx).trim().toLowerCase();
+      const v = ln.slice(idx + 1).trim();
+      if (k === "sec-websocket-accept" && v === expectedAccept) acceptOk = true;
+    }
+    if (!acceptOk) return { ok: false, offset: 0, err: "Sec-WebSocket-Accept mismatch" };
+    return { ok: true, offset: headerEnd + 4 };
+  }
+  function parseFrame(buf) {
+    if (buf.length < 2) return { frame: null, rest: buf };
+    const b0 = buf[0];
+    const b1 = buf[1];
+    const opcode = b0 & 15;
+    const masked = (b1 & 128) !== 0;
+    let len = b1 & 127;
+    let offset = 2;
+    if (len === 126) {
+      if (buf.length < offset + 2) return { frame: null, rest: buf };
+      len = buf.readUInt16BE(offset);
+      offset += 2;
+    } else if (len === 127) {
+      if (buf.length < offset + 8) return { frame: null, rest: buf };
+      const big = buf.readBigUInt64BE(offset);
+      len = Number(big);
+      offset += 8;
+    }
+    let maskKey = null;
+    if (masked) {
+      if (buf.length < offset + 4) return { frame: null, rest: buf };
+      maskKey = buf.slice(offset, offset + 4);
+      offset += 4;
+    }
+    if (buf.length < offset + len) return { frame: null, rest: buf };
+    const payload = buf.slice(offset, offset + len);
+    if (maskKey) {
+      for (let i = 0; i < payload.length; i++) payload[i] ^= maskKey[i % 4];
+    }
+    return { frame: { opcode, payload }, rest: buf.slice(offset + len) };
+  }
+  socket.on("data", (chunk) => {
+    recvBuf = Buffer2.concat([recvBuf, chunk]);
+    if (!handshakeDone) {
+      const r = parseHandshake(recvBuf);
+      if (r.err) {
+        opts.onError(new Error(r.err));
+        socket.destroy();
+        return;
+      }
+      if (!r.ok) return;
+      handshakeDone = true;
+      recvBuf = recvBuf.slice(r.offset);
+    }
+    while (recvBuf.length >= 2) {
+      const { frame, rest } = parseFrame(recvBuf);
+      if (!frame) break;
+      recvBuf = rest;
+      if (frame.opcode === 1) opts.onMessage(frame.payload.toString("utf8"));
+      else if (frame.opcode === 2) opts.onMessage(frame.payload);
+      else if (frame.opcode === 8) {
+        const code = frame.payload.length >= 2 ? frame.payload.readUInt16BE(0) : 1e3;
+        const reason = frame.payload.length > 2 ? frame.payload.slice(2).toString("utf8") : "";
+        opts.onClose(code, reason);
+        socket.end();
+        return;
+      } else if (frame.opcode === 9) {
+        sendFrame(10, frame.payload);
+      }
+    }
+  });
+  socket.on("error", (err) => opts.onError(err));
+  socket.on("close", () => opts.onClose(1006, "socket closed"));
+  function sendFrame(opcode, payload) {
+    const mask = randomBytes2(4);
+    const len = payload.length;
+    let header;
+    if (len < 126) {
+      header = Buffer2.alloc(2 + 4);
+      header[0] = 128 | opcode;
+      header[1] = 128 | len;
+      mask.copy(header, 2);
+    } else if (len < 65536) {
+      header = Buffer2.alloc(2 + 2 + 4);
+      header[0] = 128 | opcode;
+      header[1] = 128 | 126;
+      header.writeUInt16BE(len, 2);
+      mask.copy(header, 4);
+    } else {
+      header = Buffer2.alloc(2 + 8 + 4);
+      header[0] = 128 | opcode;
+      header[1] = 128 | 127;
+      header.writeBigUInt64BE(BigInt(len), 2);
+      mask.copy(header, 10);
+    }
+    const masked = Buffer2.allocUnsafe(payload.length);
+    for (let i = 0; i < payload.length; i++) masked[i] = payload[i] ^ mask[i % 4];
+    const out = Buffer2.allocUnsafe(header.length + masked.length);
+    header.copy(out, 0);
+    masked.copy(out, header.length);
+    socket.write(out);
+  }
+  return {
+    send(data) {
+      if (!handshakeDone) return;
+      const buf = typeof data === "string" ? Buffer2.from(data, "utf8") : data;
+      sendFrame(typeof data === "string" ? 1 : 2, buf);
+    },
+    close() {
+      try {
+        sendFrame(8, Buffer2.alloc(0));
+      } catch {
+      }
+      socket.end();
+    }
+  };
+}
+function pushIf(o, k, v) {
+  if (v !== void 0 && v !== null && v !== "") o[k] = v;
+  return o;
+}
+var ls = {
+  summary: "List sessions on the daemon",
+  usage: "llmux ls [--json]",
+  help: help("ls", "List sessions on the daemon", "llmux ls [--json]"),
   run: async (argv) => {
-    if (argv.length < 2) throw new Error('send requires <session> and "<prompt>"');
-    notImplemented("send");
+    const args = parseArgs2(argv);
+    const ctx = resolveContext();
+    const sessions = await request(ctx, "GET", "/api/sessions");
+    maybeJson(args, sessions, () => {
+      if (sessions.length === 0) {
+        console.log("no sessions");
+        return;
+      }
+      const rows = sessions.map((s) => [
+        s.name,
+        s.agent,
+        s.status,
+        relTime(s.createdAt),
+        s.cwdDisplay,
+        s.resumeFrom ? `\u21BB ${s.resumeFrom.slice(0, 8)}\u2026` : ""
+      ]);
+      console.log(table(["NAME", "AGENT", "STATE", "STARTED", "CWD", "RESUMED"], rows));
+    });
   }
 };
-var broadcast = {
-  summary: "Send a prompt to ALL sessions of an agent type",
-  usage: 'llmux broadcast <agent> "<prompt>"',
-  help: help("broadcast", "Send a prompt to ALL sessions of an agent type", 'llmux broadcast <agent> "<prompt>"'),
+var sendCmd = {
+  summary: "Send a prompt to a session (fire-and-forget)",
+  usage: 'llmux send <session> "<prompt>" [--no-enter]',
+  help: help("send", "Send a prompt to a session (fire-and-forget)", 'llmux send <session> "<prompt>" [--no-enter]'),
   run: async (argv) => {
-    if (argv.length < 2) throw new Error('broadcast requires <agent> and "<prompt>"');
-    notImplemented("broadcast");
+    const args = parseArgs2(argv);
+    const ctx = resolveContext();
+    const session = args.positional[0];
+    const prompt = args.positional[1];
+    if (!session || !prompt) throw new Error('send requires <session> and "<prompt>"');
+    const enter = !boolFlag(args, "no-enter");
+    await request(ctx, "POST", `/api/sessions/${encodeURIComponent(session)}/send`, { prompt, enter });
+    if (!boolFlag(args, "json")) console.log(`sent to ${session}`);
+    else console.log(JSON.stringify({ ok: true }));
   }
 };
-var spawn = {
-  summary: "Spawn one or more agent sessions (proxies to llmuxd spawn)",
-  usage: "llmux spawn <agent|list|all> [--name <n>] [--prefix <p>] [--cwd <path>]",
-  help: help(
-    "spawn",
-    "Spawn one or more agent sessions",
-    "llmux spawn <agent|list|all> [--name <n>] [--prefix <p>] [--cwd <path>]"
-  ),
+var spawn2 = {
+  summary: "Spawn a new session on the daemon",
+  usage: 'llmux spawn <agent> [--name <n>] [--cwd <path>] [--flags "<f>"] [--env "K=V" ...]',
+  help: help("spawn", "Spawn a new session on the daemon", 'llmux spawn <agent> [--name <n>] [--cwd <path>] [--flags "<f>"] [--env "K=V" ...]'),
   run: async (argv) => {
-    if (argv.length < 1) throw new Error("spawn requires an agent (or `all`)");
-    notImplemented("spawn");
+    const args = parseArgs2(argv);
+    const ctx = resolveContext();
+    const agent = args.positional[0];
+    if (!agent) throw new Error("spawn requires an <agent>");
+    const env = flag(args, "env");
+    const body = { agent };
+    pushIf(body, "name", flag(args, "name"));
+    pushIf(body, "cwd", flag(args, "cwd"));
+    pushIf(body, "flags", flag(args, "flags"));
+    pushIf(body, "env", env);
+    const r = await request(ctx, "POST", "/api/sessions", body);
+    maybeJson(args, r.session, () => console.log(`spawned ${r.session.name} (agent: ${r.session.agent})`));
   }
 };
 var kill = {
-  summary: "Terminate a session or all sessions",
-  usage: "llmux kill <session|all>",
-  help: help("kill", "Terminate a session or all sessions", "llmux kill <session|all>"),
+  summary: "Kill a session",
+  usage: "llmux kill <session>",
+  help: help("kill", "Kill a session", "llmux kill <session>"),
   run: async (argv) => {
-    if (argv.length < 1) throw new Error("kill requires <session> or `all`");
-    notImplemented("kill");
+    const args = parseArgs2(argv);
+    const ctx = resolveContext();
+    const session = args.positional[0];
+    if (!session) throw new Error("kill requires <session>");
+    await request(ctx, "POST", `/api/sessions/${encodeURIComponent(session)}/kill`);
+    if (!boolFlag(args, "json")) console.log(`killed ${session}`);
+    else console.log(JSON.stringify({ ok: true }));
   }
 };
-var status = {
-  summary: "List all running sessions",
-  usage: "llmux status [--json]",
-  help: help("status", "List all running sessions", "llmux status [--json]"),
-  run: async () => {
-    notImplemented("status");
+var restart = {
+  summary: "Restart a session (kill + respawn with persisted config)",
+  usage: "llmux restart <session>",
+  help: help("restart", "Restart a session", "llmux restart <session>"),
+  run: async (argv) => {
+    const args = parseArgs2(argv);
+    const ctx = resolveContext();
+    const session = args.positional[0];
+    if (!session) throw new Error("restart requires <session>");
+    const r = await request(ctx, "POST", `/api/sessions/${encodeURIComponent(session)}/respawn`);
+    maybeJson(args, r.session, () => console.log(`restarted ${r.session.name}`));
+  }
+};
+var resume = {
+  summary: "Resume one of the agent's past conversations on this session",
+  usage: "llmux resume <session> (--conversation <id> | --latest) [--json]",
+  help: help("resume", "Resume a past conversation", "llmux resume <session> (--conversation <id> | --latest)"),
+  run: async (argv) => {
+    const args = parseArgs2(argv);
+    const ctx = resolveContext();
+    const session = args.positional[0];
+    if (!session) throw new Error("resume requires <session>");
+    let conversationId = flag(args, "conversation");
+    if (!conversationId) {
+      if (!boolFlag(args, "latest")) {
+        throw new Error("resume requires --conversation <id> or --latest");
+      }
+      const convs = await request(ctx, "GET", `/api/sessions/${encodeURIComponent(session)}/conversations`);
+      if (convs.length === 0) throw new Error(`no past conversations for ${session}`);
+      conversationId = convs[0].id;
+    }
+    const r = await request(
+      ctx,
+      "POST",
+      `/api/sessions/${encodeURIComponent(session)}/resume`,
+      { conversationId }
+    );
+    maybeJson(args, r.session, () => console.log(`${r.session.name} resumed from ${conversationId.slice(0, 8)}\u2026`));
+  }
+};
+var conversations = {
+  summary: "List the agent's past conversations for this session's cwd",
+  usage: "llmux conversations <session> [--json]",
+  help: help("conversations", "List past conversations for this session's agent + cwd", "llmux conversations <session> [--json]"),
+  run: async (argv) => {
+    const args = parseArgs2(argv);
+    const ctx = resolveContext();
+    const session = args.positional[0];
+    if (!session) throw new Error("conversations requires <session>");
+    const convs = await request(ctx, "GET", `/api/sessions/${encodeURIComponent(session)}/conversations`);
+    maybeJson(args, convs, () => {
+      if (convs.length === 0) {
+        console.log("no past conversations");
+        return;
+      }
+      const rows = convs.map((c) => [
+        c.id.slice(0, 8) + "\u2026",
+        relTime(c.lastMessageAt),
+        String(c.messageCount),
+        c.title.slice(0, 80)
+      ]);
+      console.log(table(["ID", "LAST", "MSGS", "TITLE"], rows));
+    });
+  }
+};
+var agents = {
+  summary: "List agents (installed by default; --all for the full catalog)",
+  usage: "llmux agents [--all] [--json]",
+  help: help("agents", "List agents", "llmux agents [--all] [--json]"),
+  run: async (argv) => {
+    const args = parseArgs2(argv);
+    const ctx = resolveContext();
+    const path = boolFlag(args, "all") ? "/api/agents/all" : "/api/agents";
+    const list2 = await request(ctx, "GET", path);
+    maybeJson(args, list2, () => {
+      const rows = list2.map((a) => [
+        a.key,
+        a.displayName,
+        a.cmd,
+        a.flags || "-",
+        "installed" in a ? a.installed ? "yes" : "no" : "yes"
+      ]);
+      console.log(table(["KEY", "NAME", "CMD", "FLAGS", "INSTALLED"], rows));
+    });
   }
 };
-var chat = {
-  summary: "Open the browser web terminal for a session",
-  usage: "llmux chat <session>",
-  help: help("chat", "Open the browser web terminal for a session", "llmux chat <session>"),
+var attach = {
+  summary: "Attach to a session via WebSocket (raw TTY pass-through)",
+  usage: "llmux attach <session>",
+  help: help(
+    "attach",
+    "Attach to a session via WebSocket",
+    "llmux attach <session>\n\nEscape: Ctrl+] to detach.\nResize is auto-detected via SIGWINCH.\n\nNote: only http:// is supported by the built-in WS client.\nFor https:// daemons, set LLMUX_SERVER to the local http:// URL,\nor use the browser web terminal."
+  ),
   run: async (argv) => {
-    if (argv.length < 1) throw new Error("chat requires <session>");
-    notImplemented("chat");
+    const args = parseArgs2(argv);
+    const ctx = resolveContext();
+    const session = args.positional[0];
+    if (!session) throw new Error("attach requires <session>");
+    const baseUrl = new URL(ctx.baseUrl);
+    if (baseUrl.protocol === "https:") {
+      throw new Error("attach via wss:// is not supported by the built-in client; LLMUX_SERVER must be http://");
+    }
+    const wsUrl = (baseUrl.protocol === "https:" ? "wss://" : "ws://") + baseUrl.host + "/ws/" + encodeURIComponent(session);
+    const stdin = process.stdin;
+    const stdout = process.stdout;
+    if (stdin.isTTY) stdin.setRawMode(true);
+    stdin.resume();
+    stdin.setEncoding("utf8");
+    let ws = null;
+    let closed = false;
+    function teardown() {
+      if (closed) return;
+      closed = true;
+      try {
+        if (stdin.isTTY) stdin.setRawMode(false);
+      } catch {
+      }
+      stdin.removeAllListeners("data");
+      process.removeAllListeners("SIGWINCH");
+      ws?.close();
+    }
+    function sendResize() {
+      if (!stdout.isTTY) return;
+      const cols = stdout.columns ?? 80;
+      const rows = stdout.rows ?? 24;
+      ws?.send(JSON.stringify({ type: "resize", cols, rows }));
+    }
+    await new Promise((resolve4, reject) => {
+      ws = openWs({
+        url: wsUrl,
+        ...ctx.token !== void 0 ? { token: ctx.token } : {},
+        onMessage: (data) => {
+          if (typeof data === "string") stdout.write(data);
+          else stdout.write(data);
+        },
+        onClose: (code, reason) => {
+          teardown();
+          if (code === 4040) {
+            stdout.write(`\r
+[session ended: ${reason || "pty exited"}]\r
+`);
+            resolve4();
+          } else if (code === 1e3) {
+            resolve4();
+          } else {
+            reject(new Error(`ws closed: code=${code} reason=${reason}`));
+          }
+        },
+        onError: (err) => {
+          teardown();
+          reject(err);
+        }
+      });
+      stdin.on("data", (chunk) => {
+        if (chunk.includes("")) {
+          teardown();
+          stdout.write("\r\n[detached]\r\n");
+          resolve4();
+          return;
+        }
+        ws?.send(chunk);
+      });
+      setImmediate(sendResize);
+      process.on("SIGWINCH", sendResize);
+    });
   }
 };
+var status = {
+  ...ls,
+  summary: "List sessions on the daemon (alias of `ls`)"
+};
 var clientCommands = {
-  send,
-  broadcast,
-  spawn,
-  kill,
+  ls,
   status,
-  chat
+  send: sendCmd,
+  spawn: spawn2,
+  kill,
+  restart,
+  resume,
+  conversations,
+  agents,
+  attach
 };
 
 // src/index.ts
 function readVersion() {
   try {
-    const here = dirname(fileURLToPath(import.meta.url));
-    for (const candidate of [resolve(here, "../package.json"), resolve(here, "../../package.json")]) {
+    const here = dirname4(fileURLToPath2(import.meta.url));
+    for (const candidate of [resolve3(here, "../package.json"), resolve3(here, "../../package.json")]) {
       try {
-        const pkg = JSON.parse(readFileSync(candidate, "utf8"));
+        const pkg = JSON.parse(readFileSync5(candidate, "utf8"));
         if (pkg.name === "@cordfuse/llmux" && typeof pkg.version === "string") return pkg.version;
       } catch {
       }
@@ -95,55 +3453,349 @@ function readVersion() {
   return "unknown";
 }
 var VERSION = readVersion();
+function stripGlobals(argv) {
+  const env = {};
+  const rest = [];
+  let help2 = false;
+  let version = false;
+  if (process.env.LLMUX_SERVER) env.server = process.env.LLMUX_SERVER;
+  if (process.env.LLMUX_TOKEN) env.token = process.env.LLMUX_TOKEN;
+  for (let i = 0; i < argv.length; i++) {
+    const t = argv[i];
+    if (t === "--server") {
+      const next = argv[i + 1];
+      if (next === void 0 || next.startsWith("-")) throw new Error("--server requires a URL");
+      env.server = next;
+      i++;
+      continue;
+    }
+    if (t.startsWith("--server=")) {
+      env.server = t.slice("--server=".length);
+      continue;
+    }
+    if (t === "--token") {
+      const next = argv[i + 1];
+      if (next === void 0 || next.startsWith("-")) throw new Error("--token requires a value");
+      env.token = next;
+      i++;
+      continue;
+    }
+    if (t.startsWith("--token=")) {
+      env.token = t.slice("--token=".length);
+      continue;
+    }
+    if (t === "--help" || t === "-h") {
+      help2 = true;
+      continue;
+    }
+    if (t === "--version" || t === "-v") {
+      version = true;
+      continue;
+    }
+    rest.push(t);
+  }
+  return { rest, env, help: help2, version };
+}
 function printRootHelp() {
-  const lines = [];
-  lines.push("llmux \u2014 HTTP client for llmuxd");
-  lines.push("");
-  lines.push(`Version: ${VERSION}`);
-  lines.push("");
-  lines.push("Usage:");
-  lines.push("  llmux <command> [options]");
-  lines.push("");
-  lines.push("Commands:");
-  const width = Math.max(...Object.keys(clientCommands).map((k) => k.length));
-  for (const [name, cmd] of Object.entries(clientCommands)) {
-    lines.push(`  ${name.padEnd(width + 2)}${cmd.summary}`);
-  }
-  lines.push("");
-  lines.push("Environment:");
-  lines.push("  LLMUX_SERVER     Base URL of llmuxd (e.g. http://host:3000)");
-  lines.push("  LLMUX_TOKEN      SAS token for authenticated requests");
-  lines.push("");
-  lines.push("Run `llmux <command> --help` for command-specific options.");
-  console.log(lines.join("\n"));
+  console.log(
+    `llmux v${VERSION} \u2014 tmux-based AI agent dispatcher (daemon + client in one binary)
+
+Usage:
+  llmux <noun> <verb> [args] [--server <url>] [--token <sas>]
+
+Session verbs (local by default; pass --server <url> to target a remote daemon):
+  session list                                  list tracked sessions
+  session start <agent> [--name N] [--cwd P]    spawn a new agent in tmux
+                       [--flags "F"] [--env "K=V"] [--resume-from <id>]
+  session stop <name>                           kill + forget the session
+  session restart <name>                        kill + relaunch with persisted config
+  session attach <name>                         open the terminal (tmux locally, WS remotely)
+  session prompt <name> "<text>" [--no-enter]   send a prompt
+  session broadcast <agent> "<text>"            send to every session of an agent type (local)
+  session resume <name> --conversation <id> | --latest
+                                                rebind to a past agent conversation
+  session history <name>                        list past conversations for the session's cwd
+
+Server verbs (always local):
+  server start [--port N] [--no-qr]             run the HTTP/WS daemon (formerly: llmuxd serve)
+
+Token verbs (always local \u2014 managing the daemon-host's auth store):
+  token create [--name N] [--expiry ISO] [--qr] [--qr-endpoint <label>]
+  token list                                    show active tokens
+  token revoke <id>                             revoke a token by id
+
+Agent verbs:
+  agent list [--all] [--installed] [--json]     list agents (default: installed-only)
+
+Global flags:
+  --server <url>     route session/agent verbs to a remote daemon over HTTP
+  --token <sas>      SAS token for remote auth (LLMUX_TOKEN env fallback)
+  --help / -h        print this help
+  --version / -v     print version
+
+Environment:
+  LLMUX_SERVER       default --server URL
+  LLMUX_TOKEN        default --token value`
+  );
 }
-async function main() {
-  const argv = process.argv.slice(2);
-  if (argv.length === 0 || argv[0] === "--help" || argv[0] === "-h") {
-    printRootHelp();
+function printVerbHelp(noun, verb) {
+  if (!verb) {
+    console.log(`llmux ${noun} \u2014 see \`llmux --help\` for verbs under this noun`);
     return;
   }
-  if (argv[0] === "--version" || argv[0] === "-v") {
-    console.log(VERSION);
+  console.log(`llmux ${noun} ${verb} \u2014 see \`llmux --help\` for usage`);
+}
+async function dispatchSession(verb, args, env) {
+  if (!verb) {
+    printVerbHelp("session", verb);
+    return;
+  }
+  const v = verb === "ls" ? "list" : verb === "send" ? "prompt" : verb === "spawn" ? "start" : verb === "kill" ? "stop" : verb === "respawn" ? "restart" : verb === "conversations" ? "history" : verb;
+  if (env.server !== void 0) {
+    const cmdMap = {
+      list: "ls",
+      start: "spawn",
+      stop: "kill",
+      restart: "restart",
+      attach: "attach",
+      prompt: "send",
+      resume: "resume",
+      history: "conversations"
+    };
+    const clientCmd = cmdMap[v];
+    if (!clientCmd) throw new Error(`session ${v}: no remote equivalent`);
+    process.env.LLMUX_SERVER = env.server;
+    if (env.token) process.env.LLMUX_TOKEN = env.token;
+    const cmd = clientCommands[clientCmd];
+    if (!cmd) throw new Error(`internal: client command "${clientCmd}" missing`);
+    await cmd.run(args);
+    return;
+  }
+  const parsed = parseArgs(args, sessionLocalFlags());
+  switch (v) {
+    case "list":
+      handleStatus(parsed);
+      return;
+    case "start":
+      handleSpawn(parsed);
+      return;
+    case "stop":
+      handleKill(parsed);
+      return;
+    case "restart":
+      handleRespawn(parsed);
+      return;
+    case "attach":
+      handleChat(parsed);
+      return;
+    case "prompt":
+      handleSend(parsed);
+      return;
+    case "broadcast":
+      handleBroadcast(parsed);
+      return;
+    case "resume": {
+      const name = parsed.positional[0];
+      if (!name) throw new Error("session resume requires <name>");
+      const session = get(name);
+      if (!session) throw new Error(`no tracked session "${name}"`);
+      const agent = DEFAULT_AGENTS[session.agent];
+      if (!agent?.history) throw new Error(`agent "${session.agent}" has no history adapter`);
+      if (!isAgentInstalled(agent)) throw new Error(`agent "${session.agent}" is not installed`);
+      let conversationId = parsed.flags.conversation;
+      if (!conversationId) {
+        if (!parsed.flags.latest) throw new Error("resume requires --conversation <id> or --latest");
+        const convs = agent.history.listConversations(session.cwd);
+        if (convs.length === 0) throw new Error(`no past conversations for ${name}`);
+        conversationId = convs[0].id;
+      }
+      if (hasSession(name)) killSession(name);
+      const cmd = `${agent.cmd} ${agent.flags ?? ""} ${agent.history.resumeFlag(conversationId)}`.trim();
+      newSession({
+        name,
+        command: cmd,
+        cwd: session.cwd,
+        env: { ...agent.envDefaults ?? {}, ...session.env ?? {}, LLMUX_SESSION: name, LLMUX_AGENT: session.agent }
+      });
+      record({ ...session, resumeFrom: conversationId, createdAt: (/* @__PURE__ */ new Date()).toISOString() });
+      console.log(`${name} resumed from ${conversationId.slice(0, 8)}\u2026`);
+      return;
+    }
+    case "history": {
+      const name = parsed.positional[0];
+      if (!name) throw new Error("session history requires <name>");
+      const session = get(name);
+      if (!session) throw new Error(`no tracked session "${name}"`);
+      const agent = DEFAULT_AGENTS[session.agent];
+      if (!agent?.history) {
+        console.log("agent has no history adapter");
+        return;
+      }
+      const convs = agent.history.listConversations(session.cwd);
+      if (convs.length === 0) {
+        console.log("no past conversations");
+        return;
+      }
+      for (const c of convs) console.log(`${c.id.slice(0, 8)}\u2026  ${c.messageCount.toString().padStart(5)}  ${c.title.slice(0, 80)}`);
+      return;
+    }
+    default:
+      throw new Error(`unknown session verb "${v}"`);
+  }
+}
+function sessionLocalFlags() {
+  return {
+    name: { kind: "string", description: "session name" },
+    cwd: { kind: "string", description: "working directory" },
+    flags: { kind: "string", description: "launch flags override" },
+    env: { kind: "string", description: "env vars (KEY=VAL one per line)" },
+    prefix: { kind: "string", description: "session-name prefix (start only)" },
+    cascade: { kind: "boolean", description: "cascade kill to children" },
+    conversation: { kind: "string", description: "conversation id (resume)" },
+    latest: { kind: "boolean", description: "resume the most recent conversation" },
+    "no-enter": { kind: "boolean", description: "do not append Enter to prompt" },
+    browser: { kind: "boolean", description: "open in web browser (attach)" },
+    it: { kind: "boolean", description: "interactive (attach)" },
+    json: { kind: "boolean", description: "emit JSON" }
+  };
+}
+async function dispatchServer(verb, args) {
+  if (!verb) {
+    printVerbHelp("server", verb);
+    return;
+  }
+  const parsed = parseArgs(args, {
+    config: { kind: "string", description: "Path to .llmux.yaml" },
+    port: { kind: "string", description: "Listen port" },
+    "no-qr": { kind: "boolean", description: "Suppress QR codes" }
+  });
+  switch (verb) {
+    case "start":
+    case "serve":
+      await handleServe(parsed);
+      return;
+    default:
+      throw new Error(`unknown server verb "${verb}"`);
+  }
+}
+async function dispatchToken(verb, args) {
+  if (!verb) {
+    printVerbHelp("token", verb);
+    return;
+  }
+  const parsed = parseArgs(args, {
+    name: { kind: "string", description: "token label" },
+    expiry: { kind: "string", description: "ISO-8601 expiry" },
+    qr: { kind: "boolean", description: "render QR for first-tap login" },
+    "qr-endpoint": { kind: "string", description: "endpoint label or URL for QR target" },
+    json: { kind: "boolean", description: "emit JSON" }
+  });
+  switch (verb) {
+    case "create":
+      await handleTokenCreate(parsed);
+      return;
+    case "list":
+    case "show":
+      handleTokenShow(parsed);
+      return;
+    case "revoke":
+      handleTokenRevoke(parsed);
+      return;
+    default:
+      throw new Error(`unknown token verb "${verb}"`);
+  }
+}
+async function dispatchAgent(verb, args, env) {
+  if (!verb) {
+    printVerbHelp("agent", verb);
+    return;
+  }
+  if (env.server !== void 0 && verb === "list") {
+    process.env.LLMUX_SERVER = env.server;
+    if (env.token) process.env.LLMUX_TOKEN = env.token;
+    const cmd = clientCommands["agents"];
+    if (!cmd) throw new Error("internal: client agents command missing");
+    await cmd.run(args);
     return;
   }
-  const name = argv[0];
-  const rest = argv.slice(1);
-  const command = clientCommands[name];
-  if (!command) {
-    console.error(`llmux: unknown command "${name}"`);
-    console.error("Run `llmux --help` to see available commands.");
-    process.exit(64);
+  const parsed = parseArgs(args, {
+    all: { kind: "boolean", description: "include not-installed agents" },
+    installed: { kind: "boolean", description: "only installed agents (default)" },
+    json: { kind: "boolean", description: "emit JSON" }
+  });
+  switch (verb) {
+    case "list": {
+      const showAll = Boolean(parsed.flags.all);
+      const rows = Object.values(DEFAULT_AGENTS).filter((d) => showAll || isAgentInstalled(d)).map((d) => ({ key: d.key, displayName: d.displayName, cmd: d.cmd, flags: d.flags ?? "", installed: isAgentInstalled(d) }));
+      if (parsed.flags.json) {
+        console.log(JSON.stringify(rows, null, 2));
+        return;
+      }
+      for (const r of rows) {
+        console.log(`${r.key.padEnd(10)}  ${r.displayName.padEnd(24)}  ${r.installed ? "installed" : "not installed"}  ${r.flags || "-"}`);
+      }
+      return;
+    }
+    default:
+      throw new Error(`unknown agent verb "${verb}"`);
+  }
+}
+async function main() {
+  const { rest, env, help: help2, version } = stripGlobals(process.argv.slice(2));
+  if (version) {
+    console.log(VERSION);
+    return;
   }
-  if (rest.includes("--help") || rest.includes("-h")) {
-    console.log(command.help());
+  if (rest.length === 0 || help2) {
+    printRootHelp();
     return;
   }
+  const noun = rest[0];
+  const verb = rest[1];
+  const remainder = rest.slice(2);
   try {
-    await command.run(rest);
+    switch (noun) {
+      case "session":
+        await dispatchSession(verb, remainder, env);
+        return;
+      case "server":
+        await dispatchServer(verb, remainder);
+        return;
+      case "token":
+        await dispatchToken(verb, remainder);
+        return;
+      case "agent":
+        await dispatchAgent(verb, remainder, env);
+        return;
+      // Backward-compat shorthand — some shells will already have `llmuxd serve`
+      // wired up. These verbs sit at noun-position so all of rest.slice(1) is
+      // their args, not just slice(2).
+      case "serve":
+        await dispatchServer("start", rest.slice(1));
+        return;
+      case "ls":
+      case "status":
+        await dispatchSession("list", rest.slice(1), env);
+        return;
+      case "help":
+        printRootHelp();
+        return;
+      default: {
+        const cmd = clientCommands[noun];
+        if (cmd) {
+          if (env.server) process.env.LLMUX_SERVER = env.server;
+          if (env.token) process.env.LLMUX_TOKEN = env.token;
+          await cmd.run([verb, ...remainder].filter((x) => x !== void 0));
+          return;
+        }
+        console.error(`llmux: unknown command "${noun}"`);
+        console.error("Run `llmux --help` to see the noun-prefix surface.");
+        process.exit(64);
+      }
+    }
   } catch (err) {
     const msg = err instanceof Error ? err.message : String(err);
-    console.error(`llmux ${name}: ${msg}`);
+    console.error(`llmux: ${msg}`);
     process.exit(1);
   }
 }